コード例 #1
0
ファイル: sendfile.php プロジェクト: ratbird/hope
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
// +---------------------------------------------------------------------------+
ob_start();
require '../lib/bootstrap.php';
page_open(array("sess" => "Seminar_Session", "auth" => "Seminar_Default_Auth", "perm" => "Seminar_Perm", "user" => "Seminar_User"));
require_once 'lib/datei.inc.php';
//basename() needs setlocale()
init_i18n($_SESSION['_language']);
// Set Base URL, otherwise links will fail on SENDFILE_LINK_MODE = rewrite
URLHelper::setBaseURL($GLOBALS['ABSOLUTE_URI_STUDIP']);
$file_id = escapeshellcmd(basename(Request::get('file_id')));
$type = Request::int('type');
if ($type < 0 || $type > 7) {
    $type = 0;
}
$document = new StudipDocument($file_id);
$object_id = $document->getValue('seminar_id');
$no_access = true;
//download from course or institute or document is a message attachement
if ($object_id && in_array($type, array(0, 6, 7))) {
    $no_access = !$document->checkAccess($GLOBALS['user']->id);
}
//download from archive, allowed if former participant
if ($type == 1) {
    $query = "SELECT seminar_id FROM archiv WHERE archiv_file_id = ?";
    $statement = DBManager::get()->prepare($query);
    $statement->execute(array($file_id));
    $archiv_seminar_id = $statement->fetchColumn();
    if ($archiv_seminar_id) {
        $no_access = !archiv_check_perm($archiv_seminar_id);
    } else {
コード例 #2
0
ファイル: forum.php プロジェクト: noackorama/blubberforum
 public function post_files_action()
 {
     $context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
     $context_type = Request::option("context_type");
     if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
         throw new AccessDeniedException("Kein Zugriff");
     }
     //check folders
     $db = DBManager::get();
     $folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
     $parent_folder_id = md5("Blubber_" . $context);
     if ($context_type !== "course") {
         $folder_id = $parent_folder_id;
     }
     $folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
     if (!$folder) {
         $folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
         if (!$folder) {
             $db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
         }
         if ($context_type === "course") {
             $db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
         }
     }
     $output = array();
     foreach ($_FILES as $file) {
         $GLOBALS['msg'] = '';
         if ($context_type === "course") {
             validate_upload($file);
             if ($GLOBALS['msg']) {
                 $output['errors'][] = $file['name'] . ': ' . studip_utf8encode(html_entity_decode(trim(substr($GLOBALS['msg'], 6), '§')));
                 continue;
             }
         }
         if ($file['size']) {
             $document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
             $document['user_id'] = $GLOBALS['user']->id;
             $document['author_name'] = get_fullname();
             $document['seminar_id'] = $context;
             $document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
             $document['filesize'] = $file['size'];
             if ($newfile = StudipDocument::createWithFile($file['tmp_name'], $document)) {
                 $type = null;
                 strpos($file['type'], 'image') === false || ($type = "img");
                 strpos($file['type'], 'video') === false || ($type = "video");
                 if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
                     $type = "audio";
                 }
                 $url = GetDownloadLink($newfile->getId(), $newfile['filename']);
                 if ($type) {
                     $output['inserts'][] = "[" . $type . "]" . $url;
                 } else {
                     $output['inserts'][] = "[" . $newfile['filename'] . "]" . $url;
                 }
             }
         }
     }
     $this->render_json($output);
 }
コード例 #3
0
ファイル: Message.class.php プロジェクト: ratbird/hope
 public function getNumAttachments()
 {
     return StudipDocument::countBySQL("range_id=?", array($this->id));
 }
コード例 #4
0
ファイル: datei.inc.php プロジェクト: ratbird/hope
/**
 *
 * checks if the 'protected' flag of a file is set and if
 * the course access is closed
 *
 * @param string MD5 id of the file
 * @return bool
 */
function check_protected_download($document_id) {
    $ok = true;
    if (Config::GetInstance()->getValue('ENABLE_PROTECTED_DOWNLOAD_RESTRICTION')) {
        $doc = new StudipDocument($document_id);
        if ($doc->getValue('protected')) {
            $ok = false;
            $range_id = $doc->getValue('seminar_id');

            if (get_object_type($range_id) == 'sem') {
                $seminar = Seminar::GetInstance($range_id);
                $timed_admission = $seminar->getAdmissionTimeFrame();

                if ($seminar->isPasswordProtected() ||
                        $seminar->isAdmissionLocked()
                        || ($timed_admission['end_time'] > 0 && $timed_admission['end_time'] < time())) {
                    $ok = true;
                } else if (StudygroupModel::isStudygroup($range_id)) {
                    $studygroup = Seminar::GetInstance($range_id);
                    if ($studygroup->admission_prelim == 1) {
                        $ok = true;
                    }
                }
            }
        }
    }

    return $ok;
}
コード例 #5
0
ファイル: WysiwygDocument.php プロジェクト: ratbird/hope
 /**
  * Create a new Stud.IP document from an uploaded file.
  *
  * @param  array   $file       Metadata of uploaded file.
  * @param  string  $folder_id  ID of Stud.IP folder to which file is stored.
  * @return StudipDocument      New Stud.IP document for uploaded file.
  * @throws AccessDeniedException if file is forbidden or upload failed.
  */
 public static function fromUpload($file, $folder_id)
 {
     self::verifyUpload($file);
     // throw exception if file is forbidden
     $newfile = \StudipDocument::createWithFile($file['tmp_name'], self::studipData($file, $folder_id));
     if (!$newfile) {
         // file creation failed
         throw new \AccessDeniedException(_('Stud.IP-Dokument konnte nicht erstellt werden.'));
     }
     return new WysiwygDocument($newfile, \studip_utf8decode($file['type']));
 }
コード例 #6
0
ファイル: market.php プロジェクト: Krassmus/LehrMarktplatz
 public function add_to_course_action($material_id)
 {
     $this->material = new LernmarktplatzMaterial($material_id);
     if (Request::isPost() && Request::option("seminar_id") && $GLOBALS['perm']->have_studip_perm("autor", Request::option("seminar_id"))) {
         //$course = new Course(Request::option("seminar_id"));
         $query = "SELECT folder_id FROM folder WHERE range_id = ? ORDER BY name";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array(Request::option("seminar_id")));
         $folder_id = $statement->fetch(PDO::FETCH_COLUMN, 0);
         if ($folder_id && ($GLOBALS['perm']->have_studip_perm("tutor", Request::option("seminar_id")) || in_array("writable", DocumentFolder::find($folder_id)->getPermissions()))) {
             if ($this->material['host_id']) {
                 $path = $GLOBALS['TMP_PATH'] . "/tmp_download_" . md5(uniqid());
                 file_put_contents($path, file_get_contents($this->material->host->url . "download/" . $this->material['foreign_material_id']));
             } else {
                 $path = $this->material->getFilePath();
             }
             $document = StudipDocument::createWithFile($path, array('name' => $this->material['name'], 'range_id' => $folder_id, 'user_id' => $GLOBALS['user']->id, 'seminar_id' => Request::option("seminar_id"), 'description' => $this->material['description'] ?: $this->material['short_description'], 'filename' => $this->material['filename'], 'filesize' => filesize($path), 'author_name' => get_fullname()));
             PageLayout::postMessage(MessageBox::success(_("Datei wurde erfolgreich kopiert.")));
             $this->redirect(URLHelper::getURL("folder.php#anker", array('cid' => Request::option("seminar_id"), 'data' => array('cmd' => "tree", 'open' => array($folder_id => 1, $document->getId() => 1)), 'open' => $document->getId())));
             if ($this->material['host_id']) {
                 //cleanup
                 @unlink($path);
             }
         } else {
             PageLayout::postMessage(MessageBox::error(_("Veranstaltung hat keinen allgemeinen Dateiordner.")));
             $this->redirect(PluginEngine::getURL($this->plugin, array(), "market/details/" . $material_id));
         }
     }
     $this->courses = Course::findBySQL("INNER JOIN seminar_user USING (Seminar_id) WHERE seminar_user.user_id = ? ORDER BY seminare.mkdate DESC", array($GLOBALS['user']->id));
 }
コード例 #7
0
ファイル: streams.php プロジェクト: ratbird/hope
 /**
  * Saves given files (dragged into the textarea) and returns the link to the
  * file to the user as json.
  * @throws AccessDeniedException
  */
 public function post_files_action()
 {
     $context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
     $context_type = Request::option("context_type");
     if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
         throw new AccessDeniedException();
     }
     //check folders
     $db = DBManager::get();
     $folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
     $parent_folder_id = md5("Blubber_" . $context);
     if ($context_type !== "course") {
         $folder_id = $parent_folder_id;
     }
     $folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
     if (!$folder) {
         $folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
         if (!$folder) {
             $db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
         }
         if ($context_type === "course") {
             $db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
         }
     }
     $output = array();
     foreach ($_FILES as $file) {
         $GLOBALS['msg'] = '';
         validate_upload($file);
         if ($GLOBALS['msg']) {
             $output['errors'][] = $file['name'] . ': ' . decodeHTML(trim(substr($GLOBALS['msg'], 6), '§'));
             continue;
         }
         if ($file['size']) {
             $document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
             $document['user_id'] = $GLOBALS['user']->id;
             $document['author_name'] = get_fullname();
             $document['seminar_id'] = $context;
             $document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
             $document['filesize'] = $file['size'];
             if ($context === $GLOBALS['user']->id && Config::get()->PERSONALDOCUMENT_ENABLE) {
                 try {
                     $root_dir = RootDirectory::find($GLOBALS['user']->id);
                     $blubber_directory = $root_dir->listDirectories()->findOneBy('name', 'Blubber');
                     if (!$blubber_directory) {
                         $blubber_directory = $root_dir->mkdir('Blubber', _('Ihre Dateien aus Blubberstreams'));
                     }
                     $newfile = $blubber_directory->file->createFile($document['name']);
                     $newfile->name = $document['name'];
                     $newfile->store();
                     $handle = $newfile->file;
                     $handle->restricted = 0;
                     $handle->mime_type = $file['type'];
                     $handle->setContentFromFile($file['tmp_name']);
                     $handle->update();
                     $url = $newfile->getDownloadLink(true, true);
                     $success = true;
                 } catch (Exception $e) {
                     $output['error'][] = $e->getMessage();
                     $success = false;
                 }
             } else {
                 $newfile = StudipDocument::createWithFile($file['tmp_name'], $document);
                 $success = (bool) $newfile;
                 if ($success) {
                     $url = GetDownloadLink($newfile->getId(), $newfile['filename']);
                 }
             }
             if ($success) {
                 $type = null;
                 strpos($file['type'], 'image') === false || ($type = "img");
                 strpos($file['type'], 'video') === false || ($type = "video");
                 if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
                     $type = "audio";
                 }
                 if ($type) {
                     $output['inserts'][] = "[" . $type . "]" . $url;
                 } else {
                     $output['inserts'][] = "[" . $document['filename'] . "]" . $url;
                 }
             }
         }
     }
     $this->render_json($output);
 }
コード例 #8
0
ファイル: StudipDocument.class.php プロジェクト: ratbird/hope
 /**
  * Create a new document using the given file and metadata.
  * This method makes sure that there are no inconsistencies between a real
  * file and its database entry. Only if the file were copied/moved to the
  * documents folder, the database entry is written. If this fails too, the
  * file will be unlinked again.
  * The first parameter can either be an uploaded file or the path to an
  * already existing one. This file will either be moved using
  * move_uploaded_file or it will be copied.
  * The destination is determined this way: If the second parameter $data
  * already contains a "dokument_id", this will be used as the file's
  * destination. This is usually the case when refreshing a file.
  * If there is no such parameter, a new "dokument_id" is generated as usual
  * and is used as the file's destination.
  *
  * Before a document (and its file) is created, the notification
  * "DocumentWillCreate" will be posted.
  * If the document was created successfuly, the notification
  * "DocumentDidCreate" will be posted.
  * It the document was updated rather than created (see above), the
  * notifications will be "DocumentWillUpdate" and "DocumentDidUpdate".
  * The subject of the notification will always be that document.
  *
  * @param  $file  string  full path to a file (either uploaded or already existing)
  * @param  $data  array   an array containing the metadata of the document;
  *                        just use the same way as StudipDocument::setData
  * @return StudipDocument|null  if successful the created document, null otherwise
  */
 static function createWithFile($file, $data)
 {
     $doc = new StudipDocument(@$data['dokument_id']);
     $doc->setData($data);
     // create new ID (and thus path)
     if (!$doc->getId()) {
         $doc->setId($doc->getNewId());
     }
     $notifications = !isset($data['dokument_id']) ? array('DocumentWillCreate', 'DocumentDidCreate') : array('DocumentWillUpdate', 'DocumentDidUpdate');
     // send DocumentWill(Create|Update) notification
     NotificationCenter::postNotification($notifications[0], $doc);
     if (!$doc->attachFile($file) || !$doc->safeStore()) {
         return null;
     }
     // send DocumentDid(Create|Update) notification
     NotificationCenter::postNotification($notifications[1], $doc);
     return $doc;
 }
コード例 #9
0
ファイル: folder.php プロジェクト: ratbird/hope
            $statement->execute(array(Request::get("moveintofolder"),Request::get("movefile")));
        }
    }

    //Datei soll in einen Ordner kopiert werden
    if ((Request::get("copyintofolder")) && (Request::get("copyfile"))) {
        $query = "SELECT name, description, filename, mkdate, filesize,
                         autor_host, url, protected
                  FROM dokumente
                  WHERE dokument_id = ?";
        $statement = DBManager::get()->prepare($query);
        $statement->execute(array(Request::get("copyfile")));
        $result = $statement->fetch(PDO::FETCH_ASSOC);

        if (($rechte) || ($folder_tree->isWriteable(Request::get("copyintofolder") , $user->id))) {
            $doc = new StudipDocument();
            $doc->setData(
                array(
                    'range_id'    => Request::get("copyintofolder"),
                    'user_id'     => $user->id,
                    'seminar_id'  => $SessSemName[1],
                    'name'        => $result['name'],
                    'description' => $result['description'],
                    'filename'    => $result['filename'],
                    'mkdate'      => $result['mkdate'],
                    'chdate'      => time(),
                    'filesize'    => $result['filesize'],
                    'autor_host'  => $result['autor_host'],
                    'download'    => 0,
                    'url'         => $result['url'],
                    'protected'   => $result['protected'],
コード例 #10
0
ファイル: messages.php プロジェクト: ratbird/hope
 public function delete_attachment_action()
 {
     CSRFProtection::verifyUnsafeRequest();
     $doc = StudipDocument::find(Request::option('document_id'));
     if ($doc && $doc->range_id == 'provisional' && $doc->description == Request::option('message_id')) {
         @unlink(get_upload_file_path($doc->id));
         $doc->delete();
     }
     $this->render_nothing();
 }
コード例 #11
0
ファイル: ExportPDF.class.php プロジェクト: ratbird/hope
 /**
  * Converts URLs in images so that the webserver can access them without proxy.
  * @param string $url of an image
  * @return string " src=\"".$converted_url."\""
  */
 protected function convertURL($url)
 {
     $convurl = $url;
     $url_elements = @parse_url($url);
     $url = $url_elements['path'] . '?' . $url_elements['query'];
     if (strpos(implode('#', $this->domains), $url_elements['host']) !== false) {
         if (strpos($url, 'dispatch.php/media_proxy?url=') !== false) {
             $targeturl = urldecode(substr($url, 4));
             try {
                 // is file in cache?
                 if (!($metadata = $this->media_proxy->getMetaData($targeturl))) {
                     $convurl = $targeturl;
                 } else {
                     $convurl = $this->config->getValue('MEDIA_CACHE_PATH') . '/' . md5($targeturl);
                 }
             } catch (Exception $e) {
                 $convurl = '';
             }
         } else {
             if (stripos($url, 'dispatch.php/document/download') !== false) {
                 if (preg_match('#([a-f0-9]{32})#', $url, $matches)) {
                     $convurl = DirectoryEntry::find($matches[1])->file->getStorageObject()->getPath();
                 }
             } else {
                 if (stripos($url, 'download') !== false || stripos($url, 'sendfile.php') !== false) {
                     //// get file id
                     if (preg_match('#([a-f0-9]{32})#', $url, $matches)) {
                         $document = new StudipDocument($matches[1]);
                         if ($document->checkAccess($GLOBALS['user']->id)) {
                             $convurl = get_upload_file_path($matches[1]);
                         } else {
                             $convurl = Assets::image_path('messagebox/exception.png');
                         }
                     }
                 }
             }
         }
     }
     return 'src="' . $convurl . '"';
 }
コード例 #12
0
ファイル: Files.php プロジェクト: ratbird/hope
 private function loadDocuments($folder_id)
 {
     $files = \StudipDocument::findByFolderId($folder_id);
     $result = array();
     foreach ($files as $file) {
         $url = $this->urlf('/file/%s', array($file->id));
         $result[$url] = $this->fileToJSON($file);
     }
     return $result;
 }
コード例 #13
0
ファイル: course.php プロジェクト: nbussman/StudipMobile
 static function find_files($id, $user_id)
 {
     $db = \DBManager::get();
     $query = "       SELECT *\n\t\t\t\t\t\tFROM dokumente\n\t\t\t\t\t\tWHERE seminar_id =  '{$id}'\n\t\t\t\t\t\tORDER BY mkdate DESC\n\t\t\tLIMIT 0,30\n\t\t\t";
     $result = $db->query($query);
     $files = array();
     foreach ($result as $row) {
         // getLink
         $link = $row['url'];
         if ($row['url'] == "" or !$row['url']) {
             $link = GetDownloadLink($row['dokument_id'], $row['filename'], 0, 'force_download');
         }
         // get file extension
         $path_parts = pathinfo($row['filename']);
         $extension = strtoupper($path_parts['extension']);
         //get extension icon
         switch ($extension) {
             case "PDF":
                 $icon_link = "/public/images/icons/files32/pdf.png";
                 break;
             case "XLS":
                 $icon_link = "/public/images/icons/files32/xls.png";
                 break;
             case "PPT":
                 $icon_link = "/public/images/icons/files32/ppt.png";
                 break;
             case "ZIP":
                 $icon_link = "/public/images/icons/files32/zip.png";
                 break;
             case "RTF":
                 $icon_link = "/public/images/icons/files32/rtf.png";
                 break;
             case "TXT":
                 $icon_link = "/public/images/icons/files32/txt.png";
                 break;
             case "TGZ":
                 $icon_link = "/public/images/icons/files32/tgz.png";
                 break;
             default:
                 $icon_link = "/public/images/icons/files32/_blank.png";
         }
         //check access
         $file_object = \StudipDocument::find($row['dokument_id']);
         // Falls $file_oject vorhanden ab in den Array
         if (isset($file_object) && $file_object->checkAccess($user_id)) {
             $files[] = array('id' => $row['dokument_id'], 'name' => $row['name'], 'Seminar_id' => $row['seminar_id'], 'author' => $row['author_name'], 'author_id' => $row['user_id'], 'description' => $row['description'], 'mkdate' => $row['mkdate'], 'filesize' => $row['filesize'], 'link' => $link, 'filename' => $row['filename'], 'icon_link' => $icon_link, 'extension' => $extension);
         }
     }
     return $files;
 }
コード例 #14
0
ファイル: StudipMail.class.php プロジェクト: ratbird/hope
 /**
  * @param $dokument_id
  * @return StudipMail provides fluent interface
  */
 function addStudipAttachment($dokument_id)
 {
     $doc = new StudipDocument($dokument_id);
     if (!$doc->isNew()) {
         $this->addFileAttachment(get_upload_file_path($doc->getId()), $doc->getValue('filename'));
     }
     return $this;
 }