moodle/mod/quiz/quizfile.php

<?PHP // $Id$
      // This function fetches files from the data directory
      // Syntax:   quizfile.php/quiz id/question id/dir/.../dir/filename.ext
      // It is supposed to be used by the quiz module only
      // I believe this is obsolete, everything should be using moodle/file.php GWD

    require_once('../../config.php');
    require_once($CFG->libdir.'/filelib.php');
    require_once('locallib.php');

    if (empty($CFG->filelifetime)) {
        $lifetime = 86400;     // Seconds for files to remain in caches
    } else {
        $lifetime = $CFG->filelifetime;
    }
    
    $relativepath = get_file_argument('quizfile.php');
    
    if (!$relativepath) {
        error('No valid arguments supplied or incorrect server configuration');
    }
    
    // extract relative path components
    $args = explode('/', trim($relativepath, '/'));
    if (count($args) < 3) { // always at least category, question and path
        error('No valid arguments supplied');
    }
    
    $quizid       = (int)array_shift($args);
    $questionid   = (int)array_shift($args);
    $relativepath = implode ('/', $args);

    if (!($question = get_record('question', 'id', $questionid))) {
        error('No valid arguments supplied');
    }

    if (!($questioncategory = get_record('question_categories', 'id', $question->category))) {
        error('No valid arguments supplied');
    }

    /////////////////////////////////////
    // Check access
    /////////////////////////////////////
    if ($quizid == 0) { // teacher doing preview during quiz creation
        if ($questioncategory->publish) {
            require_login();
            if (!isteacherinanycourse()) {
              error('No valid arguments supplied');
            }
        } else {
            require_login($questioncategory->course);
            if (!isteacher($questioncategory->course)) {
                error('Access not allowed');
            }
        }        
    } else {
        if (!($quiz = get_record('quiz', 'id', $quizid))) {
            error('No valid arguments supplied');
        }
        if (!($course = get_record('course', 'id', $quiz->course))) {
            error('No valid arguments supplied');
        }
        require_login($course->id);
        
        // For now, let's not worry about this.  The following check causes 
        // problems sometimes when reviewing a quiz
        //if (!isteacher($course->id)
        //    and !quiz_get_user_attempt_unfinished($quiz->id, $USER->id)
        //    and ! ($quiz->review  &&  time() > $quiz->timeclose)
        //        || !quiz_get_user_attempts($quiz->id, $USER->id) )
        //{
        //    error("Logged-in user is not allowed to view this quiz");
        //}
    
        ///////////////////////////////////////////////////
        // The logged-in user has the right to view material on this quiz!
        // Now verify the consistency between $quiz, $question, its category and $relativepathname
        ///////////////////////////////////////////////////
    
        // For now, let's not worry about this.  The following check doesn't 
        // work for randomly selected questions and it gets complicated
        //if (!in_array($question->id, explode(',', $quiz->questions), FALSE)) {
        //    error("Specified question is not on the specified quiz");
        //}
    }

    // Have the question check whether it uses this file or not
    if (!$QTYPES[$question->qtype]->uses_quizfile($question,
                                                       $relativepath)) {
        error("The specified file path is not on the specified question");
    }


    ///////////////////////////////////////////
    // All security stuff is now taken care of.
    // Specified file can now be returned...
    //////////////////////////////////////////

    $pathname = "$CFG->dataroot/$questioncategory->course/$relativepath";
    $filename = $args[count($args)-1];


    if (file_exists($pathname)) {
        send_file($pathname, $filename, $lifetime);
    } else {
        header('HTTP/1.0 404 not found');
        error(get_string('filenotfound', 'error')); //this is not displayed on IIS??
    }
?>
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`<?PHP // $Id$`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`// This function fetches files from the data directory`
			`// Syntax: quizfile.php/quiz id/question id/dir/.../dir/filename.ext`
			`// It is supposed to be used by the quiz module only`
Towards removing reference to quiz module from the question code Renaming tables: quiz_questions -> question quiz_states -> question_states Renaming functions: quiz_delete_question -> delete_question quiz_get_question_options -> get_question_options quiz_get_states -> get_question_states quiz_restore_state -> restore_question_state quiz_save_question_session -> save_question_session quiz_state_is_graded -> question_state_is_graded quiz_extract_responses -> question_extract_responses quiz_regrade_question_in_attempt -> regrade_question_in_attempt quiz_process_responses -> question_process_responses quiz_isgradingevent -> question_isgradingevent($event) quiz_search_for_duplicate_responses -> question_search_for_duplicate_responses quiz_apply_penalty_and_timelimit -> question_apply_penalty_and_timelimit quiz_print_question_icon -> print_question_icon quiz_get_image -> get_question_image quiz_make_name_prefix -> question_make_name_prefix quiz_get_id_from_name_prefix -> question_get_id_from_name_prefix quiz_new_attempt_uniqueid -> question_new_attempt_uniqueid quiz_get_renderoptions -> question_get_renderoptions quiz_print_quiz_question -> print_question quiz_get_question_responses -> get_question_responses quiz_get_question_actual_response -> get_question_actual_response quiz_get_question_fraction_grade -> get_question_fraction_grade quiz_get_default_category -> get_default_question_category Renaming constants: QUIZ_EVENT.... -> QUESTION_EVENT.... QUIZ_MAX_NUMBER_ANSWERS -> QUESTION_NUMANS 2006-02-28 09:26:00 +00:00			`// I believe this is obsolete, everything should be using moodle/file.php GWD`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`require_once('../../config.php');`
Removed files/mimetype.php and put it into lib/filelib.php instead where it always should have been. 2005-03-07 11:32:03 +00:00			`require_once($CFG->libdir.'/filelib.php');`
split quiz lib.php into a locallib.php for functions that are only used from within the quiz module and a much smaller lib.php for functions that are used from elsewhere in Moodle. 2005-01-08 20:06:00 +00:00			`require_once('locallib.php');`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`if (empty($CFG->filelifetime)) {`
			`$lifetime = 86400; // Seconds for files to remain in caches`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`} else {`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`$lifetime = $CFG->filelifetime;`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`}`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00
			`$relativepath = get_file_argument('quizfile.php');`

			`if (!$relativepath) {`
			`error('No valid arguments supplied or incorrect server configuration');`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`}`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00
			`// extract relative path components`
			`$args = explode('/', trim($relativepath, '/'));`
			`if (count($args) < 3) { // always at least category, question and path`
			`error('No valid arguments supplied');`
Merged fix SC22 from STABLE, even though this file will be rewritten with Petr's new file handling soon! :-) 2004-12-12 07:09:51 +00:00			`}`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00
			`$quizid = (int)array_shift($args);`
			`$questionid = (int)array_shift($args);`
			`$relativepath = implode ('/', $args);`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00
Towards removing reference to quiz module from the question code Renaming tables: quiz_questions -> question quiz_states -> question_states Renaming functions: quiz_delete_question -> delete_question quiz_get_question_options -> get_question_options quiz_get_states -> get_question_states quiz_restore_state -> restore_question_state quiz_save_question_session -> save_question_session quiz_state_is_graded -> question_state_is_graded quiz_extract_responses -> question_extract_responses quiz_regrade_question_in_attempt -> regrade_question_in_attempt quiz_process_responses -> question_process_responses quiz_isgradingevent -> question_isgradingevent($event) quiz_search_for_duplicate_responses -> question_search_for_duplicate_responses quiz_apply_penalty_and_timelimit -> question_apply_penalty_and_timelimit quiz_print_question_icon -> print_question_icon quiz_get_image -> get_question_image quiz_make_name_prefix -> question_make_name_prefix quiz_get_id_from_name_prefix -> question_get_id_from_name_prefix quiz_new_attempt_uniqueid -> question_new_attempt_uniqueid quiz_get_renderoptions -> question_get_renderoptions quiz_print_quiz_question -> print_question quiz_get_question_responses -> get_question_responses quiz_get_question_actual_response -> get_question_actual_response quiz_get_question_fraction_grade -> get_question_fraction_grade quiz_get_default_category -> get_default_question_category Renaming constants: QUIZ_EVENT.... -> QUESTION_EVENT.... QUIZ_MAX_NUMBER_ANSWERS -> QUESTION_NUMANS 2006-02-28 09:26:00 +00:00			`if (!($question = get_record('question', 'id', $questionid))) {`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`error('No valid arguments supplied');`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`}`
Removing some security checks that seem to cause trouble 2004-05-03 02:12:45 +00:00
Some little fixes and more renaming to cleanly separate question code from quiz code Renaming tables: quiz_answers -> question_answers quiz_categories -> question_categories Renaming functions: quiz_get_category_menu -> question_category_menu quiz_get_category_coursename -> question_category_coursename quiz_categorylist -> question_categorylist 2006-03-01 07:03:57 +00:00			`if (!($questioncategory = get_record('question_categories', 'id', $question->category))) {`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`error('No valid arguments supplied');`
			`}`
A small fix for showing pictures in randomly-selected questions 2003-12-17 13:35:49 +00:00
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`/////////////////////////////////////`
			`// Check access`
			`/////////////////////////////////////`
According to the final comments in SC#65: Made isteacher() require that the first parameter (course id) be specified and non-empty. If it is empty, [i.e., 0, which was used to simulate what has now become isteacherinanycourse()], then the return value IS correct but a warning is printed on screen. This should allow us to track down any such calls in legacy modules without breaking Moodle. The correct way to check for teacher status in ANY course is now to call isteacherinanycourse(). 2005-01-23 21:38:01 +00:00			`if ($quizid == 0) { // teacher doing preview during quiz creation`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`if ($questioncategory->publish) {`
			`require_login();`
According to the final comments in SC#65: Made isteacher() require that the first parameter (course id) be specified and non-empty. If it is empty, [i.e., 0, which was used to simulate what has now become isteacherinanycourse()], then the return value IS correct but a warning is printed on screen. This should allow us to track down any such calls in legacy modules without breaking Moodle. The correct way to check for teacher status in ANY course is now to call isteacherinanycourse(). 2005-01-23 21:38:01 +00:00			`if (!isteacherinanycourse()) {`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`error('No valid arguments supplied');`
			`}`
			`} else {`
			`require_login($questioncategory->course);`
			`if (!isteacher($questioncategory->course)) {`
			`error('Access not allowed');`
			`}`
			`}`
			`} else {`
			`if (!($quiz = get_record('quiz', 'id', $quizid))) {`
			`error('No valid arguments supplied');`
			`}`
			`if (!($course = get_record('course', 'id', $quiz->course))) {`
			`error('No valid arguments supplied');`
			`}`
			`require_login($course->id);`

			`// For now, let's not worry about this. The following check causes`
			`// problems sometimes when reviewing a quiz`
			`//if (!isteacher($course->id)`
			`// and !quiz_get_user_attempt_unfinished($quiz->id, $USER->id)`
			`// and ! ($quiz->review && time() > $quiz->timeclose)`
			`// \|\| !quiz_get_user_attempts($quiz->id, $USER->id) )`
			`//{`
			`// error("Logged-in user is not allowed to view this quiz");`
			`//}`

			`///////////////////////////////////////////////////`
			`// The logged-in user has the right to view material on this quiz!`
			`// Now verify the consistency between $quiz, $question, its category and $relativepathname`
			`///////////////////////////////////////////////////`

			`// For now, let's not worry about this. The following check doesn't`
			`// work for randomly selected questions and it gets complicated`
			`//if (!in_array($question->id, explode(',', $quiz->questions), FALSE)) {`
			`// error("Specified question is not on the specified quiz");`
			`//}`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`}`
Took care of some issues concerning the use of individual quiz files in datasetdependent questions 2004-08-04 23:35:18 +00:00
			`// Have the question check whether it uses this file or not`
Renamed QUIZ_QTYPES to QTYPES 2006-02-24 13:48:43 +00:00			`if (!$QTYPES[$question->qtype]->uses_quizfile($question,`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`$relativepath)) {`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`error("The specified file path is not on the specified question");`
			`}`


			`///////////////////////////////////////////`
			`// All security stuff is now taken care of.`
			`// Specified file can now be returned...`
			`//////////////////////////////////////////`

new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`$pathname = "$CFG->dataroot/$questioncategory->course/$relativepath";`
			`$filename = $args[count($args)-1];`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00

			`if (file_exists($pathname)) {`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`send_file($pathname, $filename, $lifetime);`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`} else {`
new handling of uploaded files, please TEST, TEST, TEST 2004-12-14 18:57:51 +00:00			`header('HTTP/1.0 404 not found');`
			`error(get_string('filenotfound', 'error')); //this is not displayed on IIS??`
The new quizfile.php makes it possible to view associated file material on quizes, such as images, even for questions belonging to a category on a different course. lib.php is updated accordingly... 2003-11-02 21:36:25 +00:00			`}`
			`?>`