public function isAllowedToDownload($requestedUrl)
{
if (!$this->isModuleAllowed()) {
return false;
}
if (claro_is_in_a_course()) {
if (!claro_is_course_allowed()) {
pushClaroMessage('course not allowed', 'debug');
return false;
} else {
if (claro_is_in_a_group()) {
if (!claro_is_group_allowed()) {
pushClaroMessage('group not allowed', 'debug');
return false;
} else {
return true;
}
} else {
return $this->isDocumentDownloadableInCourse($requestedUrl);
}
}
} else {
return false;
}
}
public function isAllowedToDownload($requestedUrl)
{
$fromCLLNP = isset($_SESSION['fromCLLNP']) && $_SESSION['fromCLLNP'] === true ? true : false;
// unset CLLNP mode
unset($_SESSION['fromCLLNP']);
if (!$fromCLLNP || !$this->isModuleAllowed()) {
return false;
}
if (claro_is_in_a_course()) {
if (!claro_is_course_allowed()) {
pushClaroMessage('course not allowed', 'debug');
return false;
} else {
return $this->isDocumentDownloadableInCourse($requestedUrl);
}
} else {
return false;
}
}
<?php
// $Id: question_pool.php 14420 2013-04-12 12:22:30Z zefredz $
/**
* CLAROLINE
*
* @version $Revision: 14420 $
* @copyright (c) 2001-2011, Universite catholique de Louvain (UCL)
* @license http://www.gnu.org/copyleft/gpl.html (GPL) GENERAL PUBLIC LICENSE
* @author Claro Team <*****@*****.**>
*/
$tlabelReq = 'CLQWZ';
require '../../inc/claro_init_global.inc.php';
if (!claro_is_in_a_course() || !claro_is_course_allowed()) {
claro_disp_auth_form(true);
}
$is_allowedToEdit = claro_is_allowed_to_edit();
// courseadmin reserved page
if (!$is_allowedToEdit) {
header("Location: " . Url::Contextualize("../exercise.php"));
exit;
}
require_once '../lib/add_missing_table.lib.php';
init_qwz_questions_categories();
// tool libraries
include_once '../lib/exercise.class.php';
include_once '../lib/question.class.php';
include_once '../lib/exercise.lib.php';
// claroline libraries
include_once get_path('incRepositorySys') . '/lib/form.lib.php';
include_once get_path('incRepositorySys') . '/lib/pager.lib.php';
}
/*============================================================================
Permissions
============================================================================*/
$assignmentIsVisible = (bool) ($assignment->getVisibility() == 'VISIBLE');
$is_allowedToEditAll = (bool) claro_is_allowed_to_edit();
if (!$assignmentIsVisible && !$is_allowedToEditAll) {
// if assignment is not visible and user is not course admin or upper
claro_redirect(Url::Contextualize('work.php'));
exit;
}
// upload or update is allowed between start and end date or after end date if late upload is allowed
$uploadDateIsOk = $assignment->isUploadDateOk();
if ($assignment->getAssignmentType() == 'INDIVIDUAL') {
// user is authed and allowed
$userCanPost = (bool) (claro_is_user_authenticated() && claro_is_course_allowed() && claro_is_course_member());
} else {
$userGroupList = get_user_group_list(claro_get_current_user_id());
// check if user is member of at least one group
$userCanPost = (bool) (!empty($userGroupList));
}
$is_allowedToSubmit = (bool) ($assignmentIsVisible && $uploadDateIsOk && $userCanPost) || $is_allowedToEditAll;
/*============================================================================
Update notification
============================================================================*/
if (claro_is_user_authenticated()) {
// call this function to set the __assignment__ as seen, all the submission as seen
$claro_notifier->is_a_notified_ressource(claro_get_current_course_id(), $claro_notifier->get_notification_date(claro_get_current_user_id()), claro_get_current_user_id(), claro_get_current_group_id(), claro_get_current_tool_id(), $req['assignmentId']);
}
/*============================================================================
Prepare List
* @copyright (c) 2001-2011, Universite catholique de Louvain (UCL)
*
* @license http://www.gnu.org/copyleft/gpl.html (GPL) GENERAL PUBLIC LICENSE
*
* @see http://www.claroline.net/wiki/index.php/CLCHT
*
* @package CLCHT
*
* @author Claro Team <*****@*****.**>
* @author Christophe Gesche <*****@*****.**>
* @copyright (c) 2001-2011, Universite catholique de Louvain (UCL)
*
*/
$tlabelReq = 'CLCHT';
require '../inc/claro_init_global.inc.php';
if (!claro_is_in_a_course() || !claro_is_course_allowed() && !claro_is_user_authenticated()) {
claro_disp_auth_form(true);
}
$_course = claro_get_current_course_data();
$nameTools = get_lang('Chat');
$titlePage = '';
if (!empty($nameTools)) {
$titlePage .= $nameTools . ' - ';
}
if (!empty($_course['officialCode'])) {
$titlePage .= $_course['officialCode'] . ' - ';
}
$titlePage .= get_conf('siteName');
// Redirect previously sent paramaters in the correct subframe (messageList.php)
$paramList = array();
if (isset($_REQUEST['gidReset']) && $_REQUEST['gidReset'] == TRUE) {
claro_disp_auth_form(true);
} else {
claro_die(get_lang("Not allowed"));
}
}
// display mode
claro_set_display_mode_available(TRUE);
// check and set user access level for the tool
// set admin mode and groupId
$is_allowedToAdmin = claro_is_allowed_to_edit();
if (claro_is_in_a_group() && claro_is_group_allowed()) {
// group context
$groupId = (int) claro_get_current_group_id();
} elseif (claro_is_in_a_group() && !claro_is_group_allowed()) {
claro_die(get_lang("Not allowed"));
} elseif (claro_is_course_allowed()) {
// course context
$groupId = 0;
} else {
claro_disp_auth_form();
}
// require wiki files
require_once "lib/class.wiki.php";
require_once "lib/class.wikistore.php";
require_once "lib/class.wikipage.php";
require_once "lib/lib.requestfilter.php";
require_once "lib/lib.wikisql.php";
require_once "lib/lib.javascript.php";
require_once "lib/lib.wikidisplay.php";
$dialogBox = new DialogBox();
// filter request variables
}
$calType = array_key_exists('calFormat', $_REQUEST) && array_key_exists($_REQUEST['calFormat'], $formatList) ? $_REQUEST['calFormat'] : get_conf('calType', 'ics');
// need to be in a course
if (!claro_is_in_a_course()) {
die('<form >cidReq = <input name="cidReq" type="text" /><input type="submit" /></form>');
}
if (!$_course['visibility'] && !claro_is_course_allowed()) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="' . get_lang('iCal feed for %course', array('%course' => $_course['name'])) . '"');
header('HTTP/1.0 401 Unauthorized');
echo '<h2>' . get_lang('You need to be authenticated with your %sitename account', array('%sitename' => $siteName)) . '</h2>' . '<a href="index.php?cidReq=' . claro_get_current_course_id() . '">' . get_lang('Retry') . '</a>';
exit;
} else {
if (get_magic_quotes_gpc()) {
$_REQUEST['login'] = stripslashes($_SERVER['PHP_AUTH_USER']);
$_REQUEST['password'] = stripslashes($_SERVER['PHP_AUTH_PW']);
} else {
$_REQUEST['login'] = $_SERVER['PHP_AUTH_USER'];
$_REQUEST['password'] = $_SERVER['PHP_AUTH_PW'];
}
require '../inc/claro_init_local.inc.php';
if (!$_course['visibility'] && !claro_is_course_allowed()) {
header('WWW-Authenticate: Basic realm="' . get_lang('iCal feed for %course', array('%course' => $_course['name'])) . '"');
header('HTTP/1.0 401 Unauthorized');
echo '<h2>' . get_lang('You need to be authenticated with your %sitename account', array('%sitename' => $siteName)) . '</h2>' . '<a href="index.php?cidReq=' . claro_get_current_course_id() . '">' . get_lang('Retry') . '</a>';
exit;
}
}
}
// OK TO SEND FEED
claro_send_file(buildICal(array(CLARO_CONTEXT_COURSE => claro_get_current_course_id()), $calType));
$courseList = claro_sql_query_fetch_all($sql);
$template = new CoreTemplate('select_course_form.tpl.php');
$template->assign('formAction', $_SERVER['PHP_SELF']);
$template->assign('sourceUrl', $sourceUrl);
$template->assign('sourceCid', $sourceCid);
$template->assign('sourceGid', $sourceGid);
$template->assign('cidRequired', $cidRequired);
$template->assign('courseList', $courseList);
$claroline->display->body->appendContent($template->render());
echo $claroline->display->render();
} else {
if (!isset($userLoggedOnCas)) {
$userLoggedOnCas = false;
}
$claroline->notifier->event('user_login', array('data' => array('ip' => $_SERVER['REMOTE_ADDR'])));
if (claro_is_in_a_course() && !claro_is_course_allowed()) {
$out = '';
if ($_course['registrationAllowed']) {
if (claro_is_user_authenticated()) {
if (claro_is_current_user_enrolment_pending()) {
// enrolment pending message displayed by body.tpl
} else {
// Display link to student to enrol to this course
$out .= '<p align="center">' . "\n" . get_lang('Your user profile doesn\'t seem to be enrolled on this course') . '<br />' . get_lang('If you wish to enrol on this course') . ' : ' . ' <a href="' . get_path('clarolineRepositoryWeb') . 'auth/courses.php?cmd=exReg&course=' . urlencode(claro_get_current_course_id()) . '">' . get_lang('Enrolment') . '</a>' . "\n" . '</p>' . "\n";
}
} elseif (get_conf('allowSelfReg')) {
// Display a link to anonymous to register on the platform
$out .= '<p align="center">' . "\n" . get_lang('Create first a user account on this platform') . ' : ' . '<a href="' . get_path('clarolineRepositoryWeb') . 'auth/inscription.php">' . get_lang('Go to the account creation page') . '</a>' . "\n" . '</p>' . "\n";
} else {
// Anonymous cannot register on the platform
$out .= '<p align="center">' . "\n" . get_lang('Registration not allowed on the platform') . '</p>' . "\n";
function printInit($selection = "*")
{
global $uidReset, $cidReset, $gidReset, $tidReset, $uidReq, $cidReq, $gidReq, $tidReq, $tlabelReq, $_user, $_course, $_groupUser, $_courseTool, $_SESSION, $_claro_local_run;
if ($_claro_local_run) {
echo "local init runned";
} else {
echo '<font color="red"> local init never runned during this script </font>';
}
echo '
<table width="100%" border="1" cellspacing="4" cellpadding="1" bordercolor="#808080" bgcolor="#C0C0C0" lang="en">
<TR>';
if ($selection == "*" or strstr($selection, "u")) {
echo '
<TD valign="top" >
<strong>User</strong> :
(_uid) : ' . var_export(claro_get_current_user_id(), 1) . ' |
(session[_uid]) : ' . var_export($_SESSION["_uid"], 1) . '
<br />
reset = ' . var_export($uidReset, 1) . ' |
req = ' . var_export($uidReq, 1) . '<br />
_user : <pre>' . var_export($_user, 1) . '</pre>
<br />is_platformAdmin :' . var_export(claro_is_platform_admin(), 1) . '
<br />is_allowedCreateCourse :' . var_export(claro_is_allowed_to_create_course(), 1) . '
</TD>';
}
if ($selection == "*" or strstr($selection, "c")) {
echo "\n <TD valign=\"top\" >\n <strong>Course</strong> : (_cid)" . var_export(claro_get_current_course_id(), 1) . "\n <br />\n reset = " . var_export($cidReset, 1) . " | req = " . var_export($cidReq, 1) . "\n <br />\n _course : <pre>" . var_export($_course, 1) . "</pre>\n <br />\n _groupProperties :\n <PRE>\n " . var_export(claro_get_current_group_properties_data(), 1) . "\n </PRE>\n </TD>";
}
echo '
</TR>
<TR>';
if ($selection == "*" or strstr($selection, "g")) {
echo '<TD valign="top" ><strong>Group</strong> : (_gid) ' . var_export(claro_get_current_group_id(), 1) . '<br />
reset = ' . var_export($GLOBALS['gidReset'], 1) . ' | req = ' . var_export($gidReq, 1) . "<br />\n _group :<pre>" . var_export(claro_get_current_group_data(), 1) . "</pre></TD>";
}
if ($selection == "*" or strstr($selection, "t")) {
echo '<TD valign="top" ><strong>Tool</strong> : (_tid)' . var_export(claro_get_current_tool_id(), 1) . '<br />
reset = ' . var_export($tidReset, 1) . ' |
req = ' . var_export($tidReq, 1) . '|
req = ' . var_export($tlabelReq, 1) . '
<br />
_tool :' . var_export(get_init('_tool'), 1) . "</TD>";
}
echo "</TR>";
if ($selection == "*" or strstr($selection, "u") && strstr($selection, "c")) {
echo '<TR><TD valign="top" colspan="2"><strong>Course-User</strong>';
if (claro_is_user_authenticated()) {
echo '<br /><strong>User</strong> :' . var_export(claro_is_in_a_course(), 1);
}
if (claro_is_in_a_course()) {
echo ' in ' . var_export(claro_get_current_course_id(), 1) . '<br />';
}
if (claro_is_user_authenticated() && claro_get_current_course_id()) {
echo '_courseUser : <pre>' . var_export(getInit('_courseUser'), 1) . '</pre>';
}
echo '<br />is_courseMember : ' . var_export(claro_is_course_member(), 1);
echo '<br />is_courseAdmin : ' . var_export(claro_is_course_manager(), 1);
echo '<br />is_courseAllowed : ' . var_export(claro_is_course_allowed(), 1);
echo '<br />is_courseTutor : ' . var_export(claro_is_course_tutor(), 1);
echo '</TD></TR>';
}
echo "";
if ($selection == "*" or strstr($selection, "u") && strstr($selection, "g")) {
echo '<TR><TD valign="top" colspan="2">' . '<strong>Course-Group-User</strong>';
if (claro_is_user_authenticated()) {
echo '<br /><strong>User</strong> :' . var_export(claro_is_in_a_course(), 1);
}
if (claro_is_in_a_group()) {
echo ' in ' . var_export(claro_get_current_group_id(), 1);
}
if (claro_is_in_a_group()) {
echo '<br />_groupUser:'******'_groupUser'), 1);
}
echo '<br />is_groupMember:' . var_export(claro_is_group_member(), 1) . '<br />is_groupTutor: ' . var_export(claro_is_group_tutor(), 1) . '<br />is_groupAllowed:' . var_export(claro_is_group_allowed(), 1) . '</TD>' . '</tr>';
}
if ($selection == "*" or strstr($selection, "c") && strstr($selection, "t")) {
echo '<tr>
<TD valign="top" colspan="2" ><strong>Course-Tool</strong><br />';
if (claro_get_current_tool_id()) {
echo 'Tool :' . claro_get_current_tool_id();
}
if (claro_is_in_a_course()) {
echo ' in ' . claro_get_current_course_id() . '<br />';
}
if (claro_get_current_tool_id()) {
echo "_courseTool : <pre>" . var_export($_courseTool, 1) . '</pre><br />';
}
echo 'is_toolAllowed : ' . var_export(claro_is_tool_allowed(), 1);
echo "</TD>";
}
echo "</TR></TABLE>";
}
* @version 1.11 $Revision: 14405 $
*
* @copyright (c) 2001-2012, Universite catholique de Louvain (UCL)
*
* @license http://www.gnu.org/copyleft/gpl.html (GPL) GENERAL PUBLIC LICENSE
*
* @author Piraux Sebastien <*****@*****.**>
* @author Lederer Guillaume <*****@*****.**>
*
* @package CLLNP
* @subpackage navigation
*
*/
$tlabelReq = 'CLLNP';
require '../../inc/claro_init_global.inc.php';
if (!claro_is_course_allowed()) {
claro_disp_auth_form();
}
/*
* DB tables definition
*/
$tbl_cdb_names = claro_sql_get_course_tbl();
$tbl_lp_learnPath = $tbl_cdb_names['lp_learnPath'];
$tbl_lp_rel_learnPath_module = $tbl_cdb_names['lp_rel_learnPath_module'];
$tbl_lp_user_module_progress = $tbl_cdb_names['lp_user_module_progress'];
$tbl_lp_module = $tbl_cdb_names['lp_module'];
$tbl_lp_asset = $tbl_cdb_names['lp_asset'];
$TABLELEARNPATH = $tbl_lp_learnPath;
$TABLEMODULE = $tbl_lp_module;
$TABLELEARNPATHMODULE = $tbl_lp_rel_learnPath_module;
$TABLEASSET = $tbl_lp_asset;
function getSingleResource($args)
{
$tlabelReq = 'MOBILE';
$thisFile = isset($args['resID']) ? $args['resID'] : null;
$cid = claro_get_current_course_id();
if (is_null($cid) || is_null($thisFile)) {
throw new InvalidArgumentException('Missing cid or resourceId argument!');
}
if (claro_is_course_allowed()) {
/* INITIALISATION
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = */
$tableName = get_module_main_tbl(array('mobile_tokens'));
$tableName = $tableName['mobile_tokens'];
$limit = 5;
$baseWorkDir = get_path('coursesRepositorySys') . claro_get_course_path($cid) . '/document';
if (is_dir($baseWorkDir . $thisFile) || is_file($baseWorkDir . $thisFile)) {
if (is_dir($baseWorkDir . $thisFile)) {
if ($is_allowedToEdit || get_conf('cldoc_allowNonManagersToDownloadFolder', true) || get_conf('cldoc_allowNonManagersToDownloadFolder', true) && get_conf('cldoc_allowAnonymousToDownloadFolder', true)) {
/*
* PREPARE THE FILE COLLECTION
*/
if (!$is_allowedToEdit) {
// Build an exclude file list to prevent simple user
// to see document contained in "invisible" directories
$searchExcludeList = getInvisibleDocumentList($baseWorkDir);
} else {
$searchExcludeList = array();
}
$filePathList = claro_search_file(search_string_to_pcre(''), $baseWorkDir . $thisFile, true, 'FILE', $searchExcludeList);
/*
* BUILD THE ZIP ARCHIVE
*/
require_once get_path('incRepositorySys') . '/lib/thirdparty/pclzip/pclzip.lib.php';
// Build archive in tmp course folder
$downloadArchivePath = get_conf('cldoc_customTmpPath', '');
if (empty($downloadArchivePath)) {
$downloadArchivePath = get_path('coursesRepositorySys') . claro_get_course_path() . '/tmp/zip';
$downloadArchiveFile = $downloadArchivePath . '/' . uniqid('') . '.zip';
} else {
$downloadArchiveFile = rtrim($downloadArchivePath, '/') . '/' . claro_get_current_course_id() . '_CLDOC_' . uniqid('') . '.zip';
}
if (!is_dir($downloadArchivePath)) {
mkdir($downloadArchivePath, CLARO_FILE_PERMISSIONS, true);
}
$downloadArchive = new PclZip($downloadArchiveFile);
$downloadArchive->add($filePathList, PCLZIP_OPT_REMOVE_PATH, $baseWorkDir . $thisFile);
if (file_exists($downloadArchiveFile)) {
$pathInfo = $downloadArchiveFile;
} else {
throw new RuntimeException('Internal Server Error', 500);
}
} else {
throw new RuntimeException('Not allowed', 403);
}
} elseif (is_file($baseWorkDir . $thisFile)) {
require_once get_path('incRepositorySys') . '/lib/file/downloader.lib.php';
Claroline::getInstance()->notification->addListener('download', 'trackInCourse');
$connectorPath = secure_file_path(get_module_path($tlabelReq) . '/connector/downloader.cnr.php');
require_once $connectorPath;
$className = $tlabelReq . '_Downloader';
$downloader = new $className($tlabelReq, $cid, claro_get_current_user_id());
if ($downloader && $downloader->isAllowedToDownload($thisFile)) {
$pathInfo = $downloader->getFilePath($thisFile);
$pathInfo = secure_file_path($pathInfo);
// Check if path exists in course folder
if (!file_exists($pathInfo) || is_dir($pathInfo)) {
throw new RuntimeException('Resource not found', 404);
}
} else {
throw new RuntimeException('Not allowed', 403);
}
}
for ($result = $try = 0; $try < $limit && $result < 1; $try++) {
/* Create token and register into the db. Retry until the registration complete or fail $limit times.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = */
$token = bin2hex(openssl_random_pseudo_bytes(15));
$sql = 'REPLACE INTO `' . $tableName . '` (`userId`, `token`, `requestedPath`, `requestTime`, `wasFolder`, `canRetry`) ' . 'VALUES (\'' . claro_get_current_user_id() . '\', \'' . $token . '\', \'' . claro_sql_escape($pathInfo) . '\', NOW(), \'' . (is_dir($baseWorkDir . $thisFile) ? 1 : 0) . '\' , \'' . (isset($args['platform']) && $args['platform'] == 'WP' ? 1 : 0) . '\');';
$result = Claroline::getDatabase()->exec($sql);
}
$response['token'] = $try == $limit ? null : $token;
return $response;
} else {
throw new RuntimeException('Resource not found', 404);
}
} else {
throw new RuntimeException('Not allowed', 403);
}
}
// check if user is in the group that owns the work
$userCanEdit = array_key_exists($submission->getGroupId(), $userGroupList);
} elseif ($assignment->getAssignmentType() == 'INDIVIDUAL') {
// a work is set, assignment is individual, user is authed and the work is his work
$userCanEdit = (bool) ($submission->getUserId() == claro_get_current_user_id());
}
} else {
// user not authed
// OR a correction has already been made
$userCanEdit = false;
}
$is_allowedToEdit = (bool) ($uploadDateIsOk && $userCanEdit || $is_allowedToEditAll);
//-- is_allowedToSubmit
if ($assignment->getAssignmentType() == 'INDIVIDUAL') {
// user is authed and allowed
$userCanPost = (bool) (claro_is_user_authenticated() && claro_is_course_allowed() && $_REQUEST['authId'] == claro_get_current_user_id());
} else {
$userCanPost = (bool) (!empty($userGroupList) && isset($userGroupList[$_REQUEST['authId']]));
}
$is_allowedToSubmit = (bool) ($assignmentIsVisible && $uploadDateIsOk && $userCanPost) || $is_allowedToEditAll;
/*============================================================================
HANDLING FORM DATA
=============================================================================*/
// execute this after a form has been send
// this instruction bloc will set some vars that will be used in the corresponding queries
// $wrkForm['filename'] , $wrkForm['wrkTitle'] , $wrkForm['authors'] ...
if ($cmd == 'exDownload') {
$workId = isset($_REQUEST['workId']) ? $_REQUEST['workId'] : null;
$submission = new Submission();
if ($submission->load($workId)) {
$submissionUserId = $submission->getUserId();
* @version $Revision: 13348 $
* @copyright (c) 2001-2011, Universite catholique de Louvain (UCL)
* @author Claroline Team <*****@*****.**>
* @author Frederic Minne <*****@*****.**>
* @license http://www.gnu.org/copyleft/gpl.html
* GNU GENERAL PUBLIC LICENSE version 2.0
* @package KERNEL
*/
require dirname(__FILE__) . '/../inc/claro_init_global.inc.php';
require_once get_path('includePath') . '/lib/thumbnails.lib.php';
require_once get_path('includePath') . '/lib/fileManage.lib.php';
require_once get_path('includePath') . '/lib/file.lib.php';
if (claro_is_in_a_group() && claro_is_group_allowed()) {
$documentRootDir = get_path('coursesRepositorySys') . claro_get_course_path() . '/group/' . claro_get_current_group_data('directory');
$thumbnailsDirectory = get_path('coursesRepositorySys') . claro_get_course_path() . '/tmp/thumbs/' . claro_get_current_group_data('directory');
} elseif (claro_is_in_a_course() && claro_is_course_allowed()) {
$documentRootDir = get_path('coursesRepositorySys') . claro_get_course_path() . '/document';
$thumbnailsDirectory = get_path('coursesRepositorySys') . claro_get_course_path() . '/tmp/thumbs';
} else {
header('HTTP/1.1 403 Forbidden');
exit;
}
$image = array_key_exists('img', $_REQUEST) ? secure_file_path($_REQUEST['img']) : null;
if (is_null($image)) {
header('HTTP/1.1 403 Forbidden');
exit;
}
$imagePath = $documentRootDir . $image;
if (file_exists($imagePath)) {
list($width, $height, $type, $attr) = getimagesize($imagePath);
$thumbWidth = 75;