customcert user's has option to use new or old format. Unique code is being generated. This PR is made for #1 and #2

custom cert, updated the names of both code generation methods.

Added view_user_cert page, a logged in user can see certificate if having a valid token and ecard code. This is being used from view_tokens.php page.

customcert view certificate function is made. This is made for #212

Updated verify certificate URL. This PR is made for 221

Updated the verify URL for QR code.

Author: Raza403

db/install.xml

@@ -59,7 +59,7 @@
       </KEYS>
       <INDEXES>
         <INDEX NAME="userid-customcertid" UNIQUE="false" FIELDS="userid, customcertid"/>
-        <INDEX NAME="code" UNIQUE="false" FIELDS="code"/>
+        <INDEX NAME="code" UNIQUE="true" FIELDS="code"/>
       </INDEXES>
     </TABLE>
     <TABLE NAME="customcert_pages" COMMENT="Stores each page of a custom cert">

db/upgrade.php

@@ -298,21 +298,23 @@ function xmldb_customcert_upgrade($oldversion) {
         upgrade_mod_savepoint(true, 2024042205, 'customcert');
     }
 
+    // Drop the unique index on 'code' and add a non-unique one.
     if ($oldversion < 2024042210) {
         $table = new xmldb_table('customcert_issues');
-        $index = new xmldb_index('code', XMLDB_INDEX_UNIQUE, ['code']);
 
+        // Drop existing unique index if it exists.
+        $index = new xmldb_index('code', XMLDB_INDEX_UNIQUE, ['code']);
         if ($dbman->index_exists($table, $index)) {
             $dbman->drop_index($table, $index);
         }
 
+        // Add non-unique index.
         $index = new xmldb_index('code', XMLDB_INDEX_NOTUNIQUE, ['code']);
-
         if (!$dbman->index_exists($table, $index)) {
             $dbman->add_index($table, $index);
         }
 
-        // Update the plugin version in the database.
+        // Save the upgrade step.
         upgrade_plugin_savepoint(true, 2024042210, 'mod', 'customcert');
     }
 

element/qrcode/classes/element.php

@@ -158,8 +158,7 @@ public function render($pdf, $preview, $user) {
             $context = \context::instance_by_id($issue->contextid);
 
             $urlparams = [
-                'code' => $code,
-                'qrcode' => 1,
+                'certId' => $code,
             ];
 
             // We only add the 'contextid' to the link if the site setting for verifying all certificates is off,
@@ -173,7 +172,7 @@ public function render($pdf, $preview, $user) {
                 $urlparams['contextid'] = $issue->contextid;
             }
 
-            $qrcodeurl = new \moodle_url('/mod/customcert/verify_certificate.php', $urlparams);
+            $qrcodeurl = new \moodle_url('https://app.pacificmedicaltraining.com/verify', $urlparams);
             $qrcodeurl = $qrcodeurl->out(false);
         }
 

lib.php

@@ -436,6 +436,63 @@ function mod_customcert_inplace_editable($itemtype, $itemid, $newvalue) {
     }
 }
 
+// Prevent direct access to this file.
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * Generates a public URL for viewing a user's certificate (eCard).
+ *
+ * This function constructs a URL that allows public access to a certificate
+ * without requiring authentication. It does so by generating a secure token
+ * based on the certificate code.
+ *
+ * @param string $cert_code The unique code of the certificate.
+ * @return string The generated public URL for the certificate.
+ */
+function generate_public_url_for_certificate(string $cert_code): string {
+    global $CFG;
+
+    // Generate a security token for the certificate using a private function.
+    $token = calculate_signature($cert_code);
+
+    // Construct and return the public URL to view the certificate.
+    return $CFG->wwwroot . '/mod/customcert/view_user_cert.php?cert_code=' . urlencode($cert_code) . '&token=' . urlencode($token);
+}
+
+/**
+ * Generates a secure HMAC signature for a certificate.
+ *
+ * This function creates a unique signature for a certificate based on its code.
+ * The signature is used as a security token to verify access to the certificate.
+ * It prevents unauthorized access by ensuring that only valid certificates can
+ * be accessed through a generated URL.
+ *
+ * The signature is generated using the HMAC (Hash-based Message Authentication Code) 
+ * method with SHA-256, ensuring strong security. It uses Moodle's `siteidentifier`
+ * as the secret key, making it unique to each Moodle installation.
+ *
+ * @param string $cert_code The unique certificate code.
+ * @return string The generated HMAC signature.
+ */
+function calculate_signature(string $cert_code): string {
+    global $CFG;
+
+    // Define a namespaced message prefix to avoid signature collisions.
+    $messagePrefix = 'mod_customcert:view_user_cert';
+
+    // Construct the message that will be signed.
+    // This includes the prefix and the certificate code to create a unique hash.
+    $message = $messagePrefix . '|' . $cert_code;
+
+    // Use Moodle's unique site identifier as the secret key for HMAC.
+    // This ensures that signatures are installation-specific.
+    $secret = $CFG->siteidentifier;
+
+    // Generate the HMAC hash using SHA-256.
+    // This provides a cryptographic signature that is difficult to forge.
+    return hash_hmac('sha256', $message, $secret);
+}
+
 /**
  * Get icon mapping for font-awesome.
  */

view_user_cert.php

@@ -0,0 +1,88 @@
+<?php
+// Include required Moodle configuration and custom certificate library.
+require_once(__DIR__ . '/../../config.php');
+require_once($CFG->dirroot . '/mod/customcert/lib.php');
+
+// Set up the page context before processing any parameters.
+// This ensures that Moodle properly initializes the page and handles any errors gracefully.
+$context = context_system::instance();
+$PAGE->set_context($context);
+$PAGE->set_url('/mod/customcert/view_user_cert.php');
+$PAGE->set_title('View certificate');
+$PAGE->set_heading('View certificate');
+
+/**
+ * Displays an error message in a formatted Moodle page and exits.
+ *
+ * This function helps standardize error handling by rendering the page
+ * properly and showing the error message in an alert box.
+ *
+ * @param string $message The error message to display.
+ */
+function display_error_page($message) {
+    global $OUTPUT;
+
+    echo $OUTPUT->header(); // Display the page header.
+    echo $OUTPUT->box($message, 'alert alert-danger'); // Display the error message in a styled box.
+    echo $OUTPUT->footer(); // Display the page footer.
+    exit; // Stop further execution.
+}
+
+// Retrieve certificate code and verification token from URL parameters.
+// 'optional_param' is used instead of 'required_param' to avoid Moodle throwing an automatic error page.
+$cert_code = optional_param('cert_code', '', PARAM_ALPHANUMEXT);
+$token = optional_param('token', '', PARAM_ALPHANUMEXT);
+
+// Ensure both required parameters are provided.
+if (empty($cert_code) || empty($token)) {
+    display_error_page('Certificate code or verification token is missing. Please check the URL and try again.');
+}
+
+// Validate the provided token by regenerating it using the expected algorithm.
+$expected_token = calculate_signature($cert_code);
+if ($token !== $expected_token) {
+    display_error_page('The verification token is invalid for this certificate. Please check the URL and try again.');
+}
+
+// Retrieve the certificate issue entry using the provided certificate code.
+// This helps fetch the associated user ID to verify ownership.
+$issue = $DB->get_record('customcert_issues', ['code' => $cert_code], '*');
+
+if (!$issue) {
+    display_error_page('The certificate with the provided code could not be found. Please verify the certificate code and try again.');
+}
+
+// Fetch the certificate associated with the retrieved issue.
+// The certificate must be one of the recognized eCard types: 'Cognitive eCard' or 'Completion eCard'.
+$certificate = $DB->get_record_sql("
+    SELECT * FROM {customcert}
+    WHERE id = ? AND name IN ('Cognitive eCard', 'Completion eCard')
+", [$issue->customcertid]);
+
+if (!$certificate) {
+    display_error_page('The certificate type is not valid or does not exist. Please contact the site administrator for assistance.');
+}
+
+// Retrieve the corresponding template for the fetched certificate.
+// The template defines the layout and content of the generated certificate.
+$template = $DB->get_record('customcert_templates', ['id' => $certificate->templateid]);
+if (!$template) {
+    display_error_page('The certificate template could not be found. Please contact the site administrator for assistance.');
+}
+
+try {
+    // Convert the template record into a template object.
+    // This object provides methods to generate and render the certificate.
+    $template = new \mod_customcert\template($template);
+
+    // Generate and output the certificate PDF.
+    // 'false' indicates that the PDF is displayed inline instead of being force-downloaded.
+    // The second parameter ensures the certificate is generated for the correct user.
+    $template->generate_pdf(false, $issue->userid);
+} catch (Exception $e) {
+    // Catch any errors that may occur while generating the certificate PDF.
+    display_error_page('There was an error generating the certificate PDF. Please try again later or contact support if the problem persists.');
+}
+
+// Prevent further execution after rendering the certificate.
+exit;