Fixes to prevent teachers using loginas to enter other courses as that student
authormoodler <moodler>
Tue, 5 Nov 2002 16:38:02 +0000 (16:38 +0000)
committermoodler <moodler>
Tue, 5 Nov 2002 16:38:02 +0000 (16:38 +0000)
lang/en/moodle.php
lib/moodlelib.php

index 4556197..a8aa1c9 100644 (file)
@@ -433,6 +433,7 @@ $string['startdate'] = "Course start date";
 $string['startsignup'] = "Start now by creating a new account!";
 $string['status'] = "Status";
 $string['stringsnotset'] = "The following strings are not defined in \$a";
+$string['studentnotallowed'] = "Sorry, but you can not enter this course as '\$a'";
 $string['success'] = "Success";
 $string['summary'] = "Summary";
 $string['summaryof'] = "Summary of \$a";
index 1003888..e1cf81e 100644 (file)
@@ -1138,7 +1138,13 @@ function require_login($courseid=0) {
     // Next, check if the user can be in a particular course
     if ($courseid) {
         if ($USER->student[$courseid] || $USER->teacher[$courseid] || $USER->admin) {
-            if (!isset($USER->realuser)) {  // Don't update if this isn't a realuser
+            if (isset($USER->realuser)) {   // Make sure the REAL person can also access this course
+                if (!isteacher($courseid, $USER->realuser)) {
+                    print_header();
+                    notice(get_string("studentnotallowed", "", "$USER->firstname $USER->lastname"));
+                }
+
+            } else {  // just update their last login time
                 update_user_in_db();
             }
             if (!$USER->email) {            // User logged in, but has not set up profile!