Fixing session visibility

13 years ago · 1d694698ca
parent 0735ff70fd
commit 1d694698ca
2 changed files with 11 additions and 3 deletions
--- a/main/course_home/course_home.php
+++ b/main/course_home/course_home.php
@ -161,9 +161,7 @@ if ($_GET['action'] == 'subscribe') {
 }

 /*	Is the user allowed here? */
-if (!$is_allowed_in_course) {
-	api_not_allowed(true);
-}
+api_protect_course_script(true);

 /*  STATISTICS */

--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -839,6 +839,16 @@ function api_protect_course_script($print_headers = false, $allow_session_admins
    	}
    }
        
+    //Check session visibility
+    $session_id = api_get_session_id();
+    
+    if (!empty($session_id)) {
+        //$is_allowed_in_course was set in local.inc.php
+        if (!$is_allowed_in_course) {
+            $is_visible = false;
+        }
+    }
+
    if (!$is_visible) {
        api_not_allowed($print_headers);
        return false;