/**
* Retrieves the index/offset of a file inside this directory.
*
* @param String $ref_id Id of the file to retrieve the index for
* @return mixed Either the numeric index or false if file was not found
*/
public function indexInParent()
{
try {
$parent = $this->getParent()->file;
} catch (Exception $e) {
$parent = new RootDirectory($this->parent_id);
}
$ids = $parent->listFiles()->pluck('id');
$index = 0;
foreach ($ids as $id) {
$index += 1;
if ($id === $this->id) {
return $index;
}
}
return false;
}
/**
* Saves given files (dragged into the textarea) and returns the link to the
* file to the user as json.
* @throws AccessDeniedException
*/
public function post_files_action()
{
$context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
$context_type = Request::option("context_type");
if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
throw new AccessDeniedException();
}
//check folders
$db = DBManager::get();
$folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
$parent_folder_id = md5("Blubber_" . $context);
if ($context_type !== "course") {
$folder_id = $parent_folder_id;
}
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
if ($context_type === "course") {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
}
$output = array();
foreach ($_FILES as $file) {
$GLOBALS['msg'] = '';
validate_upload($file);
if ($GLOBALS['msg']) {
$output['errors'][] = $file['name'] . ': ' . decodeHTML(trim(substr($GLOBALS['msg'], 6), '§'));
continue;
}
if ($file['size']) {
$document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['seminar_id'] = $context;
$document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
$document['filesize'] = $file['size'];
if ($context === $GLOBALS['user']->id && Config::get()->PERSONALDOCUMENT_ENABLE) {
try {
$root_dir = RootDirectory::find($GLOBALS['user']->id);
$blubber_directory = $root_dir->listDirectories()->findOneBy('name', 'Blubber');
if (!$blubber_directory) {
$blubber_directory = $root_dir->mkdir('Blubber', _('Ihre Dateien aus Blubberstreams'));
}
$newfile = $blubber_directory->file->createFile($document['name']);
$newfile->name = $document['name'];
$newfile->store();
$handle = $newfile->file;
$handle->restricted = 0;
$handle->mime_type = $file['type'];
$handle->setContentFromFile($file['tmp_name']);
$handle->update();
$url = $newfile->getDownloadLink(true, true);
$success = true;
} catch (Exception $e) {
$output['error'][] = $e->getMessage();
$success = false;
}
} else {
$newfile = StudipDocument::createWithFile($file['tmp_name'], $document);
$success = (bool) $newfile;
if ($success) {
$url = GetDownloadLink($newfile->getId(), $newfile['filename']);
}
}
if ($success) {
$type = null;
strpos($file['type'], 'image') === false || ($type = "img");
strpos($file['type'], 'video') === false || ($type = "video");
if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
$type = "audio";
}
if ($type) {
$output['inserts'][] = "[" . $type . "]" . $url;
} else {
$output['inserts'][] = "[" . $document['filename'] . "]" . $url;
}
}
}
}
$this->render_json($output);
}
/**
* Delete an existing user from the database and tidy up
*
* @access public
* @param bool delete all documents belonging to the user
* @return bool Removal successful?
*/
function deleteUser($delete_documents = true)
{
global $perm;
// Do we have permission to do so?
if (!$perm->have_perm("admin")) {
$this->msg .= "error§" . _("Sie haben keine Berechtigung Accounts zu löschen.") . "§";
return FALSE;
}
if (!$perm->have_perm("root")) {
if ($this->user_data['auth_user_md5.perms'] == "root") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Root-Accounts</em> zu löschen.") . "§";
return FALSE;
}
if ($this->user_data['auth_user_md5.perms'] == "admin" && !$this->adminOK()) {
$this->msg .= "error§" . _("Sie haben keine Berechtigung diesen Admin-Account zu löschen.") . "§";
return FALSE;
}
}
$status = studygroup_sem_types();
// active dozent?
if (empty($status)) {
$active_count = 0;
} else {
$query = "SELECT SUM(c) AS count FROM (\n SELECT COUNT(*) AS c\n FROM seminar_user AS su1\n INNER JOIN seminar_user AS su2 ON (su1.seminar_id = su2.seminar_id AND su2.status = 'dozent')\n INNER JOIN seminare ON (su1.seminar_id = seminare.seminar_id AND seminare.status NOT IN (?))\n WHERE su1.user_id = ? AND su1.status = 'dozent'\n GROUP BY su1.seminar_id\n HAVING c = 1\n ORDER BY NULL\n ) AS sub";
$statement = DBManager::get()->prepare($query);
$statement->execute(array(studygroup_sem_types(), $this->user_data['auth_user_md5.user_id']));
$active_count = $statement->fetchColumn();
}
if ($active_count) {
$this->msg .= sprintf("error§" . _("<em>%s</em> ist Lehrkraft in %s aktiven Veranstaltungen und kann daher nicht gelöscht werden.") . "§", $this->user_data['auth_user_md5.username'], $active_count);
return FALSE;
//founder of studygroup?
} elseif (get_config('STUDYGROUPS_ENABLE')) {
$status = studygroup_sem_types();
if (empty($status)) {
$group_ids = array();
} else {
$query = "SELECT Seminar_id\n FROM seminare AS s\n LEFT JOIN seminar_user AS su USING (Seminar_id)\n WHERE su.status = 'dozent' AND su.user_id = ? AND s.status IN (?)";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id'], studygroup_sem_types()));
$group_ids = $statement->fetchAll(PDO::FETCH_COLUMN);
}
foreach ($group_ids as $group_id) {
$sem = Seminar::GetInstance($group_id);
if (StudygroupModel::countMembers($group_id) > 1) {
// check whether there are tutors or even autors that can be promoted
$tutors = $sem->getMembers('tutor');
$autors = $sem->getMembers('autor');
if (count($tutors) > 0) {
$new_founder = current($tutors);
StudygroupModel::promote_user($new_founder['username'], $sem->getId(), 'dozent');
continue;
} elseif (count($autors) > 0) {
$new_founder = current($autors);
StudygroupModel::promote_user($new_founder['username'], $sem->getId(), 'dozent');
continue;
}
// since no suitable successor was found, we are allowed to remove the studygroup
} else {
$sem->delete();
}
unset($sem);
}
}
// store user preferred language for sending mail
$user_language = getUserLanguagePath($this->user_data['auth_user_md5.user_id']);
// delete documents of this user
if ($delete_documents) {
// Remove private file space of this user
if (Config::get()->PERSONALDOCUMENT_ENABLE) {
$root_dir = new RootDirectory($this->user_data['auth_user_md5.user_id']);
$root_dir->delete();
}
// Remove other files
$temp_count = 0;
$query = "SELECT dokument_id FROM dokumente WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
while ($document_id = $statement->fetchColumn()) {
if (delete_document($document_id)) {
$temp_count++;
}
}
if ($temp_count) {
$this->msg .= "info§" . sprintf(_("%s Dokumente gelöscht."), $temp_count) . "§";
}
// delete empty folders of this user
$temp_count = 0;
$query = "SELECT COUNT(*) FROM folder WHERE range_id = ?";
$count_content = DBManager::get()->prepare($query);
$query = "DELETE FROM folder WHERE folder_id = ?";
$delete_folder = DBManager::get()->prepare($query);
$query = "SELECT folder_id FROM folder WHERE user_id = ? ORDER BY mkdate DESC";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
while ($folder_id = $statement->fetchColumn()) {
$count_content->execute(array($folder_id));
$count = $count_content->fetchColumn();
$count_content->closeCursor();
if (!$count && !doc_count($folder_id)) {
$delete_folder->execute(array($folder_id));
$temp_count += $delete_folder->rowCount();
}
}
if ($temp_count) {
$this->msg .= "info§" . sprintf(_("%s leere Ordner gelöscht."), $temp_count) . "§";
}
// folder left?
$query = "SELECT COUNT(*) FROM folder WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
$count = $statement->fetchColumn();
if ($count) {
$this->msg .= sprintf("info§" . _("%s Ordner konnten nicht gelöscht werden, da sie noch Dokumente anderer BenutzerInnen enthalten.") . "§", $count);
}
}
// kill all the ressources that are assigned to the user (and all the linked or subordinated stuff!)
if (Config::get()->RESOURCES_ENABLE) {
$killAssign = new DeleteResourcesUser($this->user_data['auth_user_md5.user_id']);
$killAssign->delete();
}
$this->re_sort_position_in_seminar_user();
// delete user from seminars (postings will be preserved)
$query = "DELETE FROM seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus Veranstaltungen gelöscht."), $db_ar) . "§";
}
// delete user from waiting lists
$query = "SELECT seminar_id FROM admission_seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
$seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN);
$query = "DELETE FROM admission_seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus Wartelisten gelöscht."), $db_ar) . "§";
array_map('update_admission', $seminar_ids);
}
// delete user from instituts
$this->logInstUserDel($this->user_data['auth_user_md5.user_id']);
$query = "DELETE FROM user_inst WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§";
}
// delete user from Statusgruppen
if ($db_ar = RemovePersonFromAllStatusgruppen(get_username($this->user_data['auth_user_md5.user_id'])) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus Funktionen / Gruppen gelöscht."), $db_ar) . "§";
}
// delete user from archiv
$query = "DELETE FROM archiv_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus den Zugriffsberechtigungen für das Archiv gelöscht."), $db_ar) . "§";
}
// delete all personal news from this user
if ($db_ar = StudipNews::DeleteNewsByAuthor($this->user_data['auth_user_md5.user_id'])) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus den Ankündigungen gelöscht."), $db_ar) . "§";
}
if ($db_ar = StudipNews::DeleteNewsRanges($this->user_data['auth_user_md5.user_id'])) {
$this->msg .= "info§" . sprintf(_("%s Verweise auf Ankündigungen gelöscht."), $db_ar) . "§";
}
//delete entry in news_rss_range
StudipNews::UnsetRssId($this->user_data['auth_user_md5.user_id']);
// delete 'Studiengaenge'
$query = "DELETE FROM user_studiengang WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Zuordnungen zu Studiengängen gelöscht."), $db_ar) . "§";
}
// delete all private appointments of this user
if (get_config('CALENDAR_ENABLE')) {
$appkills = CalendarEvent::deleteBySQL('range_id = ?', array($this->user_data['auth_user_md5.user_id']));
if ($appkills) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus den Terminen gelöscht."), $appkills) . "§";
}
// delete membership in group calendars
if (get_config('CALENDAR_GROUP_ENABLE')) {
$membershipkills = CalendarUser::deleteBySQL('owner_id = :user_id OR user_id = :user_id', array(':user_id' => $this->user_data['auth_user_md5.user_id']));
if ($membershipkills) {
$this->msg .= 'info§' . sprintf(_('%s Verknüpfungen mit Gruppenterminkalendern gelöscht.'));
}
}
}
// delete all messages send or received by this user
$messaging = new messaging();
$messaging->delete_all_messages($this->user_data['auth_user_md5.user_id']);
// delete user from all foreign adressbooks and empty own adressbook
$buddykills = Contact::deleteBySQL('user_id = ?', array($this->user_data['auth_user_md5.user_id']));
if ($buddykills > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus Adressbüchern gelöscht."), $buddykills) . "§";
}
$contactkills = Contact::deleteBySQL('owner_id = ?', array($this->user_data['auth_user_md5.user_id']));
if ($contactkills) {
$this->msg .= sprintf(_('Adressbuch mit %d Einträgen gelöscht.'), $contactkills);
}
// delete users groups
Statusgruppen::deleteBySQL('range_id = ?', array($this->user_data['auth_user_md5.user_id']));
// remove user from any groups
StatusgruppeUser::deleteBySQL('user_id = ?', array($this->user_data['auth_user_md5.user_id']));
// delete all blubber entrys
$query = "DELETE FROM blubber WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Blubber gelöscht."), $db_ar) . "§";
}
// delete the datafields
$localEntries = DataFieldEntry::removeAll($this->user_data['auth_user_md5.user_id']);
UserConfigEntry::deleteByUser($this->user_data['auth_user_md5.user_id']);
// delete all remaining user data
$queries = array("DELETE FROM kategorien WHERE range_id = ?", "DELETE FROM user_info WHERE user_id = ?", "DELETE FROM user_visibility WHERE user_id = ?", "DELETE FROM user_online WHERE user_id = ?", "DELETE FROM auto_insert_user WHERE user_id = ?", "DELETE FROM roles_user WHERE userid = ?", "DELETE FROM schedule WHERE user_id = ?", "DELETE FROM schedule_seminare WHERE user_id = ?", "DELETE FROM termin_related_persons WHERE user_id = ?", "DELETE FROM user_userdomains WHERE user_id = ?");
foreach ($queries as $query) {
DBManager::get()->prepare($query)->execute(array($this->user_data['auth_user_md5.user_id']));
}
object_kill_visits($this->user_data['auth_user_md5.user_id']);
object_kill_views($this->user_data['auth_user_md5.user_id']);
// delete picture
$avatar = Avatar::getAvatar($this->user_data["auth_user_md5.user_id"]);
if ($avatar->is_customized()) {
$avatar->reset();
$this->msg .= "info§" . _("Bild gelöscht.") . "§";
}
// delete visibility settings
Visibility::removeUserPrivacySettings($this->user_data['auth_user_md5.user_id']);
//delete connected users
if (get_config('ELEARNING_INTERFACE_ENABLE')) {
if (ELearningUtils::initElearningInterfaces()) {
foreach ($GLOBALS['connected_cms'] as $cms) {
if ($cms->auth_necessary && $cms->user instanceof ConnectedUser) {
$user_auto_create = $cms->USER_AUTO_CREATE;
$cms->USER_AUTO_CREATE = false;
$userclass = strtolower(get_class($cms->user));
$connected_user = new $userclass($cms->cms_type, $this->user_data['auth_user_md5.user_id']);
if ($ok = $connected_user->deleteUser()) {
if ($connected_user->is_connected) {
$this->msg .= "info§" . sprintf(_("Der verknüpfte Nutzer %s wurde im System %s gelöscht."), $connected_user->login, $connected_user->cms_type) . "§";
}
}
$cms->USER_AUTO_CREATE = $user_auto_create;
}
}
}
}
// delete deputy entries if necessary
$query = "DELETE FROM deputies WHERE ? IN (user_id, range_id)";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
$deputyEntries = $statement->rowCount();
if ($deputyEntries) {
$this->msg .= "info§" . sprintf(_("%s Einträge in den Vertretungseinstellungen gelöscht."), $deputyEntries) . "§";
}
// delete Stud.IP account
$query = "DELETE FROM auth_user_md5 WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (!$statement->rowCount()) {
$this->msg .= "error§<em>" . _("Fehler:") . "</em> " . $query . "§";
return FALSE;
} else {
$this->msg .= "msg§" . sprintf(_("Benutzer \"%s\" gelöscht."), $this->user_data['auth_user_md5.username']) . "§";
}
log_event("USER_DEL", $this->user_data['auth_user_md5.user_id'], NULL, sprintf("%s %s (%s)", $this->user_data['auth_user_md5.Vorname'], $this->user_data['auth_user_md5.Nachname'], $this->user_data['auth_user_md5.username']));
//log with Vorname Nachname (username) as info string
// Can we reach the email?
if ($this->checkMail($this->user_data['auth_user_md5.Email'])) {
// include language-specific subject and mailbody
$Zeit = date("H:i:s, d.m.Y", time());
include "locale/{$user_language}/LC_MAILS/delete_mail.inc.php";
// send mail
StudipMail::sendMessage($this->user_data['auth_user_md5.Email'], $subject, $mailbody);
}
unset($this->user_data);
return TRUE;
}
/**
* Defines the elements in the sidebar.
*
* @param String $current_entry Directory entry id of the current folder
* @param String $current_dir File id of the current folder
*/
private function setupSidebar($current_entry, $current_dir, $page = 1)
{
$root_dir = RootDirectory::find($this->context_id);
$root_count = $root_dir->countFiles(true, false);
$sidebar = Sidebar::get();
$sidebar->setImage('sidebar/files-sidebar.png');
if (Config::get()->PERSONALDOCUMENT_OPEN_ACCESS && $GLOBALS['user']->id !== $this->context_id) {
$title = sprintf(_('Dateien von %s'), $this->owner->getFullname());
$sidebar->setTitle($title);
}
if ($this->full_access) {
$widget = new ActionsWidget();
$widget->addLink(_('Datei hochladen'), $this->url_for('document/files/upload/' . $current_entry . '/' . $page), Icon::create('upload', 'clickable'), $this->userConfig['forbidden'] ? array('disabled' => '', 'title' => _('Ihre Upload-Funktion wurde gesperrt.')) : array())->asDialog('size=auto');
$widget->addLink(_('Neuen Ordner erstellen'), $this->url_for('document/folder/create/' . $current_entry), Icon::create('folder-empty+add', 'clickable'))->asDialog('size=auto');
$attributes = $root_count > 0 ? array() : array('disabled' => true, 'title' => _('Ihr Dateibereich enthält keine Dateien'));
$widget->addLink(_('Dateibereich leeren'), $this->url_for('document/folder/delete/all'), Icon::create('trash', 'clickable'), $attributes);
$sidebar->addWidget($widget);
}
$widget = new OptionsWidget();
$widget->setTitle(_('Darstellung anpassen'));
foreach (self::$possible_limits as $limit) {
$widget->addRadioButton(sprintf(_('%u Einträge pro Seite anzeigen'), $limit), $this->url_for('document/files/settings/' . $limit . '/' . $page . '/' . $current_entry), $limit == $this->limit);
}
$sidebar->addWidget($widget);
// Show export options only if zip extension is loaded
// TODO: Implement fallback
if (extension_loaded('zip')) {
$widget = new ExportWidget();
$this_dir = $current_dir === $this->context_id ? $root_dir : StudipDirectory::find($current_dir);
$attributes = $this_dir->countFiles(true, false) > 0 ? array() : array('disabled' => true, 'title' => _('Dieser Ordner enthält keine Dateien'));
$widget->addLink(_('Inhalt dieses Ordners herunterladen'), $this->url_for('document/download/' . $current_dir), Icon::create('file-archive', 'clickable'), $attributes);
$attributes = $root_count > 0 ? array() : array('disabled' => true, 'title' => _('Ihr Dateibereich enthält keine Dateien'));
$widget->addLink(_('Alle Dateien herunterladen'), $this->url_for('document/download/' . $this->context_id), Icon::create('download', 'clickable'), $attributes);
$sidebar->addWidget($widget);
}
}
/**
* Deletes a folder.
*
* @param String $folder_id Directory entry id of the folder
*/
public function delete_action($folder_id)
{
if (!$this->full_access) {
throw new AccessDeniedException();
}
FileHelper::checkAccess($folder_id);
$parent_id = FileHelper::getParentId($folder_id) ?: $this->context_id;
if (!Request::isPost()) {
$message = $folder_id === 'all' ? _('Soll der gesamte Dateibereich inklusive aller Order und Dateien wirklich gelöscht werden?') : _('Soll der Ordner inklusive aller darin enthaltenen Dateien wirklich gelöscht werden?');
$question = createQuestion2($message, array(), array(), $this->url_for('document/folder/delete/' . $folder_id));
$this->flash['question'] = $question;
} elseif (Request::isPost() && Request::submitted('yes')) {
if ($folder_id === 'all') {
$entry = RootDirectory::find($this->context_id);
foreach ($entry->listFiles() as $file) {
$entry->unlink($file->name);
}
PageLayout::postMessage(MessageBox::success(_('Der Dateibereich wurde geleert.')));
} else {
$entry = DirectoryEntry::find($folder_id);
$entry->directory->unlink($entry->name);
PageLayout::postMessage(MessageBox::success(_('Der Ordner wurde gelöscht.')));
}
}
$this->redirect('document/files/index/' . $parent_id);
}
