/** * Unzip the exercise in the temp folder * @param string The path of the temporary directory where the exercise was uploaded and unzipped * @param string * @return bool */ function get_and_unzip_uploaded_exercise($baseWorkDir, $uploadPath) { $_course = api_get_course_info(); $_user = api_get_user_info(); //Check if the file is valid (not to big and exists) if (!isset($_FILES['userFile']) || !is_uploaded_file($_FILES['userFile']['tmp_name'])) { // upload failed return false; } if (preg_match('/.zip$/i', $_FILES['userFile']['name']) && handle_uploaded_document($_course, $_FILES['userFile'], $baseWorkDir, $uploadPath, $_user['user_id'], 0, null, 1)) { return true; } return false; }
/** * Gets the uploaded file (from $_FILES) and unzip it to the given directory * @param string The directory where to do the work * @param string The path of the temporary directory where the exercise was uploaded and unzipped * @return bool True on success, false on failure */ function get_and_unzip_uploaded_exercise($baseWorkDir, $uploadPath) { global $_course, $_user; //Check if the file is valid (not to big and exists) if (!isset($_FILES['userFile']) || !is_uploaded_file($_FILES['userFile']['tmp_name'])) { // upload failed return false; } if (preg_match('/.zip$/i', $_FILES['userFile']['name']) && handle_uploaded_document($_course, $_FILES['userFile'], $baseWorkDir, $uploadPath, $_user['user_id'], 0, null, 1, 'overwrite', false)) { if (!function_exists('gzopen')) { return false; } // upload successful return true; } elseif (preg_match('/.txt/i', $_FILES['userFile']['name']) && handle_uploaded_document($_course, $_FILES['userFile'], $baseWorkDir, $uploadPath, $_user['user_id'], 0, null, 0, 'overwrite', false)) { return true; } else { return false; } }
/** * @param array $values * @param array $file $_FILES['uploaded_file'] * @param bool $deleteFile */ public function save($values, $file = array(), $deleteFile = false) { $table = Database::get_main_table('session_rel_course_legal'); $courseId = $values['c_id']; $sessionId = $values['session_id']; $conditions = array('c_id' => $courseId, 'session_id' => $sessionId); $course = api_get_course_info_by_id($courseId); $legalData = $this->getData($courseId, $sessionId); $coursePath = api_get_path(SYS_COURSE_PATH) . $course['directory'] . '/courselegal'; $uploadResult = $coursePath . '/' . $legalData['filename']; if (!is_dir($coursePath)) { mkdir($coursePath, api_get_permissions_for_new_directories()); } $uploadOk = process_uploaded_file($file, false); $fileName = null; if ($uploadOk) { $uploadResult = handle_uploaded_document($course, $file, $coursePath, '/', api_get_user_id(), api_get_group_id(), null, false, false, false, true); if ($uploadResult) { $fileName = basename($uploadResult); // Delete old one if exists. if ($legalData) { if (!empty($legalData['filename'])) { $fileToDelete = $coursePath . '/' . $legalData['filename']; if (file_exists($fileToDelete)) { unlink($fileToDelete); } } } } } $conditions['content'] = $values['content']; $conditions['filename'] = $fileName; if (empty($legalData)) { $id = Database::insert($table, $conditions); } else { $id = $legalData['id']; $updateParams = array('content' => $values['content']); if (!empty($fileName)) { $updateParams['filename'] = $fileName; } Database::update($table, $updateParams, array('id = ? ' => $id)); } if ($deleteFile) { Database::update($table, array('filename' => ''), array('id = ? ' => $id)); if (!empty($legalData['filename'])) { $fileToDelete = $coursePath . '/' . $legalData['filename']; if (file_exists($fileToDelete)) { unlink($fileToDelete); } } } if (isset($values['remove_previous_agreements']) && !empty($values['remove_previous_agreements'])) { $this->removePreviousAgreements($courseId, $sessionId); } $warnUsers = isset($values['warn_users_by_email']) ? $values['warn_users_by_email'] : null; switch ($warnUsers) { case '1': // Nothing break; case '2': // Send mail $this->warnUsersByEmail($courseId, $sessionId); break; case '3': // Send mail + attachment if exists. if (!empty($legalData['filename'])) { $this->warnUsersByEmail($courseId, $sessionId, $uploadResult); } break; } }
/** * Updates an item's content in place * @param integer Element ID * @param integer Parent item ID * @param integer Previous item ID * @param string Item title * @param string Item description * @param string Prerequisites (optional) * @param string Indexing terms (optional) * @param array The array resulting of the $_FILES[mp3] element * @return boolean True on success, false on error */ function edit_item($id, $parent, $previous, $title, $description, $prerequisites = 0, $audio = NULL, $max_time_allowed = 0) { global $charset; if ($this->debug > 0) { error_log('New LP - In learnpath::edit_item()', 0); } if (empty($max_time_allowed)) { $max_time_allowed = 0; } if (empty($id) or $id != strval(intval($id)) or empty($title)) { return false; } $title = api_convert_encoding($title, $this->encoding, $charset); $description = api_convert_encoding($description, $this->encoding, $charset); $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM); $sql_select = "SELECT * FROM " . $tbl_lp_item . " WHERE id = " . $id; $res_select = Database::query($sql_select, __FILE__, __LINE__); $row_select = Database::fetch_array($res_select); $audio_update_sql = ''; if (is_array($audio) && !empty($audio['tmp_name']) && $audio['error'] === 0) { // create the audio folder if it does not exist yet global $_course; $filepath = api_get_path('SYS_COURSE_PATH') . $_course['path'] . '/document/'; if (!is_dir($filepath . 'audio')) { $perm = api_get_setting('permissions_for_new_directories'); $perm = octdec(!empty($perm) ? $perm : '0770'); mkdir($filepath . 'audio', $perm); $audio_id = add_document($_course, '/audio', 'folder', 0, 'audio'); api_item_property_update($_course, TOOL_DOCUMENT, $audio_id, 'FolderCreated', api_get_user_id(), null, null, null, null, api_get_session_id()); } //upload file in documents $pi = pathinfo($audio['name']); if ($pi['extension'] == 'mp3') { $c_det = api_get_course_info($this->cc); $bp = api_get_path(SYS_COURSE_PATH) . $c_det['path'] . '/document'; $path = handle_uploaded_document($c_det, $audio, $bp, '/audio', api_get_user_id(), 0, null, '', 0, 'rename', false, 0); $path = substr($path, 7); //update reference in lp_item - audio path is the path from inside de document/audio/ dir $audio_update_sql = ", audio = '" . Database::escape_string($path) . "' "; } } $same_parent = $row_select['parent_item_id'] == $parent ? true : false; $same_previous = $row_select['previous_item_id'] == $previous ? true : false; //TODO: htmlspecialchars to be checked for encoding related problems. if ($same_parent && $same_previous) { //only update title and description $sql_update = " UPDATE " . $tbl_lp_item . "\n\t\t\t \t\t\tSET title = '" . $this->escape_string($title) . "',\n\t\t\t\t\t\t\t\tprerequisite = '" . $prerequisites . "',\n\t\t\t \t\t\t\tdescription = '" . $this->escape_string($description) . "'\n\t\t\t " . $audio_update_sql . ",\n\t\t\t max_time_allowed = '" . $this->escape_string($max_time_allowed) . "'\n\t\t\t \t\t\tWHERE id = " . $id; $res_update = Database::query($sql_update, __FILE__, __LINE__); } else { $old_parent = $row_select['parent_item_id']; $old_previous = $row_select['previous_item_id']; $old_next = $row_select['next_item_id']; $old_order = $row_select['display_order']; $old_prerequisite = $row_select['prerequisite']; $old_max_time_allowed = $row_select['max_time_allowed']; /* BEGIN -- virtually remove the current item id */ /* for the next and previous item it is like the current item doesn't exist anymore */ if ($old_previous != 0) { $sql_update_next = "\n\t\t\t\t\t\t \t\tUPDATE " . $tbl_lp_item . "\n\t\t\t\t\t\t \t\tSET next_item_id = " . $old_next . "\n\t\t\t\t\t\t \t\tWHERE id = " . $old_previous; $res_update_next = Database::query($sql_update_next, __FILE__, __LINE__); //echo '<p>' . $sql_update_next . '</p>'; } if ($old_next != 0) { $sql_update_previous = "\n\t\t\t\t\t\t \t\tUPDATE " . $tbl_lp_item . "\n\t\t\t\t\t\t \t\tSET previous_item_id = " . $old_previous . "\n\t\t\t\t\t\t \t\tWHERE id = " . $old_next; $res_update_previous = Database::query($sql_update_previous, __FILE__, __LINE__); //echo '<p>' . $sql_update_previous . '</p>'; } //display_order - 1 for every item with a display_order bigger then the display_order of the current item $sql_update_order = "\n\t\t\t\t \t\tUPDATE " . $tbl_lp_item . "\n\t\t\t\t \t\tSET display_order = display_order - 1\n\t\t\t\t \t\tWHERE\n\t\t\t\t \t\t\tdisplay_order > " . $old_order . " AND lp_id = " . $this->lp_id . " AND\n\t\t\t\t \t\t\tparent_item_id = " . $old_parent; $res_update_order = Database::query($sql_update_order, __FILE__, __LINE__); //echo '<p>' . $sql_update_order . '</p>'; /* END -- virtually remove the current item id */ /* BEGIN -- update the current item id to his new location */ if ($previous == 0) { //select the data of the item that should come after the current item $sql_select_old = "\n\t\t\t\t\t \t\t\tSELECT\n\t\t\t\t\t \t\t\t\tid,\n\t\t\t\t\t \t\t\t\tdisplay_order\n\t\t\t\t\t \t\t\tFROM " . $tbl_lp_item . "\n\t\t\t\t\t \t\t\tWHERE\n\t\t\t\t\t \t\t\t\tlp_id = " . $this->lp_id . " AND\n\t\t\t\t\t \t\t\t\tparent_item_id = " . $parent . " AND\n\t\t\t\t\t \t\t\t\tprevious_item_id = " . $previous; $res_select_old = Database::query($sql_select_old, __FILE__, __LINE__); $row_select_old = Database::fetch_array($res_select_old); //echo '<p>' . $sql_select_old . '</p>'; //if the new parent didn't have children before if (Database::num_rows($res_select_old) == 0) { $new_next = 0; $new_order = 1; } else { $new_next = $row_select_old['id']; $new_order = $row_select_old['display_order']; } //echo 'New next_item_id of current item: ' . $new_next . '<br />'; //echo 'New previous_item_id of current item: ' . $previous . '<br />'; //echo 'New display_order of current item: ' . $new_order . '<br />'; } else { //select the data of the item that should come before the current item $sql_select_old = "\n\t\t\t\t\t \t\t\tSELECT\n\t\t\t\t\t \t\t\t\tnext_item_id,\n\t\t\t\t\t \t\t\t\tdisplay_order\n\t\t\t\t\t \t\t\tFROM " . $tbl_lp_item . "\n\t\t\t\t\t \t\t\tWHERE id = " . $previous; $res_select_old = Database::query($sql_select_old, __FILE__, __LINE__); $row_select_old = Database::fetch_array($res_select_old); //echo '<p>' . $sql_select_old . '</p>'; //echo 'New next_item_id of current item: ' . $row_select_old['next_item_id'] . '<br />'; //echo 'New previous_item_id of current item: ' . $previous . '<br />'; //echo 'New display_order of current item: ' . ($row_select_old['display_order'] + 1) . '<br />'; $new_next = $row_select_old['next_item_id']; $new_order = $row_select_old['display_order'] + 1; } //TODO: htmlspecialchars to be checked for encoding related problems. //update the current item with the new data $sql_update = "\n\t\t\t\t \t\tUPDATE " . $tbl_lp_item . "\n\t\t\t\t \t\tSET\n\t\t\t\t \t\t\ttitle = '" . $this->escape_string($title) . "',\n\t\t\t\t \t\t\tdescription = '" . $this->escape_string($description) . "',\n\t\t\t\t \t\t\tparent_item_id = " . $parent . ",\n\t\t\t\t \t\t\tprevious_item_id = " . $previous . ",\n\t\t\t\t \t\t\tnext_item_id = " . $new_next . ",\n\t\t\t\t \t\t\tdisplay_order = " . $new_order . "\n\t\t\t " . $audio_update_sql . "\n\t\t\t\t \t\tWHERE id = " . $id; $res_update_next = Database::query($sql_update, __FILE__, __LINE__); //echo '<p>' . $sql_update . '</p>'; if ($previous != 0) { //update the previous item's next_item_id $sql_update_previous = "\n\t\t\t\t\t\t\t \tUPDATE " . $tbl_lp_item . "\n\t\t\t\t\t\t\t \tSET next_item_id = " . $id . "\n\t\t\t\t\t\t\t \tWHERE id = " . $previous; $res_update_next = Database::query($sql_update_previous, __FILE__, __LINE__); //echo '<p>' . $sql_update_previous . '</p>'; } if ($new_next != 0) { //update the next item's previous_item_id $sql_update_next = "\n\t\t\t\t\t\t\t \tUPDATE " . $tbl_lp_item . "\n\t\t\t\t\t\t\t \tSET previous_item_id = " . $id . "\n\t\t\t\t\t\t\t \tWHERE id = " . $new_next; $res_update_next = Database::query($sql_update_next, __FILE__, __LINE__); //echo '<p>' . $sql_update_next . '</p>'; } if ($old_prerequisite != $prerequisites) { $sql_update_next = "\n\t\t\t\t\t\t \t\tUPDATE " . $tbl_lp_item . "\n\t\t\t\t\t\t \t\tSET prerequisite = " . $prerequisites . "\n\t\t\t\t\t\t \t\tWHERE id = " . $id; $res_update_next = Database::query($sql_update_next, __FILE__, __LINE__); } if ($old_max_time_allowed != $max_time_allowed) { $sql_update_max_time_allowed = "\n\t\t\t\t\t\t \t\tUPDATE " . $tbl_lp_item . "\n\t\t\t\t\t\t \t\tSET max_time_allowed = " . $max_time_allowed . "\n\t\t\t\t\t\t \t\tWHERE id = " . $id; $res_update_max_time_allowed = Database::query($sql_update_max_time_allowed, __FILE__, __LINE__); } //update all the items with the same or a bigger display_order than //the current item $sql_update_order = "\n\t\t\t\t\t\t \tUPDATE " . $tbl_lp_item . "\n\t\t\t\t\t\t \tSET display_order = display_order + 1\n\t\t\t\t\t\t \tWHERE\n\t\t\t\t\t\t \t\tlp_id = " . $this->get_id() . " AND\n\t\t\t\t\t\t \t\tid <> " . $id . " AND\n\t\t\t\t\t\t \t\tparent_item_id = " . $parent . " AND\n\t\t\t\t\t\t \t\tdisplay_order >= " . $new_order; $res_update_next = Database::query($sql_update_order, __FILE__, __LINE__); //echo '<p>' . $sql_update_order . '</p>'; /* END -- update the current item id to his new location */ } }
/** * @param string $filePath * @param string $path * @param array $courseInfo * @param int $sessionId * @param string $whatIfFileExists overwrite|rename * @param int $userId * @param int $groupId * @param int $toUserId * @param string $comment * @return bool|path */ public static function addFileToDocumentTool($filePath, $path, $courseInfo, $sessionId, $userId, $whatIfFileExists = 'overwrite', $groupId = null, $toUserId = null, $comment = null) { if (!file_exists($filePath)) { return false; } $fileInfo = pathinfo($filePath); $file = array('name' => $fileInfo['basename'], 'tmp_name' => $filePath, 'size' => filesize($filePath), 'from_file' => true); $course_dir = $courseInfo['path'] . '/document'; $baseWorkDir = api_get_path(SYS_COURSE_PATH) . $course_dir; $filePath = handle_uploaded_document($courseInfo, $file, $baseWorkDir, $path, $userId, $groupId, $toUserId, false, $whatIfFileExists, false, false, $comment, $sessionId); if ($filePath) { return DocumentManager::get_document_id($courseInfo, $filePath, $sessionId); } return false; }
* Header */ $nameTools = get_lang('UplUploadDocument'); $interbreadcrumb[] = array("url" => "./document.php?curdirpath=" . urlencode($path) . $req_gid, "name" => $langDocuments); Display::display_header($nameTools, "Doc"); //show the title api_display_tool_title($nameTools . $add_group_to_title); /** * Process */ //user has submitted a file if (isset($_FILES['user_upload'])) { $upload_ok = process_uploaded_file($_FILES['user_upload']); if ($upload_ok) { //file got on the server without problems, now process it $new_path = handle_uploaded_document($_course, $_FILES['user_upload'], $base_work_dir, $_POST['curdirpath'], $_user['user_id'], $to_group_id, $to_user_id, $_POST['unzip'], $_POST['if_exists']); $new_comment = isset($_POST['comment']) ? trim($_POST['comment']) : ''; $new_title = isset($_POST['title']) ? trim($_POST['title']) : ''; if ($new_path && ($new_comment || $new_title)) { if ($docid = DocumentManager::get_document_id($_course, $new_path)) { $table_document = Database::get_course_table(TABLE_DOCUMENT); $ct = ''; if ($new_comment) { $ct .= ", comment='{$new_comment}'"; } if ($new_title) { $ct .= ", title='{$new_title}'"; } Database::query("UPDATE {$table_document} SET" . substr($ct, 1) . " WHERE id = '{$docid}'"); } }
/** * This recursive function can be used during the upgrade process form older * versions of Chamilo * It crawls the given directory, checks if the file is in the DB and adds * it if it's not * * @param array $courseInfo * @param array $userInfo * @param string $base_work_dir * @param string $folderPath * @param int $sessionId * @param int $groupId * @param bool $output * @param array $parent * @param string $uploadPath * */ function add_all_documents_in_folder_to_database($courseInfo, $userInfo, $base_work_dir, $folderPath, $sessionId = 0, $groupId = 0, $output = false, $parent = array()) { if (empty($userInfo) || empty($courseInfo)) { return false; } $userId = $userInfo['user_id']; // Open dir $handle = opendir($folderPath); $files = array(); if (is_dir($folderPath)) { // Run trough while ($file = readdir($handle)) { if ($file == '.' || $file == '..') { continue; } $parentPath = null; if (!empty($parent) && isset($parent['path'])) { $parentPath = $parent['path']; if ($parentPath == '/') { $parentPath = null; } } $completePath = $parentPath . '/' . $file; $sysFolderPath = $folderPath . '/' . $file; // Is directory? if (is_dir($sysFolderPath)) { $newFolderData = create_unexisting_directory($courseInfo, $userId, $sessionId, $groupId, null, $base_work_dir, $completePath, null, null, true); $files[$file] = $newFolderData; // Recursive add_all_documents_in_folder_to_database($courseInfo, $userInfo, $base_work_dir, $sysFolderPath, $sessionId, $groupId, $output, $newFolderData); } else { // Rename $uploadedFile = array('name' => $file, 'tmp_name' => $sysFolderPath, 'size' => filesize($sysFolderPath), 'type' => null, 'from_file' => true, 'move_file' => true); handle_uploaded_document($courseInfo, $uploadedFile, $base_work_dir, $parentPath, $userId, $groupId, null, 0, 'overwrite', $output, false, null, $sessionId); } } } }
$clean_name = disable_dangerous_file($clean_name); $check_file_path = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document/audio/' . $clean_name; // If the file exists we generate a new name. if (file_exists($check_file_path)) { $filename_components = explode('.', $clean_name); // Gettting the extension of the file. $file_extension = $filename_components[count($filename_components) - 1]; // Adding something random to prevent overwriting. $filename_components[count($filename_components) - 1] = time(); // Reconstructing the new filename. $clean_name = implode($filename_components) . '.' . $file_extension; // Using the new name in the $_FILES superglobal. $_FILES[$key]['name'] = $clean_name; } // Upload the file in the documents tool. $file_path = handle_uploaded_document($_course, $_FILES[$key], api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document', '/audio', api_get_user_id(), '', '', '', '', false); // Getting the filename only. $file_components = explode('/', $file_path); $file = $file_components[count($file_components) - 1]; // Store the mp3 file in the lp_item table. $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM); $sql_insert_audio = "UPDATE {$tbl_lp_item} SET audio = '" . Database::escape_string($file) . "'\n WHERE c_id = {$course_id} AND id = '" . Database::escape_string($lp_item_id) . "'"; Database::query($sql_insert_audio); } } //Display::display_confirmation_message(get_lang('ItemUpdated')); $url = api_get_self() . '?action=add_item&type=step&lp_id=' . intval($learnpath->lp_id); header('Location: ' . $url); exit; } Display::display_header(null, 'Path');
/** * Updates an item's content in place * @param integer $id Element ID * @param integer $parent Parent item ID * @param integer $previous Previous item ID * @param string $title Item title * @param string $description Item description * @param string $prerequisites Prerequisites (optional) * @param array $audio The array resulting of the $_FILES[mp3] element * @param int $max_time_allowed * @param string $url * @return boolean True on success, false on error */ public function edit_item($id, $parent, $previous, $title, $description, $prerequisites = '0', $audio = array(), $max_time_allowed = 0, $url = '') { $course_id = api_get_course_int_id(); $_course = api_get_course_info(); if ($this->debug > 0) { error_log('New LP - In learnpath::edit_item()', 0); } if (empty($max_time_allowed)) { $max_time_allowed = 0; } if (empty($id) || $id != strval(intval($id)) || empty($title)) { return false; } $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM); $sql_select = "SELECT * FROM " . $tbl_lp_item . " WHERE c_id = " . $course_id . " AND id = " . $id; $res_select = Database::query($sql_select); $row_select = Database::fetch_array($res_select); $audio_update_sql = ''; if (is_array($audio) && !empty($audio['tmp_name']) && $audio['error'] === 0) { // Create the audio folder if it does not exist yet. $filepath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document/'; if (!is_dir($filepath . 'audio')) { mkdir($filepath . 'audio', api_get_permissions_for_new_directories()); $audio_id = add_document($_course, '/audio', 'folder', 0, 'audio'); api_item_property_update($_course, TOOL_DOCUMENT, $audio_id, 'FolderCreated', api_get_user_id(), null, null, null, null, api_get_session_id()); api_item_property_update($_course, TOOL_DOCUMENT, $audio_id, 'invisible', api_get_user_id(), null, null, null, null, api_get_session_id()); } // Upload file in documents. $pi = pathinfo($audio['name']); if ($pi['extension'] == 'mp3') { $c_det = api_get_course_info($this->cc); $bp = api_get_path(SYS_COURSE_PATH) . $c_det['path'] . '/document'; $path = handle_uploaded_document($c_det, $audio, $bp, '/audio', api_get_user_id(), 0, null, 0, 'rename', false, 0); $path = substr($path, 7); // Update reference in lp_item - audio path is the path from inside de document/audio/ dir. $audio_update_sql = ", audio = '" . Database::escape_string($path) . "' "; } } $same_parent = $row_select['parent_item_id'] == $parent ? true : false; $same_previous = $row_select['previous_item_id'] == $previous ? true : false; // TODO: htmlspecialchars to be checked for encoding related problems. if ($same_parent && $same_previous) { // Only update title and description. $sql = "UPDATE " . $tbl_lp_item . "\n SET title = '" . Database::escape_string($title) . "',\n prerequisite = '" . $prerequisites . "',\n description = '" . Database::escape_string($description) . "'\n " . $audio_update_sql . ",\n max_time_allowed = '" . Database::escape_string($max_time_allowed) . "'\n WHERE c_id = " . $course_id . " AND id = " . $id; Database::query($sql); } else { $old_parent = $row_select['parent_item_id']; $old_previous = $row_select['previous_item_id']; $old_next = $row_select['next_item_id']; $old_order = $row_select['display_order']; $old_prerequisite = $row_select['prerequisite']; $old_max_time_allowed = $row_select['max_time_allowed']; /* BEGIN -- virtually remove the current item id */ /* for the next and previous item it is like the current item doesn't exist anymore */ if ($old_previous != 0) { // Next $sql = "UPDATE " . $tbl_lp_item . "\n SET next_item_id = " . $old_next . "\n WHERE c_id = " . $course_id . " AND id = " . $old_previous; Database::query($sql); } if ($old_next != 0) { // Previous $sql = "UPDATE " . $tbl_lp_item . "\n SET previous_item_id = " . $old_previous . "\n WHERE c_id = " . $course_id . " AND id = " . $old_next; Database::query($sql); } // display_order - 1 for every item with a display_order bigger then the display_order of the current item. $sql = "UPDATE " . $tbl_lp_item . "\n SET display_order = display_order - 1\n WHERE\n c_id = " . $course_id . " AND\n display_order > " . $old_order . " AND\n lp_id = " . $this->lp_id . " AND\n parent_item_id = " . $old_parent; Database::query($sql); /* END -- virtually remove the current item id */ /* BEGIN -- update the current item id to his new location */ if ($previous == 0) { // Select the data of the item that should come after the current item. $sql = "SELECT id, display_order\n FROM " . $tbl_lp_item . "\n WHERE\n c_id = " . $course_id . " AND\n lp_id = " . $this->lp_id . " AND\n parent_item_id = " . $parent . " AND\n previous_item_id = " . $previous; $res_select_old = Database::query($sql); $row_select_old = Database::fetch_array($res_select_old); // If the new parent didn't have children before. if (Database::num_rows($res_select_old) == 0) { $new_next = 0; $new_order = 1; } else { $new_next = $row_select_old['id']; $new_order = $row_select_old['display_order']; } } else { // Select the data of the item that should come before the current item. $sql = "SELECT next_item_id, display_order\n FROM " . $tbl_lp_item . "\n WHERE c_id = " . $course_id . " AND id = " . $previous; $res_select_old = Database::query($sql); $row_select_old = Database::fetch_array($res_select_old); $new_next = $row_select_old['next_item_id']; $new_order = $row_select_old['display_order'] + 1; } // TODO: htmlspecialchars to be checked for encoding related problems. // Update the current item with the new data. $sql = "UPDATE " . $tbl_lp_item . "\n SET\n title = '" . Database::escape_string($title) . "',\n description = '" . Database::escape_string($description) . "',\n parent_item_id = " . $parent . ",\n previous_item_id = " . $previous . ",\n next_item_id = " . $new_next . ",\n display_order = " . $new_order . "\n " . $audio_update_sql . "\n WHERE c_id = " . $course_id . " AND id = " . $id; Database::query($sql); if ($previous != 0) { // Update the previous item's next_item_id. $sql = "UPDATE " . $tbl_lp_item . "\n SET next_item_id = " . $id . "\n WHERE c_id = " . $course_id . " AND id = " . $previous; Database::query($sql); } if ($new_next != 0) { // Update the next item's previous_item_id. $sql = "UPDATE " . $tbl_lp_item . "\n SET previous_item_id = " . $id . "\n WHERE c_id = " . $course_id . " AND id = " . $new_next; Database::query($sql); } if ($old_prerequisite != $prerequisites) { $sql = "UPDATE " . $tbl_lp_item . "\n SET prerequisite = '" . $prerequisites . "'\n WHERE c_id = " . $course_id . " AND id = " . $id; Database::query($sql); } if ($old_max_time_allowed != $max_time_allowed) { // update max time allowed $sql = "UPDATE " . $tbl_lp_item . "\n SET max_time_allowed = " . $max_time_allowed . "\n WHERE c_id = " . $course_id . " AND id = " . $id; Database::query($sql); } // Update all the items with the same or a bigger display_order than the current item. $sql = "UPDATE " . $tbl_lp_item . "\n SET display_order = display_order + 1\n WHERE\n c_id = " . $course_id . " AND\n lp_id = " . $this->get_id() . " AND\n id <> " . $id . " AND\n parent_item_id = " . $parent . " AND\n display_order >= " . $new_order; Database::query($sql); } if ($row_select['item_type'] == 'link') { $link = new Link(); $linkId = $row_select['path']; $link->updateLink($linkId, $url); } }
//if it's a zip, allow zip upload $unzip = 1; } if ($finish == 0) { // Generate new test folder if on first step of file upload. $filename = api_replace_dangerous_char(trim($_FILES['userFile']['name'])); $fld = GenerateHpFolder($document_sys_path . $uploadPath . '/'); @mkdir($document_sys_path . $uploadPath . '/' . $fld, api_get_permissions_for_new_directories()); $doc_id = add_document($_course, '/HotPotatoes_files/' . $fld, 'folder', 0, $fld); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', api_get_user_id()); } else { // It is not the first step... get the filename directly from the system params. $filename = $_FILES['userFile']['name']; } $allow_output_on_success = false; if (handle_uploaded_document($_course, $_FILES['userFile'], $document_sys_path, $uploadPath . '/' . $fld, api_get_user_id(), null, null, $unzip, '', $allow_output_on_success)) { if ($finish == 2) { $imgparams = $_POST['imgparams']; $checked = CheckImageName($imgparams, $filename); if ($checked) { $imgcount = $imgcount - 1; } else { $dialogBox .= $filename . ' ' . get_lang('NameNotEqual'); my_delete($document_sys_path . $uploadPath . '/' . $fld . '/' . $filename); update_db_info('delete', $uploadPath . '/' . $fld . '/' . $filename); } if ($imgcount == 0) { // all image uploaded $finish = 1; } } else {