[moodle.git] / rss / file.php

<?PHP
    //This file returns the required rss feeds
    //The URL format MUST include:
    //    context: the context id
    //    user:   the user id
    //    name:   the name of the module (forum...)
    //    id:     the id (instance) of the module (forumid...)
    //If the course has a password or it doesn't
    //allow guest access then the user field is
    //required to see that the user is enrolled
    //in the course, else no check is performed.
    //This allows to limit a bit the rss access
    //to correct users. It isn't unbreakable,
    //obviously, but its the best I've thought!!

// disable moodle specific debug messages and any errors in output
define('NO_DEBUG_DISPLAY', true);//comment this out to see any error messages during RSS generation

// session not used here
define('NO_MOODLE_COOKIES', true);

require_once('../config.php');
require_once($CFG->libdir.'/filelib.php');
require_once($CFG->libdir.'/rsslib.php');

//Check RSS feeds are enabled
if (empty($CFG->enablerssfeeds)) {
    debugging('DISABLED (admin variables)');
    rss_not_found();
}

$lifetime = 3600;  // Seconds for files to remain in caches - 1 hour
$filename   = 'rss.xml';

// this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243
// it should be replaced once we get to codes in urls

$relativepath = get_file_argument();
if (!$relativepath) {
    rss_not_found();
}

// extract relative path components
$args = explode('/', trim($relativepath, '/'));
if (count($args) < 5) {
    rss_not_found();
}

$contextid   = (int)$args[0];
$token  = $args[1];
$componentname = clean_param($args[2], PARAM_FILE);
$instance   = $args[3];

$userid = rss_get_userid_from_token($token);
if (!$userid) {
    rss_not_authenticated();
}
$user = get_complete_user_data('id', $userid);
session_set_user($user);

//Set context
$context = get_context_instance_by_id($contextid);
if (!$context) {
    rss_not_found();
}
$PAGE->set_context($context);

//Get course from context
//TODO: note that in the case of the hub rss feed, the feed is not related to a course context,
//it is more a "site" context. The Hub RSS bypass the following line using context id = 2
$coursecontext = get_course_context($context);
$course = $DB->get_record('course', array('id' => $coursecontext->instanceid), '*', MUST_EXIST);

//this will store the path to the cached rss feed contents
$pathname = null;

$componentdir = get_component_directory($componentname);
list($type, $plugin) = normalize_component($componentname);

if (file_exists($componentdir)) {
    require_once("$componentdir/rsslib.php");
    $functionname = $plugin.'_rss_get_feed';

    if (function_exists($functionname)) {

        if ($componentname=='blog') {

            $blogid = (int) $args[4];  // could be groupid / courseid  / userid  depending on $instance
            if ($args[5] != 'rss.xml') {
                $tagid = (int) $args[5];
            } else {
                $tagid = 0;
            }

            try {
                require_login($course, false, NULL, false, true);
            } catch (Exception $e) {
                rss_not_found();
            }
            $pathname = $functionname($instance, $blogid, $tagid);
        } else if ($componentname=='local_hub') {
            
            $pathname = $functionname($args);
        } else {

            $instance = (int)$instance;

            try {
                $cm = get_coursemodule_from_instance($plugin, $instance, 0, false, MUST_EXIST);
                require_login($course, false, $cm, false, true);
            } catch (Exception $e) {
                rss_not_found();
            }

            $pathname = $functionname($context, $cm, $instance, $args);
        }
    }
}

//Check that file exists
if (empty($pathname) || !file_exists($pathname)) {
    rss_not_found();
}

//rss_update_token_last_access($USER->id);

//Send it to user!
send_file($pathname, $filename, $lifetime);

function rss_not_found() {
    /// error, send some XML with error message
    global $lifetime, $filename;
    send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
}

function rss_not_authenticated() {
    global $lifetime, $filename;
    send_file(rss_geterrorxmlfile('rsserrorauth'), $filename, $lifetime, false, true);
}
Commit	Line	Data
2e9b772f	1	<?PHP
8adcb49f	2	//This file returns the required rss feeds
8adcb49f	3	//The URL format MUST include:
fcce139a	4	// context: the context id
e7f927a0	5	// user: the user id
	6	// name: the name of the module (forum...)
	7	// id: the id (instance) of the module (forumid...)
8adcb49f	8	//If the course has a password or it doesn't
7fe0ce4e	9	//allow guest access then the user field is
8adcb49f	10	//required to see that the user is enrolled
	11	//in the course, else no check is performed.
	12	//This allows to limit a bit the rss access
	13	//to correct users. It isn't unbreakable,
	14	//obviously, but its the best I've thought!!
	15
2e9b772f	16	// disable moodle specific debug messages and any errors in output
fcce139a AD	17	define('NO_DEBUG_DISPLAY', true);//comment this out to see any error messages during RSS generation
	18
	19	// session not used here
30d24538	20	define('NO_MOODLE_COOKIES', true);
fcce139a AD	21
	22	require_once('../config.php');
	23	require_once($CFG->libdir.'/filelib.php');
	24	require_once($CFG->libdir.'/rsslib.php');
	25
	26	//Check RSS feeds are enabled
	27	if (empty($CFG->enablerssfeeds)) {
	28	debugging('DISABLED (admin variables)');
	29	rss_not_found();
	30	}
	31
	32	$lifetime = 3600; // Seconds for files to remain in caches - 1 hour
	33	$filename = 'rss.xml';
	34
	35	// this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243
	36	// it should be replaced once we get to codes in urls
	37
	38	$relativepath = get_file_argument();
	39	if (!$relativepath) {
	40	rss_not_found();
	41	}
	42
	43	// extract relative path components
	44	$args = explode('/', trim($relativepath, '/'));
	45	if (count($args) < 5) {
	46	rss_not_found();
	47	}
	48
	49	$contextid = (int)$args[0];
	50	$token = $args[1];
aa60291e	51	$componentname = clean_param($args[2], PARAM_FILE);
fcce139a AD	52	$instance = $args[3];
	53
	54	$userid = rss_get_userid_from_token($token);
	55	if (!$userid) {
	56	rss_not_authenticated();
	57	}
	58	$user = get_complete_user_data('id', $userid);
	59	session_set_user($user);
	60
e417be4c	61	//Set context
fcce139a AD	62	$context = get_context_instance_by_id($contextid);
	63	if (!$context) {
	64	rss_not_found();
	65	}
	66	$PAGE->set_context($context);
	67
e417be4c	68	//Get course from context
	69	//TODO: note that in the case of the hub rss feed, the feed is not related to a course context,
	70	//it is more a "site" context. The Hub RSS bypass the following line using context id = 2
fcce139a AD	71	$coursecontext = get_course_context($context);
	72	$course = $DB->get_record('course', array('id' => $coursecontext->instanceid), '*', MUST_EXIST);
	73
aa60291e	74	//this will store the path to the cached rss feed contents
fcce139a	75	$pathname = null;
e417be4c	76
aa60291e AD	77	$componentdir = get_component_directory($componentname);
	78	list($type, $plugin) = normalize_component($componentname);
	79
	80	if (file_exists($componentdir)) {
	81	require_once("$componentdir/rsslib.php");
	82	$functionname = $plugin.'_rss_get_feed';
	83
	84	if (function_exists($functionname)) {
	85
	86	if ($componentname=='blog') {
	87
	88	$blogid = (int) $args[4]; // could be groupid / courseid / userid depending on $instance
	89	if ($args[5] != 'rss.xml') {
	90	$tagid = (int) $args[5];
	91	} else {
	92	$tagid = 0;
	93	}
	94
	95	try {
	96	require_login($course, false, NULL, false, true);
	97	} catch (Exception $e) {
	98	rss_not_found();
	99	}
	100	$pathname = $functionname($instance, $blogid, $tagid);
	101	} else if ($componentname=='local_hub') {
	102
	103	$pathname = $functionname($args);
e417be4c	104	} else {
e417be4c	105
aa60291e	106	$instance = (int)$instance;
e417be4c	107
aa60291e AD	108	try {
	109	$cm = get_coursemodule_from_instance($plugin, $instance, 0, false, MUST_EXIST);
	110	require_login($course, false, $cm, false, true);
	111	} catch (Exception $e) {
	112	rss_not_found();
	113	}
e417be4c	114
e417be4c	115	$pathname = $functionname($context, $cm, $instance, $args);
e417be4c	116	}
aa60291e	117	}
fcce139a	118	}
6f5e0852	119
fcce139a AD	120	//Check that file exists
	121	if (empty($pathname) \|\| !file_exists($pathname)) {
	122	rss_not_found();
	123	}
8adcb49f	124
fcce139a	125	//rss_update_token_last_access($USER->id);
6619a7f4	126
fcce139a AD	127	//Send it to user!
fcce139a AD	128	send_file($pathname, $filename, $lifetime);
8adcb49f	129
fcce139a AD	130	function rss_not_found() {
	131	/// error, send some XML with error message
	132	global $lifetime, $filename;
	133	send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
	134	}
e7f927a0	135
fcce139a AD	136	function rss_not_authenticated() {
	137	global $lifetime, $filename;
	138	send_file(rss_geterrorxmlfile('rsserrorauth'), $filename, $lifetime, false, true);
	139	}
2e9b772f	140