From cb909d74cac11dd534663cfb53afeaf83525ad8a Mon Sep 17 00:00:00 2001 From: moodler Date: Tue, 5 Nov 2002 16:38:02 +0000 Subject: [PATCH] Fixes to prevent teachers using loginas to enter other courses as that student --- lang/en/moodle.php | 1 + lib/moodlelib.php | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lang/en/moodle.php b/lang/en/moodle.php index 45561973ba..a8aa1c95e8 100644 --- a/lang/en/moodle.php +++ b/lang/en/moodle.php @@ -433,6 +433,7 @@ $string['startdate'] = "Course start date"; $string['startsignup'] = "Start now by creating a new account!"; $string['status'] = "Status"; $string['stringsnotset'] = "The following strings are not defined in \$a"; +$string['studentnotallowed'] = "Sorry, but you can not enter this course as '\$a'"; $string['success'] = "Success"; $string['summary'] = "Summary"; $string['summaryof'] = "Summary of \$a"; diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 10038882fc..e1cf81ed0b 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -1138,7 +1138,13 @@ function require_login($courseid=0) { // Next, check if the user can be in a particular course if ($courseid) { if ($USER->student[$courseid] || $USER->teacher[$courseid] || $USER->admin) { - if (!isset($USER->realuser)) { // Don't update if this isn't a realuser + if (isset($USER->realuser)) { // Make sure the REAL person can also access this course + if (!isteacher($courseid, $USER->realuser)) { + print_header(); + notice(get_string("studentnotallowed", "", "$USER->firstname $USER->lastname")); + } + + } else { // just update their last login time update_user_in_db(); } if (!$USER->email) { // User logged in, but has not set up profile! -- 2.39.5