| c062fee6 |
1 | <?php //$Id$ |
| 8adcb49f |
2 | //This file returns the required rss feeds |
| 3 | //The URL format MUST include: |
| 4 | // course: the course id |
| 5 | // user: the user id |
| 6 | // name: the name of the module (forum...) |
| c0f778a2 |
7 | // id: the id (instance) of the module (forumid...) |
| 8adcb49f |
8 | //If the course has a password or it doesn't |
| 9 | //allow guest access then the user field is |
| 10 | //required to see that the user is enrolled |
| 11 | //in the course, else no check is performed. |
| 12 | //This allows to limit a bit the rss access |
| 13 | //to correct users. It isn't unbreakable, |
| 14 | //obviously, but its the best I've thought!! |
| 15 | |
| 16 | require_once("../config.php"); |
| 17 | require_once("$CFG->dirroot/files/mimetypes.php"); |
| 18 | |
| 19 | $allowed = true; |
| 20 | $error = false; |
| 21 | |
| 22 | if (empty($CFG->filelifetime)) { |
| 23 | $CFG->filelifetime = 86400; /// Seconds for files to remain in caches |
| 24 | } |
| 25 | |
| 26 | if (isset($file)) { // workaround for situations where / syntax doesn't work |
| 27 | $pathinfo = $file; |
| 28 | } else { |
| 29 | $pathinfo = get_slash_arguments("file.php"); |
| 30 | } |
| 31 | |
| 32 | if (!$pathinfo) { |
| 33 | $error = true; |
| 34 | } |
| 35 | |
| 36 | $pathinfo = urldecode($pathinfo); |
| 37 | |
| 38 | if (! $args = parse_slash_arguments($pathinfo)) { |
| 39 | $error = true; |
| 40 | } |
| 41 | |
| 42 | $numargs = count($args); |
| 43 | if ($numargs < 5 or empty($args[1])) { |
| 44 | $error = true; |
| 45 | } |
| 46 | |
| 47 | $courseid = (integer)$args[0]; |
| c0f778a2 |
48 | $userid = (integer)$args[1]; |
| 49 | $modulename = $args[2]; |
| 50 | $instance = (integer)$args[3]; |
| 51 | |
| c062fee6 |
52 | //Check name of module |
| 53 | $mods = get_list_of_plugins("mod"); |
| 54 | if (!in_array(strtolower($modulename), $mods)) { |
| 55 | error("This module doesn't exist!"); |
| 56 | } |
| 57 | |
| 8adcb49f |
58 | if (! $course = get_record("course", "id", $courseid)) { |
| 59 | $error = true; |
| 60 | } |
| 61 | |
| c0f778a2 |
62 | //Get course_module to check it's visible |
| 63 | if (! $cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) { |
| 64 | $error = true; |
| 65 | } |
| 66 | $cmvisible = $cm->visible; |
| 67 | |
| 68 | $isstudent = isstudent($courseid,$userid); |
| 69 | $isteacher = isteacher($courseid,$userid); |
| 70 | |
| 8adcb49f |
71 | //Check for "security" if !course->guest or course->password |
| 72 | if (!$course->guest || $course->password) { |
| c0f778a2 |
73 | $allowed = ($isstudent || $isteacher); |
| 74 | } |
| 75 | |
| 76 | //Check for "security" if the course is hidden or the activity is hidden |
| 77 | if ($allowed && (!$course->visible || !$cmvisible)) { |
| 78 | $allowed = $isteacher; |
| 8adcb49f |
79 | } |
| 80 | |
| c0f778a2 |
81 | $pathname = $CFG->dataroot."/rss/".$modulename."/".$instance.".xml"; |
| 8adcb49f |
82 | $filename = $args[$numargs-1]; |
| 83 | |
| 84 | //If the file exists and its allowed for me, download it! |
| 85 | if (file_exists($pathname) && $allowed && !$error) { |
| 86 | $lastmodified = filemtime($pathname); |
| 87 | $mimetype = mimeinfo("type", $filename); |
| 88 | |
| 89 | header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT"); |
| 90 | header("Expires: " . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . " GMT"); |
| 91 | header("Cache-control: max_age = $CFG->filelifetime"); |
| 92 | header("Pragma: "); |
| 93 | header("Content-disposition: inline; filename=$filename"); |
| 94 | |
| 95 | header("Content-length: ".filesize($pathname)); |
| 96 | header("Content-type: $mimetype"); |
| 97 | readfile($pathname); |
| 98 | } |
| 99 | |
| 100 | ?> |
