2 // This file is part of Moodle - http://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
18 * moodlelib.php - Moodle main library
20 * Main library file of miscellaneous general-purpose Moodle functions.
21 * Other main libraries:
22 * - weblib.php - functions that produce web output
23 * - datalib.php - functions that access the database
27 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
28 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
31 defined('MOODLE_INTERNAL') || die();
33 // CONSTANTS (Encased in phpdoc proper comments).
35 // Date and time constants.
37 * Time constant - the number of seconds in a year
39 define('YEARSECS', 31536000);
42 * Time constant - the number of seconds in a week
44 define('WEEKSECS', 604800);
47 * Time constant - the number of seconds in a day
49 define('DAYSECS', 86400);
52 * Time constant - the number of seconds in an hour
54 define('HOURSECS', 3600);
57 * Time constant - the number of seconds in a minute
59 define('MINSECS', 60);
62 * Time constant - the number of minutes in a day
64 define('DAYMINS', 1440);
67 * Time constant - the number of minutes in an hour
69 define('HOURMINS', 60);
71 // Parameter constants - every call to optional_param(), required_param()
72 // or clean_param() should have a specified type of parameter.
75 * PARAM_ALPHA - contains only english ascii letters a-zA-Z.
77 define('PARAM_ALPHA', 'alpha');
80 * PARAM_ALPHAEXT the same contents as PARAM_ALPHA plus the chars in quotes: "_-" allowed
81 * NOTE: originally this allowed "/" too, please use PARAM_SAFEPATH if "/" needed
83 define('PARAM_ALPHAEXT', 'alphaext');
86 * PARAM_ALPHANUM - expected numbers and letters only.
88 define('PARAM_ALPHANUM', 'alphanum');
91 * PARAM_ALPHANUMEXT - expected numbers, letters only and _-.
93 define('PARAM_ALPHANUMEXT', 'alphanumext');
96 * PARAM_AUTH - actually checks to make sure the string is a valid auth plugin
98 define('PARAM_AUTH', 'auth');
101 * PARAM_BASE64 - Base 64 encoded format
103 define('PARAM_BASE64', 'base64');
106 * PARAM_BOOL - converts input into 0 or 1, use for switches in forms and urls.
108 define('PARAM_BOOL', 'bool');
111 * PARAM_CAPABILITY - A capability name, like 'moodle/role:manage'. Actually
112 * checked against the list of capabilities in the database.
114 define('PARAM_CAPABILITY', 'capability');
117 * PARAM_CLEANHTML - cleans submitted HTML code. Note that you almost never want
118 * to use this. The normal mode of operation is to use PARAM_RAW when recieving
119 * the input (required/optional_param or formslib) and then sanitse the HTML
120 * using format_text on output. This is for the rare cases when you want to
121 * sanitise the HTML on input. This cleaning may also fix xhtml strictness.
123 define('PARAM_CLEANHTML', 'cleanhtml');
126 * PARAM_EMAIL - an email address following the RFC
128 define('PARAM_EMAIL', 'email');
131 * PARAM_FILE - safe file name, all dangerous chars are stripped, protects against XSS, SQL injections and directory traversals
133 define('PARAM_FILE', 'file');
136 * PARAM_FLOAT - a real/floating point number.
138 * Note that you should not use PARAM_FLOAT for numbers typed in by the user.
139 * It does not work for languages that use , as a decimal separator.
140 * Instead, do something like
141 * $rawvalue = required_param('name', PARAM_RAW);
142 * // ... other code including require_login, which sets current lang ...
143 * $realvalue = unformat_float($rawvalue);
144 * // ... then use $realvalue
146 define('PARAM_FLOAT', 'float');
149 * PARAM_HOST - expected fully qualified domain name (FQDN) or an IPv4 dotted quad (IP address)
151 define('PARAM_HOST', 'host');
154 * PARAM_INT - integers only, use when expecting only numbers.
156 define('PARAM_INT', 'int');
159 * PARAM_LANG - checks to see if the string is a valid installed language in the current site.
161 define('PARAM_LANG', 'lang');
164 * PARAM_LOCALURL - expected properly formatted URL as well as one that refers to the local server itself. (NOT orthogonal to the
165 * others! Implies PARAM_URL!)
167 define('PARAM_LOCALURL', 'localurl');
170 * PARAM_NOTAGS - all html tags are stripped from the text. Do not abuse this type.
172 define('PARAM_NOTAGS', 'notags');
175 * PARAM_PATH - safe relative path name, all dangerous chars are stripped, protects against XSS, SQL injections and directory
176 * traversals note: the leading slash is not removed, window drive letter is not allowed
178 define('PARAM_PATH', 'path');
181 * PARAM_PEM - Privacy Enhanced Mail format
183 define('PARAM_PEM', 'pem');
186 * PARAM_PERMISSION - A permission, one of CAP_INHERIT, CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT.
188 define('PARAM_PERMISSION', 'permission');
191 * PARAM_RAW specifies a parameter that is not cleaned/processed in any way except the discarding of the invalid utf-8 characters
193 define('PARAM_RAW', 'raw');
196 * PARAM_RAW_TRIMMED like PARAM_RAW but leading and trailing whitespace is stripped.
198 define('PARAM_RAW_TRIMMED', 'raw_trimmed');
201 * PARAM_SAFEDIR - safe directory name, suitable for include() and require()
203 define('PARAM_SAFEDIR', 'safedir');
206 * PARAM_SAFEPATH - several PARAM_SAFEDIR joined by "/", suitable for include() and require(), plugin paths, etc.
208 define('PARAM_SAFEPATH', 'safepath');
211 * PARAM_SEQUENCE - expects a sequence of numbers like 8 to 1,5,6,4,6,8,9. Numbers and comma only.
213 define('PARAM_SEQUENCE', 'sequence');
216 * PARAM_TAG - one tag (interests, blogs, etc.) - mostly international characters and space, <> not supported
218 define('PARAM_TAG', 'tag');
221 * PARAM_TAGLIST - list of tags separated by commas (interests, blogs, etc.)
223 define('PARAM_TAGLIST', 'taglist');
226 * PARAM_TEXT - general plain text compatible with multilang filter, no other html tags. Please note '<', or '>' are allowed here.
228 define('PARAM_TEXT', 'text');
231 * PARAM_THEME - Checks to see if the string is a valid theme name in the current site
233 define('PARAM_THEME', 'theme');
236 * PARAM_URL - expected properly formatted URL. Please note that domain part is required, http://localhost/ is not accepted but
237 * http://localhost.localdomain/ is ok.
239 define('PARAM_URL', 'url');
242 * PARAM_USERNAME - Clean username to only contains allowed characters. This is to be used ONLY when manually creating user
243 * accounts, do NOT use when syncing with external systems!!
245 define('PARAM_USERNAME', 'username');
248 * PARAM_STRINGID - used to check if the given string is valid string identifier for get_string()
250 define('PARAM_STRINGID', 'stringid');
252 // DEPRECATED PARAM TYPES OR ALIASES - DO NOT USE FOR NEW CODE.
254 * PARAM_CLEAN - obsoleted, please use a more specific type of parameter.
255 * It was one of the first types, that is why it is abused so much ;-)
256 * @deprecated since 2.0
258 define('PARAM_CLEAN', 'clean');
261 * PARAM_INTEGER - deprecated alias for PARAM_INT
262 * @deprecated since 2.0
264 define('PARAM_INTEGER', 'int');
267 * PARAM_NUMBER - deprecated alias of PARAM_FLOAT
268 * @deprecated since 2.0
270 define('PARAM_NUMBER', 'float');
273 * PARAM_ACTION - deprecated alias for PARAM_ALPHANUMEXT, use for various actions in forms and urls
274 * NOTE: originally alias for PARAM_APLHA
275 * @deprecated since 2.0
277 define('PARAM_ACTION', 'alphanumext');
280 * PARAM_FORMAT - deprecated alias for PARAM_ALPHANUMEXT, use for names of plugins, formats, etc.
281 * NOTE: originally alias for PARAM_APLHA
282 * @deprecated since 2.0
284 define('PARAM_FORMAT', 'alphanumext');
287 * PARAM_MULTILANG - deprecated alias of PARAM_TEXT.
288 * @deprecated since 2.0
290 define('PARAM_MULTILANG', 'text');
293 * PARAM_TIMEZONE - expected timezone. Timezone can be int +-(0-13) or float +-(0.5-12.5) or
294 * string separated by '/' and can have '-' &/ '_' (eg. America/North_Dakota/New_Salem
295 * America/Port-au-Prince)
297 define('PARAM_TIMEZONE', 'timezone');
300 * PARAM_CLEANFILE - deprecated alias of PARAM_FILE; originally was removing regional chars too
302 define('PARAM_CLEANFILE', 'file');
305 * PARAM_COMPONENT is used for full component names (aka frankenstyle) such as 'mod_forum', 'core_rating', 'auth_ldap'.
306 * Short legacy subsystem names and module names are accepted too ex: 'forum', 'rating', 'user'.
307 * Only lowercase ascii letters, numbers and underscores are allowed, it has to start with a letter.
308 * NOTE: numbers and underscores are strongly discouraged in plugin names!
310 define('PARAM_COMPONENT', 'component');
313 * PARAM_AREA is a name of area used when addressing files, comments, ratings, etc.
314 * It is usually used together with context id and component.
315 * Only lowercase ascii letters, numbers and underscores are allowed, it has to start with a letter.
317 define('PARAM_AREA', 'area');
320 * PARAM_PLUGIN is used for plugin names such as 'forum', 'glossary', 'ldap', 'radius', 'paypal', 'completionstatus'.
321 * Only lowercase ascii letters, numbers and underscores are allowed, it has to start with a letter.
322 * NOTE: numbers and underscores are strongly discouraged in plugin names! Underscores are forbidden in module names.
324 define('PARAM_PLUGIN', 'plugin');
330 * VALUE_REQUIRED - if the parameter is not supplied, there is an error
332 define('VALUE_REQUIRED', 1);
335 * VALUE_OPTIONAL - if the parameter is not supplied, then the param has no value
337 define('VALUE_OPTIONAL', 2);
340 * VALUE_DEFAULT - if the parameter is not supplied, then the default value is used
342 define('VALUE_DEFAULT', 0);
345 * NULL_NOT_ALLOWED - the parameter can not be set to null in the database
347 define('NULL_NOT_ALLOWED', false);
350 * NULL_ALLOWED - the parameter can be set to null in the database
352 define('NULL_ALLOWED', true);
357 * PAGE_COURSE_VIEW is a definition of a page type. For more information on the page class see moodle/lib/pagelib.php.
359 define('PAGE_COURSE_VIEW', 'course-view');
361 /** Get remote addr constant */
362 define('GETREMOTEADDR_SKIP_HTTP_CLIENT_IP', '1');
363 /** Get remote addr constant */
364 define('GETREMOTEADDR_SKIP_HTTP_X_FORWARDED_FOR', '2');
366 // Blog access level constant declaration.
367 define ('BLOG_USER_LEVEL', 1);
368 define ('BLOG_GROUP_LEVEL', 2);
369 define ('BLOG_COURSE_LEVEL', 3);
370 define ('BLOG_SITE_LEVEL', 4);
371 define ('BLOG_GLOBAL_LEVEL', 5);
376 * To prevent problems with multibytes strings,Flag updating in nav not working on the review page. this should not exceed the
377 * length of "varchar(255) / 3 (bytes / utf-8 character) = 85".
378 * TODO: this is not correct, varchar(255) are 255 unicode chars ;-)
380 * @todo define(TAG_MAX_LENGTH) this is not correct, varchar(255) are 255 unicode chars ;-)
382 define('TAG_MAX_LENGTH', 50);
384 // Password policy constants.
385 define ('PASSWORD_LOWER', 'abcdefghijklmnopqrstuvwxyz');
386 define ('PASSWORD_UPPER', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ');
387 define ('PASSWORD_DIGITS', '0123456789');
388 define ('PASSWORD_NONALPHANUM', '.,;:!?_-+/*@#&$');
390 // Feature constants.
391 // Used for plugin_supports() to report features that are, or are not, supported by a module.
393 /** True if module can provide a grade */
394 define('FEATURE_GRADE_HAS_GRADE', 'grade_has_grade');
395 /** True if module supports outcomes */
396 define('FEATURE_GRADE_OUTCOMES', 'outcomes');
397 /** True if module supports advanced grading methods */
398 define('FEATURE_ADVANCED_GRADING', 'grade_advanced_grading');
399 /** True if module controls the grade visibility over the gradebook */
400 define('FEATURE_CONTROLS_GRADE_VISIBILITY', 'controlsgradevisbility');
401 /** True if module supports plagiarism plugins */
402 define('FEATURE_PLAGIARISM', 'plagiarism');
404 /** True if module has code to track whether somebody viewed it */
405 define('FEATURE_COMPLETION_TRACKS_VIEWS', 'completion_tracks_views');
406 /** True if module has custom completion rules */
407 define('FEATURE_COMPLETION_HAS_RULES', 'completion_has_rules');
409 /** True if module has no 'view' page (like label) */
410 define('FEATURE_NO_VIEW_LINK', 'viewlink');
411 /** True if module supports outcomes */
412 define('FEATURE_IDNUMBER', 'idnumber');
413 /** True if module supports groups */
414 define('FEATURE_GROUPS', 'groups');
415 /** True if module supports groupings */
416 define('FEATURE_GROUPINGS', 'groupings');
417 /** True if module supports groupmembersonly */
418 define('FEATURE_GROUPMEMBERSONLY', 'groupmembersonly');
420 /** Type of module */
421 define('FEATURE_MOD_ARCHETYPE', 'mod_archetype');
422 /** True if module supports intro editor */
423 define('FEATURE_MOD_INTRO', 'mod_intro');
424 /** True if module has default completion */
425 define('FEATURE_MODEDIT_DEFAULT_COMPLETION', 'modedit_default_completion');
427 define('FEATURE_COMMENT', 'comment');
429 define('FEATURE_RATE', 'rate');
430 /** True if module supports backup/restore of moodle2 format */
431 define('FEATURE_BACKUP_MOODLE2', 'backup_moodle2');
433 /** True if module can show description on course main page */
434 define('FEATURE_SHOW_DESCRIPTION', 'showdescription');
436 /** True if module uses the question bank */
437 define('FEATURE_USES_QUESTIONS', 'usesquestions');
439 /** Unspecified module archetype */
440 define('MOD_ARCHETYPE_OTHER', 0);
441 /** Resource-like type module */
442 define('MOD_ARCHETYPE_RESOURCE', 1);
443 /** Assignment module archetype */
444 define('MOD_ARCHETYPE_ASSIGNMENT', 2);
445 /** System (not user-addable) module archetype */
446 define('MOD_ARCHETYPE_SYSTEM', 3);
448 /** Return this from modname_get_types callback to use default display in activity chooser */
449 define('MOD_SUBTYPE_NO_CHILDREN', 'modsubtypenochildren');
452 * Security token used for allowing access
453 * from external application such as web services.
454 * Scripts do not use any session, performance is relatively
455 * low because we need to load access info in each request.
456 * Scripts are executed in parallel.
458 define('EXTERNAL_TOKEN_PERMANENT', 0);
461 * Security token used for allowing access
462 * of embedded applications, the code is executed in the
463 * active user session. Token is invalidated after user logs out.
464 * Scripts are executed serially - normal session locking is used.
466 define('EXTERNAL_TOKEN_EMBEDDED', 1);
469 * The home page should be the site home
471 define('HOMEPAGE_SITE', 0);
473 * The home page should be the users my page
475 define('HOMEPAGE_MY', 1);
477 * The home page can be chosen by the user
479 define('HOMEPAGE_USER', 2);
482 * Hub directory url (should be moodle.org)
484 define('HUB_HUBDIRECTORYURL', "http://hubdirectory.moodle.org");
488 * Moodle.org url (should be moodle.org)
490 define('HUB_MOODLEORGHUBURL', "http://hub.moodle.org");
493 * Moodle mobile app service name
495 define('MOODLE_OFFICIAL_MOBILE_SERVICE', 'moodle_mobile_app');
498 * Indicates the user has the capabilities required to ignore activity and course file size restrictions
500 define('USER_CAN_IGNORE_FILE_SIZE_LIMITS', -1);
503 * Course display settings: display all sections on one page.
505 define('COURSE_DISPLAY_SINGLEPAGE', 0);
507 * Course display settings: split pages into a page per section.
509 define('COURSE_DISPLAY_MULTIPAGE', 1);
512 * Authentication constant: String used in password field when password is not stored.
514 define('AUTH_PASSWORD_NOT_CACHED', 'not cached');
516 // PARAMETER HANDLING.
519 * Returns a particular value for the named variable, taken from
520 * POST or GET. If the parameter doesn't exist then an error is
521 * thrown because we require this variable.
523 * This function should be used to initialise all required values
524 * in a script that are based on parameters. Usually it will be
526 * $id = required_param('id', PARAM_INT);
528 * Please note the $type parameter is now required and the value can not be array.
530 * @param string $parname the name of the page parameter we want
531 * @param string $type expected type of parameter
533 * @throws coding_exception
535 function required_param($parname, $type) {
536 if (func_num_args() != 2 or empty($parname) or empty($type)) {
537 throw new coding_exception('required_param() requires $parname and $type to be specified (parameter: '.$parname.')');
539 // POST has precedence.
540 if (isset($_POST[$parname])) {
541 $param = $_POST[$parname];
542 } else if (isset($_GET[$parname])) {
543 $param = $_GET[$parname];
545 print_error('missingparam', '', '', $parname);
548 if (is_array($param)) {
549 debugging('Invalid array parameter detected in required_param(): '.$parname);
550 // TODO: switch to fatal error in Moodle 2.3.
551 return required_param_array($parname, $type);
554 return clean_param($param, $type);
558 * Returns a particular array value for the named variable, taken from
559 * POST or GET. If the parameter doesn't exist then an error is
560 * thrown because we require this variable.
562 * This function should be used to initialise all required values
563 * in a script that are based on parameters. Usually it will be
565 * $ids = required_param_array('ids', PARAM_INT);
567 * Note: arrays of arrays are not supported, only alphanumeric keys with _ and - are supported
569 * @param string $parname the name of the page parameter we want
570 * @param string $type expected type of parameter
572 * @throws coding_exception
574 function required_param_array($parname, $type) {
575 if (func_num_args() != 2 or empty($parname) or empty($type)) {
576 throw new coding_exception('required_param_array() requires $parname and $type to be specified (parameter: '.$parname.')');
578 // POST has precedence.
579 if (isset($_POST[$parname])) {
580 $param = $_POST[$parname];
581 } else if (isset($_GET[$parname])) {
582 $param = $_GET[$parname];
584 print_error('missingparam', '', '', $parname);
586 if (!is_array($param)) {
587 print_error('missingparam', '', '', $parname);
591 foreach ($param as $key => $value) {
592 if (!preg_match('/^[a-z0-9_-]+$/i', $key)) {
593 debugging('Invalid key name in required_param_array() detected: '.$key.', parameter: '.$parname);
596 $result[$key] = clean_param($value, $type);
603 * Returns a particular value for the named variable, taken from
604 * POST or GET, otherwise returning a given default.
606 * This function should be used to initialise all optional values
607 * in a script that are based on parameters. Usually it will be
609 * $name = optional_param('name', 'Fred', PARAM_TEXT);
611 * Please note the $type parameter is now required and the value can not be array.
613 * @param string $parname the name of the page parameter we want
614 * @param mixed $default the default value to return if nothing is found
615 * @param string $type expected type of parameter
617 * @throws coding_exception
619 function optional_param($parname, $default, $type) {
620 if (func_num_args() != 3 or empty($parname) or empty($type)) {
621 throw new coding_exception('optional_param requires $parname, $default + $type to be specified (parameter: '.$parname.')');
623 if (!isset($default)) {
627 // POST has precedence.
628 if (isset($_POST[$parname])) {
629 $param = $_POST[$parname];
630 } else if (isset($_GET[$parname])) {
631 $param = $_GET[$parname];
636 if (is_array($param)) {
637 debugging('Invalid array parameter detected in required_param(): '.$parname);
638 // TODO: switch to $default in Moodle 2.3.
639 return optional_param_array($parname, $default, $type);
642 return clean_param($param, $type);
646 * Returns a particular array value for the named variable, taken from
647 * POST or GET, otherwise returning a given default.
649 * This function should be used to initialise all optional values
650 * in a script that are based on parameters. Usually it will be
652 * $ids = optional_param('id', array(), PARAM_INT);
654 * Note: arrays of arrays are not supported, only alphanumeric keys with _ and - are supported
656 * @param string $parname the name of the page parameter we want
657 * @param mixed $default the default value to return if nothing is found
658 * @param string $type expected type of parameter
660 * @throws coding_exception
662 function optional_param_array($parname, $default, $type) {
663 if (func_num_args() != 3 or empty($parname) or empty($type)) {
664 throw new coding_exception('optional_param_array requires $parname, $default + $type to be specified (parameter: '.$parname.')');
667 // POST has precedence.
668 if (isset($_POST[$parname])) {
669 $param = $_POST[$parname];
670 } else if (isset($_GET[$parname])) {
671 $param = $_GET[$parname];
675 if (!is_array($param)) {
676 debugging('optional_param_array() expects array parameters only: '.$parname);
681 foreach ($param as $key => $value) {
682 if (!preg_match('/^[a-z0-9_-]+$/i', $key)) {
683 debugging('Invalid key name in optional_param_array() detected: '.$key.', parameter: '.$parname);
686 $result[$key] = clean_param($value, $type);
693 * Strict validation of parameter values, the values are only converted
694 * to requested PHP type. Internally it is using clean_param, the values
695 * before and after cleaning must be equal - otherwise
696 * an invalid_parameter_exception is thrown.
697 * Objects and classes are not accepted.
699 * @param mixed $param
700 * @param string $type PARAM_ constant
701 * @param bool $allownull are nulls valid value?
702 * @param string $debuginfo optional debug information
703 * @return mixed the $param value converted to PHP type
704 * @throws invalid_parameter_exception if $param is not of given type
706 function validate_param($param, $type, $allownull=NULL_NOT_ALLOWED, $debuginfo='') {
707 if (is_null($param)) {
708 if ($allownull == NULL_ALLOWED) {
711 throw new invalid_parameter_exception($debuginfo);
714 if (is_array($param) or is_object($param)) {
715 throw new invalid_parameter_exception($debuginfo);
718 $cleaned = clean_param($param, $type);
720 if ($type == PARAM_FLOAT) {
721 // Do not detect precision loss here.
722 if (is_float($param) or is_int($param)) {
724 } else if (!is_numeric($param) or !preg_match('/^[\+-]?[0-9]*\.?[0-9]*(e[-+]?[0-9]+)?$/i', (string)$param)) {
725 throw new invalid_parameter_exception($debuginfo);
727 } else if ((string)$param !== (string)$cleaned) {
728 // Conversion to string is usually lossless.
729 throw new invalid_parameter_exception($debuginfo);
736 * Makes sure array contains only the allowed types, this function does not validate array key names!
739 * $options = clean_param($options, PARAM_INT);
742 * @param array $param the variable array we are cleaning
743 * @param string $type expected format of param after cleaning.
744 * @param bool $recursive clean recursive arrays
746 * @throws coding_exception
748 function clean_param_array(array $param = null, $type, $recursive = false) {
749 // Convert null to empty array.
750 $param = (array)$param;
751 foreach ($param as $key => $value) {
752 if (is_array($value)) {
754 $param[$key] = clean_param_array($value, $type, true);
756 throw new coding_exception('clean_param_array can not process multidimensional arrays when $recursive is false.');
759 $param[$key] = clean_param($value, $type);
766 * Used by {@link optional_param()} and {@link required_param()} to
767 * clean the variables and/or cast to specific types, based on
770 * $course->format = clean_param($course->format, PARAM_ALPHA);
771 * $selectedgradeitem = clean_param($selectedgradeitem, PARAM_INT);
774 * @param mixed $param the variable we are cleaning
775 * @param string $type expected format of param after cleaning.
777 * @throws coding_exception
779 function clean_param($param, $type) {
782 if (is_array($param)) {
783 throw new coding_exception('clean_param() can not process arrays, please use clean_param_array() instead.');
784 } else if (is_object($param)) {
785 if (method_exists($param, '__toString')) {
786 $param = $param->__toString();
788 throw new coding_exception('clean_param() can not process objects, please use clean_param_array() instead.');
794 // No cleaning at all.
795 $param = fix_utf8($param);
798 case PARAM_RAW_TRIMMED:
799 // No cleaning, but strip leading and trailing whitespace.
800 $param = fix_utf8($param);
804 // General HTML cleaning, try to use more specific type if possible this is deprecated!
805 // Please use more specific type instead.
806 if (is_numeric($param)) {
809 $param = fix_utf8($param);
810 // Sweep for scripts, etc.
811 return clean_text($param);
813 case PARAM_CLEANHTML:
814 // Clean html fragment.
815 $param = fix_utf8($param);
816 // Sweep for scripts, etc.
817 $param = clean_text($param, FORMAT_HTML);
821 // Convert to integer.
826 return (float)$param;
829 // Remove everything not `a-z`.
830 return preg_replace('/[^a-zA-Z]/i', '', $param);
833 // Remove everything not `a-zA-Z_-` (originally allowed "/" too).
834 return preg_replace('/[^a-zA-Z_-]/i', '', $param);
837 // Remove everything not `a-zA-Z0-9`.
838 return preg_replace('/[^A-Za-z0-9]/i', '', $param);
840 case PARAM_ALPHANUMEXT:
841 // Remove everything not `a-zA-Z0-9_-`.
842 return preg_replace('/[^A-Za-z0-9_-]/i', '', $param);
845 // Remove everything not `0-9,`.
846 return preg_replace('/[^0-9,]/i', '', $param);
849 // Convert to 1 or 0.
850 $tempstr = strtolower($param);
851 if ($tempstr === 'on' or $tempstr === 'yes' or $tempstr === 'true') {
853 } else if ($tempstr === 'off' or $tempstr === 'no' or $tempstr === 'false') {
856 $param = empty($param) ? 0 : 1;
862 $param = fix_utf8($param);
863 return strip_tags($param);
866 // Leave only tags needed for multilang.
867 $param = fix_utf8($param);
868 // If the multilang syntax is not correct we strip all tags because it would break xhtml strict which is required
869 // for accessibility standards please note this cleaning does not strip unbalanced '>' for BC compatibility reasons.
871 if (strpos($param, '</lang>') !== false) {
872 // Old and future mutilang syntax.
873 $param = strip_tags($param, '<lang>');
874 if (!preg_match_all('/<.*>/suU', $param, $matches)) {
878 foreach ($matches[0] as $match) {
879 if ($match === '</lang>') {
887 if (!preg_match('/^<lang lang="[a-zA-Z0-9_-]+"\s*>$/u', $match)) {
898 } else if (strpos($param, '</span>') !== false) {
899 // Current problematic multilang syntax.
900 $param = strip_tags($param, '<span>');
901 if (!preg_match_all('/<.*>/suU', $param, $matches)) {
905 foreach ($matches[0] as $match) {
906 if ($match === '</span>') {
914 if (!preg_match('/^<span(\s+lang="[a-zA-Z0-9_-]+"|\s+class="multilang"){2}\s*>$/u', $match)) {
926 // Easy, just strip all tags, if we ever want to fix orphaned '&' we have to do that in format_string().
927 return strip_tags($param);
929 case PARAM_COMPONENT:
930 // We do not want any guessing here, either the name is correct or not
931 // please note only normalised component names are accepted.
932 if (!preg_match('/^[a-z]+(_[a-z][a-z0-9_]*)?[a-z0-9]+$/', $param)) {
935 if (strpos($param, '__') !== false) {
938 if (strpos($param, 'mod_') === 0) {
939 // Module names must not contain underscores because we need to differentiate them from invalid plugin types.
940 if (substr_count($param, '_') != 1) {
948 // We do not want any guessing here, either the name is correct or not.
949 if (!is_valid_plugin_name($param)) {
955 // Remove everything not a-zA-Z0-9_- .
956 return preg_replace('/[^a-zA-Z0-9_-]/i', '', $param);
959 // Remove everything not a-zA-Z0-9/_- .
960 return preg_replace('/[^a-zA-Z0-9\/_-]/i', '', $param);
963 // Strip all suspicious characters from filename.
964 $param = fix_utf8($param);
965 $param = preg_replace('~[[:cntrl:]]|[&<>"`\|\':\\\\/]~u', '', $param);
966 if ($param === '.' || $param === '..') {
972 // Strip all suspicious characters from file path.
973 $param = fix_utf8($param);
974 $param = str_replace('\\', '/', $param);
976 // Explode the path and clean each element using the PARAM_FILE rules.
977 $breadcrumb = explode('/', $param);
978 foreach ($breadcrumb as $key => $crumb) {
979 if ($crumb === '.' && $key === 0) {
980 // Special condition to allow for relative current path such as ./currentdirfile.txt.
982 $crumb = clean_param($crumb, PARAM_FILE);
984 $breadcrumb[$key] = $crumb;
986 $param = implode('/', $breadcrumb);
988 // Remove multiple current path (./././) and multiple slashes (///).
989 $param = preg_replace('~//+~', '/', $param);
990 $param = preg_replace('~/(\./)+~', '/', $param);
994 // Allow FQDN or IPv4 dotted quad.
995 $param = preg_replace('/[^\.\d\w-]/', '', $param );
996 // Match ipv4 dotted quad.
997 if (preg_match('/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/', $param, $match)) {
998 // Confirm values are ok.
1002 || $match[4] > 255 ) {
1003 // Hmmm, what kind of dotted quad is this?
1006 } else if ( preg_match('/^[\w\d\.-]+$/', $param) // Dots, hyphens, numbers.
1007 && !preg_match('/^[\.-]/', $param) // No leading dots/hyphens.
1008 && !preg_match('/[\.-]$/', $param) // No trailing dots/hyphens.
1010 // All is ok - $param is respected.
1017 case PARAM_URL: // Allow safe ftp, http, mailto urls.
1018 $param = fix_utf8($param);
1019 include_once($CFG->dirroot . '/lib/validateurlsyntax.php');
1020 if (!empty($param) && validateUrlSyntax($param, 's?H?S?F?E?u-P-a?I?p?f?q?r?')) {
1021 // All is ok, param is respected.
1028 case PARAM_LOCALURL:
1029 // Allow http absolute, root relative and relative URLs within wwwroot.
1030 $param = clean_param($param, PARAM_URL);
1031 if (!empty($param)) {
1032 if (preg_match(':^/:', $param)) {
1033 // Root-relative, ok!
1034 } else if (preg_match('/^'.preg_quote($CFG->wwwroot, '/').'/i', $param)) {
1035 // Absolute, and matches our wwwroot.
1037 // Relative - let's make sure there are no tricks.
1038 if (validateUrlSyntax('/' . $param, 's-u-P-a-p-f+q?r?')) {
1048 $param = trim($param);
1049 // PEM formatted strings may contain letters/numbers and the symbols:
1053 // , surrounded by BEGIN and END CERTIFICATE prefix and suffixes.
1054 if (preg_match('/^-----BEGIN CERTIFICATE-----([\s\w\/\+=]+)-----END CERTIFICATE-----$/', trim($param), $matches)) {
1055 list($wholething, $body) = $matches;
1056 unset($wholething, $matches);
1057 $b64 = clean_param($body, PARAM_BASE64);
1059 return "-----BEGIN CERTIFICATE-----\n$b64\n-----END CERTIFICATE-----\n";
1067 if (!empty($param)) {
1068 // PEM formatted strings may contain letters/numbers and the symbols
1072 if (0 >= preg_match('/^([\s\w\/\+=]+)$/', trim($param))) {
1075 $lines = preg_split('/[\s]+/', $param, -1, PREG_SPLIT_NO_EMPTY);
1076 // Each line of base64 encoded data must be 64 characters in length, except for the last line which may be less
1077 // than (or equal to) 64 characters long.
1078 for ($i=0, $j=count($lines); $i < $j; $i++) {
1080 if (64 < strlen($lines[$i])) {
1086 if (64 != strlen($lines[$i])) {
1090 return implode("\n", $lines);
1096 $param = fix_utf8($param);
1097 // Please note it is not safe to use the tag name directly anywhere,
1098 // it must be processed with s(), urlencode() before embedding anywhere.
1099 // Remove some nasties.
1100 $param = preg_replace('~[[:cntrl:]]|[<>`]~u', '', $param);
1101 // Convert many whitespace chars into one.
1102 $param = preg_replace('/\s+/', ' ', $param);
1103 $param = core_text::substr(trim($param), 0, TAG_MAX_LENGTH);
1107 $param = fix_utf8($param);
1108 $tags = explode(',', $param);
1110 foreach ($tags as $tag) {
1111 $res = clean_param($tag, PARAM_TAG);
1117 return implode(',', $result);
1122 case PARAM_CAPABILITY:
1123 if (get_capability_info($param)) {
1129 case PARAM_PERMISSION:
1130 $param = (int)$param;
1131 if (in_array($param, array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT))) {
1138 $param = clean_param($param, PARAM_PLUGIN);
1139 if (empty($param)) {
1141 } else if (exists_auth_plugin($param)) {
1148 $param = clean_param($param, PARAM_SAFEDIR);
1149 if (get_string_manager()->translation_exists($param)) {
1152 // Specified language is not installed or param malformed.
1157 $param = clean_param($param, PARAM_PLUGIN);
1158 if (empty($param)) {
1160 } else if (file_exists("$CFG->dirroot/theme/$param/config.php")) {
1162 } else if (!empty($CFG->themedir) and file_exists("$CFG->themedir/$param/config.php")) {
1165 // Specified theme is not installed.
1169 case PARAM_USERNAME:
1170 $param = fix_utf8($param);
1171 $param = str_replace(" " , "", $param);
1172 // Convert uppercase to lowercase MDL-16919.
1173 $param = core_text::strtolower($param);
1174 if (empty($CFG->extendedusernamechars)) {
1175 // Regular expression, eliminate all chars EXCEPT:
1176 // alphanum, dash (-), underscore (_), at sign (@) and period (.) characters.
1177 $param = preg_replace('/[^-\.@_a-z0-9]/', '', $param);
1182 $param = fix_utf8($param);
1183 if (validate_email($param)) {
1189 case PARAM_STRINGID:
1190 if (preg_match('|^[a-zA-Z][a-zA-Z0-9\.:/_-]*$|', $param)) {
1196 case PARAM_TIMEZONE:
1197 // Can be int, float(with .5 or .0) or string seperated by '/' and can have '-_'.
1198 $param = fix_utf8($param);
1199 $timezonepattern = '/^(([+-]?(0?[0-9](\.[5|0])?|1[0-3](\.0)?|1[0-2]\.5))|(99)|[[:alnum:]]+(\/?[[:alpha:]_-])+)$/';
1200 if (preg_match($timezonepattern, $param)) {
1207 // Doh! throw error, switched parameters in optional_param or another serious problem.
1208 print_error("unknownparamtype", '', '', $type);
1213 * Makes sure the data is using valid utf8, invalid characters are discarded.
1215 * Note: this function is not intended for full objects with methods and private properties.
1217 * @param mixed $value
1218 * @return mixed with proper utf-8 encoding
1220 function fix_utf8($value) {
1221 if (is_null($value) or $value === '') {
1224 } else if (is_string($value)) {
1225 if ((string)(int)$value === $value) {
1229 // No null bytes expected in our data, so let's remove it.
1230 $value = str_replace("\0", '', $value);
1232 // Note: this duplicates min_fix_utf8() intentionally.
1233 static $buggyiconv = null;
1234 if ($buggyiconv === null) {
1235 $buggyiconv = (!function_exists('iconv') or @iconv('UTF-8', 'UTF-8//IGNORE', '100'.chr(130).'€') !== '100€');
1239 if (function_exists('mb_convert_encoding')) {
1240 $subst = mb_substitute_character();
1241 mb_substitute_character('');
1242 $result = mb_convert_encoding($value, 'utf-8', 'utf-8');
1243 mb_substitute_character($subst);
1246 // Warn admins on admin/index.php page.
1251 $result = @iconv('UTF-8', 'UTF-8//IGNORE', $value);
1256 } else if (is_array($value)) {
1257 foreach ($value as $k => $v) {
1258 $value[$k] = fix_utf8($v);
1262 } else if (is_object($value)) {
1263 // Do not modify original.
1264 $value = clone($value);
1265 foreach ($value as $k => $v) {
1266 $value->$k = fix_utf8($v);
1271 // This is some other type, no utf-8 here.
1277 * Return true if given value is integer or string with integer value
1279 * @param mixed $value String or Int
1280 * @return bool true if number, false if not
1282 function is_number($value) {
1283 if (is_int($value)) {
1285 } else if (is_string($value)) {
1286 return ((string)(int)$value) === $value;
1293 * Returns host part from url.
1295 * @param string $url full url
1296 * @return string host, null if not found
1298 function get_host_from_url($url) {
1299 preg_match('|^[a-z]+://([a-zA-Z0-9-.]+)|i', $url, $matches);
1307 * Tests whether anything was returned by text editor
1309 * This function is useful for testing whether something you got back from
1310 * the HTML editor actually contains anything. Sometimes the HTML editor
1311 * appear to be empty, but actually you get back a <br> tag or something.
1313 * @param string $string a string containing HTML.
1314 * @return boolean does the string contain any actual content - that is text,
1315 * images, objects, etc.
1317 function html_is_blank($string) {
1318 return trim(strip_tags($string, '<img><object><applet><input><select><textarea><hr>')) == '';
1322 * Set a key in global configuration
1324 * Set a key/value pair in both this session's {@link $CFG} global variable
1325 * and in the 'config' database table for future sessions.
1327 * Can also be used to update keys for plugin-scoped configs in config_plugin table.
1328 * In that case it doesn't affect $CFG.
1330 * A NULL value will delete the entry.
1332 * @param string $name the key to set
1333 * @param string $value the value to set (without magic quotes)
1334 * @param string $plugin (optional) the plugin scope, default null
1335 * @return bool true or exception
1337 function set_config($name, $value, $plugin=null) {
1340 if (empty($plugin)) {
1341 if (!array_key_exists($name, $CFG->config_php_settings)) {
1342 // So it's defined for this invocation at least.
1343 if (is_null($value)) {
1346 // Settings from db are always strings.
1347 $CFG->$name = (string)$value;
1351 if ($DB->get_field('config', 'name', array('name' => $name))) {
1352 if ($value === null) {
1353 $DB->delete_records('config', array('name' => $name));
1355 $DB->set_field('config', 'value', $value, array('name' => $name));
1358 if ($value !== null) {
1359 $config = new stdClass();
1360 $config->name = $name;
1361 $config->value = $value;
1362 $DB->insert_record('config', $config, false);
1365 if ($name === 'siteidentifier') {
1366 cache_helper::update_site_identifier($value);
1368 cache_helper::invalidate_by_definition('core', 'config', array(), 'core');
1371 if ($id = $DB->get_field('config_plugins', 'id', array('name' => $name, 'plugin' => $plugin))) {
1372 if ($value===null) {
1373 $DB->delete_records('config_plugins', array('name' => $name, 'plugin' => $plugin));
1375 $DB->set_field('config_plugins', 'value', $value, array('id' => $id));
1378 if ($value !== null) {
1379 $config = new stdClass();
1380 $config->plugin = $plugin;
1381 $config->name = $name;
1382 $config->value = $value;
1383 $DB->insert_record('config_plugins', $config, false);
1386 cache_helper::invalidate_by_definition('core', 'config', array(), $plugin);
1393 * Get configuration values from the global config table
1394 * or the config_plugins table.
1396 * If called with one parameter, it will load all the config
1397 * variables for one plugin, and return them as an object.
1399 * If called with 2 parameters it will return a string single
1400 * value or false if the value is not found.
1402 * @static string|false $siteidentifier The site identifier is not cached. We use this static cache so
1403 * that we need only fetch it once per request.
1404 * @param string $plugin full component name
1405 * @param string $name default null
1406 * @return mixed hash-like object or single value, return false no config found
1407 * @throws dml_exception
1409 function get_config($plugin, $name = null) {
1412 static $siteidentifier = null;
1414 if ($plugin === 'moodle' || $plugin === 'core' || empty($plugin)) {
1415 $forced =& $CFG->config_php_settings;
1419 if (array_key_exists($plugin, $CFG->forced_plugin_settings)) {
1420 $forced =& $CFG->forced_plugin_settings[$plugin];
1427 if ($siteidentifier === null) {
1429 // This may fail during installation.
1430 // If you have a look at {@link initialise_cfg()} you will see that this is how we detect the need to
1431 // install the database.
1432 $siteidentifier = $DB->get_field('config', 'value', array('name' => 'siteidentifier'));
1433 } catch (dml_exception $ex) {
1434 // Set siteidentifier to false. We don't want to trip this continually.
1435 $siteidentifier = false;
1440 if (!empty($name)) {
1441 if (array_key_exists($name, $forced)) {
1442 return (string)$forced[$name];
1443 } else if ($name === 'siteidentifier' && $plugin == 'core') {
1444 return $siteidentifier;
1448 $cache = cache::make('core', 'config');
1449 $result = $cache->get($plugin);
1450 if ($result === false) {
1451 // The user is after a recordset.
1453 $result = $DB->get_records_menu('config_plugins', array('plugin' => $plugin), '', 'name,value');
1455 // This part is not really used any more, but anyway...
1456 $result = $DB->get_records_menu('config', array(), '', 'name,value');;
1458 $cache->set($plugin, $result);
1461 if (!empty($name)) {
1462 if (array_key_exists($name, $result)) {
1463 return $result[$name];
1468 if ($plugin === 'core') {
1469 $result['siteidentifier'] = $siteidentifier;
1472 foreach ($forced as $key => $value) {
1473 if (is_null($value) or is_array($value) or is_object($value)) {
1474 // We do not want any extra mess here, just real settings that could be saved in db.
1475 unset($result[$key]);
1477 // Convert to string as if it went through the DB.
1478 $result[$key] = (string)$value;
1482 return (object)$result;
1486 * Removes a key from global configuration.
1488 * @param string $name the key to set
1489 * @param string $plugin (optional) the plugin scope
1490 * @return boolean whether the operation succeeded.
1492 function unset_config($name, $plugin=null) {
1495 if (empty($plugin)) {
1497 $DB->delete_records('config', array('name' => $name));
1498 cache_helper::invalidate_by_definition('core', 'config', array(), 'core');
1500 $DB->delete_records('config_plugins', array('name' => $name, 'plugin' => $plugin));
1501 cache_helper::invalidate_by_definition('core', 'config', array(), $plugin);
1508 * Remove all the config variables for a given plugin.
1510 * NOTE: this function is called from lib/db/upgrade.php
1512 * @param string $plugin a plugin, for example 'quiz' or 'qtype_multichoice';
1513 * @return boolean whether the operation succeeded.
1515 function unset_all_config_for_plugin($plugin) {
1517 // Delete from the obvious config_plugins first.
1518 $DB->delete_records('config_plugins', array('plugin' => $plugin));
1519 // Next delete any suspect settings from config.
1520 $like = $DB->sql_like('name', '?', true, true, false, '|');
1521 $params = array($DB->sql_like_escape($plugin.'_', '|') . '%');
1522 $DB->delete_records_select('config', $like, $params);
1523 // Finally clear both the plugin cache and the core cache (suspect settings now removed from core).
1524 cache_helper::invalidate_by_definition('core', 'config', array(), array('core', $plugin));
1530 * Use this function to get a list of users from a config setting of type admin_setting_users_with_capability.
1532 * All users are verified if they still have the necessary capability.
1534 * @param string $value the value of the config setting.
1535 * @param string $capability the capability - must match the one passed to the admin_setting_users_with_capability constructor.
1536 * @param bool $includeadmins include administrators.
1537 * @return array of user objects.
1539 function get_users_from_config($value, $capability, $includeadmins = true) {
1540 if (empty($value) or $value === '$@NONE@$') {
1544 // We have to make sure that users still have the necessary capability,
1545 // it should be faster to fetch them all first and then test if they are present
1546 // instead of validating them one-by-one.
1547 $users = get_users_by_capability(context_system::instance(), $capability);
1548 if ($includeadmins) {
1549 $admins = get_admins();
1550 foreach ($admins as $admin) {
1551 $users[$admin->id] = $admin;
1555 if ($value === '$@ALL@$') {
1559 $result = array(); // Result in correct order.
1560 $allowed = explode(',', $value);
1561 foreach ($allowed as $uid) {
1562 if (isset($users[$uid])) {
1563 $user = $users[$uid];
1564 $result[$user->id] = $user;
1573 * Invalidates browser caches and cached data in temp.
1575 * IMPORTANT - If you are adding anything here to do with the cache directory you should also have a look at
1576 * {@link phpunit_util::reset_dataroot()}
1580 function purge_all_caches() {
1583 reset_text_filters_cache();
1584 js_reset_all_caches();
1585 theme_reset_all_caches();
1586 get_string_manager()->reset_caches();
1587 core_text::reset_caches();
1588 if (class_exists('core_plugin_manager')) {
1589 core_plugin_manager::reset_caches();
1592 // Bump up cacherev field for all courses.
1594 increment_revision_number('course', 'cacherev', '');
1595 } catch (moodle_exception $e) {
1596 // Ignore exception since this function is also called before upgrade script when field course.cacherev does not exist yet.
1599 $DB->reset_caches();
1600 cache_helper::purge_all();
1602 // Purge all other caches: rss, simplepie, etc.
1603 remove_dir($CFG->cachedir.'', true);
1605 // Make sure cache dir is writable, throws exception if not.
1606 make_cache_directory('');
1608 // This is the only place where we purge local caches, we are only adding files there.
1609 // The $CFG->localcachedirpurged flag forces local directories to be purged on cluster nodes.
1610 remove_dir($CFG->localcachedir, true);
1611 set_config('localcachedirpurged', time());
1612 make_localcache_directory('', true);
1613 \core\task\manager::clear_static_caches();
1617 * Get volatile flags
1619 * @param string $type
1620 * @param int $changedsince default null
1621 * @return array records array
1623 function get_cache_flags($type, $changedsince = null) {
1626 $params = array('type' => $type, 'expiry' => time());
1627 $sqlwhere = "flagtype = :type AND expiry >= :expiry";
1628 if ($changedsince !== null) {
1629 $params['changedsince'] = $changedsince;
1630 $sqlwhere .= " AND timemodified > :changedsince";
1633 if ($flags = $DB->get_records_select('cache_flags', $sqlwhere, $params, '', 'name,value')) {
1634 foreach ($flags as $flag) {
1635 $cf[$flag->name] = $flag->value;
1642 * Get volatile flags
1644 * @param string $type
1645 * @param string $name
1646 * @param int $changedsince default null
1647 * @return string|false The cache flag value or false
1649 function get_cache_flag($type, $name, $changedsince=null) {
1652 $params = array('type' => $type, 'name' => $name, 'expiry' => time());
1654 $sqlwhere = "flagtype = :type AND name = :name AND expiry >= :expiry";
1655 if ($changedsince !== null) {
1656 $params['changedsince'] = $changedsince;
1657 $sqlwhere .= " AND timemodified > :changedsince";
1660 return $DB->get_field_select('cache_flags', 'value', $sqlwhere, $params);
1664 * Set a volatile flag
1666 * @param string $type the "type" namespace for the key
1667 * @param string $name the key to set
1668 * @param string $value the value to set (without magic quotes) - null will remove the flag
1669 * @param int $expiry (optional) epoch indicating expiry - defaults to now()+ 24hs
1670 * @return bool Always returns true
1672 function set_cache_flag($type, $name, $value, $expiry = null) {
1675 $timemodified = time();
1676 if ($expiry === null || $expiry < $timemodified) {
1677 $expiry = $timemodified + 24 * 60 * 60;
1679 $expiry = (int)$expiry;
1682 if ($value === null) {
1683 unset_cache_flag($type, $name);
1687 if ($f = $DB->get_record('cache_flags', array('name' => $name, 'flagtype' => $type), '*', IGNORE_MULTIPLE)) {
1688 // This is a potential problem in DEBUG_DEVELOPER.
1689 if ($f->value == $value and $f->expiry == $expiry and $f->timemodified == $timemodified) {
1690 return true; // No need to update.
1693 $f->expiry = $expiry;
1694 $f->timemodified = $timemodified;
1695 $DB->update_record('cache_flags', $f);
1697 $f = new stdClass();
1698 $f->flagtype = $type;
1701 $f->expiry = $expiry;
1702 $f->timemodified = $timemodified;
1703 $DB->insert_record('cache_flags', $f);
1709 * Removes a single volatile flag
1711 * @param string $type the "type" namespace for the key
1712 * @param string $name the key to set
1715 function unset_cache_flag($type, $name) {
1717 $DB->delete_records('cache_flags', array('name' => $name, 'flagtype' => $type));
1722 * Garbage-collect volatile flags
1724 * @return bool Always returns true
1726 function gc_cache_flags() {
1728 $DB->delete_records_select('cache_flags', 'expiry < ?', array(time()));
1732 // USER PREFERENCE API.
1735 * Refresh user preference cache. This is used most often for $USER
1736 * object that is stored in session, but it also helps with performance in cron script.
1738 * Preferences for each user are loaded on first use on every page, then again after the timeout expires.
1741 * @category preference
1743 * @param stdClass $user User object. Preferences are preloaded into 'preference' property
1744 * @param int $cachelifetime Cache life time on the current page (in seconds)
1745 * @throws coding_exception
1748 function check_user_preferences_loaded(stdClass $user, $cachelifetime = 120) {
1750 // Static cache, we need to check on each page load, not only every 2 minutes.
1751 static $loadedusers = array();
1753 if (!isset($user->id)) {
1754 throw new coding_exception('Invalid $user parameter in check_user_preferences_loaded() call, missing id field');
1757 if (empty($user->id) or isguestuser($user->id)) {
1758 // No permanent storage for not-logged-in users and guest.
1759 if (!isset($user->preference)) {
1760 $user->preference = array();
1767 if (isset($loadedusers[$user->id]) and isset($user->preference) and isset($user->preference['_lastloaded'])) {
1768 // Already loaded at least once on this page. Are we up to date?
1769 if ($user->preference['_lastloaded'] + $cachelifetime > $timenow) {
1770 // No need to reload - we are on the same page and we loaded prefs just a moment ago.
1773 } else if (!get_cache_flag('userpreferenceschanged', $user->id, $user->preference['_lastloaded'])) {
1774 // No change since the lastcheck on this page.
1775 $user->preference['_lastloaded'] = $timenow;
1780 // OK, so we have to reload all preferences.
1781 $loadedusers[$user->id] = true;
1782 $user->preference = $DB->get_records_menu('user_preferences', array('userid' => $user->id), '', 'name,value'); // All values.
1783 $user->preference['_lastloaded'] = $timenow;
1787 * Called from set/unset_user_preferences, so that the prefs can be correctly reloaded in different sessions.
1789 * NOTE: internal function, do not call from other code.
1793 * @param integer $userid the user whose prefs were changed.
1795 function mark_user_preferences_changed($userid) {
1798 if (empty($userid) or isguestuser($userid)) {
1799 // No cache flags for guest and not-logged-in users.
1803 set_cache_flag('userpreferenceschanged', $userid, 1, time() + $CFG->sessiontimeout);
1807 * Sets a preference for the specified user.
1809 * If a $user object is submitted it's 'preference' property is used for the preferences cache.
1812 * @category preference
1814 * @param string $name The key to set as preference for the specified user
1815 * @param string $value The value to set for the $name key in the specified user's
1816 * record, null means delete current value.
1817 * @param stdClass|int|null $user A moodle user object or id, null means current user
1818 * @throws coding_exception
1819 * @return bool Always true or exception
1821 function set_user_preference($name, $value, $user = null) {
1824 if (empty($name) or is_numeric($name) or $name === '_lastloaded') {
1825 throw new coding_exception('Invalid preference name in set_user_preference() call');
1828 if (is_null($value)) {
1829 // Null means delete current.
1830 return unset_user_preference($name, $user);
1831 } else if (is_object($value)) {
1832 throw new coding_exception('Invalid value in set_user_preference() call, objects are not allowed');
1833 } else if (is_array($value)) {
1834 throw new coding_exception('Invalid value in set_user_preference() call, arrays are not allowed');
1836 // Value column maximum length is 1333 characters.
1837 $value = (string)$value;
1838 if (core_text::strlen($value) > 1333) {
1839 throw new coding_exception('Invalid value in set_user_preference() call, value is is too long for the value column');
1842 if (is_null($user)) {
1844 } else if (isset($user->id)) {
1845 // It is a valid object.
1846 } else if (is_numeric($user)) {
1847 $user = (object)array('id' => (int)$user);
1849 throw new coding_exception('Invalid $user parameter in set_user_preference() call');
1852 check_user_preferences_loaded($user);
1854 if (empty($user->id) or isguestuser($user->id)) {
1855 // No permanent storage for not-logged-in users and guest.
1856 $user->preference[$name] = $value;
1860 if ($preference = $DB->get_record('user_preferences', array('userid' => $user->id, 'name' => $name))) {
1861 if ($preference->value === $value and isset($user->preference[$name]) and $user->preference[$name] === $value) {
1862 // Preference already set to this value.
1865 $DB->set_field('user_preferences', 'value', $value, array('id' => $preference->id));
1868 $preference = new stdClass();
1869 $preference->userid = $user->id;
1870 $preference->name = $name;
1871 $preference->value = $value;
1872 $DB->insert_record('user_preferences', $preference);
1875 // Update value in cache.
1876 $user->preference[$name] = $value;
1878 // Set reload flag for other sessions.
1879 mark_user_preferences_changed($user->id);
1885 * Sets a whole array of preferences for the current user
1887 * If a $user object is submitted it's 'preference' property is used for the preferences cache.
1890 * @category preference
1892 * @param array $prefarray An array of key/value pairs to be set
1893 * @param stdClass|int|null $user A moodle user object or id, null means current user
1894 * @return bool Always true or exception
1896 function set_user_preferences(array $prefarray, $user = null) {
1897 foreach ($prefarray as $name => $value) {
1898 set_user_preference($name, $value, $user);
1904 * Unsets a preference completely by deleting it from the database
1906 * If a $user object is submitted it's 'preference' property is used for the preferences cache.
1909 * @category preference
1911 * @param string $name The key to unset as preference for the specified user
1912 * @param stdClass|int|null $user A moodle user object or id, null means current user
1913 * @throws coding_exception
1914 * @return bool Always true or exception
1916 function unset_user_preference($name, $user = null) {
1919 if (empty($name) or is_numeric($name) or $name === '_lastloaded') {
1920 throw new coding_exception('Invalid preference name in unset_user_preference() call');
1923 if (is_null($user)) {
1925 } else if (isset($user->id)) {
1926 // It is a valid object.
1927 } else if (is_numeric($user)) {
1928 $user = (object)array('id' => (int)$user);
1930 throw new coding_exception('Invalid $user parameter in unset_user_preference() call');
1933 check_user_preferences_loaded($user);
1935 if (empty($user->id) or isguestuser($user->id)) {
1936 // No permanent storage for not-logged-in user and guest.
1937 unset($user->preference[$name]);
1942 $DB->delete_records('user_preferences', array('userid' => $user->id, 'name' => $name));
1944 // Delete the preference from cache.
1945 unset($user->preference[$name]);
1947 // Set reload flag for other sessions.
1948 mark_user_preferences_changed($user->id);
1954 * Used to fetch user preference(s)
1956 * If no arguments are supplied this function will return
1957 * all of the current user preferences as an array.
1959 * If a name is specified then this function
1960 * attempts to return that particular preference value. If
1961 * none is found, then the optional value $default is returned,
1964 * If a $user object is submitted it's 'preference' property is used for the preferences cache.
1967 * @category preference
1969 * @param string $name Name of the key to use in finding a preference value
1970 * @param mixed|null $default Value to be returned if the $name key is not set in the user preferences
1971 * @param stdClass|int|null $user A moodle user object or id, null means current user
1972 * @throws coding_exception
1973 * @return string|mixed|null A string containing the value of a single preference. An
1974 * array with all of the preferences or null
1976 function get_user_preferences($name = null, $default = null, $user = null) {
1979 if (is_null($name)) {
1981 } else if (is_numeric($name) or $name === '_lastloaded') {
1982 throw new coding_exception('Invalid preference name in get_user_preferences() call');
1985 if (is_null($user)) {
1987 } else if (isset($user->id)) {
1988 // Is a valid object.
1989 } else if (is_numeric($user)) {
1990 $user = (object)array('id' => (int)$user);
1992 throw new coding_exception('Invalid $user parameter in get_user_preferences() call');
1995 check_user_preferences_loaded($user);
1999 return $user->preference;
2000 } else if (isset($user->preference[$name])) {
2001 // The single string value.
2002 return $user->preference[$name];
2004 // Default value (null if not specified).
2009 // FUNCTIONS FOR HANDLING TIME.
2012 * Given date parts in user time produce a GMT timestamp.
2016 * @param int $year The year part to create timestamp of
2017 * @param int $month The month part to create timestamp of
2018 * @param int $day The day part to create timestamp of
2019 * @param int $hour The hour part to create timestamp of
2020 * @param int $minute The minute part to create timestamp of
2021 * @param int $second The second part to create timestamp of
2022 * @param int|float|string $timezone Timezone modifier, used to calculate GMT time offset.
2023 * if 99 then default user's timezone is used {@link http://docs.moodle.org/dev/Time_API#Timezone}
2024 * @param bool $applydst Toggle Daylight Saving Time, default true, will be
2025 * applied only if timezone is 99 or string.
2026 * @return int GMT timestamp
2028 function make_timestamp($year, $month=1, $day=1, $hour=0, $minute=0, $second=0, $timezone=99, $applydst=true) {
2030 // Save input timezone, required for dst offset check.
2031 $passedtimezone = $timezone;
2033 $timezone = get_user_timezone_offset($timezone);
2035 if (abs($timezone) > 13) {
2037 $time = mktime((int)$hour, (int)$minute, (int)$second, (int)$month, (int)$day, (int)$year);
2039 $time = gmmktime((int)$hour, (int)$minute, (int)$second, (int)$month, (int)$day, (int)$year);
2040 $time = usertime($time, $timezone);
2042 // Apply dst for string timezones or if 99 then try dst offset with user's default timezone.
2043 if ($applydst && ((99 == $passedtimezone) || !is_numeric($passedtimezone))) {
2044 $time -= dst_offset_on($time, $passedtimezone);
2053 * Format a date/time (seconds) as weeks, days, hours etc as needed
2055 * Given an amount of time in seconds, returns string
2056 * formatted nicely as weeks, days, hours etc as needed
2064 * @param int $totalsecs Time in seconds
2065 * @param stdClass $str Should be a time object
2066 * @return string A nicely formatted date/time string
2068 function format_time($totalsecs, $str = null) {
2070 $totalsecs = abs($totalsecs);
2073 // Create the str structure the slow way.
2074 $str = new stdClass();
2075 $str->day = get_string('day');
2076 $str->days = get_string('days');
2077 $str->hour = get_string('hour');
2078 $str->hours = get_string('hours');
2079 $str->min = get_string('min');
2080 $str->mins = get_string('mins');
2081 $str->sec = get_string('sec');
2082 $str->secs = get_string('secs');
2083 $str->year = get_string('year');
2084 $str->years = get_string('years');
2087 $years = floor($totalsecs/YEARSECS);
2088 $remainder = $totalsecs - ($years*YEARSECS);
2089 $days = floor($remainder/DAYSECS);
2090 $remainder = $totalsecs - ($days*DAYSECS);
2091 $hours = floor($remainder/HOURSECS);
2092 $remainder = $remainder - ($hours*HOURSECS);
2093 $mins = floor($remainder/MINSECS);
2094 $secs = $remainder - ($mins*MINSECS);
2096 $ss = ($secs == 1) ? $str->sec : $str->secs;
2097 $sm = ($mins == 1) ? $str->min : $str->mins;
2098 $sh = ($hours == 1) ? $str->hour : $str->hours;
2099 $sd = ($days == 1) ? $str->day : $str->days;
2100 $sy = ($years == 1) ? $str->year : $str->years;
2109 $oyears = $years .' '. $sy;
2112 $odays = $days .' '. $sd;
2115 $ohours = $hours .' '. $sh;
2118 $omins = $mins .' '. $sm;
2121 $osecs = $secs .' '. $ss;
2125 return trim($oyears .' '. $odays);
2128 return trim($odays .' '. $ohours);
2131 return trim($ohours .' '. $omins);
2134 return trim($omins .' '. $osecs);
2139 return get_string('now');
2143 * Returns a formatted string that represents a date in user time.
2147 * @param int $date the timestamp in UTC, as obtained from the database.
2148 * @param string $format strftime format. You should probably get this using
2149 * get_string('strftime...', 'langconfig');
2150 * @param int|float|string $timezone by default, uses the user's time zone. if numeric and
2151 * not 99 then daylight saving will not be added.
2152 * {@link http://docs.moodle.org/dev/Time_API#Timezone}
2153 * @param bool $fixday If true (default) then the leading zero from %d is removed.
2154 * If false then the leading zero is maintained.
2155 * @param bool $fixhour If true (default) then the leading zero from %I is removed.
2156 * @return string the formatted date/time.
2158 function userdate($date, $format = '', $timezone = 99, $fixday = true, $fixhour = true) {
2159 $calendartype = \core_calendar\type_factory::get_calendar_instance();
2160 return $calendartype->timestamp_to_date_string($date, $format, $timezone, $fixday, $fixhour);
2164 * Returns a formatted date ensuring it is UTF-8.
2166 * If we are running under Windows convert to Windows encoding and then back to UTF-8
2167 * (because it's impossible to specify UTF-8 to fetch locale info in Win32).
2169 * This function does not do any calculation regarding the user preferences and should
2170 * therefore receive the final date timestamp, format and timezone. Timezone being only used
2171 * to differentiate the use of server time or not (strftime() against gmstrftime()).
2173 * @param int $date the timestamp.
2174 * @param string $format strftime format.
2175 * @param int|float $tz the numerical timezone, typically returned by {@link get_user_timezone_offset()}.
2176 * @return string the formatted date/time.
2177 * @since Moodle 2.3.3
2179 function date_format_string($date, $format, $tz = 99) {
2182 $localewincharset = null;
2183 // Get the calendar type user is using.
2184 if ($CFG->ostype == 'WINDOWS') {
2185 $calendartype = \core_calendar\type_factory::get_calendar_instance();
2186 $localewincharset = $calendartype->locale_win_charset();
2189 if (abs($tz) > 13) {
2190 if ($localewincharset) {
2191 $format = core_text::convert($format, 'utf-8', $localewincharset);
2192 $datestring = strftime($format, $date);
2193 $datestring = core_text::convert($datestring, $localewincharset, 'utf-8');
2195 $datestring = strftime($format, $date);
2198 if ($localewincharset) {
2199 $format = core_text::convert($format, 'utf-8', $localewincharset);
2200 $datestring = gmstrftime($format, $date);
2201 $datestring = core_text::convert($datestring, $localewincharset, 'utf-8');
2203 $datestring = gmstrftime($format, $date);
2210 * Given a $time timestamp in GMT (seconds since epoch),
2211 * returns an array that represents the date in user time
2216 * @param int $time Timestamp in GMT
2217 * @param float|int|string $timezone offset's time with timezone, if float and not 99, then no
2218 * dst offset is applied {@link http://docs.moodle.org/dev/Time_API#Timezone}
2219 * @return array An array that represents the date in user time
2221 function usergetdate($time, $timezone=99) {
2223 // Save input timezone, required for dst offset check.
2224 $passedtimezone = $timezone;
2226 $timezone = get_user_timezone_offset($timezone);
2228 if (abs($timezone) > 13) {
2230 return getdate($time);
2233 // Add daylight saving offset for string timezones only, as we can't get dst for
2234 // float values. if timezone is 99 (user default timezone), then try update dst.
2235 if ($passedtimezone == 99 || !is_numeric($passedtimezone)) {
2236 $time += dst_offset_on($time, $passedtimezone);
2239 $time += intval((float)$timezone * HOURSECS);
2241 $datestring = gmstrftime('%B_%A_%j_%Y_%m_%w_%d_%H_%M_%S', $time);
2243 // Be careful to ensure the returned array matches that produced by getdate() above.
2246 $getdate['weekday'],
2253 $getdate['minutes'],
2255 ) = explode('_', $datestring);
2257 // Set correct datatype to match with getdate().
2258 $getdate['seconds'] = (int)$getdate['seconds'];
2259 $getdate['yday'] = (int)$getdate['yday'] - 1; // The function gmstrftime returns 0 through 365.
2260 $getdate['year'] = (int)$getdate['year'];
2261 $getdate['mon'] = (int)$getdate['mon'];
2262 $getdate['wday'] = (int)$getdate['wday'];
2263 $getdate['mday'] = (int)$getdate['mday'];
2264 $getdate['hours'] = (int)$getdate['hours'];
2265 $getdate['minutes'] = (int)$getdate['minutes'];
2270 * Given a GMT timestamp (seconds since epoch), offsets it by
2271 * the timezone. eg 3pm in India is 3pm GMT - 7 * 3600 seconds
2276 * @param int $date Timestamp in GMT
2277 * @param float|int|string $timezone timezone to calculate GMT time offset before
2278 * calculating user time, 99 is default user timezone
2279 * {@link http://docs.moodle.org/dev/Time_API#Timezone}
2282 function usertime($date, $timezone=99) {
2284 $timezone = get_user_timezone_offset($timezone);
2286 if (abs($timezone) > 13) {
2289 return $date - (int)($timezone * HOURSECS);
2293 * Given a time, return the GMT timestamp of the most recent midnight
2294 * for the current user.
2298 * @param int $date Timestamp in GMT
2299 * @param float|int|string $timezone timezone to calculate GMT time offset before
2300 * calculating user midnight time, 99 is default user timezone
2301 * {@link http://docs.moodle.org/dev/Time_API#Timezone}
2302 * @return int Returns a GMT timestamp
2304 function usergetmidnight($date, $timezone=99) {
2306 $userdate = usergetdate($date, $timezone);
2308 // Time of midnight of this user's day, in GMT.
2309 return make_timestamp($userdate['year'], $userdate['mon'], $userdate['mday'], 0, 0, 0, $timezone);
2314 * Returns a string that prints the user's timezone
2318 * @param float|int|string $timezone timezone to calculate GMT time offset before
2319 * calculating user timezone, 99 is default user timezone
2320 * {@link http://docs.moodle.org/dev/Time_API#Timezone}
2323 function usertimezone($timezone=99) {
2325 $tz = get_user_timezone($timezone);
2327 if (!is_float($tz)) {
2331 if (abs($tz) > 13) {
2333 return get_string('serverlocaltime');
2336 if ($tz == intval($tz)) {
2337 // Don't show .0 for whole hours.
2343 } else if ($tz > 0) {
2352 * Returns a float which represents the user's timezone difference from GMT in hours
2353 * Checks various settings and picks the most dominant of those which have a value
2357 * @param float|int|string $tz timezone to calculate GMT time offset for user,
2358 * 99 is default user timezone
2359 * {@link http://docs.moodle.org/dev/Time_API#Timezone}
2362 function get_user_timezone_offset($tz = 99) {
2363 $tz = get_user_timezone($tz);
2365 if (is_float($tz)) {
2368 $tzrecord = get_timezone_record($tz);
2369 if (empty($tzrecord)) {
2372 return (float)$tzrecord->gmtoff / HOURMINS;
2377 * Returns an int which represents the systems's timezone difference from GMT in seconds
2381 * @param float|int|string $tz timezone for which offset is required.
2382 * {@link http://docs.moodle.org/dev/Time_API#Timezone}
2383 * @return int|bool if found, false is timezone 99 or error
2385 function get_timezone_offset($tz) {
2390 if (is_numeric($tz)) {
2391 return intval($tz * 60*60);
2394 if (!$tzrecord = get_timezone_record($tz)) {
2397 return intval($tzrecord->gmtoff * 60);
2401 * Returns a float or a string which denotes the user's timezone
2402 * A float value means that a simple offset from GMT is used, while a string (it will be the name of a timezone in the database)
2403 * means that for this timezone there are also DST rules to be taken into account
2404 * Checks various settings and picks the most dominant of those which have a value
2408 * @param float|int|string $tz timezone to calculate GMT time offset before
2409 * calculating user timezone, 99 is default user timezone
2410 * {@link http://docs.moodle.org/dev/Time_API#Timezone}
2411 * @return float|string
2413 function get_user_timezone($tz = 99) {
2418 isset($CFG->forcetimezone) ? $CFG->forcetimezone : 99,
2419 isset($USER->timezone) ? $USER->timezone : 99,
2420 isset($CFG->timezone) ? $CFG->timezone : 99,
2425 // Loop while $tz is, empty but not zero, or 99, and there is another timezone is the array.
2426 while (((empty($tz) && !is_numeric($tz)) || $tz == 99) && $next = each($timezones)) {
2427 $tz = $next['value'];
2429 return is_numeric($tz) ? (float) $tz : $tz;
2433 * Returns cached timezone record for given $timezonename
2436 * @param string $timezonename name of the timezone
2437 * @return stdClass|bool timezonerecord or false
2439 function get_timezone_record($timezonename) {
2441 static $cache = null;
2443 if ($cache === null) {
2447 if (isset($cache[$timezonename])) {
2448 return $cache[$timezonename];
2451 return $cache[$timezonename] = $DB->get_record_sql('SELECT * FROM {timezone}
2452 WHERE name = ? ORDER BY year DESC', array($timezonename), IGNORE_MULTIPLE);
2456 * Build and store the users Daylight Saving Time (DST) table
2459 * @param int $fromyear Start year for the table, defaults to 1971
2460 * @param int $toyear End year for the table, defaults to 2035
2461 * @param int|float|string $strtimezone timezone to check if dst should be applied.
2464 function calculate_user_dst_table($fromyear = null, $toyear = null, $strtimezone = null) {
2465 global $SESSION, $DB;
2467 $usertz = get_user_timezone($strtimezone);
2469 if (is_float($usertz)) {
2470 // Trivial timezone, no DST.
2474 if (!empty($SESSION->dst_offsettz) && $SESSION->dst_offsettz != $usertz) {
2475 // We have pre-calculated values, but the user's effective TZ has changed in the meantime, so reset.
2476 unset($SESSION->dst_offsets);
2477 unset($SESSION->dst_range);
2480 if (!empty($SESSION->dst_offsets) && empty($fromyear) && empty($toyear)) {
2481 // Repeat calls which do not request specific year ranges stop here, we have already calculated the table.
2482 // This will be the return path most of the time, pretty light computationally.
2486 // Reaching here means we either need to extend our table or create it from scratch.
2488 // Remember which TZ we calculated these changes for.
2489 $SESSION->dst_offsettz = $usertz;
2491 if (empty($SESSION->dst_offsets)) {
2492 // If we 're creating from scratch, put the two guard elements in there.
2493 $SESSION->dst_offsets = array(1 => null, 0 => null);
2495 if (empty($SESSION->dst_range)) {
2496 // If creating from scratch.
2497 $from = max((empty($fromyear) ? intval(date('Y')) - 3 : $fromyear), 1971);
2498 $to = min((empty($toyear) ? intval(date('Y')) + 3 : $toyear), 2035);
2500 // Fill in the array with the extra years we need to process.
2501 $yearstoprocess = array();
2502 for ($i = $from; $i <= $to; ++$i) {
2503 $yearstoprocess[] = $i;
2506 // Take note of which years we have processed for future calls.
2507 $SESSION->dst_range = array($from, $to);
2509 // If needing to extend the table, do the same.
2510 $yearstoprocess = array();
2512 $from = max((empty($fromyear) ? $SESSION->dst_range[0] : $fromyear), 1971);
2513 $to = min((empty($toyear) ? $SESSION->dst_range[1] : $toyear), 2035);
2515 if ($from < $SESSION->dst_range[0]) {
2516 // Take note of which years we need to process and then note that we have processed them for future calls.
2517 for ($i = $from; $i < $SESSION->dst_range[0]; ++$i) {
2518 $yearstoprocess[] = $i;
2520 $SESSION->dst_range[0] = $from;
2522 if ($to > $SESSION->dst_range[1]) {
2523 // Take note of which years we need to process and then note that we have processed them for future calls.
2524 for ($i = $SESSION->dst_range[1] + 1; $i <= $to; ++$i) {
2525 $yearstoprocess[] = $i;
2527 $SESSION->dst_range[1] = $to;
2531 if (empty($yearstoprocess)) {
2532 // This means that there was a call requesting a SMALLER range than we have already calculated.
2536 // From now on, we know that the array has at least the two guard elements, and $yearstoprocess has the years we need
2537 // Also, the array is sorted in descending timestamp order!
2541 static $presetscache = array();
2542 if (!isset($presetscache[$usertz])) {
2543 $presetscache[$usertz] = $DB->get_records('timezone', array('name' => $usertz),
2544 'year DESC', 'year, gmtoff, dstoff, dst_month, dst_startday, dst_weekday, dst_skipweeks, dst_time, std_month, '.
2545 'std_startday, std_weekday, std_skipweeks, std_time');
2547 if (empty($presetscache[$usertz])) {
2551 // Remove ending guard (first element of the array).
2552 reset($SESSION->dst_offsets);
2553 unset($SESSION->dst_offsets[key($SESSION->dst_offsets)]);
2555 // Add all required change timestamps.
2556 foreach ($yearstoprocess as $y) {
2557 // Find the record which is in effect for the year $y.
2558 foreach ($presetscache[$usertz] as $year => $preset) {
2564 $changes = dst_changes_for_year($y, $preset);
2566 if ($changes === null) {
2569 if ($changes['dst'] != 0) {
2570 $SESSION->dst_offsets[$changes['dst']] = $preset->dstoff * MINSECS;
2572 if ($changes['std'] != 0) {
2573 $SESSION->dst_offsets[$changes['std']] = 0;
2577 // Put in a guard element at the top.
2578 $maxtimestamp = max(array_keys($SESSION->dst_offsets));
2579 $SESSION->dst_offsets[($maxtimestamp + DAYSECS)] = null; // DAYSECS is arbitrary, any "small" number will do.
2582 krsort($SESSION->dst_offsets);
2588 * Calculates the required DST change and returns a Timestamp Array
2594 * @param int|string $year Int or String Year to focus on
2595 * @param object $timezone Instatiated Timezone object
2596 * @return array|null Array dst => xx, 0 => xx, std => yy, 1 => yy or null
2598 function dst_changes_for_year($year, $timezone) {
2600 if ($timezone->dst_startday == 0 && $timezone->dst_weekday == 0 &&
2601 $timezone->std_startday == 0 && $timezone->std_weekday == 0) {
2605 $monthdaydst = find_day_in_month($timezone->dst_startday, $timezone->dst_weekday, $timezone->dst_month, $year);
2606 $monthdaystd = find_day_in_month($timezone->std_startday, $timezone->std_weekday, $timezone->std_month, $year);
2608 list($dsthour, $dstmin) = explode(':', $timezone->dst_time);
2609 list($stdhour, $stdmin) = explode(':', $timezone->std_time);
2611 $timedst = make_timestamp($year, $timezone->dst_month, $monthdaydst, 0, 0, 0, 99, false);
2612 $timestd = make_timestamp($year, $timezone->std_month, $monthdaystd, 0, 0, 0, 99, false);
2614 // Instead of putting hour and minute in make_timestamp(), we add them afterwards.
2615 // This has the advantage of being able to have negative values for hour, i.e. for timezones
2616 // where GMT time would be in the PREVIOUS day than the local one on which DST changes.
2618 $timedst += $dsthour * HOURSECS + $dstmin * MINSECS;
2619 $timestd += $stdhour * HOURSECS + $stdmin * MINSECS;
2621 return array('dst' => $timedst, 0 => $timedst, 'std' => $timestd, 1 => $timestd);
2625 * Calculates the Daylight Saving Offset for a given date/time (timestamp)
2626 * - Note: Daylight saving only works for string timezones and not for float.
2630 * @param int $time must NOT be compensated at all, it has to be a pure timestamp
2631 * @param int|float|string $strtimezone timezone for which offset is expected, if 99 or null
2632 * then user's default timezone is used. {@link http://docs.moodle.org/dev/Time_API#Timezone}
2635 function dst_offset_on($time, $strtimezone = null) {
2638 if (!calculate_user_dst_table(null, null, $strtimezone) || empty($SESSION->dst_offsets)) {
2642 reset($SESSION->dst_offsets);
2643 while (list($from, $offset) = each($SESSION->dst_offsets)) {
2644 if ($from <= $time) {
2649 // This is the normal return path.
2650 if ($offset !== null) {
2654 // Reaching this point means we haven't calculated far enough, do it now:
2655 // Calculate extra DST changes if needed and recurse. The recursion always
2656 // moves toward the stopping condition, so will always end.
2659 // We need a year smaller than $SESSION->dst_range[0].
2660 if ($SESSION->dst_range[0] == 1971) {
2663 calculate_user_dst_table($SESSION->dst_range[0] - 5, null, $strtimezone);
2664 return dst_offset_on($time, $strtimezone);
2666 // We need a year larger than $SESSION->dst_range[1].
2667 if ($SESSION->dst_range[1] == 2035) {
2670 calculate_user_dst_table(null, $SESSION->dst_range[1] + 5, $strtimezone);
2671 return dst_offset_on($time, $strtimezone);
2676 * Calculates when the day appears in specific month
2680 * @param int $startday starting day of the month
2681 * @param int $weekday The day when week starts (normally taken from user preferences)
2682 * @param int $month The month whose day is sought
2683 * @param int $year The year of the month whose day is sought
2686 function find_day_in_month($startday, $weekday, $month, $year) {
2687 $calendartype = \core_calendar\type_factory::get_calendar_instance();
2689 $daysinmonth = days_in_month($month, $year);
2690 $daysinweek = count($calendartype->get_weekdays());
2692 if ($weekday == -1) {
2693 // Don't care about weekday, so return:
2694 // abs($startday) if $startday != -1
2695 // $daysinmonth otherwise.
2696 return ($startday == -1) ? $daysinmonth : abs($startday);
2699 // From now on we 're looking for a specific weekday.
2700 // Give "end of month" its actual value, since we know it.
2701 if ($startday == -1) {
2702 $startday = -1 * $daysinmonth;
2705 // Starting from day $startday, the sign is the direction.
2706 if ($startday < 1) {
2707 $startday = abs($startday);
2708 $lastmonthweekday = dayofweek($daysinmonth, $month, $year);
2710 // This is the last such weekday of the month.
2711 $lastinmonth = $daysinmonth + $weekday - $lastmonthweekday;
2712 if ($lastinmonth > $daysinmonth) {
2713 $lastinmonth -= $daysinweek;
2716 // Find the first such weekday <= $startday.
2717 while ($lastinmonth > $startday) {
2718 $lastinmonth -= $daysinweek;
2721 return $lastinmonth;
2723 $indexweekday = dayofweek($startday, $month, $year);
2725 $diff = $weekday - $indexweekday;
2727 $diff += $daysinweek;
2730 // This is the first such weekday of the month equal to or after $startday.
2731 $firstfromindex = $startday + $diff;
2733 return $firstfromindex;
2738 * Calculate the number of days in a given month
2742 * @param int $month The month whose day count is sought
2743 * @param int $year The year of the month whose day count is sought
2746 function days_in_month($month, $year) {
2747 $calendartype = \core_calendar\type_factory::get_calendar_instance();
2748 return $calendartype->get_num_days_in_month($year, $month);
2752 * Calculate the position in the week of a specific calendar day
2756 * @param int $day The day of the date whose position in the week is sought
2757 * @param int $month The month of the date whose position in the week is sought
2758 * @param int $year The year of the date whose position in the week is sought
2761 function dayofweek($day, $month, $year) {
2762 $calendartype = \core_calendar\type_factory::get_calendar_instance();
2763 return $calendartype->get_weekday($year, $month, $day);
2766 // USER AUTHENTICATION AND LOGIN.
2769 * Returns full login url.
2771 * @return string login url
2773 function get_login_url() {
2776 $url = "$CFG->wwwroot/login/index.php";
2778 if (!empty($CFG->loginhttps)) {
2779 $url = str_replace('http:', 'https:', $url);
2786 * This function checks that the current user is logged in and has the
2787 * required privileges
2789 * This function checks that the current user is logged in, and optionally
2790 * whether they are allowed to be in a particular course and view a particular
2792 * If they are not logged in, then it redirects them to the site login unless
2793 * $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
2794 * case they are automatically logged in as guests.
2795 * If $courseid is given and the user is not enrolled in that course then the
2796 * user is redirected to the course enrolment page.
2797 * If $cm is given and the course module is hidden and the user is not a teacher
2798 * in the course then the user is redirected to the course home page.
2800 * When $cm parameter specified, this function sets page layout to 'module'.
2801 * You need to change it manually later if some other layout needed.
2803 * @package core_access
2806 * @param mixed $courseorid id of the course or course object
2807 * @param bool $autologinguest default true
2808 * @param object $cm course module object
2809 * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
2810 * true. Used to avoid (=false) some scripts (file.php...) to set that variable,
2811 * in order to keep redirects working properly. MDL-14495
2812 * @param bool $preventredirect set to true in scripts that can not redirect (CLI, rss feeds, etc.), throws exceptions
2813 * @return mixed Void, exit, and die depending on path
2814 * @throws coding_exception
2815 * @throws require_login_exception
2817 function require_login($courseorid = null, $autologinguest = true, $cm = null, $setwantsurltome = true, $preventredirect = false) {
2818 global $CFG, $SESSION, $USER, $PAGE, $SITE, $DB, $OUTPUT;
2820 // Must not redirect when byteserving already started.
2821 if (!empty($_SERVER['HTTP_RANGE'])) {
2822 $preventredirect = true;
2825 // Setup global $COURSE, themes, language and locale.
2826 if (!empty($courseorid)) {
2827 if (is_object($courseorid)) {
2828 $course = $courseorid;
2829 } else if ($courseorid == SITEID) {
2830 $course = clone($SITE);
2832 $course = $DB->get_record('course', array('id' => $courseorid), '*', MUST_EXIST);
2835 if ($cm->course != $course->id) {
2836 throw new coding_exception('course and cm parameters in require_login() call do not match!!');
2838 // Make sure we have a $cm from get_fast_modinfo as this contains activity access details.
2839 if (!($cm instanceof cm_info)) {
2840 // Note: nearly all pages call get_fast_modinfo anyway and it does not make any
2841 // db queries so this is not really a performance concern, however it is obviously
2842 // better if you use get_fast_modinfo to get the cm before calling this.
2843 $modinfo = get_fast_modinfo($course);
2844 $cm = $modinfo->get_cm($cm->id);
2846 $PAGE->set_cm($cm, $course); // Set's up global $COURSE.
2847 $PAGE->set_pagelayout('incourse');
2849 $PAGE->set_course($course); // Set's up global $COURSE.
2852 // Do not touch global $COURSE via $PAGE->set_course(),
2853 // the reasons is we need to be able to call require_login() at any time!!
2856 throw new coding_exception('cm parameter in require_login() requires valid course parameter!');
2860 // If this is an AJAX request and $setwantsurltome is true then we need to override it and set it to false.
2861 // Otherwise the AJAX request URL will be set to $SESSION->wantsurl and events such as self enrolment in the future
2862 // risk leading the user back to the AJAX request URL.
2863 if ($setwantsurltome && defined('AJAX_SCRIPT') && AJAX_SCRIPT) {
2864 $setwantsurltome = false;
2867 // Redirect to the login page if session has expired, only with dbsessions enabled (MDL-35029) to maintain current behaviour.
2868 if ((!isloggedin() or isguestuser()) && !empty($SESSION->has_timed_out) && !$preventredirect && !empty($CFG->dbsessions)) {
2869 if ($setwantsurltome) {
2870 $SESSION->wantsurl = qualified_me();
2872 redirect(get_login_url());
2875 // If the user is not even logged in yet then make sure they are.
2876 if (!isloggedin()) {
2877 if ($autologinguest and !empty($CFG->guestloginbutton) and !empty($CFG->autologinguests)) {
2878 if (!$guest = get_complete_user_data('id', $CFG->siteguest)) {
2879 // Misconfigured site guest, just redirect to login page.
2880 redirect(get_login_url());
2881 exit; // Never reached.
2883 $lang = isset($SESSION->lang) ? $SESSION->lang : $CFG->lang;
2884 complete_user_login($guest);
2885 $USER->autologinguest = true;
2886 $SESSION->lang = $lang;
2888 // NOTE: $USER->site check was obsoleted by session test cookie, $USER->confirmed test is in login/index.php.
2889 if ($preventredirect) {
2890 throw new require_login_exception('You are not logged in');
2893 if ($setwantsurltome) {
2894 $SESSION->wantsurl = qualified_me();
2896 if (!empty($_SERVER['HTTP_REFERER'])) {
2897 $SESSION->fromurl = $_SERVER['HTTP_REFERER'];
2899 redirect(get_login_url());
2900 exit; // Never reached.
2904 // Loginas as redirection if needed.
2905 if ($course->id != SITEID and \core\session\manager::is_loggedinas()) {
2906 if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
2907 if ($USER->loginascontext->instanceid != $course->id) {
2908 print_error('loginasonecourse', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
2913 // Check whether the user should be changing password (but only if it is REALLY them).
2914 if (get_user_preferences('auth_forcepasswordchange') && !\core\session\manager::is_loggedinas()) {
2915 $userauth = get_auth_plugin($USER->auth);
2916 if ($userauth->can_change_password() and !$preventredirect) {
2917 if ($setwantsurltome) {
2918 $SESSION->wantsurl = qualified_me();
2920 if ($changeurl = $userauth->change_password_url()) {
2921 // Use plugin custom url.
2922 redirect($changeurl);
2924 // Use moodle internal method.
2925 if (empty($CFG->loginhttps)) {
2926 redirect($CFG->wwwroot .'/login/change_password.php');
2928 $wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
2929 redirect($wwwroot .'/login/change_password.php');
2933 print_error('nopasswordchangeforced', 'auth');
2937 // Check that the user account is properly set up.
2938 if (user_not_fully_set_up($USER)) {
2939 if ($preventredirect) {
2940 throw new require_login_exception('User not fully set-up');
2942 if ($setwantsurltome) {
2943 $SESSION->wantsurl = qualified_me();
2945 redirect($CFG->wwwroot .'/user/edit.php?id='. $USER->id .'&course='. SITEID);
2948 // Make sure the USER has a sesskey set up. Used for CSRF protection.
2951 // Do not bother admins with any formalities.
2952 if (is_siteadmin()) {
2953 // Set accesstime or the user will appear offline which messes up messaging.
2954 user_accesstime_log($course->id);
2958 // Check that the user has agreed to a site policy if there is one - do not test in case of admins.
2959 if (!$USER->policyagreed and !is_siteadmin()) {
2960 if (!empty($CFG->sitepolicy) and !isguestuser()) {
2961 if ($preventredirect) {
2962 throw new require_login_exception('Policy not agreed');
2964 if ($setwantsurltome) {
2965 $SESSION->wantsurl = qualified_me();
2967 redirect($CFG->wwwroot .'/user/policy.php');
2968 } else if (!empty($CFG->sitepolicyguest) and isguestuser()) {
2969 if ($preventredirect) {
2970 throw new require_login_exception('Policy not agreed');
2972 if ($setwantsurltome) {
2973 $SESSION->wantsurl = qualified_me();
2975 redirect($CFG->wwwroot .'/user/policy.php');
2979 // Fetch the system context, the course context, and prefetch its child contexts.
2980 $sysctx = context_system::instance();
2981 $coursecontext = context_course::instance($course->id, MUST_EXIST);
2983 $cmcontext = context_module::instance($cm->id, MUST_EXIST);
2988 // If the site is currently under maintenance, then print a message.
2989 if (!empty($CFG->maintenance_enabled) and !has_capability('moodle/site:config', $sysctx)) {
2990 if ($preventredirect) {
2991 throw new require_login_exception('Maintenance in progress');
2994 print_maintenance_message();
2997 // Make sure the course itself is not hidden.
2998 if ($course->id == SITEID) {
2999 // Frontpage can not be hidden.
3001 if (is_role_switched($course->id)) {
3002 // When switching roles ignore the hidden flag - user had to be in course to do the switch.
3004 if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $coursecontext)) {
3005 // Originally there was also test of parent category visibility, BUT is was very slow in complex queries
3006 // involving "my courses" now it is also possible to simply hide all courses user is not enrolled in :-).
3007 if ($preventredirect) {
3008 throw new require_login_exception('Course is hidden');
3010 // We need to override the navigation URL as the course won't have been added to the navigation and thus
3011 // the navigation will mess up when trying to find it.
3012 navigation_node::override_active_url(new moodle_url('/'));
3013 notice(get_string('coursehidden'), $CFG->wwwroot .'/');
3018 // Is the user enrolled?
3019 if ($course->id == SITEID) {
3020 // Everybody is enrolled on the frontpage.
3022 if (\core\session\manager::is_loggedinas()) {
3023 // Make sure the REAL person can access this course first.
3024 $realuser = \core\session\manager::get_realuser();
3025 if (!is_enrolled($coursecontext, $realuser->id, '', true) and
3026 !is_viewing($coursecontext, $realuser->id) and !is_siteadmin($realuser->id)) {
3027 if ($preventredirect) {
3028 throw new require_login_exception('Invalid course login-as access');
3030 echo $OUTPUT->header();
3031 notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
3037 if (is_role_switched($course->id)) {
3038 // Ok, user had to be inside this course before the switch.
3041 } else if (is_viewing($coursecontext, $USER)) {
3042 // Ok, no need to mess with enrol.
3046 if (isset($USER->enrol['enrolled'][$course->id])) {
3047 if ($USER->enrol['enrolled'][$course->id] > time()) {
3049 if (isset($USER->enrol['tempguest'][$course->id])) {
3050 unset($USER->enrol['tempguest'][$course->id]);
3051 remove_temp_course_roles($coursecontext);
3055 unset($USER->enrol['enrolled'][$course->id]);
3058 if (isset($USER->enrol['tempguest'][$course->id])) {
3059 if ($USER->enrol['tempguest'][$course->id] == 0) {
3061 } else if ($USER->enrol['tempguest'][$course->id] > time()) {
3065 unset($USER->enrol['tempguest'][$course->id]);
3066 remove_temp_course_roles($coursecontext);
3072 $until = enrol_get_enrolment_end($coursecontext->instanceid, $USER->id);
3073 if ($until !== false) {
3074 // Active participants may always access, a timestamp in the future, 0 (always) or false.
3076 $until = ENROL_MAX_TIMESTAMP;
3078 $USER->enrol['enrolled'][$course->id] = $until;
3082 $params = array('courseid' => $course->id, 'status' => ENROL_INSTANCE_ENABLED);
3083 $instances = $DB->get_records('enrol', $params, 'sortorder, id ASC');
3084 $enrols = enrol_get_plugins(true);
3085 // First ask all enabled enrol instances in course if they want to auto enrol user.
3086 foreach ($instances as $instance) {
3087 if (!isset($enrols[$instance->enrol])) {
3090 // Get a duration for the enrolment, a timestamp in the future, 0 (always) or false.
3091 $until = $enrols[$instance->enrol]->try_autoenrol($instance);
3092 if ($until !== false) {
3094 $until = ENROL_MAX_TIMESTAMP;
3096 $USER->enrol['enrolled'][$course->id] = $until;
3101 // If not enrolled yet try to gain temporary guest access.
3103 foreach ($instances as $instance) {
3104 if (!isset($enrols[$instance->enrol])) {
3107 // Get a duration for the guest access, a timestamp in the future or false.
3108 $until = $enrols[$instance->enrol]->try_guestaccess($instance);
3109 if ($until !== false and $until > time()) {
3110 $USER->enrol['tempguest'][$course->id] = $until;
3121 if ($preventredirect) {
3122 throw new require_login_exception('Not enrolled');
3124 if ($setwantsurltome) {
3125 $SESSION->wantsurl = qualified_me();
3127 redirect($CFG->wwwroot .'/enrol/index.php?id='. $course->id);
3131 // Check visibility of activity to current user; includes visible flag, groupmembersonly, conditional availability, etc.
3132 if ($cm && !$cm->uservisible) {
3133 if ($preventredirect) {
3134 throw new require_login_exception('Activity is hidden');
3136 if ($course->id != SITEID) {
3137 $url = new moodle_url('/course/view.php', array('id' => $course->id));
3139 $url = new moodle_url('/');
3141 redirect($url, get_string('activityiscurrentlyhidden'));
3144 // Finally access granted, update lastaccess times.
3145 user_accesstime_log($course->id);
3150 * This function just makes sure a user is logged out.
3152 * @package core_access
3155 function require_logout() {
3158 if (!isloggedin()) {
3159 // This should not happen often, no need for hooks or events here.
3160 \core\session\manager::terminate_current();
3164 // Execute hooks before action.
3165 $authplugins = array();
3166 $authsequence = get_enabled_auth_plugins();
3167 foreach ($authsequence as $authname) {
3168 $authplugins[$authname] = get_auth_plugin($authname);
3169 $authplugins[$authname]->prelogout_hook();
3172 // Store info that gets removed during logout.
3173 $sid = session_id();
3174 $event = \core\event\user_loggedout::create(
3176 'userid' => $USER->id,
3177 'objectid' => $USER->id,
3178 'other' => array('sessionid' => $sid),
3181 if ($session = $DB->get_record('sessions', array('sid'=>$sid))) {
3182 $event->add_record_snapshot('sessions', $session);
3185 // Clone of $USER object to be used by auth plugins.
3186 $user = fullclone($USER);
3188 // Delete session record and drop $_SESSION content.
3189 \core\session\manager::terminate_current();
3191 // Trigger event AFTER action.
3194 // Hook to execute auth plugins redirection after event trigger.
3195 foreach ($authplugins as $authplugin) {
3196 $authplugin->postlogout_hook($user);
3201 * Weaker version of require_login()
3203 * This is a weaker version of {@link require_login()} which only requires login
3204 * when called from within a course rather than the site page, unless
3205 * the forcelogin option is turned on.
3206 * @see require_login()
3208 * @package core_access
3211 * @param mixed $courseorid The course object or id in question
3212 * @param bool $autologinguest Allow autologin guests if that is wanted
3213 * @param object $cm Course activity module if known
3214 * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
3215 * true. Used to avoid (=false) some scripts (file.php...) to set that variable,
3216 * in order to keep redirects working properly. MDL-14495
3217 * @param bool $preventredirect set to true in scripts that can not redirect (CLI, rss feeds, etc.), throws exceptions
3219 * @throws coding_exception
3221 function require_course_login($courseorid, $autologinguest = true, $cm = null, $setwantsurltome = true, $preventredirect = false) {
3222 global $CFG, $PAGE, $SITE;
3223 $issite = ((is_object($courseorid) and $courseorid->id == SITEID)
3224 or (!is_object($courseorid) and $courseorid == SITEID));
3225 if ($issite && !empty($cm) && !($cm instanceof cm_info)) {
3226 // Note: nearly all pages call get_fast_modinfo anyway and it does not make any
3227 // db queries so this is not really a performance concern, however it is obviously
3228 // better if you use get_fast_modinfo to get the cm before calling this.
3229 if (is_object($courseorid)) {
3230 $course = $courseorid;
3232 $course = clone($SITE);
3234 $modinfo = get_fast_modinfo($course);
3235 $cm = $modinfo->get_cm($cm->id);
3237 if (!empty($CFG->forcelogin)) {
3238 // Login required for both SITE and courses.
3239 require_login($courseorid, $autologinguest, $cm, $setwantsurltome, $preventredirect);
3241 } else if ($issite && !empty($cm) and !$cm->uservisible) {
3242 // Always login for hidden activities.
3243 require_login($courseorid, $autologinguest, $cm, $setwantsurltome, $preventredirect);
3245 } else if ($issite) {
3246 // Login for SITE not required.
3247 if ($cm and empty($cm->visible)) {
3248 // Hidden activities are not accessible without login.
3249 require_login($courseorid, $autologinguest, $cm, $setwantsurltome, $preventredirect);
3250 } else if ($cm and !empty($CFG->enablegroupmembersonly) and $cm->groupmembersonly) {
3251 // Not-logged-in users do not have any group membership.
3252 require_login($courseorid, $autologinguest, $cm, $setwantsurltome, $preventredirect);
3254 // We still need to instatiate PAGE vars properly so that things that rely on it like navigation function correctly.
3255 if (!empty($courseorid)) {
3256 if (is_object($courseorid)) {
3257 $course = $courseorid;
3259 $course = clone($SITE);
3262 if ($cm->course != $course->id) {
3263 throw new coding_exception('course and cm parameters in require_course_login() call do not match!!');
3265 $PAGE->set_cm($cm, $course);
3266 $PAGE->set_pagelayout('incourse');
3268 $PAGE->set_course($course);
3271 // If $PAGE->course, and hence $PAGE->context, have not already been set up properly, set them up now.
3272 $PAGE->set_course($PAGE->course);
3274 // TODO: verify conditional activities here.
3275 user_accesstime_log(SITEID);
3280 // Course login always required.
3281 require_login($courseorid, $autologinguest, $cm, $setwantsurltome, $preventredirect);
3286 * Require key login. Function terminates with error if key not found or incorrect.
3288 * @uses NO_MOODLE_COOKIES
3289 * @uses PARAM_ALPHANUM
3290 * @param string $script unique script identifier
3291 * @param int $instance optional instance id
3292 * @return int Instance ID
3294 function require_user_key_login($script, $instance=null) {
3297 if (!NO_MOODLE_COOKIES) {
3298 print_error('sessioncookiesdisable');
3302 \core\session\manager::write_close();
3304 $keyvalue = required_param('key', PARAM_ALPHANUM);
3306 if (!$key = $DB->get_record('user_private_key', array('script' => $script, 'value' => $keyvalue, 'instance' => $instance))) {
3307 print_error('invalidkey');
3310 if (!empty($key->validuntil) and $key->validuntil < time()) {
3311 print_error('expiredkey');
3314 if ($key->iprestriction) {
3315 $remoteaddr = getremoteaddr(null);
3316 if (empty($remoteaddr) or !address_in_subnet($remoteaddr, $key->iprestriction)) {
3317 print_error('ipmismatch');
3321 if (!$user = $DB->get_record('user', array('id' => $key->userid))) {
3322 print_error('invaliduserid');
3325 // Emulate normal session.
3326 enrol_check_plugins($user);
3327 \core\session\manager::set_user($user);
3329 // Note we are not using normal login.
3330 if (!defined('USER_KEY_LOGIN')) {
3331 define('USER_KEY_LOGIN', true);
3334 // Return instance id - it might be empty.
3335 return $key->instance;
3339 * Creates a new private user access key.
3341 * @param string $script unique target identifier
3342 * @param int $userid
3343 * @param int $instance optional instance id
3344 * @param string $iprestriction optional ip restricted access
3345 * @param timestamp $validuntil key valid only until given data
3346 * @return string access key value
3348 function create_user_key($script, $userid, $instance=null, $iprestriction=null, $validuntil=null) {
3351 $key = new stdClass();
3352 $key->script = $script;
3353 $key->userid = $userid;
3354 $key->instance = $instance;
3355 $key->iprestriction = $iprestriction;
3356 $key->validuntil = $validuntil;
3357 $key->timecreated = time();
3359 // Something long and unique.
3360 $key->value = md5($userid.'_'.time().random_string(40));
3361 while ($DB->record_exists('user_private_key', array('value' => $key->value))) {
3363 $key->value = md5($userid.'_'.time().random_string(40));
3365 $DB->insert_record('user_private_key', $key);
3370 * Delete the user's new private user access keys for a particular script.
3372 * @param string $script unique target identifier
3373 * @param int $userid
3376 function delete_user_key($script, $userid) {
3378 $DB->delete_records('user_private_key', array('script' => $script, 'userid' => $userid));
3382 * Gets a private user access key (and creates one if one doesn't exist).
3384 * @param string $script unique target identifier
3385 * @param int $userid
3386 * @param int $instance optional instance id
3387 * @param string $iprestriction optional ip restricted access
3388 * @param timestamp $validuntil key valid only until given data
3389 * @return string access key value
3391 function get_user_key($script, $userid, $instance=null, $iprestriction=null, $validuntil=null) {
3394 if ($key = $DB->get_record('user_private_key', array('script' => $script, 'userid' => $userid,
3395 'instance' => $instance, 'iprestriction' => $iprestriction,
3396 'validuntil' => $validuntil))) {
3399 return create_user_key($script, $userid, $instance, $iprestriction, $validuntil);
3405 * Modify the user table by setting the currently logged in user's last login to now.
3407 * @return bool Always returns true
3409 function update_user_login_times() {
3412 if (isguestuser()) {
3413 // Do not update guest access times/ips for performance.
3419 $user = new stdClass();
3420 $user->id = $USER->id;
3422 // Make sure all users that logged in have some firstaccess.
3423 if ($USER->firstaccess == 0) {
3424 $USER->firstaccess = $user->firstaccess = $now;
3427 // Store the previous current as lastlogin.
3428 $USER->lastlogin = $user->lastlogin = $USER->currentlogin;
3430 $USER->currentlogin = $user->currentlogin = $now;
3432 // Function user_accesstime_log() may not update immediately, better do it here.
3433 $USER->lastaccess = $user->lastaccess = $now;
3434 $USER->lastip = $user->lastip = getremoteaddr();
3436 // Note: do not call user_update_user() here because this is part of the login process,
3437 // the login event means that these fields were updated.
3438 $DB->update_record('user', $user);
3443 * Determines if a user has completed setting up their account.
3445 * @param stdClass $user A {@link $USER} object to test for the existence of a valid name and email
3448 function user_not_fully_set_up($user) {
3449 if (isguestuser($user)) {
3452 return (empty($user->firstname) or empty($user->lastname) or empty($user->email) or over_bounce_threshold($user));
3456 * Check whether the user has exceeded the bounce threshold
3458 * @param stdClass $user A {@link $USER} object
3459 * @return bool true => User has exceeded bounce threshold
3461 function over_bounce_threshold($user) {
3464 if (empty($CFG->handlebounces)) {
3468 if (empty($user->id)) {
3469 // No real (DB) user, nothing to do here.
3473 // Set sensible defaults.
3474 if (empty($CFG->minbounces)) {
3475 $CFG->minbounces = 10;
3477 if (empty($CFG->bounceratio)) {
3478 $CFG->bounceratio = .20;
3482 if ($bounce = $DB->get_record('user_preferences', array ('userid' => $user->id, 'name' => 'email_bounce_count'))) {
3483 $bouncecount = $bounce->value;
3485 if ($send = $DB->get_record('user_preferences', array('userid' => $user->id, 'name' => 'email_send_count'))) {
3486 $sendcount = $send->value;
3488 return ($bouncecount >= $CFG->minbounces && $bouncecount/$sendcount >= $CFG->bounceratio);
3492 * Used to increment or reset email sent count
3494 * @param stdClass $user object containing an id
3495 * @param bool $reset will reset the count to 0
3498 function set_send_count($user, $reset=false) {
3501 if (empty($user->id)) {
3502 // No real (DB) user, nothing to do here.
3506 if ($pref = $DB->get_record('user_preferences', array('userid' => $user->id, 'name' => 'email_send_count'))) {
3507 $pref->value = (!empty($reset)) ? 0 : $pref->value+1;
3508 $DB->update_record('user_preferences', $pref);
3509 } else if (!empty($reset)) {
3510 // If it's not there and we're resetting, don't bother. Make a new one.
3511 $pref = new stdClass();
3512 $pref->name = 'email_send_count';
3514 $pref->userid = $user->id;
3515 $DB->insert_record('user_preferences', $pref, false);
3520 * Increment or reset user's email bounce count
3522 * @param stdClass $user object containing an id
3523 * @param bool $reset will reset the count to 0
3525 function set_bounce_count($user, $reset=false) {
3528 if ($pref = $DB->get_record('user_preferences', array('userid' => $user->id, 'name' => 'email_bounce_count'))) {
3529 $pref->value = (!empty($reset)) ? 0 : $pref->value+1;
3530 $DB->update_record('user_preferences', $pref);
3531 } else if (!empty($reset)) {
3532 // If it's not there and we're resetting, don't bother. Make a new one.
3533 $pref = new stdClass();
3534 $pref->name = 'email_bounce_count';
3536 $pref->userid = $user->id;
3537 $DB->insert_record('user_preferences', $pref, false);
3542 * Determines if the logged in user is currently moving an activity
3544 * @param int $courseid The id of the course being tested
3547 function ismoving($courseid) {
3550 if (!empty($USER->activitycopy)) {
3551 return ($USER->activitycopycourse == $courseid);
3557 * Returns a persons full name
3559 * Given an object containing all of the users name values, this function returns a string with the full name of the person.
3560 * The result may depend on system settings or language. 'override' will force both names to be used even if system settings
3563 * @param stdClass $user A {@link $USER} object to get full name of.
3564 * @param bool $override If true then the name will be firstname followed by lastname rather than adhering to fullnamedisplay.
3567 function fullname($user, $override=false) {
3568 global $CFG, $SESSION;
3570 if (!isset($user->firstname) and !isset($user->lastname)) {
3574 // Get all of the name fields.
3575 $allnames = get_all_user_name_fields();
3576 if ($CFG->debugdeveloper) {
3577 foreach ($allnames as $allname) {
3578 if (!array_key_exists($allname, $user)) {
3579 // If all the user name fields are not set in the user object, then notify the programmer that it needs to be fixed.
3580 debugging('You need to update your sql to include additional name fields in the user object.', DEBUG_DEVELOPER);
3581 // Message has been sent, no point in sending the message multiple times.
3588 if (!empty($CFG->forcefirstname)) {
3589 $user->firstname = $CFG->forcefirstname;
3591 if (!empty($CFG->forcelastname)) {
3592 $user->lastname = $CFG->forcelastname;
3596 if (!empty($SESSION->fullnamedisplay)) {
3597 $CFG->fullnamedisplay = $SESSION->fullnamedisplay;
3601 // If the fullnamedisplay setting is available, set the template to that.
3602 if (isset($CFG->fullnamedisplay)) {
3603 $template = $CFG->fullnamedisplay;
3605 // If the template is empty, or set to language, or $override is set, return the language string.
3606 if (empty($template) || $template == 'language' || $override) {
3607 return get_string('fullnamedisplay', null, $user);
3610 $requirednames = array();
3611 // With each name, see if it is in the display name template, and add it to the required names array if it is.
3612 foreach ($allnames as $allname) {
3613 if (strpos($template, $allname) !== false) {
3614 $requirednames[] = $allname;
3618 $displayname = $template;
3619 // Switch in the actual data into the template.
3620 foreach ($requirednames as $altname) {
3621 if (isset($user->$altname)) {
3622 // Using empty() on the below if statement causes breakages.
3623 if ((string)$user->$altname == '') {
3624 $displayname = str_replace($altname, 'EMPTY', $displayname);
3626 $displayname = str_replace($altname, $user->$altname, $displayname);
3629 $displayname = str_replace($altname, 'EMPTY', $displayname);
3632 // Tidy up any misc. characters (Not perfect, but gets most characters).
3633 // Don't remove the "u" at the end of the first expression unless you want garbled characters when combining hiragana or
3634 // katakana and parenthesis.
3635 $patterns = array();
3636 // This regular expression replacement is to fix problems such as 'James () Kirk' Where 'Tiberius' (middlename) has not been
3637 // filled in by a user.
3638 // The special characters are Japanese brackets that are common enough to make allowances for them (not covered by :punct:).
3639 $patterns[] = '/[[:punct:]「」]*EMPTY[[:punct:]「」]*/u';
3640 // This regular expression is to remove any double spaces in the display name.
3641 $patterns[] = '/\s{2,}/u';
3642 foreach ($patterns as $pattern) {
3643 $displayname = preg_replace($pattern, ' ', $displayname);
3646 // Trimming $displayname will help the next check to ensure that we don't have a display name with spaces.
3647 $displayname = trim($displayname);
3648 if (empty($displayname)) {
3649 // Going with just the first name if no alternate fields are filled out. May be changed later depending on what
3650 // people in general feel is a good setting to fall back on.
3651 $displayname = $user->firstname;
