/** * Create an item entry for a resource * * @param integer $id Optional ID to use * @return boolean */ public function make($id = null) { if ($this->exists()) { return true; } $id = $id ?: Request::getInt('id', 0); include_once PATH_CORE . DS . 'components' . DS . 'com_resources' . DS . 'models' . DS . 'resource.php'; $resource = null; if (!$id) { $alias = Request::getVar('alias', ''); $resource = new Resource($this->_db); $resource->loadAlias($alias); $id = $resource->id; } $this->_tbl->loadType($id, $this->_type); if ($this->exists()) { return true; } if (!$resource) { $resource = new Resource($this->_db); $resource->load($id); } if (!$resource->id) { $this->setError(Lang::txt('Resource not found.')); return false; } $this->set('type', $this->_type)->set('object_id', $resource->id)->set('created', $resource->created)->set('created_by', $resource->created_by)->set('title', $resource->title)->set('description', $resource->introtext)->set('url', Route::url('index.php?option=com_resources&id=' . $resource->id)); if (!$this->store()) { return false; } return true; }
/** * Download a file * Runs through various permissions checks to ensure user has access * * @return void */ public function downloadTask() { // Incoming $id = Request::getInt('id', 0); $alias = Request::getVar('alias', ''); $d = Request::getVar('d', 'inline'); //make sure we have a proper disposition if ($d != "inline" && $d != "attachment") { $d = "inline"; } // Load the resource $resource = new Resource($this->database); if ($alias && !$resource->loadAlias($alias)) { App::abort(404, Lang::txt('COM_RESOURCES_RESOURCE_NOT_FOUND')); return; } elseif (substr($id, 0, 4) == '9999') { $resource->id = $id; $resource->standalone = 1; $resource->path = null; $resource->created = Date::of('now')->format('Y-m-d 00:00:00'); } elseif (!$resource->load($id)) { App::abort(404, Lang::txt('COM_RESOURCES_RESOURCE_NOT_FOUND')); return; } // Check if the resource is for logged-in users only and the user is logged-in if ($token = Request::getVar('token', '', 'get')) { $token = base64_decode($token); $key = App::hash(@$_SERVER['HTTP_USER_AGENT']); $crypter = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key)); $session_id = $crypter->decrypt($token); $session = \Hubzero\Session\Helper::getSession($session_id); $user = User::getInstance($session->userid); $user->guest = 0; $user->id = $session->userid; $user->usertype = $session->usertype; } else { $user = User::getRoot(); } if ($resource->access == 1 && $user->get('guest')) { App::abort(403, Lang::txt('COM_RESOURCES_ALERTNOTAUTH')); return; } // Check if the resource is "private" and the user is allowed to view it if ($resource->access == 4 || $resource->access == 3 || !$resource->standalone) { if ($this->checkGroupAccess($resource, $user)) { App::abort(403, Lang::txt('COM_RESOURCES_ALERTNOTAUTH')); return; } } if ($resource->standalone && !$resource->path) { $resource->path = DS . trim($this->config->get('uploadpath', '/site/resources'), DS) . Html::build_path($resource->created, $resource->id, '') . DS . 'media' . DS . Request::getVar('file'); } $resource->path = trim($resource->path); // Ensure we have a path // Ensure resource is published - stemedhub #472 if (empty($resource->path) && $resource->published != 1) { App::abort(404, Lang::txt('COM_RESOURCES_FILE_NOT_FOUND')); return; } // Get the configured upload path $base_path = $this->config->get('uploadpath', '/site/resources'); if ($base_path) { $base_path = DS . trim($base_path, DS); } // Does the path start with a slash? if (substr($resource->path, 0, 1) != DS) { $resource->path = DS . $resource->path; // Does the beginning of the $resource->path match the config path? if (substr($resource->path, 0, strlen($base_path)) == $base_path) { // Yes - this means the full path got saved at some point } else { // No - append it $resource->path = $base_path . $resource->path; } } // Add root path $filename = PATH_APP . $resource->path; // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('COM_RESOURCES_FILE_NOT_FOUND') . ' ' . $filename); return; } $ext = strtolower(\Filesystem::extension($filename)); if (!in_array($ext, array('jpg', 'jpeg', 'jpe', 'gif', 'png', 'pdf', 'htm', 'html', 'txt', 'json', 'xml'))) { $d = 'attachment'; } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition($d); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error throw new Exception(Lang::txt('COM_RESOURCES_SERVER_ERROR'), 500); } else { exit; } return; }