From 61c6071f409238424fe9dca5d1c55f508c6f6920 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Tue, 28 Aug 2007 08:29:40 +0000
Subject: [PATCH] MDL-10984 support for user private keys when accession
 scripts without normal sessions

---
 grade/export/grade_export_form.php | 22 ++++-----
 grade/export/xml/dump.php          | 13 ++++++
 grade/export/xml/index.php         | 14 +++---
 lib/db/install.xml                 | 21 ++++++++-
 lib/db/upgrade.php                 | 29 +++++++++++-
 lib/moodlelib.php                  | 72 ++++++++++++++++++++++++++++++
 version.php                        |  2 +-
 7 files changed, 153 insertions(+), 20 deletions(-)
 create mode 100644 grade/export/xml/dump.php

diff --git a/grade/export/grade_export_form.php b/grade/export/grade_export_form.php
index 0c4fb62d55..f71dbc62d9 100755
--- a/grade/export/grade_export_form.php
+++ b/grade/export/grade_export_form.php
@@ -3,8 +3,8 @@ require_once $CFG->libdir.'/formslib.php';
 
 class grade_export_form extends moodleform {
     function definition (){
-        global $CFG;
-        include_once($CFG->libdir.'/pear/HTML/QuickForm/advcheckbox.php');
+        global $CFG, $COURSE, $USER;
+
         $mform =& $this->_form;
         if (isset($this->_customdata['plugin'])) {
             $plugin = $this->_customdata['plugin'];
@@ -18,15 +18,15 @@ class grade_export_form extends moodleform {
         $mform->setDefault('export_letters', 0);
         $mform->setHelpButton('export_letters', array(false, get_string('exportletters', 'grades'), false, true, false, get_string("exportlettershelp", 'grades')));
 
-        $mform->addElement('advcheckbox', 'publish', get_string('publish', 'grades'));
-        $mform->setDefault('publish', 0);
-        $mform->setHelpButton('publish', array(false, get_string('publish', 'grades'), false, true, false, get_string("publishhelp", 'grades')));
-
-        $mform->addElement('textarea', 'iplist', get_string('iplist', 'grades'), array('cols' => 40, 'rows' => 5));
-        $mform->setHelpButton('iplist', array(false, get_string('iplist', 'grades'), false, true, false, get_string("iplisthelp", 'grades')));
-
-        $mform->addElement('password', 'password', get_string('password'));
-        $mform->setHelpButton('password', array(false, get_string('password', 'grades'), false, true, false, get_string("passwordhelp", 'grades')));
+        $mform->addElement('header', 'publishing', get_string('publishing', 'grades'));
+        $options = array('no');
+        if ($keys = get_records_select('user_private_key', "script='grade/export' AND instance={$COURSE->id} AND userid={$USER->id}")) {
+            foreach ($keys as $key) {
+                $options[$key->value] = $key->value; // TODO: add ip, date, etc.??
+            }
+        }
+        $mform->addElement('select', 'key', get_string('userkey', 'grades'), $options);
+        $mform->addElement('static', 'justalink', get_string('key_manager'), '<a href="hmm_create_me">some link to key manager</a>');
 
         $mform->addElement('header', 'general', get_string('gradeitemsinc', 'grades')); // TODO: localize
 
diff --git a/grade/export/xml/dump.php b/grade/export/xml/dump.php
new file mode 100644
index 0000000000..c22d6ef402
--- /dev/null
+++ b/grade/export/xml/dump.php
@@ -0,0 +1,13 @@
+<?php  //$Id$
+
+$nomoodlecookie = true; // session not used here
+require '../../../config.php';
+
+$id = required_param('id', PARAM_INT); // course id
+
+require_user_key_login('grade/export', $id); // we want different keys for each course
+
+// use the same page parameters as export.php and append &key=sdhakjsahdksahdkjsahksadjksahdkjsadhksa
+require 'export.php';
+
+?>
\ No newline at end of file
diff --git a/grade/export/xml/index.php b/grade/export/xml/index.php
index 0af3bc51d1..3796b35288 100755
--- a/grade/export/xml/index.php
+++ b/grade/export/xml/index.php
@@ -59,16 +59,18 @@ if (($data = data_submitted()) && confirm_sesskey()) {
 
     // print the grades on screen for feedbacks
 
-    $export = new grade_export($id, $data->itemids, $data->export_letters, $data->publish);
-
-    if ($data->publish) {
-        // Record an entry in the 'published' table: people can now access this data by URL
-    }
+    $export = new grade_export($id, $data->itemids, $data->export_letters, !empty($data->key));
 
     $export->display_grades($feedback, $data->previewrows);
 
     // this redirect should trigger a download prompt
-    redirect('export.php?id='.$id.'&amp;itemids='.$itemidsurl.'&amp;export_letters='.$data->export_letters);
+    if (empty($data->key)) {
+        print_continue('export.php?id='.$id.'&amp;itemids='.$itemidsurl.'&amp;export_letters='.$data->export_letters);
+
+    } else {
+        $link = $CFG->wwwroot.'/grade/export/xml/dump.php?id='.$id.'&amp;itemids='.$itemidsurl.'&amp;export_letters='.$data->export_letters.'&amp;key='.$data->key;
+        echo "<a href=\"$link\">$link</a>";
+    }
     exit;
 }
 
diff --git a/lib/db/install.xml b/lib/db/install.xml
index 6b9147bff1..34a9218fa5 100644
--- a/lib/db/install.xml
+++ b/lib/db/install.xml
@@ -1675,7 +1675,7 @@
         <KEY NAME="userid" TYPE="foreign" FIELDS="userid" REFTABLE="user" REFFIELDS="id" PREVIOUS="groupid"/>
       </KEYS>
     </TABLE>
-    <TABLE NAME="groupings_groups" COMMENT="Link a grouping to a group (note, groups can be in multiple groupings ONLY in a course). WAS: groups_groupings_groups" PREVIOUS="groups_members">
+    <TABLE NAME="groupings_groups" COMMENT="Link a grouping to a group (note, groups can be in multiple groupings ONLY in a course). WAS: groups_groupings_groups" PREVIOUS="groups_members" NEXT="user_private_key">
       <FIELDS>
         <FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="false" SEQUENCE="true" ENUM="false" COMMENT="id of the table, please edit me" NEXT="groupingid"/>
         <FIELD NAME="groupingid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" DEFAULT="0" SEQUENCE="false" ENUM="false" PREVIOUS="id" NEXT="groupid"/>
@@ -1688,6 +1688,25 @@
         <KEY NAME="groupid" TYPE="foreign" FIELDS="groupid" REFTABLE="groups" REFFIELDS="id" PREVIOUS="groupingid"/>
       </KEYS>
     </TABLE>
+    <TABLE NAME="user_private_key" COMMENT="access keys used in cookieless scripts - rss, etc." PREVIOUS="groupings_groups">
+      <FIELDS>
+        <FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="true" ENUM="false" COMMENT="id of the table, please edit me" NEXT="script"/>
+        <FIELD NAME="script" TYPE="char" LENGTH="128" NOTNULL="true" SEQUENCE="false" ENUM="false" COMMENT="plugin, module - unique identifier" PREVIOUS="id" NEXT="value"/>
+        <FIELD NAME="value" TYPE="char" LENGTH="128" NOTNULL="true" SEQUENCE="false" ENUM="false" COMMENT="private access key value" PREVIOUS="script" NEXT="userid"/>
+        <FIELD NAME="userid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" ENUM="false" COMMENT="owner" PREVIOUS="value" NEXT="instance"/>
+        <FIELD NAME="instance" TYPE="int" LENGTH="10" NOTNULL="false" UNSIGNED="true" SEQUENCE="false" ENUM="false" COMMENT="optional instance id" PREVIOUS="userid" NEXT="iprestriction"/>
+        <FIELD NAME="iprestriction" TYPE="char" LENGTH="255" NOTNULL="false" SEQUENCE="false" ENUM="false" COMMENT="ip restriction" PREVIOUS="instance" NEXT="validuntil"/>
+        <FIELD NAME="validuntil" TYPE="int" LENGTH="10" NOTNULL="false" UNSIGNED="true" SEQUENCE="false" ENUM="false" COMMENT="timestampt - valid until data" PREVIOUS="iprestriction" NEXT="timecreated"/>
+        <FIELD NAME="timecreated" TYPE="int" LENGTH="10" NOTNULL="false" UNSIGNED="true" SEQUENCE="false" ENUM="false" COMMENT="created timestamp" PREVIOUS="validuntil"/>
+      </FIELDS>
+      <KEYS>
+        <KEY NAME="primary" TYPE="primary" FIELDS="id" COMMENT="primary key of the table, please edit me" NEXT="userid"/>
+        <KEY NAME="userid" TYPE="foreign" FIELDS="userid" REFTABLE="user" REFFIELDS="id" COMMENT="id from user table" PREVIOUS="primary"/>
+      </KEYS>
+      <INDEXES>
+        <INDEX NAME="script-value" UNIQUE="false" FIELDS="script, value" COMMENT="index used for key validation"/>
+      </INDEXES>
+    </TABLE>
   </TABLES>
   <STATEMENTS>
     <STATEMENT NAME="insert mnet_application" TYPE="insert" TABLE="mnet_application" COMMENT="Initial insert of records on table mnet_application" NEXT="insert log_display">
diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php
index f9a84bd5fe..e3c0c76f3a 100644
--- a/lib/db/upgrade.php
+++ b/lib/db/upgrade.php
@@ -1935,7 +1935,34 @@ function xmldb_main_upgrade($oldversion=0) {
         $result = $result && add_key($table, $key);
         
     } 
-    
+
+
+    if ($result && $oldversion < 2007082801) {
+
+    /// Define table user_private_key to be created
+        $table = new XMLDBTable('user_private_key');
+
+    /// Adding fields to table user_private_key
+        $table->addFieldInfo('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null, null, null);
+        $table->addFieldInfo('script', XMLDB_TYPE_CHAR, '128', null, XMLDB_NOTNULL, null, null, null, null);
+        $table->addFieldInfo('value', XMLDB_TYPE_CHAR, '128', null, XMLDB_NOTNULL, null, null, null, null);
+        $table->addFieldInfo('userid', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, null);
+        $table->addFieldInfo('instance', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, null, null, null, null, null);
+        $table->addFieldInfo('iprestriction', XMLDB_TYPE_CHAR, '255', null, null, null, null, null, null);
+        $table->addFieldInfo('validuntil', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, null, null, null, null, null);
+        $table->addFieldInfo('timecreated', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, null, null, null, null, null);
+
+    /// Adding keys to table user_private_key
+        $table->addKeyInfo('primary', XMLDB_KEY_PRIMARY, array('id'));
+        $table->addKeyInfo('userid', XMLDB_KEY_FOREIGN, array('userid'), 'user', array('id'));
+
+    /// Adding indexes to table user_private_key
+        $table->addIndexInfo('script-value', XMLDB_INDEX_NOTUNIQUE, array('script', 'value'));
+
+    /// Launch create table for user_private_key
+        $result = $result && create_table($table);
+    }
+
     return $result;
 }
 
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 10dfc0c691..a1996003bb 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1882,6 +1882,78 @@ function require_course_login($courseorid, $autologinguest=true, $cm=null) {
     }
 }
 
+/**
+ * Require key login. Function terminates with error if key not found or incorrect.
+ * @param string $script unique script identifier
+ * @param int $instance optional instance id
+ */
+function require_user_key_login($script, $instance=null) {
+    global $nomoodlecookie, $USER, $SESSION;
+
+    if (empty($nomoodlecookie)) {
+        error('Incorrect use of require_key_login() - session cookies must be disabled!');
+    }
+
+/// extra safety
+    @session_write_close();
+
+    $keyvalue = required_param('key', PARAM_ALPHANUM);
+
+    if (!$key = get_record('user_private_key', 'script', $script, 'value', $keyvalue, 'instance', $instance)) {
+        error('Incorrect key');
+    }
+
+    if (!empty($key->validuntil) and $key->validuntil < time()) {
+        error('Expired key');
+    }
+
+    if (false) { // TODO
+        error('Client IP mismatch');
+    }
+
+    if (!$user = get_record('user', 'id', $key->userid)) {
+        error('Incorrect user record');
+    }
+
+/// emulate normal session
+    $SESSION = new object();
+    $USER    = $user;
+
+/// return isntance id - it might be empty
+    return $key->instance;
+}
+
+/**
+ * Creates a new private user access key.
+ * @param string $script unique target identifier
+ * @param int $userid
+ * @param instance $int optional instance id
+ * @param string $iprestriction optional ip restricted access
+ * @param timestamp $validuntil key valid only until given data
+ * @return string access key value
+ */
+function create_user_key($script, $userid, $instance=null, $iprestriction=null, $validuntil=null) {
+    $key = new object();
+    $key->script        = $script;
+    $key->userid        = $userid;
+    $key->instance      = $instance;
+    $key->iprestriction = $iprestriction;
+    $key->validuntil    = $validuntil;
+    $key->timecreated   = time();
+
+    $key->value         = md5($userid.'_'.time().random_string(40)); // something long and unique
+    while (record_exists('user_private_key', 'value', $key->value)) {
+        // must be unique
+        $key->value     = md5($userid.'_'.time().random_string(40));
+    }
+
+    if (!insert_record('user_private_key', $key)) {
+        error('Can not insert new key');
+    }
+
+    return $key->value;
+}
+
 /**
  * Modify the user table by setting the currently logged in user's
  * last login to now.
diff --git a/version.php b/version.php
index 49b6e04a4f..a67bdd0684 100644
--- a/version.php
+++ b/version.php
@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)
 
-    $version = 2007082800;  // YYYYMMDD = date
+    $version = 2007082801;  // YYYYMMDD = date
                             //       XY = increments within a single day
 
     $release = '1.9 Beta +';   // Human-friendly version name
-- 
2.39.5