Verification link should only verify for specified certificate

Also populated navigation bar.
This commit is contained in:
Mark Nelson 2017-05-30 11:59:06 +08:00
parent e5d6115c2a
commit bb918a02d6

View file

@ -27,11 +27,17 @@ require_once('../../config.php');
$contextid = required_param('contextid', PARAM_INT); $contextid = required_param('contextid', PARAM_INT);
$code = optional_param('code', '', PARAM_ALPHANUM); // The code for the certificate we are verifying. $code = optional_param('code', '', PARAM_ALPHANUM); // The code for the certificate we are verifying.
$context = context::instance_by_id($contextid);
$cm = get_coursemodule_from_id('customcert', $context->instanceid, 0, false, MUST_EXIST);
$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
$customcert = $DB->get_record('customcert', array('id' => $cm->instance), '*', MUST_EXIST);
// Need to be logged in. // Need to be logged in.
require_login(); require_login($course, false, $cm);
// Ok, now check the user has the ability to verify certificates. // Ok, now check the user has the ability to verify certificates.
require_capability('mod/customcert:verifycertificate', context::instance_by_id($contextid)); require_capability('mod/customcert:verifycertificate', $context);
// Set up the page. // Set up the page.
$pageurl = new moodle_url('/mod/customcert/verify_certificate.php', array('contextid' => $contextid)); $pageurl = new moodle_url('/mod/customcert/verify_certificate.php', array('contextid' => $contextid));
@ -40,7 +46,7 @@ if ($code) {
} }
$PAGE->set_url($pageurl); $PAGE->set_url($pageurl);
$PAGE->set_context(context_system::instance()); $PAGE->set_context($context);
$PAGE->set_title(get_string('verifycertificate', 'customcert')); $PAGE->set_title(get_string('verifycertificate', 'customcert'));
// The form we are using to verify these codes. // The form we are using to verify these codes.
@ -62,9 +68,10 @@ if ($form->get_data()) {
JOIN {user} u JOIN {user} u
ON ci.userid = u.id ON ci.userid = u.id
WHERE ci.code = :code WHERE ci.code = :code
AND c.id = :customcertid
AND u.deleted = 0"; AND u.deleted = 0";
// It is possible (though unlikely) that there is the same code for issued certificates. // It is possible (though unlikely) that there is the same code for issued certificates.
if ($issues = $DB->get_records_sql($sql, array('code' => $code))) { if ($issues = $DB->get_records_sql($sql, array('code' => $code, 'customcertid' => $customcert->id))) {
$result->success = true; $result->success = true;
$result->issues = $issues; $result->issues = $issues;
} else { } else {