MDL-33791 Portfolio: Fixed security issue with passing file paths.
[moodle.git] / mod / chat / report.php
1 <?php
3 /// This page prints reports and info about chats
5     require_once('../../config.php');
6     require_once('lib.php');
8     $id            = required_param('id', PARAM_INT);
9     $start         = optional_param('start', 0, PARAM_INT);   // Start of period
10     $end           = optional_param('end', 0, PARAM_INT);     // End of period
11     $deletesession = optional_param('deletesession', 0, PARAM_BOOL);
12     $confirmdelete = optional_param('confirmdelete', 0, PARAM_BOOL);
13     $show_all      = optional_param('show_all', 0, PARAM_BOOL);
15     $url = new moodle_url('/mod/chat/report.php', array('id'=>$id));
16     if ($start !== 0) {
17         $url->param('start', $start);
18     }
19     if ($end !== 0) {
20         $url->param('end', $end);
21     }
22     if ($deletesession !== 0) {
23         $url->param('deletesession', $deletesession);
24     }
25     if ($confirmdelete !== 0) {
26         $url->param('confirmdelete', $confirmdelete);
27     }
28     $PAGE->set_url($url);
30     if (! $cm = get_coursemodule_from_id('chat', $id)) {
31         print_error('invalidcoursemodule');
32     }
33     if (! $chat = $DB->get_record('chat', array('id'=>$cm->instance))) {
34         print_error('invalidcoursemodule');
35     }
36     if (! $course = $DB->get_record('course', array('id'=>$chat->course))) {
37         print_error('coursemisconf');
38     }
40     $context = context_module::instance($cm->id);
41     $PAGE->set_context($context);
42     $PAGE->set_heading($course->fullname);
44     require_login($course, false, $cm);
46     if (empty($chat->studentlogs) && !has_capability('mod/chat:readlog', $context)) {
47         notice(get_string('nopermissiontoseethechatlog', 'chat'));
48     }
50     add_to_log($course->id, 'chat', 'report', "report.php?id=$cm->id", $chat->id, $cm->id);
52     $strchats         = get_string('modulenameplural', 'chat');
53     $strchat          = get_string('modulename', 'chat');
54     $strchatreport    = get_string('chatreport', 'chat');
55     $strseesession    = get_string('seesession', 'chat');
56     $strdeletesession = get_string('deletesession', 'chat');
58     $navlinks = array();
60     $canexportsess = has_capability('mod/chat:exportsession', $context);
62 /// Print a session if one has been specified
64     if ($start and $end and !$confirmdelete) {   // Show a full transcript
65         $PAGE->navbar->add($strchatreport);
66         $PAGE->set_title(format_string($chat->name).": $strchatreport");
67         echo $OUTPUT->header();
69     /// Check to see if groups are being used here
70         $groupmode = groups_get_activity_groupmode($cm);
71         $currentgroup = groups_get_activity_group($cm, true);
72         groups_print_activity_menu($cm, $CFG->wwwroot . "/mod/chat/report.php?id=$cm->id");
74         $params = array('currentgroup'=>$currentgroup, 'chatid'=>$chat->id, 'start'=>$start, 'end'=>$end);
76         // If the user is allocated to a group, only show messages from people
77         // in the same group, or no group
78         if ($currentgroup) {
79             $groupselect = " AND (groupid = :currentgroup OR groupid = 0)";
80         } else {
81             $groupselect = "";
82         }
84         if ($deletesession and has_capability('mod/chat:deletelog', $context)) {
85             echo $OUTPUT->confirm(get_string('deletesessionsure', 'chat'),
86                          "report.php?id=$cm->id&deletesession=1&confirmdelete=1&start=$start&end=$end",
87                          "report.php?id=$cm->id");
88         }
90         if (!$messages = $DB->get_records_select('chat_messages', "chatid = :chatid AND timestamp >= :start AND timestamp <= :end $groupselect", $params, "timestamp ASC")) {
91             echo $OUTPUT->heading(get_string('nomessages', 'chat'));
93         } else {
94             echo '<p class="boxaligncenter">'.userdate($start).' --> '. userdate($end).'</p>';
96             echo $OUTPUT->box_start('center');
97             $participates = array();
98             foreach ($messages as $message) {  // We are walking FORWARDS through messages
99                 if (!isset($participates[$message->userid])) {
100                     $participates[$message->userid] = true;
101                 }
102                 $formatmessage = chat_format_message($message, $course->id, $USER);
103                 if (isset($formatmessage->html)) {
104                     echo $formatmessage->html;
105                 }
106             }
107             $participatedcap = array_key_exists($USER->id, $participates) && has_capability('mod/chat:exportparticipatedsession', $context);
108             if (!empty($CFG->enableportfolios) && ($canexportsess || $participatedcap)) {
109                 require_once($CFG->libdir . '/portfoliolib.php');
110                 $buttonoptions  = array(
111                     'id'    => $cm->id,
112                     'start' => $start,
113                     'end'   => $end,
114                 );
115                 $button = new portfolio_add_button();
116                 $button->set_callback_options('chat_portfolio_caller', $buttonoptions, 'mod_chat');
117                 $button->render();
118             }
119             echo $OUTPUT->box_end();
120         }
122         if (!$deletesession or !has_capability('mod/chat:deletelog', $context)) {
123             echo $OUTPUT->continue_button("report.php?id=$cm->id");
124         }
126         echo $OUTPUT->footer();
127         exit;
128     }
131 /// Print the Sessions display
132     $PAGE->navbar->add($strchatreport);
133     $PAGE->set_title(format_string($chat->name).": $strchatreport");
134     echo $OUTPUT->header();
136     echo $OUTPUT->heading(format_string($chat->name).': '.get_string('sessions', 'chat'));
139 /// Check to see if groups are being used here
140     if ($groupmode = groups_get_activity_groupmode($cm)) {   // Groups are being used
141         $currentgroup = groups_get_activity_group($cm, true);
142         groups_print_activity_menu($cm, $CFG->wwwroot . "/mod/chat/report.php?id=$cm->id");
143     } else {
144         $currentgroup = false;
145     }
147     $params = array('currentgroup'=>$currentgroup, 'chatid'=>$chat->id, 'start'=>$start, 'end'=>$end);
149     // If the user is allocated to a group, only show discussions with people in
150     // the same group, or no group
151     if (!empty($currentgroup)) {
152         $groupselect = " AND (groupid = :currentgroup OR groupid = 0)";
153     } else {
154         $groupselect = "";
155     }
157 /// Delete a session if one has been specified
159     if ($deletesession and has_capability('mod/chat:deletelog', $context) and $confirmdelete and $start and $end and confirm_sesskey()) {
160         $DB->delete_records_select('chat_messages', "chatid = :chatid AND timestamp >= :start AND
161                                                      timestamp <= :end $groupselect", $params);
162         $strdeleted  = get_string('deleted');
163         echo $OUTPUT->notification("$strdeleted: ".userdate($start).' --> '. userdate($end));
164         unset($deletesession);
165     }
168 /// Get the messages
169     if (empty($messages)) {   /// May have already got them above
170         if (!$messages = $DB->get_records_select('chat_messages', "chatid = :chatid $groupselect", $params, "timestamp DESC")) {
171             echo $OUTPUT->heading(get_string('nomessages', 'chat'));
172             echo $OUTPUT->footer();
173             exit;
174         }
175     }
177     if ($show_all) {
178         echo $OUTPUT->heading(get_string('listing_all_sessions', 'chat') .
179                       '&nbsp;<a href="report.php?id='.$cm->id.'&amp;show_all=0">' .
180                       get_string('list_complete_sessions', 'chat') .  '</a>');
181     }
183 /// Show all the sessions
185     $sessiongap        = 5 * 60;    // 5 minutes silence means a new session
186     $sessionend        = 0;
187     $sessionstart      = 0;
188     $sessionusers      = array();
189     $lasttime          = 0;
190     $complete_sessions = 0;
192     $messagesleft = count($messages);
194     foreach ($messages as $message) {  // We are walking BACKWARDS through the messages
196         $messagesleft --;              // Countdown
198         if (!$lasttime) {
199             $lasttime = $message->timestamp;
200         }
201         if (!$sessionend) {
202             $sessionend = $message->timestamp;
203         }
204         if ((($lasttime - $message->timestamp) < $sessiongap) and $messagesleft) {  // Same session
205             if ($message->userid and !$message->system) {       // Remember user and count messages
206                 if (empty($sessionusers[$message->userid])) {
207                     $sessionusers[$message->userid] = 1;
208                 } else {
209                     $sessionusers[$message->userid] ++;
210                 }
211             }
212         } else {
213             $sessionstart = $lasttime;
215             $is_complete = ($sessionend - $sessionstart > 60 and count($sessionusers) > 1);
216             if ($show_all or $is_complete) {
218                 echo '<p align="center">'.userdate($sessionstart).' --> '. userdate($sessionend).'</p>';
220                 echo $OUTPUT->box_start();
222                 arsort($sessionusers);
223                 foreach ($sessionusers as $sessionuser => $usermessagecount) {
224                     if ($user = $DB->get_record('user', array('id'=>$sessionuser))) {
225                         $OUTPUT->user_picture($user, array('courseid'=>$course->id));
226                         echo '&nbsp;'.fullname($user, true); // XXX TODO  use capability instead of true
227                         echo "&nbsp;($usermessagecount)<br />";
228                     }
229                 }
231                 echo '<p align="right">';
232                 echo "<a href=\"report.php?id=$cm->id&amp;start=$sessionstart&amp;end=$sessionend\">$strseesession</a>";
233                 $participatedcap = (array_key_exists($USER->id, $sessionusers) && has_capability('mod/chat:exportparticipatedsession', $context));
234                 if (!empty($CFG->enableportfolios) && ($canexportsess || $participatedcap)) {
235                     require_once($CFG->libdir . '/portfoliolib.php');
236                     $buttonoptions  = array(
237                         'id'    => $cm->id,
238                         'start' => $sessionstart,
239                         'end'   => $sessionend,
240                     );
241                     $button = new portfolio_add_button();
242                     $button->set_callback_options('chat_portfolio_caller', $buttonoptions, 'mod_chat');
243                     $portfoliobutton = $button->to_html(PORTFOLIO_ADD_TEXT_LINK);
244                     if (!empty($portfoliobutton)) {
245                         echo '<br />' . $portfoliobutton;
246                     }
247                 }
248                 if (has_capability('mod/chat:deletelog', $context)) {
249                     echo "<br /><a href=\"report.php?id=$cm->id&amp;start=$sessionstart&amp;end=$sessionend&amp;deletesession=1\">$strdeletesession</a>";
250                 }
251                 echo '</p>';
252                 echo $OUTPUT->box_end();
253             }
254             if ($is_complete) {
255                 $complete_sessions++;
256             }
258             $sessionend = $message->timestamp;
259             $sessionusers = array();
260             $sessionusers[$message->userid] = 1;
261         }
262         $lasttime = $message->timestamp;
263     }
265     if (!empty($CFG->enableportfolios) && $canexportsess) {
266         require_once($CFG->libdir . '/portfoliolib.php');
267         $button = new portfolio_add_button();
268         $button->set_callback_options('chat_portfolio_caller', array('id' => $cm->id), 'mod_chat');
269         $button->render(null, get_string('addalltoportfolio', 'portfolio'));
270     }
273     if (!$show_all and $complete_sessions == 0) {
274         echo $OUTPUT->heading(get_string('no_complete_sessions_found', 'chat') .
275                       '&nbsp;<a href="report.php?id='.$cm->id.'&amp;show_all=1">' .
276                       get_string('list_all_sessions', 'chat') .
277                       '</a>');
278     }
280 /// Finish the page
281     echo $OUTPUT->footer();