From c730f9f701c75a3d51619c7810cae4e11ea9b283 Mon Sep 17 00:00:00 2001
From: Dan Marsden <dan@danmarsden.com>
Date: Thu, 3 Sep 2020 11:33:47 +1200
Subject: [PATCH] require login before pass check.

---
 attendance.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/attendance.php b/attendance.php
index 153e971..b7f5594 100644
--- a/attendance.php
+++ b/attendance.php
@@ -38,6 +38,9 @@ $attendance = $DB->get_record('attendance', array('id' => $attforsession->attend
 $cm = get_coursemodule_from_instance('attendance', $attendance->id, 0, false, MUST_EXIST);
 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
 
+// Require the user is logged in.
+require_login($course, true, $cm);
+
 // If the randomised code is on grab it.
 if ($attforsession->rotateqrcode == 1) {
     $cookiename = 'attendance_'.$attforsession->id;
@@ -54,7 +57,7 @@ if ($attforsession->rotateqrcode == 1) {
     } else {
         // Check password.
         $sql = 'SELECT * FROM {attendance_rotate_passwords}'.
-                ' WHERE attendanceid = ? AND expirytime > ? ORDER BY expirytime ASC LIMIT 2';
+            ' WHERE attendanceid = ? AND expirytime > ? ORDER BY expirytime ASC LIMIT 2';
         $qrpassdatabase = $DB->get_records_sql($sql, ['attendanceid' => $id, time() - $attconfig->rotateqrcodeexpirymargin]);
 
         $qrpassflag = false;
@@ -75,9 +78,6 @@ if ($attforsession->rotateqrcode == 1) {
     }
 }
 
-// Require the user is logged in.
-require_login($course, true, $cm);
-
 list($canmark, $reason) = attendance_can_student_mark($attforsession);
 if (!$canmark) {
     redirect(new moodle_url('/mod/attendance/view.php', array('id' => $cm->id)), get_string($reason, 'attendance'));