From: moodler <moodler>
Date: Tue, 5 Nov 2002 16:38:02 +0000 (+0000)
Subject: Fixes to prevent teachers using loginas to enter other courses as that student
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=cb909d74cac11dd534663cfb53afeaf83525ad8a;p=moodle.git

Fixes to prevent teachers using loginas to enter other courses as that student
---

diff --git a/lang/en/moodle.php b/lang/en/moodle.php
index 45561973ba..a8aa1c95e8 100644
--- a/lang/en/moodle.php
+++ b/lang/en/moodle.php
@@ -433,6 +433,7 @@ $string['startdate'] = "Course start date";
 $string['startsignup'] = "Start now by creating a new account!";
 $string['status'] = "Status";
 $string['stringsnotset'] = "The following strings are not defined in \$a";
+$string['studentnotallowed'] = "Sorry, but you can not enter this course as '\$a'";
 $string['success'] = "Success";
 $string['summary'] = "Summary";
 $string['summaryof'] = "Summary of \$a";
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 10038882fc..e1cf81ed0b 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1138,7 +1138,13 @@ function require_login($courseid=0) {
     // Next, check if the user can be in a particular course
     if ($courseid) {
         if ($USER->student[$courseid] || $USER->teacher[$courseid] || $USER->admin) {
-            if (!isset($USER->realuser)) {  // Don't update if this isn't a realuser
+            if (isset($USER->realuser)) {   // Make sure the REAL person can also access this course
+                if (!isteacher($courseid, $USER->realuser)) {
+                    print_header();
+                    notice(get_string("studentnotallowed", "", "$USER->firstname $USER->lastname"));
+                }
+
+            } else {  // just update their last login time
                 update_user_in_db();
             }
             if (!$USER->email) {            // User logged in, but has not set up profile!