$editlink = CALENDAR_URL.'event.php?action=edit&id='.$event->id.$calendarcourseid;
$deletelink = CALENDAR_URL.'event.php?action=delete&id='.$event->id.$calendarcourseid;
} else {
- $editlink = $CFG->wwwroot.'/course/mod.php?update='.$event->cmid.'&return=true&sesskey='.$USER->sesskey;
+ $editlink = $CFG->wwwroot.'/course/mod.php?update='.$event->cmid.'&return=true&sesskey='.sesskey();
$deletelink = ''; // deleting activities directly from calendar is dangerous/confusing - see MDL-11843
}
echo ' <a href="'.$editlink.'"><img
function calendar_session_vars($course=null) {
global $SESSION, $USER;
- if(!empty($USER->id) && isset($USER->realuser) && !isset($SESSION->cal_loggedinas)) {
- // We just logged in as someone else, update the filtering
- unset($SESSION->cal_users_shown);
- unset($SESSION->cal_courses_shown);
- $SESSION->cal_loggedinas = true;
- if(intval(get_user_preferences('calendar_persistflt', 0))) {
- calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
- }
- }
- else if(!empty($USER->id) && !isset($USER->realuser) && isset($SESSION->cal_loggedinas)) {
- // We just logged back to our real self, update again
- unset($SESSION->cal_users_shown);
- unset($SESSION->cal_courses_shown);
- unset($SESSION->cal_loggedinas);
- if(intval(get_user_preferences('calendar_persistflt', 0))) {
- calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
- }
- }
-
if(!isset($SESSION->cal_course_referer)) {
$SESSION->cal_course_referer = 0;
}
} else if (has_capability('moodle/course:view', $COURSE->context)) {
if (is_loggedinas()) { // Make sure the REAL person can also access this course
- if (!has_capability('moodle/course:view', $COURSE->context, $USER->realuser)) {
+ $realuser = get_real_user();
+ if (!has_capability('moodle/course:view', $COURSE->context, $realuser->id)) {
print_header_simple();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
}
return !empty($USER->realuser);
}
+/**
+ * Returns the $USER object ignoring current login-as session
+ * @return object user object
+ */
+function get_real_user() {
+ if (is_loggedinas()) {
+ return $_SESSION['REALUSER'];
+ } else {
+ return $_SESSION['USER'];
+ }
+}
+
/**
* Login as another user - no security checks here.
* @param int $userid
return;
}
-/// Remember current timeaccess settings for later
-
- if (isset($USER->timeaccess)) {
- $SESSION->oldtimeaccess = $USER->timeaccess;
- }
- if (isset($USER->grade_last_report)) {
- $SESSION->grade_last_report = $USER->grade_last_report;
- }
-
- $olduserid = $USER->id;
+ // switch to fresh session
+ $_SESSION['REALSESSION'] = $SESSION;
+ $_SESSION['SESSION'] = new object();
/// Create the new USER object with all details and reload needed capabilitites
+ $_SESSION['REALUSER'] = $USER;
$USER = get_complete_user_data('id', $userid);
- $USER->realuser = $olduserid;
+ $USER->realuser = $_SESSION['REALUSER']->id;
$USER->loginascontext = $context;
check_enrolment_plugins($USER);
load_all_capabilities(); // reload capabilities
-
- if (isset($SESSION->currentgroup)) { // Remember current cache setting for later
- $SESSION->oldcurrentgroup = $SESSION->currentgroup;
- unset($SESSION->currentgroup);
- }
}
/**
return;
}
- $USER = get_complete_user_data('id', $USER->realuser);
- load_all_capabilities(); // load all this user's normal capabilities
+ $_SESSION['SESSION'] = $_SESSION['REALSESSION'];
+ unset($_SESSION['REALSESSION']);
- if (isset($SESSION->oldcurrentgroup)) { // Restore previous "current group" cache.
- $SESSION->currentgroup = $SESSION->oldcurrentgroup;
- unset($SESSION->oldcurrentgroup);
- }
- if (isset($SESSION->oldtimeaccess)) { // Restore previous timeaccess settings
- $USER->timeaccess = $SESSION->oldtimeaccess;
- unset($SESSION->oldtimeaccess);
- }
- if (isset($SESSION->grade_last_report)) { // Restore grade defaults if any
- $USER->grade_last_report = $SESSION->grade_last_report;
- unset($SESSION->grade_last_report);
- }
+ $_SESSION['USER'] = $_SESSION['REALUSER'];
+ unset($_SESSION['REALUSER']);
}
/**
$USER->lastname);
}
if (is_loggedinas()) {
- if ($realuser = $DB->get_record('user', array('id'=>$USER->realuser))) {
- $apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
- $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
- $apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
- }
+ $realuser = get_real_user();
+ $apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
+ $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
+ $apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
}
switch ($CFG->apacheloguser) {
case 3:
}
if (is_loggedinas()) {
- if ($realuser = $DB->get_record('user', array('id'=>$user->realuser))) {
- $fullname = fullname($realuser, true);
- $realuserinfo = " [<a $CFG->frametarget
- href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&return=1&sesskey=".sesskey()."\">$fullname</a>] ";
- }
+ $realuser = get_real_user();
+ $fullname = fullname($realuser, true);
+ $realuserinfo = " [<a $CFG->frametarget
+ href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&return=1&sesskey=".sesskey()."\">$fullname</a>] ";
} else {
$realuserinfo = '';
}
projects / moodle.git / commitdiff