/**
* This function will import the zip file with the respective qti2
* @param array $array_file ($_FILES)
*/
function ch_qti2_import_file($array_file)
{
$unzip = 0;
$process = process_uploaded_file($array_file, false);
if (preg_match('/\\.zip$/i', $array_file['name'])) {
// if it's a zip, allow zip upload
$unzip = 1;
}
if ($process && $unzip == 1) {
$main_path = api_get_path(SYS_CODE_PATH);
require_once $main_path . 'exercice/export/exercise_import.inc.php';
require_once $main_path . 'exercice/export/qti2/qti2_classes.php';
return import_exercise($array_file['name']);
}
return 'langFileError';
}
/**
* Creates a comment on a post in a given blog
* @author Toon Keppens
* @param String $title
* @param String $full_text
* @param Integer $blog_id
* @param Integer $post_id
* @param Integer $parent_id
*/
public static function create_comment($title, $full_text, $file_comment, $blog_id, $post_id, $parent_id, $task_id = 'NULL')
{
$_user = api_get_user_info();
$_course = api_get_course_info();
$blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT);
$upload_ok = true;
$has_attachment = false;
$current_date = date('Y-m-d H:i:s', time());
$course_id = api_get_course_int_id();
if (!empty($_FILES['user_upload']['name'])) {
$upload_ok = process_uploaded_file($_FILES['user_upload']);
$has_attachment = true;
}
if ($upload_ok) {
// Table Definition
$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
// Create the comment
$sql = "INSERT INTO {$tbl_blogs_comments} (c_id, title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id )\n\t\t\t\t\tVALUES ({$course_id}, '" . Database::escape_string($title) . "', '" . Database::escape_string($full_text) . "', '" . (int) $_user['user_id'] . "','" . $current_date . "', '" . (int) $blog_id . "', '" . (int) $post_id . "', '" . (int) $parent_id . "', '" . (int) $task_id . "')";
Database::query($sql);
// Empty post values, or they are shown on the page again
$last_id = Database::insert_id();
if ($last_id) {
$sql = "UPDATE {$tbl_blogs_comments} SET comment_id = iid WHERE iid = {$last_id}";
Database::query($sql);
}
if ($has_attachment) {
$courseDir = $_course['path'] . '/upload/blog';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
// user's file name
$file_name = $_FILES['user_upload']['name'];
if (!filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
$comment = Database::escape_string($file_comment);
// Storing the attachments if any
if ($result) {
$sql = 'INSERT INTO ' . $blog_table_attachment . '(c_id, filename,comment, path, post_id,size,blog_id,comment_id) ' . "VALUES ({$course_id}, '" . Database::escape_string($file_name) . "', '" . $comment . "', '" . Database::escape_string($new_file_name) . "' , '" . $post_id . "', '" . $_FILES['user_upload']['size'] . "', '" . $blog_id . "', '" . $last_id . "' )";
Database::query($sql);
$id = Database::insert_id();
if ($id) {
$sql = "UPDATE {$blog_table_attachment} SET id = iid WHERE iid = {$id}";
Database::query($sql);
}
}
}
}
}
}
/**
* Uploads a document
*
* @param array $files the $_FILES variable
* @param string $path
* @param string $title
* @param string $comment
* @param int $unzip unzip or not the file
* @param string $if_exists overwrite, rename or warn (default)
* @param bool $index_document index document (search xapian module)
* @param bool $show_output print html messages
* @return array|bool
*/
public static function upload_document($files, $path, $title = null, $comment = null, $unzip = 0, $if_exists = null, $index_document = false, $show_output = false, $fileKey = 'file')
{
$course_info = api_get_course_info();
$sessionId = api_get_session_id();
$course_dir = $course_info['path'] . '/document';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$base_work_dir = $sys_course_path . $course_dir;
if (isset($files[$fileKey])) {
$upload_ok = process_uploaded_file($files[$fileKey], $show_output);
if ($upload_ok) {
// File got on the server without problems, now process it
$new_path = handle_uploaded_document($course_info, $files[$fileKey], $base_work_dir, $path, api_get_user_id(), api_get_group_id(), null, $unzip, $if_exists, $show_output, false, null, $sessionId);
if ($new_path) {
$documentId = DocumentManager::get_document_id($course_info, $new_path, $sessionId);
if (!empty($documentId)) {
$table_document = Database::get_course_table(TABLE_DOCUMENT);
$params = array();
/*if ($if_exists == 'rename') {
// Remove prefix
$suffix = DocumentManager::getDocumentSuffix(
$course_info,
$sessionId,
api_get_group_id()
);
$new_path = basename($new_path);
$new_path = str_replace($suffix, '', $new_path);
error_log('renamed');
error_log($new_path);
$params['title'] = get_document_title($new_path);
} else {
if (!empty($title)) {
$params['title'] = get_document_title($title);
} else {
$params['title'] = get_document_title($files['file']['name']);
}
}*/
if (!empty($comment)) {
$params['comment'] = trim($comment);
}
Database::update($table_document, $params, array('id = ? AND c_id = ? ' => array($documentId, $course_info['real_id'])));
}
// Showing message when sending zip files
if ($new_path === true && $unzip == 1 && $show_output) {
Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br />', false);
}
if ($index_document) {
self::index_document($documentId, $course_info['code'], null, $_POST['language'], $_REQUEST, $if_exists);
}
if (!empty($documentId) && is_numeric($documentId)) {
$documentData = self::get_document_data_by_id($documentId, $course_info['code'], false, $sessionId);
return $documentData;
}
}
}
}
return false;
}
/**
* Add an attachment file into agenda
* @param int $eventId
* @param array $fileUserUpload ($_FILES['user_upload'])
* @param string comment about file
* @param array $courseInfo
* @return string
*/
public function addAttachment($eventId, $fileUserUpload, $comment, $courseInfo)
{
$agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
$eventId = intval($eventId);
// Storing the attachments
$upload_ok = false;
if (!empty($fileUserUpload['name'])) {
$upload_ok = process_uploaded_file($fileUserUpload);
}
if (!empty($upload_ok)) {
$courseDir = $courseInfo['directory'] . '/upload/calendar';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$uploadDir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($fileUserUpload['name']), $fileUserUpload['type']);
// user's file name
$file_name = $fileUserUpload['name'];
if (!filter_extension($new_file_name)) {
return Display::return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error');
} else {
$new_file_name = uniqid('');
$new_path = $uploadDir . '/' . $new_file_name;
$result = @move_uploaded_file($fileUserUpload['tmp_name'], $new_path);
$course_id = api_get_course_int_id();
$size = intval($fileUserUpload['size']);
// Storing the attachments if any
if ($result) {
$params = ['c_id' => $course_id, 'filename' => $file_name, 'comment' => $comment, 'path' => $new_file_name, 'agenda_id' => $eventId, 'size' => $size];
$id = Database::insert($agenda_table_attachment, $params);
if ($id) {
$sql = "UPDATE {$agenda_table_attachment}\n SET id = iid WHERE iid = {$id}";
Database::query($sql);
api_item_property_update($courseInfo, 'calendar_event_attachment', $id, 'AgendaAttachmentAdded', api_get_user_id());
}
}
}
}
}
/**
* This function edits an attachment file into a forum
* @param string $file_comment a comment about file
* @param int $post_id
* @param int $id_attach attachment file Id
* @return void
*/
function edit_forum_attachment_file($file_comment, $post_id, $id_attach)
{
$_course = api_get_course_info();
$table_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
$course_id = api_get_course_int_id();
$fileCount = count($_FILES['user_upload']['name']);
$filesData = [];
if (!is_array($_FILES['user_upload']['name'])) {
$filesData[] = $_FILES['user_upload'];
} else {
$fileKeys = array_keys($_FILES['user_upload']);
for ($i = 0; $i < $fileCount; $i++) {
foreach ($fileKeys as $key) {
$filesData[$i][$key] = $_FILES['user_upload'][$key][$i];
}
}
}
foreach ($filesData as $attachment) {
if (empty($attachment['name'])) {
continue;
}
$upload_ok = process_uploaded_file($attachment);
if (!$upload_ok) {
continue;
}
$course_dir = $_course['path'] . '/upload/forum';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $course_dir;
// Try to add an extension to the file if it hasn't one.
$new_file_name = add_ext_on_mime(stripslashes($attachment['name']), $attachment['type']);
// User's file name
$file_name = $attachment['name'];
if (!filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($attachment['tmp_name'], $new_path);
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$safe_post_id = (int) $post_id;
$safe_id_attach = (int) $id_attach;
// Storing the attachments if any.
if ($result) {
$sql = "UPDATE {$table_forum_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', post_id = '{$safe_post_id}', size ='" . $attachment['size'] . "'\n WHERE c_id = {$course_id} AND id = '{$safe_id_attach}'";
Database::query($sql);
api_item_property_update($_course, TOOL_FORUM_ATTACH, $safe_id_attach, 'ForumAttachmentUpdated', api_get_user_id());
}
}
}
}
<input type="hidden" name="curdirpath" value="' . $curdirpath . '" />
</fieldset>
</form>
<hr>
';
} elseif (isset($_GET['add_as_template']) && isset($_POST['create_template'])) {
$document_id_for_template = intval($_GET['add_as_template']);
$title = Security::remove_XSS($_POST['template_title']);
$user_id = api_get_user_id();
// Create the template_thumbnails folder in the upload folder (if needed)
if (!is_dir(api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/')) {
@mkdir(api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/', api_get_permissions_for_new_directories());
}
// Upload the file
if (!empty($_FILES['template_image']['name'])) {
$upload_ok = process_uploaded_file($_FILES['template_image']);
if ($upload_ok) {
// Try to add an extension to the file if it hasn't one
$new_file_name = $courseInfo['code'] . '-' . add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']);
// Upload dir
$upload_dir = api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/';
// Resize image to max default and end upload
$temp = new Image($_FILES['template_image']['tmp_name']);
$picture_info = $temp->get_image_info();
$max_width_for_picture = 100;
if ($picture_info['width'] > $max_width_for_picture) {
$temp->resize($max_width_for_picture);
}
$temp->send_image($upload_dir . $new_file_name);
}
}
/**
* Add (or edit) a template. This function displays the form and also takes care of uploading the image and storing the information in the database
*
* @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
* @version August 2008
* @since Dokeos 1.8.6
*/
function add_edit_template()
{
// initiate the object
$form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . $_GET['action'] . '&id=' . $_GET['id']);
// settting the form elements: the header
if ($_GET['action'] == 'add') {
$title = get_lang('AddTemplate');
} else {
$title = get_lang('EditTemplate');
}
$form->addElement('header', '', $title);
// settting the form elements: the title of the template
$form->add_textfield('title', get_lang('Title'), false);
// settting the form elements: the content of the template (wysiwyg editor)
$form->addElement('html_editor', 'template_text', get_lang('Text'));
// settting the form elements: the form to upload an image to be used with the template
$form->addElement('file', 'template_image', get_lang('Image'), '');
// settting the form elements: a little bit information about the template image
$form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70'));
// getting all the information of the template when editing a template
if ($_GET['action'] == 'edit') {
// Database table definition
$table_system_template = Database::get_main_table('system_template');
$sql = "SELECT * FROM {$table_system_template} WHERE id = '" . Database::escape_string($_GET['id']) . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$defaults['template_id'] = $_GET['id'];
$defaults['template_text'] = $row['content'];
$defaults['title'] = $row['title'];
// adding an extra field: a hidden field with the id of the template we are editing
$form->addElement('hidden', 'template_id');
// adding an extrra field: a preview of the image that is currently used
if (!empty($row['image'])) {
$form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>');
} else {
$form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>');
}
// setting the information of the template that we are editing
$form->setDefaults($defaults);
}
// settting the form elements: the submit button
$form->addElement('style_submit_button', 'submit', get_lang('Ok'), 'class="save"');
// setting the rules: the required fields
$form->addRule('title', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('template_text', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required');
// if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed)
if ($form->validate()) {
// exporting the values
$values = $form->exportValues();
// upload the file
if (!empty($_FILES['template_image']['name'])) {
include_once api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php';
$upload_ok = process_uploaded_file($_FILES['template_image']);
if ($upload_ok) {
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']);
// upload dir
$upload_dir = api_get_path(SYS_PATH) . 'home/default_platform_document/';
// create dir if not exists
if (!is_dir($upload_dir)) {
$perm = api_get_setting('permissions_for_new_directories');
$perm = octdec(!empty($perm) ? $perm : '0770');
$res = @mkdir($upload_dir, $perm);
}
// resize image to max default and upload
require_once api_get_path(LIBRARY_PATH) . 'image.lib.php';
$temp = new image($_FILES['template_image']['tmp_name']);
$picture_infos = @getimagesize($_FILES['template_image']['tmp_name']);
$max_width_for_picture = 100;
if ($picture_infos[0] > $max_width_for_picture) {
$thumbwidth = $max_width_for_picture;
if (empty($thumbwidth) or $thumbwidth == 0) {
$thumbwidth = $max_width_for_picture;
}
$new_height = round($thumbwidth / $picture_infos[0] * $picture_infos[1]);
$temp->resize($thumbwidth, $new_height, 0);
}
$type = $picture_infos[2];
switch (!empty($type)) {
case 2:
$temp->send_image('JPG', $upload_dir . $new_file_name);
break;
case 3:
$temp->send_image('PNG', $upload_dir . $new_file_name);
break;
case 1:
$temp->send_image('GIF', $upload_dir . $new_file_name);
break;
}
}
}
// store the information in the database (as insert or as update)
$table_system_template = Database::get_main_table('system_template');
if ($_GET['action'] == 'add') {
$sql = "INSERT INTO {$table_system_template} (title, content, image) VALUES ('" . Database::escape_string($values['title']) . "','" . Database::escape_string($values['template_text']) . "','" . Database::escape_string($new_file_name) . "')";
$result = api_sql_query($sql, __FILE__, __LINE__);
// display a feedback message
Display::display_confirmation_message('TemplateAdded');
echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('add_template.gif', get_lang('AddTemplate')) . get_lang('AddTemplate') . '</a>';
} else {
$sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "',\n\t\t\t\t\t\t\t\t\t\t\t \t\t content = '" . Database::escape_string($values['template_text']) . "'";
if (!empty($new_file_name)) {
$sql .= ", image = '" . Database::escape_string($new_file_name) . "'";
}
$sql .= " WHERE id='" . Database::escape_string($_GET['id']) . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
// display a feedback message
Display::display_confirmation_message('TemplateEdited');
}
display_templates();
} else {
// display the form
$form->display();
}
}
/**
* Uploads an author image to the upload/learning_path/images directory
* @param array The image array, coming from the $_FILES superglobal
* @return boolean True on success, false on error
*/
function upload_image($image_array)
{
$image_moved = false;
if (!empty($image_array['name'])) {
$upload_ok = process_uploaded_file($image_array);
$has_attachment = true;
} else {
$image_moved = true;
}
if ($upload_ok) {
if ($has_attachment) {
$courseDir = api_get_course_path() . '/upload/learning_path/images';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']);
if (!filter_extension($new_file_name)) {
//Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
$image_moved = false;
} else {
$file_extension = explode('.', $image_array['name']);
$file_extension = strtolower($file_extension[sizeof($file_extension) - 1]);
$new_file_name = uniqid('') . '.' . $file_extension;
$new_path = $updir . '/' . $new_file_name;
//$result= @move_uploaded_file($image_array['tmp_name'], $new_path);
// resize the image
include_once api_get_path(LIBRARY_PATH) . 'image.lib.php';
$temp = new image($image_array['tmp_name']);
$picture_infos = @getimagesize($image_array['tmp_name']);
// $picture_infos[0]-> width
if ($picture_infos[0] > 104) {
$thumbwidth = 104;
} else {
$thumbwidth = $picture_infos[0];
}
if ($picture_infos[1] > 96) {
$new_height = 96;
} else {
$new_height = $picture_infos[1];
}
//$new_height = round(($thumbwidth/$picture_infos[0])*$picture_infos[1]);
$temp->resize($thumbwidth, $new_height, 0);
$type = $picture_infos[2];
$result = false;
switch ($type) {
case 2:
$result = $temp->send_image('JPG', $new_path);
break;
case 3:
$result = $temp->send_image('PNG', $new_path);
break;
case 1:
$result = $temp->send_image('GIF', $new_path);
break;
}
$temp->resize($thumbwidth, $new_height, 0);
$type = $picture_infos[2];
$result = false;
switch ($type) {
case 2:
$result = $temp->send_image('JPG', $new_path);
break;
case 3:
$result = $temp->send_image('PNG', $new_path);
break;
case 1:
$result = $temp->send_image('GIF', $new_path);
break;
}
// Storing the image filename
if ($result) {
$image_moved = true;
$this->set_preview_image($new_file_name);
return true;
}
}
}
}
return false;
}
/**
* Add (or edit) a template. This function displays the form and also takes
* care of uploading the image and storing the information in the database
*
* @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
* @version August 2008
* @since Dokeos 1.8.6
*/
function add_edit_template()
{
// Initialize the object.
$id = isset($_GET['id']) ? '&id=' . Security::remove_XSS($_GET['id']) : '';
$form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . Security::remove_XSS($_GET['action']) . $id);
// Setting the form elements: the header.
if ($_GET['action'] == 'add') {
$title = get_lang('AddTemplate');
} else {
$title = get_lang('EditTemplate');
}
$form->addElement('header', '', $title);
// Setting the form elements: the title of the template.
$form->addText('title', get_lang('Title'), false);
// Setting the form elements: the content of the template (wysiwyg editor).
$form->addHtmlEditor('template_text', get_lang('Text'), false, false, array('ToolbarSet' => 'AdminTemplates', 'Width' => '100%', 'Height' => '400'));
// Setting the form elements: the form to upload an image to be used with the template.
$form->addElement('file', 'template_image', get_lang('Image'), '');
// Setting the form elements: a little bit information about the template image.
$form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70'));
// Getting all the information of the template when editing a template.
if ($_GET['action'] == 'edit') {
// Database table definition.
$table_system_template = Database::get_main_table('system_template');
$sql = "SELECT * FROM {$table_system_template} WHERE id = " . intval($_GET['id']) . "";
$result = Database::query($sql);
$row = Database::fetch_array($result);
$defaults['template_id'] = intval($_GET['id']);
$defaults['template_text'] = $row['content'];
// Forcing get_lang().
$defaults['title'] = get_lang($row['title']);
// Adding an extra field: a hidden field with the id of the template we are editing.
$form->addElement('hidden', 'template_id');
// Adding an extra field: a preview of the image that is currently used.
if (!empty($row['image'])) {
$form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>');
} else {
$form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>');
}
// Setting the information of the template that we are editing.
$form->setDefaults($defaults);
}
// Setting the form elements: the submit button.
$form->addButtonSave(get_lang('Ok'), 'submit');
// Setting the rules: the required fields.
$form->addRule('template_image', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('title', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('template_text', get_lang('ThisFieldIsRequired'), 'required');
// if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed)
if ($form->validate()) {
$check = Security::check_token('post');
if ($check) {
// Exporting the values.
$values = $form->exportValues();
// Upload the file.
if (!empty($_FILES['template_image']['name'])) {
$upload_ok = process_uploaded_file($_FILES['template_image']);
if ($upload_ok) {
// Try to add an extension to the file if it hasn't one.
$new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']);
// The upload directory.
$upload_dir = api_get_path(SYS_APP_PATH) . 'home/default_platform_document/template_thumb/';
// Create the directory if it does not exist.
if (!is_dir($upload_dir)) {
mkdir($upload_dir, api_get_permissions_for_new_directories());
}
// Resize the preview image to max default and upload.
$temp = new Image($_FILES['template_image']['tmp_name']);
$picture_info = $temp->get_image_info();
$max_width_for_picture = 100;
if ($picture_info['width'] > $max_width_for_picture) {
$temp->resize($max_width_for_picture);
}
$temp->send_image($upload_dir . $new_file_name);
}
}
// Store the information in the database (as insert or as update).
$table_system_template = Database::get_main_table('system_template');
if ($_GET['action'] == 'add') {
$content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY);
$params = ['title' => $values['title'], 'content' => $content_template, 'image' => $new_file_name];
Database::insert($table_system_template, $params);
// Display a feedback message.
Display::display_confirmation_message(get_lang('TemplateAdded'));
echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>';
} else {
$content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>' . Database::escape_string($values['template_text']) . '</body>';
$sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "', content = '" . $content_template . "'";
if (!empty($new_file_name)) {
$sql .= ", image = '" . Database::escape_string($new_file_name) . "'";
}
$sql .= " WHERE id = " . intval($_GET['id']) . "";
Database::query($sql);
// Display a feedback message.
Display::display_confirmation_message(get_lang('TemplateEdited'));
}
}
Security::clear_token();
display_templates();
} else {
$token = Security::get_token();
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
// Display the form.
$form->display();
}
}
/**
* Uploads the nanogong wav file
* @param bool
*/
public function upload_file($is_nano = false)
{
if (!empty($_FILES)) {
$upload_ok = process_uploaded_file($_FILES['file'], false);
if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
return 0;
}
if ($upload_ok) {
// Check if there is enough space to save the file
if (!DocumentManager::enough_space($_FILES['file']['size'], DocumentManager::get_course_quota())) {
return 0;
}
//first we delete everything before uploading the file
$this->delete_files();
//Reload the filename variable
$file_name = add_ext_on_mime($_FILES['file']['name'], $_FILES['file']['type']);
$file_name = strtolower($file_name);
$file_info = pathinfo($file_name);
if ($is_nano == true) {
$file_info['extension'] = 'wav';
}
$file_name = $this->filename . '.' . $file_info['extension'];
if (in_array($file_info['extension'], $this->available_extensions)) {
if (move_uploaded_file($_FILES['file']['tmp_name'], $this->store_path . $file_name)) {
$this->store_filename = $this->store_path . $file_name;
return 1;
}
}
}
}
return 0;
}
/**
* @return array|null|string
*/
function store_add_dropbox()
{
$_course = api_get_course_info();
$_user = api_get_user_info();
$dropbox_cnf = getDropboxConf();
// Validating the form data
// there are no recipients selected
if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
return get_lang('YouMustSelectAtLeastOneDestinee');
} else {
// Check if all the recipients are valid
$thisIsAMailing = false;
$thisIsJustUpload = false;
foreach ($_POST['recipients'] as $rec) {
if ($rec == 'mailing') {
$thisIsAMailing = true;
} elseif ($rec == 'upload') {
$thisIsJustUpload = true;
} elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
return get_lang('InvalideUserDetected');
} elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
return get_lang('InvalideGroupDetected');
}
}
}
// we are doing a mailing but an additional recipient is selected
if ($thisIsAMailing && count($_POST['recipients']) != 1) {
return get_lang('MailingSelectNoOther');
}
// we are doing a just upload but an additional recipient is selected.
// note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails)
if ($thisIsJustUpload && count($_POST['recipients']) != 1) {
return get_lang('MailingJustUploadSelectNoOther');
}
if (empty($_FILES['file']['name'])) {
$error = true;
return get_lang('NoFileSpecified');
}
// are we overwriting a previous file or sending a new one
$dropbox_overwrite = false;
if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) {
$dropbox_overwrite = true;
}
// doing the upload
$dropbox_filename = $_FILES['file']['name'];
$dropbox_filesize = $_FILES['file']['size'];
$dropbox_filetype = $_FILES['file']['type'];
$dropbox_filetmpname = $_FILES['file']['tmp_name'];
// check if the filesize does not exceed the allowed size.
if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) {
return get_lang('DropboxFileTooBig');
// TODO: The "too big" message does not fit in the case of uploading zero-sized file.
}
// check if the file is actually uploaded
if (!is_uploaded_file($dropbox_filetmpname)) {
// check user fraud : no clean error msg.
return get_lang('TheFileIsNotUploaded');
}
$upload_ok = process_uploaded_file($_FILES['file'], true);
if (!$upload_ok) {
return null;
}
// Try to add an extension to the file if it hasn't got one
$dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype);
// Replace dangerous characters
$dropbox_filename = replace_dangerous_char($dropbox_filename);
// Transform any .php file in .phps fo security
$dropbox_filename = php2phps($dropbox_filename);
//filter extension
if (!filter_extension($dropbox_filename)) {
return get_lang('UplUnableToSaveFileFilteredExtension');
}
// set title
$dropbox_title = $dropbox_filename;
// set author
if (!isset($_POST['authors'])) {
$_POST['authors'] = getUserNameFromId($_user['user_id']);
}
// note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload
if ($dropbox_overwrite) {
$dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor());
foreach ($dropbox_person->sentWork as $w) {
if ($w->title == $dropbox_filename) {
if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) {
return get_lang('MailingNonMailingError');
}
if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) {
return get_lang('MailingJustUploadSelectNoOther');
}
$dropbox_filename = $w->filename;
$found = true;
// note: do we still need this?
break;
}
}
} else {
// rename file to login_filename_uniqueId format
$dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid('');
}
// creating the array that contains all the users who will receive the file
$new_work_recipients = array();
foreach ($_POST['recipients'] as $rec) {
if (strpos($rec, 'user_') === 0) {
$new_work_recipients[] = substr($rec, strlen('user_'));
} elseif (strpos($rec, 'group_') === 0) {
$userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
foreach ($userList as $usr) {
if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) {
$new_work_recipients[] = $usr['user_id'];
}
}
}
}
@move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename);
$b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox');
if ($b_send_mail) {
foreach ($new_work_recipients as $recipient_id) {
$recipent_temp = UserManager::get_user_info_by_id($recipient_id);
$additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']);
api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters);
}
}
new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients);
Security::clear_token();
return get_lang('FileUploadSucces');
}
$validationStatus = getWorkDateValidationStatus($homework);
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work.php?' . api_get_cidreq(), 'name' => get_lang('StudentPublications'));
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'work/work_list.php?' . api_get_cidreq() . '&id=' . $workId, 'name' => $workInfo['title']);
$interbreadcrumb[] = array('url' => '#', 'name' => get_lang('UploadCorrections'));
$form = new FormValidator('form', 'POST', api_get_self() . "?" . api_get_cidreq() . "&id=" . $workId, '', array('enctype' => "multipart/form-data"));
$form->addElement('header', get_lang('UploadCorrections'));
$form->addElement('file', 'file', get_lang('UploadADocument'));
$form->add_real_progress_bar('uploadWork', 'file');
$form->addRule('file', get_lang('ThisFieldIsRequired'), 'required');
$form->addElement('hidden', 'id', $workId);
$form->addButtonUpload(get_lang('Upload'));
$error_message = null;
$succeed = false;
if ($form->validate()) {
$values = $form->getSubmitValues();
$upload = process_uploaded_file($_FILES['file'], false);
if ($upload) {
$zip = new PclZip($_FILES['file']['tmp_name']);
// Check the zip content (real size and file extension)
$zipFileList = (array) $zip->listContent();
$realSize = 0;
foreach ($zipFileList as &$this_content) {
$realSize += $this_content['size'];
}
$maxSpace = DocumentManager::get_course_quota();
if (!DocumentManager::enough_space($realSize, $maxSpace)) {
Display::addFlash(Display::return_message(get_lang('UplNotEnoughSpace'), 'warning'));
}
$folder = api_get_unique_id();
$destinationDir = api_get_path(SYS_ARCHIVE_PATH) . $folder;
mkdir($destinationDir, api_get_permissions_for_new_directories(), true);
/**
* Uploads an author image to the upload/learning_path/images directory
* @param array The image array, coming from the $_FILES superglobal
* @return boolean True on success, false on error
*/
public function upload_image($image_array)
{
$image_moved = false;
if (!empty($image_array['name'])) {
$upload_ok = process_uploaded_file($image_array);
$has_attachment = true;
} else {
$image_moved = true;
}
if ($upload_ok) {
if ($has_attachment) {
$courseDir = api_get_course_path() . '/upload/learning_path/images';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one.
$new_file_name = add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']);
if (!filter_extension($new_file_name)) {
//Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
$image_moved = false;
} else {
$file_extension = explode('.', $image_array['name']);
$file_extension = strtolower($file_extension[sizeof($file_extension) - 1]);
$filename = uniqid('');
$new_file_name = $filename . '.' . $file_extension;
$new_path = $updir . '/' . $new_file_name;
// Resize the image.
$temp = new Image($image_array['tmp_name']);
$picture_infos = $temp->get_image_info();
if ($picture_infos['width'] > 104) {
$thumbwidth = 104;
} else {
$thumbwidth = $picture_infos['width'];
}
if ($picture_infos['height'] > 96) {
$new_height = 96;
} else {
$new_height = $picture_infos['height'];
}
$temp->resize($thumbwidth, $new_height, 0);
$result = $temp->send_image($new_path);
// Storing the image filename.
if ($result) {
$image_moved = true;
$this->set_preview_image($new_file_name);
//Resize to 64px to use on course homepage
$temp->resize(64, 64, 0);
$temp->send_image($updir . '/' . $filename . '.64.' . $file_extension);
return true;
}
}
}
}
return false;
}
/**
* Imports the zip file
* @param array $array_file ($_FILES)
*/
function aiken_import_file($array_file)
{
$unzip = 0;
$process = process_uploaded_file($array_file, false);
if (preg_match('/\\.(zip|txt)$/i', $array_file['name'])) {
// if it's a zip, allow zip upload
$unzip = 1;
}
if ($process && $unzip == 1) {
$imported = aiken_import_exercise($array_file['name']);
if (is_numeric($imported) && !empty($imported)) {
return $imported;
} else {
$msg = Display::return_message(get_lang($imported), 'error');
return $msg;
}
}
}
/**
* Handles uploaded missing images
*
* @author Hugues Peeters <*****@*****.**>
* @author Bert Vanderkimpen
* @param array $_course
* @param array $uploaded_file_collection - follows the $_FILES Structure
* @param string $base_work_dir
* @param string $missing_files_dir
* @param int $user_id
* @param int $max_filled_space
*/
function move_uploaded_file_collection_into_directory($_course, $uploaded_file_collection, $base_work_dir, $missing_files_dir, $user_id, $to_group_id, $to_user_id, $max_filled_space)
{
$number_of_uploaded_images = count($uploaded_file_collection['name']);
$new_file_list = array();
for ($i = 0; $i < $number_of_uploaded_images; $i++) {
$missing_file['name'] = $uploaded_file_collection['name'][$i];
$missing_file['type'] = $uploaded_file_collection['type'][$i];
$missing_file['tmp_name'] = $uploaded_file_collection['tmp_name'][$i];
$missing_file['error'] = $uploaded_file_collection['error'][$i];
$missing_file['size'] = $uploaded_file_collection['size'][$i];
$upload_ok = process_uploaded_file($missing_file);
if ($upload_ok) {
$new_file_list[] = handle_uploaded_document($_course, $missing_file, $base_work_dir, $missing_files_dir, $user_id, $to_group_id, $to_user_id, $max_filled_space, 0, 'overwrite');
}
unset($missing_file);
}
return $new_file_list;
}
require_once 'tesUpload/html/upload_helper.php';
?>
<html>
<head>
<title>File Upload</title>
<link rel="stylesheet" type="text/css" href="/scripts/tesUpload/html/upload.css">
<script language="javascript" type="text/javascript" src="/scripts/tesUpload/html/prototype.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/tesUpload/html/upload.js"></script>
</head>
<?php
$uploaded_file = false;
if (isset($_POST['userfile']) && ($sid = $_POST['userfile']) && !empty($sid)) {
require_once 'tesUpload/html/read_settings.php';
require_once 'tesUpload/html/receive_helper.php';
$file = tes_receive($sid);
$uploaded_file = process_uploaded_file($file, "{$tes_upload_dir}/{$file}", true);
}
?>
<body>
<form name="postform" method="post" action="<?php
echo $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'];
?>
" enctype="multipart/form-data">
<input type="hidden" name="doctype" value="<?php
echo isset($_REQUEST['doctype']) ? $_REQUEST['doctype'] : 'img';
?>
" />
<?php
echo tes_upload_value('userfile');
?>
1) Click this button and select the file to upload from your computer:<br><br>
$path = '/';
}
/**
* Header
*/
$nameTools = get_lang('UplUploadDocument');
$interbreadcrumb[] = array("url" => "./document.php?curdirpath=" . urlencode($path) . $req_gid, "name" => $langDocuments);
Display::display_header($nameTools, "Doc");
//show the title
api_display_tool_title($nameTools . $add_group_to_title);
/**
* Process
*/
//user has submitted a file
if (isset($_FILES['user_upload'])) {
$upload_ok = process_uploaded_file($_FILES['user_upload']);
if ($upload_ok) {
//file got on the server without problems, now process it
$new_path = handle_uploaded_document($_course, $_FILES['user_upload'], $base_work_dir, $_POST['curdirpath'], $_user['user_id'], $to_group_id, $to_user_id, $_POST['unzip'], $_POST['if_exists']);
$new_comment = isset($_POST['comment']) ? trim($_POST['comment']) : '';
$new_title = isset($_POST['title']) ? trim($_POST['title']) : '';
if ($new_path && ($new_comment || $new_title)) {
if ($docid = DocumentManager::get_document_id($_course, $new_path)) {
$table_document = Database::get_course_table(TABLE_DOCUMENT);
$ct = '';
if ($new_comment) {
$ct .= ", comment='{$new_comment}'";
}
if ($new_title) {
$ct .= ", title='{$new_title}'";
}
/**
* @param array $values
* @param array $file $_FILES['uploaded_file']
* @param bool $deleteFile
*/
public function save($values, $file = array(), $deleteFile = false)
{
$table = Database::get_main_table('session_rel_course_legal');
$courseId = $values['c_id'];
$sessionId = $values['session_id'];
$conditions = array('c_id' => $courseId, 'session_id' => $sessionId);
$course = api_get_course_info_by_id($courseId);
$legalData = $this->getData($courseId, $sessionId);
$coursePath = api_get_path(SYS_COURSE_PATH) . $course['directory'] . '/courselegal';
$uploadResult = $coursePath . '/' . $legalData['filename'];
if (!is_dir($coursePath)) {
mkdir($coursePath, api_get_permissions_for_new_directories());
}
$uploadOk = process_uploaded_file($file, false);
$fileName = null;
if ($uploadOk) {
$uploadResult = handle_uploaded_document($course, $file, $coursePath, '/', api_get_user_id(), api_get_group_id(), null, false, false, false, true);
if ($uploadResult) {
$fileName = basename($uploadResult);
// Delete old one if exists.
if ($legalData) {
if (!empty($legalData['filename'])) {
$fileToDelete = $coursePath . '/' . $legalData['filename'];
if (file_exists($fileToDelete)) {
unlink($fileToDelete);
}
}
}
}
}
$conditions['content'] = $values['content'];
$conditions['filename'] = $fileName;
if (empty($legalData)) {
$id = Database::insert($table, $conditions);
} else {
$id = $legalData['id'];
$updateParams = array('content' => $values['content']);
if (!empty($fileName)) {
$updateParams['filename'] = $fileName;
}
Database::update($table, $updateParams, array('id = ? ' => $id));
}
if ($deleteFile) {
Database::update($table, array('filename' => ''), array('id = ? ' => $id));
if (!empty($legalData['filename'])) {
$fileToDelete = $coursePath . '/' . $legalData['filename'];
if (file_exists($fileToDelete)) {
unlink($fileToDelete);
}
}
}
if (isset($values['remove_previous_agreements']) && !empty($values['remove_previous_agreements'])) {
$this->removePreviousAgreements($courseId, $sessionId);
}
$warnUsers = isset($values['warn_users_by_email']) ? $values['warn_users_by_email'] : null;
switch ($warnUsers) {
case '1':
// Nothing
break;
case '2':
// Send mail
$this->warnUsersByEmail($courseId, $sessionId);
break;
case '3':
// Send mail + attachment if exists.
if (!empty($legalData['filename'])) {
$this->warnUsersByEmail($courseId, $sessionId, $uploadResult);
}
break;
}
}
/**
* This function edit a attachment file into agenda
* @param string a comment about file
* @param int Agenda Id
* @param int attachment file Id
*/
function edit_agenda_attachment_file($file_comment, $agenda_id, $id_attach)
{
global $_course;
$agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
// Storing the attachments
if (!empty($_FILES['user_upload']['name'])) {
$upload_ok = process_uploaded_file($_FILES['user_upload']);
}
if (!empty($upload_ok)) {
$courseDir = $_course['path'] . '/upload/calendar';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
// user's file name
$file_name = $_FILES['user_upload']['name'];
if (!filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$safe_agenda_id = intval($agenda_id);
$safe_id_attach = intval($id_attach);
// Storing the attachments if any
if ($result) {
$sql = "UPDATE {$agenda_table_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', agenda_id = '{$safe_agenda_id}', size ='" . intval($_FILES['user_upload']['size']) . "'\n\t\t\t\t\t\t WHERE id = '{$safe_id_attach}'";
Database::query($sql);
api_item_property_update($_course, 'calendar_event_attachment', $safe_id_attach, 'AgendaAttachmentUpdated', api_get_user_id());
}
}
}
}
