2017-02-01 10:23:15 +00:00
|
|
|
<?php
|
|
|
|
// This file is part of the customcert module for Moodle - http://moodle.org/
|
|
|
|
//
|
|
|
|
// Moodle is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// Moodle is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handles verifying the code for a certificate.
|
|
|
|
*
|
|
|
|
* @package mod_customcert
|
|
|
|
* @copyright 2017 Mark Nelson <markn@moodle.com>
|
|
|
|
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
|
|
|
*/
|
|
|
|
|
2018-10-30 13:52:10 +00:00
|
|
|
// This file does not need require_login because capability to verify can be granted to guests, skip codechecker here.
|
2017-12-04 13:19:54 +00:00
|
|
|
// @codingStandardsIgnoreLine
|
2017-02-01 10:23:15 +00:00
|
|
|
require_once('../../config.php');
|
|
|
|
|
2017-11-12 04:55:10 +00:00
|
|
|
$contextid = optional_param('contextid', context_system::instance()->id, PARAM_INT);
|
2017-02-01 10:23:15 +00:00
|
|
|
$code = optional_param('code', '', PARAM_ALPHANUM); // The code for the certificate we are verifying.
|
2019-01-03 03:05:25 +00:00
|
|
|
$qrcode = optional_param('qrcode', false, PARAM_BOOL);
|
2017-02-01 10:23:15 +00:00
|
|
|
|
2017-05-30 03:59:06 +00:00
|
|
|
$context = context::instance_by_id($contextid);
|
|
|
|
|
2017-11-12 04:55:10 +00:00
|
|
|
// Set up the page.
|
|
|
|
$pageurl = new moodle_url('/mod/customcert/verify_certificate.php', array('contextid' => $contextid));
|
|
|
|
|
2018-06-26 10:50:21 +00:00
|
|
|
if ($code) {
|
|
|
|
$pageurl->param('code', $code);
|
|
|
|
}
|
|
|
|
|
2017-11-12 04:55:10 +00:00
|
|
|
// Ok, a certificate was specified.
|
|
|
|
if ($context->contextlevel != CONTEXT_SYSTEM) {
|
|
|
|
$cm = get_coursemodule_from_id('customcert', $context->instanceid, 0, false, MUST_EXIST);
|
|
|
|
$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
|
|
|
|
$customcert = $DB->get_record('customcert', array('id' => $cm->instance), '*', MUST_EXIST);
|
|
|
|
|
|
|
|
// Check if we are allowing anyone to verify, if so, no need to check login, or permissions.
|
|
|
|
if (!$customcert->verifyany) {
|
|
|
|
// Need to be logged in.
|
|
|
|
require_login($course, false, $cm);
|
|
|
|
// Ok, now check the user has the ability to verify certificates.
|
|
|
|
require_capability('mod/customcert:verifycertificate', $context);
|
|
|
|
} else {
|
|
|
|
$PAGE->set_cm($cm, $course);
|
|
|
|
}
|
2017-05-30 03:59:06 +00:00
|
|
|
|
2018-06-26 10:50:21 +00:00
|
|
|
$title = $customcert->name;
|
|
|
|
$heading = format_string($title);
|
2017-11-12 04:55:10 +00:00
|
|
|
$checkallofsite = false;
|
2017-05-06 11:14:15 +00:00
|
|
|
} else {
|
2018-06-26 10:50:21 +00:00
|
|
|
$title = $SITE->fullname;
|
|
|
|
$heading = $title;
|
|
|
|
$checkallofsite = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
\mod_customcert\page_helper::page_setup($pageurl, $context, $title);
|
|
|
|
|
|
|
|
// Additional page setup.
|
|
|
|
if ($context->contextlevel == CONTEXT_SYSTEM) {
|
|
|
|
$PAGE->navbar->add(get_string('verifycertificate', 'customcert'));
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($checkallofsite) {
|
2017-11-12 04:55:10 +00:00
|
|
|
// If the 'verifyallcertificates' is not set and the user does not have the capability 'mod/customcert:verifyallcertificates'
|
|
|
|
// then show them a message letting them know they can not proceed.
|
|
|
|
$verifyallcertificates = get_config('customcert', 'verifyallcertificates');
|
|
|
|
$canverifyallcertificates = has_capability('mod/customcert:verifyallcertificates', $context);
|
|
|
|
if (!$verifyallcertificates && !$canverifyallcertificates) {
|
|
|
|
echo $OUTPUT->header();
|
2018-06-26 10:50:21 +00:00
|
|
|
echo $OUTPUT->heading($heading);
|
2017-11-12 04:55:10 +00:00
|
|
|
echo $OUTPUT->notification(get_string('cannotverifyallcertificates', 'customcert'));
|
|
|
|
echo $OUTPUT->footer();
|
|
|
|
exit();
|
|
|
|
}
|
2017-02-01 10:23:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// The form we are using to verify these codes.
|
|
|
|
$form = new \mod_customcert\verify_certificate_form($pageurl);
|
|
|
|
|
2019-01-03 03:05:25 +00:00
|
|
|
if ($code) {
|
2017-02-01 10:23:15 +00:00
|
|
|
$result = new stdClass();
|
|
|
|
$result->issues = array();
|
|
|
|
|
|
|
|
// Ok, now check if the code is valid.
|
|
|
|
$userfields = get_all_user_name_fields(true, 'u');
|
2017-02-16 12:12:19 +00:00
|
|
|
$sql = "SELECT ci.id, u.id as userid, $userfields, co.id as courseid,
|
2018-06-12 08:42:27 +00:00
|
|
|
co.fullname as coursefullname, c.id as certificateid,
|
|
|
|
c.name as certificatename, c.verifyany
|
2017-02-01 10:23:15 +00:00
|
|
|
FROM {customcert} c
|
|
|
|
JOIN {customcert_issues} ci
|
|
|
|
ON c.id = ci.customcertid
|
|
|
|
JOIN {course} co
|
|
|
|
ON c.course = co.id
|
|
|
|
JOIN {user} u
|
|
|
|
ON ci.userid = u.id
|
2017-11-12 04:55:10 +00:00
|
|
|
WHERE ci.code = :code";
|
|
|
|
|
|
|
|
if ($checkallofsite) {
|
|
|
|
// Only people with the capability to verify all the certificates can verify any.
|
|
|
|
if (!$canverifyallcertificates) {
|
|
|
|
$sql .= " AND c.verifyany = 1";
|
|
|
|
}
|
|
|
|
$params = ['code' => $code];
|
|
|
|
} else {
|
|
|
|
$sql .= " AND c.id = :customcertid";
|
|
|
|
$params = ['code' => $code, 'customcertid' => $customcert->id];
|
|
|
|
}
|
|
|
|
|
2017-02-01 10:23:15 +00:00
|
|
|
// It is possible (though unlikely) that there is the same code for issued certificates.
|
2017-11-12 04:55:10 +00:00
|
|
|
if ($issues = $DB->get_records_sql($sql, $params)) {
|
2017-02-01 10:23:15 +00:00
|
|
|
$result->success = true;
|
|
|
|
$result->issues = $issues;
|
|
|
|
} else {
|
|
|
|
// Can't find it, let's say it's not verified.
|
|
|
|
$result->success = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
echo $OUTPUT->header();
|
2018-06-26 10:50:21 +00:00
|
|
|
echo $OUTPUT->heading($heading);
|
2019-01-03 03:05:25 +00:00
|
|
|
// Don't show the form if we are coming from a QR code.
|
|
|
|
if (!$qrcode) {
|
|
|
|
echo $form->display();
|
|
|
|
}
|
2017-02-01 10:23:15 +00:00
|
|
|
if (isset($result)) {
|
|
|
|
$renderer = $PAGE->get_renderer('mod_customcert');
|
|
|
|
$result = new \mod_customcert\output\verify_certificate_results($result);
|
|
|
|
echo $renderer->render($result);
|
|
|
|
}
|
|
|
|
echo $OUTPUT->footer();
|