New feature: Site Policy Agreements.

If the admin specifies a Policy Agreement (via URL in the config variables)
then each user is required to see and agree to that document once before
continuing.

To get everyone to see it again (on an update, say) one just needs to issue:

   UPDATE user SET policyagreed = 0

admin/config.html

@@ -478,6 +478,14 @@
     <?php print_string("configallowunenroll") ?>
     </td>
 </tr>
+<tr valign="top">
+    <td align="right">sitepolicy:</td>
+    <td><input type="text" name="sitepolicy" size="30" value="<?php echo $config->sitepolicy ?>" alt="sitepolicy" /></td>
+    </td>
+    <td>
+    <?php print_string("configsitepolicy") ?>
+    </td>
+</tr>
 <tr valign="top">
     <td align="right">maxbytes:</td>
     <td>

lang/en/moodle.php

@@ -214,6 +214,7 @@ $string['configsecureforms'] = 'Moodle can use an additional level of security w
 $string['configsessioncookie'] = 'This setting customises the name of the cookie used for Moodle sessions.  This is optional, and only useful to avoid cookies being confused when there is more than one copy of Moodle running within the same web site.';
 $string['configsessiontimeout'] = 'If people logged in to this site are idle for a long time (without loading pages) then they are automatically logged out (their session is ended).  This variable specifies how long this time should be.';
 $string['configshowsiteparticipantslist'] = 'All of these site students and site teachers will be listed on the site participants list. Who shall be allowed to see this site participants list?';
+$string['configsitepolicy'] = 'If you have a site policy that all users must see and agree to before using this site, then specify the URL to it here, otherwise leave this field blank.  The URL can point to anywhere - one convenient place would be a file in the site files.  eg http://yoursite/file.php/1/policy.html';
 $string['configslasharguments'] = 'Files (images, uploads etc) are provided via a script using \'slash arguments\' (the second option here). This method allows files to be more easily cached in web browsers, proxy servers etc.  Unfortunately, some PHP servers don\'t allow this method, so if you have trouble viewing uploaded files or images (eg user pictures), set this variable to the first option';
 $string['configsmtphosts'] = 'Give the full name of one or more local SMTP servers that Moodle should use to send mail (eg \'mail.a.com\' or \'mail.a.com;mail.b.com\'). If you leave it blank, Moodle will use the PHP default method of sending mail.';
 $string['configsmtpuser'] = 'If you have specified an SMTP server above, and the server requires authentication, then enter the username and password here.';
@@ -830,6 +831,9 @@ $string['people'] = 'People';
 $string['personalprofile'] = 'Personal profile';
 $string['phone'] = 'Phone';
 $string['phpinfo'] = 'PHP info';
+$string['policyagree'] = 'You must agree to this policy to continue using this site.';
+$string['policyagreement'] = 'Site Policy Agreement';
+$string['policyagreementclick'] = 'Click here to read the Site Policy Agreement';
 $string['popupwindow'] = 'Open file in new window';
 $string['potentialadmins'] = 'Potential admins';
 $string['potentialcreators'] = 'Potential course creators';

lib/db/mysql.php

@@ -1004,6 +1004,11 @@ function main_upgrade($oldversion=0) {
         modify_database('','ALTER TABLE prefix_user_teachers DROP INDEX courseuserid;');
         modify_database('','ALTER TABLE prefix_user_teachers ADD UNIQUE INDEX courseuserid(course,userid);');        
     } 
+
+    if ($oldversion < 2004112900) {
+        table_column('user', '', 'policyagreed', 'integer', '1', 'unsigned', '0', 'not null', 'confirmed');
+    }
+
        
     return $result;
 

lib/db/mysql.sql

@@ -334,6 +334,7 @@ CREATE TABLE `prefix_user` (
   `id` int(10) unsigned NOT NULL auto_increment,
   `auth` varchar(20) NOT NULL default 'manual',
   `confirmed` tinyint(1) NOT NULL default '0',
+  `policyagreed` tinyint(1) NOT NULL default '0',
   `deleted` tinyint(1) NOT NULL default '0',
   `username` varchar(100) NOT NULL default '',
   `password` varchar(32) NOT NULL default '',

lib/db/postgres7.php

@@ -773,6 +773,10 @@ function main_upgrade($oldversion=0) {
         modify_database('', "CREATE UNIQUE INDEX prefix_user_username_uk ON prefix_user (username);");
         
     } 
+
+    if ($oldversion < 2004112900) {
+        table_column('user', '', 'policyagreed', 'integer', '1', 'unsigned', '0', 'not null', 'confirmed');
+    }
     
     return $result;
 }

lib/db/postgres7.sql

@@ -223,6 +223,7 @@ CREATE TABLE prefix_user (
    id SERIAL PRIMARY KEY,
    auth varchar(20) NOT NULL default 'manual',
    confirmed integer NOT NULL default '0',
+   policyagreed integer NOT NULL default '0',
    deleted integer NOT NULL default '0',
    username varchar(100) NOT NULL default '',
    password varchar(32) NOT NULL default '',

lib/defaults.php

@@ -56,6 +56,7 @@
        'sessioncookie'            => '',
        'sessiontimeout'           =>  7200,
        'showsiteparticipantslist' =>  0,
+       'sitepolicy'               => '',
        'slasharguments'           =>  1,
        'smtphosts'                => '',
        'smtppass'                 => '',

lib/moodlelib.php

@@ -754,7 +754,7 @@ function require_login($courseid=0, $autologinguest=true) {
     }
 
     // check whether the user should be changing password
-    reload_user_preferences();
+    // reload_user_preferences();    // Why is this necessary?  Seems wasteful.  - MD
     if (!empty($USER->preference['auth_forcepasswordchange'])){
         if (is_internal_auth() || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
             redirect($CFG->wwwroot .'/login/change_password.php');
@@ -785,6 +785,14 @@ function require_login($courseid=0, $autologinguest=true) {
         $USER->sesskey = random_string(10);
     }
 
+    // Check that the user has agreed to a site policy if there is one
+    if (!empty($CFG->sitepolicy)) {
+        if (!$USER->policyagreed) {
+            redirect($CFG->wwwroot .'/user/policy.php');
+            die;
+        }
+    }
+
     // Next, check if the user can be in a particular course
     if ($courseid) {
         if ($courseid == SITEID) {

user/policy.php

@@ -0,0 +1,40 @@
+<?php // $Id$
+
+    require_once("../config.php");
+
+    optional_param('agree', 0, PARAM_INT);
+
+
+    if (!isset($USER->id)) {
+        require_login();
+    }
+
+    if ($agree == 1 and confirm_sesskey()) {        // User has agreed
+        if (!set_field('user', 'policyagreed', 1, 'id', $USER->id)) {
+            error('Could not save your agreement');
+        }
+        $USER->policyagreed = 1;
+        redirect($CFG->wwwroot);
+        exit;
+    }
+
+    $strpolicyagree = get_string('policyagree');
+    $strpolicyagreement = get_string('policyagreement');
+    $strpolicyagreementclick = get_string('policyagreementclick');
+
+    print_header($strpolicyagreement, $SITE->fullname, $strpolicyagreement);
+
+    print_heading($strpolicyagreement);
+
+    echo '<center>';
+    echo '<iframe align="center" width="80%" height="70%" src="'.$CFG->sitepolicy.'" />';
+    echo link_to_popup_window ($CFG->sitepolicy, 'agreement', $strpolicyagreementclick,
+                               500, 500, 'Popup window', 'none', true);
+    echo '</iframe>';
+    echo '</center>';
+
+    notice_yesno($strpolicyagree, "policy.php?agree=1&amp;sesskey=$USER->sesskey", $CFG->wwwroot);
+
+    print_footer();
+
+?>

version.php

@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine 
 // whether upgrades should be performed (see lib/db/*.php)
 
-   $version = 2004112400;  // YYYYMMDD = date of first major branch release 1.4
+   $version = 2004112900;  // YYYYMMDD = date of first major branch release 1.4
                            //       XY = increments within a single day
 
    $release = '1.5 UNSTABLE DEVELOPMENT';    // Human-friendly version name