// +---------------------------------------------------------------------------+
ob_start();
require '../lib/bootstrap.php';
page_open(array("sess" => "Seminar_Session", "auth" => "Seminar_Default_Auth", "perm" => "Seminar_Perm", "user" => "Seminar_User"));
require_once 'lib/datei.inc.php';
//basename() needs setlocale()
init_i18n($_SESSION['_language']);
// Set Base URL, otherwise links will fail on SENDFILE_LINK_MODE = rewrite
URLHelper::setBaseURL($GLOBALS['ABSOLUTE_URI_STUDIP']);
$file_id = escapeshellcmd(basename(Request::get('file_id')));
$type = Request::int('type');
if ($type < 0 || $type > 7) {
$type = 0;
}
$document = new StudipDocument($file_id);
$object_id = $document->getValue('seminar_id');
$no_access = true;
//download from course or institute or document is a message attachement
if ($object_id && in_array($type, array(0, 6, 7))) {
$no_access = !$document->checkAccess($GLOBALS['user']->id);
}
//download from archive, allowed if former participant
if ($type == 1) {
$query = "SELECT seminar_id FROM archiv WHERE archiv_file_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($file_id));
$archiv_seminar_id = $statement->fetchColumn();
if ($archiv_seminar_id) {
$no_access = !archiv_check_perm($archiv_seminar_id);
} else {
$query = "SELECT seminar_id FROM archiv WHERE archiv_protected_file_id = ?";
public function upload_attachment_action()
{
if ($GLOBALS['user']->id === "nobody") {
throw new AccessDeniedException();
}
if (!$GLOBALS['ENABLE_EMAIL_ATTACHMENTS']) {
throw new AccessDeniedException(_('Mailanhänge sind nicht erlaubt.'));
}
$file = studip_utf8decode($_FILES['file']);
$output = array('name' => $file['name'], 'size' => $file['size']);
$output['message_id'] = Request::option("message_id");
if (!validate_upload($file)) {
list($type, $error) = explode("§", $GLOBALS['msg']);
throw new Exception($error);
}
$document = new StudipDocument();
$document->setValue('range_id', 'provisional');
$document->setValue('seminar_id', $GLOBALS['user']->id);
$document->setValue('name', $output['name']);
$document->setValue('filename', $document->getValue('name'));
$document->setValue('filesize', (int) $output['size']);
$document->setValue('autor_host', $_SERVER['REMOTE_ADDR']);
$document->setValue('user_id', $GLOBALS['user']->id);
$document->setValue('description', Request::option('message_id'));
$success = $document->store();
if (!$success) {
throw new Exception("Unable to handle uploaded file.");
}
$file_moved = move_uploaded_file($file['tmp_name'], get_upload_file_path($document->getId()));
if (!$file_moved) {
throw new Exception("No permission to move file to destination.");
}
$output['document_id'] = $document->getId();
$output['icon'] = GetFileIcon(getFileExtension($output['name']))->asImg(['class' => "text-bottom"]);
$this->render_json($output);
}
/**
*
* checks if the 'protected' flag of a file is set and if
* the course access is closed
*
* @param string MD5 id of the file
* @return bool
*/
function check_protected_download($document_id) {
$ok = true;
if (Config::GetInstance()->getValue('ENABLE_PROTECTED_DOWNLOAD_RESTRICTION')) {
$doc = new StudipDocument($document_id);
if ($doc->getValue('protected')) {
$ok = false;
$range_id = $doc->getValue('seminar_id');
if (get_object_type($range_id) == 'sem') {
$seminar = Seminar::GetInstance($range_id);
$timed_admission = $seminar->getAdmissionTimeFrame();
if ($seminar->isPasswordProtected() ||
$seminar->isAdmissionLocked()
|| ($timed_admission['end_time'] > 0 && $timed_admission['end_time'] < time())) {
$ok = true;
} else if (StudygroupModel::isStudygroup($range_id)) {
$studygroup = Seminar::GetInstance($range_id);
if ($studygroup->admission_prelim == 1) {
$ok = true;
}
}
}
}
}
return $ok;
}
/**
* @param $dokument_id
* @return StudipMail provides fluent interface
*/
function addStudipAttachment($dokument_id)
{
$doc = new StudipDocument($dokument_id);
if (!$doc->isNew()) {
$this->addFileAttachment(get_upload_file_path($doc->getId()), $doc->getValue('filename'));
}
return $this;
}
