moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-27542 calendar export: fixed the following:

Browse source 
1. changing auth token to use user id instead of username
2. add fall back checking for old url
3. remove yui functionality to generate calendar url
4. add missing variable
5. fixed usercontext instance
This commit is contained in:
Rossiani Wijaya 2011-11-07 17:07:00 +08:00
parent 735de1c276
commit d52777b486
7 changed files with 49 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

30
calendar/export_execute.php
View file

@ -5,21 +5,29 @@ require_once('../config.php');
require_once($CFG->dirroot.'/calendar/lib.php');
require_once($CFG->libdir.'/bennu/bennu.inc.php');
$username = required_param('username', PARAM_TEXT);
$userid = optional_param('userid', 0, PARAM_INT);
$username = optional_param('username', '', PARAM_TEXT);
$authtoken = required_param('authtoken', PARAM_ALPHANUM);
$generateurl = optional_param('generateurl', '', PARAM_TEXT);
if (empty($CFG->enablecalendarexport)) {
die('no export');
}
//Fetch user information
if (!$user = $DB->get_record('user', array('username' => $username), 'id,password')) {
//No such user
$checkuserid = !empty($userid) && $user = $DB->get_record('user', array('id' => $userid), 'id,password');
//allowing for fallback check of old url - MDL-27542
$checkusername = !empty($username) && $user = $DB->get_record('user', array('username' => $username), 'id,password');
if (!$checkuserid && !$checkusername) {
//No such user
die('Invalid authentication');
}
//Check authentication token
if ($authtoken != sha1($username . $user->password . $CFG->calendar_exportsalt)) {
$authuserid = !empty($userid) && $authtoken == sha1($userid . $user->password . $CFG->calendar_exportsalt);
//allowing for fallback check of old url - MDL-27542
$authusername = !empty($username) && $authtoken == sha1($username . $user->password . $CFG->calendar_exportsalt);
if (!$authuserid && !$authusername) {
die('Invalid authentication');
}
@ -31,6 +39,20 @@ $now = usergetdate(time());
$allowed_what = array('all', 'courses');
$allowed_time = array('weeknow', 'weeknext', 'monthnow', 'monthnext', 'recentupcoming');
if (!empty($generateurl)) {
$authtoken = sha1($user->id . $user->password . $CFG->calendar_exportsalt);
$params = array();
$params['preset_what'] = $what;
$params['preset_time'] = $time;
$params['userid'] = $userid;
$params['authtoken'] = $authtoken;
$params['generateurl'] = true;
$link = new moodle_url('/calendar/export.php', $params);
redirect($link->out());
die;
}
if(!empty($what) && !empty($time)) {
if(in_array($what, $allowed_what) && in_array($time, $allowed_time)) {
$courses = enrol_get_users_courses($user->id, true, 'id, visible, shortname');