/** * Saves a message attachment files * @param array $_FILES['name'] * @param string a comment about the uploaded file * @param int message id * @param int receiver user id (optional) * @param int sender user id (optional) * @param int group id (optional) * @return void */ public static function save_message_attachment_file($file_attach, $file_comment, $message_id, $receiver_user_id = 0, $sender_user_id = 0, $group_id = 0) { $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($file_attach['name']), $file_attach['type']); // user's file name $file_name = $file_attach['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); if (!empty($receiver_user_id)) { $message_user_id = $receiver_user_id; } else { $message_user_id = $sender_user_id; } // User-reserved directory where photos have to be placed. if (!empty($group_id)) { $path_user_info = GroupPortalManager::get_group_picture_path_by_id($group_id, 'system', true); } else { $path_user_info = UserManager::get_user_picture_path_by_id($message_user_id, 'system', true); } $path_message_attach = $path_user_info['dir'] . 'message_attachments/'; // If this directory does not exist - we create it. if (!file_exists($path_message_attach)) { @mkdir($path_message_attach, api_get_permissions_for_new_directories(), true); } $new_path = $path_message_attach . $new_file_name; if (is_uploaded_file($file_attach['tmp_name'])) { @copy($file_attach['tmp_name'], $new_path); } $safe_file_comment = Database::escape_string($file_comment); $safe_file_name = Database::escape_string($file_name); $safe_new_file_name = Database::escape_string($new_file_name); // Storing the attachments if any $sql = "INSERT INTO {$tbl_message_attach}(filename,comment, path,message_id,size)\n\t\t\t\t VALUES ('{$safe_file_name}', '{$safe_file_comment}', '{$safe_new_file_name}' , '{$message_id}', '" . $file_attach['size'] . "' )"; Database::query($sql); } }
function SanitizeFileName($sNewFileName, $sMimeType = null) { global $Config; if (empty($sMimeType)) { $sNewFileName = stripslashes($sNewFileName); } else { $sNewFileName = add_ext_on_mime(stripslashes($sNewFileName), $sMimeType); } // Replace dots in the name with underscores (only one dot can be there... security issue). if ($Config['ForceSingleExtension']) { $sNewFileName = preg_replace('/\\.(?![^.]*$)/', '_', $sNewFileName); } // Remove \ / | : ? * " < > //$sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ; $sNewFileName = replace_dangerous_char($sNewFileName, 'strict'); $sNewFileName = php2phps($sNewFileName); return $sNewFileName; }
$_course = api_get_course_info(); $currentCourseRepositorySys = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/'; $succeed = false; if ($form->validate()) { if ($student_can_edit_in_session && $check) { // Check the token inserted into the form if (isset($_POST['submitWork'])) { $url = null; $contains_file = 0; $title = isset($_POST['title']) ? $_POST['title'] : null; $description = isset($_POST['description']) ? $_POST['description'] : null; if ($_POST['contains_file'] && !empty($_FILES['file']['size'])) { $updir = $currentCourseRepositorySys . 'work/'; //directory path to upload // Try to add an extension to the file if it has'nt one $new_file_name = add_ext_on_mime(stripslashes($_FILES['file']['name']), $_FILES['file']['type']); // Replace dangerous characters $new_file_name = replace_dangerous_char($new_file_name, 'strict'); // Transform any .php file in .phps fo security $new_file_name = php2phps($new_file_name); $filesize = filesize($_FILES['file']['tmp_name']); if (empty($filesize)) { $error_message .= Display::return_message(get_lang('UplUploadFailedSizeIsZero'), 'error'); $succeed = false; } elseif (!filter_extension($new_file_name)) { //filter extension $error_message .= Display::return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error'); $succeed = false; } if (!$title) { $title = $_FILES['file']['name'];
/** * * @author Hugues Peeters <*****@*****.**> * * @param array $uploaded_file - follows the $_FILES Structure * @param string $base_work_dir - base working directory of the module * @param string $upload_path - destination of the upload. * This path is to append to $base_work_dir * @param int $max_filled_space - amount of bytes to not exceed in the base * working directory * * @return boolean true if it succeds, false otherwise */ function treat_uploaded_file($uploaded_file, $base_work_dir, $upload_path, $max_filled_space, $uncompress = '') { $uploaded_file['name'] = stripslashes($uploaded_file['name']); if (!enough_size($uploaded_file['size'], $base_work_dir, $max_filled_space)) { return api_failure::set_failure('not_enough_space'); } if ($uncompress == 'unzip' && preg_match('/.zip$/', strtolower($uploaded_file['name']))) { return unzip_uploaded_file($uploaded_file, $upload_path, $base_work_dir, $max_filled_space); } else { $file_name = trim($uploaded_file['name']); // CHECK FOR NO DESIRED CHARACTERS $file_name = api_replace_dangerous_char($file_name, 'strict'); // TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION $file_name = add_ext_on_mime($file_name, $uploaded_file['type']); // HANDLE PHP FILES $file_name = $file_name; // COPY THE FILE TO THE DESIRED DESTINATION if (move_uploaded_file($uploaded_file['tmp_name'], $base_work_dir . $upload_path . '/' . $file_name)) { set_default_settings($upload_path, $file_name); } return true; } }
/** * Saves a message attachment files * @param array $file_attach $_FILES['name'] * @param string a comment about the uploaded file * @param int message id * @param int receiver user id (optional) * @param int sender user id (optional) * @param int group id (optional) * @return void */ public static function save_message_attachment_file($file_attach, $file_comment, $message_id, $receiver_user_id = 0, $sender_user_id = 0, $group_id = 0) { $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($file_attach['name']), $file_attach['type']); // user's file name $file_name = $file_attach['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); if (!empty($receiver_user_id)) { $message_user_id = $receiver_user_id; } else { $message_user_id = $sender_user_id; } // User-reserved directory where photos have to be placed.* $userGroup = new UserGroup(); if (!empty($group_id)) { $path_user_info = $userGroup->get_group_picture_path_by_id($group_id, 'system', true); } else { $path_user_info['dir'] = UserManager::getUserPathById($message_user_id, 'system'); } $path_message_attach = $path_user_info['dir'] . 'message_attachments/'; // If this directory does not exist - we create it. if (!file_exists($path_message_attach)) { @mkdir($path_message_attach, api_get_permissions_for_new_directories(), true); } $new_path = $path_message_attach . $new_file_name; if (is_uploaded_file($file_attach['tmp_name'])) { @copy($file_attach['tmp_name'], $new_path); } // Storing the attachments if any $params = ['filename' => $file_name, 'comment' => $file_comment, 'path' => $new_file_name, 'message_id' => $message_id, 'size' => $file_attach['size']]; Database::insert($tbl_message_attach, $params); } }
$vis = $result->visible; Database::get()->query("DELETE FROM document WHERE\n {$group_sql} AND\n path = ?s", $file_path); } else { $error = $langFileExists; } } } if ($error) { $action_message .= "<div class='alert alert-danger'>{$error}</div><br>"; } elseif ($uploaded) { // No errors, so proceed with upload // File date is current date $file_date = date("Y\\-m\\-d G\\:i\\:s"); // Try to add an extension to files witout extension, // change extension of PHP files $fileName = php2phps(add_ext_on_mime($fileName)); // File name used in file system and path field $safe_fileName = safe_filename(get_file_extension($fileName)); if ($uploadPath == '.') { $file_path = '/' . $safe_fileName; } else { $file_path = $uploadPath . '/' . $safe_fileName; } if ($extra_path or isset($userFile) and @copy($userFile, $basedir . $file_path)) { $vis = 1; $file_format = get_file_extension($fileName); $id = Database::get()->query("INSERT INTO document SET\n course_id = ?d,\n subsystem = ?d,\n subsystem_id = ?d,\n path = ?s,\n extra_path = ?s,\n filename = ?s,\n visible = ?d,\n comment = ?s,\n category = ?d,\n title = ?s,\n creator = ?s,\n date = ?t,\n date_modified = ?t,\n subject = ?s,\n description = ?s,\n author = ?s,\n format = ?s,\n language = ?s,\n copyrighted = ?d", $course_id, $subsystem, $subsystem_id, $file_path, $extra_path, $fileName, $vis, $_POST['file_comment'], $_POST['file_category'], $_POST['file_title'], $_POST['file_creator'], $file_date, $file_date, $_POST['file_subject'], $_POST['file_description'], $_POST['file_author'], $file_format, $_POST['file_language'], $_POST['file_copyrighted'])->lastInsertID; Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $id); // Logging Log::record($course_id, MODULE_ID_DOCS, LOG_INSERT, array('id' => $id, 'filepath' => $file_path, 'filename' => $fileName, 'comment' => $_POST['file_comment'], 'title' => $_POST['file_title'])); Session::Messages($langDownloadEnd, 'alert-success');
/** * @return array|null|string */ function store_add_dropbox() { $_course = api_get_course_info(); $_user = api_get_user_info(); $dropbox_cnf = getDropboxConf(); // Validating the form data // there are no recipients selected if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) { return get_lang('YouMustSelectAtLeastOneDestinee'); } else { // Check if all the recipients are valid $thisIsAMailing = false; $thisIsJustUpload = false; foreach ($_POST['recipients'] as $rec) { if ($rec == 'mailing') { $thisIsAMailing = true; } elseif ($rec == 'upload') { $thisIsJustUpload = true; } elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) { return get_lang('InvalideUserDetected'); } elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) { return get_lang('InvalideGroupDetected'); } } } // we are doing a mailing but an additional recipient is selected if ($thisIsAMailing && count($_POST['recipients']) != 1) { return get_lang('MailingSelectNoOther'); } // we are doing a just upload but an additional recipient is selected. // note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails) if ($thisIsJustUpload && count($_POST['recipients']) != 1) { return get_lang('MailingJustUploadSelectNoOther'); } if (empty($_FILES['file']['name'])) { $error = true; return get_lang('NoFileSpecified'); } // are we overwriting a previous file or sending a new one $dropbox_overwrite = false; if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) { $dropbox_overwrite = true; } // doing the upload $dropbox_filename = $_FILES['file']['name']; $dropbox_filesize = $_FILES['file']['size']; $dropbox_filetype = $_FILES['file']['type']; $dropbox_filetmpname = $_FILES['file']['tmp_name']; // check if the filesize does not exceed the allowed size. if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) { return get_lang('DropboxFileTooBig'); // TODO: The "too big" message does not fit in the case of uploading zero-sized file. } // check if the file is actually uploaded if (!is_uploaded_file($dropbox_filetmpname)) { // check user fraud : no clean error msg. return get_lang('TheFileIsNotUploaded'); } $upload_ok = process_uploaded_file($_FILES['file'], true); if (!$upload_ok) { return null; } // Try to add an extension to the file if it hasn't got one $dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype); // Replace dangerous characters $dropbox_filename = replace_dangerous_char($dropbox_filename); // Transform any .php file in .phps fo security $dropbox_filename = php2phps($dropbox_filename); //filter extension if (!filter_extension($dropbox_filename)) { return get_lang('UplUnableToSaveFileFilteredExtension'); } // set title $dropbox_title = $dropbox_filename; // set author if (!isset($_POST['authors'])) { $_POST['authors'] = getUserNameFromId($_user['user_id']); } // note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload if ($dropbox_overwrite) { $dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor()); foreach ($dropbox_person->sentWork as $w) { if ($w->title == $dropbox_filename) { if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) { return get_lang('MailingNonMailingError'); } if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) { return get_lang('MailingJustUploadSelectNoOther'); } $dropbox_filename = $w->filename; $found = true; // note: do we still need this? break; } } } else { // rename file to login_filename_uniqueId format $dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid(''); } // creating the array that contains all the users who will receive the file $new_work_recipients = array(); foreach ($_POST['recipients'] as $rec) { if (strpos($rec, 'user_') === 0) { $new_work_recipients[] = substr($rec, strlen('user_')); } elseif (strpos($rec, 'group_') === 0) { $userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_'))); foreach ($userList as $usr) { if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) { $new_work_recipients[] = $usr['user_id']; } } } } @move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename); $b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox'); if ($b_send_mail) { foreach ($new_work_recipients as $recipient_id) { $recipent_temp = UserManager::get_user_info_by_id($recipient_id); $additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']); api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters); } } new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients); Security::clear_token(); return get_lang('FileUploadSucces'); }
/** * This function edits an attachment file into a forum * @param string $file_comment a comment about file * @param int $post_id * @param int $id_attach attachment file Id * @return void */ function edit_forum_attachment_file($file_comment, $post_id, $id_attach) { $_course = api_get_course_info(); $table_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT); $course_id = api_get_course_int_id(); $fileCount = count($_FILES['user_upload']['name']); $filesData = []; if (!is_array($_FILES['user_upload']['name'])) { $filesData[] = $_FILES['user_upload']; } else { $fileKeys = array_keys($_FILES['user_upload']); for ($i = 0; $i < $fileCount; $i++) { foreach ($fileKeys as $key) { $filesData[$i][$key] = $_FILES['user_upload'][$key][$i]; } } } foreach ($filesData as $attachment) { if (empty($attachment['name'])) { continue; } $upload_ok = process_uploaded_file($attachment); if (!$upload_ok) { continue; } $course_dir = $_course['path'] . '/upload/forum'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $course_dir; // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($attachment['name']), $attachment['type']); // User's file name $file_name = $attachment['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir . '/' . $new_file_name; $result = @move_uploaded_file($attachment['tmp_name'], $new_path); $safe_file_comment = Database::escape_string($file_comment); $safe_file_name = Database::escape_string($file_name); $safe_new_file_name = Database::escape_string($new_file_name); $safe_post_id = (int) $post_id; $safe_id_attach = (int) $id_attach; // Storing the attachments if any. if ($result) { $sql = "UPDATE {$table_forum_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', post_id = '{$safe_post_id}', size ='" . $attachment['size'] . "'\n WHERE c_id = {$course_id} AND id = '{$safe_id_attach}'"; Database::query($sql); api_item_property_update($_course, TOOL_FORUM_ATTACH, $safe_id_attach, 'ForumAttachmentUpdated', api_get_user_id()); } } } }
if (!$error) { $dropbox_filename = $_FILES['file']['name']; $dropbox_filesize = $_FILES['file']['size']; $dropbox_filetype = $_FILES['file']['type']; $dropbox_filetmpname = $_FILES['file']['tmp_name']; if ($dropbox_filesize <= 0 || $dropbox_filesize > dropbox_cnf('maxFilesize')) { $errormsg = get_lang('TooBig'); // TODO: The "too big" message does not fit in the case of uploading zero-sized file. $error = true; } elseif (!is_uploaded_file($dropbox_filetmpname)) { // check user fraud : no clean error msg. die(get_lang('BadFormData') . ' (code 403)'); } if (!$error) { // Try to add an extension to the file if it hasn't got one $dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype); // Replace dangerous characters $dropbox_filename = api_replace_dangerous_char($dropbox_filename); // Transform any .php file in .phps fo security $dropbox_filename = php2phps($dropbox_filename); if (!filter_extension($dropbox_filename)) { $error = true; $errormsg = get_lang('UplUnableToSaveFileFilteredExtension'); } else { // set title $dropbox_title = $dropbox_filename; // set author if ($_POST['authors'] == '') { $_POST['authors'] = getUserNameFromId($_user['user_id']); } if ($dropbox_overwrite) {
/** * This function edit a attachment file into announcement * @param int attach id * @param array uploaded file $_FILES * @param string file comment * @return int */ public static function edit_announcement_attachment_file($id_attach, $file, $file_comment) { $_course = api_get_course_info(); $tbl_announcement_attachment = Database::get_course_table(TABLE_ANNOUNCEMENT_ATTACHMENT); $return = 0; $course_id = api_get_course_int_id(); if (is_array($file) && $file['error'] == 0) { // TODO: This path is obsolete. The new document repository scheme should be kept in mind here. $courseDir = $_course['path'] . '/upload/announcements'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($file['name']), $file['type']); // user's file name $file_name = $file['name']; if (!filter_extension($new_file_name)) { $return - 1; Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir . '/' . $new_file_name; @move_uploaded_file($file['tmp_name'], $new_path); $safe_file_comment = Database::escape_string($file_comment); $safe_file_name = Database::escape_string($file_name); $safe_new_file_name = Database::escape_string($new_file_name); $id_attach = intval($id_attach); $sql = "UPDATE {$tbl_announcement_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', size ='" . intval($file['size']) . "'\n\t\t\t\t\t \tWHERE c_id = {$course_id} AND id = '{$id_attach}'"; $result = Database::query($sql); if ($result === false) { $return = -1; Display::display_error_message(get_lang('UplUnableToSaveFile')); } else { $return = 1; } } } return $return; }
/** * Uploads an author image to the upload/learning_path/images directory * @param array The image array, coming from the $_FILES superglobal * @return boolean True on success, false on error */ public function upload_image($image_array) { $image_moved = false; if (!empty($image_array['name'])) { $upload_ok = process_uploaded_file($image_array); $has_attachment = true; } else { $image_moved = true; } if ($upload_ok) { if ($has_attachment) { $courseDir = api_get_course_path() . '/upload/learning_path/images'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']); if (!filter_extension($new_file_name)) { //Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); $image_moved = false; } else { $file_extension = explode('.', $image_array['name']); $file_extension = strtolower($file_extension[sizeof($file_extension) - 1]); $filename = uniqid(''); $new_file_name = $filename . '.' . $file_extension; $new_path = $updir . '/' . $new_file_name; // Resize the image. $temp = new Image($image_array['tmp_name']); $picture_infos = $temp->get_image_info(); if ($picture_infos['width'] > 104) { $thumbwidth = 104; } else { $thumbwidth = $picture_infos['width']; } if ($picture_infos['height'] > 96) { $new_height = 96; } else { $new_height = $picture_infos['height']; } $temp->resize($thumbwidth, $new_height, 0); $result = $temp->send_image($new_path); // Storing the image filename. if ($result) { $image_moved = true; $this->set_preview_image($new_file_name); //Resize to 64px to use on course homepage $temp->resize(64, 64, 0); $temp->send_image($updir . '/' . $filename . '.64.' . $file_extension); return true; } } } } return false; }
/** * Add (or edit) a template. This function displays the form and also takes care of uploading the image and storing the information in the database * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version August 2008 * @since Dokeos 1.8.6 */ function add_edit_template() { // initiate the object $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . $_GET['action'] . '&id=' . $_GET['id']); // settting the form elements: the header if ($_GET['action'] == 'add') { $title = get_lang('AddTemplate'); } else { $title = get_lang('EditTemplate'); } $form->addElement('header', '', $title); // settting the form elements: the title of the template $form->add_textfield('title', get_lang('Title'), false); // settting the form elements: the content of the template (wysiwyg editor) $form->addElement('html_editor', 'template_text', get_lang('Text')); // settting the form elements: the form to upload an image to be used with the template $form->addElement('file', 'template_image', get_lang('Image'), ''); // settting the form elements: a little bit information about the template image $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70')); // getting all the information of the template when editing a template if ($_GET['action'] == 'edit') { // Database table definition $table_system_template = Database::get_main_table('system_template'); $sql = "SELECT * FROM {$table_system_template} WHERE id = '" . Database::escape_string($_GET['id']) . "'"; $result = api_sql_query($sql, __FILE__, __LINE__); $row = Database::fetch_array($result); $defaults['template_id'] = $_GET['id']; $defaults['template_text'] = $row['content']; $defaults['title'] = $row['title']; // adding an extra field: a hidden field with the id of the template we are editing $form->addElement('hidden', 'template_id'); // adding an extrra field: a preview of the image that is currently used if (!empty($row['image'])) { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>'); } else { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>'); } // setting the information of the template that we are editing $form->setDefaults($defaults); } // settting the form elements: the submit button $form->addElement('style_submit_button', 'submit', get_lang('Ok'), 'class="save"'); // setting the rules: the required fields $form->addRule('title', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('template_text', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required'); // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed) if ($form->validate()) { // exporting the values $values = $form->exportValues(); // upload the file if (!empty($_FILES['template_image']['name'])) { include_once api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php'; $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // upload dir $upload_dir = api_get_path(SYS_PATH) . 'home/default_platform_document/'; // create dir if not exists if (!is_dir($upload_dir)) { $perm = api_get_setting('permissions_for_new_directories'); $perm = octdec(!empty($perm) ? $perm : '0770'); $res = @mkdir($upload_dir, $perm); } // resize image to max default and upload require_once api_get_path(LIBRARY_PATH) . 'image.lib.php'; $temp = new image($_FILES['template_image']['tmp_name']); $picture_infos = @getimagesize($_FILES['template_image']['tmp_name']); $max_width_for_picture = 100; if ($picture_infos[0] > $max_width_for_picture) { $thumbwidth = $max_width_for_picture; if (empty($thumbwidth) or $thumbwidth == 0) { $thumbwidth = $max_width_for_picture; } $new_height = round($thumbwidth / $picture_infos[0] * $picture_infos[1]); $temp->resize($thumbwidth, $new_height, 0); } $type = $picture_infos[2]; switch (!empty($type)) { case 2: $temp->send_image('JPG', $upload_dir . $new_file_name); break; case 3: $temp->send_image('PNG', $upload_dir . $new_file_name); break; case 1: $temp->send_image('GIF', $upload_dir . $new_file_name); break; } } } // store the information in the database (as insert or as update) $table_system_template = Database::get_main_table('system_template'); if ($_GET['action'] == 'add') { $sql = "INSERT INTO {$table_system_template} (title, content, image) VALUES ('" . Database::escape_string($values['title']) . "','" . Database::escape_string($values['template_text']) . "','" . Database::escape_string($new_file_name) . "')"; $result = api_sql_query($sql, __FILE__, __LINE__); // display a feedback message Display::display_confirmation_message('TemplateAdded'); echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('add_template.gif', get_lang('AddTemplate')) . get_lang('AddTemplate') . '</a>'; } else { $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "',\n\t\t\t\t\t\t\t\t\t\t\t \t\t content = '" . Database::escape_string($values['template_text']) . "'"; if (!empty($new_file_name)) { $sql .= ", image = '" . Database::escape_string($new_file_name) . "'"; } $sql .= " WHERE id='" . Database::escape_string($_GET['id']) . "'"; $result = api_sql_query($sql, __FILE__, __LINE__); // display a feedback message Display::display_confirmation_message('TemplateEdited'); } display_templates(); } else { // display the form $form->display(); } }
/** * This function edit a attachment file into agenda * @param string a comment about file * @param int Agenda Id * @param int attachment file Id */ function edit_agenda_attachment_file($file_comment, $agenda_id, $id_attach) { global $_course; $agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT); // Storing the attachments if (!empty($_FILES['user_upload']['name'])) { $upload_ok = process_uploaded_file($_FILES['user_upload']); } if (!empty($upload_ok)) { $courseDir = $_course['path'] . '/upload/calendar'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']); // user's file name $file_name = $_FILES['user_upload']['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir . '/' . $new_file_name; $result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path); $safe_file_comment = Database::escape_string($file_comment); $safe_file_name = Database::escape_string($file_name); $safe_new_file_name = Database::escape_string($new_file_name); $safe_agenda_id = intval($agenda_id); $safe_id_attach = intval($id_attach); // Storing the attachments if any if ($result) { $sql = "UPDATE {$agenda_table_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', agenda_id = '{$safe_agenda_id}', size ='" . intval($_FILES['user_upload']['size']) . "'\n\t\t\t\t\t\t WHERE id = '{$safe_id_attach}'"; Database::query($sql); api_item_property_update($_course, 'calendar_event_attachment', $safe_id_attach, 'AgendaAttachmentUpdated', api_get_user_id()); } } } }
/** * Attachment files when a message is sent * @param $file_attach * @param $ticket_id * @param $message_id * @param $message_attch_id * @return array */ public static function save_message_attachment_file( $file_attach, $ticket_id, $message_id, $message_attch_id ) { $now = api_get_utc_datetime(); $user_id = api_get_user_id(); $ticket_id = intval($ticket_id); $new_file_name = add_ext_on_mime( stripslashes($file_attach['name']), $file_attach['type'] ); $file_name = $file_attach['name']; $table_support_message_attachments = Database::get_main_table(TABLE_TICKET_MESSAGE_ATTACHMENTS); if (!filter_extension($new_file_name)) { Display :: display_error_message( get_lang('UplUnableToSaveFileFilteredExtension') ); } else { $new_file_name = uniqid(''); $path_attachment = api_get_path(SYS_ARCHIVE_PATH); $path_message_attach = $path_attachment . 'plugin_ticket_messageattch/'; if (!file_exists($path_message_attach)) { @mkdir($path_message_attach, api_get_permissions_for_new_directories(), true); } $new_path = $path_message_attach . $new_file_name; if (is_uploaded_file($file_attach['tmp_name'])) { $result = @copy($file_attach['tmp_name'], $new_path); } $safe_file_name = Database::escape_string($file_name); $safe_new_file_name = Database::escape_string($new_file_name); $sql = "INSERT INTO $table_support_message_attachments ( filename, path, ticket_id, message_id, message_attch_id, size, sys_insert_user_id, sys_insert_datetime, sys_lastedit_user_id, sys_lastedit_datetime ) VALUES ( '$safe_file_name', '$safe_new_file_name', '$ticket_id', '$message_id', '$message_attch_id', '" . $file_attach['size'] . "', '$user_id', '$now', '$user_id', '$now' )"; Database::query($sql); return array( 'path' => $path_message_attach . $safe_new_file_name, 'filename' => $safe_file_name ); } }
/** * Uploads the nanogong wav file * @param bool */ public function upload_file($is_nano = false) { if (!empty($_FILES)) { $upload_ok = process_uploaded_file($_FILES['file'], false); if (!is_uploaded_file($_FILES['file']['tmp_name'])) { return 0; } if ($upload_ok) { // Check if there is enough space to save the file if (!DocumentManager::enough_space($_FILES['file']['size'], DocumentManager::get_course_quota())) { return 0; } //first we delete everything before uploading the file $this->delete_files(); //Reload the filename variable $file_name = add_ext_on_mime($_FILES['file']['name'], $_FILES['file']['type']); $file_name = strtolower($file_name); $file_info = pathinfo($file_name); if ($is_nano == true) { $file_info['extension'] = 'wav'; } $file_name = $this->filename . '.' . $file_info['extension']; if (in_array($file_info['extension'], $this->available_extensions)) { if (move_uploaded_file($_FILES['file']['tmp_name'], $this->store_path . $file_name)) { $this->store_filename = $this->store_path . $file_name; return 1; } } } } return 0; }
<hr> '; } elseif (isset($_GET['add_as_template']) && isset($_POST['create_template'])) { $document_id_for_template = intval($_GET['add_as_template']); $title = Security::remove_XSS($_POST['template_title']); $user_id = api_get_user_id(); // Create the template_thumbnails folder in the upload folder (if needed) if (!is_dir(api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/')) { @mkdir(api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/', api_get_permissions_for_new_directories()); } // Upload the file if (!empty($_FILES['template_image']['name'])) { $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one $new_file_name = $courseInfo['code'] . '-' . add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // Upload dir $upload_dir = api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/'; // Resize image to max default and end upload $temp = new Image($_FILES['template_image']['tmp_name']); $picture_info = $temp->get_image_info(); $max_width_for_picture = 100; if ($picture_info['width'] > $max_width_for_picture) { $temp->resize($max_width_for_picture); } $temp->send_image($upload_dir . $new_file_name); } } DocumentManager::set_document_as_template($title, '', $document_id_for_template, $course_code, $user_id, $new_file_name); Display::addFlash(Display::return_message(get_lang('DocumentSetAsTemplate'), 'confirmation')); }
if (count($lp_items_to_remove_audio) > 0) { $sql = "UPDATE {$tbl_lp_item} SET audio = '' WHERE c_id = {$course_id} AND id IN (" . $in . ")"; $result = Database::query($sql); } // Uploading the audio files. foreach ($_FILES as $key => $value) { if (substr($key, 0, 7) == 'mp3file' and !empty($_FILES[$key]['tmp_name'])) { // The id of the learning path item. $lp_item_id = str_ireplace('mp3file', '', $key); // Create the audio folder if it does not exist yet. DocumentManager::createDefaultAudioFolder($_course); // Check if file already exits into document/audio/ $file_name = $_FILES[$key]['name']; $file_name = stripslashes($file_name); // Add extension to files without one (if possible). $file_name = add_ext_on_mime($file_name, $_FILES[$key]['type']); $clean_name = api_replace_dangerous_char($file_name); // No "dangerous" files. $clean_name = disable_dangerous_file($clean_name); $check_file_path = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document/audio/' . $clean_name; // If the file exists we generate a new name. if (file_exists($check_file_path)) { $filename_components = explode('.', $clean_name); // Gettting the extension of the file. $file_extension = $filename_components[count($filename_components) - 1]; // Adding something random to prevent overwriting. $filename_components[count($filename_components) - 1] = time(); // Reconstructing the new filename. $clean_name = implode($filename_components) . '.' . $file_extension; // Using the new name in the $_FILES superglobal. $_FILES[$key]['name'] = $clean_name;
/** * Add an attachment file into agenda * @param int $eventId * @param array $fileUserUpload ($_FILES['user_upload']) * @param string comment about file * @param array $courseInfo * @return string */ public function addAttachment($eventId, $fileUserUpload, $comment, $courseInfo) { $agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT); $eventId = intval($eventId); // Storing the attachments $upload_ok = false; if (!empty($fileUserUpload['name'])) { $upload_ok = process_uploaded_file($fileUserUpload); } if (!empty($upload_ok)) { $courseDir = $courseInfo['directory'] . '/upload/calendar'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $uploadDir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($fileUserUpload['name']), $fileUserUpload['type']); // user's file name $file_name = $fileUserUpload['name']; if (!filter_extension($new_file_name)) { return Display::return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error'); } else { $new_file_name = uniqid(''); $new_path = $uploadDir . '/' . $new_file_name; $result = @move_uploaded_file($fileUserUpload['tmp_name'], $new_path); $course_id = api_get_course_int_id(); $size = intval($fileUserUpload['size']); // Storing the attachments if any if ($result) { $params = ['c_id' => $course_id, 'filename' => $file_name, 'comment' => $comment, 'path' => $new_file_name, 'agenda_id' => $eventId, 'size' => $size]; $id = Database::insert($agenda_table_attachment, $params); if ($id) { $sql = "UPDATE {$agenda_table_attachment}\n SET id = iid WHERE iid = {$id}"; Database::query($sql); api_item_property_update($courseInfo, 'calendar_event_attachment', $id, 'AgendaAttachmentAdded', api_get_user_id()); } } } } }
/** * @param array $my_folder_data * @param array $_course * @return array */ function uploadWork($my_folder_data, $_course) { if (empty($_FILES['file']['size'])) { return array('error' => Display :: return_message(get_lang('UplUploadFailedSizeIsZero'), 'error')); } $updir = api_get_path(SYS_COURSE_PATH).$_course['path'].'/work/'; //directory path to upload // Try to add an extension to the file if it has'nt one $filename = add_ext_on_mime(stripslashes($_FILES['file']['name']), $_FILES['file']['type']); // Replace dangerous characters $filename = replace_dangerous_char($filename, 'strict'); // Transform any .php file in .phps fo security $filename = php2phps($filename); $filesize = filesize($_FILES['file']['tmp_name']); if (empty($filesize)) { return array('error' => Display :: return_message(get_lang('UplUploadFailedSizeIsZero'), 'error')); } elseif (!filter_extension($new_file_name)) { return array('error' => Display :: return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error')); } $totalSpace = DocumentManager::documents_total_space($_course['real_id']); $course_max_space = DocumentManager::get_course_quota($_course['code']); $total_size = $filesize + $totalSpace; if ($total_size > $course_max_space) { return array( 'error' => Display :: return_message(get_lang('NoSpace'), 'error') ); } // Compose a unique file name to avoid any conflict $new_file_name = api_get_unique_id(); $curdirpath = basename($my_folder_data['url']); // If we come from the group tools the groupid will be saved in $work_table if (is_dir($updir.$curdirpath) || empty($curdirpath)) { $result = move_uploaded_file( $_FILES['file']['tmp_name'], $updir.$curdirpath.'/'.$new_file_name ); } else { return array( 'error' => Display :: return_message( get_lang('FolderDoesntExistsInFileSystem'), 'error' ) ); } $url = null; if ($result) { $url = 'work/'.$curdirpath.'/'.$new_file_name; } return array( 'url' => $url, 'filename' => $filename, 'error' => null ); }
/** * Creates a comment on a post in a given blog * @author Toon Keppens * @param String $title * @param String $full_text * @param Integer $blog_id * @param Integer $post_id * @param Integer $parent_id */ public static function create_comment($title, $full_text, $file_comment, $blog_id, $post_id, $parent_id, $task_id = 'NULL') { $_user = api_get_user_info(); $_course = api_get_course_info(); $blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT); $upload_ok = true; $has_attachment = false; $current_date = date('Y-m-d H:i:s', time()); $course_id = api_get_course_int_id(); if (!empty($_FILES['user_upload']['name'])) { $upload_ok = process_uploaded_file($_FILES['user_upload']); $has_attachment = true; } if ($upload_ok) { // Table Definition $tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS); // Create the comment $sql = "INSERT INTO {$tbl_blogs_comments} (c_id, title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id )\n\t\t\t\t\tVALUES ({$course_id}, '" . Database::escape_string($title) . "', '" . Database::escape_string($full_text) . "', '" . (int) $_user['user_id'] . "','" . $current_date . "', '" . (int) $blog_id . "', '" . (int) $post_id . "', '" . (int) $parent_id . "', '" . (int) $task_id . "')"; Database::query($sql); // Empty post values, or they are shown on the page again $last_id = Database::insert_id(); if ($last_id) { $sql = "UPDATE {$tbl_blogs_comments} SET comment_id = iid WHERE iid = {$last_id}"; Database::query($sql); } if ($has_attachment) { $courseDir = $_course['path'] . '/upload/blog'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']); // user's file name $file_name = $_FILES['user_upload']['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir . '/' . $new_file_name; $result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path); $comment = Database::escape_string($file_comment); // Storing the attachments if any if ($result) { $sql = 'INSERT INTO ' . $blog_table_attachment . '(c_id, filename,comment, path, post_id,size,blog_id,comment_id) ' . "VALUES ({$course_id}, '" . Database::escape_string($file_name) . "', '" . $comment . "', '" . Database::escape_string($new_file_name) . "' , '" . $post_id . "', '" . $_FILES['user_upload']['size'] . "', '" . $blog_id . "', '" . $last_id . "' )"; Database::query($sql); $id = Database::insert_id(); if ($id) { $sql = "UPDATE {$blog_table_attachment} SET id = iid WHERE iid = {$id}"; Database::query($sql); } } } } } }
/** * Add (or edit) a template. This function displays the form and also takes * care of uploading the image and storing the information in the database * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version August 2008 * @since Dokeos 1.8.6 */ function add_edit_template() { // Initialize the object. $id = isset($_GET['id']) ? '&id=' . Security::remove_XSS($_GET['id']) : ''; $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . Security::remove_XSS($_GET['action']) . $id); // Setting the form elements: the header. if ($_GET['action'] == 'add') { $title = get_lang('AddTemplate'); } else { $title = get_lang('EditTemplate'); } $form->addElement('header', '', $title); // Setting the form elements: the title of the template. $form->addText('title', get_lang('Title'), false); // Setting the form elements: the content of the template (wysiwyg editor). $form->addHtmlEditor('template_text', get_lang('Text'), false, false, array('ToolbarSet' => 'AdminTemplates', 'Width' => '100%', 'Height' => '400')); // Setting the form elements: the form to upload an image to be used with the template. $form->addElement('file', 'template_image', get_lang('Image'), ''); // Setting the form elements: a little bit information about the template image. $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70')); // Getting all the information of the template when editing a template. if ($_GET['action'] == 'edit') { // Database table definition. $table_system_template = Database::get_main_table('system_template'); $sql = "SELECT * FROM {$table_system_template} WHERE id = " . intval($_GET['id']) . ""; $result = Database::query($sql); $row = Database::fetch_array($result); $defaults['template_id'] = intval($_GET['id']); $defaults['template_text'] = $row['content']; // Forcing get_lang(). $defaults['title'] = get_lang($row['title']); // Adding an extra field: a hidden field with the id of the template we are editing. $form->addElement('hidden', 'template_id'); // Adding an extra field: a preview of the image that is currently used. if (!empty($row['image'])) { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>'); } else { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>'); } // Setting the information of the template that we are editing. $form->setDefaults($defaults); } // Setting the form elements: the submit button. $form->addButtonSave(get_lang('Ok'), 'submit'); // Setting the rules: the required fields. $form->addRule('template_image', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('template_text', get_lang('ThisFieldIsRequired'), 'required'); // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed) if ($form->validate()) { $check = Security::check_token('post'); if ($check) { // Exporting the values. $values = $form->exportValues(); // Upload the file. if (!empty($_FILES['template_image']['name'])) { $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // The upload directory. $upload_dir = api_get_path(SYS_APP_PATH) . 'home/default_platform_document/template_thumb/'; // Create the directory if it does not exist. if (!is_dir($upload_dir)) { mkdir($upload_dir, api_get_permissions_for_new_directories()); } // Resize the preview image to max default and upload. $temp = new Image($_FILES['template_image']['tmp_name']); $picture_info = $temp->get_image_info(); $max_width_for_picture = 100; if ($picture_info['width'] > $max_width_for_picture) { $temp->resize($max_width_for_picture); } $temp->send_image($upload_dir . $new_file_name); } } // Store the information in the database (as insert or as update). $table_system_template = Database::get_main_table('system_template'); if ($_GET['action'] == 'add') { $content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY); $params = ['title' => $values['title'], 'content' => $content_template, 'image' => $new_file_name]; Database::insert($table_system_template, $params); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateAdded')); echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>'; } else { $content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>' . Database::escape_string($values['template_text']) . '</body>'; $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "', content = '" . $content_template . "'"; if (!empty($new_file_name)) { $sql .= ", image = '" . Database::escape_string($new_file_name) . "'"; } $sql .= " WHERE id = " . intval($_GET['id']) . ""; Database::query($sql); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateEdited')); } } Security::clear_token(); display_templates(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); // Display the form. $form->display(); } }
/** * Uploads an author image to the upload/learning_path/images directory * @param array The image array, coming from the $_FILES superglobal * @return boolean True on success, false on error */ function upload_image($image_array) { $image_moved = false; if (!empty($image_array['name'])) { $upload_ok = process_uploaded_file($image_array); $has_attachment = true; } else { $image_moved = true; } if ($upload_ok) { if ($has_attachment) { $courseDir = api_get_course_path() . '/upload/learning_path/images'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']); if (!filter_extension($new_file_name)) { //Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); $image_moved = false; } else { $file_extension = explode('.', $image_array['name']); $file_extension = strtolower($file_extension[sizeof($file_extension) - 1]); $new_file_name = uniqid('') . '.' . $file_extension; $new_path = $updir . '/' . $new_file_name; //$result= @move_uploaded_file($image_array['tmp_name'], $new_path); // resize the image include_once api_get_path(LIBRARY_PATH) . 'image.lib.php'; $temp = new image($image_array['tmp_name']); $picture_infos = @getimagesize($image_array['tmp_name']); // $picture_infos[0]-> width if ($picture_infos[0] > 104) { $thumbwidth = 104; } else { $thumbwidth = $picture_infos[0]; } if ($picture_infos[1] > 96) { $new_height = 96; } else { $new_height = $picture_infos[1]; } //$new_height = round(($thumbwidth/$picture_infos[0])*$picture_infos[1]); $temp->resize($thumbwidth, $new_height, 0); $type = $picture_infos[2]; $result = false; switch ($type) { case 2: $result = $temp->send_image('JPG', $new_path); break; case 3: $result = $temp->send_image('PNG', $new_path); break; case 1: $result = $temp->send_image('GIF', $new_path); break; } $temp->resize($thumbwidth, $new_height, 0); $type = $picture_infos[2]; $result = false; switch ($type) { case 2: $result = $temp->send_image('JPG', $new_path); break; case 3: $result = $temp->send_image('PNG', $new_path); break; case 1: $result = $temp->send_image('GIF', $new_path); break; } // Storing the image filename if ($result) { $image_moved = true; $this->set_preview_image($new_file_name); return true; } } } } return false; }
/** * This function does the save-work for the documents. * It handles the uploaded file and adds the properties to the database * If unzip=1 and the file is a zipfile, it is extracted * If we decide to save ALL kinds of documents in one database, * we could extend this with a $type='document', 'scormdocument',... * * @param array $courseInfo * @param array $uploadedFile ($_FILES) * array( * 'name' => 'picture.jpg', * 'tmp_name' => '...', // absolute path * ); * @param string $documentDir Example: /var/www/chamilo/courses/ABC/document * @param string $uploadPath Example: /folder1/folder2/ * @param int $userId * @param int $groupId, 0 for everybody * @param int $toUserId, NULL for everybody * @param int $unzip 1/0 * @param string $whatIfFileExists overwrite, rename or warn if exists (default) * @param boolean $output Optional output parameter. * @param bool $onlyUploadFile * @param string $comment * @param int $sessionId * * So far only use for unzip_uploaded_document function. * If no output wanted on success, set to false. * @param string $comment * @return string path of the saved file */ function handle_uploaded_document($courseInfo, $uploadedFile, $documentDir, $uploadPath, $userId, $groupId = 0, $toUserId = null, $unzip = 0, $whatIfFileExists = '', $output = true, $onlyUploadFile = false, $comment = null, $sessionId = null) { if (!$userId) { return false; } $userInfo = api_get_user_info(); $uploadedFile['name'] = stripslashes($uploadedFile['name']); // Add extension to files without one (if possible) $uploadedFile['name'] = add_ext_on_mime($uploadedFile['name'], $uploadedFile['type']); if (empty($sessionId)) { $sessionId = api_get_session_id(); } else { $sessionId = intval($sessionId); } // Just in case process_uploaded_file is not called $maxSpace = DocumentManager::get_course_quota(); // Check if there is enough space to save the file if (!DocumentManager::enough_space($uploadedFile['size'], $maxSpace)) { if ($output) { Display::display_error_message(get_lang('UplNotEnoughSpace')); } return false; } // If the want to unzip, check if the file has a .zip (or ZIP,Zip,ZiP,...) extension if ($unzip == 1 && preg_match('/.zip$/', strtolower($uploadedFile['name']))) { return unzip_uploaded_document($courseInfo, $userInfo, $uploadedFile, $uploadPath, $documentDir, $maxSpace, $sessionId, $groupId, $output); } elseif ($unzip == 1 && !preg_match('/.zip$/', strtolower($uploadedFile['name']))) { // We can only unzip ZIP files (no gz, tar,...) if ($output) { Display::display_error_message(get_lang('UplNotAZip') . " " . get_lang('PleaseTryAgain')); } return false; } else { // Clean up the name, only ASCII characters should stay. (and strict) $cleanName = api_replace_dangerous_char($uploadedFile['name'], 'strict'); // No "dangerous" files $cleanName = disable_dangerous_file($cleanName); // Checking file extension if (!filter_extension($cleanName)) { if ($output) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } return false; } else { // If the upload path differs from / (= root) it will need a slash at the end if ($uploadPath != '/') { $uploadPath = $uploadPath . '/'; } // Full path to where we want to store the file with trailing slash $whereToSave = $documentDir . $uploadPath; // At least if the directory doesn't exist, tell so if (!is_dir($whereToSave)) { if (!mkdir($whereToSave, api_get_permissions_for_new_directories())) { if ($output) { Display::display_error_message(get_lang('DestDirectoryDoesntExist') . ' (' . $uploadPath . ')'); } return false; } } // Just upload the file "as is" if ($onlyUploadFile) { $errorResult = moveUploadedFile($uploadedFile, $whereToSave . $cleanName); if ($errorResult) { return $whereToSave . $cleanName; } else { return $errorResult; } } /* Based in the clean name we generate a new filesystem name Using the session_id and group_id if values are not empty */ /*$fileExists = DocumentManager::documentExists( $uploadPath.$cleanName, $courseInfo, $sessionId, $groupId );*/ $fileSystemName = DocumentManager::fixDocumentName($cleanName, 'file', $courseInfo, $sessionId, $groupId); // Name of the document without the extension (for the title) $documentTitle = get_document_title($uploadedFile['name']); // Size of the uploaded file (in bytes) $fileSize = $uploadedFile['size']; // File permissions $filePermissions = api_get_permissions_for_new_files(); // Example: /var/www/chamilo/courses/xxx/document/folder/picture.jpg $fullPath = $whereToSave . $fileSystemName; // Example: /folder/picture.jpg $filePath = $uploadPath . $fileSystemName; $docId = DocumentManager::get_document_id($courseInfo, $filePath, $sessionId); $documentList = DocumentManager::getDocumentByPathInCourse($courseInfo, $filePath); // This means that the path already exists in this course. if (!empty($documentList) && $whatIfFileExists != 'overwrite') { //$found = false; // Checking if we are talking about the same course + session /*foreach ($documentList as $document) { if ($document['session_id'] == $sessionId) { $found = true; break; } }*/ //if ($found == false) { $whatIfFileExists = 'rename'; //} } // What to do if the target file exists switch ($whatIfFileExists) { // Overwrite the file if it exists case 'overwrite': // Check if the target file exists, so we can give another message $fileExists = file_exists($fullPath); if (moveUploadedFile($uploadedFile, $fullPath)) { chmod($fullPath, $filePermissions); if ($fileExists && $docId) { // UPDATE DATABASE $documentId = DocumentManager::get_document_id($courseInfo, $filePath); if (is_numeric($documentId)) { // Update file size update_existing_document($courseInfo, $documentId, $uploadedFile['size']); // Update document item_property api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentUpdated', $userId, $groupId, $toUserId, null, null, $sessionId); // Redo visibility api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo); } else { // There might be cases where the file exists on disk but there is no registration of that in the database // In this case, and if we are in overwrite mode, overwrite and create the db record $documentId = add_document($courseInfo, $filePath, 'file', $fileSize, $documentTitle, $comment, 0, true, $groupId, $sessionId); if ($documentId) { // Put the document in item_property update api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentAdded', $userId, $groupId, $toUserId, null, null, $sessionId); // Redo visibility api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo); } } // If the file is in a folder, we need to update all parent folders item_property_update_on_folder($courseInfo, $uploadPath, $userId); // Display success message with extra info to user if ($output) { Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br /> ' . $documentTitle . ' ' . get_lang('UplFileOverwritten'), false); } return $filePath; } else { // Put the document data in the database $documentId = add_document($courseInfo, $filePath, 'file', $fileSize, $documentTitle, $comment, 0, true, $groupId, $sessionId); if ($documentId) { // Put the document in item_property update api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentAdded', $userId, $groupId, $toUserId, null, null, $sessionId); // Redo visibility api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo); } // If the file is in a folder, we need to update all parent folders item_property_update_on_folder($courseInfo, $uploadPath, $userId); // Display success message to user if ($output) { Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br /> ' . $documentTitle, false); } return $filePath; } } else { if ($output) { Display::display_error_message(get_lang('UplUnableToSaveFile')); } return false; } break; // Rename the file if it exists // Rename the file if it exists case 'rename': // Always rename. $cleanName = DocumentManager::getUniqueFileName($uploadPath, $cleanName, $courseInfo, $sessionId, $groupId); $fileSystemName = DocumentManager::fixDocumentName($cleanName, 'file', $courseInfo, $sessionId, $groupId); $documentTitle = get_document_title($cleanName); $fullPath = $whereToSave . $fileSystemName; $filePath = $uploadPath . $fileSystemName; if (moveUploadedFile($uploadedFile, $fullPath)) { chmod($fullPath, $filePermissions); // Put the document data in the database $documentId = add_document($courseInfo, $filePath, 'file', $fileSize, $documentTitle, $comment, 0, true, $groupId, $sessionId); if ($documentId) { // Update document item_property api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentAdded', $userId, $groupId, $toUserId, null, null, $sessionId); // Redo visibility api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo); } // If the file is in a folder, we need to update all parent folders item_property_update_on_folder($courseInfo, $uploadPath, $userId); // Display success message to user if ($output) { Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br />' . get_lang('UplFileSavedAs') . ' ' . $documentTitle, false); } return $filePath; } else { if ($output) { Display::display_error_message(get_lang('UplUnableToSaveFile')); } return false; } break; default: // Only save the file if it doesn't exist or warn user if it does exist if (file_exists($fullPath) && $docId) { if ($output) { Display::display_error_message($cleanName . ' ' . get_lang('UplAlreadyExists')); } } else { if (moveUploadedFile($uploadedFile, $fullPath)) { chmod($fullPath, $filePermissions); // Put the document data in the database $documentId = add_document($courseInfo, $filePath, 'file', $fileSize, $documentTitle, $comment, 0, true, $groupId, $sessionId); if ($documentId) { // Update document item_property api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentAdded', $userId, $groupId, $toUserId, null, null, $sessionId); // Redo visibility api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo); } // If the file is in a folder, we need to update all parent folders item_property_update_on_folder($courseInfo, $uploadPath, $userId); // Display success message to user if ($output) { Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br /> ' . $documentTitle, false); } return $filePath; } else { if ($output) { Display::display_error_message(get_lang('UplUnableToSaveFile')); } return false; } } break; } } } }