customcert user's has option to use new or old format. Unique code is being generated. This PR is made for #1 and #2

Raza403 · Raza403 · commit f191bdee0b4b · 2025-06-24T15:16:25.000+05:00
custom cert, updated the names of both code generation methods. Added view_user_cert page, a logged in user can see certificate if having a valid token and ecard code. This is being used from view_tokens.php page. customcert view certificate function is made. This is made for #212 Updated verify certificate URL. This PR is made for 221 Updated the verify URL for QR code.
diff --git a/classes/certificate.php b/classes/certificate.php
@@ -552,49 +552,62 @@ public static function issue_certificate($certificateid, $userid) {
         return $issueid;
     }
 
-    /**
-     * Generates an unused code of random letters and numbers.
-     *
-     * @return string
-     */
-    public static function generate_code(): string {
+    public static function generate_code() {
         global $DB;
 
-        // Get the user's selected method from settings.
+        // Get the user's selected method from settings
         $method = get_config('customcert', 'codegenerationmethod');
 
-        do {
-            $code = match ($method) {
-                '0' => self::generate_code_upper_lower_digits(),
-                '1' => self::generate_code_digits_with_hyphens(),
-                default => self::generate_code_upper_lower_digits(),
-            };
-        } while ($DB->record_exists('customcert_issues', ['code' => $code]));
-        return $code;
+        // If the upper/lower/digits is selected (0), use the upper/lower/digits code generation method
+        if ($method == 0) {
+            return self::generate_code_upper_lower_digits();
+        }
+
+        // Otherwise, use the digits with hyphens method (1)
+        return self::generate_code_digits_with_hyphens();
     }
 
-    /**
-     * Generate a random code of the format XXXXXXXXXX, where each X is a character from the set [A-Za-z0-9].
-     * Does not check that it is unused.
-     *
-     * @return string
-     */
-    private static function generate_code_upper_lower_digits(): string {
-        return random_string(10);
+    // Upper/lower/digits random string
+    private static function generate_code_upper_lower_digits() {
+        global $DB;
+
+        $uniquecodefound = false;
+        $code = random_string(10);
+        while (!$uniquecodefound) {
+            if (!$DB->record_exists('customcert_issues', ['code' => $code])) {
+                $uniquecodefound = true;
+            } else {
+                $code = random_string(10);
+            }
+        }
+
+        return $code;
     }
 
-    /**
-     * Generate an random code of the format XXXX-XXXX-XXXX, where each X is a random digit.
-     * Does not check that it is unused.
-     *
-     * @return string
-     */
-    private static function generate_code_digits_with_hyphens(): string {
-        return sprintf(
-            '%04d-%04d-%04d',
-            random_int(0, 9999),
-            random_int(0, 9999),
-            random_int(0, 9999)
-        );
+    // Digits with hyphens
+    private static function generate_code_digits_with_hyphens() {
+        global $DB;
+
+        // Define the character set (digits only).
+        $characters = '0123456789';
+        $charCount = strlen($characters); // Cache the length to optimize loop performance
+        $length = 12; // Total length excluding hyphens
+
+        do {
+            // Generate a raw code
+            $rawcode = '';
+            for ($i = 0; $i < $length; $i++) {
+                $rawcode .= $characters[random_int(0, $charCount - 1)]; // Secure random number selection
+            }
+
+            // Format the code as XXXX-XXXX-XXXX
+            $code = substr($rawcode, 0, 4) . '-' . substr($rawcode, 4, 4) . '-' . substr($rawcode, 8, 4);
+
+            // Check if the generated code already exists in the database
+            $exists = $DB->record_exists('customcert_issues', ['code' => $code]);
+
+        } while ($exists); // Repeat until a unique code is found
+
+        return $code;
     }
 }
diff --git a/db/install.xml b/db/install.xml
@@ -57,7 +57,7 @@
       </KEYS>
       <INDEXES>
         <INDEX NAME="userid-customcertid" UNIQUE="false" FIELDS="userid, customcertid"/>
-        <INDEX NAME="code" UNIQUE="false" FIELDS="code"/>
+        <INDEX NAME="code" UNIQUE="true" FIELDS="code"/>
       </INDEXES>
     </TABLE>
     <TABLE NAME="customcert_pages" COMMENT="Stores each page of a custom cert">
diff --git a/db/upgrade.php b/db/upgrade.php
@@ -298,21 +298,23 @@ function xmldb_customcert_upgrade($oldversion) {
         upgrade_mod_savepoint(true, 2024042205, 'customcert');
     }
 
+    // Drop the unique index on 'code' and add a non-unique one.
     if ($oldversion < 2024042210) {
         $table = new xmldb_table('customcert_issues');
-        $index = new xmldb_index('code', XMLDB_INDEX_UNIQUE, ['code']);
 
+        // Drop existing unique index if it exists.
+        $index = new xmldb_index('code', XMLDB_INDEX_UNIQUE, ['code']);
         if ($dbman->index_exists($table, $index)) {
             $dbman->drop_index($table, $index);
         }
 
+        // Add non-unique index.
         $index = new xmldb_index('code', XMLDB_INDEX_NOTUNIQUE, ['code']);
-
         if (!$dbman->index_exists($table, $index)) {
             $dbman->add_index($table, $index);
         }
 
-        // Update the plugin version in the database.
+        // Save the upgrade step.
         upgrade_plugin_savepoint(true, 2024042210, 'mod', 'customcert');
     }
 
diff --git a/element/qrcode/classes/element.php b/element/qrcode/classes/element.php
@@ -158,8 +158,7 @@ public function render($pdf, $preview, $user) {
             $context = \context::instance_by_id($issue->contextid);
 
             $urlparams = [
-                'code' => $code,
-                'qrcode' => 1,
+                'certId' => $code,
             ];
 
             // We only add the 'contextid' to the link if the site setting for verifying all certificates is off,
@@ -173,7 +172,7 @@ public function render($pdf, $preview, $user) {
                 $urlparams['contextid'] = $issue->contextid;
             }
 
-            $qrcodeurl = new \moodle_url('/mod/customcert/verify_certificate.php', $urlparams);
+            $qrcodeurl = new \moodle_url('https://app.pacificmedicaltraining.com/verify', $urlparams);
             $qrcodeurl = $qrcodeurl->out(false);
         }
 
diff --git a/lang/en/customcert.php b/lang/en/customcert.php
@@ -249,4 +249,7 @@
 $string['verifycertificatedesc'] = 'This link will take you to a new screen where you will be able to verify certificates on the site';
 $string['width'] = 'Width';
 $string['width_help'] = 'This is the width of the certificate PDF in mm. For reference an A4 piece of paper is 210mm wide and a letter is 216mm wide.';
-
+$string['codegenerationmethod'] = 'Code generation method';
+$string['codegenerationmethod_desc'] = 'Choose between the two methods for generating certificate codes.';
+$string['Upper/lower/digits'] = '6aOdbLEuoC (Upper/lower/digits random string)';
+$string['digits-with-hyphens'] = '0123-4567-8901 (Digits with hyphens)';
diff --git a/lib.php b/lib.php
@@ -436,6 +436,63 @@ function mod_customcert_inplace_editable($itemtype, $itemid, $newvalue) {
     }
 }
 
+// Prevent direct access to this file.
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * Generates a public URL for viewing a user's certificate (eCard).
+ *
+ * This function constructs a URL that allows public access to a certificate
+ * without requiring authentication. It does so by generating a secure token
+ * based on the certificate code.
+ *
+ * @param string $cert_code The unique code of the certificate.
+ * @return string The generated public URL for the certificate.
+ */
+function generate_public_url_for_certificate(string $cert_code): string {
+    global $CFG;
+
+    // Generate a security token for the certificate using a private function.
+    $token = calculate_signature($cert_code);
+
+    // Construct and return the public URL to view the certificate.
+    return $CFG->wwwroot . '/mod/customcert/view_user_cert.php?cert_code=' . urlencode($cert_code) . '&token=' . urlencode($token);
+}
+
+/**
+ * Generates a secure HMAC signature for a certificate.
+ *
+ * This function creates a unique signature for a certificate based on its code.
+ * The signature is used as a security token to verify access to the certificate.
+ * It prevents unauthorized access by ensuring that only valid certificates can
+ * be accessed through a generated URL.
+ *
+ * The signature is generated using the HMAC (Hash-based Message Authentication Code) 
+ * method with SHA-256, ensuring strong security. It uses Moodle's `siteidentifier`
+ * as the secret key, making it unique to each Moodle installation.
+ *
+ * @param string $cert_code The unique certificate code.
+ * @return string The generated HMAC signature.
+ */
+function calculate_signature(string $cert_code): string {
+    global $CFG;
+
+    // Define a namespaced message prefix to avoid signature collisions.
+    $messagePrefix = 'mod_customcert:view_user_cert';
+
+    // Construct the message that will be signed.
+    // This includes the prefix and the certificate code to create a unique hash.
+    $message = $messagePrefix . '|' . $cert_code;
+
+    // Use Moodle's unique site identifier as the secret key for HMAC.
+    // This ensures that signatures are installation-specific.
+    $secret = $CFG->siteidentifier;
+
+    // Generate the HMAC hash using SHA-256.
+    // This provides a cryptographic signature that is difficult to forge.
+    return hash_hmac('sha256', $message, $secret);
+}
+
 /**
  * Get icon mapping for font-awesome.
  */
diff --git a/settings.php b/settings.php
@@ -85,10 +85,10 @@
     'customcert/codegenerationmethod',
     get_string('codegenerationmethod', 'customcert'),
     get_string('codegenerationmethod_desc', 'customcert'),
-    0, // Default option (0 = Upper/lower/digits random string method).
+    0, // Default option (0 = Upper/lower/digits random string method)
     [
-        0 => get_string('codegenerationmethod_upperlowerdigits', 'customcert'), // Upper/lower/digits random string.
-        1 => get_string('codegenerationmethod_digitshyphens', 'customcert'), // Digits with hyphens numeric code.
+        0 => get_string('Upper/lower/digits', 'customcert'), // Upper/lower/digits random string
+        1 => get_string('digits-with-hyphens', 'customcert')  // Digits with hyphens numeric code
     ]
 ));
 
diff --git a/view_user_cert.php b/view_user_cert.php
@@ -0,0 +1,88 @@
+<?php
+// Include required Moodle configuration and custom certificate library.
+require_once(__DIR__ . '/../../config.php');
+require_once($CFG->dirroot . '/mod/customcert/lib.php');
+
+// Set up the page context before processing any parameters.
+// This ensures that Moodle properly initializes the page and handles any errors gracefully.
+$context = context_system::instance();
+$PAGE->set_context($context);
+$PAGE->set_url('/mod/customcert/view_user_cert.php');
+$PAGE->set_title('View certificate');
+$PAGE->set_heading('View certificate');
+
+/**
+ * Displays an error message in a formatted Moodle page and exits.
+ *
+ * This function helps standardize error handling by rendering the page
+ * properly and showing the error message in an alert box.
+ *
+ * @param string $message The error message to display.
+ */
+function display_error_page($message) {
+    global $OUTPUT;
+
+    echo $OUTPUT->header(); // Display the page header.
+    echo $OUTPUT->box($message, 'alert alert-danger'); // Display the error message in a styled box.
+    echo $OUTPUT->footer(); // Display the page footer.
+    exit; // Stop further execution.
+}
+
+// Retrieve certificate code and verification token from URL parameters.
+// 'optional_param' is used instead of 'required_param' to avoid Moodle throwing an automatic error page.
+$cert_code = optional_param('cert_code', '', PARAM_ALPHANUMEXT);
+$token = optional_param('token', '', PARAM_ALPHANUMEXT);
+
+// Ensure both required parameters are provided.
+if (empty($cert_code) || empty($token)) {
+    display_error_page('Certificate code or verification token is missing. Please check the URL and try again.');
+}
+
+// Validate the provided token by regenerating it using the expected algorithm.
+$expected_token = calculate_signature($cert_code);
+if ($token !== $expected_token) {
+    display_error_page('The verification token is invalid for this certificate. Please check the URL and try again.');
+}
+
+// Retrieve the certificate issue entry using the provided certificate code.
+// This helps fetch the associated user ID to verify ownership.
+$issue = $DB->get_record('customcert_issues', ['code' => $cert_code], '*');
+
+if (!$issue) {
+    display_error_page('The certificate with the provided code could not be found. Please verify the certificate code and try again.');
+}
+
+// Fetch the certificate associated with the retrieved issue.
+// The certificate must be one of the recognized eCard types: 'Cognitive eCard' or 'Completion eCard'.
+$certificate = $DB->get_record_sql("
+    SELECT * FROM {customcert}
+    WHERE id = ? AND name IN ('Cognitive eCard', 'Completion eCard')
+", [$issue->customcertid]);
+
+if (!$certificate) {
+    display_error_page('The certificate type is not valid or does not exist. Please contact the site administrator for assistance.');
+}
+
+// Retrieve the corresponding template for the fetched certificate.
+// The template defines the layout and content of the generated certificate.
+$template = $DB->get_record('customcert_templates', ['id' => $certificate->templateid]);
+if (!$template) {
+    display_error_page('The certificate template could not be found. Please contact the site administrator for assistance.');
+}
+
+try {
+    // Convert the template record into a template object.
+    // This object provides methods to generate and render the certificate.
+    $template = new \mod_customcert\template($template);
+
+    // Generate and output the certificate PDF.
+    // 'false' indicates that the PDF is displayed inline instead of being force-downloaded.
+    // The second parameter ensures the certificate is generated for the correct user.
+    $template->generate_pdf(false, $issue->userid);
+} catch (Exception $e) {
+    // Catch any errors that may occur while generating the certificate PDF.
+    display_error_page('There was an error generating the certificate PDF. Please try again later or contact support if the problem persists.');
+}
+
+// Prevent further execution after rendering the certificate.
+exit;

Original file line number	Diff line number	Diff line change
`@@ -298,21 +298,23 @@ function xmldb_customcert_upgrade($oldversion) {`
`298`	`298`	`upgrade_mod_savepoint(true, 2024042205, 'customcert');`
`299`	`299`	`}`
`300`	`300`
	`301`	`+ // Drop the unique index on 'code' and add a non-unique one.`
`301`	`302`	`if ($oldversion < 2024042210) {`
`302`	`303`	`$table = new xmldb_table('customcert_issues');`
`303`		`- $index = new xmldb_index('code', XMLDB_INDEX_UNIQUE, ['code']);`
`304`	`304`
	`305`	`+ // Drop existing unique index if it exists.`
	`306`	`+ $index = new xmldb_index('code', XMLDB_INDEX_UNIQUE, ['code']);`
`305`	`307`	`if ($dbman->index_exists($table, $index)) {`
`306`	`308`	`$dbman->drop_index($table, $index);`
`307`	`309`	`}`
`308`	`310`
	`311`	`+ // Add non-unique index.`
`309`	`312`	`$index = new xmldb_index('code', XMLDB_INDEX_NOTUNIQUE, ['code']);`
`310`		`-`
`311`	`313`	`if (!$dbman->index_exists($table, $index)) {`
`312`	`314`	`$dbman->add_index($table, $index);`
`313`	`315`	`}`
`314`	`316`
`315`		`- // Update the plugin version in the database.`
	`317`	`+ // Save the upgrade step.`
`316`	`318`	`upgrade_plugin_savepoint(true, 2024042210, 'mod', 'customcert');`
`317`	`319`	`}`
`318`	`320`
Original file line number	Diff line number	Diff line change
`@@ -158,8 +158,7 @@ public function render($pdf, $preview, $user) {`
`158`	`158`	`$context = \context::instance_by_id($issue->contextid);`
`159`	`159`
`160`	`160`	`$urlparams = [`
`161`		`- 'code' => $code,`
`162`		`- 'qrcode' => 1,`
	`161`	`+ 'certId' => $code,`
`163`	`162`	`];`
`164`	`163`
`165`	`164`	`// We only add the 'contextid' to the link if the site setting for verifying all certificates is off,`
`@@ -173,7 +172,7 @@ public function render($pdf, $preview, $user) {`
`173`	`172`	`$urlparams['contextid'] = $issue->contextid;`
`174`	`173`	`}`
`175`	`174`
`176`		`- $qrcodeurl = new \moodle_url('/mod/customcert/verify_certificate.php', $urlparams);`
	`175`	`+ $qrcodeurl = new \moodle_url('https://app.pacificmedicaltraining.com/verify', $urlparams);`
`177`	`176`	`$qrcodeurl = $qrcodeurl->out(false);`
`178`	`177`	`}`
`179`	`178`
Original file line number	Diff line number	Diff line change
`@@ -85,10 +85,10 @@`
`85`	`85`	`'customcert/codegenerationmethod',`
`86`	`86`	`get_string('codegenerationmethod', 'customcert'),`
`87`	`87`	`get_string('codegenerationmethod_desc', 'customcert'),`
`88`		`- 0, // Default option (0 = Upper/lower/digits random string method).`
	`88`	`+ 0, // Default option (0 = Upper/lower/digits random string method)`
`89`	`89`	`[`
`90`		`- 0 => get_string('codegenerationmethod_upperlowerdigits', 'customcert'), // Upper/lower/digits random string.`
`91`		`- 1 => get_string('codegenerationmethod_digitshyphens', 'customcert'), // Digits with hyphens numeric code.`
	`90`	`+ 0 => get_string('Upper/lower/digits', 'customcert'), // Upper/lower/digits random string`
	`91`	`+ 1 => get_string('digits-with-hyphens', 'customcert') // Digits with hyphens numeric code`
`92`	`92`	`]`
`93`	`93`	`));`
`94`	`94`