/** * This function will import the zip file with the respective qti2 * @param array $array_file ($_FILES) */ function ch_qti2_import_file($array_file) { $unzip = 0; $process = process_uploaded_file($array_file, false); if (preg_match('/\\.zip$/i', $array_file['name'])) { // if it's a zip, allow zip upload $unzip = 1; } if ($process && $unzip == 1) { $main_path = api_get_path(SYS_CODE_PATH); require_once $main_path . 'exercice/export/exercise_import.inc.php'; require_once $main_path . 'exercice/export/qti2/qti2_classes.php'; return import_exercise($array_file['name']); } return 'langFileError'; }
/** * Creates a comment on a post in a given blog * @author Toon Keppens * @param String $title * @param String $full_text * @param Integer $blog_id * @param Integer $post_id * @param Integer $parent_id */ public static function create_comment($title, $full_text, $file_comment, $blog_id, $post_id, $parent_id, $task_id = 'NULL') { $_user = api_get_user_info(); $_course = api_get_course_info(); $blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT); $upload_ok = true; $has_attachment = false; $current_date = date('Y-m-d H:i:s', time()); $course_id = api_get_course_int_id(); if (!empty($_FILES['user_upload']['name'])) { $upload_ok = process_uploaded_file($_FILES['user_upload']); $has_attachment = true; } if ($upload_ok) { // Table Definition $tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS); // Create the comment $sql = "INSERT INTO {$tbl_blogs_comments} (c_id, title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id )\n\t\t\t\t\tVALUES ({$course_id}, '" . Database::escape_string($title) . "', '" . Database::escape_string($full_text) . "', '" . (int) $_user['user_id'] . "','" . $current_date . "', '" . (int) $blog_id . "', '" . (int) $post_id . "', '" . (int) $parent_id . "', '" . (int) $task_id . "')"; Database::query($sql); // Empty post values, or they are shown on the page again $last_id = Database::insert_id(); if ($last_id) { $sql = "UPDATE {$tbl_blogs_comments} SET comment_id = iid WHERE iid = {$last_id}"; Database::query($sql); } if ($has_attachment) { $courseDir = $_course['path'] . '/upload/blog'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']); // user's file name $file_name = $_FILES['user_upload']['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir . '/' . $new_file_name; $result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path); $comment = Database::escape_string($file_comment); // Storing the attachments if any if ($result) { $sql = 'INSERT INTO ' . $blog_table_attachment . '(c_id, filename,comment, path, post_id,size,blog_id,comment_id) ' . "VALUES ({$course_id}, '" . Database::escape_string($file_name) . "', '" . $comment . "', '" . Database::escape_string($new_file_name) . "' , '" . $post_id . "', '" . $_FILES['user_upload']['size'] . "', '" . $blog_id . "', '" . $last_id . "' )"; Database::query($sql); $id = Database::insert_id(); if ($id) { $sql = "UPDATE {$blog_table_attachment} SET id = iid WHERE iid = {$id}"; Database::query($sql); } } } } } }
/** * Uploads a document * * @param array $files the $_FILES variable * @param string $path * @param string $title * @param string $comment * @param int $unzip unzip or not the file * @param string $if_exists overwrite, rename or warn (default) * @param bool $index_document index document (search xapian module) * @param bool $show_output print html messages * @return array|bool */ public static function upload_document($files, $path, $title = null, $comment = null, $unzip = 0, $if_exists = null, $index_document = false, $show_output = false, $fileKey = 'file') { $course_info = api_get_course_info(); $sessionId = api_get_session_id(); $course_dir = $course_info['path'] . '/document'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $base_work_dir = $sys_course_path . $course_dir; if (isset($files[$fileKey])) { $upload_ok = process_uploaded_file($files[$fileKey], $show_output); if ($upload_ok) { // File got on the server without problems, now process it $new_path = handle_uploaded_document($course_info, $files[$fileKey], $base_work_dir, $path, api_get_user_id(), api_get_group_id(), null, $unzip, $if_exists, $show_output, false, null, $sessionId); if ($new_path) { $documentId = DocumentManager::get_document_id($course_info, $new_path, $sessionId); if (!empty($documentId)) { $table_document = Database::get_course_table(TABLE_DOCUMENT); $params = array(); /*if ($if_exists == 'rename') { // Remove prefix $suffix = DocumentManager::getDocumentSuffix( $course_info, $sessionId, api_get_group_id() ); $new_path = basename($new_path); $new_path = str_replace($suffix, '', $new_path); error_log('renamed'); error_log($new_path); $params['title'] = get_document_title($new_path); } else { if (!empty($title)) { $params['title'] = get_document_title($title); } else { $params['title'] = get_document_title($files['file']['name']); } }*/ if (!empty($comment)) { $params['comment'] = trim($comment); } Database::update($table_document, $params, array('id = ? AND c_id = ? ' => array($documentId, $course_info['real_id']))); } // Showing message when sending zip files if ($new_path === true && $unzip == 1 && $show_output) { Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br />', false); } if ($index_document) { self::index_document($documentId, $course_info['code'], null, $_POST['language'], $_REQUEST, $if_exists); } if (!empty($documentId) && is_numeric($documentId)) { $documentData = self::get_document_data_by_id($documentId, $course_info['code'], false, $sessionId); return $documentData; } } } } return false; }
/** * Add an attachment file into agenda * @param int $eventId * @param array $fileUserUpload ($_FILES['user_upload']) * @param string comment about file * @param array $courseInfo * @return string */ public function addAttachment($eventId, $fileUserUpload, $comment, $courseInfo) { $agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT); $eventId = intval($eventId); // Storing the attachments $upload_ok = false; if (!empty($fileUserUpload['name'])) { $upload_ok = process_uploaded_file($fileUserUpload); } if (!empty($upload_ok)) { $courseDir = $courseInfo['directory'] . '/upload/calendar'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $uploadDir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($fileUserUpload['name']), $fileUserUpload['type']); // user's file name $file_name = $fileUserUpload['name']; if (!filter_extension($new_file_name)) { return Display::return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error'); } else { $new_file_name = uniqid(''); $new_path = $uploadDir . '/' . $new_file_name; $result = @move_uploaded_file($fileUserUpload['tmp_name'], $new_path); $course_id = api_get_course_int_id(); $size = intval($fileUserUpload['size']); // Storing the attachments if any if ($result) { $params = ['c_id' => $course_id, 'filename' => $file_name, 'comment' => $comment, 'path' => $new_file_name, 'agenda_id' => $eventId, 'size' => $size]; $id = Database::insert($agenda_table_attachment, $params); if ($id) { $sql = "UPDATE {$agenda_table_attachment}\n SET id = iid WHERE iid = {$id}"; Database::query($sql); api_item_property_update($courseInfo, 'calendar_event_attachment', $id, 'AgendaAttachmentAdded', api_get_user_id()); } } } } }
/** * This function edits an attachment file into a forum * @param string $file_comment a comment about file * @param int $post_id * @param int $id_attach attachment file Id * @return void */ function edit_forum_attachment_file($file_comment, $post_id, $id_attach) { $_course = api_get_course_info(); $table_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT); $course_id = api_get_course_int_id(); $fileCount = count($_FILES['user_upload']['name']); $filesData = []; if (!is_array($_FILES['user_upload']['name'])) { $filesData[] = $_FILES['user_upload']; } else { $fileKeys = array_keys($_FILES['user_upload']); for ($i = 0; $i < $fileCount; $i++) { foreach ($fileKeys as $key) { $filesData[$i][$key] = $_FILES['user_upload'][$key][$i]; } } } foreach ($filesData as $attachment) { if (empty($attachment['name'])) { continue; } $upload_ok = process_uploaded_file($attachment); if (!$upload_ok) { continue; } $course_dir = $_course['path'] . '/upload/forum'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $course_dir; // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($attachment['name']), $attachment['type']); // User's file name $file_name = $attachment['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir . '/' . $new_file_name; $result = @move_uploaded_file($attachment['tmp_name'], $new_path); $safe_file_comment = Database::escape_string($file_comment); $safe_file_name = Database::escape_string($file_name); $safe_new_file_name = Database::escape_string($new_file_name); $safe_post_id = (int) $post_id; $safe_id_attach = (int) $id_attach; // Storing the attachments if any. if ($result) { $sql = "UPDATE {$table_forum_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', post_id = '{$safe_post_id}', size ='" . $attachment['size'] . "'\n WHERE c_id = {$course_id} AND id = '{$safe_id_attach}'"; Database::query($sql); api_item_property_update($_course, TOOL_FORUM_ATTACH, $safe_id_attach, 'ForumAttachmentUpdated', api_get_user_id()); } } } }
<input type="hidden" name="curdirpath" value="' . $curdirpath . '" /> </fieldset> </form> <hr> '; } elseif (isset($_GET['add_as_template']) && isset($_POST['create_template'])) { $document_id_for_template = intval($_GET['add_as_template']); $title = Security::remove_XSS($_POST['template_title']); $user_id = api_get_user_id(); // Create the template_thumbnails folder in the upload folder (if needed) if (!is_dir(api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/')) { @mkdir(api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/', api_get_permissions_for_new_directories()); } // Upload the file if (!empty($_FILES['template_image']['name'])) { $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one $new_file_name = $courseInfo['code'] . '-' . add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // Upload dir $upload_dir = api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/'; // Resize image to max default and end upload $temp = new Image($_FILES['template_image']['tmp_name']); $picture_info = $temp->get_image_info(); $max_width_for_picture = 100; if ($picture_info['width'] > $max_width_for_picture) { $temp->resize($max_width_for_picture); } $temp->send_image($upload_dir . $new_file_name); } }
/** * Add (or edit) a template. This function displays the form and also takes care of uploading the image and storing the information in the database * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version August 2008 * @since Dokeos 1.8.6 */ function add_edit_template() { // initiate the object $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . $_GET['action'] . '&id=' . $_GET['id']); // settting the form elements: the header if ($_GET['action'] == 'add') { $title = get_lang('AddTemplate'); } else { $title = get_lang('EditTemplate'); } $form->addElement('header', '', $title); // settting the form elements: the title of the template $form->add_textfield('title', get_lang('Title'), false); // settting the form elements: the content of the template (wysiwyg editor) $form->addElement('html_editor', 'template_text', get_lang('Text')); // settting the form elements: the form to upload an image to be used with the template $form->addElement('file', 'template_image', get_lang('Image'), ''); // settting the form elements: a little bit information about the template image $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70')); // getting all the information of the template when editing a template if ($_GET['action'] == 'edit') { // Database table definition $table_system_template = Database::get_main_table('system_template'); $sql = "SELECT * FROM {$table_system_template} WHERE id = '" . Database::escape_string($_GET['id']) . "'"; $result = api_sql_query($sql, __FILE__, __LINE__); $row = Database::fetch_array($result); $defaults['template_id'] = $_GET['id']; $defaults['template_text'] = $row['content']; $defaults['title'] = $row['title']; // adding an extra field: a hidden field with the id of the template we are editing $form->addElement('hidden', 'template_id'); // adding an extrra field: a preview of the image that is currently used if (!empty($row['image'])) { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>'); } else { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>'); } // setting the information of the template that we are editing $form->setDefaults($defaults); } // settting the form elements: the submit button $form->addElement('style_submit_button', 'submit', get_lang('Ok'), 'class="save"'); // setting the rules: the required fields $form->addRule('title', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('template_text', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required'); // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed) if ($form->validate()) { // exporting the values $values = $form->exportValues(); // upload the file if (!empty($_FILES['template_image']['name'])) { include_once api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php'; $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // upload dir $upload_dir = api_get_path(SYS_PATH) . 'home/default_platform_document/'; // create dir if not exists if (!is_dir($upload_dir)) { $perm = api_get_setting('permissions_for_new_directories'); $perm = octdec(!empty($perm) ? $perm : '0770'); $res = @mkdir($upload_dir, $perm); } // resize image to max default and upload require_once api_get_path(LIBRARY_PATH) . 'image.lib.php'; $temp = new image($_FILES['template_image']['tmp_name']); $picture_infos = @getimagesize($_FILES['template_image']['tmp_name']); $max_width_for_picture = 100; if ($picture_infos[0] > $max_width_for_picture) { $thumbwidth = $max_width_for_picture; if (empty($thumbwidth) or $thumbwidth == 0) { $thumbwidth = $max_width_for_picture; } $new_height = round($thumbwidth / $picture_infos[0] * $picture_infos[1]); $temp->resize($thumbwidth, $new_height, 0); } $type = $picture_infos[2]; switch (!empty($type)) { case 2: $temp->send_image('JPG', $upload_dir . $new_file_name); break; case 3: $temp->send_image('PNG', $upload_dir . $new_file_name); break; case 1: $temp->send_image('GIF', $upload_dir . $new_file_name); break; } } } // store the information in the database (as insert or as update) $table_system_template = Database::get_main_table('system_template'); if ($_GET['action'] == 'add') { $sql = "INSERT INTO {$table_system_template} (title, content, image) VALUES ('" . Database::escape_string($values['title']) . "','" . Database::escape_string($values['template_text']) . "','" . Database::escape_string($new_file_name) . "')"; $result = api_sql_query($sql, __FILE__, __LINE__); // display a feedback message Display::display_confirmation_message('TemplateAdded'); echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('add_template.gif', get_lang('AddTemplate')) . get_lang('AddTemplate') . '</a>'; } else { $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "',\n\t\t\t\t\t\t\t\t\t\t\t \t\t content = '" . Database::escape_string($values['template_text']) . "'"; if (!empty($new_file_name)) { $sql .= ", image = '" . Database::escape_string($new_file_name) . "'"; } $sql .= " WHERE id='" . Database::escape_string($_GET['id']) . "'"; $result = api_sql_query($sql, __FILE__, __LINE__); // display a feedback message Display::display_confirmation_message('TemplateEdited'); } display_templates(); } else { // display the form $form->display(); } }
/** * Uploads an author image to the upload/learning_path/images directory * @param array The image array, coming from the $_FILES superglobal * @return boolean True on success, false on error */ function upload_image($image_array) { $image_moved = false; if (!empty($image_array['name'])) { $upload_ok = process_uploaded_file($image_array); $has_attachment = true; } else { $image_moved = true; } if ($upload_ok) { if ($has_attachment) { $courseDir = api_get_course_path() . '/upload/learning_path/images'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']); if (!filter_extension($new_file_name)) { //Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); $image_moved = false; } else { $file_extension = explode('.', $image_array['name']); $file_extension = strtolower($file_extension[sizeof($file_extension) - 1]); $new_file_name = uniqid('') . '.' . $file_extension; $new_path = $updir . '/' . $new_file_name; //$result= @move_uploaded_file($image_array['tmp_name'], $new_path); // resize the image include_once api_get_path(LIBRARY_PATH) . 'image.lib.php'; $temp = new image($image_array['tmp_name']); $picture_infos = @getimagesize($image_array['tmp_name']); // $picture_infos[0]-> width if ($picture_infos[0] > 104) { $thumbwidth = 104; } else { $thumbwidth = $picture_infos[0]; } if ($picture_infos[1] > 96) { $new_height = 96; } else { $new_height = $picture_infos[1]; } //$new_height = round(($thumbwidth/$picture_infos[0])*$picture_infos[1]); $temp->resize($thumbwidth, $new_height, 0); $type = $picture_infos[2]; $result = false; switch ($type) { case 2: $result = $temp->send_image('JPG', $new_path); break; case 3: $result = $temp->send_image('PNG', $new_path); break; case 1: $result = $temp->send_image('GIF', $new_path); break; } $temp->resize($thumbwidth, $new_height, 0); $type = $picture_infos[2]; $result = false; switch ($type) { case 2: $result = $temp->send_image('JPG', $new_path); break; case 3: $result = $temp->send_image('PNG', $new_path); break; case 1: $result = $temp->send_image('GIF', $new_path); break; } // Storing the image filename if ($result) { $image_moved = true; $this->set_preview_image($new_file_name); return true; } } } } return false; }
/** * Add (or edit) a template. This function displays the form and also takes * care of uploading the image and storing the information in the database * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version August 2008 * @since Dokeos 1.8.6 */ function add_edit_template() { // Initialize the object. $id = isset($_GET['id']) ? '&id=' . Security::remove_XSS($_GET['id']) : ''; $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . Security::remove_XSS($_GET['action']) . $id); // Setting the form elements: the header. if ($_GET['action'] == 'add') { $title = get_lang('AddTemplate'); } else { $title = get_lang('EditTemplate'); } $form->addElement('header', '', $title); // Setting the form elements: the title of the template. $form->addText('title', get_lang('Title'), false); // Setting the form elements: the content of the template (wysiwyg editor). $form->addHtmlEditor('template_text', get_lang('Text'), false, false, array('ToolbarSet' => 'AdminTemplates', 'Width' => '100%', 'Height' => '400')); // Setting the form elements: the form to upload an image to be used with the template. $form->addElement('file', 'template_image', get_lang('Image'), ''); // Setting the form elements: a little bit information about the template image. $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70')); // Getting all the information of the template when editing a template. if ($_GET['action'] == 'edit') { // Database table definition. $table_system_template = Database::get_main_table('system_template'); $sql = "SELECT * FROM {$table_system_template} WHERE id = " . intval($_GET['id']) . ""; $result = Database::query($sql); $row = Database::fetch_array($result); $defaults['template_id'] = intval($_GET['id']); $defaults['template_text'] = $row['content']; // Forcing get_lang(). $defaults['title'] = get_lang($row['title']); // Adding an extra field: a hidden field with the id of the template we are editing. $form->addElement('hidden', 'template_id'); // Adding an extra field: a preview of the image that is currently used. if (!empty($row['image'])) { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>'); } else { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>'); } // Setting the information of the template that we are editing. $form->setDefaults($defaults); } // Setting the form elements: the submit button. $form->addButtonSave(get_lang('Ok'), 'submit'); // Setting the rules: the required fields. $form->addRule('template_image', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('template_text', get_lang('ThisFieldIsRequired'), 'required'); // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed) if ($form->validate()) { $check = Security::check_token('post'); if ($check) { // Exporting the values. $values = $form->exportValues(); // Upload the file. if (!empty($_FILES['template_image']['name'])) { $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // The upload directory. $upload_dir = api_get_path(SYS_APP_PATH) . 'home/default_platform_document/template_thumb/'; // Create the directory if it does not exist. if (!is_dir($upload_dir)) { mkdir($upload_dir, api_get_permissions_for_new_directories()); } // Resize the preview image to max default and upload. $temp = new Image($_FILES['template_image']['tmp_name']); $picture_info = $temp->get_image_info(); $max_width_for_picture = 100; if ($picture_info['width'] > $max_width_for_picture) { $temp->resize($max_width_for_picture); } $temp->send_image($upload_dir . $new_file_name); } } // Store the information in the database (as insert or as update). $table_system_template = Database::get_main_table('system_template'); if ($_GET['action'] == 'add') { $content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY); $params = ['title' => $values['title'], 'content' => $content_template, 'image' => $new_file_name]; Database::insert($table_system_template, $params); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateAdded')); echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>'; } else { $content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>' . Database::escape_string($values['template_text']) . '</body>'; $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "', content = '" . $content_template . "'"; if (!empty($new_file_name)) { $sql .= ", image = '" . Database::escape_string($new_file_name) . "'"; } $sql .= " WHERE id = " . intval($_GET['id']) . ""; Database::query($sql); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateEdited')); } } Security::clear_token(); display_templates(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); // Display the form. $form->display(); } }
/** * Uploads the nanogong wav file * @param bool */ public function upload_file($is_nano = false) { if (!empty($_FILES)) { $upload_ok = process_uploaded_file($_FILES['file'], false); if (!is_uploaded_file($_FILES['file']['tmp_name'])) { return 0; } if ($upload_ok) { // Check if there is enough space to save the file if (!DocumentManager::enough_space($_FILES['file']['size'], DocumentManager::get_course_quota())) { return 0; } //first we delete everything before uploading the file $this->delete_files(); //Reload the filename variable $file_name = add_ext_on_mime($_FILES['file']['name'], $_FILES['file']['type']); $file_name = strtolower($file_name); $file_info = pathinfo($file_name); if ($is_nano == true) { $file_info['extension'] = 'wav'; } $file_name = $this->filename . '.' . $file_info['extension']; if (in_array($file_info['extension'], $this->available_extensions)) { if (move_uploaded_file($_FILES['file']['tmp_name'], $this->store_path . $file_name)) { $this->store_filename = $this->store_path . $file_name; return 1; } } } } return 0; }
/** * @return array|null|string */ function store_add_dropbox() { $_course = api_get_course_info(); $_user = api_get_user_info(); $dropbox_cnf = getDropboxConf(); // Validating the form data // there are no recipients selected if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) { return get_lang('YouMustSelectAtLeastOneDestinee'); } else { // Check if all the recipients are valid $thisIsAMailing = false; $thisIsJustUpload = false; foreach ($_POST['recipients'] as $rec) { if ($rec == 'mailing') { $thisIsAMailing = true; } elseif ($rec == 'upload') { $thisIsJustUpload = true; } elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) { return get_lang('InvalideUserDetected'); } elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) { return get_lang('InvalideGroupDetected'); } } } // we are doing a mailing but an additional recipient is selected if ($thisIsAMailing && count($_POST['recipients']) != 1) { return get_lang('MailingSelectNoOther'); } // we are doing a just upload but an additional recipient is selected. // note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails) if ($thisIsJustUpload && count($_POST['recipients']) != 1) { return get_lang('MailingJustUploadSelectNoOther'); } if (empty($_FILES['file']['name'])) { $error = true; return get_lang('NoFileSpecified'); } // are we overwriting a previous file or sending a new one $dropbox_overwrite = false; if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) { $dropbox_overwrite = true; } // doing the upload $dropbox_filename = $_FILES['file']['name']; $dropbox_filesize = $_FILES['file']['size']; $dropbox_filetype = $_FILES['file']['type']; $dropbox_filetmpname = $_FILES['file']['tmp_name']; // check if the filesize does not exceed the allowed size. if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) { return get_lang('DropboxFileTooBig'); // TODO: The "too big" message does not fit in the case of uploading zero-sized file. } // check if the file is actually uploaded if (!is_uploaded_file($dropbox_filetmpname)) { // check user fraud : no clean error msg. return get_lang('TheFileIsNotUploaded'); } $upload_ok = process_uploaded_file($_FILES['file'], true); if (!$upload_ok) { return null; } // Try to add an extension to the file if it hasn't got one $dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype); // Replace dangerous characters $dropbox_filename = replace_dangerous_char($dropbox_filename); // Transform any .php file in .phps fo security $dropbox_filename = php2phps($dropbox_filename); //filter extension if (!filter_extension($dropbox_filename)) { return get_lang('UplUnableToSaveFileFilteredExtension'); } // set title $dropbox_title = $dropbox_filename; // set author if (!isset($_POST['authors'])) { $_POST['authors'] = getUserNameFromId($_user['user_id']); } // note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload if ($dropbox_overwrite) { $dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor()); foreach ($dropbox_person->sentWork as $w) { if ($w->title == $dropbox_filename) { if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) { return get_lang('MailingNonMailingError'); } if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) { return get_lang('MailingJustUploadSelectNoOther'); } $dropbox_filename = $w->filename; $found = true; // note: do we still need this? break; } } } else { // rename file to login_filename_uniqueId format $dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid(''); } // creating the array that contains all the users who will receive the file $new_work_recipients = array(); foreach ($_POST['recipients'] as $rec) { if (strpos($rec, 'user_') === 0) { $new_work_recipients[] = substr($rec, strlen('user_')); } elseif (strpos($rec, 'group_') === 0) { $userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_'))); foreach ($userList as $usr) { if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) { $new_work_recipients[] = $usr['user_id']; } } } } @move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename); $b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox'); if ($b_send_mail) { foreach ($new_work_recipients as $recipient_id) { $recipent_temp = UserManager::get_user_info_by_id($recipient_id); $additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']); api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters); } } new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients); Security::clear_token(); return get_lang('FileUploadSucces'); }
$validationStatus = getWorkDateValidationStatus($homework); $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work.php?' . api_get_cidreq(), 'name' => get_lang('StudentPublications')); $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work_list.php?' . api_get_cidreq() . '&id=' . $workId, 'name' => $workInfo['title']); $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('UploadCorrections')); $form = new FormValidator('form', 'POST', api_get_self() . "?" . api_get_cidreq() . "&id=" . $workId, '', array('enctype' => "multipart/form-data")); $form->addElement('header', get_lang('UploadCorrections')); $form->addElement('file', 'file', get_lang('UploadADocument')); $form->add_real_progress_bar('uploadWork', 'file'); $form->addRule('file', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('hidden', 'id', $workId); $form->addButtonUpload(get_lang('Upload')); $error_message = null; $succeed = false; if ($form->validate()) { $values = $form->getSubmitValues(); $upload = process_uploaded_file($_FILES['file'], false); if ($upload) { $zip = new PclZip($_FILES['file']['tmp_name']); // Check the zip content (real size and file extension) $zipFileList = (array) $zip->listContent(); $realSize = 0; foreach ($zipFileList as &$this_content) { $realSize += $this_content['size']; } $maxSpace = DocumentManager::get_course_quota(); if (!DocumentManager::enough_space($realSize, $maxSpace)) { Display::addFlash(Display::return_message(get_lang('UplNotEnoughSpace'), 'warning')); } $folder = api_get_unique_id(); $destinationDir = api_get_path(SYS_ARCHIVE_PATH) . $folder; mkdir($destinationDir, api_get_permissions_for_new_directories(), true);
/** * Uploads an author image to the upload/learning_path/images directory * @param array The image array, coming from the $_FILES superglobal * @return boolean True on success, false on error */ public function upload_image($image_array) { $image_moved = false; if (!empty($image_array['name'])) { $upload_ok = process_uploaded_file($image_array); $has_attachment = true; } else { $image_moved = true; } if ($upload_ok) { if ($has_attachment) { $courseDir = api_get_course_path() . '/upload/learning_path/images'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']); if (!filter_extension($new_file_name)) { //Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); $image_moved = false; } else { $file_extension = explode('.', $image_array['name']); $file_extension = strtolower($file_extension[sizeof($file_extension) - 1]); $filename = uniqid(''); $new_file_name = $filename . '.' . $file_extension; $new_path = $updir . '/' . $new_file_name; // Resize the image. $temp = new Image($image_array['tmp_name']); $picture_infos = $temp->get_image_info(); if ($picture_infos['width'] > 104) { $thumbwidth = 104; } else { $thumbwidth = $picture_infos['width']; } if ($picture_infos['height'] > 96) { $new_height = 96; } else { $new_height = $picture_infos['height']; } $temp->resize($thumbwidth, $new_height, 0); $result = $temp->send_image($new_path); // Storing the image filename. if ($result) { $image_moved = true; $this->set_preview_image($new_file_name); //Resize to 64px to use on course homepage $temp->resize(64, 64, 0); $temp->send_image($updir . '/' . $filename . '.64.' . $file_extension); return true; } } } } return false; }
/** * Imports the zip file * @param array $array_file ($_FILES) */ function aiken_import_file($array_file) { $unzip = 0; $process = process_uploaded_file($array_file, false); if (preg_match('/\\.(zip|txt)$/i', $array_file['name'])) { // if it's a zip, allow zip upload $unzip = 1; } if ($process && $unzip == 1) { $imported = aiken_import_exercise($array_file['name']); if (is_numeric($imported) && !empty($imported)) { return $imported; } else { $msg = Display::return_message(get_lang($imported), 'error'); return $msg; } } }
/** * Handles uploaded missing images * * @author Hugues Peeters <*****@*****.**> * @author Bert Vanderkimpen * @param array $_course * @param array $uploaded_file_collection - follows the $_FILES Structure * @param string $base_work_dir * @param string $missing_files_dir * @param int $user_id * @param int $max_filled_space */ function move_uploaded_file_collection_into_directory($_course, $uploaded_file_collection, $base_work_dir, $missing_files_dir, $user_id, $to_group_id, $to_user_id, $max_filled_space) { $number_of_uploaded_images = count($uploaded_file_collection['name']); $new_file_list = array(); for ($i = 0; $i < $number_of_uploaded_images; $i++) { $missing_file['name'] = $uploaded_file_collection['name'][$i]; $missing_file['type'] = $uploaded_file_collection['type'][$i]; $missing_file['tmp_name'] = $uploaded_file_collection['tmp_name'][$i]; $missing_file['error'] = $uploaded_file_collection['error'][$i]; $missing_file['size'] = $uploaded_file_collection['size'][$i]; $upload_ok = process_uploaded_file($missing_file); if ($upload_ok) { $new_file_list[] = handle_uploaded_document($_course, $missing_file, $base_work_dir, $missing_files_dir, $user_id, $to_group_id, $to_user_id, $max_filled_space, 0, 'overwrite'); } unset($missing_file); } return $new_file_list; }
require_once 'tesUpload/html/upload_helper.php'; ?> <html> <head> <title>File Upload</title> <link rel="stylesheet" type="text/css" href="/scripts/tesUpload/html/upload.css"> <script language="javascript" type="text/javascript" src="/scripts/tesUpload/html/prototype.js"></script> <script language="javascript" type="text/javascript" src="/scripts/tesUpload/html/upload.js"></script> </head> <?php $uploaded_file = false; if (isset($_POST['userfile']) && ($sid = $_POST['userfile']) && !empty($sid)) { require_once 'tesUpload/html/read_settings.php'; require_once 'tesUpload/html/receive_helper.php'; $file = tes_receive($sid); $uploaded_file = process_uploaded_file($file, "{$tes_upload_dir}/{$file}", true); } ?> <body> <form name="postform" method="post" action="<?php echo $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING']; ?> " enctype="multipart/form-data"> <input type="hidden" name="doctype" value="<?php echo isset($_REQUEST['doctype']) ? $_REQUEST['doctype'] : 'img'; ?> " /> <?php echo tes_upload_value('userfile'); ?> 1) Click this button and select the file to upload from your computer:<br><br>
$path = '/'; } /** * Header */ $nameTools = get_lang('UplUploadDocument'); $interbreadcrumb[] = array("url" => "./document.php?curdirpath=" . urlencode($path) . $req_gid, "name" => $langDocuments); Display::display_header($nameTools, "Doc"); //show the title api_display_tool_title($nameTools . $add_group_to_title); /** * Process */ //user has submitted a file if (isset($_FILES['user_upload'])) { $upload_ok = process_uploaded_file($_FILES['user_upload']); if ($upload_ok) { //file got on the server without problems, now process it $new_path = handle_uploaded_document($_course, $_FILES['user_upload'], $base_work_dir, $_POST['curdirpath'], $_user['user_id'], $to_group_id, $to_user_id, $_POST['unzip'], $_POST['if_exists']); $new_comment = isset($_POST['comment']) ? trim($_POST['comment']) : ''; $new_title = isset($_POST['title']) ? trim($_POST['title']) : ''; if ($new_path && ($new_comment || $new_title)) { if ($docid = DocumentManager::get_document_id($_course, $new_path)) { $table_document = Database::get_course_table(TABLE_DOCUMENT); $ct = ''; if ($new_comment) { $ct .= ", comment='{$new_comment}'"; } if ($new_title) { $ct .= ", title='{$new_title}'"; }
/** * @param array $values * @param array $file $_FILES['uploaded_file'] * @param bool $deleteFile */ public function save($values, $file = array(), $deleteFile = false) { $table = Database::get_main_table('session_rel_course_legal'); $courseId = $values['c_id']; $sessionId = $values['session_id']; $conditions = array('c_id' => $courseId, 'session_id' => $sessionId); $course = api_get_course_info_by_id($courseId); $legalData = $this->getData($courseId, $sessionId); $coursePath = api_get_path(SYS_COURSE_PATH) . $course['directory'] . '/courselegal'; $uploadResult = $coursePath . '/' . $legalData['filename']; if (!is_dir($coursePath)) { mkdir($coursePath, api_get_permissions_for_new_directories()); } $uploadOk = process_uploaded_file($file, false); $fileName = null; if ($uploadOk) { $uploadResult = handle_uploaded_document($course, $file, $coursePath, '/', api_get_user_id(), api_get_group_id(), null, false, false, false, true); if ($uploadResult) { $fileName = basename($uploadResult); // Delete old one if exists. if ($legalData) { if (!empty($legalData['filename'])) { $fileToDelete = $coursePath . '/' . $legalData['filename']; if (file_exists($fileToDelete)) { unlink($fileToDelete); } } } } } $conditions['content'] = $values['content']; $conditions['filename'] = $fileName; if (empty($legalData)) { $id = Database::insert($table, $conditions); } else { $id = $legalData['id']; $updateParams = array('content' => $values['content']); if (!empty($fileName)) { $updateParams['filename'] = $fileName; } Database::update($table, $updateParams, array('id = ? ' => $id)); } if ($deleteFile) { Database::update($table, array('filename' => ''), array('id = ? ' => $id)); if (!empty($legalData['filename'])) { $fileToDelete = $coursePath . '/' . $legalData['filename']; if (file_exists($fileToDelete)) { unlink($fileToDelete); } } } if (isset($values['remove_previous_agreements']) && !empty($values['remove_previous_agreements'])) { $this->removePreviousAgreements($courseId, $sessionId); } $warnUsers = isset($values['warn_users_by_email']) ? $values['warn_users_by_email'] : null; switch ($warnUsers) { case '1': // Nothing break; case '2': // Send mail $this->warnUsersByEmail($courseId, $sessionId); break; case '3': // Send mail + attachment if exists. if (!empty($legalData['filename'])) { $this->warnUsersByEmail($courseId, $sessionId, $uploadResult); } break; } }
/** * This function edit a attachment file into agenda * @param string a comment about file * @param int Agenda Id * @param int attachment file Id */ function edit_agenda_attachment_file($file_comment, $agenda_id, $id_attach) { global $_course; $agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT); // Storing the attachments if (!empty($_FILES['user_upload']['name'])) { $upload_ok = process_uploaded_file($_FILES['user_upload']); } if (!empty($upload_ok)) { $courseDir = $_course['path'] . '/upload/calendar'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']); // user's file name $file_name = $_FILES['user_upload']['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir . '/' . $new_file_name; $result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path); $safe_file_comment = Database::escape_string($file_comment); $safe_file_name = Database::escape_string($file_name); $safe_new_file_name = Database::escape_string($new_file_name); $safe_agenda_id = intval($agenda_id); $safe_id_attach = intval($id_attach); // Storing the attachments if any if ($result) { $sql = "UPDATE {$agenda_table_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', agenda_id = '{$safe_agenda_id}', size ='" . intval($_FILES['user_upload']['size']) . "'\n\t\t\t\t\t\t WHERE id = '{$safe_id_attach}'"; Database::query($sql); api_item_property_update($_course, 'calendar_event_attachment', $safe_id_attach, 'AgendaAttachmentUpdated', api_get_user_id()); } } } }