Moodle 3.10 XRef and Diffs

Search moodle.org's
Developer Documentation

Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Moodle 3.10 Database Schema (by Marcus Green)

/badges/classes/output/ -> external_badge.php (source)

Differences Between: [Versions 310 and 311] [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * External badge renderable.
  19   *
  20   * @package    core
  21   * @subpackage badges
  22   * @copyright  2012 onwards Totara Learning Solutions Ltd {@link http://www.totaralms.com/}
  23   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  24   * @author     Yuliya Bozhko <yuliya.bozhko@totaralms.com>
  25   */
  26  
  27  namespace core_badges\output;
  28  
  29  defined('MOODLE_INTERNAL') || die();
  30  
  31  require_once($CFG->libdir . '/badgeslib.php');
  32  
  33  use renderable;
  34  
  35  /**
  36   * An external badges for external.php page
  37   *
  38   * @copyright  2012 onwards Totara Learning Solutions Ltd {@link http://www.totaralms.com/}
  39   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  40   */
  41  class external_badge implements renderable {
  42      /** @var issued badge */
  43      public $issued;
  44  
  45      /** @var User ID */
  46      public $recipient;
  47  
  48      /** @var validation of external badge */
  49      public $valid = true;
  50  
  51      /**
  52       * Initializes the badge to display
  53       *
  54       * @param object $badge External badge information.
  55       * @param int $recipient User id.
  56       */
  57      public function __construct($badge, $recipient) {
  58          global $DB;
  59          // At this point a user has connected a backpack. So, we are going to get
  60          // their backpack email rather than their account email.
  61          $namefields = get_all_user_name_fields(true, 'u');
  62          $user = $DB->get_record_sql("SELECT {$namefields}, b.email
  63                      FROM {user} u INNER JOIN {badge_backpack} b ON u.id = b.userid
  64                      WHERE b.userid = :userid", array('userid' => $recipient), IGNORE_MISSING);
  65  
  66          $this->issued = $badge;
  67          $this->recipient = $user;
  68  
  69          // Check if recipient is valid.
  70          // There is no way to be 100% sure that a badge belongs to a user.
  71          // Backpack does not return any recipient information.
  72          // All we can do is compare that backpack email hashed using salt
  73          // provided in the assertion matches a badge recipient from the assertion.
  74          if ($user) {
  75              if (isset($badge->assertion->recipient->identity)) {
  76                  $badge->assertion->salt = $badge->assertion->recipient->salt;
  77                  $badge->assertion->recipient = $badge->assertion->recipient->identity;
  78              }
  79              // Open Badges V2 does not even include a recipient.
  80              if (!isset($badge->assertion->recipient)) {
  81                  $this->valid = false;
  82              } else if (validate_email($badge->assertion->recipient) && $badge->assertion->recipient == $user->email) {
  83                  // If we have email, compare emails.
  84                  $this->valid = true;
  85              } else if ($badge->assertion->recipient == 'sha256$' . hash('sha256', $user->email)) {
  86                  // If recipient is hashed, but no salt, compare hashes without salt.
  87                  $this->valid = true;
  88              } else if ($badge->assertion->recipient == 'sha256$' . hash('sha256', $user->email . $badge->assertion->salt)) {
  89                  // If recipient is hashed, compare hashes.
  90                  $this->valid = true;
  91              } else {
  92                  // Otherwise, we cannot be sure that this user is a recipient.
  93                  $this->valid = false;
  94              }
  95          } else {
  96              $this->valid = false;
  97          }
  98      }
  99  }
 100