Check added. SC#23
[moodle.git] / rss / file.php
CommitLineData
c062fee6 1<?php //$Id$
8adcb49f 2 //This file returns the required rss feeds
3 //The URL format MUST include:
4 // course: the course id
5 // user: the user id
6 // name: the name of the module (forum...)
c0f778a2 7 // id: the id (instance) of the module (forumid...)
8adcb49f 8 //If the course has a password or it doesn't
9 //allow guest access then the user field is
10 //required to see that the user is enrolled
11 //in the course, else no check is performed.
12 //This allows to limit a bit the rss access
13 //to correct users. It isn't unbreakable,
14 //obviously, but its the best I've thought!!
15
16 require_once("../config.php");
17 require_once("$CFG->dirroot/files/mimetypes.php");
18
19 $allowed = true;
20 $error = false;
21
22 if (empty($CFG->filelifetime)) {
23 $CFG->filelifetime = 86400; /// Seconds for files to remain in caches
24 }
25
26 if (isset($file)) { // workaround for situations where / syntax doesn't work
27 $pathinfo = $file;
28 } else {
29 $pathinfo = get_slash_arguments("file.php");
30 }
31
32 if (!$pathinfo) {
33 $error = true;
34 }
35
36 $pathinfo = urldecode($pathinfo);
37
38 if (! $args = parse_slash_arguments($pathinfo)) {
39 $error = true;
40 }
41
42 $numargs = count($args);
43 if ($numargs < 5 or empty($args[1])) {
44 $error = true;
45 }
46
47 $courseid = (integer)$args[0];
c0f778a2 48 $userid = (integer)$args[1];
49 $modulename = $args[2];
50 $instance = (integer)$args[3];
51
c062fee6 52 //Check name of module
53 $mods = get_list_of_plugins("mod");
54 if (!in_array(strtolower($modulename), $mods)) {
55 error("This module doesn't exist!");
56 }
57
8adcb49f 58 if (! $course = get_record("course", "id", $courseid)) {
59 $error = true;
60 }
61
c0f778a2 62 //Get course_module to check it's visible
63 if (! $cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) {
64 $error = true;
65 }
66 $cmvisible = $cm->visible;
67
68 $isstudent = isstudent($courseid,$userid);
69 $isteacher = isteacher($courseid,$userid);
70
8adcb49f 71 //Check for "security" if !course->guest or course->password
72 if (!$course->guest || $course->password) {
c0f778a2 73 $allowed = ($isstudent || $isteacher);
74 }
75
76 //Check for "security" if the course is hidden or the activity is hidden
77 if ($allowed && (!$course->visible || !$cmvisible)) {
78 $allowed = $isteacher;
8adcb49f 79 }
80
c0f778a2 81 $pathname = $CFG->dataroot."/rss/".$modulename."/".$instance.".xml";
8adcb49f 82 $filename = $args[$numargs-1];
83
84 //If the file exists and its allowed for me, download it!
85 if (file_exists($pathname) && $allowed && !$error) {
86 $lastmodified = filemtime($pathname);
87 $mimetype = mimeinfo("type", $filename);
88
89 header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
90 header("Expires: " . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . " GMT");
91 header("Cache-control: max_age = $CFG->filelifetime");
92 header("Pragma: ");
93 header("Content-disposition: inline; filename=$filename");
94
95 header("Content-length: ".filesize($pathname));
96 header("Content-type: $mimetype");
97 readfile($pathname);
98 }
99
100?>