/** * @param string $name * @param Request $request * @return Response */ public function classicAction($name, Request $request) { // get. $_GET = $request->query->all(); // post. $_POST = $request->request->all(); $rootDir = $this->get('kernel')->getRealRootDir(); //$_REQUEST = $request->request->all(); $mainPath = $rootDir . 'main/'; $fileToLoad = $mainPath . $name; // Setting legacy values inside the container /** @var Connection $dbConnection */ $dbConnection = $this->container->get('database_connection'); $em = $this->get('kernel')->getContainer()->get('doctrine.orm.entity_manager'); $database = new \Database($dbConnection, array()); $database->setConnection($dbConnection); $database->setManager($em); Container::$container = $this->container; Container::$dataDir = $this->container->get('kernel')->getDataDir(); Container::$courseDir = $this->container->get('kernel')->getDataDir(); //Container::$configDir = $this->container->get('kernel')->getConfigDir(); $this->container->get('twig')->addGlobal('api_get_cidreq', api_get_cidreq()); //$breadcrumb = $this->container->get('chamilo_core.block.breadcrumb'); if (is_file($fileToLoad) && \Security::check_abs_path($fileToLoad, $mainPath)) { // Files inside /main need this variables to be set $is_allowed_in_course = api_is_allowed_in_course(); $is_courseAdmin = api_is_course_admin(); $is_platformAdmin = api_is_platform_admin(); $toolNameFromFile = basename(dirname($fileToLoad)); $charset = 'UTF-8'; // Default values $_course = api_get_course_info(); $_user = api_get_user_info(); $debug = $this->container->get('kernel')->getEnvironment() == 'dev' ? true : false; // Loading file ob_start(); require_once $fileToLoad; $out = ob_get_contents(); ob_end_clean(); // No browser cache when executing an exercise. if ($name == 'exercice/exercise_submit.php') { $responseHeaders = array('cache-control' => 'no-store, no-cache, must-revalidate'); } $js = isset($htmlHeadXtra) ? $htmlHeadXtra : array(); // $interbreadcrumb is loaded in the require_once file. $interbreadcrumb = isset($interbreadcrumb) ? $interbreadcrumb : null; $template = Container::$legacyTemplate; $defaultLayout = 'layout_one_col.html.twig'; if (!empty($template)) { $defaultLayout = $template; } return $this->render('ChamiloCoreBundle::' . $defaultLayout, array('legacy_breadcrumb' => $interbreadcrumb, 'content' => $out, 'js' => $js)); } else { // Found does not exist throw new NotFoundHttpException(); } }
* @author Thomas Depraetere, Hugues Peeters, Christophe Gesche: initial versions * @author Bert Vanderkimpen, improved self-unsubscribe for cvs * @author Patrick Cool, show group comment under the group name * @author Roan Embrechts, initial self-unsubscribe code, code cleaning, virtual course support * @author Bart Mollet, code cleaning, use of Display-library, list of courseAdmin-tools, use of GroupManager * @package chamilo.group */ //require_once '../inc/global.inc.php'; $this_section = SECTION_COURSES; $current_course_tool = TOOL_GROUP; // Notice for unauthorized people. api_protect_course_script(true); $nameTools = get_lang('GroupOverview'); $courseId = api_get_course_int_id(); $courseInfo = api_get_course_info(); $is_allowed_in_course = api_is_allowed_in_course(); $keyword = isset($_GET['keyword']) ? $_GET['keyword'] : null; if (isset($_GET['action'])) { switch ($_GET['action']) { case 'export_all': $data = GroupManager::exportCategoriesAndGroupsToArray(null, true); Export::arrayToCsv($data); exit; break; case 'export_pdf': $content = GroupManager::getOverview($courseId, $keyword); $pdf = new PDF(); $extra = '<div style="text-align:center"><h2>' . get_lang('GroupList') . '</h2></div>'; $extra .= '<strong>' . get_lang('Course') . ': </strong>' . $courseInfo['title'] . ' (' . $courseInfo['code'] . ')'; $content = $extra . $content; $pdf->content_to_pdf($content, null, null, api_get_course_id());
/** * Function used to protect a course script. * The function blocks access when * - there is no $_SESSION["_course"] defined; or * - $is_allowed_in_course is set to false (this depends on the course * visibility and user status). * * This is only the first proposal, test and improve! * @param boolean Option to print headers when displaying error message. Default: false * @param boolean Whether session admins should be allowed or not. * @return boolean True if the user has access to the current course or is out of a course context, false otherwise * @todo replace global variable * @author Roan Embrechts */ function api_protect_course_script($print_headers = false, $allow_session_admins = false, $allow_drh = false) { $is_allowed_in_course = api_is_allowed_in_course(); $is_visible = false; $course_info = api_get_course_info(); if (empty($course_info)) { api_not_allowed($print_headers); return false; } if (api_is_drh()) { return true; } if (api_is_platform_admin($allow_session_admins)) { return true; } if (isset($course_info) && isset($course_info['visibility'])) { switch ($course_info['visibility']) { default: case COURSE_VISIBILITY_CLOSED: // Completely closed: the course is only accessible to the teachers. - 0 if (api_get_user_id() && !api_is_anonymous() && $is_allowed_in_course) { $is_visible = true; } break; case COURSE_VISIBILITY_REGISTERED: // Private - access authorized to course members only - 1 if (api_get_user_id() && !api_is_anonymous() && $is_allowed_in_course) { $is_visible = true; } break; case COURSE_VISIBILITY_OPEN_PLATFORM: // Open - access allowed for users registered on the platform - 2 if (api_get_user_id() && !api_is_anonymous() && $is_allowed_in_course) { $is_visible = true; } break; case COURSE_VISIBILITY_OPEN_WORLD: //Open - access allowed for the whole world - 3 $is_visible = true; break; case COURSE_VISIBILITY_HIDDEN: //Completely closed: the course is only accessible to the teachers. - 0 if (api_is_platform_admin()) { $is_visible = true; } break; } //If password is set and user is not registered to the course then the course is not visible if ($is_allowed_in_course == false & isset($course_info['registration_code']) && !empty($course_info['registration_code'])) { $is_visible = false; } } //Check session visibility $session_id = api_get_session_id(); if (!empty($session_id)) { //$is_allowed_in_course was set in local.inc.php if (!$is_allowed_in_course) { $is_visible = false; } } if (!$is_visible) { api_not_allowed($print_headers); return false; } return true; }
/** * Return true if the documentpath have visibility=1 as * item_property (you should use the is_visible_by_id) * * @param string $document_path the relative complete path of the document * @param array $course the _course array info of the document's course * @param int * @param string * @return bool */ public static function is_visible($doc_path, $course, $session_id = 0, $file_type = 'file') { $docTable = Database::get_course_table(TABLE_DOCUMENT); $propTable = Database::get_course_table(TABLE_ITEM_PROPERTY); $course_id = $course['real_id']; //note the extra / at the end of doc_path to match every path in the document table that is part of the document path $session_id = intval($session_id); $condition = "AND d.session_id IN ('{$session_id}', '0') "; // The " d.filetype='file' " let the user see a file even if the folder is hidden see #2198 /* When using hotpotatoes files, a new html files are generated in the hotpotatoes folder to display the test. The genuine html file is copied to math4.htm(user_id).t.html Images files are not copied, and keep same name. To check the html file visibility, we don't have to check file math4.htm(user_id).t.html but file math4.htm In this case, we have to remove (user_id).t.html to check the visibility of the file For images, we just check the path of the image file. Exemple of hotpotatoes folder : A.jpg maths4-consigne.jpg maths4.htm maths4.htm1.t.html maths4.htm52.t.html maths4.htm654.t.html omega.jpg theta.jpg */ if (strpos($doc_path, 'HotPotatoes_files') && preg_match("/\\.t\\.html\$/", $doc_path)) { $doc_path = substr($doc_path, 0, strlen($doc_path) - 7 - strlen(api_get_user_id())); } if (!in_array($file_type, array('file', 'folder'))) { $file_type = 'file'; } $sql = "SELECT visibility\n FROM {$docTable} d\n INNER JOIN {$propTable} ip\n ON (d.id = ip.ref AND d.c_id = {$course_id} AND ip.c_id = {$course_id})\n \t\tWHERE\n \t\t ip.tool = '" . TOOL_DOCUMENT . "' {$condition} AND\n \t\t\tfiletype = '{$file_type}' AND\n \t\t\tlocate(concat(path,'/'), '" . Database::escape_string($doc_path . '/') . "')=1\n "; $result = Database::query($sql); $is_visible = false; if (Database::num_rows($result) > 0) { $row = Database::fetch_array($result, 'ASSOC'); if ($row['visibility'] == 1) { $is_visible = api_is_allowed_in_course() || api_is_platform_admin(); } } /* improved protection of documents viewable directly through the url: incorporates the same protections of the course at the url of documents: access allowed for the whole world Open, access allowed for users registered on the platform Private access, document accessible only to course members (see the Users list), Completely closed; the document is only accessible to the course admin and teaching assistants.*/ //return $_SESSION ['is_allowed_in_course'] || api_is_platform_admin(); return $is_visible; }
/** * This function displays a wiki entry * @author Patrick Cool <*****@*****.**>, Ghent University * @author Juan Carlos Raña Trabado * @param string $newtitle * @return string html code **/ public function display_wiki_entry($newtitle) { $tbl_wiki = $this->tbl_wiki; $tbl_wiki_conf = $this->tbl_wiki_conf; $condition_session = $this->condition_session; $groupfilter = $this->groupfilter; $page = $this->page; $session_id = api_get_session_id(); $course_id = api_get_course_int_id(); if ($newtitle) { $pageMIX = $newtitle; //display the page after it is created } else { $pageMIX = $page; //display current page } $filter = null; if (isset($_GET['view']) && $_GET['view']) { $_clean['view'] = Database::escape_string($_GET['view']); $filter = ' AND w.id="' . $_clean['view'] . '"'; } // First, check page visibility in the first page version $sql = 'SELECT * FROM ' . $tbl_wiki . ' WHERE c_id = ' . $course_id . ' AND reflink="' . Database::escape_string($pageMIX) . '" AND ' . $groupfilter . $condition_session . ' ORDER BY id ASC'; $result = Database::query($sql); $row = Database::fetch_array($result, 'ASSOC'); $KeyVisibility = $row['visibility']; // second, show the last version $sql = 'SELECT * FROM ' . $tbl_wiki . ' w INNER JOIN ' . $tbl_wiki_conf . ' wc ON (wc.page_id = w.page_id AND wc.c_id = w.c_id) WHERE w.c_id = ' . $course_id . ' AND w.reflink = "' . Database::escape_string($pageMIX) . '" AND w.session_id = ' . $session_id . ' AND w.' . $groupfilter . ' ' . $filter . ' ORDER BY id DESC'; $result = Database::query($sql); // we do not need a while loop since we are always displaying the last version $row = Database::fetch_array($result, 'ASSOC'); //log users access to wiki (page_id) if (!empty($row['page_id'])) { Event::addEvent(LOG_WIKI_ACCESS, LOG_WIKI_PAGE_ID, $row['page_id']); } //update visits if ($row['id']) { $sql = 'UPDATE ' . $tbl_wiki . ' SET hits=(hits+1) WHERE c_id = ' . $course_id . ' AND id=' . $row['id'] . ''; Database::query($sql); } // if both are empty and we are displaying the index page then we display the default text. if ($row['content'] == '' && $row['title'] == '' && $page == 'index') { if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) { //Table structure for better export to pdf $default_table_for_content_Start = '<table align="center" border="0"><tr><td align="center">'; $default_table_for_content_End = '</td></tr></table>'; $content = $default_table_for_content_Start . sprintf(get_lang('DefaultContent'), api_get_path(WEB_IMG_PATH)) . $default_table_for_content_End; $title = get_lang('DefaultTitle'); } else { return self::setMessage(Display::display_normal_message(get_lang('WikiStandBy'), false, true)); } } else { $content = Security::remove_XSS($row['content']); $title = Security::remove_XSS($row['title']); } //assignment mode: identify page type $icon_assignment = null; if ($row['assignment'] == 1) { $icon_assignment = Display::return_icon('wiki_assignment.png', get_lang('AssignmentDescExtra'), '', ICON_SIZE_SMALL); } elseif ($row['assignment'] == 2) { $icon_assignment = Display::return_icon('wiki_work.png', get_lang('AssignmentWork'), '', ICON_SIZE_SMALL); } //task mode $icon_task = null; if (!empty($row['task'])) { $icon_task = Display::return_icon('wiki_task.png', get_lang('StandardTask'), '', ICON_SIZE_SMALL); } // Show page. Show page to all users if isn't hide page. Mode assignments: if student is the author, can view if ($KeyVisibility == "1" || api_is_allowed_to_edit(false, true) || api_is_platform_admin() || $row['assignment'] == 2 && $KeyVisibility == "0" && api_get_user_id() == $row['user_id']) { $actionsLeft = ''; // menu edit page $editLink = '<a href="index.php?' . api_get_cidreq() . '&action=edit&title=' . api_htmlentities(urlencode($page)) . '"' . self::is_active_navigation_tab('edit') . '>' . Display::return_icon('edit.png', get_lang('EditThisPage'), '', ICON_SIZE_MEDIUM) . '</a>'; if (api_is_allowed_to_edit(false, true)) { $actionsLeft .= $editLink; } else { if ((api_is_allowed_in_course() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) && $page != 'index') { $actionsLeft .= $editLink; } else { $actionsLeft .= ''; } } $actionsRight = ''; $protect_page = null; $lock_unlock_protect = null; // page action: protecting (locking) the page if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { if (self::check_protect_page() == 1) { $protect_page = Display::return_icon('lock.png', get_lang('PageLockedExtra'), '', ICON_SIZE_MEDIUM); $lock_unlock_protect = 'unlock'; } else { $protect_page = Display::return_icon('unlock.png', get_lang('PageUnlockedExtra'), '', ICON_SIZE_MEDIUM); $lock_unlock_protect = 'lock'; } } if ($row['id']) { $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=showpage&actionpage=' . $lock_unlock_protect . '&title=' . api_htmlentities(urlencode($page)) . '">' . $protect_page . '</a>'; } $visibility_page = null; $lock_unlock_visibility = null; //page action: visibility if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { if (self::check_visibility_page() == 1) { $visibility_page = Display::return_icon('visible.png', get_lang('ShowPageExtra'), '', ICON_SIZE_MEDIUM); $lock_unlock_visibility = 'invisible'; } else { $visibility_page = Display::return_icon('invisible.png', get_lang('HidePageExtra'), '', ICON_SIZE_MEDIUM); $lock_unlock_visibility = 'visible'; } } if ($row['id']) { $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=showpage&actionpage=' . $lock_unlock_visibility . '&title=' . api_htmlentities(urlencode($page)) . '">' . $visibility_page . '</a>'; } //page action: notification if (api_is_allowed_to_session_edit()) { if (self::check_notify_page($page) == 1) { $notify_page = Display::return_icon('messagebox_info.png', get_lang('NotifyByEmail'), '', ICON_SIZE_MEDIUM); $lock_unlock_notify_page = 'unlocknotify'; } else { $notify_page = Display::return_icon('mail.png', get_lang('CancelNotifyByEmail'), '', ICON_SIZE_MEDIUM); $lock_unlock_notify_page = 'locknotify'; } } // Only available if row['id'] is set if ($row['id']) { if (api_is_allowed_to_session_edit(false, true) && api_is_allowed_to_edit() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) { // menu discuss page $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=discuss&title=' . api_htmlentities(urlencode($page)) . '" ' . self::is_active_navigation_tab('discuss') . '>' . Display::return_icon('discuss.png', get_lang('DiscussThisPage'), '', ICON_SIZE_MEDIUM) . '</a>'; } //menu history $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=history&title=' . api_htmlentities(urlencode($page)) . '" ' . self::is_active_navigation_tab('history') . '>' . Display::return_icon('history.png', get_lang('ShowPageHistory'), '', ICON_SIZE_MEDIUM) . '</a>'; //menu linkspages $actionsRight .= '<a href="index.php?' . api_get_cidreq() . 'action=links&title=' . api_htmlentities(urlencode($page)) . '" ' . self::is_active_navigation_tab('links') . '>' . Display::return_icon('what_link_here.png', get_lang('LinksPages'), '', ICON_SIZE_MEDIUM) . '</a>'; //menu delete wikipage if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { $actionsRight .= '<a href="index.php?action=delete&' . api_get_cidreq() . '&title=' . api_htmlentities(urlencode($page)) . '"' . self::is_active_navigation_tab('delete') . '>' . Display::return_icon('delete.png', get_lang('DeleteThisPage'), '', ICON_SIZE_MEDIUM) . '</a>'; } $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=showpage&actionpage=' . $lock_unlock_notify_page . '&title=' . api_htmlentities(urlencode($page)) . '">' . $notify_page . '</a>'; // Page action: copy last version to doc area if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=export2doc&wiki_id=' . $row['id'] . '">' . Display::return_icon('export_to_documents.png', get_lang('ExportToDocArea'), '', ICON_SIZE_MEDIUM) . '</a>'; } $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=export_to_pdf&wiki_id=' . $row['id'] . '">' . Display::return_icon('pdf.png', get_lang('ExportToPDF'), '', ICON_SIZE_MEDIUM) . '</a>'; $unoconv = api_get_configuration_value('unoconv.binaries'); if ($unoconv) { $actionsRight .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'wiki/index.php?action=export_to_doc_file&id=' . $row['id'] . '&' . api_get_cidreq() . '">' . Display::return_icon('export_doc.png', get_lang('ExportToDoc'), array(), ICON_SIZE_MEDIUM) . '</a>'; } //export to print ?> <script> function goprint() { var a = window.open('','','width=800,height=600'); a.document.open("text/html"); a.document.write(document.getElementById('wikicontent').innerHTML); a.document.close(); a.print(); } </script> <?php $actionsRight .= Display::url(Display::return_icon('printer.png', get_lang('Print'), '', ICON_SIZE_MEDIUM), '#', array('onclick' => "javascript: goprint();")); } echo Display::toolbarAction('toolbar-wikistudent', array(0 => $actionsLeft, 1 => $actionsRight)); if (empty($title)) { $pageTitle = get_lang('DefaultTitle'); } if (self::wiki_exist($title)) { $pageTitle = $icon_assignment . ' ' . $icon_task . ' ' . api_htmlentities($title); } else { $pageTitle = api_htmlentities($title); } $pageWiki = self::make_wiki_link_clickable(self::detect_external_link(self::detect_anchor_link(self::detect_mail_link(self::detect_ftp_link(self::detect_irc_link(self::detect_news_link($content))))))); $footerWiki = '<div id="wikifooter">' . get_lang('Progress') . ': ' . $row['progress'] * 10 . '% ' . get_lang('Rating') . ': ' . $row['score'] . ' ' . get_lang('Words') . ': ' . self::word_count($content) . '</div>'; echo Display::panel($pageWiki, $pageTitle, $footerWiki); } //end filter visibility }