/**
* Create a new Stud.IP document from an uploaded file.
*
* @param array $file Metadata of uploaded file.
* @param string $folder_id ID of Stud.IP folder to which file is stored.
* @return StudipDocument New Stud.IP document for uploaded file.
* @throws AccessDeniedException if file is forbidden or upload failed.
*/
public static function fromUpload($file, $folder_id)
{
self::verifyUpload($file);
// throw exception if file is forbidden
$newfile = \StudipDocument::createWithFile($file['tmp_name'], self::studipData($file, $folder_id));
if (!$newfile) {
// file creation failed
throw new \AccessDeniedException(_('Stud.IP-Dokument konnte nicht erstellt werden.'));
}
return new WysiwygDocument($newfile, \studip_utf8decode($file['type']));
}
public function post_files_action()
{
$context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
$context_type = Request::option("context_type");
if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
throw new AccessDeniedException("Kein Zugriff");
}
//check folders
$db = DBManager::get();
$folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
$parent_folder_id = md5("Blubber_" . $context);
if ($context_type !== "course") {
$folder_id = $parent_folder_id;
}
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
if ($context_type === "course") {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
}
$output = array();
foreach ($_FILES as $file) {
$GLOBALS['msg'] = '';
if ($context_type === "course") {
validate_upload($file);
if ($GLOBALS['msg']) {
$output['errors'][] = $file['name'] . ': ' . studip_utf8encode(html_entity_decode(trim(substr($GLOBALS['msg'], 6), '§')));
continue;
}
}
if ($file['size']) {
$document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['seminar_id'] = $context;
$document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
$document['filesize'] = $file['size'];
if ($newfile = StudipDocument::createWithFile($file['tmp_name'], $document)) {
$type = null;
strpos($file['type'], 'image') === false || ($type = "img");
strpos($file['type'], 'video') === false || ($type = "video");
if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
$type = "audio";
}
$url = GetDownloadLink($newfile->getId(), $newfile['filename']);
if ($type) {
$output['inserts'][] = "[" . $type . "]" . $url;
} else {
$output['inserts'][] = "[" . $newfile['filename'] . "]" . $url;
}
}
}
}
$this->render_json($output);
}
/**
* Eine einzelne Datei in das Verzeichnis mit der dir_id einfuegen.
*/
function upload_zip_file($dir_id, $file) {
global $user;
$file_size = filesize($file);
if (!$file_size) {
return false;
}
$file_name = basename($file);
$data = array(
'filename' => $file_name,
'name' => $file_name,
'filesize' => $file_size,
'autor_host' => $_SERVER['REMOTE_ADDR'],
'user_id' => $user->id,
'range_id' => $dir_id,
'seminar_id' => Request::option('upload_seminar_id'),
'description' => '',
'author_name' => get_fullname()
);
$ret = StudipDocument::createWithFile($file, $data);
return (int)$ret;
}
/**
* Saves given files (dragged into the textarea) and returns the link to the
* file to the user as json.
* @throws AccessDeniedException
*/
public function post_files_action()
{
$context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
$context_type = Request::option("context_type");
if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
throw new AccessDeniedException();
}
//check folders
$db = DBManager::get();
$folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
$parent_folder_id = md5("Blubber_" . $context);
if ($context_type !== "course") {
$folder_id = $parent_folder_id;
}
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
if ($context_type === "course") {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
}
$output = array();
foreach ($_FILES as $file) {
$GLOBALS['msg'] = '';
validate_upload($file);
if ($GLOBALS['msg']) {
$output['errors'][] = $file['name'] . ': ' . decodeHTML(trim(substr($GLOBALS['msg'], 6), '§'));
continue;
}
if ($file['size']) {
$document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['seminar_id'] = $context;
$document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
$document['filesize'] = $file['size'];
if ($context === $GLOBALS['user']->id && Config::get()->PERSONALDOCUMENT_ENABLE) {
try {
$root_dir = RootDirectory::find($GLOBALS['user']->id);
$blubber_directory = $root_dir->listDirectories()->findOneBy('name', 'Blubber');
if (!$blubber_directory) {
$blubber_directory = $root_dir->mkdir('Blubber', _('Ihre Dateien aus Blubberstreams'));
}
$newfile = $blubber_directory->file->createFile($document['name']);
$newfile->name = $document['name'];
$newfile->store();
$handle = $newfile->file;
$handle->restricted = 0;
$handle->mime_type = $file['type'];
$handle->setContentFromFile($file['tmp_name']);
$handle->update();
$url = $newfile->getDownloadLink(true, true);
$success = true;
} catch (Exception $e) {
$output['error'][] = $e->getMessage();
$success = false;
}
} else {
$newfile = StudipDocument::createWithFile($file['tmp_name'], $document);
$success = (bool) $newfile;
if ($success) {
$url = GetDownloadLink($newfile->getId(), $newfile['filename']);
}
}
if ($success) {
$type = null;
strpos($file['type'], 'image') === false || ($type = "img");
strpos($file['type'], 'video') === false || ($type = "video");
if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
$type = "audio";
}
if ($type) {
$output['inserts'][] = "[" . $type . "]" . $url;
} else {
$output['inserts'][] = "[" . $document['filename'] . "]" . $url;
}
}
}
}
$this->render_json($output);
}
public function add_to_course_action($material_id)
{
$this->material = new LernmarktplatzMaterial($material_id);
if (Request::isPost() && Request::option("seminar_id") && $GLOBALS['perm']->have_studip_perm("autor", Request::option("seminar_id"))) {
//$course = new Course(Request::option("seminar_id"));
$query = "SELECT folder_id FROM folder WHERE range_id = ? ORDER BY name";
$statement = DBManager::get()->prepare($query);
$statement->execute(array(Request::option("seminar_id")));
$folder_id = $statement->fetch(PDO::FETCH_COLUMN, 0);
if ($folder_id && ($GLOBALS['perm']->have_studip_perm("tutor", Request::option("seminar_id")) || in_array("writable", DocumentFolder::find($folder_id)->getPermissions()))) {
if ($this->material['host_id']) {
$path = $GLOBALS['TMP_PATH'] . "/tmp_download_" . md5(uniqid());
file_put_contents($path, file_get_contents($this->material->host->url . "download/" . $this->material['foreign_material_id']));
} else {
$path = $this->material->getFilePath();
}
$document = StudipDocument::createWithFile($path, array('name' => $this->material['name'], 'range_id' => $folder_id, 'user_id' => $GLOBALS['user']->id, 'seminar_id' => Request::option("seminar_id"), 'description' => $this->material['description'] ?: $this->material['short_description'], 'filename' => $this->material['filename'], 'filesize' => filesize($path), 'author_name' => get_fullname()));
PageLayout::postMessage(MessageBox::success(_("Datei wurde erfolgreich kopiert.")));
$this->redirect(URLHelper::getURL("folder.php#anker", array('cid' => Request::option("seminar_id"), 'data' => array('cmd' => "tree", 'open' => array($folder_id => 1, $document->getId() => 1)), 'open' => $document->getId())));
if ($this->material['host_id']) {
//cleanup
@unlink($path);
}
} else {
PageLayout::postMessage(MessageBox::error(_("Veranstaltung hat keinen allgemeinen Dateiordner.")));
$this->redirect(PluginEngine::getURL($this->plugin, array(), "market/details/" . $material_id));
}
}
$this->courses = Course::findBySQL("INNER JOIN seminar_user USING (Seminar_id) WHERE seminar_user.user_id = ? ORDER BY seminare.mkdate DESC", array($GLOBALS['user']->id));
}
/**
* Lets the user compose a message and send it.
*/
public function write_action()
{
PageLayout::setTitle(_("Neue Nachricht schreiben"));
//collect possible default adressees
$this->to = array();
$this->default_message = new Message();
if (Request::username("rec_uname")) {
$user = new MessageUser();
$user->setData(array('user_id' => get_userid(Request::username("rec_uname")), 'snd_rec' => "rec"));
$this->default_message->receivers[] = $user;
}
if (Request::getArray("rec_uname")) {
foreach (Request::usernameArray("rec_uname") as $username) {
$user = new MessageUser();
$user->setData(array('user_id' => get_userid($username), 'snd_rec' => "rec"));
$this->default_message->receivers[] = $user;
}
}
if (Request::option("group_id")) {
$this->default_message->receivers = array();
$group = Statusgruppen::find(Request::option("group_id"));
if ($group['range_id'] === $GLOBALS['user']->id || $GLOBALS['perm']->have_studip_perm("autor", $group['range_id'])) {
foreach ($group->members as $member) {
$user = new MessageUser();
$user->setData(array('user_id' => $member['user_id'], 'snd_rec' => "rec"));
$this->default_message->receivers[] = $user;
}
}
}
if (Request::get('inst_id') && $GLOBALS['perm']->have_perm('admin')) {
$query = "SELECT user_id FROM user_inst WHERE Institut_id = ? AND inst_perms != 'user'";
$this->default_message->receivers = DBManager::get()->fetchAll($query, array(Request::option('inst_id')), 'MessageUser::build');
}
if (Request::get("filter") && Request::option("course_id")) {
$course = new Course(Request::option('course_id'));
if ($GLOBALS['perm']->have_studip_perm("tutor", Request::option('course_id')) || $course->getSemClass()['studygroup_mode']) {
$this->default_message->receivers = array();
if (Request::get("filter") === 'claiming') {
$cs = CourseSet::getSetForCourse(Request::option("course_id"));
if (is_object($cs) && !$cs->hasAlgorithmRun()) {
foreach (AdmissionPriority::getPrioritiesByCourse($cs->getId(), Request::option("course_id")) as $user_id => $p) {
$this->default_message->receivers[] = MessageUser::build(array('user_id' => $user_id, 'snd_rec' => 'rec'));
}
}
} else {
$params = array(Request::option('course_id'), Request::option('who'));
switch (Request::get("filter")) {
case 'send_sms_to_all':
$query = "SELECT b.user_id,'rec' as snd_rec FROM seminar_user a, auth_user_md5 b WHERE a.Seminar_id = ? AND a.user_id = b.user_id AND a.status = ? ORDER BY Nachname, Vorname";
break;
case 'all':
$query = "SELECT user_id,'rec' as snd_rec FROM seminar_user LEFT JOIN auth_user_md5 USING(user_id) WHERE Seminar_id = ? ORDER BY Nachname, Vorname";
break;
case 'prelim':
$query = "SELECT user_id,'rec' as snd_rec FROM admission_seminar_user LEFT JOIN auth_user_md5 USING(user_id) WHERE seminar_id = ? AND status='accepted' ORDER BY Nachname, Vorname";
break;
case 'awaiting':
$query = "SELECT user_id,'rec' as snd_rec FROM admission_seminar_user LEFT JOIN auth_user_md5 USING(user_id) WHERE seminar_id = ? AND status='awaiting' ORDER BY Nachname, Vorname";
break;
case 'inst_status':
$query = "SELECT b.user_id,'rec' as snd_rec FROM user_inst a, auth_user_md5 b WHERE a.Institut_id = ? AND a.user_id = b.user_id AND a.inst_perms = ? ORDER BY Nachname, Vorname";
break;
}
$this->default_message->receivers = DBManager::get()->fetchAll($query, $params, 'MessageUser::build');
}
}
}
if (Request::option('prof_id') && Request::option('deg_id') && $GLOBALS['perm']->have_perm('root')) {
$query = "SELECT DISTINCT user_id,'rec' as snd_rec\n FROM user_studiengang\n WHERE studiengang_id = ? AND abschluss_id = ?";
$this->default_message->receivers = DBManager::get()->fetchAll($query, array(Request::option('prof_id'), Request::option('deg_id')), 'MessageUser::build');
}
if (Request::option('sd_id') && $GLOBALS['perm']->have_perm('root')) {
$query = "SELECT DISTINCT user_id,'rec' as snd_rec\n FROM user_studiengang\n WHERE abschluss_id = ?";
$this->default_message->receivers = DBManager::get()->fetchAll($query, array(Request::option('sd_id')), 'MessageUser::build');
}
if (Request::option('sp_id') && $GLOBALS['perm']->have_perm('root')) {
$query = "SELECT DISTINCT user_id,'rec' as snd_rec\n FROM user_studiengang\n WHERE studiengang_id = ?";
$this->default_message->receivers = DBManager::get()->fetchAll($query, array(Request::option('sp_id')), 'MessageUser::build');
}
if (!$this->default_message->receivers->count() && is_array($_SESSION['sms_data']['p_rec'])) {
$this->default_message->receivers = DBManager::get()->fetchAll("SELECT user_id,'rec' as snd_rec FROM auth_user_md5 WHERE username IN(?) ORDER BY Nachname,Vorname", array($_SESSION['sms_data']['p_rec']), 'MessageUser::build');
unset($_SESSION['sms_data']);
}
if (Request::option("answer_to")) {
$this->default_message->receivers = array();
$old_message = new Message(Request::option("answer_to"));
if (!$old_message->permissionToRead()) {
throw new AccessDeniedException("Message is not for you.");
}
if (!Request::get('forward')) {
if (Request::option("quote") === $old_message->getId()) {
if (Studip\Markup::isHtml($old_message['message'])) {
$this->default_message['message'] = "<div>[quote]\n" . $old_message['message'] . "\n[/quote]</div>";
} else {
$this->default_message['message'] = "[quote]\n" . $old_message['message'] . "\n[/quote]";
}
}
$this->default_message['subject'] = substr($old_message['subject'], 0, 4) === "RE: " ? $old_message['subject'] : "RE: " . $old_message['subject'];
$user = new MessageUser();
$user->setData(array('user_id' => $old_message['autor_id'], 'snd_rec' => "rec"));
$this->default_message->receivers[] = $user;
$this->answer_to = $old_message->id;
} else {
$messagesubject = 'FWD: ' . $old_message['subject'];
$message = _("-_-_ Weitergeleitete Nachricht _-_-");
$message .= "\n" . _("Betreff") . ": " . $old_message['subject'];
$message .= "\n" . _("Datum") . ": " . strftime('%x %X', $old_message['mkdate']);
$message .= "\n" . _("Von") . ": " . get_fullname($old_message['autor_id']);
$num_recipients = $old_message->getNumRecipients();
if ($GLOBALS['user']->id == $old_message->autor_id) {
$message .= "\n" . _("An") . ": " . ($num_recipients == 1 ? _('Eine Person') : sprintf(_('%s Personen'), $num_recipients));
} else {
$message .= "\n" . _("An") . ": " . $GLOBALS['user']->getFullname() . ($num_recipients > 1 ? ' ' . sprintf(_('(und %d weitere)'), $num_recipients) : '');
}
$message .= "\n\n";
if (Studip\Markup::isHtml($old_message['message'])) {
$message = '<div>' . htmlReady($message, false, true) . '</div>' . $old_message['message'];
} else {
$message .= $old_message['message'];
}
if (count($old_message->attachments)) {
Request::set('message_id', $old_message->getNewId());
foreach ($old_message->attachments as $attachment) {
$attachment->range_id = 'provisional';
$attachment->seminar_id = $GLOBALS['user']->id;
$attachment->autor_host = $_SERVER['REMOTE_ADDR'];
$attachment->user_id = $GLOBALS['user']->id;
$attachment->description = Request::option('message_id');
$new_attachment = $attachment->toArray(array('range_id', 'user_id', 'seminar_id', 'name', 'description', 'filename', 'filesize'));
$new_attachment = StudipDocument::createWithFile(get_upload_file_path($attachment->getId()), $new_attachment);
$this->default_attachments[] = array('icon' => GetFileIcon(getFileExtension($new_attachment['filename']))->asImg(['class' => "text-bottom"]), 'name' => $new_attachment['filename'], 'document_id' => $new_attachment->id, 'size' => relsize($new_attachment['filesize'], false));
}
}
$this->default_message['subject'] = $messagesubject;
$this->default_message['message'] = $message;
}
}
if (Request::get("default_body")) {
$this->default_message['message'] = Request::get("default_body");
}
if (Request::get("default_subject")) {
$this->default_message['subject'] = Request::get("default_subject");
}
$settings = UserConfig::get($GLOBALS['user']->id)->MESSAGING_SETTINGS;
$this->mailforwarding = Request::get('emailrequest') ? true : $settings['request_mail_forward'];
if (trim($settings['sms_sig'])) {
if (Studip\Markup::isHtml($this->default_message['message']) || Studip\Markup::isHtml($settings['sms_sig'])) {
if (!Studip\Markup::isHtml($this->default_message['message'])) {
$this->default_message['message'] = '<div>' . nl2br($this->default_message['message']) . '</div>';
}
$this->default_message['message'] .= '<br><br>--<br>';
if (Studip\Markup::isHtml($settings['sms_sig'])) {
$this->default_message['message'] .= $settings['sms_sig'];
} else {
$this->default_message['message'] .= formatReady($settings['sms_sig']);
}
} else {
$this->default_message['message'] .= "\n\n--\n" . $settings['sms_sig'];
}
}
NotificationCenter::postNotification("DefaultMessageForComposerCreated", $this->default_message);
}
/**
* Update einer Datei bzw. eines Ordners
*
* @put /file/:file_id
*/
public function putFile($id)
{
$folder = $this->loadFolder($id);
if (!$folder) {
$document = $this->loadFile($id);
$folder = $this->loadFolder($document['range_id']);
}
if (!$folder) {
$this->error(404, 'folder does not exist');
}
if ($document) {
foreach (words('name description protected') as $c) {
if (isset($this->data[$c])) {
$document[$c] = $this->data[$c];
}
}
if (is_array($this->data['_FILES']) && count($this->data['_FILES'])) {
//fileupload
$file = current($this->data['_FILES']);
$GLOBALS['msg'] = '';
validate_upload($file);
if ($GLOBALS['msg']) {
$this->error(400, decodeHTML(trim(substr($GLOBALS['msg'], 6), '§')));
}
if ($file['size']) {
$document['filename'] = strtolower($file['name']);
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['filesize'] = $file['size'];
$document['autor_host'] = $_SERVER['REMOTE_ADDR'];
$ok = \StudipDocument::createWithFile($file['tmp_name'], $document);
@unlink($file['tmp_name']);
}
if (!$ok) {
$this->error(400, 'could not create file');
}
} else {
$document->store();
}
} else {
//update folder
foreach (words('name description') as $c) {
if (isset($this->data[$c])) {
$folder[$c] = $this->data[$c];
}
}
$folder->store();
}
$this->status(204);
$this->body(null);
//no content means no content
}