if (api_is_coach()) {
if (!DocumentManager::is_visible_by_id($_POST['move_file'], $courseInfo, $sessionId, api_get_user_id())) {
api_not_allowed(true);
}
}
// Get the document data from the ID
$document_to_move = DocumentManager::get_document_data_by_id($_POST['move_file'], api_get_course_id(), false, $sessionId);
// Security fix: make sure they can't move files that are not in the document table
if (!empty($document_to_move)) {
$real_path_target = $base_work_dir . $moveTo . '/' . basename($document_to_move['path']);
$fileExist = false;
if (file_exists($real_path_target)) {
$fileExist = true;
}
if (move($base_work_dir . $document_to_move['path'], $base_work_dir . $moveTo)) {
update_db_info('update', $document_to_move['path'], $moveTo . '/' . basename($document_to_move['path']));
//update database item property
$doc_id = $_POST['move_file'];
if (is_dir($real_path_target)) {
api_item_property_update($courseInfo, TOOL_DOCUMENT, $doc_id, 'FolderMoved', api_get_user_id(), $groupId, null, null, null, $sessionId);
Display::addFlash(Display::return_message(get_lang('DirMv'), 'confirmation'));
} elseif (is_file($real_path_target)) {
api_item_property_update($courseInfo, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $groupId, null, null, null, $sessionId);
Display::addFlash(Display::return_message(get_lang('DocMv'), 'confirmation'));
}
// Set the current path
$curdirpath = $_POST['move_to'];
$curdirpathurl = urlencode($_POST['move_to']);
} else {
if ($fileExist) {
if (is_dir($real_path_target)) {
$r = Database::get()->querySingle("SELECT path, extra_path, format, filename FROM document\n WHERE {$group_sql} AND path = ?s", $filePath);
$delete_ok = true;
if ($r) {
// remove from index if relevant (except non-main sysbsystems and metadata)
Database::get()->queryFunc("SELECT id FROM document WHERE course_id >= 1 AND subsystem = 0\n AND format <> '.meta' AND path LIKE ?s", function ($r2) {
Indexer::queueAsync(Indexer::REQUEST_REMOVE, Indexer::RESOURCE_DOCUMENT, $r2->id);
}, $filePath . '%');
if (empty($r->extra_path)) {
if ($delete_ok = my_delete($basedir . $filePath) && $delete_ok) {
if (hasMetaData($filePath, $basedir, $group_sql)) {
$delete_ok = my_delete($basedir . $filePath . ".xml") && $delete_ok;
}
update_db_info('document', 'delete', $filePath, $r->filename);
}
} else {
update_db_info('document', 'delete', $filePath, $r->filename);
}
if ($delete_ok) {
Session::Messages($langDocDeleted, 'alert-success');
} else {
Session::Messages($langGeneralError, 'alert-danger');
}
redirect($redirect_base_url);
}
}
/* * ***************************************
RENAME
* **************************************** */
// Step 2: Rename file by updating record in database
if (isset($_POST['renameTo'])) {
$r = Database::get()->querySingle("SELECT id, filename, format FROM document WHERE {$group_sql} AND path = ?s", $_POST['sourceFile']);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $to_group_id, null, null, null, $current_session_id);
}
}
}
} elseif (is_file($full_old_path)) {
$old_path = substr($full_old_path, strlen($mainPath) - strlen($full_old_path) - 1);
if (!empty($group_properties['directory'])) {
$old_path = $group_properties['directory'] . $old_path;
//get Chamilo
}
$new_path = $chamiloFolder;
//sample /images/book_highlight.jpg
//update documents
$dbTable = Database::get_course_table(TABLE_DOCUMENT);
//Chamilo
update_db_info('update', $old_path, $new_path);
//Chamilo
//update items
$curdirpath = $new_path;
$doc_id = DocumentManager::get_document_id($_course, $curdirpath);
$current_session_id = api_get_session_id();
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $to_group_id, null, null, null, $current_session_id);
}
} else {
$current_session_id = api_get_session_id();
if ($tem['type'] == "folder") {
//add to database the first folder to target
$doc_id = add_document($_course, $chamiloFolder, 'folder', $chamiloFileSize, $chamiloFile);
//get Chamilo
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', api_get_user_id(), $to_group_id, null, null, null, $current_session_id);
//get Chamilo
------------------------------------------------------------------------*/
if ('rqMkDir' == $cmd) {
$dialogBox->title(get_lang('Create directory'));
$form = '<form action="' . claro_htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">' . "\n" . claro_form_relay_context() . '<input type="hidden" name="cmd" value="exMkDir" />' . "\n" . '<input type="hidden" name="cwd" value="' . claro_htmlspecialchars($cwd) . '" />' . "\n" . '<label for="newName">' . get_lang('Directory name') . '</label> <span class="required">*</span><br />' . "\n" . '<input type="text" id="newName" name="newName" />' . "\n" . '<br />' . "\n";
if ($courseContext) {
$form .= '<p>' . "\n" . '<label for="comment">' . get_lang('Comment') . '</label><br />' . "\n" . '<textarea rows="5" cols="50" id="comment" name="comment"></textarea>' . "\n" . '</p>' . "\n";
}
$form .= '<span class="required">*</span> ' . get_lang('Denotes required fields') . '<br />' . "\n" . '<input type="submit" value="' . get_lang('Ok') . '" /> ' . claro_html_button(claro_htmlspecialchars(Url::Contextualize($_SERVER['PHP_SELF'] . '?cmd=exChDir&file=' . base64_encode($cwd))), get_lang('Cancel')) . '</form>' . "\n";
$dialogBox->form($form);
}
/*= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
VISIBILITY COMMANDS
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = */
if ('exChVis' == $cmd && $courseContext) {
$_REQUEST['file'] = secure_file_path($_REQUEST['file']);
update_db_info('update', $_REQUEST['file'], array('visibility' => $_REQUEST['vis']));
//notify claroline that visibility changed
if ($_REQUEST['vis'] == 'v') {
$eventNotifier->notifyCourseEvent("document_visible", claro_get_current_course_id(), claro_get_current_tool_id(), $_REQUEST['file'], claro_get_current_group_id(), "0");
} else {
$eventNotifier->notifyCourseEvent("document_invisible", claro_get_current_course_id(), claro_get_current_tool_id(), $_REQUEST['file'], claro_get_current_group_id(), "0");
}
}
}
// END is Allowed to Edit
if ('rqSearch' == $cmd) {
$searchMsg = !empty($cwd) ? '<br />' . get_lang('Search in %currentDirectory', array('%currentDirectory' => claro_htmlspecialchars($cwd))) : '';
$dialogBox->form('<form action="' . claro_htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">' . "\n" . claro_form_relay_context() . '<input type="hidden" name="cmd" value="exSearch" />' . "\n" . '<input type="text" id="searchPattern" name="searchPattern" class="inputSearch" />' . "\n" . '<input type="hidden" name="cwd" value="' . claro_htmlspecialchars($cwd) . '" />' . "\n" . '<input type="submit" value="' . get_lang('Search') . '" /> ' . claro_html_button(claro_htmlspecialchars(Url::Contextualize($_SERVER['PHP_SELF'] . '?cmd=exChDir&file=' . base64_encode($cwd))), get_lang("Cancel")) . $searchMsg . '</form>' . "\n");
}
if ('exDownload' == $cmd) {
if (claro_is_user_authenticated() && (claro_is_allowed_to_edit() || get_conf('cldoc_allowNonManagersToDownloadFolder', true)) || get_conf('cldoc_allowNonManagersToDownloadFolder', true) && get_conf('cldoc_allowAnonymousToDownloadFolder', true)) {
/**
This function changes the name of a certain file.
It needs no global variables, it takes all info from parameters.
It returns nothing.
@todo check if this function is used
*/
function change_name($base_work_dir, $source_file, $rename_to, $dir, $doc)
{
$file_name_for_change = $base_work_dir . $dir . $source_file;
$rename_to = disable_dangerous_file($rename_to);
// Avoid renaming to .htaccess file
$rename_to = my_rename($file_name_for_change, stripslashes($rename_to));
// fileManage API
if ($rename_to) {
if (isset($dir) && $dir != '') {
$source_file = $dir . $source_file;
$new_full_file_name = dirname($source_file) . '/' . $rename_to;
} else {
$source_file = '/' . $source_file;
$new_full_file_name = '/' . $rename_to;
}
update_db_info('update', $source_file, $new_full_file_name);
// fileManage API
Display::addFlash(Display::return_message(get_lang('fileModified')));
return true;
} else {
Display::addFlash(Display::return_message(get_lang('FileExists')));
}
}
case 'delete':
// deletes an exercise
$imgparams = array();
$imgcount = 0;
GetImgParams($file, $documentPath, $imgparams, $imgcount);
$fld = GetFolderName($file);
for ($i = 0; $i < $imgcount; $i++) {
my_delete($documentPath . $uploadPath . "/" . $fld . "/" . $imgparams[$i]);
update_db_info("delete", $uploadPath . "/" . $fld . "/" . $imgparams[$i]);
}
if (!is_dir($documentPath . $uploadPath . "/" . $fld . "/")) {
my_delete($documentPath . $file);
update_db_info("delete", $file);
} else {
if (my_delete($documentPath . $file)) {
update_db_info("delete", $file);
}
}
/* hotpotatoes folder may contains several tests so
don't delete folder if not empty :
http://support.chamilo.org/issues/2165
*/
if (!(strstr($uploadPath, DIR_HOTPOTATOES) && !folder_is_empty($documentPath . $uploadPath . "/" . $fld . "/"))) {
my_delete($documentPath . $uploadPath . "/" . $fld . "/");
}
break;
case 'enable':
// enables an exercise
$newVisibilityStatus = "1";
//"visible"
$query = "SELECT id FROM {$TBL_DOCUMENT}\n WHERE c_id = {$courseId} AND path='" . Database::escape_string($file) . "'";
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', api_get_user_id());
} else {
// It is not the first step... get the filename directly from the system params.
$filename = $_FILES['userFile']['name'];
}
$allow_output_on_success = false;
if (handle_uploaded_document($_course, $_FILES['userFile'], $document_sys_path, $uploadPath . '/' . $fld, api_get_user_id(), null, null, $unzip, '', $allow_output_on_success)) {
if ($finish == 2) {
$imgparams = $_POST['imgparams'];
$checked = CheckImageName($imgparams, $filename);
if ($checked) {
$imgcount = $imgcount - 1;
} else {
$dialogBox .= $filename . ' ' . get_lang('NameNotEqual');
my_delete($document_sys_path . $uploadPath . '/' . $fld . '/' . $filename);
update_db_info('delete', $uploadPath . '/' . $fld . '/' . $filename);
}
if ($imgcount == 0) {
// all image uploaded
$finish = 1;
}
} else {
// If we are (still) on the first step of the upload process.
if ($finish == 0) {
$finish = 2;
// Get number and name of images from the files contents.
GetImgParams('/' . $filename, $document_sys_path . $uploadPath . '/' . $fld, $imgparams, $imgcount);
if ($imgcount == 0) {
// There is no img link, so finish the upload process.
$finish = 1;
} else {
/**
This function changes the name of a certain file.
It needs no global variables, it takes all info from parameters.
It returns nothing.
@todo check if this function is used
*/
function change_name($base_work_dir, $source_file, $rename_to, $dir, $doc)
{
$file_name_for_change = $base_work_dir . $dir . $source_file;
//api_display_debug_info("call my_rename: params $file_name_for_change, $rename_to");
$rename_to = disable_dangerous_file($rename_to);
// Avoid renaming to .htaccess file
$rename_to = my_rename($file_name_for_change, stripslashes($rename_to));
// fileManage API
if ($rename_to) {
if (isset($dir) && $dir != '') {
$source_file = $dir . $source_file;
$new_full_file_name = dirname($source_file) . '/' . $rename_to;
} else {
$source_file = '/' . $source_file;
$new_full_file_name = '/' . $rename_to;
}
update_db_info('update', $source_file, $new_full_file_name);
// fileManage API
$name_changed = get_lang('ElRen');
$info_message = get_lang('fileModified');
$GLOBALS['file_name'] = $rename_to;
$GLOBALS['doc'] = $rename_to;
return $info_message;
} else {
$dialogBox = get_lang('FileExists');
// TODO: This variable is not used.
/* Return to step 1 */
$rename = $source_file;
unset($source_file);
}
}
}
}
$document_to_move = DocumentManager::get_document_data_by_id($_POST['move_file'], api_get_course_id());
require_once $lib_path . 'fileManage.lib.php';
// Security fix: make sure they can't move files that are not in the document table
if (!empty($document_to_move)) {
$real_path_target = $base_work_dir . $_POST['move_to'] . '/' . basename($document_to_move['path']);
$fileExist = false;
if (file_exists($real_path_target)) {
$fileExist = true;
}
if (move($base_work_dir . $document_to_move['path'], $base_work_dir . $_POST['move_to'])) {
//if (1) {
//$contents = DocumentManager::replace_urls_inside_content_html_when_moving_file(basename($document_to_move['path']), $base_work_dir.dirname($document_to_move['path']), $base_work_dir.$_POST['move_to']);
//exit;
update_db_info('update', $document_to_move['path'], $_POST['move_to'] . '/' . basename($document_to_move['path']));
//update database item property
$doc_id = $_POST['move_file'];
if (is_dir($real_path_target)) {
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderMoved', api_get_user_id(), $to_group_id, null, null, null, $session_id);
Display::display_confirmation_message(get_lang('DirMv'));
} elseif (is_file($real_path_target)) {
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $to_group_id, null, null, null, $session_id);
Display::display_confirmation_message(get_lang('DocMv'));
}
// Set the current path
$curdirpath = $_POST['move_to'];
$curdirpathurl = urlencode($_POST['move_to']);
} else {
if ($fileExist) {
if (is_dir($real_path_target)) {
