mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-22 16:18:24 +01:00
Code Issues Projects Releases Wiki Activity
moodle/mod/quiz/quizfile.php

118 lines
4.2 KiB
PHP
Raw Blame History

<?PHP // $Id$
// This function fetches files from the data directory
// Syntax: quizfile.php/quiz id/question id/dir/.../dir/filename.ext
// It is supposed to be used by the quiz module only
require_once("../../config.php");
require_once("../../files/mimetypes.php");
require_once("lib.php");
$lifetime = 86400;
if (isset($file)) { // workaround for situations where / syntax doesn't work
$pathinfo = $file;
} else {
$pathinfo = get_slash_arguments("file.php");
}
if (!$pathinfo) {
error("No file parameters!");
}
/////////////////////////////////////
// Extract info from $pathinfo
/////////////////////////////////////
$idreg = '[0-9]+';
if (!ereg("^/?($idreg)/($idreg)/((.+/)?([^/]+))$",
$pathinfo,
$regs) )
{
error("File parameters are badly formated");
}
if (! ($quiz = get_record('quiz', 'id', $regs[1]))) {
error("No valid quiz supplied");
}
if (! ($question = get_record('quiz_questions', 'id', $regs[2]))) {
error("No valid question supplied");
}
if (! ($relativefilepath = $regs[3])) {
error("No valid file path supplied");
}
if (! ($filename = $regs[5])) {
error("No valid file name supplied");
}
//////////////////////////////////////////
// Info from $pathinfo is now extracted!
// Now check the user's persmissions on this quiz...
//////////////////////////////////////////
if (! ($course = get_record("course", "id", $quiz->course))) {
error("Supplied quiz $quiz->name does not belong to a valid course");
}
require_login($course->id);
if (!isteacher($course->id)
and !quiz_get_user_attempt_unfinished($quiz->id, $USER->id)
and ! ($quiz->review && time() > $quiz->timeclose)
|| !quiz_get_user_attempts($quiz->id, $USER->id) )
{
error("Logged-in user is not allowed to view this quiz");
}
///////////////////////////////////////////////////
// The logged-in user has the right to view material on this quiz!
// Now verify the consistency between $quiz, $question, its category and $relativepathname
///////////////////////////////////////////////////
if (!in_array($question->id, explode(',', $quiz->questions), FALSE)) {
error("Specified question is not on the specified quiz");
}
if (! ($questioncategory = get_record('quiz_categories', 'id',
$question->category)))
{
error("Question category is not valid");
}
// For the moment - questions can reference datafiles through image only
if (! ($question->image == $relativefilepath)) {
error("The specified file path is not on the specified question");
}
///////////////////////////////////////////
// All security stuff is now taken care of.
// Specified file can now be returned...
//////////////////////////////////////////
$pathname = "$CFG->dataroot/$questioncategory->course/$relativefilepath";
// $filename has already been extracted
/////////////////////////////////////////////////////////////////
// The remaining code is identical to the final lines of file.php
// If you ask me - this stuff should be separated into a separate
// function for conviency.
// That function would find itself very in comfortable in the
// file mimetypes.php
//////////////////////////////////
$mimetype = mimeinfo("type", $filename);
if (file_exists($pathname)) {
$lastmodified = filemtime($pathname);
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
header("Cache-control: max_age = $lifetime"); // a day
header("Pragma: ");
header("Content-disposition: inline; filename=$filename");
header("Content-length: ".filesize($pathname));
header("Content-type: $mimetype");
readfile("$pathname");
} else {
error("Sorry, but the file you are looking for was not found ($pathname)", "course/view.php?id=$courseid");
}
exit;
?>
Reference in New Issue View Git Blame Copy Permalink