Exemplo n.º 1
0
    $allowed_to_download = true;
}
/*		ERROR IF NOT ALLOWED TO DOWNLOAD */
if (!$allowed_to_download) {
    Display::display_header($nameTools, 'Dropbox');
    Display::display_error_message(get_lang('YouAreNotAllowedToDownloadThisFile'));
    Display::display_footer();
    exit;
} else {
    /*      DOWNLOAD THE FILE */
    // the user is allowed to download the file
    $_SESSION['_seen'][$_course['id']][TOOL_DROPBOX][] = intval($_GET['id']);
    $work = new Dropbox_Work($_GET['id']);
    $path = dropbox_cnf('sysPath') . '/' . $work->filename;
    //path to file as stored on server
    if (!Security::check_abs_path($path, dropbox_cnf('sysPath') . '/')) {
        exit;
    }
    $file = $work->title;
    $mimetype = DocumentManager::file_get_mime_type(true);
    $fileinfo = pathinfo($file);
    $extension = $fileinfo['extension'];
    if (!empty($extension) && isset($mimetype[$extension]) && $_GET['action'] != 'download') {
        // give hint to browser about filetype
        header('Content-type: ' . $mimetype[$extension] . "\n");
    } else {
        //no information about filetype: force a download dialog window in browser
        header("Content-type: application/octet-stream\n");
    }
    header('Content-Disposition: attachment; filename=' . $file);
    /**
/**
 * @return array|null|string
 */
function store_add_dropbox()
{
    $_course = api_get_course_info();
    $_user = api_get_user_info();
    $dropbox_cnf = getDropboxConf();
    // Validating the form data
    // there are no recipients selected
    if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
        return get_lang('YouMustSelectAtLeastOneDestinee');
    } else {
        // Check if all the recipients are valid
        $thisIsAMailing = false;
        $thisIsJustUpload = false;
        foreach ($_POST['recipients'] as $rec) {
            if ($rec == 'mailing') {
                $thisIsAMailing = true;
            } elseif ($rec == 'upload') {
                $thisIsJustUpload = true;
            } elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
                return get_lang('InvalideUserDetected');
            } elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
                return get_lang('InvalideGroupDetected');
            }
        }
    }
    // we are doing a mailing but an additional recipient is selected
    if ($thisIsAMailing && count($_POST['recipients']) != 1) {
        return get_lang('MailingSelectNoOther');
    }
    // we are doing a just upload but an additional recipient is selected.
    // note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails)
    if ($thisIsJustUpload && count($_POST['recipients']) != 1) {
        return get_lang('MailingJustUploadSelectNoOther');
    }
    if (empty($_FILES['file']['name'])) {
        $error = true;
        return get_lang('NoFileSpecified');
    }
    // are we overwriting a previous file or sending a new one
    $dropbox_overwrite = false;
    if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) {
        $dropbox_overwrite = true;
    }
    // doing the upload
    $dropbox_filename = $_FILES['file']['name'];
    $dropbox_filesize = $_FILES['file']['size'];
    $dropbox_filetype = $_FILES['file']['type'];
    $dropbox_filetmpname = $_FILES['file']['tmp_name'];
    // check if the filesize does not exceed the allowed size.
    if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) {
        return get_lang('DropboxFileTooBig');
        // TODO: The "too big" message does not fit in the case of uploading zero-sized file.
    }
    // check if the file is actually uploaded
    if (!is_uploaded_file($dropbox_filetmpname)) {
        // check user fraud : no clean error msg.
        return get_lang('TheFileIsNotUploaded');
    }
    $upload_ok = process_uploaded_file($_FILES['file'], true);
    if (!$upload_ok) {
        return null;
    }
    // Try to add an extension to the file if it hasn't got one
    $dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype);
    // Replace dangerous characters
    $dropbox_filename = replace_dangerous_char($dropbox_filename);
    // Transform any .php file in .phps fo security
    $dropbox_filename = php2phps($dropbox_filename);
    //filter extension
    if (!filter_extension($dropbox_filename)) {
        return get_lang('UplUnableToSaveFileFilteredExtension');
    }
    // set title
    $dropbox_title = $dropbox_filename;
    // set author
    if (!isset($_POST['authors'])) {
        $_POST['authors'] = getUserNameFromId($_user['user_id']);
    }
    // note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload
    if ($dropbox_overwrite) {
        $dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor());
        foreach ($dropbox_person->sentWork as $w) {
            if ($w->title == $dropbox_filename) {
                if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) {
                    return get_lang('MailingNonMailingError');
                }
                if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) {
                    return get_lang('MailingJustUploadSelectNoOther');
                }
                $dropbox_filename = $w->filename;
                $found = true;
                // note: do we still need this?
                break;
            }
        }
    } else {
        // rename file to login_filename_uniqueId format
        $dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid('');
    }
    // creating the array that contains all the users who will receive the file
    $new_work_recipients = array();
    foreach ($_POST['recipients'] as $rec) {
        if (strpos($rec, 'user_') === 0) {
            $new_work_recipients[] = substr($rec, strlen('user_'));
        } elseif (strpos($rec, 'group_') === 0) {
            $userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
            foreach ($userList as $usr) {
                if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) {
                    $new_work_recipients[] = $usr['user_id'];
                }
            }
        }
    }
    @move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename);
    $b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox');
    if ($b_send_mail) {
        foreach ($new_work_recipients as $recipient_id) {
            $recipent_temp = UserManager::get_user_info_by_id($recipient_id);
            $additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']);
            api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters);
        }
    }
    new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients);
    Security::clear_token();
    return get_lang('FileUploadSucces');
}
Exemplo n.º 3
0
if (empty($session_id)) {
    $is_course_member = CourseManager::is_user_subscribed_in_course($user_id, $course_code, false);
} else {
    $is_course_member = CourseManager::is_user_subscribed_in_course($user_id, $course_code, true, $session_id);
}
/*	Object Initialisation */
// we need this here because the javascript to re-upload the file needs an array
// off all the documents that have already been sent.
// @todo consider moving the javascripts in a function that displays the javascripts
// only when it is needed.
if ($action == 'add') {
    $dropbox_person = new Dropbox_Person($_user['user_id'], $is_courseAdmin, $is_courseTutor);
}
/*	Create javascript and htmlHeaders */
$javascript = "<script type=\"text/javascript\">\n\tfunction confirmsend ()\n\t{\n\t\tif (confirm(\"" . get_lang('MailingConfirmSend', '') . "\")){\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t\treturn true;\n\t}\n\n\tfunction confirmation (name)\n\t{\n\t\tif (confirm(\"" . get_lang('ConfirmDelete', '') . " : \"+ name )){\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t\treturn true;\n\t}\n\n\tfunction checkForm (frm)\n\t{\n\t\tif (frm.elements['recipients[]'].selectedIndex < 0){\n\t\t\talert(\"" . get_lang('NoUserSelected', '') . "\");\n\t\t\treturn false;\n\t\t} else if (frm.file.value == '') {\n\t\t\talert(\"" . get_lang('NoFileSpecified', '') . "\");\n\t\t\treturn false;\n\t\t} else {\n\t\t\treturn true;\n\t\t}\n\t}\n\t";
if (dropbox_cnf('allowOverwrite')) {
    //sentArray keeps list of all files still available in the sent files list
    //of the user.
    //This is used to show or hide the overwrite file-radio button of the upload form
    $javascript .= "\n\t\tvar sentArray = new Array(";
    if (isset($dropbox_person)) {
        for ($i = 0; $i < count($dropbox_person->sentWork); $i++) {
            if ($i > 0) {
                $javascript .= ", ";
            }
            $javascript .= "'" . $dropbox_person->sentWork[$i]->title . "'";
        }
    }
    $javascript .= ");\n\n\t\tfunction checkfile(str)\n\t\t{\n\n\t\t\tind = str.lastIndexOf('/'); //unix separator\n\t\t\tif (ind == -1) ind = str.lastIndexOf('\\\\');\t//windows separator\n\t\t\tfilename = str.substring(ind+1, str.length);\n\n\t\t\tfound = 0;\n\t\t\tfor (i=0; i<sentArray.length; i++) {\n\t\t\t\tif (sentArray[i] == filename) found=1;\n\t\t\t}\n\n\t\t\t//always start with unchecked box\n\t\t\tel = getElement('cb_overwrite');\n\t\t\tel.checked = false;\n\n\t\t\t//show/hide checkbox\n\t\t\tif (found == 1) {\n\t\t\t\tdisplayEl('overwrite');\n\t\t\t} else {\n\t\t\t\tundisplayEl('overwrite');\n\t\t\t}\n\t\t}\n\n\t\tfunction getElement(id)\n\t\t{\n\t\t\treturn document.getElementById ? document.getElementById(id) :\n\t\t\tdocument.all ? document.all(id) : null;\n\t\t}\n\n\t\tfunction displayEl(id)\n\t\t{\n\t\t\tvar el = getElement(id);\n\t\t\tif (el && el.style) el.style.display = '';\n\t\t}\n\n\t\tfunction undisplayEl(id)\n\t\t{\n\t\t\tvar el = getElement(id);\n\t\t\tif (el && el.style) el.style.display = 'none';\n\t\t}";
}
$javascript .= "\n\t</script>";
Exemplo n.º 4
0
                    foreach ($_POST['recipients'] as $rec) {
                        if (strpos($rec, 'user_') === 0) {
                            $newWorkRecipients[] = substr($rec, strlen('user_'));
                        } elseif (strpos($rec, 'group_') === 0) {
                            $userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
                            foreach ($userList as $usr) {
                                if (!in_array($usr['user_id'], $newWorkRecipients) && $usr['user_id'] != $_user['user_id']) {
                                    $newWorkRecipients[] = $usr['user_id'];
                                }
                            }
                        }
                    }
                }
                // After uploading the file, create the db entries
                if (!$error) {
                    @move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename) or die(get_lang('UploadError') . ' (code 407)');
                    new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $newWorkRecipients);
                }
            }
        }
    }
    //end if(!$error)
    /**
     * SUBMIT FORM RESULTMESSAGE
     */
    if (!$error) {
        $return_message = get_lang('FileUploadSucces');
    } else {
        $return_message = $errormsg;
    }
}