/**
 * @return array|null|string
 */
function store_add_dropbox()
{
    $_course = api_get_course_info();
    $_user = api_get_user_info();
    $dropbox_cnf = getDropboxConf();
    // Validating the form data
    // there are no recipients selected
    if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
        return get_lang('YouMustSelectAtLeastOneDestinee');
    } else {
        // Check if all the recipients are valid
        $thisIsAMailing = false;
        $thisIsJustUpload = false;
        foreach ($_POST['recipients'] as $rec) {
            if ($rec == 'mailing') {
                $thisIsAMailing = true;
            } elseif ($rec == 'upload') {
                $thisIsJustUpload = true;
            } elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
                return get_lang('InvalideUserDetected');
            } elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
                return get_lang('InvalideGroupDetected');
            }
        }
    }
    // we are doing a mailing but an additional recipient is selected
    if ($thisIsAMailing && count($_POST['recipients']) != 1) {
        return get_lang('MailingSelectNoOther');
    }
    // we are doing a just upload but an additional recipient is selected.
    // note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails)
    if ($thisIsJustUpload && count($_POST['recipients']) != 1) {
        return get_lang('MailingJustUploadSelectNoOther');
    }
    if (empty($_FILES['file']['name'])) {
        $error = true;
        return get_lang('NoFileSpecified');
    }
    // are we overwriting a previous file or sending a new one
    $dropbox_overwrite = false;
    if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) {
        $dropbox_overwrite = true;
    }
    // doing the upload
    $dropbox_filename = $_FILES['file']['name'];
    $dropbox_filesize = $_FILES['file']['size'];
    $dropbox_filetype = $_FILES['file']['type'];
    $dropbox_filetmpname = $_FILES['file']['tmp_name'];
    // check if the filesize does not exceed the allowed size.
    if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) {
        return get_lang('DropboxFileTooBig');
        // TODO: The "too big" message does not fit in the case of uploading zero-sized file.
    }
    // check if the file is actually uploaded
    if (!is_uploaded_file($dropbox_filetmpname)) {
        // check user fraud : no clean error msg.
        return get_lang('TheFileIsNotUploaded');
    }
    $upload_ok = process_uploaded_file($_FILES['file'], true);
    if (!$upload_ok) {
        return null;
    }
    // Try to add an extension to the file if it hasn't got one
    $dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype);
    // Replace dangerous characters
    $dropbox_filename = replace_dangerous_char($dropbox_filename);
    // Transform any .php file in .phps fo security
    $dropbox_filename = php2phps($dropbox_filename);
    //filter extension
    if (!filter_extension($dropbox_filename)) {
        return get_lang('UplUnableToSaveFileFilteredExtension');
    }
    // set title
    $dropbox_title = $dropbox_filename;
    // set author
    if (!isset($_POST['authors'])) {
        $_POST['authors'] = getUserNameFromId($_user['user_id']);
    }
    // note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload
    if ($dropbox_overwrite) {
        $dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor());
        foreach ($dropbox_person->sentWork as $w) {
            if ($w->title == $dropbox_filename) {
                if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) {
                    return get_lang('MailingNonMailingError');
                }
                if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) {
                    return get_lang('MailingJustUploadSelectNoOther');
                }
                $dropbox_filename = $w->filename;
                $found = true;
                // note: do we still need this?
                break;
            }
        }
    } else {
        // rename file to login_filename_uniqueId format
        $dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid('');
    }
    // creating the array that contains all the users who will receive the file
    $new_work_recipients = array();
    foreach ($_POST['recipients'] as $rec) {
        if (strpos($rec, 'user_') === 0) {
            $new_work_recipients[] = substr($rec, strlen('user_'));
        } elseif (strpos($rec, 'group_') === 0) {
            $userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
            foreach ($userList as $usr) {
                if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) {
                    $new_work_recipients[] = $usr['user_id'];
                }
            }
        }
    }
    @move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename);
    $b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox');
    if ($b_send_mail) {
        foreach ($new_work_recipients as $recipient_id) {
            $recipent_temp = UserManager::get_user_info_by_id($recipient_id);
            $additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']);
            api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters);
        }
    }
    new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients);
    Security::clear_token();
    return get_lang('FileUploadSucces');
}
예제 #2
0
 // the author or description field is empty
 if (!isset($_POST['authors']) || !isset($_POST['description'])) {
     $error = true;
     $errormsg = get_lang('BadFormData');
 } elseif (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
     $error = true;
     $errormsg = get_lang('NoUserSelected');
 } else {
     $thisIsAMailing = false;
     $thisIsJustUpload = false;
     foreach ($_POST['recipients'] as $rec) {
         if ($rec == 'mailing') {
             $thisIsAMailing = true;
         } elseif ($rec == 'upload') {
             $thisIsJustUpload = true;
         } elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
             echo '401';
             die(get_lang('BadFormData') . ' (code 401)');
         } elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
             echo '402';
             die(get_lang('BadFormData') . ' (code 402)');
         }
     }
     // we are doing a mailing but an additional recipient is selected
     if ($thisIsAMailing && count($_POST['recipients']) != 1) {
         $error = true;
         $errormsg = get_lang('MailingSelectNoOther');
     } elseif ($thisIsJustUpload && count($_POST['recipients']) != 1) {
         $error = true;
         $errormsg = get_lang('MailingJustUploadSelectNoOther');
     } elseif (empty($_FILES['file']['name'])) {