Exemple #1
0
 public function isAllowedToDownload($requestedUrl)
 {
     if (!$this->isModuleAllowed()) {
         return false;
     }
     if (claro_is_in_a_course()) {
         if (!claro_is_course_allowed()) {
             pushClaroMessage('course not allowed', 'debug');
             return false;
         } else {
             if (claro_is_in_a_group()) {
                 if (!claro_is_group_allowed()) {
                     pushClaroMessage('group not allowed', 'debug');
                     return false;
                 } else {
                     return true;
                 }
             } else {
                 return $this->isDocumentDownloadableInCourse($requestedUrl);
             }
         }
     } else {
         return false;
     }
 }
Exemple #2
0
 public function isAllowedToDownload($requestedUrl)
 {
     $fromCLLNP = isset($_SESSION['fromCLLNP']) && $_SESSION['fromCLLNP'] === true ? true : false;
     // unset CLLNP mode
     unset($_SESSION['fromCLLNP']);
     if (!$fromCLLNP || !$this->isModuleAllowed()) {
         return false;
     }
     if (claro_is_in_a_course()) {
         if (!claro_is_course_allowed()) {
             pushClaroMessage('course not allowed', 'debug');
             return false;
         } else {
             return $this->isDocumentDownloadableInCourse($requestedUrl);
         }
     } else {
         return false;
     }
 }
Exemple #3
0
<?php

// $Id: question_pool.php 14420 2013-04-12 12:22:30Z zefredz $
/**
 * CLAROLINE
 *
 * @version     $Revision: 14420 $
 * @copyright   (c) 2001-2011, Universite catholique de Louvain (UCL)
 * @license     http://www.gnu.org/copyleft/gpl.html (GPL) GENERAL PUBLIC LICENSE
 * @author      Claro Team <*****@*****.**>
 */
$tlabelReq = 'CLQWZ';
require '../../inc/claro_init_global.inc.php';
if (!claro_is_in_a_course() || !claro_is_course_allowed()) {
    claro_disp_auth_form(true);
}
$is_allowedToEdit = claro_is_allowed_to_edit();
// courseadmin reserved page
if (!$is_allowedToEdit) {
    header("Location: " . Url::Contextualize("../exercise.php"));
    exit;
}
require_once '../lib/add_missing_table.lib.php';
init_qwz_questions_categories();
// tool libraries
include_once '../lib/exercise.class.php';
include_once '../lib/question.class.php';
include_once '../lib/exercise.lib.php';
// claroline libraries
include_once get_path('incRepositorySys') . '/lib/form.lib.php';
include_once get_path('incRepositorySys') . '/lib/pager.lib.php';
Exemple #4
0
}
/*============================================================================
    Permissions
  ============================================================================*/
$assignmentIsVisible = (bool) ($assignment->getVisibility() == 'VISIBLE');
$is_allowedToEditAll = (bool) claro_is_allowed_to_edit();
if (!$assignmentIsVisible && !$is_allowedToEditAll) {
    // if assignment is not visible and user is not course admin or upper
    claro_redirect(Url::Contextualize('work.php'));
    exit;
}
// upload or update is allowed between start and end date or after end date if late upload is allowed
$uploadDateIsOk = $assignment->isUploadDateOk();
if ($assignment->getAssignmentType() == 'INDIVIDUAL') {
    // user is authed and allowed
    $userCanPost = (bool) (claro_is_user_authenticated() && claro_is_course_allowed() && claro_is_course_member());
} else {
    $userGroupList = get_user_group_list(claro_get_current_user_id());
    // check if user is member of at least one group
    $userCanPost = (bool) (!empty($userGroupList));
}
$is_allowedToSubmit = (bool) ($assignmentIsVisible && $uploadDateIsOk && $userCanPost) || $is_allowedToEditAll;
/*============================================================================
    Update notification
  ============================================================================*/
if (claro_is_user_authenticated()) {
    // call this function to set the __assignment__ as seen, all the submission as seen
    $claro_notifier->is_a_notified_ressource(claro_get_current_course_id(), $claro_notifier->get_notification_date(claro_get_current_user_id()), claro_get_current_user_id(), claro_get_current_group_id(), claro_get_current_tool_id(), $req['assignmentId']);
}
/*============================================================================
    Prepare List
Exemple #5
0
 * @copyright   (c) 2001-2011, Universite catholique de Louvain (UCL)
 *
 * @license http://www.gnu.org/copyleft/gpl.html (GPL) GENERAL PUBLIC LICENSE
 *
 * @see http://www.claroline.net/wiki/index.php/CLCHT
 *
 * @package CLCHT
 *
 * @author Claro Team <*****@*****.**>
 * @author Christophe Gesche <*****@*****.**>
 * @copyright   (c) 2001-2011, Universite catholique de Louvain (UCL)
 *
 */
$tlabelReq = 'CLCHT';
require '../inc/claro_init_global.inc.php';
if (!claro_is_in_a_course() || !claro_is_course_allowed() && !claro_is_user_authenticated()) {
    claro_disp_auth_form(true);
}
$_course = claro_get_current_course_data();
$nameTools = get_lang('Chat');
$titlePage = '';
if (!empty($nameTools)) {
    $titlePage .= $nameTools . ' - ';
}
if (!empty($_course['officialCode'])) {
    $titlePage .= $_course['officialCode'] . ' - ';
}
$titlePage .= get_conf('siteName');
// Redirect previously sent paramaters in the correct subframe (messageList.php)
$paramList = array();
if (isset($_REQUEST['gidReset']) && $_REQUEST['gidReset'] == TRUE) {
Exemple #6
0
        claro_disp_auth_form(true);
    } else {
        claro_die(get_lang("Not allowed"));
    }
}
// display mode
claro_set_display_mode_available(TRUE);
// check and set user access level for the tool
// set admin mode and groupId
$is_allowedToAdmin = claro_is_allowed_to_edit();
if (claro_is_in_a_group() && claro_is_group_allowed()) {
    // group context
    $groupId = (int) claro_get_current_group_id();
} elseif (claro_is_in_a_group() && !claro_is_group_allowed()) {
    claro_die(get_lang("Not allowed"));
} elseif (claro_is_course_allowed()) {
    // course context
    $groupId = 0;
} else {
    claro_disp_auth_form();
}
// require wiki files
require_once "lib/class.wiki.php";
require_once "lib/class.wikistore.php";
require_once "lib/class.wikipage.php";
require_once "lib/lib.requestfilter.php";
require_once "lib/lib.wikisql.php";
require_once "lib/lib.javascript.php";
require_once "lib/lib.wikidisplay.php";
$dialogBox = new DialogBox();
// filter request variables
Exemple #7
0
}
$calType = array_key_exists('calFormat', $_REQUEST) && array_key_exists($_REQUEST['calFormat'], $formatList) ? $_REQUEST['calFormat'] : get_conf('calType', 'ics');
// need to be in a course
if (!claro_is_in_a_course()) {
    die('<form >cidReq = <input name="cidReq" type="text"  /><input type="submit" /></form>');
}
if (!$_course['visibility'] && !claro_is_course_allowed()) {
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        header('WWW-Authenticate: Basic realm="' . get_lang('iCal feed for %course', array('%course' => $_course['name'])) . '"');
        header('HTTP/1.0 401 Unauthorized');
        echo '<h2>' . get_lang('You need to be authenticated with your %sitename account', array('%sitename' => $siteName)) . '</h2>' . '<a href="index.php?cidReq=' . claro_get_current_course_id() . '">' . get_lang('Retry') . '</a>';
        exit;
    } else {
        if (get_magic_quotes_gpc()) {
            $_REQUEST['login'] = stripslashes($_SERVER['PHP_AUTH_USER']);
            $_REQUEST['password'] = stripslashes($_SERVER['PHP_AUTH_PW']);
        } else {
            $_REQUEST['login'] = $_SERVER['PHP_AUTH_USER'];
            $_REQUEST['password'] = $_SERVER['PHP_AUTH_PW'];
        }
        require '../inc/claro_init_local.inc.php';
        if (!$_course['visibility'] && !claro_is_course_allowed()) {
            header('WWW-Authenticate: Basic realm="' . get_lang('iCal feed for %course', array('%course' => $_course['name'])) . '"');
            header('HTTP/1.0 401 Unauthorized');
            echo '<h2>' . get_lang('You need to be authenticated with your %sitename account', array('%sitename' => $siteName)) . '</h2>' . '<a href="index.php?cidReq=' . claro_get_current_course_id() . '">' . get_lang('Retry') . '</a>';
            exit;
        }
    }
}
// OK TO SEND FEED
claro_send_file(buildICal(array(CLARO_CONTEXT_COURSE => claro_get_current_course_id()), $calType));
Exemple #8
0
    $courseList = claro_sql_query_fetch_all($sql);
    $template = new CoreTemplate('select_course_form.tpl.php');
    $template->assign('formAction', $_SERVER['PHP_SELF']);
    $template->assign('sourceUrl', $sourceUrl);
    $template->assign('sourceCid', $sourceCid);
    $template->assign('sourceGid', $sourceGid);
    $template->assign('cidRequired', $cidRequired);
    $template->assign('courseList', $courseList);
    $claroline->display->body->appendContent($template->render());
    echo $claroline->display->render();
} else {
    if (!isset($userLoggedOnCas)) {
        $userLoggedOnCas = false;
    }
    $claroline->notifier->event('user_login', array('data' => array('ip' => $_SERVER['REMOTE_ADDR'])));
    if (claro_is_in_a_course() && !claro_is_course_allowed()) {
        $out = '';
        if ($_course['registrationAllowed']) {
            if (claro_is_user_authenticated()) {
                if (claro_is_current_user_enrolment_pending()) {
                    // enrolment pending message displayed by body.tpl
                } else {
                    // Display link to student to enrol to this course
                    $out .= '<p align="center">' . "\n" . get_lang('Your user profile doesn\'t seem to be enrolled on this course') . '<br />' . get_lang('If you wish to enrol on this course') . ' : ' . ' <a href="' . get_path('clarolineRepositoryWeb') . 'auth/courses.php?cmd=exReg&amp;course=' . urlencode(claro_get_current_course_id()) . '">' . get_lang('Enrolment') . '</a>' . "\n" . '</p>' . "\n";
                }
            } elseif (get_conf('allowSelfReg')) {
                // Display a link to anonymous to register on the platform
                $out .= '<p align="center">' . "\n" . get_lang('Create first a user account on this platform') . ' : ' . '<a href="' . get_path('clarolineRepositoryWeb') . 'auth/inscription.php">' . get_lang('Go to the account creation page') . '</a>' . "\n" . '</p>' . "\n";
            } else {
                // Anonymous cannot register on the platform
                $out .= '<p align="center">' . "\n" . get_lang('Registration not allowed on the platform') . '</p>' . "\n";
Exemple #9
0
function printInit($selection = "*")
{
    global $uidReset, $cidReset, $gidReset, $tidReset, $uidReq, $cidReq, $gidReq, $tidReq, $tlabelReq, $_user, $_course, $_groupUser, $_courseTool, $_SESSION, $_claro_local_run;
    if ($_claro_local_run) {
        echo "local init runned";
    } else {
        echo '<font color="red"> local init never runned during this script </font>';
    }
    echo '
<table width="100%" border="1" cellspacing="4" cellpadding="1" bordercolor="#808080" bgcolor="#C0C0C0" lang="en">
    <TR>';
    if ($selection == "*" or strstr($selection, "u")) {
        echo '
        <TD valign="top" >
            <strong>User</strong> :
            (_uid)             : ' . var_export(claro_get_current_user_id(), 1) . ' |
            (session[_uid]) : ' . var_export($_SESSION["_uid"], 1) . '
            <br />
            reset = ' . var_export($uidReset, 1) . ' |
            req = ' . var_export($uidReq, 1) . '<br />
            _user : <pre>' . var_export($_user, 1) . '</pre>
            <br />is_platformAdmin            :' . var_export(claro_is_platform_admin(), 1) . '
            <br />is_allowedCreateCourse    :' . var_export(claro_is_allowed_to_create_course(), 1) . '
        </TD>';
    }
    if ($selection == "*" or strstr($selection, "c")) {
        echo "\n        <TD valign=\"top\" >\n            <strong>Course</strong> : (_cid)" . var_export(claro_get_current_course_id(), 1) . "\n            <br />\n            reset = " . var_export($cidReset, 1) . " | req = " . var_export($cidReq, 1) . "\n            <br />\n            _course : <pre>" . var_export($_course, 1) . "</pre>\n            <br />\n            _groupProperties :\n            <PRE>\n                " . var_export(claro_get_current_group_properties_data(), 1) . "\n            </PRE>\n        </TD>";
    }
    echo '
    </TR>
    <TR>';
    if ($selection == "*" or strstr($selection, "g")) {
        echo '<TD valign="top" ><strong>Group</strong> : (_gid) ' . var_export(claro_get_current_group_id(), 1) . '<br />
        reset = ' . var_export($GLOBALS['gidReset'], 1) . ' | req = ' . var_export($gidReq, 1) . "<br />\n        _group :<pre>" . var_export(claro_get_current_group_data(), 1) . "</pre></TD>";
    }
    if ($selection == "*" or strstr($selection, "t")) {
        echo '<TD valign="top" ><strong>Tool</strong> : (_tid)' . var_export(claro_get_current_tool_id(), 1) . '<br />
        reset = ' . var_export($tidReset, 1) . ' |
        req = ' . var_export($tidReq, 1) . '|
        req = ' . var_export($tlabelReq, 1) . '
        <br />
        _tool :' . var_export(get_init('_tool'), 1) . "</TD>";
    }
    echo "</TR>";
    if ($selection == "*" or strstr($selection, "u") && strstr($selection, "c")) {
        echo '<TR><TD valign="top" colspan="2"><strong>Course-User</strong>';
        if (claro_is_user_authenticated()) {
            echo '<br /><strong>User</strong> :' . var_export(claro_is_in_a_course(), 1);
        }
        if (claro_is_in_a_course()) {
            echo ' in ' . var_export(claro_get_current_course_id(), 1) . '<br />';
        }
        if (claro_is_user_authenticated() && claro_get_current_course_id()) {
            echo '_courseUser            : <pre>' . var_export(getInit('_courseUser'), 1) . '</pre>';
        }
        echo '<br />is_courseMember    : ' . var_export(claro_is_course_member(), 1);
        echo '<br />is_courseAdmin    : ' . var_export(claro_is_course_manager(), 1);
        echo '<br />is_courseAllowed    : ' . var_export(claro_is_course_allowed(), 1);
        echo '<br />is_courseTutor    : ' . var_export(claro_is_course_tutor(), 1);
        echo '</TD></TR>';
    }
    echo "";
    if ($selection == "*" or strstr($selection, "u") && strstr($selection, "g")) {
        echo '<TR><TD valign="top"  colspan="2">' . '<strong>Course-Group-User</strong>';
        if (claro_is_user_authenticated()) {
            echo '<br /><strong>User</strong> :' . var_export(claro_is_in_a_course(), 1);
        }
        if (claro_is_in_a_group()) {
            echo ' in ' . var_export(claro_get_current_group_id(), 1);
        }
        if (claro_is_in_a_group()) {
            echo '<br />_groupUser:'******'_groupUser'), 1);
        }
        echo '<br />is_groupMember:' . var_export(claro_is_group_member(), 1) . '<br />is_groupTutor: ' . var_export(claro_is_group_tutor(), 1) . '<br />is_groupAllowed:' . var_export(claro_is_group_allowed(), 1) . '</TD>' . '</tr>';
    }
    if ($selection == "*" or strstr($selection, "c") && strstr($selection, "t")) {
        echo '<tr>
        <TD valign="top" colspan="2" ><strong>Course-Tool</strong><br />';
        if (claro_get_current_tool_id()) {
            echo 'Tool :' . claro_get_current_tool_id();
        }
        if (claro_is_in_a_course()) {
            echo ' in ' . claro_get_current_course_id() . '<br />';
        }
        if (claro_get_current_tool_id()) {
            echo "_courseTool    : <pre>" . var_export($_courseTool, 1) . '</pre><br />';
        }
        echo 'is_toolAllowed : ' . var_export(claro_is_tool_allowed(), 1);
        echo "</TD>";
    }
    echo "</TR></TABLE>";
}
Exemple #10
0
 * @version 1.11 $Revision: 14405 $
 *
 * @copyright   (c) 2001-2012, Universite catholique de Louvain (UCL)
 *
 * @license http://www.gnu.org/copyleft/gpl.html (GPL) GENERAL PUBLIC LICENSE
 *
 * @author Piraux Sebastien <*****@*****.**>
 * @author Lederer Guillaume <*****@*****.**>
 *
 * @package CLLNP
 * @subpackage navigation
 *
 */
$tlabelReq = 'CLLNP';
require '../../inc/claro_init_global.inc.php';
if (!claro_is_course_allowed()) {
    claro_disp_auth_form();
}
/*
 * DB tables definition
 */
$tbl_cdb_names = claro_sql_get_course_tbl();
$tbl_lp_learnPath = $tbl_cdb_names['lp_learnPath'];
$tbl_lp_rel_learnPath_module = $tbl_cdb_names['lp_rel_learnPath_module'];
$tbl_lp_user_module_progress = $tbl_cdb_names['lp_user_module_progress'];
$tbl_lp_module = $tbl_cdb_names['lp_module'];
$tbl_lp_asset = $tbl_cdb_names['lp_asset'];
$TABLELEARNPATH = $tbl_lp_learnPath;
$TABLEMODULE = $tbl_lp_module;
$TABLELEARNPATHMODULE = $tbl_lp_rel_learnPath_module;
$TABLEASSET = $tbl_lp_asset;
 function getSingleResource($args)
 {
     $tlabelReq = 'MOBILE';
     $thisFile = isset($args['resID']) ? $args['resID'] : null;
     $cid = claro_get_current_course_id();
     if (is_null($cid) || is_null($thisFile)) {
         throw new InvalidArgumentException('Missing cid or resourceId argument!');
     }
     if (claro_is_course_allowed()) {
         /* INITIALISATION
         		 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = */
         $tableName = get_module_main_tbl(array('mobile_tokens'));
         $tableName = $tableName['mobile_tokens'];
         $limit = 5;
         $baseWorkDir = get_path('coursesRepositorySys') . claro_get_course_path($cid) . '/document';
         if (is_dir($baseWorkDir . $thisFile) || is_file($baseWorkDir . $thisFile)) {
             if (is_dir($baseWorkDir . $thisFile)) {
                 if ($is_allowedToEdit || get_conf('cldoc_allowNonManagersToDownloadFolder', true) || get_conf('cldoc_allowNonManagersToDownloadFolder', true) && get_conf('cldoc_allowAnonymousToDownloadFolder', true)) {
                     /*
                      * PREPARE THE FILE COLLECTION
                      */
                     if (!$is_allowedToEdit) {
                         // Build an exclude file list to prevent simple user
                         // to see document contained in "invisible" directories
                         $searchExcludeList = getInvisibleDocumentList($baseWorkDir);
                     } else {
                         $searchExcludeList = array();
                     }
                     $filePathList = claro_search_file(search_string_to_pcre(''), $baseWorkDir . $thisFile, true, 'FILE', $searchExcludeList);
                     /*
                      * BUILD THE ZIP ARCHIVE
                      */
                     require_once get_path('incRepositorySys') . '/lib/thirdparty/pclzip/pclzip.lib.php';
                     // Build archive in tmp course folder
                     $downloadArchivePath = get_conf('cldoc_customTmpPath', '');
                     if (empty($downloadArchivePath)) {
                         $downloadArchivePath = get_path('coursesRepositorySys') . claro_get_course_path() . '/tmp/zip';
                         $downloadArchiveFile = $downloadArchivePath . '/' . uniqid('') . '.zip';
                     } else {
                         $downloadArchiveFile = rtrim($downloadArchivePath, '/') . '/' . claro_get_current_course_id() . '_CLDOC_' . uniqid('') . '.zip';
                     }
                     if (!is_dir($downloadArchivePath)) {
                         mkdir($downloadArchivePath, CLARO_FILE_PERMISSIONS, true);
                     }
                     $downloadArchive = new PclZip($downloadArchiveFile);
                     $downloadArchive->add($filePathList, PCLZIP_OPT_REMOVE_PATH, $baseWorkDir . $thisFile);
                     if (file_exists($downloadArchiveFile)) {
                         $pathInfo = $downloadArchiveFile;
                     } else {
                         throw new RuntimeException('Internal Server Error', 500);
                     }
                 } else {
                     throw new RuntimeException('Not allowed', 403);
                 }
             } elseif (is_file($baseWorkDir . $thisFile)) {
                 require_once get_path('incRepositorySys') . '/lib/file/downloader.lib.php';
                 Claroline::getInstance()->notification->addListener('download', 'trackInCourse');
                 $connectorPath = secure_file_path(get_module_path($tlabelReq) . '/connector/downloader.cnr.php');
                 require_once $connectorPath;
                 $className = $tlabelReq . '_Downloader';
                 $downloader = new $className($tlabelReq, $cid, claro_get_current_user_id());
                 if ($downloader && $downloader->isAllowedToDownload($thisFile)) {
                     $pathInfo = $downloader->getFilePath($thisFile);
                     $pathInfo = secure_file_path($pathInfo);
                     // Check if path exists in course folder
                     if (!file_exists($pathInfo) || is_dir($pathInfo)) {
                         throw new RuntimeException('Resource not found', 404);
                     }
                 } else {
                     throw new RuntimeException('Not allowed', 403);
                 }
             }
             for ($result = $try = 0; $try < $limit && $result < 1; $try++) {
                 /* Create token and register into the db. Retry until the registration complete or fail $limit times.
                 		 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = */
                 $token = bin2hex(openssl_random_pseudo_bytes(15));
                 $sql = 'REPLACE INTO `' . $tableName . '` (`userId`, `token`, `requestedPath`, `requestTime`, `wasFolder`, `canRetry`) ' . 'VALUES (\'' . claro_get_current_user_id() . '\', \'' . $token . '\', \'' . claro_sql_escape($pathInfo) . '\', NOW(), \'' . (is_dir($baseWorkDir . $thisFile) ? 1 : 0) . '\' , \'' . (isset($args['platform']) && $args['platform'] == 'WP' ? 1 : 0) . '\');';
                 $result = Claroline::getDatabase()->exec($sql);
             }
             $response['token'] = $try == $limit ? null : $token;
             return $response;
         } else {
             throw new RuntimeException('Resource not found', 404);
         }
     } else {
         throw new RuntimeException('Not allowed', 403);
     }
 }
Exemple #12
0
        // check if user is in the group that owns the work
        $userCanEdit = array_key_exists($submission->getGroupId(), $userGroupList);
    } elseif ($assignment->getAssignmentType() == 'INDIVIDUAL') {
        // a work is set, assignment is individual, user is authed and the work is his work
        $userCanEdit = (bool) ($submission->getUserId() == claro_get_current_user_id());
    }
} else {
    // user not authed
    // OR a correction has already been made
    $userCanEdit = false;
}
$is_allowedToEdit = (bool) ($uploadDateIsOk && $userCanEdit || $is_allowedToEditAll);
//-- is_allowedToSubmit
if ($assignment->getAssignmentType() == 'INDIVIDUAL') {
    // user is authed and allowed
    $userCanPost = (bool) (claro_is_user_authenticated() && claro_is_course_allowed() && $_REQUEST['authId'] == claro_get_current_user_id());
} else {
    $userCanPost = (bool) (!empty($userGroupList) && isset($userGroupList[$_REQUEST['authId']]));
}
$is_allowedToSubmit = (bool) ($assignmentIsVisible && $uploadDateIsOk && $userCanPost) || $is_allowedToEditAll;
/*============================================================================
                          HANDLING FORM DATA
  =============================================================================*/
// execute this after a form has been send
// this instruction bloc will set some vars that will be used in the corresponding queries
// $wrkForm['filename'] , $wrkForm['wrkTitle'] , $wrkForm['authors'] ...
if ($cmd == 'exDownload') {
    $workId = isset($_REQUEST['workId']) ? $_REQUEST['workId'] : null;
    $submission = new Submission();
    if ($submission->load($workId)) {
        $submissionUserId = $submission->getUserId();
Exemple #13
0
 * @version     $Revision: 13348 $
 * @copyright   (c) 2001-2011, Universite catholique de Louvain (UCL)
 * @author      Claroline Team <*****@*****.**>
 * @author      Frederic Minne <*****@*****.**>
 * @license     http://www.gnu.org/copyleft/gpl.html
 *              GNU GENERAL PUBLIC LICENSE version 2.0
 * @package     KERNEL
 */
require dirname(__FILE__) . '/../inc/claro_init_global.inc.php';
require_once get_path('includePath') . '/lib/thumbnails.lib.php';
require_once get_path('includePath') . '/lib/fileManage.lib.php';
require_once get_path('includePath') . '/lib/file.lib.php';
if (claro_is_in_a_group() && claro_is_group_allowed()) {
    $documentRootDir = get_path('coursesRepositorySys') . claro_get_course_path() . '/group/' . claro_get_current_group_data('directory');
    $thumbnailsDirectory = get_path('coursesRepositorySys') . claro_get_course_path() . '/tmp/thumbs/' . claro_get_current_group_data('directory');
} elseif (claro_is_in_a_course() && claro_is_course_allowed()) {
    $documentRootDir = get_path('coursesRepositorySys') . claro_get_course_path() . '/document';
    $thumbnailsDirectory = get_path('coursesRepositorySys') . claro_get_course_path() . '/tmp/thumbs';
} else {
    header('HTTP/1.1 403 Forbidden');
    exit;
}
$image = array_key_exists('img', $_REQUEST) ? secure_file_path($_REQUEST['img']) : null;
if (is_null($image)) {
    header('HTTP/1.1 403 Forbidden');
    exit;
}
$imagePath = $documentRootDir . $image;
if (file_exists($imagePath)) {
    list($width, $height, $type, $attr) = getimagesize($imagePath);
    $thumbWidth = 75;