/**
* Sets the specified site settings.
* A table with | Setting label | value | is expected.
*
* @Given /^the following site settings are set:$/
* @param TableNode $table
* @throws SystemException
*/
public function site_settings_set(TableNode $table)
{
$settings = array();
foreach ($table->getHash() as $sitesetting) {
$settings[$sitesetting['field']] = $sitesetting['value'];
}
// Validate the settings
$allowsettings = array('sitename', 'lang', 'country', 'theme', 'dropdownmenu', 'homepageinfo', 'userscanchooseviewthemes', 'remoteavatars', 'userscanhiderealnames', 'searchusernames', 'searchuserspublic', 'anonymouscomments', 'loggedinprofileviewaccess', 'staffreports', 'staffstats', 'userscandisabledevicedetection', 'masqueradingreasonrequired', 'masqueradingnotified', 'showprogressbar', 'exporttoqueue', 'defaultmultipleblogs', 'searchplugin', 'creategroups', 'createpublicgroups', 'allowgroupcategories', 'institutionexpirynotification', 'institutionautosuspend', 'requireregistrationconfirm', 'allowpublicviews', 'allowpublicprofiles', 'allowanonymouspages', 'generatesitemap', 'showselfsearchsideblock', 'showtagssideblock', 'tagssideblockmaxtags', 'viewmicroheaders', 'showonlineuserssideblock', 'onlineuserssideblockmaxusers', 'licensemetadata', 'licenseallowcustom', 'allowmobileuploads', 'wysiwyg', 'sitefilesaccess', 'watchlistnotification_delay', 'skins');
// if public views are disabled, sitemap generation must also be disabled.
if (empty($settings['allowpublicviews'])) {
$settings['generatesitemap'] = false;
} else {
// Ensure allowpublicprofiles is set as well
$settings['allowpublicprofiles'] = 1;
}
// Update site settings
$oldsearchplugin = get_config('searchplugin');
$oldlanguage = get_config('lang');
$oldtheme = get_config('theme');
foreach ($allowsettings as $setting) {
if (isset($settings[$setting]) && !set_config($setting, $settings[$setting])) {
throw new SystemException("Can not set the option \"{$setting}\" to \"{$settings[$setting]}\"");
}
}
if (isset($settings['lang']) && $oldlanguage != $settings['lang']) {
safe_require('artefact', 'file');
ArtefactTypeFolder::change_public_folder_name($oldlanguage, $settings['lang']);
}
}
function siteoptions_submit(Pieform $form, $values)
{
$fields = array('sitename', 'lang', 'theme', 'pathtoclam', 'defaultaccountlifetime', 'defaultaccountinactiveexpire', 'defaultaccountinactivewarn', 'allowpublicviews', 'allowpublicprofiles', 'createpublicgroups', 'searchplugin', 'registration_sendweeklyupdates', 'institutionexpirynotification', 'institutionautosuspend');
$oldlanguage = get_config('lang');
$oldtheme = get_config('theme');
foreach ($fields as $field) {
if (!set_config($field, $values[$field])) {
siteoptions_fail($form, $field);
}
}
if ($oldlanguage != $values['lang']) {
safe_require('artefact', 'file');
ArtefactTypeFolder::change_public_folder_name($oldlanguage, $values['lang']);
}
// submitted sessionlifetime is in minutes; db entry session_timeout is in seconds
if (!set_config('session_timeout', $values['sessionlifetime'] * 60)) {
siteoptions_fail($form, 'sessionlifetime');
}
// Submitted value is on/off; database entry should be 1/0
foreach (array('viruschecking', 'usersallowedmultipleinstitutions') as $checkbox) {
if (!set_config($checkbox, (int) ($values[$checkbox] == 'on'))) {
siteoptions_fail($form, $checkbox);
}
}
$message = get_string('siteoptionsset', 'admin');
if ($oldtheme != $values['theme']) {
$message .= ' ' . get_string('usersseenewthemeonlogin', 'admin');
}
$form->reply(PIEFORM_OK, array('message' => $message, 'goto' => '/admin/site/options.php'));
}
public static function render_instance(BlockInstance $instance, $editing = false)
{
$configdata = $instance->get('configdata');
$text = isset($configdata['text']) ? $configdata['text'] : '';
safe_require('artefact', 'file');
$text = ArtefactTypeFolder::append_view_url($text, $instance->get('view'));
return clean_html($text);
}
/**
* Test that an artefact gets a new path when moved.
*/
public function testArtefactHierarchyMove()
{
// Create folder.
$folderdata = array('owner' => $this->testuserid, 'title' => 'Test folder', 'description' => 'Test folder description');
$folder = new ArtefactTypeFolder(0, $folderdata);
$folder->commit();
// Create a file.
$filedata = array('owner' => $this->testuserid, 'title' => 'Test file', 'description' => 'Test file description');
$file = new ArtefactTypeFile(0, $filedata);
$file->commit();
// Check that path is root.
$fileid = $file->get('id');
$this->assertEquals('/' . $fileid, $file->get('path'));
// "Move" file to a folder.
$folderid = $folder->get('id');
$file = new ArtefactTypeFile($fileid);
$file->move($folderid);
$newpath = "/{$folderid}/{$fileid}";
$this->assertEquals($newpath, $file->get('path'));
}
public static function render_instance(BlockInstance $instance, $editing = false)
{
safe_require('artefact', 'file');
$configdata = $instance->get('configdata');
$smarty = smarty_core();
if (array_key_exists('text', $configdata)) {
$newtext = ArtefactTypeFolder::append_view_url($configdata['text'], $instance->get('view'));
$smarty->assign('text', $newtext);
} else {
$smarty->assign('text', '');
}
return $smarty->fetch('blocktype:text:content.tpl');
}
public static function render_instance(BlockInstance $instance, $editing = false)
{
$configdata = $instance->get('configdata');
if (!empty($configdata['artefactid'])) {
safe_require('artefact', 'file');
safe_require('artefact', 'comment');
$artefact = $instance->get_artefact_instance($configdata['artefactid']);
$viewid = $instance->get('view');
$text = ArtefactTypeFolder::append_view_url($artefact->get('note'), $viewid);
$information = ArtefactTypeFolder::append_view_url($artefact->get('description'), $viewid);
$literature = $configdata['literature'];
$smarty = smarty_core();
$smarty->assign('text', $text);
$smarty->assign('information', $information);
$smarty->assign('literature', $literature);
$attachments = $artefact->get_attachments();
if ($attachments) {
require_once get_config('docroot') . 'artefact/lib.php';
foreach ($attachments as &$attachment) {
$f = artefact_instance_from_id($attachment->id);
$attachment->size = $f->describe_size();
$attachment->iconpath = $f->get_icon(array('id' => $attachment->id, 'viewid' => isset($options['viewid']) ? $options['viewid'] : 0));
$attachment->viewpath = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $attachment->id . '&view=' . (isset($viewid) ? $viewid : 0);
$attachment->downloadpath = get_config('wwwroot') . 'artefact/file/download.php?file=' . $attachment->id;
if (isset($viewid)) {
$attachment->downloadpath .= '&view=' . $viewid;
}
}
$smarty->assign('attachments', $attachments);
$smarty->assign('count', count($attachments));
}
require_once get_config('docroot') . 'lib/view.php';
$view = new View($viewid);
list($commentcount, $comments) = ArtefactTypeComment::get_artefact_comments_for_view($artefact, $view, $instance->get('id'), true, $editing);
$smarty->assign('commentcount', $commentcount);
$smarty->assign('comments', $comments);
$smarty->assign('blockid', $instance->get('id'));
return $smarty->fetch('blocktype:eselmagraduation:content.tpl');
}
return '';
}
function siteoptions_submit(Pieform $form, $values)
{
$fields = array('sitename', 'lang', 'theme', 'pathtoclam', 'defaultaccountlifetime', 'defaultaccountinactiveexpire', 'defaultaccountinactivewarn', 'allowpublicviews', 'allowpublicprofiles', 'registration_sendweeklyupdates', 'institutionexpirynotification', 'institutionautosuspend', 'showselfsearchsideblock', 'searchusernames', 'showtagssideblock', 'tagssideblockmaxtags', 'country', 'viewmicroheaders', 'userscanchooseviewthemes', 'remoteavatars', 'userscanhiderealnames', 'antispam', 'spamhaus', 'surbl', 'anonymouscomments', 'proxyaddress', 'proxyauthmodel', 'proxyauthcredentials', 'homepageinfo', 'showonlineuserssideblock', 'registerterms', 'creategroups', 'createpublicgroups', 'allowgroupcategories');
$oldlanguage = get_config('lang');
$oldtheme = get_config('theme');
foreach ($fields as $field) {
if (!set_config($field, $values[$field])) {
siteoptions_fail($form, $field);
}
}
if ($oldlanguage != $values['lang']) {
safe_require('artefact', 'file');
ArtefactTypeFolder::change_public_folder_name($oldlanguage, $values['lang']);
}
// submitted sessionlifetime is in minutes; db entry session_timeout is in seconds
if (!set_config('session_timeout', $values['sessionlifetime'] * 60)) {
siteoptions_fail($form, 'sessionlifetime');
}
// Submitted value is on/off; database entry should be 1/0
foreach (array('viruschecking', 'usersallowedmultipleinstitutions') as $checkbox) {
if (!set_config($checkbox, (int) ($values[$checkbox] == 'on'))) {
siteoptions_fail($form, $checkbox);
}
}
if ($values['viruschecking'] == 'on') {
$pathtoclam = escapeshellcmd(trim(get_config('pathtoclam')));
if (!$pathtoclam || !file_exists($pathtoclam) && !is_executable($pathtoclam)) {
$form->reply(PIEFORM_ERR, array('message' => get_string('clamlost', 'mahara', $pathtoclam), 'goto' => '/admin/site/options.php'));
}
}
$message = get_string('siteoptionsset', 'admin');
if ($oldtheme != $values['theme']) {
global $USER;
$message .= ' ' . get_string('usersseenewthemeonlogin', 'admin');
$USER->update_theme();
}
$form->reply(PIEFORM_OK, array('message' => $message, 'goto' => '/admin/site/options.php'));
}
public static function render_instance(BlockInstance $instance, $editing = false)
{
$configdata = $instance->get('configdata');
if (!empty($configdata['artefactid'])) {
safe_require('artefact', 'file');
safe_require('artefact', 'comment');
$artefact = $instance->get_artefact_instance($configdata['artefactid']);
$viewid = $instance->get('view');
$text = ArtefactTypeFolder::append_view_url($artefact->get('description'), $viewid);
$smarty = smarty_core();
$smarty->assign('text', $text);
$attachments = $artefact->get_attachments();
if ($attachments) {
require_once get_config('docroot') . 'artefact/lib.php';
foreach ($attachments as &$attachment) {
$f = artefact_instance_from_id($attachment->id);
$attachment->size = $f->describe_size();
$attachment->iconpath = $f->get_icon(array('id' => $attachment->id, 'viewid' => isset($options['viewid']) ? $options['viewid'] : 0));
$attachment->viewpath = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $attachment->id . '&view=' . (isset($viewid) ? $viewid : 0);
$attachment->downloadpath = get_config('wwwroot') . 'artefact/file/download.php?file=' . $attachment->id;
if (isset($viewid)) {
$attachment->downloadpath .= '&view=' . $viewid;
}
}
$smarty->assign('attachments', $attachments);
$smarty->assign('count', count($attachments));
}
if ($artefact->get('allowcomments')) {
$commentcount = ArtefactTypeComment::count_comments(null, array($configdata['artefactid']));
$commentcount = isset($commentcount[$configdata['artefactid']]) ? $commentcount[$configdata['artefactid']]->comments : 0;
$artefacturl = get_config('wwwroot') . 'artefact/artefact.php?view=' . $viewid . '&artefact=' . $configdata['artefactid'];
$smarty->assign('artefacturl', $artefacturl);
$smarty->assign('commentcount', $commentcount);
}
return $smarty->fetch('blocktype:textbox:content.tpl');
}
return '';
}
/**
* Grab a delegate object for auth stuff
*/
public function request_user_authorise($token, $remotewwwroot)
{
global $USER, $SESSION;
$this->must_be_ready();
$peer = get_peer($remotewwwroot);
if ($peer->deleted != 0 || $this->config['theyssoin'] != 1) {
throw new XmlrpcClientException('We don\'t accept SSO connections from ' . institution_display_name($peer->institution));
}
$client = new Client();
$client->set_method('auth/mnet/auth.php/user_authorise')->add_param($token)->add_param(sha1($_SERVER['HTTP_USER_AGENT']))->send($remotewwwroot);
$remoteuser = (object) $client->response;
if (empty($remoteuser) or !property_exists($remoteuser, 'username')) {
// Caught by land.php
throw new AccessDeniedException();
}
$create = false;
$update = false;
if ('1' == $this->config['updateuserinfoonlogin']) {
$update = true;
}
// Retrieve a $user object. If that fails, create a blank one.
try {
$user = new User();
if (get_config('usersuniquebyusername')) {
// When turned on, this setting means that it doesn't matter
// which other application the user SSOs from, they will be
// given the same account in Mahara.
//
// This setting is one that has security implications unless
// only turned on by people who know what they're doing. In
// particular, every system linked to Mahara should be making
// sure that same username == same person. This happens for
// example if two Moodles are using the same LDAP server for
// authentication.
//
// If this setting is on, it must NOT be possible to self
// register on the site for ANY institution - otherwise users
// could simply pick usernames of people's accounts they wished
// to steal.
if ($institutions = get_column('institution', 'name', 'registerallowed', '1')) {
log_warn("usersuniquebyusername is turned on but registration is allowed for an institution. " . "No institution can have registration allowed for it, for security reasons.\n" . "The following institutions have registration enabled:\n " . join("\n ", $institutions));
throw new AccessDeniedException();
}
if (!get_config('usersallowedmultipleinstitutions')) {
log_warn("usersuniquebyusername is turned on but usersallowedmultipleinstitutions is off. " . "This makes no sense, as users will then change institution every time they log in from " . "somewhere else. Please turn this setting on in Site Options");
throw new AccessDeniedException();
}
$user->find_by_username($remoteuser->username);
} else {
$user->find_by_instanceid_username($this->instanceid, $remoteuser->username, true);
}
if ($user->get('suspendedcusr')) {
die_info(get_string('accountsuspended', 'mahara', strftime(get_string('strftimedaydate'), $user->get('suspendedctime')), $user->get('suspendedreason')));
}
} catch (AuthUnknownUserException $e) {
if (!empty($this->config['weautocreateusers'])) {
$institution = new Institution($this->institution);
if ($institution->isFull()) {
$institution->send_admin_institution_is_full_message();
throw new XmlrpcClientException('SSO attempt from ' . $institution->displayname . ' failed - institution is full');
}
$user = new User();
$create = true;
} else {
log_debug("User authorisation request from {$remotewwwroot} failed - " . "remote user '{$remoteuser->username}' is unknown to us and auto creation of users is turned off");
return false;
}
}
/*******************************************/
if ($create) {
$user->passwordchange = 1;
$user->active = 1;
$user->deleted = 0;
//TODO: import institution's expiry?:
//$institution = new Institution($peer->institution);
$user->expiry = null;
$user->expirymailsent = 0;
$user->lastlogin = time();
$user->firstname = $remoteuser->firstname;
$user->lastname = $remoteuser->lastname;
$user->email = $remoteuser->email;
$imported = array('firstname', 'lastname', 'email');
//TODO: import institution's per-user-quota?:
//$user->quota = $userrecord->quota;
$user->authinstance = empty($this->config['parent']) ? $this->instanceid : $this->parent;
db_begin();
$user->username = get_new_username($remoteuser->username);
$user->id = create_user($user, array(), $this->institution, $this, $remoteuser->username);
$locked = $this->import_user_settings($user, $remoteuser);
$locked = array_merge($imported, $locked);
/*
* We need to convert the object to a stdclass with its own
* custom method because it uses overloaders in its implementation
* and its properties wouldn't be visible to a simple cast operation
* like (array)$user
*/
$userobj = $user->to_stdclass();
$userarray = (array) $userobj;
db_commit();
// Now we have fired the create event, we need to re-get the data
// for this user
$user = new User();
$user->find_by_id($userobj->id);
} elseif ($update) {
$imported = array('firstname', 'lastname', 'email');
foreach ($imported as $field) {
if ($user->{$field} != $remoteuser->{$field}) {
$user->{$field} = $remoteuser->{$field};
set_profile_field($user->id, $field, $user->{$field});
}
}
if (isset($remoteuser->idnumber)) {
if ($user->studentid != $remoteuser->idnumber) {
$user->studentid = $remoteuser->idnumber;
set_profile_field($user->id, 'studentid', $user->studentid);
}
$imported[] = 'studentid';
}
$locked = $this->import_user_settings($user, $remoteuser);
$locked = array_merge($imported, $locked);
$user->lastlastlogin = $user->lastlogin;
$user->lastlogin = time();
//TODO: import institution's per-user-quota?:
//$user->quota = $userrecord->quota;
$user->commit();
}
if (get_config('usersuniquebyusername')) {
// Add them to the institution they have SSOed in by
$user->join_institution($peer->institution);
}
// See if we need to create/update a profile Icon image
if ($create || $update) {
$client->set_method('auth/mnet/auth.php/fetch_user_image')->add_param($remoteuser->username)->send($remotewwwroot);
$imageobject = (object) $client->response;
$u = preg_replace('/[^A-Za-z0-9 ]/', '', $user->username);
$filename = get_config('dataroot') . 'temp/mpi_' . intval($this->instanceid) . '_' . $u;
if (array_key_exists('f1', $client->response)) {
$imagecontents = base64_decode($client->response['f1']);
if (file_put_contents($filename, $imagecontents)) {
$imageexists = false;
$icons = false;
if ($update) {
$newchecksum = sha1_file($filename);
$icons = get_records_select_array('artefact', 'artefacttype = \'profileicon\' AND owner = ? ', array($user->id), '', 'id');
if (false != $icons) {
foreach ($icons as $icon) {
$iconfile = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $icon->id % 256 . '/' . $icon->id;
$checksum = sha1_file($iconfile);
if ($newchecksum == $checksum) {
$imageexists = true;
unlink($filename);
break;
}
}
}
}
if (false == $imageexists) {
$filesize = filesize($filename);
if (!$user->quota_allowed($filesize)) {
$error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
}
require_once 'file.php';
$imagesize = getimagesize($filename);
if (!$imagesize || !is_image_type($imagesize[2])) {
$error = get_string('filenotimage');
}
$mime = $imagesize['mime'];
$width = $imagesize[0];
$height = $imagesize[1];
$imagemaxwidth = get_config('imagemaxwidth');
$imagemaxheight = get_config('imagemaxheight');
if ($width > $imagemaxwidth || $height > $imagemaxheight) {
$error = get_string('profileiconimagetoobig', 'artefact.file', $width, $height, $imagemaxwidth, $imagemaxheight);
}
try {
$user->quota_add($filesize);
} catch (QuotaException $qe) {
$error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
}
require_once get_config('docroot') . '/artefact/lib.php';
require_once get_config('docroot') . '/artefact/file/lib.php';
// Entry in artefact table
$artefact = new ArtefactTypeProfileIcon();
$artefact->set('owner', $user->id);
$artefact->set('parent', ArtefactTypeFolder::get_folder_id(get_string('imagesdir', 'artefact.file'), get_string('imagesdirdesc', 'artefact.file'), null, true, $user->id));
$artefact->set('title', ArtefactTypeFileBase::get_new_file_title(get_string('profileicon', 'artefact.file'), (int) $artefact->get('parent'), $user->id));
// unique title
$artefact->set('description', get_string('uploadedprofileicon', 'artefact.file'));
$artefact->set('note', get_string('profileicon', 'artefact.file'));
$artefact->set('size', $filesize);
$artefact->set('filetype', $mime);
$artefact->set('width', $width);
$artefact->set('height', $height);
$artefact->commit();
$id = $artefact->get('id');
// Move the file into the correct place.
$directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/';
check_dir_exists($directory);
rename($filename, $directory . $id);
if ($create || empty($icons)) {
$user->profileicon = $id;
}
}
$user->commit();
} else {
log_warn(get_string('cantcreatetempprofileiconfile', 'artefact.file', $filename));
}
}
if ($update) {
$locked[] = 'profileicon';
}
}
/*******************************************/
// We know who our user is now. Bring her back to life.
$USER->reanimate($user->id, $this->instanceid);
// Set session variables to let the application know this session was
// initiated by MNET. Don't forget that users could initiate their
// sessions without MNET sometimes, which is why this data is stored in
// the session object.
$SESSION->set('mnetuser', $user->id);
$SESSION->set('authinstance', $this->instanceid);
if (isset($_SERVER['HTTP_REFERER'])) {
$SESSION->set('mnetuserfrom', $_SERVER['HTTP_REFERER']);
}
if ($update && isset($locked)) {
$SESSION->set('lockedfields', $locked);
}
return true;
}
$folder = '';
try {
$folder = param_variable('foldername');
$folder = trim($folder);
if ($folder) {
// TODO: create if doesn't exist - note assumes it is a base folder (hence null parent)
$artefact = ArtefactTypeFolder::get_folder_by_name($folder, null, $data->owner);
// id of folder you're putting the file into
if ($artefact) {
$data->parent = $artefact->id;
if ($data->parent == 0) {
$data->parent = null;
}
} else {
$fd = (object) array('owner' => $data->owner, 'title' => $folder, 'parent' => null);
$f = new ArtefactTypeFolder(0, $fd);
$f->commit();
$data->parent = $f->get('id');
}
} else {
$data->parent = null;
}
} catch (ParameterException $e) {
$data->parent = null;
}
// Check for Journal ID to add a post to
$blog = '';
$blogpost = '';
$draft = 0;
$allowcomments = 1;
try {
function siteoptions_submit(Pieform $form, $values)
{
$fields = array('sitename', 'lang', 'theme', 'dropdownmenu', 'defaultaccountlifetime', 'defaultregistrationexpirylifetime', 'defaultaccountinactiveexpire', 'defaultaccountinactivewarn', 'defaultaccountlifetimeupdate', 'allowpublicviews', 'allowpublicprofiles', 'allowanonymouspages', 'generatesitemap', 'registration_sendweeklyupdates', 'mathjax', 'institutionexpirynotification', 'institutionautosuspend', 'requireregistrationconfirm', 'showselfsearchsideblock', 'nousernames', 'searchplugin', 'showtagssideblock', 'tagssideblockmaxtags', 'country', 'viewmicroheaders', 'userscanchooseviewthemes', 'remoteavatars', 'userscanhiderealnames', 'antispam', 'spamhaus', 'surbl', 'anonymouscomments', 'recaptchaonregisterform', 'recaptchapublickey', 'recaptchaprivatekey', 'loggedinprofileviewaccess', 'disableexternalresources', 'proxyaddress', 'proxyauthmodel', 'proxyauthcredentials', 'smtphosts', 'smtpport', 'smtpuser', 'smtppass', 'smtpsecure', 'noreplyaddress', 'homepageinfo', 'showprogressbar', 'showonlineuserssideblock', 'onlineuserssideblockmaxusers', 'registerterms', 'licensemetadata', 'licenseallowcustom', 'allowmobileuploads', 'creategroups', 'createpublicgroups', 'allowgroupcategories', 'wysiwyg', 'staffreports', 'staffstats', 'userscandisabledevicedetection', 'watchlistnotification_delay', 'masqueradingreasonrequired', 'masqueradingnotified', 'searchuserspublic', 'eventloglevel', 'eventlogexpiry', 'sitefilesaccess', 'exporttoqueue', 'defaultmultipleblogs');
$count = 0;
$where_sql = " WHERE admin = 0 AND id != 0";
// if default account lifetime expiry has no end date
if (empty($values['defaultaccountlifetime'])) {
if ($values['defaultaccountlifetimeupdate'] == 'all') {
// need to remove user expiry
db_begin();
$count = count_records_sql("SELECT COUNT(*) FROM {usr} {$where_sql}");
execute_sql("UPDATE {usr} SET expiry = NULL {$where_sql}");
db_commit();
} else {
// make the 'some' option the same as 'none' as it is meaningless to
// update existing users without expiry date to having 'no end date'
$values['defaultaccountlifetimeupdate'] = 'none';
}
} else {
// fetch all the users that are not siteadmins
$user_expiry = mktime(0, 0, 0, date('n'), date('j'), date('Y')) + (int) $values['defaultaccountlifetime'];
if ($values['defaultaccountlifetimeupdate'] == 'some') {
// and the user's expiry is not set
$where_sql .= " AND expiry IS NULL";
$count = count_records_sql("SELECT COUNT(*) FROM {usr} {$where_sql}");
db_begin();
execute_sql("UPDATE {usr} SET expiry = ? {$where_sql}", array(format_date($user_expiry)));
db_commit();
} else {
if ($values['defaultaccountlifetimeupdate'] == 'all') {
// and the user's expiry is set
db_begin();
$count = count_records_sql("SELECT COUNT(*) FROM {usr} {$where_sql}");
execute_sql("UPDATE {usr} SET expiry = ? {$where_sql}", array(format_date($user_expiry)));
db_commit();
}
}
}
// if public views are disabled, sitemap generation must also be disabled.
if ($values['allowpublicviews'] == false) {
$values['generatesitemap'] = false;
} else {
// Ensure allowpublicprofiles is set as well
$values['allowpublicprofiles'] = 1;
}
$oldsearchplugin = get_config('searchplugin');
$oldlanguage = get_config('lang');
$oldtheme = get_config('theme');
foreach ($fields as $field) {
if (!set_config($field, $values[$field])) {
siteoptions_fail($form, $field);
}
}
if ($oldlanguage != $values['lang']) {
safe_require('artefact', 'file');
ArtefactTypeFolder::change_public_folder_name($oldlanguage, $values['lang']);
}
save_notification_settings($values, null, true);
if ($oldsearchplugin != $values['searchplugin']) {
// Call the old search plugin's sitewide cleanup method
safe_require('search', $oldsearchplugin);
call_static_method(generate_class_name('search', $oldsearchplugin), 'cleanup_sitewide');
// Call the new search plugin's sitewide initialize method
safe_require('search', $values['searchplugin']);
$initialize = call_static_method(generate_class_name('search', $values['searchplugin']), 'initialize_sitewide');
if (!$initialize) {
$form->reply(PIEFORM_ERR, array('message' => get_string('searchconfigerror1', 'admin', $values['searchplugin']), 'goto' => '/admin/site/options.php'));
}
}
// Call the new search plugin's can connect
safe_require('search', $values['searchplugin']);
$connect = call_static_method(generate_class_name('search', $values['searchplugin']), 'can_connect');
if (!$connect) {
$form->reply(PIEFORM_ERR, array('message' => get_string('searchconfigerror1', 'admin', $values['searchplugin']), 'goto' => '/admin/site/options.php'));
}
// submitted sessionlifetime is in minutes; db entry session_timeout is in seconds
if (!set_config('session_timeout', $values['sessionlifetime'] * 60)) {
siteoptions_fail($form, 'sessionlifetime');
}
// Submitted value is on/off; database entry should be 1/0
foreach (array('viruschecking', 'usersallowedmultipleinstitutions') as $checkbox) {
if (!set_config($checkbox, (int) ($values[$checkbox] == 'on'))) {
siteoptions_fail($form, $checkbox);
}
}
if ($values['viruschecking'] == 'on') {
$pathtoclam = escapeshellcmd(trim(get_config('pathtoclam')));
if (!$pathtoclam) {
$form->reply(PIEFORM_ERR, array('message' => get_string('clamnotset', 'mahara', $pathtoclam), 'goto' => '/admin/site/options.php'));
} else {
if (!file_exists($pathtoclam) && !is_executable($pathtoclam)) {
$form->reply(PIEFORM_ERR, array('message' => get_string('clamlost', 'mahara', $pathtoclam), 'goto' => '/admin/site/options.php'));
}
}
}
if (get_config('recaptchaonregisterform') && !(get_config('recaptchapublickey') && get_config('recaptchaprivatekey'))) {
$form->reply(PIEFORM_ERR, array('message' => get_string('recaptchakeysmissing1', 'admin'), 'goto' => '/admin/site/options.php'));
}
// Need to clear the cached menus in case site config changes effect them.
clear_menu_cache();
$message = get_string('siteoptionsset', 'admin');
if ($oldtheme != $values['theme']) {
global $USER;
$message .= ' ' . get_string('usersseenewthemeonlogin', 'admin');
$USER->reset_institutions();
}
if ($count) {
$message .= ' ' . get_string('numberusersupdated', 'admin', $count);
}
$form->reply(PIEFORM_OK, array('message' => $message, 'goto' => '/admin/site/options.php'));
}
// Home folder
if ($folderid === 0) {
if (function_exists('zip_open')) {
global $USER;
$userid = $USER->get('id');
$select = '
SELECT a.id, a.artefacttype, a.title';
$from = '
FROM {artefact} a';
$in = "('" . join("','", PluginArtefactFile::get_artefact_types()) . "')";
$where = "\n WHERE artefacttype IN {$in}";
$phvals = array();
if ($institution) {
if ($institution == 'mahara' && !$USER->get('admin')) {
// If non-admins are browsing site files, only let them see the public folder & its contents
$publicfolder = ArtefactTypeFolder::admin_public_folder_id();
$where .= '
AND (a.path = ? OR a.path LIKE ?)';
$phvals = array("/{$publicfolder}", db_like_escape("/{$publicfolder}/") . '%');
}
$where .= '
AND a.institution = ? AND a.owner IS NULL';
$phvals[] = $institution;
} else {
if ($groupid) {
$select .= ',
r.can_edit, r.can_view, r.can_republish, a.author';
$from .= '
LEFT OUTER JOIN (
SELECT ar.artefact, ar.can_edit, ar.can_view, ar.can_republish
FROM {artefact_access_role} ar
public function render_self($options)
{
$smarty = smarty_core();
$artefacturl = get_config('wwwroot') . 'view/artefact.php?artefact=' . $this->get('id');
if (isset($options['viewid'])) {
$artefacturl .= '&view=' . $options['viewid'];
}
$smarty->assign('artefacturl', $artefacturl);
if (empty($options['hidetitle'])) {
if (isset($options['viewid'])) {
$smarty->assign('artefacttitle', '<a href="' . $artefacturl . '">' . hsc($this->get('title')) . '</a>');
} else {
$smarty->assign('artefacttitle', hsc($this->get('title')));
}
}
// We need to make sure that the images in the post have the right viewid associated with them
$postcontent = $this->get('description');
if (isset($options['viewid'])) {
safe_require('artefact', 'file');
$postcontent = ArtefactTypeFolder::append_view_url($postcontent, $options['viewid']);
if (isset($options['countcomments']) && $this->allowcomments) {
safe_require('artefact', 'comment');
$empty = array();
$ids = array($this->id);
$commentcount = ArtefactTypeComment::count_comments($empty, $ids);
$smarty->assign('commentcount', $commentcount ? $commentcount[$this->id]->comments : 0);
}
}
$smarty->assign('artefactdescription', $postcontent);
$smarty->assign('artefact', $this);
$attachments = $this->get_attachments();
if ($attachments) {
$this->add_to_render_path($options);
require_once get_config('docroot') . 'artefact/lib.php';
foreach ($attachments as &$attachment) {
$f = artefact_instance_from_id($attachment->id);
$attachment->size = $f->describe_size();
$attachment->iconpath = $f->get_icon(array('id' => $attachment->id, 'viewid' => isset($options['viewid']) ? $options['viewid'] : 0));
$attachment->viewpath = get_config('wwwroot') . 'view/artefact.php?artefact=' . $attachment->id . '&view=' . (isset($options['viewid']) ? $options['viewid'] : 0);
$attachment->downloadpath = get_config('wwwroot') . 'artefact/file/download.php?file=' . $attachment->id;
if (isset($options['viewid'])) {
$attachment->downloadpath .= '&view=' . $options['viewid'];
}
}
$smarty->assign('attachments', $attachments);
}
$smarty->assign('postedbyon', get_string('postedbyon', 'artefact.blog', display_name($this->owner), format_date($this->ctime)));
return array('html' => $smarty->fetch('artefact:blog:render/blogpost_renderfull.tpl'), 'javascript' => '');
}
/**
* Change language-specific stuff in the db for a user. Currently
* changes the name of the 'assessmentfiles' folder in the user's
* files area and the views and artefacts tagged for the profile
* sideblock
*
* @param int $userid user id to set preference for
* @param string $oldlang old language
* @param string $newlang new language
*/
function change_language($userid, $oldlang, $newlang)
{
if (get_field('artefact_installed', 'active', 'name', 'file')) {
safe_require('artefact', 'file');
ArtefactTypeFolder::change_language($userid, $oldlang, $newlang);
}
set_field_select('artefact_tag', 'tag', get_string_from_language($newlang, 'profile'), 'WHERE tag = ? AND artefact IN (SELECT id FROM {artefact} WHERE "owner" = ?)', array(get_string_from_language($oldlang, 'profile'), $userid));
set_field_select('view_tag', 'tag', get_string_from_language($newlang, 'profile'), 'WHERE tag = ? AND "view" IN (SELECT id FROM {view} WHERE "owner" = ?)', array(get_string_from_language($oldlang, 'profile'), $userid));
}
/**
* Return artefacts available for inclusion in a particular block
*
*/
public static function get_artefactchooser_artefacts($data, $owner = null, $group = null, $institution = null, $short = false)
{
if ($owner === null) {
global $USER;
$user = $USER;
} else {
if ($owner instanceof User) {
$user = $owner;
} else {
if (intval($owner) != 0 || $owner == "0") {
$user = new User();
$user->find_by_id(intval($owner));
} else {
throw new SystemException("Invalid argument type " . gettype($owner) . " passed to View::get_artefactchooser_artefacts");
}
}
}
$offset = !empty($data['offset']) ? $data['offset'] : null;
$limit = !empty($data['limit']) ? $data['limit'] : null;
$sortorder = '';
if (!empty($data['sortorder'])) {
foreach ($data['sortorder'] as $field) {
if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) {
continue;
// skip this item (it fails validation)
}
$order = 'ASC';
if (!empty($field['order']) && 'DESC' == strtoupper($field['order'])) {
$order = 'DESC';
}
if (empty($sortorder)) {
$sortorder .= ' ORDER BY ';
} else {
$sortorder .= ', ';
}
$sortorder .= $field['fieldname'] . ' ' . $order;
}
}
$extraselect = '';
if (isset($data['extraselect'])) {
foreach ($data['extraselect'] as $field) {
if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) {
continue;
// skip this item (it fails validation)
}
// Sanitise all values
$values = $field['values'];
foreach ($values as &$val) {
if ($field['type'] == 'int') {
$val = (int) $val;
} elseif ($field['type'] == 'string') {
$val = db_quote($val);
} else {
throw new SystemException("Unsupported field type '" . $field['type'] . "' passed to View::get_artefactchooser_artefacts");
}
}
$extraselect .= ' AND ';
if (count($values) > 1) {
$extraselect .= $field['fieldname'] . ' IN (' . implode(', ', $values) . ')';
} else {
$extraselect .= $field['fieldname'] . ' = ' . reset($values);
}
}
}
$from = ' FROM {artefact} a ';
if ($group) {
// Get group-owned artefacts that the user has view
// permission on, and site-owned artefacts
$from .= '
LEFT OUTER JOIN (
SELECT
r.artefact, r.can_view, r.can_edit, m.group
FROM
{group_member} m
JOIN {artefact} aa ON aa.group = m.group
JOIN {artefact_access_role} r ON aa.id = r.artefact AND r.role = m.role
WHERE
m.group = ?
AND m.member = ?
AND r.can_view = 1
) ga ON (ga.group = a.group AND a.id = ga.artefact)';
$select = "(a.institution = 'mahara' OR ga.can_view = 1";
$ph = array((int) $group, $user->get('id'));
if (!empty($data['userartefactsallowed'])) {
$select .= ' OR a.owner = ?';
$ph[] = $user->get('id');
}
$select .= ')';
} else {
if ($institution) {
// Site artefacts & artefacts owned by this institution
$select = "(a.institution = 'mahara' OR a.institution = ?)";
$ph = array($institution);
} else {
// The view is owned by a normal user
// Get artefacts owned by the user, group-owned artefacts
// the user has republish permission on, artefacts owned
// by the user's institutions.
safe_require('artefact', 'file');
$public = (int) ArtefactTypeFolder::admin_public_folder_id();
$select = '(
a.owner = ?
OR a.id IN (
SELECT id
FROM {artefact}
WHERE (path = ? OR path LIKE ?) AND institution = \'mahara\'
)
OR a.id IN (
SELECT aar.artefact
FROM {group_member} m
JOIN {artefact} aa ON m.group = aa.group
JOIN {artefact_access_role} aar ON aar.role = m.role AND aar.artefact = aa.id
WHERE m.member = ? AND aar.can_republish = 1
)
OR a.id IN (SELECT artefact FROM {artefact_access_usr} WHERE usr = ? AND can_republish = 1)';
$ph = array($user->get('id'), "/{$public}", db_like_escape("/{$public}/") . '%', $user->get('id'), $user->get('id'));
$institutions = array_keys($user->get('institutions'));
if ($user->get('admin')) {
$institutions[] = 'mahara';
}
if ($institutions) {
$select .= '
OR a.institution IN (' . join(',', array_fill(0, count($institutions), '?')) . ')';
$ph = array_merge($ph, $institutions);
}
$select .= "\n )";
}
}
if (!empty($data['artefacttypes']) && is_array($data['artefacttypes'])) {
$select .= ' AND artefacttype IN(' . join(',', array_fill(0, count($data['artefacttypes']), '?')) . ')';
$ph = array_merge($ph, $data['artefacttypes']);
}
if (!empty($data['search'])) {
$search = db_quote('%' . str_replace('%', '%%', $data['search']) . '%');
$select .= 'AND (title ' . db_ilike() . '(' . $search . ') OR description ' . db_ilike() . '(' . $search . ') )';
}
$select .= $extraselect;
$selectph = $countph = $ph;
if ($short) {
// We just want to know which artefact ids are allowed for inclusion in a view,
// but get_records_sql_assoc wants > 1 column
$cols = 'a.id, a.id AS b';
} else {
$cols = 'a.*';
// We also want to know which artefacts can be edited by the logged-in user within
// the context of the view. For an institution view, all artefacts from the same
// institution are editable. For an individual view, artefacts with the same 'owner'
// are editable. For group views, only those artefacts with the can_edit permission
// out of artefact_access_role are editable.
if ($group) {
$expr = 'ga.can_edit IS NOT NULL AND ga.can_edit = 1';
} else {
if ($institution) {
$expr = 'a.institution = ?';
array_unshift($selectph, $institution);
} else {
$expr = 'a.owner IS NOT NULL AND a.owner = ?';
array_unshift($selectph, $user->get('id'));
}
}
if (is_mysql()) {
$cols .= ", ({$expr}) AS editable";
} else {
$cols .= ", CAST({$expr} AS INTEGER) AS editable";
}
}
$artefacts = get_records_sql_assoc('SELECT ' . $cols . $from . ' WHERE ' . $select . $sortorder, $selectph, $offset, $limit);
$totalartefacts = count_records_sql('SELECT COUNT(*) ' . $from . ' WHERE ' . $select, $countph);
return array($artefacts, $totalartefacts);
}
/**
* Given a filesystem directory and the artefact data corresponding to that
* directory, creates an index.html for it.
*
* @param string $filesystemdirectory The file system directory to make the
* index.html inside
* @param int $level How deep this directory index is
* @param object $artefactdata Artefact data relating to the folder
* represented by this directory
*/
private function create_index_for_directory($filesystemdirectory, $level, ArtefactTypeFolder $artefact = null)
{
$smarty = $this->exporter->get_smarty(str_repeat('../', $level + 2), 'file');
$smarty->assign('page_heading', get_string('Files', 'artefact.file'));
$smarty->assign('breadcrumbs', array(array('text' => 'Files', 'path' => 'index.html')));
if ($artefact) {
$smarty->assign('folder', ArtefactTypeFileBase::get_full_path($artefact->get('id'), $this->artefactdata));
} else {
$smarty->assign('folder', '/');
}
$id = $artefact ? $artefact->get('id') : null;
$smarty->assign('folders', $this->prepare_artefacts_for_smarty($id, true));
$smarty->assign('files', $this->prepare_artefacts_for_smarty($id, false));
$content = $smarty->fetch('export:html/file:index.tpl');
if (false === file_put_contents($filesystemdirectory . 'index.html', $content)) {
throw new SystemException("Unable to create index.html for directory {$id}");
}
}
}
if (!can_view_view($viewid)) {
throw new AccessDeniedException('');
}
if (!$file instanceof ArtefactTypeFile) {
throw new NotFoundException();
}
} else {
// We just have a file ID
$file = artefact_instance_from_id($fileid);
if (!$file instanceof ArtefactTypeFile) {
throw new NotFoundException();
}
// If the file is in the public directory, it's fine to serve
$fileispublic = $file->get('institution') == 'mahara';
$fileispublic = $fileispublic && (bool) get_field('artefact', 'id', 'id', $fileid, 'parent', ArtefactTypeFolder::admin_public_folder_id());
if (!$fileispublic) {
// If the file is in the logged in menu and the user is logged in then
// they can view it
$fileinloggedinmenu = $file->get('institution') == 'mahara';
// check if users are allowed to access files in subfolders
if (!get_config('sitefilesaccess')) {
$fileinloggedinmenu = $fileinloggedinmenu && $file->get('parent') == null;
}
$fileinloggedinmenu = $fileinloggedinmenu && $USER->is_logged_in();
$fileinloggedinmenu = $fileinloggedinmenu && record_exists('site_menu', 'file', $fileid, 'public', 0);
if (!$fileinloggedinmenu) {
// Alternatively, if you own the file or you are an admin, it should always work
if (!$USER->can_view_artefact($file)) {
// Check for images sitting in visible forum posts
$visibleinpost = false;
/**
* Return artefacts available for inclusion in a particular block
*
*/
public static function get_artefactchooser_artefacts($data, $group = null, $institution = null, $short = false)
{
global $USER;
$offset = !empty($data['offset']) ? $data['offset'] : null;
$limit = !empty($data['limit']) ? $data['limit'] : null;
$sortorder = !empty($data['sortorder']) ? $data['sortorder'] : false;
$extraselect = isset($data['extraselect']) ? ' AND ' . $data['extraselect'] : '';
$from = ' FROM {artefact} a ';
if (isset($data['extrajoin'])) {
$from .= $data['extrajoin'];
}
if ($group) {
// Get group-owned artefacts that the user has view
// permission on, and site-owned artefacts
$from .= '
LEFT OUTER JOIN (
SELECT
r.artefact, r.can_view, m.group
FROM
{artefact_access_role} r
INNER JOIN {group_member} m ON r.role = m.role
WHERE
m."group" = ' . $group . '
AND m.member = ' . $USER->get('id') . '
AND r.can_view = 1
) ga ON (ga.group = a.group AND a.id = ga.artefact)';
$select = "(a.institution = 'mahara' OR ga.can_view = 1)";
} else {
if ($institution) {
// Site artefacts & artefacts owned by this institution
$select = "(a.institution = 'mahara' OR a.institution = '{$institution}')";
} else {
// The view is owned by a normal user
// Get artefacts owned by the user, group-owned artefacts
// the user has republish permission on, artefacts owned
// by the user's institutions.
$from .= '
LEFT OUTER JOIN {artefact_access_usr} aau ON (a.id = aau.artefact AND aau.usr = '******'id') . ')
LEFT OUTER JOIN {artefact_parent_cache} apc ON (a.id = apc.artefact)
LEFT OUTER JOIN (
SELECT
aar.artefact, aar.can_republish, m.group
FROM
{artefact_access_role} aar
INNER JOIN {group_member} m ON aar.role = m.role
WHERE
m.member = ' . $USER->get('id') . '
AND aar.can_republish = 1
) ra ON (a.id = ra.artefact AND a.group = ra.group)';
$institutions = array_keys($USER->get('institutions'));
$select = '(
owner = ' . $USER->get('id') . '
OR ra.can_republish = 1
OR aau.can_republish = 1';
if ($USER->get('admin')) {
$institutions[] = 'mahara';
} else {
safe_require('artefact', 'file');
$select .= "\n OR ( a.institution = 'mahara' AND apc.parent = " . ArtefactTypeFolder::admin_public_folder_id() . ')';
}
if ($institutions) {
$select .= '
OR a.institution IN (' . join(',', array_map('db_quote', $institutions)) . ')';
}
$select .= "\n )";
}
}
if (!empty($data['artefacttypes']) && is_array($data['artefacttypes'])) {
$select .= ' AND artefacttype IN(' . implode(',', array_map('db_quote', $data['artefacttypes'])) . ')';
}
if (!empty($data['search'])) {
$search = db_quote('%' . str_replace('%', '%%', $data['search']) . '%');
$select .= 'AND (title ' . db_ilike() . '(' . $search . ') OR description ' . db_ilike() . '(' . $search . ') )';
}
$select .= $extraselect;
$cols = $short ? 'a.id, a.id AS b' : 'a.*';
// get_records_sql_assoc wants > 1 column
$artefacts = get_records_sql_assoc('SELECT ' . $cols . $from . ' WHERE ' . $select . ($sortorder ? ' ORDER BY ' . $sortorder : ''), null, $offset, $limit);
$totalartefacts = count_records_sql('SELECT COUNT(*) ' . $from . ' WHERE ' . $select);
return array($artefacts, $totalartefacts);
}
/**
* This function returns a list of posts in a given blog.
*
* @param integer
* @param integer
* @param integer
* @param array
*/
public static function get_posts($id, $limit, $offset, $viewoptions = null)
{
$results = array('limit' => $limit, 'offset' => $offset);
// If viewoptions is null, we're getting posts for the my blogs area,
// and we should get all posts & show drafts first. Otherwise it's a
// blog in a view, and we should only get published posts.
$from = "\n FROM {artefact} a LEFT JOIN {artefact_blog_blogpost} bp ON a.id = bp.blogpost\n WHERE a.artefacttype = 'blogpost' AND a.parent = ?";
if (!is_null($viewoptions)) {
if (isset($viewoptions['before'])) {
$from .= " AND a.ctime < '{$viewoptions['before']}'";
}
$from .= ' AND bp.published = 1';
}
$results['count'] = count_records_sql('SELECT COUNT(*) ' . $from, array($id));
$data = get_records_sql_assoc('
SELECT
a.id, a.title, a.description, a.author, a.authorname, ' . db_format_tsfield('a.ctime', 'ctime') . ', ' . db_format_tsfield('a.mtime', 'mtime') . ',
a.locked, bp.published, a.allowcomments ' . $from . '
ORDER BY bp.published ASC, a.ctime DESC, a.id DESC', array($id), $offset, $limit);
if (!$data) {
$results['data'] = array();
return $results;
}
// Get the attached files.
$postids = array_map(create_function('$a', 'return $a->id;'), $data);
$files = ArtefactType::attachments_from_id_list($postids);
if ($files) {
safe_require('artefact', 'file');
foreach ($files as &$file) {
$params = array('id' => $file->attachment);
if (!empty($viewoptions['viewid'])) {
$params['viewid'] = $viewoptions['viewid'];
}
$file->icon = call_static_method(generate_artefact_class_name($file->artefacttype), 'get_icon', $params);
$data[$file->artefact]->files[] = $file;
}
}
if ($tags = ArtefactType::tags_from_id_list($postids)) {
foreach ($tags as &$at) {
$data[$at->artefact]->tags[] = $at->tag;
}
}
foreach ($data as &$post) {
// Format dates properly
if (is_null($viewoptions)) {
// My Blogs area: create forms for changing post status & deleting posts.
$post->changepoststatus = ArtefactTypeBlogpost::changepoststatus_form($post->id, $post->published);
$post->delete = ArtefactTypeBlogpost::delete_form($post->id, $post->title);
} else {
$by = $post->author ? display_default_name($post->author) : $post->authorname;
$post->postedby = get_string('postedbyon', 'artefact.blog', $by, format_date($post->ctime));
// Get comment counts
if (!empty($viewoptions['countcomments'])) {
safe_require('artefact', 'comment');
require_once get_config('docroot') . 'lib/view.php';
$view = new View($viewoptions['viewid']);
$artefact = artefact_instance_from_id($post->id);
list($commentcount, $comments) = ArtefactTypeComment::get_artefact_comments_for_view($artefact, $view, null, false);
$post->commentcount = $commentcount;
$post->comments = $comments;
}
}
$post->ctime = format_date($post->ctime, 'strftimedaydatetime');
$post->mtime = format_date($post->mtime);
// Ensure images in the post have the right viewid associated with them
if (!empty($viewoptions['viewid'])) {
safe_require('artefact', 'file');
$post->description = ArtefactTypeFolder::append_view_url($post->description, $viewoptions['viewid']);
}
}
$results['data'] = array_values($data);
return $results;
}
/**
* Dumps all views into the PDF ready HTML format
*/
private function create_html()
{
global $THEME;
$progressstart = 55;
$progressend = 75;
$i = 0;
$viewcount = count($this->views);
// multiple views append header with standard theme
if (!$this->exportingoneview) {
$smarty = $this->get_smarty();
$header = $smarty->fetch('export:pdf:head.tpl');
if (!file_put_contents("{$this->exportdir}/{$this->rootdir}/" . "index.html", $header, FILE_APPEND | LOCK_EX)) {
throw new SystemException("Could not write view page for pdf export");
}
}
foreach ($this->views as $id => $view) {
$this->notify_progress_callback(intval($progressstart + ++$i / $viewcount * ($progressend - $progressstart)), get_string('exportingviewsprogress', 'export', $i, $viewcount));
// Set up view theme if we're just exporting a single view
if (!isset($smarty) && $this->exportingoneview) {
$viewtheme = $view->get('theme');
if ($viewtheme && $THEME->basename != $viewtheme) {
$THEME = new Theme($viewtheme);
}
$smarty = $this->get_smarty();
$header = $smarty->fetch('export:pdf:head.tpl');
if (!file_put_contents("{$this->exportdir}/{$this->rootdir}/" . "index.html", $header, FILE_APPEND | LOCK_EX)) {
throw new SystemException("Could not write view page for pdf export");
}
}
$owner = $view->get('owner');
$viewtype = $view->get('type');
if (get_config('viewmicroheaders')) {
$smarty->assign('microheadertitle', $view->display_title(true, false));
}
// fetch the html for a single view
$smarty->assign('viewtitle', $view->get('title'));
$smarty->assign('ownername', $view->formatted_owner());
$smarty->assign('viewdescription', ArtefactTypeFolder::append_view_url($view->get('description'), $view->get('id')));
$smarty->assign('viewcontent', $view->build_rows(false, true));
$smarty->assign('tags', $view->get('tags'));
$viewcontent = $smarty->fetch('export:pdf:view.tpl');
// include a pagebreak into the pdf if we are exporting multiple views
if (!$this->exportingoneview && $i < $viewcount) {
$viewcontent .= $smarty->fetch('export:pdf:pagebreak.tpl');
}
// append any new views to the end of the main html for a bulk export
if (!file_put_contents("{$this->exportdir}/{$this->rootdir}/" . "index.html", $viewcontent, FILE_APPEND | LOCK_EX)) {
throw new SystemException("Could not write view page for pdf export");
}
}
// append footer
$footer = $smarty->fetch('export:pdf:foot.tpl');
if (!file_put_contents("{$this->exportdir}/{$this->rootdir}/" . "index.html", $footer, FILE_APPEND | LOCK_EX)) {
throw new SystemException("Could not write view page for pdf export");
}
}
function add_feedback_form_submit(Pieform $form, $values)
{
global $view, $artefact, $USER;
$data = (object) array('title' => get_string('Comment', 'artefact.comment'), 'description' => $values['message']);
if ($artefact) {
$data->onartefact = $artefact->get('id');
$data->owner = $artefact->get('owner');
$data->group = $artefact->get('group');
$data->institution = $artefact->get('institution');
} else {
$data->onview = $view->get('id');
$data->owner = $view->get('owner');
$data->group = $view->get('group');
$data->institution = $view->get('institution');
}
if ($author = $USER->get('id')) {
$anonymous = false;
$data->author = $author;
} else {
$anonymous = true;
$data->authorname = $values['authorname'];
}
if (isset($values['moderate']) && $values['ispublic'] && !$USER->can_edit_view($view)) {
$data->private = 1;
$data->requestpublic = 'author';
$moderated = true;
} else {
$data->private = (int) (!$values['ispublic']);
$moderated = false;
}
$private = $data->private;
if (get_config('licensemetadata')) {
$data->license = $values['license'];
$data->licensor = $values['licensor'];
$data->licensorurl = $values['licensorurl'];
}
if (isset($values['rating'])) {
$data->rating = valid_rating($values['rating']);
}
$comment = new ArtefactTypeComment(0, $data);
db_begin();
$comment->commit();
$url = $comment->get_view_url($view->get('id'), true, false);
$goto = get_config('wwwroot') . $url;
if (isset($data->requestpublic) && $data->requestpublic === 'author' && $data->owner) {
$arg = $author ? display_name($USER, null, true) : $data->authorname;
$moderatemsg = (object) array('subject' => false, 'message' => false, 'strings' => (object) array('subject' => (object) array('key' => 'makepublicrequestsubject', 'section' => 'artefact.comment', 'args' => array()), 'message' => (object) array('key' => 'makepublicrequestbyauthormessage', 'section' => 'artefact.comment', 'args' => array(hsc($arg))), 'urltext' => (object) array('key' => 'Comment', 'section' => 'artefact.comment')), 'users' => array($data->owner), 'url' => $url);
}
if (!empty($values['attachments']) && is_array($values['attachments']) && !empty($data->author)) {
require_once get_config('libroot') . 'uploadmanager.php';
safe_require('artefact', 'file');
$ownerlang = empty($data->owner) ? get_config('lang') : get_user_language($data->owner);
$folderid = ArtefactTypeFolder::get_folder_id(get_string_from_language($ownerlang, 'feedbackattachdirname', 'artefact.comment'), get_string_from_language($ownerlang, 'feedbackattachdirdesc', 'artefact.comment'), null, true, $data->owner, $data->group, $data->institution);
$attachment = (object) array('owner' => $data->owner, 'group' => $data->group, 'institution' => $data->institution, 'author' => $data->author, 'allowcomments' => 0, 'parent' => $folderid, 'description' => get_string_from_language($ownerlang, 'feedbackonviewbyuser', 'artefact.comment', $view->get('title'), display_name($USER)));
foreach ($values['attachments'] as $filesindex) {
$originalname = $_FILES[$filesindex]['name'];
$attachment->title = ArtefactTypeFileBase::get_new_file_title($originalname, $folderid, $data->owner, $data->group, $data->institution);
try {
$fileid = ArtefactTypeFile::save_uploaded_file($filesindex, $attachment);
} catch (QuotaExceededException $e) {
if ($data->owner == $USER->get('id')) {
$form->reply(PIEFORM_ERR, array('message' => $e->getMessage()));
}
redirect($goto);
} catch (UploadException $e) {
$form->reply(PIEFORM_ERR, array('message' => $e->getMessage()));
redirect($goto);
}
$comment->attach($fileid);
}
}
require_once 'activity.php';
$data = (object) array('commentid' => $comment->get('id'), 'viewid' => $view->get('id'));
activity_occurred('feedback', $data, 'artefact', 'comment');
if (isset($moderatemsg)) {
activity_occurred('maharamessage', $moderatemsg);
}
db_commit();
$newlist = ArtefactTypeComment::get_comments(10, 0, 'last', $view, $artefact);
// If you're anonymous and your message is moderated or private, then you won't
// be able to tell what happened to it. So we'll provide some more explanation in
// the feedback message.
if ($anonymous && $moderated) {
$message = get_string('feedbacksubmittedmoderatedanon', 'artefact.comment');
} else {
if ($anonymous && $private) {
$message = get_string('feedbacksubmittedprivateanon', 'artefact.comment');
} else {
$message = get_string('feedbacksubmitted', 'artefact.comment');
}
}
$form->reply(PIEFORM_OK, array('message' => $message, 'goto' => $goto, 'data' => $newlist));
}
public function create_folder($folder)
{
$newfolder = new ArtefactTypeFolder(0, $this->data['template']);
$newfolder->commit();
$folderindex = ($folder == '.' ? '' : $folder . '/') . $this->data['template']->title;
$this->data['folderids'][$folderindex] = $newfolder->get('id');
$this->data['folderscreated']++;
}
// in the initial call to smarty()
$smarty->assign('sitelogo', $THEME->header_logo($skindata['header_logo_image']));
}
}
}
// Provide a link for roaming teachers to return
if ($mnetviewlist = $SESSION->get('mnetviewaccess')) {
if (isset($mnetviewlist[$view->get('id')])) {
$returnurl = $SESSION->get('mnetuserfrom');
require_once get_config('docroot') . 'api/xmlrpc/lib.php';
if ($peer = get_peer_from_instanceid($SESSION->get('authinstance'))) {
$smarty->assign('mnethost', array('name' => $peer->name, 'url' => $returnurl ? $returnurl : $peer->wwwroot));
}
}
}
$smarty->assign('viewdescription', ArtefactTypeFolder::append_view_url($view->get('description'), $view->get('id')));
$smarty->assign('viewcontent', $viewcontent);
$smarty->assign('releaseform', $releaseform);
if (isset($addfeedbackform)) {
$smarty->assign('enablecomments', 1);
$smarty->assign('addfeedbackform', $addfeedbackform);
}
if (isset($objectionform)) {
$smarty->assign('objectionform', $objectionform);
$smarty->assign('notrudeform', $notrudeform);
}
$smarty->assign('viewbeingwatched', $viewbeingwatched);
if ($viewgroupform) {
$smarty->assign('view_group_submission_form', $viewgroupform);
}
if ($titletext !== $title) {
public function create_folder($folder)
{
$newfolder = new ArtefactTypeFolder(0, $this->data['template']);
$newfolder->commit();
if ($this->archivetype == 'zip') {
$folderindex = $folder == '.' ? $this->data['template']->title . '/' : $folder . $this->data['template']->title . '/';
} else {
$folderindex = ($folder == '.' ? '' : $folder . '/') . $this->data['template']->title;
}
$this->data['folderids'][$folderindex] = $newfolder->get('id');
$this->data['folderscreated']++;
}
/**
* Creates a folder artefact based on the given entry.
*
* @param SimpleXMLElement $entry The entry to base the folder's data on
* @param PluginImport $importer The importer
* @param int $parent The ID of the parent artefact for this folder
* @throws ImportException If the given entry is not detected as being a folder
* @return int The ID of the folder artefact created
*/
private static function create_folder(SimpleXMLElement $entry, PluginImport $importer, $parent = null)
{
if (!self::is_folder($entry, $importer)) {
throw new ImportException($importer, "create_folder(): Cannot create a folder artefact from an entry we don't recognise as a folder");
}
$folder = new ArtefactTypeFolder();
$folder->set('title', (string) $entry->title);
$folder->set('description', PluginImportLeap::get_entry_content($entry, $importer));
if ($published = strtotime((string) $entry->published)) {
$folder->set('ctime', $published);
}
if ($updated = strtotime((string) $entry->updated)) {
$folder->set('mtime', $updated);
}
$folder->set('owner', $importer->get('usr'));
$folder->set('tags', PluginImportLeap::get_entry_tags($entry));
if ($parent) {
$folder->set('parent', $parent);
}
$folder->commit();
return $folder->get('id');
}
public static function change_language($userid, $oldlang, $newlang)
{
$oldname = get_string_from_language($oldlang, 'feedbackattachdirname', 'view');
$artefact = ArtefactTypeFolder::get_folder_by_name($oldname, null, $userid);
if (empty($artefact)) {
return;
}
$name = get_string_from_language($newlang, 'feedbackattachdirname', 'view');
$description = get_string_from_language($newlang, 'feedbackattachdirdesc', 'view');
if (!empty($name)) {
$artefact = artefact_instance_from_id($artefact->id);
$artefact->set('title', $name);
$artefact->set('description', $description);
$artefact->commit();
}
}
/**
* Indicates whether the user can see the artefact *in the artefact chooser*, and use
* it in Pages within its ownership context. In other words, if it's a group file, they
* can use it in Pages for that group, but not in their own personal Pages. The function
* name refers to the "view" permission for group files.
*
* WARNING: Despite the similarity in name to can_view_view(), this method DOESN'T
* check for general permission to "see" an artefact, i.e. to download it or view
* its artefact detail page. For that, you need to use artefact_in_view() followed by
* can_view_view().
*
* TODO: Rename this to something less misleading?
*
* @param ArtefactType $a
*/
public function can_view_artefact($a)
{
global $USER;
// Files in the public site folder and its subfolders
if ($a instanceof ArtefactTypeFileBase) {
$publicfolderid = ArtefactTypeFolder::admin_public_folder_id();
$fileispublic = $a->get('id') == $publicfolderid || $a->get('institution') == 'mahara' && (bool) get_field('artefact', 'id', 'id', $a->get('id'), 'parent', $publicfolderid);
if ($fileispublic) {
return true;
}
}
$parent = $a->get_parent_instance();
if ($parent) {
if (!$this->can_view_artefact($parent)) {
return false;
}
}
if ($this->get('admin') || ($this->get('id') and $this->get('id') == $a->get('owner')) || ($a->get('institution') and $this->is_institutional_admin($a->get('institution'))) || $a->get('institution') && $this->in_institution($a->get('institution')) && in_array($a->get('artefacttype'), array('blog', 'blogpost'))) {
return true;
} else {
if ($a->get('institution') == 'mahara') {
$thisparent = $a->get('parent');
// if we are looking at the public folder or items in it
if ($a->get('id') == ArtefactTypeFolder::admin_public_folder_id() || !empty($thisparent) && $thisparent == ArtefactTypeFolder::admin_public_folder_id()) {
return true;
}
}
}
if ($a->get('group')) {
if ($USER->get('id') == $a->get('author')) {
// uploader of group file should always have access to it
return true;
}
// Only group artefacts can have artefact_access_role & artefact_access_usr records
return (bool) count_records_sql("SELECT COUNT(*) FROM {artefact_access_role} ar\n INNER JOIN {group_member} g ON ar.role = g.role\n WHERE ar.artefact = ? AND g.member = ? AND ar.can_view = 1 AND g.group = ?", array($a->get('id'), $this->get('id'), $a->get('group'))) || record_exists('artefact_access_usr', 'usr', $this->get('id'), 'artefact', $a->get('id'));
}
return false;
}
function upload_submit(Pieform $form, $values)
{
global $USER, $filesize;
safe_require('artefact', 'file');
try {
$USER->quota_add($filesize);
} catch (QuotaException $qe) {
$form->json_reply(PIEFORM_ERR, array('message' => get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'))));
}
// Entry in artefact table
$data = new stdClass();
$data->owner = $USER->id;
$data->parent = ArtefactTypeFolder::get_folder_id(get_string('imagesdir', 'artefact.file'), get_string('imagesdirdesc', 'artefact.file'), null, true, $USER->id);
$data->title = $values['title'] ? $values['title'] : $values['file']['name'];
$data->title = ArtefactTypeFileBase::get_new_file_title($data->title, (int) $data->parent, $USER->id);
// unique title
$data->note = $values['file']['name'];
$data->size = $filesize;
$imageinfo = getimagesize($values['file']['tmp_name']);
$data->width = $imageinfo[0];
$data->height = $imageinfo[1];
$data->filetype = $imageinfo['mime'];
$data->description = get_string('uploadedprofileicon', 'artefact.file');
$artefact = new ArtefactTypeProfileIcon(0, $data);
if (preg_match("/\\.([^\\.]+)\$/", $values['file']['name'], $saved)) {
$artefact->set('oldextension', $saved[1]);
}
$artefact->commit();
$id = $artefact->get('id');
// Move the file into the correct place.
$directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/';
check_dir_exists($directory);
move_uploaded_file($values['file']['tmp_name'], $directory . $id);
$USER->commit();
$form->json_reply(PIEFORM_OK, get_string('profileiconaddedtoimagesfolder', 'artefact.file', get_string('imagesdir', 'artefact.file')));
}
function pieform_element_filebrowser_changeowner(Pieform $form, $element)
{
$prefix = $form->get_name() . '_' . $element['name'];
$newtabdata = pieform_element_filebrowser_configure_tabs($element['tabs'], $prefix);
$smarty = smarty_core();
$smarty->assign('prefix', $prefix);
$smarty->assign('querybase', $element['page'] . (strpos($element['page'], '?') === false ? '?' : '&'));
$smarty->assign('tabs', $newtabdata);
$newtabhtml = $smarty->fetch('artefact:file:form/ownertabs.tpl');
$newsubtabhtml = $smarty->fetch('artefact:file:form/ownersubtabs.tpl');
$group = null;
$institution = null;
$user = null;
$userid = null;
$folder = 0;
if ($newtabdata['owner'] == 'site') {
global $USER;
if (!$USER->get('admin')) {
$folder = ArtefactTypeFolder::admin_public_folder_id();
}
$institution = 'mahara';
} else {
if ($newtabdata['owner'] == 'institution') {
$institution = $newtabdata['ownerid'];
} else {
if ($newtabdata['owner'] == 'group') {
$group = $newtabdata['ownerid'];
} else {
if ($newtabdata['owner'] == 'user') {
$user = true;
$userid = $newtabdata['ownerid'];
}
}
}
}
return array('error' => false, 'changedowner' => true, 'changedfolder' => true, 'editmeta' => (int) ($user && !$element['config']['edit'] && !empty($element['config']['tag'])), 'newtabdata' => $newtabdata, 'folder' => $folder, 'disableedit' => $group && !pieform_element_filebrowser_edit_group_folder($group, $folder), 'newlist' => pieform_element_filebrowser_build_filelist($form, $element, $folder, null, $user, $group, $institution), 'newpath' => pieform_element_filebrowser_build_path($form, $element, $folder, $newtabdata['owner'], $newtabdata['ownerid']), 'newtabs' => $newtabhtml, 'newsubtabs' => $newsubtabhtml);
}
/**
* Return artefacts available for inclusion in a particular block
*
*/
public static function get_artefactchooser_artefacts($data, $owner = null, $group = null, $institution = null, $short = false)
{
if ($owner === null) {
global $USER;
$user = $USER;
} else {
if ($owner instanceof User) {
$user = $owner;
} else {
if (intval($owner) != 0) {
$user = new User();
$user->find_by_id(intval($owner));
} else {
throw new SystemException("Invalid argument type " . gettype($owner) . " passed to View::get_artefactchooser_artefacts");
}
}
}
$offset = !empty($data['offset']) ? $data['offset'] : null;
$limit = !empty($data['limit']) ? $data['limit'] : null;
$sortorder = '';
if (!empty($data['sortorder'])) {
foreach ($data['sortorder'] as $field) {
if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) {
continue;
// skip this item (it fails validation)
}
$order = 'ASC';
if (!empty($field['order']) && 'DESC' == strtoupper($field['order'])) {
$order = 'DESC';
}
if (empty($sortorder)) {
$sortorder .= 'ORDER BY ';
} else {
$sortorder .= ', ';
}
$sortorder .= $field['fieldname'] . ' ' . $order;
}
}
$extraselect = '';
if (isset($data['extraselect'])) {
foreach ($data['extraselect'] as $field) {
if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) {
continue;
// skip this item (it fails validation)
}
// Sanitise all values
$values = $field['values'];
foreach ($values as &$val) {
if ($field['type'] == 'int') {
$val = (int) $val;
} elseif ($field['type'] == 'string') {
$val = db_quote($val);
} else {
throw new SystemException("Unsupported field type '" . $field['type'] . "' passed to View::get_artefactchooser_artefacts");
}
}
$extraselect .= ' AND ';
if (count($values) > 1) {
$extraselect .= $field['fieldname'] . ' IN (' . implode(', ', $values) . ')';
} else {
$extraselect .= $field['fieldname'] . ' = ' . reset($values);
}
}
}
$from = ' FROM {artefact} a ';
if ($group) {
// Get group-owned artefacts that the user has view
// permission on, and site-owned artefacts
$from .= '
LEFT OUTER JOIN (
SELECT
r.artefact, r.can_view, m.group
FROM
{artefact_access_role} r
INNER JOIN {group_member} m ON r.role = m.role
WHERE
m."group" = ' . (int) $group . '
AND m.member = ' . $user->get('id') . '
AND r.can_view = 1
) ga ON (ga.group = a.group AND a.id = ga.artefact)';
$select = "(a.institution = 'mahara' OR ga.can_view = 1";
if (!empty($data['userartefactsallowed'])) {
$select .= ' OR "owner" = ' . $user->get('id');
}
$select .= ')';
} else {
if ($institution) {
// Site artefacts & artefacts owned by this institution
$select = "(a.institution = 'mahara' OR a.institution = '{$institution}')";
} else {
// The view is owned by a normal user
// Get artefacts owned by the user, group-owned artefacts
// the user has republish permission on, artefacts owned
// by the user's institutions.
$from .= '
LEFT OUTER JOIN {artefact_access_usr} aau ON (a.id = aau.artefact AND aau.usr = '******'id') . ')
LEFT OUTER JOIN {artefact_parent_cache} apc ON (a.id = apc.artefact)
LEFT OUTER JOIN (
SELECT
aar.artefact, aar.can_republish, m.group
FROM
{artefact_access_role} aar
INNER JOIN {group_member} m ON aar.role = m.role
WHERE
m.member = ' . $user->get('id') . '
AND aar.can_republish = 1
) ra ON (a.id = ra.artefact AND a.group = ra.group)';
$institutions = array_keys($user->get('institutions'));
$select = '(
"owner" = ' . $user->get('id') . '
OR ra.can_republish = 1
OR aau.can_republish = 1';
if ($user->get('admin')) {
$institutions[] = 'mahara';
} else {
safe_require('artefact', 'file');
$select .= "\n OR ( a.institution = 'mahara' AND apc.parent = " . (int) ArtefactTypeFolder::admin_public_folder_id() . ')';
}
if ($institutions) {
$select .= '
OR a.institution IN (' . join(',', array_map('db_quote', $institutions)) . ')';
}
$select .= "\n )";
}
}
if (!empty($data['artefacttypes']) && is_array($data['artefacttypes'])) {
$select .= ' AND artefacttype IN(' . implode(',', array_map('db_quote', $data['artefacttypes'])) . ')';
}
if (!empty($data['search'])) {
$search = db_quote('%' . str_replace('%', '%%', $data['search']) . '%');
$select .= 'AND (title ' . db_ilike() . '(' . $search . ') OR description ' . db_ilike() . '(' . $search . ') )';
}
$select .= $extraselect;
$cols = $short ? 'a.id, a.id AS b' : 'a.*';
// get_records_sql_assoc wants > 1 column
$artefacts = get_records_sql_assoc('SELECT ' . $cols . $from . ' WHERE ' . $select . $sortorder, null, $offset, $limit);
$totalartefacts = count_records_sql('SELECT COUNT(*) ' . $from . ' WHERE ' . $select);
return array($artefacts, $totalartefacts);
}
