/** * @return the path of the temporary directory where the exercise was uploaded and unzipped */ function get_and_unzip_uploaded_exercise($baseWorkDir, $uploadPath) { global $_user; $_course = api_get_course_info(); //Check if the file is valid (not to big and exists) if (!isset($_FILES['userFile']) || !is_uploaded_file($_FILES['userFile']['tmp_name'])) { // upload failed return false; } if (preg_match('/.zip$/i', $_FILES['userFile']['name']) && FileManager::handle_uploaded_document($_course, $_FILES['userFile'], $baseWorkDir, $uploadPath, $_user['user_id'], 0, null, 1)) { if (!function_exists('gzopen')) { //claro_delete_file($uploadPath); return false; } // upload successfull return true; } else { //claro_delete_file($uploadPath); return false; } }
/** * Updates an item's content in place * @param integer Element ID * @param integer Parent item ID * @param integer Previous item ID * @param string Item title * @param string Item description * @param string Prerequisites (optional) * @param string Indexing terms (optional) * @param array The array resulting of the $_FILES[mp3] element * @return boolean True on success, false on error */ public function edit_item($id, $parent, $previous, $title, $description, $prerequisites = 0, $audio = null, $max_time_allowed = 0) { $course_id = api_get_course_int_id(); if ($this->debug > 0) { error_log('New LP - In learnpath::edit_item()', 0); } if (empty($max_time_allowed)) { $max_time_allowed = 0; } if (empty($id) || $id != strval(intval($id)) || empty($title)) { return false; } $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM); $sql_select = "SELECT * FROM " . $tbl_lp_item . " WHERE c_id = " . $course_id . " AND id = " . $id; $res_select = Database::query($sql_select); $row_select = Database::fetch_array($res_select); $audio_update_sql = ''; if (is_array($audio) && !empty($audio['tmp_name']) && $audio['error'] === 0) { // Create the audio folder if it does not exist yet. $_course = api_get_course_info(); $filepath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document/'; if (!is_dir($filepath . 'audio')) { mkdir($filepath . 'audio', api_get_permissions_for_new_directories()); $audio_id = FileManager::add_document($_course, '/audio', 'folder', 0, 'audio'); api_item_property_update($_course, TOOL_DOCUMENT, $audio_id, 'FolderCreated', api_get_user_id(), null, null, null, null, api_get_session_id()); api_item_property_update($_course, TOOL_DOCUMENT, $audio_id, 'invisible', api_get_user_id(), null, null, null, null, api_get_session_id()); } // Upload file in documents. $pi = pathinfo($audio['name']); if ($pi['extension'] == 'mp3') { $c_det = api_get_course_info($this->cc); $bp = api_get_path(SYS_COURSE_PATH) . $c_det['path'] . '/document'; $path = FileManager::handle_uploaded_document($c_det, $audio, $bp, '/audio', api_get_user_id(), 0, null, 0, 'rename', false, 0); $path = substr($path, 7); // Update reference in lp_item - audio path is the path from inside de document/audio/ dir. $audio_update_sql = ", audio = '" . Database::escape_string($path) . "' "; } } $same_parent = $row_select['parent_item_id'] == $parent ? true : false; $same_previous = $row_select['previous_item_id'] == $previous ? true : false; // TODO: htmlspecialchars to be checked for encoding related problems. if ($same_parent && $same_previous) { // Only update title and description. $sql_update = " UPDATE " . $tbl_lp_item . "\n SET title = '" . Database::escape_string($title) . "',\n prerequisite = '" . $prerequisites . "',\n description = '" . Database::escape_string($description) . "'\n " . $audio_update_sql . ",\n max_time_allowed = '" . Database::escape_string($max_time_allowed) . "'\n WHERE c_id = " . $course_id . " AND id = " . $id; $res_update = Database::query($sql_update); } else { $old_parent = $row_select['parent_item_id']; $old_previous = $row_select['previous_item_id']; $old_next = $row_select['next_item_id']; $old_order = $row_select['display_order']; $old_prerequisite = $row_select['prerequisite']; $old_max_time_allowed = $row_select['max_time_allowed']; /* BEGIN -- virtually remove the current item id */ /* for the next and previous item it is like the current item doesn't exist anymore */ if ($old_previous != 0) { $sql_update_next = "\n UPDATE " . $tbl_lp_item . "\n SET next_item_id = " . $old_next . "\n WHERE c_id = " . $course_id . " AND id = " . $old_previous; $res_update_next = Database::query($sql_update_next); //echo '<p>' . $sql_update_next . '</p>'; } if ($old_next != 0) { $sql_update_previous = "\n UPDATE " . $tbl_lp_item . "\n SET previous_item_id = " . $old_previous . "\n WHERE c_id = " . $course_id . " AND id = " . $old_next; $res_update_previous = Database::query($sql_update_previous); //echo '<p>' . $sql_update_previous . '</p>'; } // display_order - 1 for every item with a display_order bigger then the display_order of the current item. $sql_update_order = "\n UPDATE " . $tbl_lp_item . "\n SET display_order = display_order - 1\n WHERE\n c_id = " . $course_id . " AND\n display_order > " . $old_order . " AND lp_id = " . $this->lp_id . " AND\n parent_item_id = " . $old_parent; $res_update_order = Database::query($sql_update_order); //echo '<p>' . $sql_update_order . '</p>'; /* END -- virtually remove the current item id */ /* BEGIN -- update the current item id to his new location */ if ($previous == 0) { // Select the data of the item that should come after the current item. $sql_select_old = "SELECT id, display_order\n FROM " . $tbl_lp_item . "\n WHERE\n c_id = " . $course_id . " AND\n lp_id = " . $this->lp_id . " AND\n parent_item_id = " . $parent . " AND\n previous_item_id = " . $previous; $res_select_old = Database::query($sql_select_old); $row_select_old = Database::fetch_array($res_select_old); //echo '<p>' . $sql_select_old . '</p>'; // If the new parent didn't have children before. if (Database::num_rows($res_select_old) == 0) { $new_next = 0; $new_order = 1; } else { $new_next = $row_select_old['id']; $new_order = $row_select_old['display_order']; } //echo 'New next_item_id of current item: ' . $new_next . '<br />'; //echo 'New previous_item_id of current item: ' . $previous . '<br />'; //echo 'New display_order of current item: ' . $new_order . '<br />'; } else { // Select the data of the item that should come before the current item. $sql_select_old = " SELECT next_item_id, display_order\n FROM " . $tbl_lp_item . "\n WHERE c_id = " . $course_id . " AND id = " . $previous; $res_select_old = Database::query($sql_select_old); $row_select_old = Database::fetch_array($res_select_old); //echo '<p>' . $sql_select_old . '</p>'; //echo 'New next_item_id of current item: ' . $row_select_old['next_item_id'] . '<br />'; //echo 'New previous_item_id of current item: ' . $previous . '<br />'; //echo 'New display_order of current item: ' . ($row_select_old['display_order'] + 1) . '<br />'; $new_next = $row_select_old['next_item_id']; $new_order = $row_select_old['display_order'] + 1; } // TODO: htmlspecialchars to be checked for encoding related problems. // Update the current item with the new data. $sql_update = "UPDATE " . $tbl_lp_item . "\n SET\n title = '" . Database::escape_string($title) . "',\n description = '" . Database::escape_string($description) . "',\n parent_item_id = " . $parent . ",\n previous_item_id = " . $previous . ",\n next_item_id = " . $new_next . ",\n display_order = " . $new_order . "\n " . $audio_update_sql . "\n WHERE c_id = " . $course_id . " AND id = " . $id; $res_update_next = Database::query($sql_update); //echo '<p>' . $sql_update . '</p>'; if ($previous != 0) { // Update the previous item's next_item_id. $sql_update_previous = "\n UPDATE " . $tbl_lp_item . "\n SET next_item_id = " . $id . "\n WHERE c_id = " . $course_id . " AND id = " . $previous; $res_update_next = Database::query($sql_update_previous); //echo '<p>' . $sql_update_previous . '</p>'; } if ($new_next != 0) { // Update the next item's previous_item_id. $sql_update_next = "\n UPDATE " . $tbl_lp_item . "\n SET previous_item_id = " . $id . "\n WHERE c_id = " . $course_id . " AND id = " . $new_next; $res_update_next = Database::query($sql_update_next); //echo '<p>' . $sql_update_next . '</p>'; } if ($old_prerequisite != $prerequisites) { $sql_update_next = "\n UPDATE " . $tbl_lp_item . "\n SET prerequisite = " . $prerequisites . "\n WHERE c_id = " . $course_id . " AND id = " . $id; $res_update_next = Database::query($sql_update_next); } if ($old_max_time_allowed != $max_time_allowed) { $sql_update_max_time_allowed = "\n UPDATE " . $tbl_lp_item . "\n SET max_time_allowed = " . $max_time_allowed . "\n WHERE c_id = " . $course_id . " AND id = " . $id; $res_update_max_time_allowed = Database::query($sql_update_max_time_allowed); } // Update all the items with the same or a bigger display_order than the current item. $sql_update_order = "\n UPDATE " . $tbl_lp_item . "\n SET display_order = display_order + 1\n WHERE\n c_id = " . $course_id . " AND\n lp_id = " . $this->get_id() . " AND\n id <> " . $id . " AND\n parent_item_id = " . $parent . " AND\n display_order >= " . $new_order; $res_update_next = Database::query($sql_update_order); } }
/** * Uploads a document * * @param array $files the $_FILES variable * @param string $path * @param string $title * @param string $comment * @param int $unzip unzip or not the file * @param int $if_exists if_exists overwrite, rename or warn if exists (default) * @param bool $index_document index document (search xapian module) * @param bool $show_output print html messages * @return array|bool */ public static function upload_document($files, $path, $title = null, $comment = null, $unzip = 0, $if_exists = null, $index_document = false, $show_output = false) { $course_info = api_get_course_info(); $course_dir = $course_info['path'] . '/document'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $base_work_dir = $sys_course_path . $course_dir; if (isset($files['file'])) { $upload_ok = FileManager::process_uploaded_file($files['file'], $show_output); if ($upload_ok) { // File got on the server without problems, now process it $new_path = FileManager::handle_uploaded_document($course_info, $files['file'], $base_work_dir, $path, api_get_user_id(), api_get_group_id(), null, $unzip, $if_exists, $show_output); if ($new_path) { $docid = DocumentManager::get_document_id($course_info, $new_path); if (!empty($docid)) { $table_document = Database::get_course_table(TABLE_DOCUMENT); $params = array(); if (!empty($title)) { $params['title'] = FileManager::get_document_title($title); } else { if (isset($if_exists) && $if_exists == 'rename') { $new_path = basename($new_path); $params['title'] = FileManager::get_document_title($new_path); } else { $params['title'] = FileManager::get_document_title($files['file']['name']); } } if (!empty($comment)) { $params['comment'] = trim($comment); } Database::update($table_document, $params, array('id = ? AND c_id = ? ' => array($docid, $course_info['real_id']))); } // Showing message when sending zip files if ($new_path === true && $unzip == 1 && $show_output) { Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br />', false); } if ($index_document) { self::index_document($docid, $course_info['code'], null, $_POST['language'], $_REQUEST, $if_exists); } if (!empty($docid) && is_numeric($docid)) { $document_data = self::get_document_data_by_id($docid, $course_info['code']); return $document_data; } } } } return false; }
* Header */ $nameTools = get_lang('UplUploadDocument'); $interbreadcrumb[] = array("url" => "./document.php?curdirpath=" . urlencode($path) . $req_gid, "name" => $langDocuments); Display::display_header($nameTools, "Doc"); //show the title api_display_tool_title($nameTools . $add_group_to_title); /** * Process */ //user has submitted a file if (isset($_FILES['user_upload'])) { $upload_ok = FileManager::process_uploaded_file($_FILES['user_upload']); if ($upload_ok) { //file got on the server without problems, now process it $new_path = FileManager::handle_uploaded_document($_course, $_FILES['user_upload'], $base_work_dir, $_POST['curdirpath'], $_user['user_id'], $to_group_id, $to_user_id, $_POST['unzip'], $_POST['if_exists']); $new_comment = isset($_POST['comment']) ? trim($_POST['comment']) : ''; $new_title = isset($_POST['title']) ? trim($_POST['title']) : ''; if ($new_path && ($new_comment || $new_title)) { if ($docid = DocumentManager::get_document_id($_course, $new_path)) { $table_document = Database::get_course_table(TABLE_DOCUMENT); $ct = ''; if ($new_comment) { $ct .= ", comment='{$new_comment}'"; } if ($new_title) { $ct .= ", title='{$new_title}'"; } Database::query("UPDATE {$table_document} SET" . substr($ct, 1) . " WHERE id = '{$docid}'"); } }
} if ($finish == 0) { // Generate new test folder if on first step of file upload. $filename = api_replace_dangerous_char(trim($_FILES['userFile']['name']), 'strict'); $fld = GenerateHpFolder($document_sys_path . $uploadPath . '/'); //$doc_id = FileManager::add_document($_course, '/HotPotatoes_files/'.$fld, 'folder', 0, $fld); //api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', api_get_user_id()); @mkdir($document_sys_path . $uploadPath . '/' . $fld, api_get_permissions_for_new_directories()); $doc_id = FileManager::add_document($_course, '/HotPotatoes_files/' . $fld, 'folder', 0, $fld); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'FolderCreated', api_get_user_id()); } else { // It is not the first step... get the filename directly from the system params. $filename = $_FILES['userFile']['name']; } $allow_output_on_success = false; if (FileManager::handle_uploaded_document($_course, $_FILES['userFile'], $document_sys_path, $uploadPath . '/' . $fld, api_get_user_id(), null, null, $unzip, '', $allow_output_on_success)) { if ($finish == 2) { $imgparams = $_POST['imgparams']; $checked = CheckImageName($imgparams, $filename); if ($checked) { $imgcount = $imgcount - 1; } else { $dialogBox .= $filename . ' ' . get_lang('NameNotEqual'); FileManager::my_delete($document_sys_path . $uploadPath . '/' . $fld . '/' . $filename); FileManager::update_db_info('delete', $uploadPath . '/' . $fld . '/' . $filename); } if ($imgcount == 0) { // all image uploaded $finish = 1; } } else {
$clean_name = FileManager::disable_dangerous_file($clean_name); $check_file_path = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document/audio/' . $clean_name; // If the file exists we generate a new name. if (file_exists($check_file_path)) { $filename_components = explode('.', $clean_name); // Gettting the extension of the file. $file_extension = $filename_components[count($filename_components) - 1]; // Adding something random to prevent overwriting. $filename_components[count($filename_components) - 1] = time(); // Reconstructing the new filename. $clean_name = implode($filename_components) . '.' . $file_extension; // Using the new name in the $_FILES superglobal. $_FILES[$key]['name'] = $clean_name; } // Upload the file in the documents tool $file_path = FileManager::handle_uploaded_document($_course, $_FILES[$key], api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document', '/audio', api_get_user_id(), '', '', '', '', false); // Getting the filename only. $file_components = explode('/', $file_path); $file = $file_components[count($file_components) - 1]; // Store the mp3 file in the lp_item table. $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM); $sql_insert_audio = "UPDATE {$tbl_lp_item} SET audio = '" . Database::escape_string($file) . "'\n WHERE c_id = {$course_id} AND id = '" . Database::escape_string($lp_item_id) . "'"; Database::query($sql_insert_audio); } } //Display::display_confirmation_message(get_lang('ItemUpdated')); $url = api_get_self() . '?action=add_item&type=step&lp_id=' . intval($_SESSION['oLP']->lp_id); header('Location: ' . $url); exit; } Display::display_header(null, 'Path');