function pieform_element_filebrowser_upload(Pieform $form, $element, $data) { global $USER; $parentfolder = $data['uploadfolder'] ? (int) $data['uploadfolder'] : null; $institution = !empty($element['institution']) ? $element['institution'] : $form->get_property('institution'); $group = !empty($element['group']) ? $element['group'] : $form->get_property('group'); if (get_config('licensemetadata')) { $license = $data['license']; $licensor = $data['licensor']; $licensorurl = $data['licensorurl']; } $uploadnumber = (int) $data['uploadnumber']; $editable = (int) $element['config']['edit']; $selectable = (int) $element['config']['select']; $querybase = $element['page'] . (strpos($element['page'], '?') === false ? '?' : '&'); $prefix = $form->get_name() . '_' . $element['name']; $userfileindex = isset($data['userfileindex']) ? $data['userfileindex'] : null; $resizeonuploadenable = get_config_plugin('artefact', 'file', 'resizeonuploadenable'); $resizeonuploaduseroption = get_config_plugin('artefact', 'file', 'resizeonuploaduseroption'); $resizeonuploaduserenable = (int) $data['resizeonuploaduserenable']; $result = array('error' => false, 'uploadnumber' => $uploadnumber); if ($parentfolder == 0) { $parentfolder = null; } $data = new StdClass(); $data->parent = $parentfolder; $data->owner = $data->group = $data->institution = null; if (get_config('licensemetadata')) { $data->license = $license; $data->licensor = $licensor; $data->licensorurl = $licensorurl; } if ($parentfolder) { $parentartefact = artefact_instance_from_id($parentfolder); if (!$USER->can_edit_artefact($parentartefact)) { $result['error'] = true; $result['message'] = get_string('cannoteditfolder', 'artefact.file'); return $result; } else { if ($parentartefact->get('locked')) { $result['error'] = true; $result['message'] = get_string('cannoteditfoldersubmitted', 'artefact.file'); return $result; } } $parentfoldername = $parentartefact->get('title'); } else { $parentfoldername = null; } if ($institution) { if (!$USER->can_edit_institution($institution)) { $result['error'] = true; $result['message'] = get_string('notadminforinstitution', 'admin'); return $result; } $data->institution = $institution; } else { if ($group) { if (!group_within_edit_window($group)) { return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file')); } if (!$parentfolder) { if (!pieform_element_filebrowser_edit_group_folder($group, 0)) { return array('error' => true, 'message' => get_string('cannoteditfolder', 'artefact.file')); } } $data->group = $group; } else { $data->owner = $USER->get('id'); } } $data->container = 0; if (isset($userfileindex)) { $originalname = $_FILES['userfile']['name'][$userfileindex]; } else { $originalname = $_FILES['userfile']['name']; } $originalname = $originalname ? basename($originalname) : get_string('file', 'artefact.file'); $data->title = ArtefactTypeFileBase::get_new_file_title($originalname, $parentfolder, $data->owner, $group, $institution); // Overwrite image file with resized version if required $resized = false; $resizeattempted = false; // resize specified if (resizing is enabled AND user has enabled resizing) OR (resizing is enabled AND user is not given an option to enable/disable) if ($resizeonuploadenable && $resizeonuploaduserenable || $resizeonuploadenable && !$resizeonuploaduseroption) { require_once 'file.php'; require_once 'imageresizer.php'; $file = $_FILES['userfile']; if (isset($userfileindex)) { $tmpname = $file['tmp_name'][$userfileindex]; } else { $tmpname = $file['tmp_name']; } if (is_image_file($tmpname)) { $imageinfo = getimagesize($tmpname); $mimetype = $imageinfo['mime']; $width = $imageinfo[0]; $height = $imageinfo[1]; $bmptypes = array('image/bmp', 'image/x-bmp', 'image/ms-bmp', 'image/x-ms-bmp'); // resize image if necessary $resizeonuploadmaxwidth = get_config_plugin('artefact', 'file', 'resizeonuploadmaxwidth'); $resizeonuploadmaxheight = get_config_plugin('artefact', 'file', 'resizeonuploadmaxheight'); // Don't support bmps for now if (($width > $resizeonuploadmaxwidth || $height > $resizeonuploadmaxheight) && !in_array($mimetype, $bmptypes)) { $resizeattempted = true; $imgrs = new ImageResizer($tmpname, $mimetype); $img = $imgrs->get_image(); if (!empty($img)) { $imgrs->resize_image(array('w' => $resizeonuploadmaxwidth, 'h' => $resizeonuploadmaxheight), $mimetype); //auto $saveresize = $imgrs->save_image($tmpname, $mimetype, 85); if (!$saveresize) { return array('error' => true, 'message' => get_string('problemresizing', 'artefact.file')); } $resized = true; } } } } try { $newid = ArtefactTypeFile::save_uploaded_file('userfile', $data, $userfileindex, $resized); } catch (QuotaExceededException $e) { prepare_upload_failed_message($result, $e, $parentfoldername, $originalname); // update the file listing if (defined('GROUP')) { $group = group_current_group(); $result['quota'] = $group->quota; $result['quotaused'] = $group->quotaused; } else { $result['quota'] = $USER->get('quota'); $result['quotaused'] = $USER->get('quotaused'); } $result['newlist'] = pieform_element_filebrowser_build_filelist($form, $element, $parentfolder, null, $data->owner, $data->group, $data->institution); return $result; } catch (UploadException $e) { prepare_upload_failed_message($result, $e, $parentfoldername, $originalname); if (defined('GROUP')) { $group = group_current_group(); $result['quota'] = $group->quota; $result['quotaused'] = $group->quotaused; } return $result; } // Upload succeeded if (isset($element['filters'])) { $artefacttypes = isset($element['filters']['artefacttype']) ? $element['filters']['artefacttype'] : null; $filetypes = isset($element['filters']['filetype']) ? $element['filters']['filetype'] : null; if (!empty($artefacttypes) || !empty($filetypes)) { // Need to check the artefacttype or filetype (mimetype) of the uploaded file. $file = artefact_instance_from_id($newid); if (is_array($artefacttypes) && !in_array($file->get('artefacttype'), $artefacttypes) || is_array($filetypes) && !in_array($file->get('filetype'), $filetypes)) { $result['error'] = true; $result['uploaded'] = true; $result['message'] = get_string('wrongfiletypeforblock', 'artefact.file'); return $result; } } } if ($parentfoldername) { if ($data->title == $originalname) { $result['message'] = get_string('uploadoffiletofoldercomplete', 'artefact.file', $originalname, $parentfoldername); } else { $result['message'] = get_string('fileuploadedtofolderas', 'artefact.file', $originalname, $parentfoldername, $data->title); } } else { if ($data->title == $originalname) { $result['message'] = get_string('uploadoffilecomplete', 'artefact.file', $originalname); } else { $result['message'] = get_string('fileuploadedas', 'artefact.file', $originalname, $data->title); } } if ($resizeattempted && !$resized) { $result['message'] .= get_string('insufficientmemoryforresize', 'artefact.file'); } $result['highlight'] = $newid; $artefact = artefact_instance_from_id($newid); $result['artefacttype'] = $artefact->get('artefacttype'); $result['uploaded'] = true; $result['newlist'] = pieform_element_filebrowser_build_filelist($form, $element, $parentfolder, $newid, $data->owner, $data->group, $data->institution); if (defined('GROUP')) { $group = group_current_group(false); $result['quota'] = $group->quota; $result['quotaused'] = $group->quotaused; } else { $result['quota'] = $USER->get('quota'); $result['quotaused'] = $USER->get('quotaused'); } $result['maxuploadsize'] = display_size(get_max_upload_size(!$institution && !$group)); return $result; }
/** * Grab a delegate object for auth stuff */ public function request_user_authorise($token, $remotewwwroot) { global $USER, $SESSION; $this->must_be_ready(); $peer = get_peer($remotewwwroot); if ($peer->deleted != 0 || $this->config['theyssoin'] != 1) { throw new XmlrpcClientException('We don\'t accept SSO connections from ' . institution_display_name($peer->institution)); } $client = new Client(); $client->set_method('auth/mnet/auth.php/user_authorise')->add_param($token)->add_param(sha1($_SERVER['HTTP_USER_AGENT']))->send($remotewwwroot); $remoteuser = (object) $client->response; if (empty($remoteuser) or !property_exists($remoteuser, 'username')) { // Caught by land.php throw new AccessDeniedException(); } $create = false; $update = false; if ('1' == $this->config['updateuserinfoonlogin']) { $update = true; } // Retrieve a $user object. If that fails, create a blank one. try { $user = new User(); if (get_config('usersuniquebyusername')) { // When turned on, this setting means that it doesn't matter // which other application the user SSOs from, they will be // given the same account in Mahara. // // This setting is one that has security implications unless // only turned on by people who know what they're doing. In // particular, every system linked to Mahara should be making // sure that same username == same person. This happens for // example if two Moodles are using the same LDAP server for // authentication. // // If this setting is on, it must NOT be possible to self // register on the site for ANY institution - otherwise users // could simply pick usernames of people's accounts they wished // to steal. if ($institutions = get_column('institution', 'name', 'registerallowed', '1')) { log_warn("usersuniquebyusername is turned on but registration is allowed for an institution. " . "No institution can have registration allowed for it, for security reasons.\n" . "The following institutions have registration enabled:\n " . join("\n ", $institutions)); throw new AccessDeniedException(); } if (!get_config('usersallowedmultipleinstitutions')) { log_warn("usersuniquebyusername is turned on but usersallowedmultipleinstitutions is off. " . "This makes no sense, as users will then change institution every time they log in from " . "somewhere else. Please turn this setting on in Site Options"); throw new AccessDeniedException(); } $user->find_by_username($remoteuser->username); } else { $user->find_by_instanceid_username($this->instanceid, $remoteuser->username, true); } if ($user->get('suspendedcusr')) { die_info(get_string('accountsuspended', 'mahara', strftime(get_string('strftimedaydate'), $user->get('suspendedctime')), $user->get('suspendedreason'))); } } catch (AuthUnknownUserException $e) { if (!empty($this->config['weautocreateusers'])) { $institution = new Institution($this->institution); if ($institution->isFull()) { $institution->send_admin_institution_is_full_message(); throw new XmlrpcClientException('SSO attempt from ' . $institution->displayname . ' failed - institution is full'); } $user = new User(); $create = true; } else { log_debug("User authorisation request from {$remotewwwroot} failed - " . "remote user '{$remoteuser->username}' is unknown to us and auto creation of users is turned off"); return false; } } /*******************************************/ if ($create) { $user->passwordchange = 1; $user->active = 1; $user->deleted = 0; //TODO: import institution's expiry?: //$institution = new Institution($peer->institution); $user->expiry = null; $user->expirymailsent = 0; $user->lastlogin = time(); $user->firstname = $remoteuser->firstname; $user->lastname = $remoteuser->lastname; $user->email = $remoteuser->email; $imported = array('firstname', 'lastname', 'email'); //TODO: import institution's per-user-quota?: //$user->quota = $userrecord->quota; $user->authinstance = empty($this->config['parent']) ? $this->instanceid : $this->parent; db_begin(); $user->username = get_new_username($remoteuser->username); $user->id = create_user($user, array(), $this->institution, $this, $remoteuser->username); $locked = $this->import_user_settings($user, $remoteuser); $locked = array_merge($imported, $locked); /* * We need to convert the object to a stdclass with its own * custom method because it uses overloaders in its implementation * and its properties wouldn't be visible to a simple cast operation * like (array)$user */ $userobj = $user->to_stdclass(); $userarray = (array) $userobj; db_commit(); // Now we have fired the create event, we need to re-get the data // for this user $user = new User(); $user->find_by_id($userobj->id); } elseif ($update) { $imported = array('firstname', 'lastname', 'email'); foreach ($imported as $field) { if ($user->{$field} != $remoteuser->{$field}) { $user->{$field} = $remoteuser->{$field}; set_profile_field($user->id, $field, $user->{$field}); } } if (isset($remoteuser->idnumber)) { if ($user->studentid != $remoteuser->idnumber) { $user->studentid = $remoteuser->idnumber; set_profile_field($user->id, 'studentid', $user->studentid); } $imported[] = 'studentid'; } $locked = $this->import_user_settings($user, $remoteuser); $locked = array_merge($imported, $locked); $user->lastlastlogin = $user->lastlogin; $user->lastlogin = time(); //TODO: import institution's per-user-quota?: //$user->quota = $userrecord->quota; $user->commit(); } if (get_config('usersuniquebyusername')) { // Add them to the institution they have SSOed in by $user->join_institution($peer->institution); } // See if we need to create/update a profile Icon image if ($create || $update) { $client->set_method('auth/mnet/auth.php/fetch_user_image')->add_param($remoteuser->username)->send($remotewwwroot); $imageobject = (object) $client->response; $u = preg_replace('/[^A-Za-z0-9 ]/', '', $user->username); $filename = get_config('dataroot') . 'temp/mpi_' . intval($this->instanceid) . '_' . $u; if (array_key_exists('f1', $client->response)) { $imagecontents = base64_decode($client->response['f1']); if (file_put_contents($filename, $imagecontents)) { $imageexists = false; $icons = false; if ($update) { $newchecksum = sha1_file($filename); $icons = get_records_select_array('artefact', 'artefacttype = \'profileicon\' AND owner = ? ', array($user->id), '', 'id'); if (false != $icons) { foreach ($icons as $icon) { $iconfile = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $icon->id % 256 . '/' . $icon->id; $checksum = sha1_file($iconfile); if ($newchecksum == $checksum) { $imageexists = true; unlink($filename); break; } } } } if (false == $imageexists) { $filesize = filesize($filename); if (!$user->quota_allowed($filesize)) { $error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot')); } require_once 'file.php'; $imagesize = getimagesize($filename); if (!$imagesize || !is_image_type($imagesize[2])) { $error = get_string('filenotimage'); } $mime = $imagesize['mime']; $width = $imagesize[0]; $height = $imagesize[1]; $imagemaxwidth = get_config('imagemaxwidth'); $imagemaxheight = get_config('imagemaxheight'); if ($width > $imagemaxwidth || $height > $imagemaxheight) { $error = get_string('profileiconimagetoobig', 'artefact.file', $width, $height, $imagemaxwidth, $imagemaxheight); } try { $user->quota_add($filesize); } catch (QuotaException $qe) { $error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot')); } require_once get_config('docroot') . '/artefact/lib.php'; require_once get_config('docroot') . '/artefact/file/lib.php'; // Entry in artefact table $artefact = new ArtefactTypeProfileIcon(); $artefact->set('owner', $user->id); $artefact->set('parent', ArtefactTypeFolder::get_folder_id(get_string('imagesdir', 'artefact.file'), get_string('imagesdirdesc', 'artefact.file'), null, true, $user->id)); $artefact->set('title', ArtefactTypeFileBase::get_new_file_title(get_string('profileicon', 'artefact.file'), (int) $artefact->get('parent'), $user->id)); // unique title $artefact->set('description', get_string('uploadedprofileicon', 'artefact.file')); $artefact->set('note', get_string('profileicon', 'artefact.file')); $artefact->set('size', $filesize); $artefact->set('filetype', $mime); $artefact->set('width', $width); $artefact->set('height', $height); $artefact->commit(); $id = $artefact->get('id'); // Move the file into the correct place. $directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/'; check_dir_exists($directory); rename($filename, $directory . $id); if ($create || empty($icons)) { $user->profileicon = $id; } } $user->commit(); } else { log_warn(get_string('cantcreatetempprofileiconfile', 'artefact.file', $filename)); } } if ($update) { $locked[] = 'profileicon'; } } /*******************************************/ // We know who our user is now. Bring her back to life. $USER->reanimate($user->id, $this->instanceid); // Set session variables to let the application know this session was // initiated by MNET. Don't forget that users could initiate their // sessions without MNET sometimes, which is why this data is stored in // the session object. $SESSION->set('mnetuser', $user->id); $SESSION->set('authinstance', $this->instanceid); if (isset($_SERVER['HTTP_REFERER'])) { $SESSION->set('mnetuserfrom', $_SERVER['HTTP_REFERER']); } if ($update && isset($locked)) { $SESSION->set('lockedfields', $locked); } return true; }
function add_feedback_form_submit(Pieform $form, $values) { global $view, $artefact, $USER; $data = (object) array('title' => get_string('Comment', 'artefact.comment'), 'description' => $values['message']); if ($artefact) { $data->onartefact = $artefact->get('id'); $data->owner = $artefact->get('owner'); $data->group = $artefact->get('group'); $data->institution = $artefact->get('institution'); } else { $data->onview = $view->get('id'); $data->owner = $view->get('owner'); $data->group = $view->get('group'); $data->institution = $view->get('institution'); } if ($author = $USER->get('id')) { $anonymous = false; $data->author = $author; } else { $anonymous = true; $data->authorname = $values['authorname']; } if (isset($values['moderate']) && $values['ispublic'] && !$USER->can_edit_view($view)) { $data->private = 1; $data->requestpublic = 'author'; $moderated = true; } else { $data->private = (int) (!$values['ispublic']); $moderated = false; } $private = $data->private; if (get_config('licensemetadata')) { $data->license = $values['license']; $data->licensor = $values['licensor']; $data->licensorurl = $values['licensorurl']; } if (isset($values['rating'])) { $data->rating = valid_rating($values['rating']); } $comment = new ArtefactTypeComment(0, $data); db_begin(); $comment->commit(); $url = $comment->get_view_url($view->get('id'), true, false); $goto = get_config('wwwroot') . $url; if (isset($data->requestpublic) && $data->requestpublic === 'author' && $data->owner) { $arg = $author ? display_name($USER, null, true) : $data->authorname; $moderatemsg = (object) array('subject' => false, 'message' => false, 'strings' => (object) array('subject' => (object) array('key' => 'makepublicrequestsubject', 'section' => 'artefact.comment', 'args' => array()), 'message' => (object) array('key' => 'makepublicrequestbyauthormessage', 'section' => 'artefact.comment', 'args' => array(hsc($arg))), 'urltext' => (object) array('key' => 'Comment', 'section' => 'artefact.comment')), 'users' => array($data->owner), 'url' => $url); } if (!empty($values['attachments']) && is_array($values['attachments']) && !empty($data->author)) { require_once get_config('libroot') . 'uploadmanager.php'; safe_require('artefact', 'file'); $ownerlang = empty($data->owner) ? get_config('lang') : get_user_language($data->owner); $folderid = ArtefactTypeFolder::get_folder_id(get_string_from_language($ownerlang, 'feedbackattachdirname', 'artefact.comment'), get_string_from_language($ownerlang, 'feedbackattachdirdesc', 'artefact.comment'), null, true, $data->owner, $data->group, $data->institution); $attachment = (object) array('owner' => $data->owner, 'group' => $data->group, 'institution' => $data->institution, 'author' => $data->author, 'allowcomments' => 0, 'parent' => $folderid, 'description' => get_string_from_language($ownerlang, 'feedbackonviewbyuser', 'artefact.comment', $view->get('title'), display_name($USER))); foreach ($values['attachments'] as $filesindex) { $originalname = $_FILES[$filesindex]['name']; $attachment->title = ArtefactTypeFileBase::get_new_file_title($originalname, $folderid, $data->owner, $data->group, $data->institution); try { $fileid = ArtefactTypeFile::save_uploaded_file($filesindex, $attachment); } catch (QuotaExceededException $e) { if ($data->owner == $USER->get('id')) { $form->reply(PIEFORM_ERR, array('message' => $e->getMessage())); } redirect($goto); } catch (UploadException $e) { $form->reply(PIEFORM_ERR, array('message' => $e->getMessage())); redirect($goto); } $comment->attach($fileid); } } require_once 'activity.php'; $data = (object) array('commentid' => $comment->get('id'), 'viewid' => $view->get('id')); activity_occurred('feedback', $data, 'artefact', 'comment'); if (isset($moderatemsg)) { activity_occurred('maharamessage', $moderatemsg); } db_commit(); $newlist = ArtefactTypeComment::get_comments(10, 0, 'last', $view, $artefact); // If you're anonymous and your message is moderated or private, then you won't // be able to tell what happened to it. So we'll provide some more explanation in // the feedback message. if ($anonymous && $moderated) { $message = get_string('feedbacksubmittedmoderatedanon', 'artefact.comment'); } else { if ($anonymous && $private) { $message = get_string('feedbacksubmittedprivateanon', 'artefact.comment'); } else { $message = get_string('feedbacksubmitted', 'artefact.comment'); } } $form->reply(PIEFORM_OK, array('message' => $message, 'goto' => $goto, 'data' => $newlist)); }
// Set tags try { $tags = explode(",", param_variable('tags')); } catch (ParameterException $e) { } // -- Now check for files to upload -- $artefact_id = ''; // our resulting artefact id on creation if ($_FILES) { $file_title = $title; if ($blog || !$title) { // set the filename to be the title of the artefact $file_title = basename($_FILES['userfile']['name']); } try { $data->title = ArtefactTypeFileBase::get_new_file_title($file_title, $data->parent, $data->owner); if (!$blog) { // only set a description if it's an artefact upload $data->description = $description; } $data->tags = $tags; $artefact_id = ArtefactTypeFile::save_uploaded_file('userfile', $data); if ($artefact_id) { $json['id'] = $artefact_id; } } catch (QuotaExceededException $e) { jsonreply(array('fail' => 'Quota exceeded')); } catch (UploadException $e) { jsonreply(array('fail' => 'Failed to save file')); } }
/** * Ensures that the given value for the given composite is present * TODO: expand on these docs. * @param unknown_type $values * @param unknown_type $compositetype * @param unknown_type $owner * @return int If successful, the ID of the composite artefact * @throws SystemException */ public static function ensure_composite_value($values, $compositetype, $owner) { global $USER; if (!in_array($compositetype, self::get_composite_artefact_types())) { throw new SystemException("ensure_composite_value called with invalid composite type"); } try { $a = artefact_instance_from_type($compositetype, $owner); $a->set('mtime', time()); } catch (Exception $e) { $classname = generate_artefact_class_name($compositetype); $a = new $classname(0, array('owner' => $owner, 'title' => get_string($compositetype, 'artefact.resume'))); } $a->commit(); $values['artefact'] = $a->get('id'); $table = 'artefact_resume_' . $compositetype; if (!empty($values['id'])) { $itemid = $values['id']; update_record($table, (object) $values, 'id'); } else { if (isset($values['displayorder'])) { $values['displayorder'] = intval($values['displayorder']); } else { $max = get_field($table, 'MAX(displayorder)', 'artefact', $values['artefact']); $values['displayorder'] = is_numeric($max) ? $max + 1 : 0; } $itemid = insert_record($table, (object) $values, 'id', true); } // If there are any attachments, attach them to your Resume... if ($compositetype == 'educationhistory' || $compositetype == 'employmenthistory') { $goto = get_config('wwwroot') . 'artefact/resume/employment.php'; } else { $goto = get_config('wwwroot') . 'artefact/resume/achievements.php'; } // Attachments via 'files' pieform element // This happens when adding new resume composite... if (array_key_exists('attachments', $values)) { require_once get_config('libroot') . 'uploadmanager.php'; safe_require('artefact', 'file'); $folderid = null; $attachment = (object) array('owner' => $owner, 'group' => null, 'institution' => null, 'author' => $owner, 'allowcomments' => 0, 'parent' => $folderid, 'description' => null); foreach ($values['attachments'] as $filesindex) { $originalname = $_FILES[$filesindex]['name']; $attachment->title = ArtefactTypeFileBase::get_new_file_title($originalname, $folderid, $owner, null, null); try { $fileid = ArtefactTypeFile::save_uploaded_file($filesindex, $attachment); } catch (QuotaExceededException $e) { return array('message' => $e->getMessage(), 'goto' => $goto); } catch (UploadException $e) { return array('message' => $e->getMessage(), 'goto' => $goto); } $a->attach($fileid, $itemid); } } // Attachments via 'filebrowser' pieform element // This happens when editing resume composite... if (array_key_exists('filebrowser', $values)) { $old = $a->attachment_id_list_with_item($itemid); $new = is_array($values['filebrowser']) ? $values['filebrowser'] : array(); // only allow the attaching of files that exist and are editable by user foreach ($new as $key => $fileid) { $file = artefact_instance_from_id($fileid); if (!$file instanceof ArtefactTypeFile || !$USER->can_publish_artefact($file)) { unset($new[$key]); } } if (!empty($new) || !empty($old)) { foreach ($old as $o) { if (!in_array($o, $new)) { try { $a->detach($o, $itemid); } catch (ArtefactNotFoundException $e) { } } } $is_error = false; foreach ($new as $n) { if (!in_array($n, $old)) { // check the new item is not already attached to the // artefact under a different $itemid if (record_exists('artefact_attachment', 'artefact', $a->get('id'), 'attachment', $n)) { $artefactfile = artefact_instance_from_id($n); $is_error[] = $artefactfile->get('title'); } else { try { $a->attach($n, $itemid); } catch (ArtefactNotFoundException $e) { } } } } if (!empty($is_error)) { if (sizeof($is_error) > 1) { $error = get_string('duplicateattachments', 'artefact.resume', implode('\', \'', $is_error)); } else { $error = get_string('duplicateattachment', 'artefact.resume', implode(', ', $is_error)); } return array('message' => $error); } } } return $a->id; }
public function unzip_directory_name() { if (isset($this->data['unzipdir'])) { return $this->data['unzipdir']; } $folderdata = ArtefactTypeFileBase::artefactchooser_folder_data($this); $parent = $this->get('parent'); $strpath = ArtefactTypeFileBase::get_full_path($parent, $folderdata->data); $extn = $this->get('oldextension'); $name = $this->get('title'); if (substr($name, -1 - strlen($extn)) == '.' . $extn) { $name = substr($name, 0, strlen($name) - 1 - strlen($extn)); } $name = ArtefactTypeFileBase::get_new_file_title($name, $parent, $this->get('owner'), $this->get('group'), $this->get('institution')); $this->data['unzipdir'] = array('basename' => $name, 'fullname' => $strpath . $name); return $this->data['unzipdir']; }
function add_feedback_form_submit(Pieform $form, $values) { global $view, $artefact, $USER; $data = new StdClass(); $data->view = $view->get('id'); if ($artefact) { $data->artefact = $artefact->get('id'); $table = 'artefact_feedback'; } else { $table = 'view_feedback'; } $data->message = $values['message']; $data->public = (int) $values['ispublic']; $data->author = $USER->get('id'); if (!$data->author) { unset($data->author); $data->authorname = $values['authorname']; } $data->ctime = db_format_timestamp(time()); db_begin(); if (is_array($values['attachment'])) { require_once get_config('libroot') . 'group.php'; require_once get_config('libroot') . 'uploadmanager.php'; safe_require('artefact', 'file'); $groupid = $view->get('submittedgroup'); if (group_user_can_assess_submitted_views($groupid, $USER->get('id'))) { $um = new upload_manager('attachment'); if ($error = $um->preprocess_file()) { throw new UploadException($error); } $owner = $view->get('owner'); $ownerlang = get_user_language($owner); $folderid = ArtefactTypeFolder::get_folder_id(get_string_from_language($ownerlang, 'feedbackattachdirname', 'view'), get_string_from_language($ownerlang, 'feedbackattachdirdesc', 'view'), null, true, $owner); $attachment = (object) array('owner' => $owner, 'parent' => $folderid, 'title' => ArtefactTypeFileBase::get_new_file_title($values['attachment']['name'], $folderid, $owner), 'size' => $values['attachment']['size'], 'filetype' => $values['attachment']['type'], 'oldextensin' => $um->original_filename_extension(), 'description' => get_string_from_language($ownerlang, 'feedbackonviewbytutorofgroup', 'view', $view->get('title'), display_name($USER), get_field('group', 'name', 'id', $groupid))); try { $data->attachment = ArtefactTypeFile::save_uploaded_file('attachment', $attachment); } catch (QuotaExceededException $e) { } } } insert_record($table, $data, 'id', true); require_once 'activity.php'; unset($data->id); activity_occurred('feedback', $data); db_commit(); if ($artefact) { $goto = get_config('wwwroot') . 'view/artefact.php?artefact=' . $artefact->get('id') . '&view=' . $view->get('id'); } else { $goto = get_config('wwwroot') . 'view/view.php?id=' . $view->get('id'); } $form->reply(PIEFORM_OK, array('message' => get_string('feedbacksubmitted', 'view'), 'goto' => $goto)); }
function pieform_element_filebrowser_upload(Pieform $form, $element, $data) { global $USER; $parentfolder = $data['uploadfolder'] ? (int) $data['uploadfolder'] : null; $institution = $form->get_property('institution'); $group = $form->get_property('group'); $uploadnumber = (int) $data['uploadnumber']; $editable = (int) $element['config']['edit']; $selectable = (int) $element['config']['select']; $querybase = $element['page'] . (strpos($element['page'], '?') === false ? '?' : '&'); $prefix = $form->get_name() . '_' . $element['name']; $result = array('error' => false, 'uploadnumber' => $uploadnumber); if ($parentfolder == 0) { $parentfolder = null; } $data = new StdClass(); $data->parent = $parentfolder; $data->owner = null; if ($parentfolder) { $parentartefact = artefact_instance_from_id($parentfolder); if (!$USER->can_edit_artefact($parentartefact)) { $result['error'] = true; $result['message'] = get_string('cannoteditfolder', 'artefact.file'); return $result; } else { if ($parentartefact->get('locked')) { $result['error'] = true; $result['message'] = get_string('cannoteditfoldersubmitted', 'artefact.file'); return $result; } } $parentfoldername = $parentartefact->get('title'); } else { $parentfoldername = null; } if ($institution) { if (!$USER->can_edit_institution($institution)) { $result['error'] = true; $result['message'] = get_string('notadminforinstitution', 'admin'); return $result; } $data->institution = $institution; } else { if ($group) { require_once get_config('libroot') . 'group.php'; if (!$parentfolder) { $role = group_user_access($group); if (!$role) { $result['error'] = true; $result['message'] = get_string('usernotingroup', 'mahara'); return $result; } // Use default grouptype artefact permissions to check if the // user can upload a file to the group's root directory $permissions = group_get_default_artefact_permissions($group); if (!$permissions[$role]->edit) { $result['error'] = true; $result['message'] = get_string('cannoteditfolder', 'artefact.file'); return $result; } } $data->group = $group; } else { $data->owner = $USER->get('id'); } } $data->container = 0; $originalname = $_FILES['userfile']['name']; $originalname = $originalname ? basename($originalname) : get_string('file', 'artefact.file'); $data->title = ArtefactTypeFileBase::get_new_file_title($originalname, $parentfolder, $data->owner, $group, $institution); try { $newid = ArtefactTypeFile::save_uploaded_file('userfile', $data); } catch (QuotaExceededException $e) { prepare_upload_failed_message($result, $e, $parentfoldername, $originalname); // update the file listing $result['quota'] = $USER->get('quota'); $result['quotaused'] = $USER->get('quotaused'); $result['newlist'] = pieform_element_filebrowser_build_filelist($form, $element, $parentfolder); return $result; } catch (UploadException $e) { prepare_upload_failed_message($result, $e, $parentfoldername, $originalname); return $result; } // Upload succeeded if (isset($element['filters'])) { $artefacttypes = isset($element['filters']['artefacttype']) ? $element['filters']['artefacttype'] : null; $filetypes = isset($element['filters']['filetype']) ? $element['filters']['filetype'] : null; if (!empty($artefacttypes) || !empty($filetypes)) { // Need to check the artefacttype or filetype (mimetype) of the uploaded file. $file = artefact_instance_from_id($newid); if (is_array($artefacttypes) && !in_array($file->get('artefacttype'), $artefacttypes) || is_array($filetypes) && !in_array($file->get('filetype'), $filetypes)) { $result['error'] = true; $result['uploaded'] = true; $result['message'] = get_string('wrongfiletypeforblock', 'artefact.file'); return $result; } } } if ($parentfoldername) { if ($data->title == $originalname) { $result['message'] = get_string('uploadoffiletofoldercomplete', 'artefact.file', $originalname, $parentfoldername); } else { $result['message'] = get_string('fileuploadedtofolderas', 'artefact.file', $originalname, $parentfoldername, $data->title); } } else { if ($data->title == $originalname) { $result['message'] = get_string('uploadoffilecomplete', 'artefact.file', $originalname); } else { $result['message'] = get_string('fileuploadedas', 'artefact.file', $originalname, $data->title); } } $result['highlight'] = $newid; $result['uploaded'] = true; $result['newlist'] = pieform_element_filebrowser_build_filelist($form, $element, $parentfolder, $newid); $result['quota'] = $USER->get('quota'); $result['quotaused'] = $USER->get('quotaused'); return $result; }
function upload_submit(Pieform $form, $values) { global $USER, $filesize; safe_require('artefact', 'file'); try { $USER->quota_add($filesize); } catch (QuotaException $qe) { $form->json_reply(PIEFORM_ERR, array('message' => get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot')))); } // Entry in artefact table $data = new stdClass(); $data->owner = $USER->id; $data->parent = ArtefactTypeFolder::get_folder_id(get_string('imagesdir', 'artefact.file'), get_string('imagesdirdesc', 'artefact.file'), null, true, $USER->id); $data->title = $values['title'] ? $values['title'] : $values['file']['name']; $data->title = ArtefactTypeFileBase::get_new_file_title($data->title, (int) $data->parent, $USER->id); // unique title $data->note = $values['file']['name']; $data->size = $filesize; $imageinfo = getimagesize($values['file']['tmp_name']); $data->width = $imageinfo[0]; $data->height = $imageinfo[1]; $data->filetype = $imageinfo['mime']; $data->description = get_string('uploadedprofileicon', 'artefact.file'); $artefact = new ArtefactTypeProfileIcon(0, $data); if (preg_match("/\\.([^\\.]+)\$/", $values['file']['name'], $saved)) { $artefact->set('oldextension', $saved[1]); } $artefact->commit(); $id = $artefact->get('id'); // Move the file into the correct place. $directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/'; check_dir_exists($directory); move_uploaded_file($values['file']['tmp_name'], $directory . $id); $USER->commit(); $form->json_reply(PIEFORM_OK, get_string('profileiconaddedtoimagesfolder', 'artefact.file', get_string('imagesdir', 'artefact.file'))); }
function add_feedback_form_submit(Pieform $form, $values) { global $view, $artefact, $USER; require_once 'embeddedimage.php'; $data = (object) array('title' => get_string('Comment', 'artefact.comment'), 'description' => $values['message']); if ($artefact) { $data->onartefact = $artefact->get('id'); $data->owner = $artefact->get('owner'); $data->group = $artefact->get('group'); $data->institution = $artefact->get('institution'); $onvieworartefactstr = "onartefact = {$data->onartefact}"; } else { $data->onview = $view->get('id'); $data->owner = $view->get('owner'); $data->group = $view->get('group'); $data->institution = $view->get('institution'); $onvieworartefactstr = "onview = {$data->onview}"; } $owner = $data->owner; $author = null; if ($author = $USER->get('id')) { $anonymous = false; $data->author = $author; } else { $anonymous = true; $data->authorname = $values['authorname']; } if (isset($values['moderate']) && $values['ispublic'] && !$USER->can_edit_view($view)) { $data->private = 1; $data->requestpublic = 'author'; $moderated = true; } else { $data->private = (int) (!$values['ispublic']); $moderated = false; } $private = $data->private; if (get_config('licensemetadata')) { $data->license = $values['license']; $data->licensor = $values['licensor']; $data->licensorurl = $values['licensorurl']; } if (isset($values['rating'])) { $data->rating = valid_rating($values['rating']); } if ($values['replyto'] && ($pcomment = artefact_instance_from_id($values['replyto']))) { $data->parent = $pcomment->get('id'); $grandparentid = $pcomment->get('parent'); // Find the position for the new comment // Find the last offspring of the parent $parentid = $data->parent; $data->threadedposition = $pcomment->get('threadedposition'); while ($lastchild = get_records_sql_array(' SELECT c.artefact, c.threadedposition FROM {artefact_comment_comment} c INNER JOIN {artefact} a ON a.id = c.artefact WHERE ' . $onvieworartefactstr . ' AND a.parent = ? ORDER BY c.threadedposition DESC LIMIT 1', array($parentid))) { $parentid = $lastchild[0]->artefact; $data->threadedposition = $lastchild[0]->threadedposition; } $data->threadedposition++; // Increase the threaded position of following comments by 1 execute_sql(' UPDATE {artefact_comment_comment} SET threadedposition = threadedposition + 1 WHERE ' . $onvieworartefactstr . ' AND threadedposition >= ?', array($data->threadedposition)); } if (!isset($data->threadedposition)) { $lastcomment = get_record_sql(' SELECT max(threadedposition) AS lastposition FROM {artefact_comment_comment} c WHERE ' . $onvieworartefactstr); $data->threadedposition = $lastcomment->lastposition ? $lastcomment->lastposition + 1 : 1; } $comment = new ArtefactTypeComment(0, $data); db_begin(); $comment->commit(); $newdescription = EmbeddedImage::prepare_embedded_images($values['message'], 'comment', $comment->get('id'), $data->group); if ($newdescription !== $values['message']) { $updatedcomment = new stdClass(); $updatedcomment->id = $comment->get('id'); $updatedcomment->description = $newdescription; update_record('artefact', $updatedcomment, 'id'); } $url = $comment->get_view_url($view->get('id'), true, false); $goto = get_config('wwwroot') . $url; if (isset($data->requestpublic) && $data->requestpublic === 'author' && $data->owner) { $arg = $author ? display_name($USER, null, true) : $data->authorname; $moderatemsg = (object) array('subject' => false, 'message' => false, 'strings' => (object) array('subject' => (object) array('key' => 'makepublicrequestsubject', 'section' => 'artefact.comment', 'args' => array()), 'message' => (object) array('key' => 'makepublicrequestbyauthormessage', 'section' => 'artefact.comment', 'args' => array(hsc($arg))), 'urltext' => (object) array('key' => 'Comment', 'section' => 'artefact.comment')), 'users' => array($data->owner), 'url' => $url); } if (!empty($values['attachments']) && is_array($values['attachments']) && !empty($data->author)) { require_once get_config('libroot') . 'uploadmanager.php'; safe_require('artefact', 'file'); $ownerlang = empty($data->owner) ? get_config('lang') : get_user_language($data->owner); $folderid = ArtefactTypeFolder::get_folder_id(get_string_from_language($ownerlang, 'feedbackattachdirname', 'artefact.comment'), get_string_from_language($ownerlang, 'feedbackattachdirdesc', 'artefact.comment'), null, true, $data->owner, $data->group, $data->institution); $attachment = (object) array('owner' => $data->owner, 'group' => $data->group, 'institution' => $data->institution, 'author' => $data->author, 'allowcomments' => 0, 'parent' => $folderid, 'description' => get_string_from_language($ownerlang, 'feedbackonviewbyuser', 'artefact.comment', $view->get('title'), display_name($USER))); foreach ($values['attachments'] as $filesindex) { $originalname = $_FILES[$filesindex]['name']; $attachment->title = ArtefactTypeFileBase::get_new_file_title($originalname, $folderid, $data->owner, $data->group, $data->institution); try { $fileid = ArtefactTypeFile::save_uploaded_file($filesindex, $attachment); } catch (QuotaExceededException $e) { if ($data->owner == $USER->get('id')) { $form->reply(PIEFORM_ERR, array('message' => $e->getMessage())); } redirect($goto); } catch (UploadException $e) { $form->reply(PIEFORM_ERR, array('message' => $e->getMessage())); redirect($goto); } $comment->attach($fileid); } } require_once 'activity.php'; $data = (object) array('commentid' => $comment->get('id'), 'viewid' => $view->get('id')); // We want to add the user placing the comment to the watchlist so they // can get notified about future comments to the page. // @TODO Add a site/institution preference to override this. $updatelink = false; if (!get_field('usr_watchlist_view', 'ctime', 'usr', $author, 'view', $view->get('id')) && $author != $owner) { insert_record('usr_watchlist_view', (object) array('usr' => $author, 'view' => $view->get('id'), 'ctime' => db_format_timestamp(time()))); $updatelink = $artefact ? get_string('removefromwatchlistartefact', 'view', $view->get('title')) : get_string('removefromwatchlist', 'view'); } activity_occurred('feedback', $data, 'artefact', 'comment'); if (isset($moderatemsg)) { activity_occurred('maharamessage', $moderatemsg); } db_commit(); $commentoptions = ArtefactTypeComment::get_comment_options(); $commentoptions->showcomment = $comment->get('id'); $commentoptions->view = $view; $commentoptions->artefact = $artefact; $newlist = ArtefactTypeComment::get_comments($commentoptions); $newlist->updatelink = $updatelink; // If you're anonymous and your message is moderated or private, then you won't // be able to tell what happened to it. So we'll provide some more explanation in // the feedback message. if ($anonymous && $moderated) { $message = get_string('feedbacksubmittedmoderatedanon', 'artefact.comment'); } else { if ($anonymous && $private) { $message = get_string('feedbacksubmittedprivateanon', 'artefact.comment'); } else { $message = get_string('feedbacksubmitted', 'artefact.comment'); } } $form->reply(PIEFORM_OK, array('message' => $message, 'goto' => $goto, 'data' => $newlist)); }