if (isset($_SESSION['oLP'])) { $obj = $_SESSION['oLP']; } else { api_not_allowed(); } //If is visible for the current user if (!learnpath::is_lp_visible_for_student($obj->get_id(), api_get_user_id())) { api_not_allowed(); } $doc_url = isset($_GET['doc_url']) ? $_GET['doc_url'] : null; // Change the '&' that got rewritten to '///' by mod_rewrite back to '&' $doc_url = str_replace('///', '&', $doc_url); // Still a space present? it must be a '+' (that got replaced by mod_rewrite) $doc_url = str_replace(' ', '+', $doc_url); $doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url); //echo $doc_url; if (strpos($doc_url, '../') or strpos($doc_url, '/..')) { $doc_url = ''; } $sys_course_path = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/scorm'; //var_dump($sys_course_path); if (is_dir($sys_course_path . $doc_url)) { api_not_allowed(); } if (Security::check_abs_path($sys_course_path . $doc_url, $sys_course_path . '/')) { $full_file_name = $sys_course_path . $doc_url; // Launch event Event::event_download($doc_url); DocumentManager::file_send_for_download($full_file_name); } exit;
// Compare the array with visible files and the array with files in invisible folders // and keep the difference (= all visible files that are not in an invisible folder) $files_for_zipfile = diff((array) $all_visible_files_path, (array) $files_in_invisible_folder_path); } else { // No invisible folders found, so all visible files can be added to the zipfile $files_for_zipfile = $all_visible_files_path; } Session::write('doc_files_to_download', $files); // Add all files in our final array to the zipfile for ($i = 0; $i < count($files_for_zipfile); $i++) { $zip->add($sysCoursePath . $courseInfo['path'] . '/document' . $files_for_zipfile[$i], PCLZIP_OPT_REMOVE_PATH, $sysCoursePath . $courseInfo['path'] . '/document' . $remove_dir, PCLZIP_CB_PRE_ADD, 'fixDocumentNameCallback'); } Session::erase('doc_files_to_download'); } // Launch event Event::event_download($path == '/' ? 'documents.zip (folder)' : basename($path) . '.zip (folder)'); // Start download of created file $name = $path == '/' ? 'documents.zip' : $documentInfo['title'] . '.zip'; if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) { $result = DocumentManager::file_send_for_download($tempZipFile, true, $name); @unlink($tempZipFile); exit; } else { api_not_allowed(true); } /** * Returns the difference between two arrays, as an array of those key/values * Use this as array_diff doesn't give the * * @param array $arr1 first array * @param array $arr2 second array
function rename_zip($FileZip) { Event::event_download($FileZip['PATH'] == '/' ? 'full_export_' . date('Ymd') . '.zip (folder)' : basename($FileZip['PATH']) . '.zip (folder)'); $name = $FileZip['PATH'] == '/' ? 'full_export_' . date('Ymd') . '.zip' : basename($FileZip['PATH']) . '.zip'; if (file_exists($FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name)) { unlink($FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name); } if (file_exists($FileZip['TEMP_FILE_ZIP'])) { rename($FileZip['TEMP_FILE_ZIP'], $FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name); return $name; } else { return false; } }
if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the // document * from the session* didn't work, try it from the // course (out of a session context) $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), false, 0); } //filter when I am into shared folder, I can download only my shared folder if (DocumentManager::is_any_user_shared_folder($document_data['path'], $sessionId)) { if (DocumentManager::is_my_shared_folder(api_get_user_id(), $document_data['path'], $sessionId) || api_is_allowed_to_edit() || api_is_platform_admin()) { require 'downloadfolder.inc.php'; } } else { require 'downloadfolder.inc.php'; } // Launch event Event::event_download($document_data['url']); exit; } break; case 'export_to_pdf': if (api_get_setting('students_export2pdf') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin()) { DocumentManager::export_to_pdf($document_id, $course_code); } break; case 'copytomyfiles': // Copy a file to general my files user's if (api_get_setting('social.allow_social_tool') == 'true' && api_get_setting('document.users_copy_files') == 'true' && api_get_user_id() != 0 && !api_is_anonymous()) { // Get the document data from the ID $document_info = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), true, $sessionId); if ($sessionId != 0 && !$document_info) { /* If there is a session defined and asking for the document
$addStatus = $zip_folder->add($sys_course_path . $_course['path'] . '/' . $not_deleted_file['url'], PCLZIP_OPT_REMOVE_PATH, $sys_course_path . $_course['path'] . '/work', PCLZIP_CB_PRE_ADD, 'my_pre_add_callback'); } else { // Convert texts in html files //if ($not_deleted_file['contains_file'] == 0) { $filename = trim($filename) . ".html"; $work_temp = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . '_' . $filename; file_put_contents($work_temp, $not_deleted_file['description']); $files[basename($work_temp)] = $filename; $addStatus = $zip_folder->add($work_temp, PCLZIP_OPT_REMOVE_PATH, api_get_path(SYS_ARCHIVE_PATH), PCLZIP_CB_PRE_ADD, 'my_pre_add_callback'); @unlink($work_temp); } } if (!empty($files)) { $fileName = api_replace_dangerous_char($work_data['title']); // Logging Event::event_download($fileName . '.zip (folder)'); //start download of created file $name = $fileName . '.zip'; if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) { DocumentManager::file_send_for_download($temp_zip_file, true, $name); @unlink($temp_zip_file); exit; } } else { exit; } /* Extra function (only used here) */ function my_pre_add_callback($p_event, &$p_header) { global $files; if (isset($files[basename($p_header['stored_filename'])])) {
} // allow to the correct user for download this file $not_allowed_to_edit = false; $userGroup = new UserGroup(); if (!empty($row_users['group_id'])) { $users_group = $userGroup->get_all_users_by_group($row_users['group_id']); if (!in_array($current_uid, array_keys($users_group))) { $not_allowed_to_edit = true; } } else { if ($current_uid != $message_uid) { $not_allowed_to_edit = true; } } if ($not_allowed_to_edit) { api_not_allowed(); exit; } // set the path directory file if (!empty($row_users['group_id'])) { $path_user_info = $userGroup->get_group_picture_path_by_id($row_users['group_id'], 'system', true); } else { $path_user_info['dir'] = UserManager::getUserPathById($message_uid, 'system'); } $full_file_name = $path_user_info['dir'] . 'message_attachments/' . $file_url; if (Security::check_abs_path($full_file_name, $path_user_info['dir'] . 'message_attachments/')) { // launch event Event::event_download($file_url); DocumentManager::file_send_for_download($full_file_name, TRUE, $title); } exit;
/** * Downloads all user files per user * @param int $userId * @param array $courseInfo * @return bool */ function downloadAllFilesPerUser($userId, $courseInfo) { $userInfo = api_get_user_info($userId); if (empty($userInfo) || empty($courseInfo)) { return false; } $tempZipFile = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . ".zip"; $coursePath = api_get_path(SYS_COURSE_PATH) . $courseInfo['path'] . '/work/'; $zip = new PclZip($tempZipFile); $workPerUser = getWorkPerUser($userId); if (!empty($workPerUser)) { $files = array(); foreach ($workPerUser as $work) { $work = $work['work']; foreach ($work->user_results as $userResult) { if (empty($userResult['url']) || empty($userResult['contains_file'])) { continue; } $data = getFileContents($userResult['id'], $courseInfo); if (!empty($data) && isset($data['path'])) { $files[basename($data['path'])] = array('title' => $data['title'], 'path' => $data['path']); } } } if (!empty($files)) { Session::write('files', $files); foreach ($files as $data) { $zip->add($data['path'], PCLZIP_OPT_REMOVE_PATH, $coursePath, PCLZIP_CB_PRE_ADD, 'preAddAllWorkStudentCallback'); } } // Start download of created file $name = basename(api_replace_dangerous_char($userInfo['complete_name'])) . '.zip'; Event::event_download($name . '.zip (folder)'); if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) { DocumentManager::file_send_for_download($tempZipFile, true, $name); @unlink($tempZipFile); exit; } } exit; }