/** * Inhalte einer Datei * * @get /file/:file_id/content * * @see public/sendfile.php */ public function getFileContent($file_id) { $file = $this->loadFile($file_id); if (!isset($file)) { $this->notFound("File not found"); } if ($file->url) { $this->streamLinkedFile($file); } else { if (!file_exists($real_file = get_upload_file_path($file_id))) { $this->notFound(); } TrackAccess($file_id, 'dokument'); $this->lastModified($file->chdate); $this->sendFile($real_file, array('filename' => $file->getValue('filename'))); } }
header("Content-Range: bytes {$start}-{$end}/{$filesize}"); header("Content-Length: {$length}"); } elseif ($filesize) { header("Content-Length: {$filesize}"); } header("Expires: Mon, 12 Dec 2001 08:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); if ($_SERVER['HTTPS'] == "on") { header("Pragma: public"); header("Cache-Control: private"); } else { header("Pragma: no-cache"); header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 } header("Cache-Control: post-check=0, pre-check=0", false); header("Content-Type: {$content_type}"); header("Content-Disposition: {$content_disposition}; filename=\"{$file_name}\""); Metrics::increment('core.file_download'); if ($type != 5) { @readfile_chunked($path_file, $start, $end); if (in_array($type, array(0, 6)) && !$start) { TrackAccess($file_id, 'dokument'); } } else { echo $the_data; } //remove temporary file after zipping if (Request::int('zip') || $type == 4) { @unlink($path_file); }
function routes(&$router) { $router->get('/documents/:range_id/folder(/:folder_id)', function ($range_id, $folder_id = null) use($router) { $folder_id = $folder_id ?: $range_id; if (!Document::isActivated($range_id)) { $router->halt(400, sprintf('Range %s has no documents', $range_id)); } if (!Helper::UserHasAccessToRange($range_id)) { $router->halt(403, sprintf('User may not access range %s', $range_id)); } if (!Document::folderBelongsToRange($range_id, $folder_id)) { $router->halt(404, sprintf('No folder %s for range %s', $folder_id, $range_id)); } $folders = Document::loadFolders($folder_id); $documents = Document::loadFiles($folder_id, 'folder'); if ($router->compact()) { $router->render(compact('folders', 'documents')); return; } $users = array(); foreach ($folders as &$folder) { if (!isset($users[$folder['user_id']])) { $users[$folder['user_id']] = reset($router->dispatch('get', '/user(/:user_id)', $folder['user_id'])); } } foreach ($documents as &$document) { if (!isset($users[$document['user_id']])) { $users[$document['user_id']] = reset($router->dispatch('get', '/user(/:user_id)', $document['user_id'])); } } $router->render(compact('folders', 'documents', 'users')); }); $router->get('/documents/:document_id', function ($document_id) use($router) { $document = new StudipDocument($document_id); if (!$document->checkAccess($GLOBALS['user']->id)) { $router->halt(403, sprintf('User may not access file %s', $document_id)); } $document = Document::loadFiles($document_id); if ($router->compact()) { $router->render(compact('document')); return; } $user[$document['user_id']] = reset($router->dispatch('get', '/user(/:user_id)', $document['user_id'])); $router->render(compact('document', 'user')); }); // See public/sendfile.php $router->get('/documents/:document_id/download', function ($document_id) use($router) { $document = new StudipDocument($document_id); if (!$document->checkAccess($GLOBALS['user']->id)) { $router->halt(403, sprintf('User may not access file %s', $document_id)); } $file = $path_file = get_upload_file_path($document_id); if (!file_exists($file)) { $router->halt(404, sprintf('File contents for file %s not found', $document_id)); } header('Expires: Mon, 12 Dec 2001 08:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); if ($_SERVER['HTTPS'] == 'on') { header('Pragma: public'); header('Cache-Control: private'); } else { header('Pragma: no-cache'); header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1 } header('Cache-Control: post-check=0, pre-check=0', false); header(sprintf('Content-Type: %s; name="%s"', get_mime_type($document->getValue('filename')), $document->getValue('filename'))); header('Content-Description: File Transfer'); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . filesize($file)); @readfile_chunked($path_file); TrackAccess($document_id, 'dokument'); die; }); }
/** * used by createFolderZip() to dive into subfolders * collects a list of file metadata and returns it when recursion finishes * * @param string $folder_id id of a folder * @param string $tmp_full_path temporary path * @param bool $perm_check if true, files are checked for folder permissions * @param bool $in_recursion used internally to indicate recursive call * @return array assoc array with metadata from zipped files */ function createTempFolder($folder_id, $tmp_full_path, $sem_id, $perm_check = TRUE, $in_recursion = false) { static $filelist; if ($in_recursion === false) { $filelist = array(); $tmp_path = $tmp_full_path; } if ($perm_check){ $folder_tree = TreeAbstract::GetInstance('StudipDocumentTree', array('range_id' => $sem_id)); $check_for = $perm_check === true ? $GLOBALS['user']->id : $perm_check; if (!$folder_tree->isDownloadFolder($folder_id, $check_for)) return false; } //copy all documents from this folder to the temporary folder $linkinfo = FALSE; $query = "SELECT dokument_id, filename, url, author_name, filesize, name, description, FROM_UNIXTIME(chdate) AS chdate FROM dokumente WHERE range_id = ? AND seminar_id = IFNULL(?, seminar_id) ORDER BY name, filename"; $statement = DBManager::get()->prepare($query); $statement->execute(array( $folder_id, $perm_check ? (string)$sem_id : null )); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { if ($row['url'] != '') { // just a linked file $linkinfo .= "\r\n" . $row['filename']; } else if(check_protected_download($row['dokument_id'])) { $filename = prepareFilename($row['filename'], FALSE, $tmp_full_path); if (copy(get_upload_file_path($row['dokument_id']), $tmp_full_path . '/' . $filename)) { TrackAccess($row['dokument_id'], 'dokument'); $filelist[] = $row + array('path' => $tmp_full_path . '/' . $filename); } } } if ($linkinfo) { $linkinfo = _("Hinweis: die folgenden Dateien sind nicht im Archiv enthalten, da sie lediglich verlinkt wurden:").$linkinfo; $fp = fopen ("$tmp_full_path/info.txt","a"); fwrite ($fp, $linkinfo); fclose ($fp); } $query = "SELECT folder_id, name FROM folder WHERE range_id = ? ORDER BY name"; $statement = DBManager::get()->prepare($query); $statement->execute(array($folder_id)); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { $foldername = prepareFilename($row['name'], FALSE, $tmp_full_path); $tmp_sub_full_path = $tmp_full_path . '/' . $foldername; mkdir($tmp_sub_full_path, 0700); createTempFolder($row['folder_id'], $tmp_sub_full_path, $sem_id, $perm_check, true); } if ($in_recursion === false) { array_walk($filelist, create_function('&$a', '$a["path"] = substr($a["path"], ' . (int)strlen($tmp_path) . ');')); return $filelist; } else { return true; } }