/**
* @param string $courseCode
* @param string $fileName
* @return \Symfony\Component\HttpFoundation\BinaryFileResponse
*/
public function getFileAction($courseCode, $fileName)
{
$courseInfo = api_get_course_info($courseCode);
$sessionId = $this->getRequest()->get('id_session');
$docId = \DocumentManager::get_document_id($courseInfo, "/" . $fileName);
$filePath = null;
if ($docId) {
$isVisible = \DocumentManager::is_visible_by_id($docId, $courseInfo, $sessionId, api_get_user_id());
$documentData = \DocumentManager::get_document_data_by_id($docId, $courseCode);
$filePath = $documentData['absolute_path'];
event_download($filePath);
}
if (!api_is_allowed_to_edit() && !$isVisible) {
$this->abort(500);
}
return $this->sendFile($filePath);
}
$files[basename($not_deleted_file['url'])] = $filename;
$zip_folder->add($sys_course_path . $_course['path'] . '/' . $not_deleted_file['url'], PCLZIP_OPT_REMOVE_PATH, $sys_course_path . $_course['path'] . '/work', PCLZIP_CB_PRE_ADD, 'my_pre_add_callback');
}
//Convert texts in html files
if ($not_deleted_file['contains_file'] == 0) {
$filename = trim($filename) . ".html";
$work_temp = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . '_' . $filename;
file_put_contents($work_temp, $not_deleted_file['description']);
$files[basename($work_temp)] = $filename;
$zip_folder->add($work_temp, PCLZIP_OPT_REMOVE_PATH, api_get_path(SYS_ARCHIVE_PATH), PCLZIP_CB_PRE_ADD, 'my_pre_add_callback');
@unlink($work_temp);
}
}
if (!empty($files)) {
//logging
event_download(basename($work_data['title']) . '.zip (folder)');
//start download of created file
$name = basename($work_data['title']) . '.zip';
if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
@unlink($temp_zip_file);
exit;
}
} else {
exit;
}
/* Extra function (only used here) */
function my_pre_add_callback($p_event, &$p_header)
{
global $files;
if (isset($files[basename($p_header['stored_filename'])])) {
if (isset($path_info['extension']) && $path_info['extension'] == 'swf') {
$fixed_url = str_replace('-', '_', $doc_url);
$doc_id = DocumentManager::get_document_id(api_get_course_info(), $doc_url);
if (!$doc_id) {
$fix_file_name = true;
}
}
if (Security::check_abs_path($sys_course_path . $doc_url, $sys_course_path . '/')) {
$full_file_name = $sys_course_path . $doc_url;
if ($fix_file_name) {
$doc_url = $fixed_url;
}
// Check visibility of document and paths
$is_visible = DocumentManager::is_visible($doc_url, $_course, api_get_session_id());
//Document's slideshow thumbnails
//correct $is_visible used in below and ??. Now the students can view the thumbnails too
if (preg_match('/\\.thumbs\\/\\./', $doc_url)) {
$doc_url_thumbs = str_replace('.thumbs/.', '', $doc_url);
$is_visible = DocumentManager::is_visible($doc_url_thumbs, $_course, api_get_session_id());
}
if (!api_is_allowed_to_edit() && !$is_visible) {
Display::display_error_message(get_lang('ProtectedDocument'));
//api_not_allowed backbutton won't work.
exit;
// You shouldn't be here anyway.
}
// Launch event
event_download($doc_url);
DocumentManager::file_send_for_download($full_file_name);
}
exit;
if (empty($document_data)) {
// File not found!
header('HTTP/1.0 404 Not Found');
$error404 = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">';
$error404 .= '<html><head>';
$error404 .= '<title>404 Not Found</title>';
$error404 .= '</head><body>';
$error404 .= '<h1>Not Found</h1>';
$error404 .= '<p>The requested URL was not found on this server.</p>';
$error404 .= '<hr>';
$error404 .= '</body></html>';
echo $error404;
exit;
}
// Launch event
event_download($document_data['url']);
// Check visibility of document and paths
if (!($is_allowed_to_edit || $group_member_with_upload_rights) && !DocumentManager::is_visible_by_id($document_id, $course_info, api_get_session_id(), api_get_user_id())) {
api_not_allowed(true);
}
$full_file_name = $base_work_dir . $document_data['path'];
if (Security::check_abs_path($full_file_name, $base_work_dir . '/')) {
DocumentManager::file_send_for_download($full_file_name, true);
}
exit;
break;
case 'downloadfolder':
if (api_get_setting('students_download_folders') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin()) {
$document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id());
//filter when I am into shared folder, I can donwload only my shared folder
if (is_any_user_shared_folder($document_data['path'], $session_id)) {
/**
* Downloads all user files per user
* @param int $userId
* @param array $courseInfo
* @return bool
*/
function downloadAllFilesPerUser($userId, $courseInfo)
{
$userInfo = api_get_user_info($userId);
if (empty($userInfo) || empty($courseInfo)) {
return false;
}
require_once api_get_path(LIBRARY_PATH).'pclzip/pclzip.lib.php';
$tempZipFile = api_get_path(SYS_ARCHIVE_PATH).api_get_unique_id().".zip";
$coursePath = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/work/';
$zip = new PclZip($tempZipFile);
$workPerUser = getWorkPerUser($userId);
if (!empty($workPerUser)) {
$files = array();
foreach ($workPerUser as $work) {
$work = $work['work'];
foreach ($work->user_results as $userResult) {
if (empty($userResult['url']) || empty($userResult['contains_file'])) {
continue;
}
$data = getFileContents($userResult['id'], $courseInfo);
if (!empty($data) && isset($data['path'])) {
$files[basename($data['path'])] = array(
'title' => $data['title'],
'path' => $data['path']
);
}
}
}
if (!empty($files)) {
Session::write('files', $files);
foreach ($files as $data) {
$zip->add(
$data['path'],
PCLZIP_OPT_REMOVE_PATH,
$coursePath,
PCLZIP_CB_PRE_ADD,
'preAddAllWorkStudentCallback'
);
}
}
// Start download of created file
$name = basename(replace_dangerous_char($userInfo['complete_name'])).'.zip';
event_download($name.'.zip (folder)');
if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($tempZipFile, true, $name);
@unlink($tempZipFile);
exit;
}
}
exit;
}
*/
if (count($files) == 0) {
Response::not_found();
}
$root_dir = '';
$items = array_merge($folders, $files);
foreach ($items as $item) {
$path = $item->get_absolute_path();
$path = realpath($path);
$dir = dirname($path);
if (empty($root_dir) || strlen($root_dir) > strlen($dir)) {
$root_dir = $dir;
}
}
/**
* Zip files together.
*/
$temp_zip_path = Chamilo::temp_file('zip');
$zip_folder = new PclZip($temp_zip_path);
foreach ($files as $file) {
if (empty($root_dir)) {
$root_dir = dirname($file);
}
$file = (string) $file;
$zip_folder->add($file, PCLZIP_OPT_REMOVE_PATH, $root_dir);
}
/**
* Send file for download
*/
event_download(Uri::here());
DocumentManager::file_send_for_download($temp_zip_path, false, get_lang('Documents') . '.zip');
$files[basename($work_temp)] = $filename;
$addStatus = $zip_folder->add(
$work_temp,
PCLZIP_OPT_REMOVE_PATH,
api_get_path(SYS_ARCHIVE_PATH),
PCLZIP_CB_PRE_ADD,
'my_pre_add_callback'
);
@unlink($work_temp);
}
}
if (!empty($files)) {
$fileName = replace_dangerous_char($work_data['title']);
// Logging
event_download($fileName .'.zip (folder)');
//start download of created file
$name = $fileName .'.zip';
if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) {
DocumentManager::file_send_for_download($temp_zip_file, true, $name);
@unlink($temp_zip_file);
exit;
}
} else {
exit;
}
/* Extra function (only used here) */
function my_pre_add_callback($p_event, &$p_header)
function rename_zip($FileZip)
{
event_download($FileZip['PATH'] == '/' ? 'full_export_' . date('Ymd') . '.zip (folder)' : basename($FileZip['PATH']) . '.zip (folder)');
$name = $FileZip['PATH'] == '/' ? 'full_export_' . date('Ymd') . '.zip' : basename($FileZip['PATH']) . '.zip';
if (file_exists($FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name)) {
unlink($FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name);
}
if (file_exists($FileZip['TEMP_FILE_ZIP'])) {
rename($FileZip['TEMP_FILE_ZIP'], $FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name);
return $name;
} else {
return false;
}
}
// Compare the array with visible files and the array with files in invisible folders
// and keep the difference (= all visible files that are not in an invisible folder)
$files_for_zipfile = diff((array) $all_visible_files_path, (array) $files_in_invisible_folder_path);
} else {
// No invisible folders found, so all visible files can be added to the zipfile
$files_for_zipfile = $all_visible_files_path;
}
Session::write('doc_files_to_download', $files);
// Add all files in our final array to the zipfile
for ($i = 0; $i < count($files_for_zipfile); $i++) {
$zip->add($sysCoursePath . $courseInfo['path'] . '/document' . $files_for_zipfile[$i], PCLZIP_OPT_REMOVE_PATH, $sysCoursePath . $courseInfo['path'] . '/document' . $remove_dir, PCLZIP_CB_PRE_ADD, 'fixDocumentNameCallback');
}
Session::erase('doc_files_to_download');
}
// Launch event
event_download($path == '/' ? 'documents.zip (folder)' : basename($path) . '.zip (folder)');
// Start download of created file
$name = $path == '/' ? 'documents.zip' : $documentInfo['title'] . '.zip';
if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) {
$result = DocumentManager::file_send_for_download($tempZipFile, true, $name);
@unlink($tempZipFile);
exit;
} else {
api_not_allowed(true);
}
/**
* Returns the difference between two arrays, as an array of those key/values
* Use this as array_diff doesn't give the
*
* @param array $arr1 first array
* @param array $arr2 second array
1 => Allow learners to delete their own publications = YES
+------------------+------------------------------+----------------------------+
|Can download work?| doc visible for all = 0 | doc visible for all = 1|
+------------------+------------------------------+----------------------------+
| visibility = 0 | editor only | editor only |
| | | |
+------------------+------------------------------+----------------------------+
| visibility = 1 | editor | editor |
| | + owner of the work | + any student |
+------------------+------------------------------+----------------------------+
(editor = teacher + admin + anybody with right api_is_allowed_to_edit)
*/
$work_is_visible = $item_info['visibility'] == 1 && $row['accepted'] == 1;
$doc_visible_for_all = $course_info['show_score'] == 1;
$is_editor = api_is_allowed_to_edit(true, true, true);
$student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);
if ($is_editor || $student_is_owner_of_work || $doc_visible_for_all && $work_is_visible) {
$title = str_replace(' ', '_', $row['title']);
event_download($title);
if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) {
DocumentManager::file_send_for_download($full_file_name, true, $title);
}
} else {
api_not_allowed();
}
}
} else {
api_not_allowed();
}
exit;
}
$usergroup = new UserGroup();
// allow to the correct user for download this file
$not_allowed_to_edit = false;
if (!empty($row_users['group_id'])) {
$users_group = $usergroup->get_all_users_by_group($row_users['group_id']);
if (!in_array($current_uid, array_keys($users_group))) {
$not_allowed_to_edit = true;
}
} else {
if ($current_uid != $message_uid) {
$not_allowed_to_edit = true;
}
}
if ($not_allowed_to_edit) {
api_not_allowed();
exit;
}
// set the path directory file
if (!empty($row_users['group_id'])) {
$path_user_info = $usergroup->get_group_picture_path_by_id($row_users['group_id'], 'system', true);
} else {
$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true);
}
$full_file_name = $path_user_info['dir'] . 'message_attachments/' . $file_url;
if (Security::check_abs_path($full_file_name, $path_user_info['dir'] . 'message_attachments/')) {
// launch event
event_download($file_url);
DocumentManager::file_send_for_download($full_file_name, TRUE, $title);
}
exit;
