if (api_is_coach()) { if (!DocumentManager::is_visible_by_id($_POST['move_file'], $courseInfo, $sessionId, api_get_user_id())) { api_not_allowed(true); } } // Get the document data from the ID $document_to_move = DocumentManager::get_document_data_by_id($_POST['move_file'], api_get_course_id(), false, $sessionId); // Security fix: make sure they can't move files that are not in the document table if (!empty($document_to_move)) { $real_path_target = $base_work_dir . $moveTo . '/' . basename($document_to_move['path']); $fileExist = false; if (file_exists($real_path_target)) { $fileExist = true; } if (move($base_work_dir . $document_to_move['path'], $base_work_dir . $moveTo)) { update_db_info('update', $document_to_move['path'], $moveTo . '/' . basename($document_to_move['path'])); //update database item property $doc_id = $_POST['move_file']; if (is_dir($real_path_target)) { api_item_property_update($courseInfo, TOOL_DOCUMENT, $doc_id, 'FolderMoved', api_get_user_id(), $groupId, null, null, null, $sessionId); Display::addFlash(Display::return_message(get_lang('DirMv'), 'confirmation')); } elseif (is_file($real_path_target)) { api_item_property_update($courseInfo, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $groupId, null, null, null, $sessionId); Display::addFlash(Display::return_message(get_lang('DocMv'), 'confirmation')); } // Set the current path $curdirpath = $_POST['move_to']; $curdirpathurl = urlencode($_POST['move_to']); } else { if ($fileExist) { if (is_dir($real_path_target)) {
$r = Database::get()->querySingle("SELECT path, extra_path, format, filename FROM document\n WHERE {$group_sql} AND path = ?s", $filePath); $delete_ok = true; if ($r) { // remove from index if relevant (except non-main sysbsystems and metadata) Database::get()->queryFunc("SELECT id FROM document WHERE course_id >= 1 AND subsystem = 0\n AND format <> '.meta' AND path LIKE ?s", function ($r2) { Indexer::queueAsync(Indexer::REQUEST_REMOVE, Indexer::RESOURCE_DOCUMENT, $r2->id); }, $filePath . '%'); if (empty($r->extra_path)) { if ($delete_ok = my_delete($basedir . $filePath) && $delete_ok) { if (hasMetaData($filePath, $basedir, $group_sql)) { $delete_ok = my_delete($basedir . $filePath . ".xml") && $delete_ok; } update_db_info('document', 'delete', $filePath, $r->filename); } } else { update_db_info('document', 'delete', $filePath, $r->filename); } if ($delete_ok) { Session::Messages($langDocDeleted, 'alert-success'); } else { Session::Messages($langGeneralError, 'alert-danger'); } redirect($redirect_base_url); } } /* * *************************************** RENAME * **************************************** */ // Step 2: Rename file by updating record in database if (isset($_POST['renameTo'])) { $r = Database::get()->querySingle("SELECT id, filename, format FROM document WHERE {$group_sql} AND path = ?s", $_POST['sourceFile']);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $to_group_id, null, null, null, $current_session_id); } } } } elseif (is_file($full_old_path)) { $old_path = substr($full_old_path, strlen($mainPath) - strlen($full_old_path) - 1); if (!empty($group_properties['directory'])) { $old_path = $group_properties['directory'] . $old_path; //get Chamilo } $new_path = $chamiloFolder; //sample /images/book_highlight.jpg //update documents $dbTable = Database::get_course_table(TABLE_DOCUMENT); //Chamilo update_db_info('update', $old_path, $new_path); //Chamilo //update items $curdirpath = $new_path; $doc_id = DocumentManager::get_document_id($_course, $curdirpath); $current_session_id = api_get_session_id(); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $to_group_id, null, null, null, $current_session_id); } } else { $current_session_id = api_get_session_id(); if ($tem['type'] == "folder") { //add to database the first folder to target $doc_id = add_document($_course, $chamiloFolder, 'folder', $chamiloFileSize, $chamiloFile); //get Chamilo api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', api_get_user_id(), $to_group_id, null, null, null, $current_session_id); //get Chamilo
------------------------------------------------------------------------*/ if ('rqMkDir' == $cmd) { $dialogBox->title(get_lang('Create directory')); $form = '<form action="' . claro_htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">' . "\n" . claro_form_relay_context() . '<input type="hidden" name="cmd" value="exMkDir" />' . "\n" . '<input type="hidden" name="cwd" value="' . claro_htmlspecialchars($cwd) . '" />' . "\n" . '<label for="newName">' . get_lang('Directory name') . '</label> <span class="required">*</span><br />' . "\n" . '<input type="text" id="newName" name="newName" />' . "\n" . '<br />' . "\n"; if ($courseContext) { $form .= '<p>' . "\n" . '<label for="comment">' . get_lang('Comment') . '</label><br />' . "\n" . '<textarea rows="5" cols="50" id="comment" name="comment"></textarea>' . "\n" . '</p>' . "\n"; } $form .= '<span class="required">*</span> ' . get_lang('Denotes required fields') . '<br />' . "\n" . '<input type="submit" value="' . get_lang('Ok') . '" /> ' . claro_html_button(claro_htmlspecialchars(Url::Contextualize($_SERVER['PHP_SELF'] . '?cmd=exChDir&file=' . base64_encode($cwd))), get_lang('Cancel')) . '</form>' . "\n"; $dialogBox->form($form); } /*= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = VISIBILITY COMMANDS = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = */ if ('exChVis' == $cmd && $courseContext) { $_REQUEST['file'] = secure_file_path($_REQUEST['file']); update_db_info('update', $_REQUEST['file'], array('visibility' => $_REQUEST['vis'])); //notify claroline that visibility changed if ($_REQUEST['vis'] == 'v') { $eventNotifier->notifyCourseEvent("document_visible", claro_get_current_course_id(), claro_get_current_tool_id(), $_REQUEST['file'], claro_get_current_group_id(), "0"); } else { $eventNotifier->notifyCourseEvent("document_invisible", claro_get_current_course_id(), claro_get_current_tool_id(), $_REQUEST['file'], claro_get_current_group_id(), "0"); } } } // END is Allowed to Edit if ('rqSearch' == $cmd) { $searchMsg = !empty($cwd) ? '<br />' . get_lang('Search in %currentDirectory', array('%currentDirectory' => claro_htmlspecialchars($cwd))) : ''; $dialogBox->form('<form action="' . claro_htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">' . "\n" . claro_form_relay_context() . '<input type="hidden" name="cmd" value="exSearch" />' . "\n" . '<input type="text" id="searchPattern" name="searchPattern" class="inputSearch" />' . "\n" . '<input type="hidden" name="cwd" value="' . claro_htmlspecialchars($cwd) . '" />' . "\n" . '<input type="submit" value="' . get_lang('Search') . '" /> ' . claro_html_button(claro_htmlspecialchars(Url::Contextualize($_SERVER['PHP_SELF'] . '?cmd=exChDir&file=' . base64_encode($cwd))), get_lang("Cancel")) . $searchMsg . '</form>' . "\n"); } if ('exDownload' == $cmd) { if (claro_is_user_authenticated() && (claro_is_allowed_to_edit() || get_conf('cldoc_allowNonManagersToDownloadFolder', true)) || get_conf('cldoc_allowNonManagersToDownloadFolder', true) && get_conf('cldoc_allowAnonymousToDownloadFolder', true)) {
/** This function changes the name of a certain file. It needs no global variables, it takes all info from parameters. It returns nothing. @todo check if this function is used */ function change_name($base_work_dir, $source_file, $rename_to, $dir, $doc) { $file_name_for_change = $base_work_dir . $dir . $source_file; $rename_to = disable_dangerous_file($rename_to); // Avoid renaming to .htaccess file $rename_to = my_rename($file_name_for_change, stripslashes($rename_to)); // fileManage API if ($rename_to) { if (isset($dir) && $dir != '') { $source_file = $dir . $source_file; $new_full_file_name = dirname($source_file) . '/' . $rename_to; } else { $source_file = '/' . $source_file; $new_full_file_name = '/' . $rename_to; } update_db_info('update', $source_file, $new_full_file_name); // fileManage API Display::addFlash(Display::return_message(get_lang('fileModified'))); return true; } else { Display::addFlash(Display::return_message(get_lang('FileExists'))); } }
case 'delete': // deletes an exercise $imgparams = array(); $imgcount = 0; GetImgParams($file, $documentPath, $imgparams, $imgcount); $fld = GetFolderName($file); for ($i = 0; $i < $imgcount; $i++) { my_delete($documentPath . $uploadPath . "/" . $fld . "/" . $imgparams[$i]); update_db_info("delete", $uploadPath . "/" . $fld . "/" . $imgparams[$i]); } if (!is_dir($documentPath . $uploadPath . "/" . $fld . "/")) { my_delete($documentPath . $file); update_db_info("delete", $file); } else { if (my_delete($documentPath . $file)) { update_db_info("delete", $file); } } /* hotpotatoes folder may contains several tests so don't delete folder if not empty : http://support.chamilo.org/issues/2165 */ if (!(strstr($uploadPath, DIR_HOTPOTATOES) && !folder_is_empty($documentPath . $uploadPath . "/" . $fld . "/"))) { my_delete($documentPath . $uploadPath . "/" . $fld . "/"); } break; case 'enable': // enables an exercise $newVisibilityStatus = "1"; //"visible" $query = "SELECT id FROM {$TBL_DOCUMENT}\n WHERE c_id = {$courseId} AND path='" . Database::escape_string($file) . "'";
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', api_get_user_id()); } else { // It is not the first step... get the filename directly from the system params. $filename = $_FILES['userFile']['name']; } $allow_output_on_success = false; if (handle_uploaded_document($_course, $_FILES['userFile'], $document_sys_path, $uploadPath . '/' . $fld, api_get_user_id(), null, null, $unzip, '', $allow_output_on_success)) { if ($finish == 2) { $imgparams = $_POST['imgparams']; $checked = CheckImageName($imgparams, $filename); if ($checked) { $imgcount = $imgcount - 1; } else { $dialogBox .= $filename . ' ' . get_lang('NameNotEqual'); my_delete($document_sys_path . $uploadPath . '/' . $fld . '/' . $filename); update_db_info('delete', $uploadPath . '/' . $fld . '/' . $filename); } if ($imgcount == 0) { // all image uploaded $finish = 1; } } else { // If we are (still) on the first step of the upload process. if ($finish == 0) { $finish = 2; // Get number and name of images from the files contents. GetImgParams('/' . $filename, $document_sys_path . $uploadPath . '/' . $fld, $imgparams, $imgcount); if ($imgcount == 0) { // There is no img link, so finish the upload process. $finish = 1; } else {
/** This function changes the name of a certain file. It needs no global variables, it takes all info from parameters. It returns nothing. @todo check if this function is used */ function change_name($base_work_dir, $source_file, $rename_to, $dir, $doc) { $file_name_for_change = $base_work_dir . $dir . $source_file; //api_display_debug_info("call my_rename: params $file_name_for_change, $rename_to"); $rename_to = disable_dangerous_file($rename_to); // Avoid renaming to .htaccess file $rename_to = my_rename($file_name_for_change, stripslashes($rename_to)); // fileManage API if ($rename_to) { if (isset($dir) && $dir != '') { $source_file = $dir . $source_file; $new_full_file_name = dirname($source_file) . '/' . $rename_to; } else { $source_file = '/' . $source_file; $new_full_file_name = '/' . $rename_to; } update_db_info('update', $source_file, $new_full_file_name); // fileManage API $name_changed = get_lang('ElRen'); $info_message = get_lang('fileModified'); $GLOBALS['file_name'] = $rename_to; $GLOBALS['doc'] = $rename_to; return $info_message; } else { $dialogBox = get_lang('FileExists'); // TODO: This variable is not used. /* Return to step 1 */ $rename = $source_file; unset($source_file); } }
} } $document_to_move = DocumentManager::get_document_data_by_id($_POST['move_file'], api_get_course_id()); require_once $lib_path . 'fileManage.lib.php'; // Security fix: make sure they can't move files that are not in the document table if (!empty($document_to_move)) { $real_path_target = $base_work_dir . $_POST['move_to'] . '/' . basename($document_to_move['path']); $fileExist = false; if (file_exists($real_path_target)) { $fileExist = true; } if (move($base_work_dir . $document_to_move['path'], $base_work_dir . $_POST['move_to'])) { //if (1) { //$contents = DocumentManager::replace_urls_inside_content_html_when_moving_file(basename($document_to_move['path']), $base_work_dir.dirname($document_to_move['path']), $base_work_dir.$_POST['move_to']); //exit; update_db_info('update', $document_to_move['path'], $_POST['move_to'] . '/' . basename($document_to_move['path'])); //update database item property $doc_id = $_POST['move_file']; if (is_dir($real_path_target)) { api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderMoved', api_get_user_id(), $to_group_id, null, null, null, $session_id); Display::display_confirmation_message(get_lang('DirMv')); } elseif (is_file($real_path_target)) { api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $to_group_id, null, null, null, $session_id); Display::display_confirmation_message(get_lang('DocMv')); } // Set the current path $curdirpath = $_POST['move_to']; $curdirpathurl = urlencode($_POST['move_to']); } else { if ($fileExist) { if (is_dir($real_path_target)) {