/** * Sets the specified site settings. * A table with | Setting label | value | is expected. * * @Given /^the following site settings are set:$/ * @param TableNode $table * @throws SystemException */ public function site_settings_set(TableNode $table) { $settings = array(); foreach ($table->getHash() as $sitesetting) { $settings[$sitesetting['field']] = $sitesetting['value']; } // Validate the settings $allowsettings = array('sitename', 'lang', 'country', 'theme', 'dropdownmenu', 'homepageinfo', 'userscanchooseviewthemes', 'remoteavatars', 'userscanhiderealnames', 'searchusernames', 'searchuserspublic', 'anonymouscomments', 'loggedinprofileviewaccess', 'staffreports', 'staffstats', 'userscandisabledevicedetection', 'masqueradingreasonrequired', 'masqueradingnotified', 'showprogressbar', 'exporttoqueue', 'defaultmultipleblogs', 'searchplugin', 'creategroups', 'createpublicgroups', 'allowgroupcategories', 'institutionexpirynotification', 'institutionautosuspend', 'requireregistrationconfirm', 'allowpublicviews', 'allowpublicprofiles', 'allowanonymouspages', 'generatesitemap', 'showselfsearchsideblock', 'showtagssideblock', 'tagssideblockmaxtags', 'viewmicroheaders', 'showonlineuserssideblock', 'onlineuserssideblockmaxusers', 'licensemetadata', 'licenseallowcustom', 'allowmobileuploads', 'wysiwyg', 'sitefilesaccess', 'watchlistnotification_delay', 'skins'); // if public views are disabled, sitemap generation must also be disabled. if (empty($settings['allowpublicviews'])) { $settings['generatesitemap'] = false; } else { // Ensure allowpublicprofiles is set as well $settings['allowpublicprofiles'] = 1; } // Update site settings $oldsearchplugin = get_config('searchplugin'); $oldlanguage = get_config('lang'); $oldtheme = get_config('theme'); foreach ($allowsettings as $setting) { if (isset($settings[$setting]) && !set_config($setting, $settings[$setting])) { throw new SystemException("Can not set the option \"{$setting}\" to \"{$settings[$setting]}\""); } } if (isset($settings['lang']) && $oldlanguage != $settings['lang']) { safe_require('artefact', 'file'); ArtefactTypeFolder::change_public_folder_name($oldlanguage, $settings['lang']); } }
function siteoptions_submit(Pieform $form, $values) { $fields = array('sitename', 'lang', 'theme', 'pathtoclam', 'defaultaccountlifetime', 'defaultaccountinactiveexpire', 'defaultaccountinactivewarn', 'allowpublicviews', 'allowpublicprofiles', 'createpublicgroups', 'searchplugin', 'registration_sendweeklyupdates', 'institutionexpirynotification', 'institutionautosuspend'); $oldlanguage = get_config('lang'); $oldtheme = get_config('theme'); foreach ($fields as $field) { if (!set_config($field, $values[$field])) { siteoptions_fail($form, $field); } } if ($oldlanguage != $values['lang']) { safe_require('artefact', 'file'); ArtefactTypeFolder::change_public_folder_name($oldlanguage, $values['lang']); } // submitted sessionlifetime is in minutes; db entry session_timeout is in seconds if (!set_config('session_timeout', $values['sessionlifetime'] * 60)) { siteoptions_fail($form, 'sessionlifetime'); } // Submitted value is on/off; database entry should be 1/0 foreach (array('viruschecking', 'usersallowedmultipleinstitutions') as $checkbox) { if (!set_config($checkbox, (int) ($values[$checkbox] == 'on'))) { siteoptions_fail($form, $checkbox); } } $message = get_string('siteoptionsset', 'admin'); if ($oldtheme != $values['theme']) { $message .= ' ' . get_string('usersseenewthemeonlogin', 'admin'); } $form->reply(PIEFORM_OK, array('message' => $message, 'goto' => '/admin/site/options.php')); }
public static function render_instance(BlockInstance $instance, $editing = false) { $configdata = $instance->get('configdata'); $text = isset($configdata['text']) ? $configdata['text'] : ''; safe_require('artefact', 'file'); $text = ArtefactTypeFolder::append_view_url($text, $instance->get('view')); return clean_html($text); }
/** * Test that an artefact gets a new path when moved. */ public function testArtefactHierarchyMove() { // Create folder. $folderdata = array('owner' => $this->testuserid, 'title' => 'Test folder', 'description' => 'Test folder description'); $folder = new ArtefactTypeFolder(0, $folderdata); $folder->commit(); // Create a file. $filedata = array('owner' => $this->testuserid, 'title' => 'Test file', 'description' => 'Test file description'); $file = new ArtefactTypeFile(0, $filedata); $file->commit(); // Check that path is root. $fileid = $file->get('id'); $this->assertEquals('/' . $fileid, $file->get('path')); // "Move" file to a folder. $folderid = $folder->get('id'); $file = new ArtefactTypeFile($fileid); $file->move($folderid); $newpath = "/{$folderid}/{$fileid}"; $this->assertEquals($newpath, $file->get('path')); }
public static function render_instance(BlockInstance $instance, $editing = false) { safe_require('artefact', 'file'); $configdata = $instance->get('configdata'); $smarty = smarty_core(); if (array_key_exists('text', $configdata)) { $newtext = ArtefactTypeFolder::append_view_url($configdata['text'], $instance->get('view')); $smarty->assign('text', $newtext); } else { $smarty->assign('text', ''); } return $smarty->fetch('blocktype:text:content.tpl'); }
public static function render_instance(BlockInstance $instance, $editing = false) { $configdata = $instance->get('configdata'); if (!empty($configdata['artefactid'])) { safe_require('artefact', 'file'); safe_require('artefact', 'comment'); $artefact = $instance->get_artefact_instance($configdata['artefactid']); $viewid = $instance->get('view'); $text = ArtefactTypeFolder::append_view_url($artefact->get('note'), $viewid); $information = ArtefactTypeFolder::append_view_url($artefact->get('description'), $viewid); $literature = $configdata['literature']; $smarty = smarty_core(); $smarty->assign('text', $text); $smarty->assign('information', $information); $smarty->assign('literature', $literature); $attachments = $artefact->get_attachments(); if ($attachments) { require_once get_config('docroot') . 'artefact/lib.php'; foreach ($attachments as &$attachment) { $f = artefact_instance_from_id($attachment->id); $attachment->size = $f->describe_size(); $attachment->iconpath = $f->get_icon(array('id' => $attachment->id, 'viewid' => isset($options['viewid']) ? $options['viewid'] : 0)); $attachment->viewpath = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $attachment->id . '&view=' . (isset($viewid) ? $viewid : 0); $attachment->downloadpath = get_config('wwwroot') . 'artefact/file/download.php?file=' . $attachment->id; if (isset($viewid)) { $attachment->downloadpath .= '&view=' . $viewid; } } $smarty->assign('attachments', $attachments); $smarty->assign('count', count($attachments)); } require_once get_config('docroot') . 'lib/view.php'; $view = new View($viewid); list($commentcount, $comments) = ArtefactTypeComment::get_artefact_comments_for_view($artefact, $view, $instance->get('id'), true, $editing); $smarty->assign('commentcount', $commentcount); $smarty->assign('comments', $comments); $smarty->assign('blockid', $instance->get('id')); return $smarty->fetch('blocktype:eselmagraduation:content.tpl'); } return ''; }
function siteoptions_submit(Pieform $form, $values) { $fields = array('sitename', 'lang', 'theme', 'pathtoclam', 'defaultaccountlifetime', 'defaultaccountinactiveexpire', 'defaultaccountinactivewarn', 'allowpublicviews', 'allowpublicprofiles', 'registration_sendweeklyupdates', 'institutionexpirynotification', 'institutionautosuspend', 'showselfsearchsideblock', 'searchusernames', 'showtagssideblock', 'tagssideblockmaxtags', 'country', 'viewmicroheaders', 'userscanchooseviewthemes', 'remoteavatars', 'userscanhiderealnames', 'antispam', 'spamhaus', 'surbl', 'anonymouscomments', 'proxyaddress', 'proxyauthmodel', 'proxyauthcredentials', 'homepageinfo', 'showonlineuserssideblock', 'registerterms', 'creategroups', 'createpublicgroups', 'allowgroupcategories'); $oldlanguage = get_config('lang'); $oldtheme = get_config('theme'); foreach ($fields as $field) { if (!set_config($field, $values[$field])) { siteoptions_fail($form, $field); } } if ($oldlanguage != $values['lang']) { safe_require('artefact', 'file'); ArtefactTypeFolder::change_public_folder_name($oldlanguage, $values['lang']); } // submitted sessionlifetime is in minutes; db entry session_timeout is in seconds if (!set_config('session_timeout', $values['sessionlifetime'] * 60)) { siteoptions_fail($form, 'sessionlifetime'); } // Submitted value is on/off; database entry should be 1/0 foreach (array('viruschecking', 'usersallowedmultipleinstitutions') as $checkbox) { if (!set_config($checkbox, (int) ($values[$checkbox] == 'on'))) { siteoptions_fail($form, $checkbox); } } if ($values['viruschecking'] == 'on') { $pathtoclam = escapeshellcmd(trim(get_config('pathtoclam'))); if (!$pathtoclam || !file_exists($pathtoclam) && !is_executable($pathtoclam)) { $form->reply(PIEFORM_ERR, array('message' => get_string('clamlost', 'mahara', $pathtoclam), 'goto' => '/admin/site/options.php')); } } $message = get_string('siteoptionsset', 'admin'); if ($oldtheme != $values['theme']) { global $USER; $message .= ' ' . get_string('usersseenewthemeonlogin', 'admin'); $USER->update_theme(); } $form->reply(PIEFORM_OK, array('message' => $message, 'goto' => '/admin/site/options.php')); }
public static function render_instance(BlockInstance $instance, $editing = false) { $configdata = $instance->get('configdata'); if (!empty($configdata['artefactid'])) { safe_require('artefact', 'file'); safe_require('artefact', 'comment'); $artefact = $instance->get_artefact_instance($configdata['artefactid']); $viewid = $instance->get('view'); $text = ArtefactTypeFolder::append_view_url($artefact->get('description'), $viewid); $smarty = smarty_core(); $smarty->assign('text', $text); $attachments = $artefact->get_attachments(); if ($attachments) { require_once get_config('docroot') . 'artefact/lib.php'; foreach ($attachments as &$attachment) { $f = artefact_instance_from_id($attachment->id); $attachment->size = $f->describe_size(); $attachment->iconpath = $f->get_icon(array('id' => $attachment->id, 'viewid' => isset($options['viewid']) ? $options['viewid'] : 0)); $attachment->viewpath = get_config('wwwroot') . 'artefact/artefact.php?artefact=' . $attachment->id . '&view=' . (isset($viewid) ? $viewid : 0); $attachment->downloadpath = get_config('wwwroot') . 'artefact/file/download.php?file=' . $attachment->id; if (isset($viewid)) { $attachment->downloadpath .= '&view=' . $viewid; } } $smarty->assign('attachments', $attachments); $smarty->assign('count', count($attachments)); } if ($artefact->get('allowcomments')) { $commentcount = ArtefactTypeComment::count_comments(null, array($configdata['artefactid'])); $commentcount = isset($commentcount[$configdata['artefactid']]) ? $commentcount[$configdata['artefactid']]->comments : 0; $artefacturl = get_config('wwwroot') . 'artefact/artefact.php?view=' . $viewid . '&artefact=' . $configdata['artefactid']; $smarty->assign('artefacturl', $artefacturl); $smarty->assign('commentcount', $commentcount); } return $smarty->fetch('blocktype:textbox:content.tpl'); } return ''; }
/** * Grab a delegate object for auth stuff */ public function request_user_authorise($token, $remotewwwroot) { global $USER, $SESSION; $this->must_be_ready(); $peer = get_peer($remotewwwroot); if ($peer->deleted != 0 || $this->config['theyssoin'] != 1) { throw new XmlrpcClientException('We don\'t accept SSO connections from ' . institution_display_name($peer->institution)); } $client = new Client(); $client->set_method('auth/mnet/auth.php/user_authorise')->add_param($token)->add_param(sha1($_SERVER['HTTP_USER_AGENT']))->send($remotewwwroot); $remoteuser = (object) $client->response; if (empty($remoteuser) or !property_exists($remoteuser, 'username')) { // Caught by land.php throw new AccessDeniedException(); } $create = false; $update = false; if ('1' == $this->config['updateuserinfoonlogin']) { $update = true; } // Retrieve a $user object. If that fails, create a blank one. try { $user = new User(); if (get_config('usersuniquebyusername')) { // When turned on, this setting means that it doesn't matter // which other application the user SSOs from, they will be // given the same account in Mahara. // // This setting is one that has security implications unless // only turned on by people who know what they're doing. In // particular, every system linked to Mahara should be making // sure that same username == same person. This happens for // example if two Moodles are using the same LDAP server for // authentication. // // If this setting is on, it must NOT be possible to self // register on the site for ANY institution - otherwise users // could simply pick usernames of people's accounts they wished // to steal. if ($institutions = get_column('institution', 'name', 'registerallowed', '1')) { log_warn("usersuniquebyusername is turned on but registration is allowed for an institution. " . "No institution can have registration allowed for it, for security reasons.\n" . "The following institutions have registration enabled:\n " . join("\n ", $institutions)); throw new AccessDeniedException(); } if (!get_config('usersallowedmultipleinstitutions')) { log_warn("usersuniquebyusername is turned on but usersallowedmultipleinstitutions is off. " . "This makes no sense, as users will then change institution every time they log in from " . "somewhere else. Please turn this setting on in Site Options"); throw new AccessDeniedException(); } $user->find_by_username($remoteuser->username); } else { $user->find_by_instanceid_username($this->instanceid, $remoteuser->username, true); } if ($user->get('suspendedcusr')) { die_info(get_string('accountsuspended', 'mahara', strftime(get_string('strftimedaydate'), $user->get('suspendedctime')), $user->get('suspendedreason'))); } } catch (AuthUnknownUserException $e) { if (!empty($this->config['weautocreateusers'])) { $institution = new Institution($this->institution); if ($institution->isFull()) { $institution->send_admin_institution_is_full_message(); throw new XmlrpcClientException('SSO attempt from ' . $institution->displayname . ' failed - institution is full'); } $user = new User(); $create = true; } else { log_debug("User authorisation request from {$remotewwwroot} failed - " . "remote user '{$remoteuser->username}' is unknown to us and auto creation of users is turned off"); return false; } } /*******************************************/ if ($create) { $user->passwordchange = 1; $user->active = 1; $user->deleted = 0; //TODO: import institution's expiry?: //$institution = new Institution($peer->institution); $user->expiry = null; $user->expirymailsent = 0; $user->lastlogin = time(); $user->firstname = $remoteuser->firstname; $user->lastname = $remoteuser->lastname; $user->email = $remoteuser->email; $imported = array('firstname', 'lastname', 'email'); //TODO: import institution's per-user-quota?: //$user->quota = $userrecord->quota; $user->authinstance = empty($this->config['parent']) ? $this->instanceid : $this->parent; db_begin(); $user->username = get_new_username($remoteuser->username); $user->id = create_user($user, array(), $this->institution, $this, $remoteuser->username); $locked = $this->import_user_settings($user, $remoteuser); $locked = array_merge($imported, $locked); /* * We need to convert the object to a stdclass with its own * custom method because it uses overloaders in its implementation * and its properties wouldn't be visible to a simple cast operation * like (array)$user */ $userobj = $user->to_stdclass(); $userarray = (array) $userobj; db_commit(); // Now we have fired the create event, we need to re-get the data // for this user $user = new User(); $user->find_by_id($userobj->id); } elseif ($update) { $imported = array('firstname', 'lastname', 'email'); foreach ($imported as $field) { if ($user->{$field} != $remoteuser->{$field}) { $user->{$field} = $remoteuser->{$field}; set_profile_field($user->id, $field, $user->{$field}); } } if (isset($remoteuser->idnumber)) { if ($user->studentid != $remoteuser->idnumber) { $user->studentid = $remoteuser->idnumber; set_profile_field($user->id, 'studentid', $user->studentid); } $imported[] = 'studentid'; } $locked = $this->import_user_settings($user, $remoteuser); $locked = array_merge($imported, $locked); $user->lastlastlogin = $user->lastlogin; $user->lastlogin = time(); //TODO: import institution's per-user-quota?: //$user->quota = $userrecord->quota; $user->commit(); } if (get_config('usersuniquebyusername')) { // Add them to the institution they have SSOed in by $user->join_institution($peer->institution); } // See if we need to create/update a profile Icon image if ($create || $update) { $client->set_method('auth/mnet/auth.php/fetch_user_image')->add_param($remoteuser->username)->send($remotewwwroot); $imageobject = (object) $client->response; $u = preg_replace('/[^A-Za-z0-9 ]/', '', $user->username); $filename = get_config('dataroot') . 'temp/mpi_' . intval($this->instanceid) . '_' . $u; if (array_key_exists('f1', $client->response)) { $imagecontents = base64_decode($client->response['f1']); if (file_put_contents($filename, $imagecontents)) { $imageexists = false; $icons = false; if ($update) { $newchecksum = sha1_file($filename); $icons = get_records_select_array('artefact', 'artefacttype = \'profileicon\' AND owner = ? ', array($user->id), '', 'id'); if (false != $icons) { foreach ($icons as $icon) { $iconfile = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $icon->id % 256 . '/' . $icon->id; $checksum = sha1_file($iconfile); if ($newchecksum == $checksum) { $imageexists = true; unlink($filename); break; } } } } if (false == $imageexists) { $filesize = filesize($filename); if (!$user->quota_allowed($filesize)) { $error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot')); } require_once 'file.php'; $imagesize = getimagesize($filename); if (!$imagesize || !is_image_type($imagesize[2])) { $error = get_string('filenotimage'); } $mime = $imagesize['mime']; $width = $imagesize[0]; $height = $imagesize[1]; $imagemaxwidth = get_config('imagemaxwidth'); $imagemaxheight = get_config('imagemaxheight'); if ($width > $imagemaxwidth || $height > $imagemaxheight) { $error = get_string('profileiconimagetoobig', 'artefact.file', $width, $height, $imagemaxwidth, $imagemaxheight); } try { $user->quota_add($filesize); } catch (QuotaException $qe) { $error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot')); } require_once get_config('docroot') . '/artefact/lib.php'; require_once get_config('docroot') . '/artefact/file/lib.php'; // Entry in artefact table $artefact = new ArtefactTypeProfileIcon(); $artefact->set('owner', $user->id); $artefact->set('parent', ArtefactTypeFolder::get_folder_id(get_string('imagesdir', 'artefact.file'), get_string('imagesdirdesc', 'artefact.file'), null, true, $user->id)); $artefact->set('title', ArtefactTypeFileBase::get_new_file_title(get_string('profileicon', 'artefact.file'), (int) $artefact->get('parent'), $user->id)); // unique title $artefact->set('description', get_string('uploadedprofileicon', 'artefact.file')); $artefact->set('note', get_string('profileicon', 'artefact.file')); $artefact->set('size', $filesize); $artefact->set('filetype', $mime); $artefact->set('width', $width); $artefact->set('height', $height); $artefact->commit(); $id = $artefact->get('id'); // Move the file into the correct place. $directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/'; check_dir_exists($directory); rename($filename, $directory . $id); if ($create || empty($icons)) { $user->profileicon = $id; } } $user->commit(); } else { log_warn(get_string('cantcreatetempprofileiconfile', 'artefact.file', $filename)); } } if ($update) { $locked[] = 'profileicon'; } } /*******************************************/ // We know who our user is now. Bring her back to life. $USER->reanimate($user->id, $this->instanceid); // Set session variables to let the application know this session was // initiated by MNET. Don't forget that users could initiate their // sessions without MNET sometimes, which is why this data is stored in // the session object. $SESSION->set('mnetuser', $user->id); $SESSION->set('authinstance', $this->instanceid); if (isset($_SERVER['HTTP_REFERER'])) { $SESSION->set('mnetuserfrom', $_SERVER['HTTP_REFERER']); } if ($update && isset($locked)) { $SESSION->set('lockedfields', $locked); } return true; }
$folder = ''; try { $folder = param_variable('foldername'); $folder = trim($folder); if ($folder) { // TODO: create if doesn't exist - note assumes it is a base folder (hence null parent) $artefact = ArtefactTypeFolder::get_folder_by_name($folder, null, $data->owner); // id of folder you're putting the file into if ($artefact) { $data->parent = $artefact->id; if ($data->parent == 0) { $data->parent = null; } } else { $fd = (object) array('owner' => $data->owner, 'title' => $folder, 'parent' => null); $f = new ArtefactTypeFolder(0, $fd); $f->commit(); $data->parent = $f->get('id'); } } else { $data->parent = null; } } catch (ParameterException $e) { $data->parent = null; } // Check for Journal ID to add a post to $blog = ''; $blogpost = ''; $draft = 0; $allowcomments = 1; try {
function siteoptions_submit(Pieform $form, $values) { $fields = array('sitename', 'lang', 'theme', 'dropdownmenu', 'defaultaccountlifetime', 'defaultregistrationexpirylifetime', 'defaultaccountinactiveexpire', 'defaultaccountinactivewarn', 'defaultaccountlifetimeupdate', 'allowpublicviews', 'allowpublicprofiles', 'allowanonymouspages', 'generatesitemap', 'registration_sendweeklyupdates', 'mathjax', 'institutionexpirynotification', 'institutionautosuspend', 'requireregistrationconfirm', 'showselfsearchsideblock', 'nousernames', 'searchplugin', 'showtagssideblock', 'tagssideblockmaxtags', 'country', 'viewmicroheaders', 'userscanchooseviewthemes', 'remoteavatars', 'userscanhiderealnames', 'antispam', 'spamhaus', 'surbl', 'anonymouscomments', 'recaptchaonregisterform', 'recaptchapublickey', 'recaptchaprivatekey', 'loggedinprofileviewaccess', 'disableexternalresources', 'proxyaddress', 'proxyauthmodel', 'proxyauthcredentials', 'smtphosts', 'smtpport', 'smtpuser', 'smtppass', 'smtpsecure', 'noreplyaddress', 'homepageinfo', 'showprogressbar', 'showonlineuserssideblock', 'onlineuserssideblockmaxusers', 'registerterms', 'licensemetadata', 'licenseallowcustom', 'allowmobileuploads', 'creategroups', 'createpublicgroups', 'allowgroupcategories', 'wysiwyg', 'staffreports', 'staffstats', 'userscandisabledevicedetection', 'watchlistnotification_delay', 'masqueradingreasonrequired', 'masqueradingnotified', 'searchuserspublic', 'eventloglevel', 'eventlogexpiry', 'sitefilesaccess', 'exporttoqueue', 'defaultmultipleblogs'); $count = 0; $where_sql = " WHERE admin = 0 AND id != 0"; // if default account lifetime expiry has no end date if (empty($values['defaultaccountlifetime'])) { if ($values['defaultaccountlifetimeupdate'] == 'all') { // need to remove user expiry db_begin(); $count = count_records_sql("SELECT COUNT(*) FROM {usr} {$where_sql}"); execute_sql("UPDATE {usr} SET expiry = NULL {$where_sql}"); db_commit(); } else { // make the 'some' option the same as 'none' as it is meaningless to // update existing users without expiry date to having 'no end date' $values['defaultaccountlifetimeupdate'] = 'none'; } } else { // fetch all the users that are not siteadmins $user_expiry = mktime(0, 0, 0, date('n'), date('j'), date('Y')) + (int) $values['defaultaccountlifetime']; if ($values['defaultaccountlifetimeupdate'] == 'some') { // and the user's expiry is not set $where_sql .= " AND expiry IS NULL"; $count = count_records_sql("SELECT COUNT(*) FROM {usr} {$where_sql}"); db_begin(); execute_sql("UPDATE {usr} SET expiry = ? {$where_sql}", array(format_date($user_expiry))); db_commit(); } else { if ($values['defaultaccountlifetimeupdate'] == 'all') { // and the user's expiry is set db_begin(); $count = count_records_sql("SELECT COUNT(*) FROM {usr} {$where_sql}"); execute_sql("UPDATE {usr} SET expiry = ? {$where_sql}", array(format_date($user_expiry))); db_commit(); } } } // if public views are disabled, sitemap generation must also be disabled. if ($values['allowpublicviews'] == false) { $values['generatesitemap'] = false; } else { // Ensure allowpublicprofiles is set as well $values['allowpublicprofiles'] = 1; } $oldsearchplugin = get_config('searchplugin'); $oldlanguage = get_config('lang'); $oldtheme = get_config('theme'); foreach ($fields as $field) { if (!set_config($field, $values[$field])) { siteoptions_fail($form, $field); } } if ($oldlanguage != $values['lang']) { safe_require('artefact', 'file'); ArtefactTypeFolder::change_public_folder_name($oldlanguage, $values['lang']); } save_notification_settings($values, null, true); if ($oldsearchplugin != $values['searchplugin']) { // Call the old search plugin's sitewide cleanup method safe_require('search', $oldsearchplugin); call_static_method(generate_class_name('search', $oldsearchplugin), 'cleanup_sitewide'); // Call the new search plugin's sitewide initialize method safe_require('search', $values['searchplugin']); $initialize = call_static_method(generate_class_name('search', $values['searchplugin']), 'initialize_sitewide'); if (!$initialize) { $form->reply(PIEFORM_ERR, array('message' => get_string('searchconfigerror1', 'admin', $values['searchplugin']), 'goto' => '/admin/site/options.php')); } } // Call the new search plugin's can connect safe_require('search', $values['searchplugin']); $connect = call_static_method(generate_class_name('search', $values['searchplugin']), 'can_connect'); if (!$connect) { $form->reply(PIEFORM_ERR, array('message' => get_string('searchconfigerror1', 'admin', $values['searchplugin']), 'goto' => '/admin/site/options.php')); } // submitted sessionlifetime is in minutes; db entry session_timeout is in seconds if (!set_config('session_timeout', $values['sessionlifetime'] * 60)) { siteoptions_fail($form, 'sessionlifetime'); } // Submitted value is on/off; database entry should be 1/0 foreach (array('viruschecking', 'usersallowedmultipleinstitutions') as $checkbox) { if (!set_config($checkbox, (int) ($values[$checkbox] == 'on'))) { siteoptions_fail($form, $checkbox); } } if ($values['viruschecking'] == 'on') { $pathtoclam = escapeshellcmd(trim(get_config('pathtoclam'))); if (!$pathtoclam) { $form->reply(PIEFORM_ERR, array('message' => get_string('clamnotset', 'mahara', $pathtoclam), 'goto' => '/admin/site/options.php')); } else { if (!file_exists($pathtoclam) && !is_executable($pathtoclam)) { $form->reply(PIEFORM_ERR, array('message' => get_string('clamlost', 'mahara', $pathtoclam), 'goto' => '/admin/site/options.php')); } } } if (get_config('recaptchaonregisterform') && !(get_config('recaptchapublickey') && get_config('recaptchaprivatekey'))) { $form->reply(PIEFORM_ERR, array('message' => get_string('recaptchakeysmissing1', 'admin'), 'goto' => '/admin/site/options.php')); } // Need to clear the cached menus in case site config changes effect them. clear_menu_cache(); $message = get_string('siteoptionsset', 'admin'); if ($oldtheme != $values['theme']) { global $USER; $message .= ' ' . get_string('usersseenewthemeonlogin', 'admin'); $USER->reset_institutions(); } if ($count) { $message .= ' ' . get_string('numberusersupdated', 'admin', $count); } $form->reply(PIEFORM_OK, array('message' => $message, 'goto' => '/admin/site/options.php')); }
// Home folder if ($folderid === 0) { if (function_exists('zip_open')) { global $USER; $userid = $USER->get('id'); $select = ' SELECT a.id, a.artefacttype, a.title'; $from = ' FROM {artefact} a'; $in = "('" . join("','", PluginArtefactFile::get_artefact_types()) . "')"; $where = "\n WHERE artefacttype IN {$in}"; $phvals = array(); if ($institution) { if ($institution == 'mahara' && !$USER->get('admin')) { // If non-admins are browsing site files, only let them see the public folder & its contents $publicfolder = ArtefactTypeFolder::admin_public_folder_id(); $where .= ' AND (a.path = ? OR a.path LIKE ?)'; $phvals = array("/{$publicfolder}", db_like_escape("/{$publicfolder}/") . '%'); } $where .= ' AND a.institution = ? AND a.owner IS NULL'; $phvals[] = $institution; } else { if ($groupid) { $select .= ', r.can_edit, r.can_view, r.can_republish, a.author'; $from .= ' LEFT OUTER JOIN ( SELECT ar.artefact, ar.can_edit, ar.can_view, ar.can_republish FROM {artefact_access_role} ar
public function render_self($options) { $smarty = smarty_core(); $artefacturl = get_config('wwwroot') . 'view/artefact.php?artefact=' . $this->get('id'); if (isset($options['viewid'])) { $artefacturl .= '&view=' . $options['viewid']; } $smarty->assign('artefacturl', $artefacturl); if (empty($options['hidetitle'])) { if (isset($options['viewid'])) { $smarty->assign('artefacttitle', '<a href="' . $artefacturl . '">' . hsc($this->get('title')) . '</a>'); } else { $smarty->assign('artefacttitle', hsc($this->get('title'))); } } // We need to make sure that the images in the post have the right viewid associated with them $postcontent = $this->get('description'); if (isset($options['viewid'])) { safe_require('artefact', 'file'); $postcontent = ArtefactTypeFolder::append_view_url($postcontent, $options['viewid']); if (isset($options['countcomments']) && $this->allowcomments) { safe_require('artefact', 'comment'); $empty = array(); $ids = array($this->id); $commentcount = ArtefactTypeComment::count_comments($empty, $ids); $smarty->assign('commentcount', $commentcount ? $commentcount[$this->id]->comments : 0); } } $smarty->assign('artefactdescription', $postcontent); $smarty->assign('artefact', $this); $attachments = $this->get_attachments(); if ($attachments) { $this->add_to_render_path($options); require_once get_config('docroot') . 'artefact/lib.php'; foreach ($attachments as &$attachment) { $f = artefact_instance_from_id($attachment->id); $attachment->size = $f->describe_size(); $attachment->iconpath = $f->get_icon(array('id' => $attachment->id, 'viewid' => isset($options['viewid']) ? $options['viewid'] : 0)); $attachment->viewpath = get_config('wwwroot') . 'view/artefact.php?artefact=' . $attachment->id . '&view=' . (isset($options['viewid']) ? $options['viewid'] : 0); $attachment->downloadpath = get_config('wwwroot') . 'artefact/file/download.php?file=' . $attachment->id; if (isset($options['viewid'])) { $attachment->downloadpath .= '&view=' . $options['viewid']; } } $smarty->assign('attachments', $attachments); } $smarty->assign('postedbyon', get_string('postedbyon', 'artefact.blog', display_name($this->owner), format_date($this->ctime))); return array('html' => $smarty->fetch('artefact:blog:render/blogpost_renderfull.tpl'), 'javascript' => ''); }
/** * Change language-specific stuff in the db for a user. Currently * changes the name of the 'assessmentfiles' folder in the user's * files area and the views and artefacts tagged for the profile * sideblock * * @param int $userid user id to set preference for * @param string $oldlang old language * @param string $newlang new language */ function change_language($userid, $oldlang, $newlang) { if (get_field('artefact_installed', 'active', 'name', 'file')) { safe_require('artefact', 'file'); ArtefactTypeFolder::change_language($userid, $oldlang, $newlang); } set_field_select('artefact_tag', 'tag', get_string_from_language($newlang, 'profile'), 'WHERE tag = ? AND artefact IN (SELECT id FROM {artefact} WHERE "owner" = ?)', array(get_string_from_language($oldlang, 'profile'), $userid)); set_field_select('view_tag', 'tag', get_string_from_language($newlang, 'profile'), 'WHERE tag = ? AND "view" IN (SELECT id FROM {view} WHERE "owner" = ?)', array(get_string_from_language($oldlang, 'profile'), $userid)); }
/** * Return artefacts available for inclusion in a particular block * */ public static function get_artefactchooser_artefacts($data, $owner = null, $group = null, $institution = null, $short = false) { if ($owner === null) { global $USER; $user = $USER; } else { if ($owner instanceof User) { $user = $owner; } else { if (intval($owner) != 0 || $owner == "0") { $user = new User(); $user->find_by_id(intval($owner)); } else { throw new SystemException("Invalid argument type " . gettype($owner) . " passed to View::get_artefactchooser_artefacts"); } } } $offset = !empty($data['offset']) ? $data['offset'] : null; $limit = !empty($data['limit']) ? $data['limit'] : null; $sortorder = ''; if (!empty($data['sortorder'])) { foreach ($data['sortorder'] as $field) { if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) { continue; // skip this item (it fails validation) } $order = 'ASC'; if (!empty($field['order']) && 'DESC' == strtoupper($field['order'])) { $order = 'DESC'; } if (empty($sortorder)) { $sortorder .= ' ORDER BY '; } else { $sortorder .= ', '; } $sortorder .= $field['fieldname'] . ' ' . $order; } } $extraselect = ''; if (isset($data['extraselect'])) { foreach ($data['extraselect'] as $field) { if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) { continue; // skip this item (it fails validation) } // Sanitise all values $values = $field['values']; foreach ($values as &$val) { if ($field['type'] == 'int') { $val = (int) $val; } elseif ($field['type'] == 'string') { $val = db_quote($val); } else { throw new SystemException("Unsupported field type '" . $field['type'] . "' passed to View::get_artefactchooser_artefacts"); } } $extraselect .= ' AND '; if (count($values) > 1) { $extraselect .= $field['fieldname'] . ' IN (' . implode(', ', $values) . ')'; } else { $extraselect .= $field['fieldname'] . ' = ' . reset($values); } } } $from = ' FROM {artefact} a '; if ($group) { // Get group-owned artefacts that the user has view // permission on, and site-owned artefacts $from .= ' LEFT OUTER JOIN ( SELECT r.artefact, r.can_view, r.can_edit, m.group FROM {group_member} m JOIN {artefact} aa ON aa.group = m.group JOIN {artefact_access_role} r ON aa.id = r.artefact AND r.role = m.role WHERE m.group = ? AND m.member = ? AND r.can_view = 1 ) ga ON (ga.group = a.group AND a.id = ga.artefact)'; $select = "(a.institution = 'mahara' OR ga.can_view = 1"; $ph = array((int) $group, $user->get('id')); if (!empty($data['userartefactsallowed'])) { $select .= ' OR a.owner = ?'; $ph[] = $user->get('id'); } $select .= ')'; } else { if ($institution) { // Site artefacts & artefacts owned by this institution $select = "(a.institution = 'mahara' OR a.institution = ?)"; $ph = array($institution); } else { // The view is owned by a normal user // Get artefacts owned by the user, group-owned artefacts // the user has republish permission on, artefacts owned // by the user's institutions. safe_require('artefact', 'file'); $public = (int) ArtefactTypeFolder::admin_public_folder_id(); $select = '( a.owner = ? OR a.id IN ( SELECT id FROM {artefact} WHERE (path = ? OR path LIKE ?) AND institution = \'mahara\' ) OR a.id IN ( SELECT aar.artefact FROM {group_member} m JOIN {artefact} aa ON m.group = aa.group JOIN {artefact_access_role} aar ON aar.role = m.role AND aar.artefact = aa.id WHERE m.member = ? AND aar.can_republish = 1 ) OR a.id IN (SELECT artefact FROM {artefact_access_usr} WHERE usr = ? AND can_republish = 1)'; $ph = array($user->get('id'), "/{$public}", db_like_escape("/{$public}/") . '%', $user->get('id'), $user->get('id')); $institutions = array_keys($user->get('institutions')); if ($user->get('admin')) { $institutions[] = 'mahara'; } if ($institutions) { $select .= ' OR a.institution IN (' . join(',', array_fill(0, count($institutions), '?')) . ')'; $ph = array_merge($ph, $institutions); } $select .= "\n )"; } } if (!empty($data['artefacttypes']) && is_array($data['artefacttypes'])) { $select .= ' AND artefacttype IN(' . join(',', array_fill(0, count($data['artefacttypes']), '?')) . ')'; $ph = array_merge($ph, $data['artefacttypes']); } if (!empty($data['search'])) { $search = db_quote('%' . str_replace('%', '%%', $data['search']) . '%'); $select .= 'AND (title ' . db_ilike() . '(' . $search . ') OR description ' . db_ilike() . '(' . $search . ') )'; } $select .= $extraselect; $selectph = $countph = $ph; if ($short) { // We just want to know which artefact ids are allowed for inclusion in a view, // but get_records_sql_assoc wants > 1 column $cols = 'a.id, a.id AS b'; } else { $cols = 'a.*'; // We also want to know which artefacts can be edited by the logged-in user within // the context of the view. For an institution view, all artefacts from the same // institution are editable. For an individual view, artefacts with the same 'owner' // are editable. For group views, only those artefacts with the can_edit permission // out of artefact_access_role are editable. if ($group) { $expr = 'ga.can_edit IS NOT NULL AND ga.can_edit = 1'; } else { if ($institution) { $expr = 'a.institution = ?'; array_unshift($selectph, $institution); } else { $expr = 'a.owner IS NOT NULL AND a.owner = ?'; array_unshift($selectph, $user->get('id')); } } if (is_mysql()) { $cols .= ", ({$expr}) AS editable"; } else { $cols .= ", CAST({$expr} AS INTEGER) AS editable"; } } $artefacts = get_records_sql_assoc('SELECT ' . $cols . $from . ' WHERE ' . $select . $sortorder, $selectph, $offset, $limit); $totalartefacts = count_records_sql('SELECT COUNT(*) ' . $from . ' WHERE ' . $select, $countph); return array($artefacts, $totalartefacts); }
/** * Given a filesystem directory and the artefact data corresponding to that * directory, creates an index.html for it. * * @param string $filesystemdirectory The file system directory to make the * index.html inside * @param int $level How deep this directory index is * @param object $artefactdata Artefact data relating to the folder * represented by this directory */ private function create_index_for_directory($filesystemdirectory, $level, ArtefactTypeFolder $artefact = null) { $smarty = $this->exporter->get_smarty(str_repeat('../', $level + 2), 'file'); $smarty->assign('page_heading', get_string('Files', 'artefact.file')); $smarty->assign('breadcrumbs', array(array('text' => 'Files', 'path' => 'index.html'))); if ($artefact) { $smarty->assign('folder', ArtefactTypeFileBase::get_full_path($artefact->get('id'), $this->artefactdata)); } else { $smarty->assign('folder', '/'); } $id = $artefact ? $artefact->get('id') : null; $smarty->assign('folders', $this->prepare_artefacts_for_smarty($id, true)); $smarty->assign('files', $this->prepare_artefacts_for_smarty($id, false)); $content = $smarty->fetch('export:html/file:index.tpl'); if (false === file_put_contents($filesystemdirectory . 'index.html', $content)) { throw new SystemException("Unable to create index.html for directory {$id}"); } }
} if (!can_view_view($viewid)) { throw new AccessDeniedException(''); } if (!$file instanceof ArtefactTypeFile) { throw new NotFoundException(); } } else { // We just have a file ID $file = artefact_instance_from_id($fileid); if (!$file instanceof ArtefactTypeFile) { throw new NotFoundException(); } // If the file is in the public directory, it's fine to serve $fileispublic = $file->get('institution') == 'mahara'; $fileispublic = $fileispublic && (bool) get_field('artefact', 'id', 'id', $fileid, 'parent', ArtefactTypeFolder::admin_public_folder_id()); if (!$fileispublic) { // If the file is in the logged in menu and the user is logged in then // they can view it $fileinloggedinmenu = $file->get('institution') == 'mahara'; // check if users are allowed to access files in subfolders if (!get_config('sitefilesaccess')) { $fileinloggedinmenu = $fileinloggedinmenu && $file->get('parent') == null; } $fileinloggedinmenu = $fileinloggedinmenu && $USER->is_logged_in(); $fileinloggedinmenu = $fileinloggedinmenu && record_exists('site_menu', 'file', $fileid, 'public', 0); if (!$fileinloggedinmenu) { // Alternatively, if you own the file or you are an admin, it should always work if (!$USER->can_view_artefact($file)) { // Check for images sitting in visible forum posts $visibleinpost = false;
/** * Return artefacts available for inclusion in a particular block * */ public static function get_artefactchooser_artefacts($data, $group = null, $institution = null, $short = false) { global $USER; $offset = !empty($data['offset']) ? $data['offset'] : null; $limit = !empty($data['limit']) ? $data['limit'] : null; $sortorder = !empty($data['sortorder']) ? $data['sortorder'] : false; $extraselect = isset($data['extraselect']) ? ' AND ' . $data['extraselect'] : ''; $from = ' FROM {artefact} a '; if (isset($data['extrajoin'])) { $from .= $data['extrajoin']; } if ($group) { // Get group-owned artefacts that the user has view // permission on, and site-owned artefacts $from .= ' LEFT OUTER JOIN ( SELECT r.artefact, r.can_view, m.group FROM {artefact_access_role} r INNER JOIN {group_member} m ON r.role = m.role WHERE m."group" = ' . $group . ' AND m.member = ' . $USER->get('id') . ' AND r.can_view = 1 ) ga ON (ga.group = a.group AND a.id = ga.artefact)'; $select = "(a.institution = 'mahara' OR ga.can_view = 1)"; } else { if ($institution) { // Site artefacts & artefacts owned by this institution $select = "(a.institution = 'mahara' OR a.institution = '{$institution}')"; } else { // The view is owned by a normal user // Get artefacts owned by the user, group-owned artefacts // the user has republish permission on, artefacts owned // by the user's institutions. $from .= ' LEFT OUTER JOIN {artefact_access_usr} aau ON (a.id = aau.artefact AND aau.usr = '******'id') . ') LEFT OUTER JOIN {artefact_parent_cache} apc ON (a.id = apc.artefact) LEFT OUTER JOIN ( SELECT aar.artefact, aar.can_republish, m.group FROM {artefact_access_role} aar INNER JOIN {group_member} m ON aar.role = m.role WHERE m.member = ' . $USER->get('id') . ' AND aar.can_republish = 1 ) ra ON (a.id = ra.artefact AND a.group = ra.group)'; $institutions = array_keys($USER->get('institutions')); $select = '( owner = ' . $USER->get('id') . ' OR ra.can_republish = 1 OR aau.can_republish = 1'; if ($USER->get('admin')) { $institutions[] = 'mahara'; } else { safe_require('artefact', 'file'); $select .= "\n OR ( a.institution = 'mahara' AND apc.parent = " . ArtefactTypeFolder::admin_public_folder_id() . ')'; } if ($institutions) { $select .= ' OR a.institution IN (' . join(',', array_map('db_quote', $institutions)) . ')'; } $select .= "\n )"; } } if (!empty($data['artefacttypes']) && is_array($data['artefacttypes'])) { $select .= ' AND artefacttype IN(' . implode(',', array_map('db_quote', $data['artefacttypes'])) . ')'; } if (!empty($data['search'])) { $search = db_quote('%' . str_replace('%', '%%', $data['search']) . '%'); $select .= 'AND (title ' . db_ilike() . '(' . $search . ') OR description ' . db_ilike() . '(' . $search . ') )'; } $select .= $extraselect; $cols = $short ? 'a.id, a.id AS b' : 'a.*'; // get_records_sql_assoc wants > 1 column $artefacts = get_records_sql_assoc('SELECT ' . $cols . $from . ' WHERE ' . $select . ($sortorder ? ' ORDER BY ' . $sortorder : ''), null, $offset, $limit); $totalartefacts = count_records_sql('SELECT COUNT(*) ' . $from . ' WHERE ' . $select); return array($artefacts, $totalartefacts); }
/** * This function returns a list of posts in a given blog. * * @param integer * @param integer * @param integer * @param array */ public static function get_posts($id, $limit, $offset, $viewoptions = null) { $results = array('limit' => $limit, 'offset' => $offset); // If viewoptions is null, we're getting posts for the my blogs area, // and we should get all posts & show drafts first. Otherwise it's a // blog in a view, and we should only get published posts. $from = "\n FROM {artefact} a LEFT JOIN {artefact_blog_blogpost} bp ON a.id = bp.blogpost\n WHERE a.artefacttype = 'blogpost' AND a.parent = ?"; if (!is_null($viewoptions)) { if (isset($viewoptions['before'])) { $from .= " AND a.ctime < '{$viewoptions['before']}'"; } $from .= ' AND bp.published = 1'; } $results['count'] = count_records_sql('SELECT COUNT(*) ' . $from, array($id)); $data = get_records_sql_assoc(' SELECT a.id, a.title, a.description, a.author, a.authorname, ' . db_format_tsfield('a.ctime', 'ctime') . ', ' . db_format_tsfield('a.mtime', 'mtime') . ', a.locked, bp.published, a.allowcomments ' . $from . ' ORDER BY bp.published ASC, a.ctime DESC, a.id DESC', array($id), $offset, $limit); if (!$data) { $results['data'] = array(); return $results; } // Get the attached files. $postids = array_map(create_function('$a', 'return $a->id;'), $data); $files = ArtefactType::attachments_from_id_list($postids); if ($files) { safe_require('artefact', 'file'); foreach ($files as &$file) { $params = array('id' => $file->attachment); if (!empty($viewoptions['viewid'])) { $params['viewid'] = $viewoptions['viewid']; } $file->icon = call_static_method(generate_artefact_class_name($file->artefacttype), 'get_icon', $params); $data[$file->artefact]->files[] = $file; } } if ($tags = ArtefactType::tags_from_id_list($postids)) { foreach ($tags as &$at) { $data[$at->artefact]->tags[] = $at->tag; } } foreach ($data as &$post) { // Format dates properly if (is_null($viewoptions)) { // My Blogs area: create forms for changing post status & deleting posts. $post->changepoststatus = ArtefactTypeBlogpost::changepoststatus_form($post->id, $post->published); $post->delete = ArtefactTypeBlogpost::delete_form($post->id, $post->title); } else { $by = $post->author ? display_default_name($post->author) : $post->authorname; $post->postedby = get_string('postedbyon', 'artefact.blog', $by, format_date($post->ctime)); // Get comment counts if (!empty($viewoptions['countcomments'])) { safe_require('artefact', 'comment'); require_once get_config('docroot') . 'lib/view.php'; $view = new View($viewoptions['viewid']); $artefact = artefact_instance_from_id($post->id); list($commentcount, $comments) = ArtefactTypeComment::get_artefact_comments_for_view($artefact, $view, null, false); $post->commentcount = $commentcount; $post->comments = $comments; } } $post->ctime = format_date($post->ctime, 'strftimedaydatetime'); $post->mtime = format_date($post->mtime); // Ensure images in the post have the right viewid associated with them if (!empty($viewoptions['viewid'])) { safe_require('artefact', 'file'); $post->description = ArtefactTypeFolder::append_view_url($post->description, $viewoptions['viewid']); } } $results['data'] = array_values($data); return $results; }
/** * Dumps all views into the PDF ready HTML format */ private function create_html() { global $THEME; $progressstart = 55; $progressend = 75; $i = 0; $viewcount = count($this->views); // multiple views append header with standard theme if (!$this->exportingoneview) { $smarty = $this->get_smarty(); $header = $smarty->fetch('export:pdf:head.tpl'); if (!file_put_contents("{$this->exportdir}/{$this->rootdir}/" . "index.html", $header, FILE_APPEND | LOCK_EX)) { throw new SystemException("Could not write view page for pdf export"); } } foreach ($this->views as $id => $view) { $this->notify_progress_callback(intval($progressstart + ++$i / $viewcount * ($progressend - $progressstart)), get_string('exportingviewsprogress', 'export', $i, $viewcount)); // Set up view theme if we're just exporting a single view if (!isset($smarty) && $this->exportingoneview) { $viewtheme = $view->get('theme'); if ($viewtheme && $THEME->basename != $viewtheme) { $THEME = new Theme($viewtheme); } $smarty = $this->get_smarty(); $header = $smarty->fetch('export:pdf:head.tpl'); if (!file_put_contents("{$this->exportdir}/{$this->rootdir}/" . "index.html", $header, FILE_APPEND | LOCK_EX)) { throw new SystemException("Could not write view page for pdf export"); } } $owner = $view->get('owner'); $viewtype = $view->get('type'); if (get_config('viewmicroheaders')) { $smarty->assign('microheadertitle', $view->display_title(true, false)); } // fetch the html for a single view $smarty->assign('viewtitle', $view->get('title')); $smarty->assign('ownername', $view->formatted_owner()); $smarty->assign('viewdescription', ArtefactTypeFolder::append_view_url($view->get('description'), $view->get('id'))); $smarty->assign('viewcontent', $view->build_rows(false, true)); $smarty->assign('tags', $view->get('tags')); $viewcontent = $smarty->fetch('export:pdf:view.tpl'); // include a pagebreak into the pdf if we are exporting multiple views if (!$this->exportingoneview && $i < $viewcount) { $viewcontent .= $smarty->fetch('export:pdf:pagebreak.tpl'); } // append any new views to the end of the main html for a bulk export if (!file_put_contents("{$this->exportdir}/{$this->rootdir}/" . "index.html", $viewcontent, FILE_APPEND | LOCK_EX)) { throw new SystemException("Could not write view page for pdf export"); } } // append footer $footer = $smarty->fetch('export:pdf:foot.tpl'); if (!file_put_contents("{$this->exportdir}/{$this->rootdir}/" . "index.html", $footer, FILE_APPEND | LOCK_EX)) { throw new SystemException("Could not write view page for pdf export"); } }
function add_feedback_form_submit(Pieform $form, $values) { global $view, $artefact, $USER; $data = (object) array('title' => get_string('Comment', 'artefact.comment'), 'description' => $values['message']); if ($artefact) { $data->onartefact = $artefact->get('id'); $data->owner = $artefact->get('owner'); $data->group = $artefact->get('group'); $data->institution = $artefact->get('institution'); } else { $data->onview = $view->get('id'); $data->owner = $view->get('owner'); $data->group = $view->get('group'); $data->institution = $view->get('institution'); } if ($author = $USER->get('id')) { $anonymous = false; $data->author = $author; } else { $anonymous = true; $data->authorname = $values['authorname']; } if (isset($values['moderate']) && $values['ispublic'] && !$USER->can_edit_view($view)) { $data->private = 1; $data->requestpublic = 'author'; $moderated = true; } else { $data->private = (int) (!$values['ispublic']); $moderated = false; } $private = $data->private; if (get_config('licensemetadata')) { $data->license = $values['license']; $data->licensor = $values['licensor']; $data->licensorurl = $values['licensorurl']; } if (isset($values['rating'])) { $data->rating = valid_rating($values['rating']); } $comment = new ArtefactTypeComment(0, $data); db_begin(); $comment->commit(); $url = $comment->get_view_url($view->get('id'), true, false); $goto = get_config('wwwroot') . $url; if (isset($data->requestpublic) && $data->requestpublic === 'author' && $data->owner) { $arg = $author ? display_name($USER, null, true) : $data->authorname; $moderatemsg = (object) array('subject' => false, 'message' => false, 'strings' => (object) array('subject' => (object) array('key' => 'makepublicrequestsubject', 'section' => 'artefact.comment', 'args' => array()), 'message' => (object) array('key' => 'makepublicrequestbyauthormessage', 'section' => 'artefact.comment', 'args' => array(hsc($arg))), 'urltext' => (object) array('key' => 'Comment', 'section' => 'artefact.comment')), 'users' => array($data->owner), 'url' => $url); } if (!empty($values['attachments']) && is_array($values['attachments']) && !empty($data->author)) { require_once get_config('libroot') . 'uploadmanager.php'; safe_require('artefact', 'file'); $ownerlang = empty($data->owner) ? get_config('lang') : get_user_language($data->owner); $folderid = ArtefactTypeFolder::get_folder_id(get_string_from_language($ownerlang, 'feedbackattachdirname', 'artefact.comment'), get_string_from_language($ownerlang, 'feedbackattachdirdesc', 'artefact.comment'), null, true, $data->owner, $data->group, $data->institution); $attachment = (object) array('owner' => $data->owner, 'group' => $data->group, 'institution' => $data->institution, 'author' => $data->author, 'allowcomments' => 0, 'parent' => $folderid, 'description' => get_string_from_language($ownerlang, 'feedbackonviewbyuser', 'artefact.comment', $view->get('title'), display_name($USER))); foreach ($values['attachments'] as $filesindex) { $originalname = $_FILES[$filesindex]['name']; $attachment->title = ArtefactTypeFileBase::get_new_file_title($originalname, $folderid, $data->owner, $data->group, $data->institution); try { $fileid = ArtefactTypeFile::save_uploaded_file($filesindex, $attachment); } catch (QuotaExceededException $e) { if ($data->owner == $USER->get('id')) { $form->reply(PIEFORM_ERR, array('message' => $e->getMessage())); } redirect($goto); } catch (UploadException $e) { $form->reply(PIEFORM_ERR, array('message' => $e->getMessage())); redirect($goto); } $comment->attach($fileid); } } require_once 'activity.php'; $data = (object) array('commentid' => $comment->get('id'), 'viewid' => $view->get('id')); activity_occurred('feedback', $data, 'artefact', 'comment'); if (isset($moderatemsg)) { activity_occurred('maharamessage', $moderatemsg); } db_commit(); $newlist = ArtefactTypeComment::get_comments(10, 0, 'last', $view, $artefact); // If you're anonymous and your message is moderated or private, then you won't // be able to tell what happened to it. So we'll provide some more explanation in // the feedback message. if ($anonymous && $moderated) { $message = get_string('feedbacksubmittedmoderatedanon', 'artefact.comment'); } else { if ($anonymous && $private) { $message = get_string('feedbacksubmittedprivateanon', 'artefact.comment'); } else { $message = get_string('feedbacksubmitted', 'artefact.comment'); } } $form->reply(PIEFORM_OK, array('message' => $message, 'goto' => $goto, 'data' => $newlist)); }
public function create_folder($folder) { $newfolder = new ArtefactTypeFolder(0, $this->data['template']); $newfolder->commit(); $folderindex = ($folder == '.' ? '' : $folder . '/') . $this->data['template']->title; $this->data['folderids'][$folderindex] = $newfolder->get('id'); $this->data['folderscreated']++; }
// in the initial call to smarty() $smarty->assign('sitelogo', $THEME->header_logo($skindata['header_logo_image'])); } } } // Provide a link for roaming teachers to return if ($mnetviewlist = $SESSION->get('mnetviewaccess')) { if (isset($mnetviewlist[$view->get('id')])) { $returnurl = $SESSION->get('mnetuserfrom'); require_once get_config('docroot') . 'api/xmlrpc/lib.php'; if ($peer = get_peer_from_instanceid($SESSION->get('authinstance'))) { $smarty->assign('mnethost', array('name' => $peer->name, 'url' => $returnurl ? $returnurl : $peer->wwwroot)); } } } $smarty->assign('viewdescription', ArtefactTypeFolder::append_view_url($view->get('description'), $view->get('id'))); $smarty->assign('viewcontent', $viewcontent); $smarty->assign('releaseform', $releaseform); if (isset($addfeedbackform)) { $smarty->assign('enablecomments', 1); $smarty->assign('addfeedbackform', $addfeedbackform); } if (isset($objectionform)) { $smarty->assign('objectionform', $objectionform); $smarty->assign('notrudeform', $notrudeform); } $smarty->assign('viewbeingwatched', $viewbeingwatched); if ($viewgroupform) { $smarty->assign('view_group_submission_form', $viewgroupform); } if ($titletext !== $title) {
public function create_folder($folder) { $newfolder = new ArtefactTypeFolder(0, $this->data['template']); $newfolder->commit(); if ($this->archivetype == 'zip') { $folderindex = $folder == '.' ? $this->data['template']->title . '/' : $folder . $this->data['template']->title . '/'; } else { $folderindex = ($folder == '.' ? '' : $folder . '/') . $this->data['template']->title; } $this->data['folderids'][$folderindex] = $newfolder->get('id'); $this->data['folderscreated']++; }
/** * Creates a folder artefact based on the given entry. * * @param SimpleXMLElement $entry The entry to base the folder's data on * @param PluginImport $importer The importer * @param int $parent The ID of the parent artefact for this folder * @throws ImportException If the given entry is not detected as being a folder * @return int The ID of the folder artefact created */ private static function create_folder(SimpleXMLElement $entry, PluginImport $importer, $parent = null) { if (!self::is_folder($entry, $importer)) { throw new ImportException($importer, "create_folder(): Cannot create a folder artefact from an entry we don't recognise as a folder"); } $folder = new ArtefactTypeFolder(); $folder->set('title', (string) $entry->title); $folder->set('description', PluginImportLeap::get_entry_content($entry, $importer)); if ($published = strtotime((string) $entry->published)) { $folder->set('ctime', $published); } if ($updated = strtotime((string) $entry->updated)) { $folder->set('mtime', $updated); } $folder->set('owner', $importer->get('usr')); $folder->set('tags', PluginImportLeap::get_entry_tags($entry)); if ($parent) { $folder->set('parent', $parent); } $folder->commit(); return $folder->get('id'); }
public static function change_language($userid, $oldlang, $newlang) { $oldname = get_string_from_language($oldlang, 'feedbackattachdirname', 'view'); $artefact = ArtefactTypeFolder::get_folder_by_name($oldname, null, $userid); if (empty($artefact)) { return; } $name = get_string_from_language($newlang, 'feedbackattachdirname', 'view'); $description = get_string_from_language($newlang, 'feedbackattachdirdesc', 'view'); if (!empty($name)) { $artefact = artefact_instance_from_id($artefact->id); $artefact->set('title', $name); $artefact->set('description', $description); $artefact->commit(); } }
/** * Indicates whether the user can see the artefact *in the artefact chooser*, and use * it in Pages within its ownership context. In other words, if it's a group file, they * can use it in Pages for that group, but not in their own personal Pages. The function * name refers to the "view" permission for group files. * * WARNING: Despite the similarity in name to can_view_view(), this method DOESN'T * check for general permission to "see" an artefact, i.e. to download it or view * its artefact detail page. For that, you need to use artefact_in_view() followed by * can_view_view(). * * TODO: Rename this to something less misleading? * * @param ArtefactType $a */ public function can_view_artefact($a) { global $USER; // Files in the public site folder and its subfolders if ($a instanceof ArtefactTypeFileBase) { $publicfolderid = ArtefactTypeFolder::admin_public_folder_id(); $fileispublic = $a->get('id') == $publicfolderid || $a->get('institution') == 'mahara' && (bool) get_field('artefact', 'id', 'id', $a->get('id'), 'parent', $publicfolderid); if ($fileispublic) { return true; } } $parent = $a->get_parent_instance(); if ($parent) { if (!$this->can_view_artefact($parent)) { return false; } } if ($this->get('admin') || ($this->get('id') and $this->get('id') == $a->get('owner')) || ($a->get('institution') and $this->is_institutional_admin($a->get('institution'))) || $a->get('institution') && $this->in_institution($a->get('institution')) && in_array($a->get('artefacttype'), array('blog', 'blogpost'))) { return true; } else { if ($a->get('institution') == 'mahara') { $thisparent = $a->get('parent'); // if we are looking at the public folder or items in it if ($a->get('id') == ArtefactTypeFolder::admin_public_folder_id() || !empty($thisparent) && $thisparent == ArtefactTypeFolder::admin_public_folder_id()) { return true; } } } if ($a->get('group')) { if ($USER->get('id') == $a->get('author')) { // uploader of group file should always have access to it return true; } // Only group artefacts can have artefact_access_role & artefact_access_usr records return (bool) count_records_sql("SELECT COUNT(*) FROM {artefact_access_role} ar\n INNER JOIN {group_member} g ON ar.role = g.role\n WHERE ar.artefact = ? AND g.member = ? AND ar.can_view = 1 AND g.group = ?", array($a->get('id'), $this->get('id'), $a->get('group'))) || record_exists('artefact_access_usr', 'usr', $this->get('id'), 'artefact', $a->get('id')); } return false; }
function upload_submit(Pieform $form, $values) { global $USER, $filesize; safe_require('artefact', 'file'); try { $USER->quota_add($filesize); } catch (QuotaException $qe) { $form->json_reply(PIEFORM_ERR, array('message' => get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot')))); } // Entry in artefact table $data = new stdClass(); $data->owner = $USER->id; $data->parent = ArtefactTypeFolder::get_folder_id(get_string('imagesdir', 'artefact.file'), get_string('imagesdirdesc', 'artefact.file'), null, true, $USER->id); $data->title = $values['title'] ? $values['title'] : $values['file']['name']; $data->title = ArtefactTypeFileBase::get_new_file_title($data->title, (int) $data->parent, $USER->id); // unique title $data->note = $values['file']['name']; $data->size = $filesize; $imageinfo = getimagesize($values['file']['tmp_name']); $data->width = $imageinfo[0]; $data->height = $imageinfo[1]; $data->filetype = $imageinfo['mime']; $data->description = get_string('uploadedprofileicon', 'artefact.file'); $artefact = new ArtefactTypeProfileIcon(0, $data); if (preg_match("/\\.([^\\.]+)\$/", $values['file']['name'], $saved)) { $artefact->set('oldextension', $saved[1]); } $artefact->commit(); $id = $artefact->get('id'); // Move the file into the correct place. $directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/'; check_dir_exists($directory); move_uploaded_file($values['file']['tmp_name'], $directory . $id); $USER->commit(); $form->json_reply(PIEFORM_OK, get_string('profileiconaddedtoimagesfolder', 'artefact.file', get_string('imagesdir', 'artefact.file'))); }
function pieform_element_filebrowser_changeowner(Pieform $form, $element) { $prefix = $form->get_name() . '_' . $element['name']; $newtabdata = pieform_element_filebrowser_configure_tabs($element['tabs'], $prefix); $smarty = smarty_core(); $smarty->assign('prefix', $prefix); $smarty->assign('querybase', $element['page'] . (strpos($element['page'], '?') === false ? '?' : '&')); $smarty->assign('tabs', $newtabdata); $newtabhtml = $smarty->fetch('artefact:file:form/ownertabs.tpl'); $newsubtabhtml = $smarty->fetch('artefact:file:form/ownersubtabs.tpl'); $group = null; $institution = null; $user = null; $userid = null; $folder = 0; if ($newtabdata['owner'] == 'site') { global $USER; if (!$USER->get('admin')) { $folder = ArtefactTypeFolder::admin_public_folder_id(); } $institution = 'mahara'; } else { if ($newtabdata['owner'] == 'institution') { $institution = $newtabdata['ownerid']; } else { if ($newtabdata['owner'] == 'group') { $group = $newtabdata['ownerid']; } else { if ($newtabdata['owner'] == 'user') { $user = true; $userid = $newtabdata['ownerid']; } } } } return array('error' => false, 'changedowner' => true, 'changedfolder' => true, 'editmeta' => (int) ($user && !$element['config']['edit'] && !empty($element['config']['tag'])), 'newtabdata' => $newtabdata, 'folder' => $folder, 'disableedit' => $group && !pieform_element_filebrowser_edit_group_folder($group, $folder), 'newlist' => pieform_element_filebrowser_build_filelist($form, $element, $folder, null, $user, $group, $institution), 'newpath' => pieform_element_filebrowser_build_path($form, $element, $folder, $newtabdata['owner'], $newtabdata['ownerid']), 'newtabs' => $newtabhtml, 'newsubtabs' => $newsubtabhtml); }
/** * Return artefacts available for inclusion in a particular block * */ public static function get_artefactchooser_artefacts($data, $owner = null, $group = null, $institution = null, $short = false) { if ($owner === null) { global $USER; $user = $USER; } else { if ($owner instanceof User) { $user = $owner; } else { if (intval($owner) != 0) { $user = new User(); $user->find_by_id(intval($owner)); } else { throw new SystemException("Invalid argument type " . gettype($owner) . " passed to View::get_artefactchooser_artefacts"); } } } $offset = !empty($data['offset']) ? $data['offset'] : null; $limit = !empty($data['limit']) ? $data['limit'] : null; $sortorder = ''; if (!empty($data['sortorder'])) { foreach ($data['sortorder'] as $field) { if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) { continue; // skip this item (it fails validation) } $order = 'ASC'; if (!empty($field['order']) && 'DESC' == strtoupper($field['order'])) { $order = 'DESC'; } if (empty($sortorder)) { $sortorder .= 'ORDER BY '; } else { $sortorder .= ', '; } $sortorder .= $field['fieldname'] . ' ' . $order; } } $extraselect = ''; if (isset($data['extraselect'])) { foreach ($data['extraselect'] as $field) { if (!preg_match('/^[a-zA-Z_0-9"]+$/', $field['fieldname'])) { continue; // skip this item (it fails validation) } // Sanitise all values $values = $field['values']; foreach ($values as &$val) { if ($field['type'] == 'int') { $val = (int) $val; } elseif ($field['type'] == 'string') { $val = db_quote($val); } else { throw new SystemException("Unsupported field type '" . $field['type'] . "' passed to View::get_artefactchooser_artefacts"); } } $extraselect .= ' AND '; if (count($values) > 1) { $extraselect .= $field['fieldname'] . ' IN (' . implode(', ', $values) . ')'; } else { $extraselect .= $field['fieldname'] . ' = ' . reset($values); } } } $from = ' FROM {artefact} a '; if ($group) { // Get group-owned artefacts that the user has view // permission on, and site-owned artefacts $from .= ' LEFT OUTER JOIN ( SELECT r.artefact, r.can_view, m.group FROM {artefact_access_role} r INNER JOIN {group_member} m ON r.role = m.role WHERE m."group" = ' . (int) $group . ' AND m.member = ' . $user->get('id') . ' AND r.can_view = 1 ) ga ON (ga.group = a.group AND a.id = ga.artefact)'; $select = "(a.institution = 'mahara' OR ga.can_view = 1"; if (!empty($data['userartefactsallowed'])) { $select .= ' OR "owner" = ' . $user->get('id'); } $select .= ')'; } else { if ($institution) { // Site artefacts & artefacts owned by this institution $select = "(a.institution = 'mahara' OR a.institution = '{$institution}')"; } else { // The view is owned by a normal user // Get artefacts owned by the user, group-owned artefacts // the user has republish permission on, artefacts owned // by the user's institutions. $from .= ' LEFT OUTER JOIN {artefact_access_usr} aau ON (a.id = aau.artefact AND aau.usr = '******'id') . ') LEFT OUTER JOIN {artefact_parent_cache} apc ON (a.id = apc.artefact) LEFT OUTER JOIN ( SELECT aar.artefact, aar.can_republish, m.group FROM {artefact_access_role} aar INNER JOIN {group_member} m ON aar.role = m.role WHERE m.member = ' . $user->get('id') . ' AND aar.can_republish = 1 ) ra ON (a.id = ra.artefact AND a.group = ra.group)'; $institutions = array_keys($user->get('institutions')); $select = '( "owner" = ' . $user->get('id') . ' OR ra.can_republish = 1 OR aau.can_republish = 1'; if ($user->get('admin')) { $institutions[] = 'mahara'; } else { safe_require('artefact', 'file'); $select .= "\n OR ( a.institution = 'mahara' AND apc.parent = " . (int) ArtefactTypeFolder::admin_public_folder_id() . ')'; } if ($institutions) { $select .= ' OR a.institution IN (' . join(',', array_map('db_quote', $institutions)) . ')'; } $select .= "\n )"; } } if (!empty($data['artefacttypes']) && is_array($data['artefacttypes'])) { $select .= ' AND artefacttype IN(' . implode(',', array_map('db_quote', $data['artefacttypes'])) . ')'; } if (!empty($data['search'])) { $search = db_quote('%' . str_replace('%', '%%', $data['search']) . '%'); $select .= 'AND (title ' . db_ilike() . '(' . $search . ') OR description ' . db_ilike() . '(' . $search . ') )'; } $select .= $extraselect; $cols = $short ? 'a.id, a.id AS b' : 'a.*'; // get_records_sql_assoc wants > 1 column $artefacts = get_records_sql_assoc('SELECT ' . $cols . $from . ' WHERE ' . $select . $sortorder, null, $offset, $limit); $totalartefacts = count_records_sql('SELECT COUNT(*) ' . $from . ' WHERE ' . $select); return array($artefacts, $totalartefacts); }