I'm testing this module for my e-learning website. The link to the player on a node (with pop-up display selected) can be distributed and anyone can access the course player through this link - not good for me as the website may be selling e-courses.

Probably, the link can be encrypted in some way so that only authorized users can access it through the node only.

Comments

dirk.westrup’s picture

Assigned: Unassigned » dirk.westrup

We will check this. The link should only be accessible to authorized persons. Perhaps we will implement both, so that administrators can choose if the scorm content can be accessed by all or only by authorized persons.

pgerling’s picture

Assigned: dirk.westrup » pgerling
pgerling’s picture

Status: Active » Needs review

With beta13, only user who are logged in and have got the permission "use scorm" are allowed to view scorm content. This is done by inserting php source into the .htm/html file of the scorm content. You have to add ".htm/.html" to the files your webserver processes as php.

vegardjo’s picture

Version: 6.x-1.0-beta12 » 6.x-1.0-beta13
Status: Needs review » Needs work

This isn't working, first of all as the two places 'use scorm' is called (line 2984 and 2987 in SCORM.module) are commented out, and also I don't see the code which should insert php in the htm/html files. Could it be that the changes were not committed?

Anyways, dare I say that this strikes me as a bit risky and not very Drupal-y approach to solving the problem? :)

Many people would not want html files parsed as php, and I also imagine changing / setting the $base_url in settings.php could cause conflicts..?

The core issue here seems to be that the files directory by default is public, but you can set this to private in /admin/settings/file-system. With the correct settings here you would not be able to download the files unless Drupal grants you access to it. Also, you could enable the "content permissions" module bundled with CCK which gives you "view" and "edit" permissions per field type you have..

pgerling’s picture

Status: Needs work » Fixed

It seems like CVS still does not like me - I messed up the last commit. I added a checkbox to the settings to allow site administrators to choose if they want to use this feature or not - if someone does not want to use this "non Drupal-y approach" it wont be any problem to disable it.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.