<?PHP // $Id$
      // This function fetches files from the data directory
      // Syntax:   quizfile.php/quiz id/question id/dir/.../dir/filename.ext
      // It is supposed to be used by the quiz module only
      // I believe this is obsolete, everything should be using moodle/file.php GWD

    require_once('../../config.php');
    require_once($CFG->libdir.'/filelib.php');
    require_once('locallib.php');

    if (empty($CFG->filelifetime)) {
        $lifetime = 86400;     // Seconds for files to remain in caches
    } else {
        $lifetime = $CFG->filelifetime;
    }

    // disable moodle specific debug messages
    disable_debugging();

    $relativepath = get_file_argument('quizfile.php');

    if (!$relativepath) {
        print_error('invalidargorconf');
    }

    // extract relative path components
    $args = explode('/', trim($relativepath, '/'));
    if (count($args) < 3) { // always at least category, question and path
        print_error('invalidarguments');
    }

    $quizid       = (int)array_shift($args);
    $questionid   = (int)array_shift($args);
    $relativepath = implode ('/', $args);

    if (!($question = $DB->get_record('question', array('id' => $questionid)))) {
        print_error('invalidarguments');
    }

    if (!($questioncategory = $DB->get_record('question_categories', array('id' => $question->category)))) {
        print_error('invalidarguments');
    }

    /////////////////////////////////////
    // Check access
    /////////////////////////////////////
    if ($quizid == 0) { // teacher doing preview during quiz creation
        if ($questioncategory->publish) {
            require_login();
            if (!isteacherinanycourse()) {
                print_error('invalidarguments');
            }
        } else {
            require_login($questioncategory->course);
            $cm = get_coursemodule_from_instance('quiz', $quizid);
            require_capability('mod/quiz:preview', get_context_instance(CONTEXT_MODULE, $cm->id));
        }
    } else {
        if (!($quiz = $DB->get_record('quiz', array('id' => $quizid)))) {
            print_error('invalidarguments');
        }
        if (!($course = $DB->get_record('course', array('id' => $quiz->course)))) {
            print_error('invalidarguments');
        }
        require_login($course->id);

        // For now, let's not worry about this.  The following check causes
        // problems sometimes when reviewing a quiz
        //if (!isteacher($course->id)
        //    and !quiz_get_user_attempt_unfinished($quiz->id, $USER->id)
        //    and ! ($quiz->review  &&  time() > $quiz->timeclose)
        //        || !quiz_get_user_attempts($quiz->id, $USER->id) )
        //{
        //    print_error('noview', 'quiz');
        //}

        ///////////////////////////////////////////////////
        // The logged-in user has the right to view material on this quiz!
        // Now verify the consistency between $quiz, $question, its category and $relativepathname
        ///////////////////////////////////////////////////

        // For now, let's not worry about this.  The following check doesn't
        // work for randomly selected questions and it gets complicated
        //if (!in_array($question->id, explode(',', $quiz->questions), FALSE)) {
        //    print_error('specificquestionnotonquiz', 'quiz');
        //}
    }

    // Have the question check whether it uses this file or not
    if (!$QTYPES[$question->qtype]->uses_quizfile($question,
                                                       $relativepath)) {
        print_error('specificapathnotonquestion', 'quiz');
    }


    ///////////////////////////////////////////
    // All security stuff is now taken care of.
    // Specified file can now be returned...
    //////////////////////////////////////////

    $pathname = "$CFG->dataroot/$questioncategory->course/$relativepath";
    $filename = $args[count($args)-1];


    if (file_exists($pathname)) {
        send_file($pathname, $filename, $lifetime);
    } else {
        header('HTTP/1.0 404 not found');
        print_error('filenotfound', 'error'); //this is not displayed on IIS??
    }
?>