From 5c64d114468f54efafb2cebe95aab4c3ac74a03e Mon Sep 17 00:00:00 2001 From: Mark Nelson Date: Tue, 30 May 2017 11:59:06 +0800 Subject: [PATCH] Verification link should only verify for specified certificate Also populated navigation bar. --- verify_certificate.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/verify_certificate.php b/verify_certificate.php index 16e04f2..a99c312 100644 --- a/verify_certificate.php +++ b/verify_certificate.php @@ -27,11 +27,17 @@ require_once('../../config.php'); $contextid = required_param('contextid', PARAM_INT); $code = optional_param('code', '', PARAM_ALPHANUM); // The code for the certificate we are verifying. +$context = context::instance_by_id($contextid); + +$cm = get_coursemodule_from_id('customcert', $context->instanceid, 0, false, MUST_EXIST); +$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST); +$customcert = $DB->get_record('customcert', array('id' => $cm->instance), '*', MUST_EXIST); + // Need to be logged in. -require_login(); +require_login($course, false, $cm); // Ok, now check the user has the ability to verify certificates. -require_capability('mod/customcert:verifycertificate', context::instance_by_id($contextid)); +require_capability('mod/customcert:verifycertificate', $context); // Set up the page. $pageurl = new moodle_url('/mod/customcert/verify_certificate.php', array('contextid' => $contextid)); @@ -40,7 +46,7 @@ if ($code) { } $PAGE->set_url($pageurl); -$PAGE->set_context(context_system::instance()); +$PAGE->set_context($context); $PAGE->set_title(get_string('verifycertificate', 'customcert')); // The form we are using to verify these codes. @@ -62,9 +68,10 @@ if ($form->get_data()) { JOIN {user} u ON ci.userid = u.id WHERE ci.code = :code + AND c.id = :customcertid AND u.deleted = 0"; // It is possible (though unlikely) that there is the same code for issued certificates. - if ($issues = $DB->get_records_sql($sql, array('code' => $code))) { + if ($issues = $DB->get_records_sql($sql, array('code' => $code, 'customcertid' => $customcert->id))) { $result->success = true; $result->issues = $issues; } else {