$allowed_to_download = true;
}
/* ERROR IF NOT ALLOWED TO DOWNLOAD */
if (!$allowed_to_download) {
Display::display_header($nameTools, 'Dropbox');
Display::display_error_message(get_lang('YouAreNotAllowedToDownloadThisFile'));
Display::display_footer();
exit;
} else {
/* DOWNLOAD THE FILE */
// the user is allowed to download the file
$_SESSION['_seen'][$_course['id']][TOOL_DROPBOX][] = intval($_GET['id']);
$work = new Dropbox_Work($_GET['id']);
$path = dropbox_cnf('sysPath') . '/' . $work->filename;
//path to file as stored on server
if (!Security::check_abs_path($path, dropbox_cnf('sysPath') . '/')) {
exit;
}
$file = $work->title;
$mimetype = DocumentManager::file_get_mime_type(true);
$fileinfo = pathinfo($file);
$extension = $fileinfo['extension'];
if (!empty($extension) && isset($mimetype[$extension]) && $_GET['action'] != 'download') {
// give hint to browser about filetype
header('Content-type: ' . $mimetype[$extension] . "\n");
} else {
//no information about filetype: force a download dialog window in browser
header("Content-type: application/octet-stream\n");
}
header('Content-Disposition: attachment; filename=' . $file);
/**
/**
* @return array|null|string
*/
function store_add_dropbox()
{
$_course = api_get_course_info();
$_user = api_get_user_info();
$dropbox_cnf = getDropboxConf();
// Validating the form data
// there are no recipients selected
if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
return get_lang('YouMustSelectAtLeastOneDestinee');
} else {
// Check if all the recipients are valid
$thisIsAMailing = false;
$thisIsJustUpload = false;
foreach ($_POST['recipients'] as $rec) {
if ($rec == 'mailing') {
$thisIsAMailing = true;
} elseif ($rec == 'upload') {
$thisIsJustUpload = true;
} elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
return get_lang('InvalideUserDetected');
} elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
return get_lang('InvalideGroupDetected');
}
}
}
// we are doing a mailing but an additional recipient is selected
if ($thisIsAMailing && count($_POST['recipients']) != 1) {
return get_lang('MailingSelectNoOther');
}
// we are doing a just upload but an additional recipient is selected.
// note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails)
if ($thisIsJustUpload && count($_POST['recipients']) != 1) {
return get_lang('MailingJustUploadSelectNoOther');
}
if (empty($_FILES['file']['name'])) {
$error = true;
return get_lang('NoFileSpecified');
}
// are we overwriting a previous file or sending a new one
$dropbox_overwrite = false;
if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) {
$dropbox_overwrite = true;
}
// doing the upload
$dropbox_filename = $_FILES['file']['name'];
$dropbox_filesize = $_FILES['file']['size'];
$dropbox_filetype = $_FILES['file']['type'];
$dropbox_filetmpname = $_FILES['file']['tmp_name'];
// check if the filesize does not exceed the allowed size.
if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) {
return get_lang('DropboxFileTooBig');
// TODO: The "too big" message does not fit in the case of uploading zero-sized file.
}
// check if the file is actually uploaded
if (!is_uploaded_file($dropbox_filetmpname)) {
// check user fraud : no clean error msg.
return get_lang('TheFileIsNotUploaded');
}
$upload_ok = process_uploaded_file($_FILES['file'], true);
if (!$upload_ok) {
return null;
}
// Try to add an extension to the file if it hasn't got one
$dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype);
// Replace dangerous characters
$dropbox_filename = replace_dangerous_char($dropbox_filename);
// Transform any .php file in .phps fo security
$dropbox_filename = php2phps($dropbox_filename);
//filter extension
if (!filter_extension($dropbox_filename)) {
return get_lang('UplUnableToSaveFileFilteredExtension');
}
// set title
$dropbox_title = $dropbox_filename;
// set author
if (!isset($_POST['authors'])) {
$_POST['authors'] = getUserNameFromId($_user['user_id']);
}
// note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload
if ($dropbox_overwrite) {
$dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor());
foreach ($dropbox_person->sentWork as $w) {
if ($w->title == $dropbox_filename) {
if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) {
return get_lang('MailingNonMailingError');
}
if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) {
return get_lang('MailingJustUploadSelectNoOther');
}
$dropbox_filename = $w->filename;
$found = true;
// note: do we still need this?
break;
}
}
} else {
// rename file to login_filename_uniqueId format
$dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid('');
}
// creating the array that contains all the users who will receive the file
$new_work_recipients = array();
foreach ($_POST['recipients'] as $rec) {
if (strpos($rec, 'user_') === 0) {
$new_work_recipients[] = substr($rec, strlen('user_'));
} elseif (strpos($rec, 'group_') === 0) {
$userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
foreach ($userList as $usr) {
if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) {
$new_work_recipients[] = $usr['user_id'];
}
}
}
}
@move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename);
$b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox');
if ($b_send_mail) {
foreach ($new_work_recipients as $recipient_id) {
$recipent_temp = UserManager::get_user_info_by_id($recipient_id);
$additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']);
api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters);
}
}
new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients);
Security::clear_token();
return get_lang('FileUploadSucces');
}
if (empty($session_id)) {
$is_course_member = CourseManager::is_user_subscribed_in_course($user_id, $course_code, false);
} else {
$is_course_member = CourseManager::is_user_subscribed_in_course($user_id, $course_code, true, $session_id);
}
/* Object Initialisation */
// we need this here because the javascript to re-upload the file needs an array
// off all the documents that have already been sent.
// @todo consider moving the javascripts in a function that displays the javascripts
// only when it is needed.
if ($action == 'add') {
$dropbox_person = new Dropbox_Person($_user['user_id'], $is_courseAdmin, $is_courseTutor);
}
/* Create javascript and htmlHeaders */
$javascript = "<script type=\"text/javascript\">\n\tfunction confirmsend ()\n\t{\n\t\tif (confirm(\"" . get_lang('MailingConfirmSend', '') . "\")){\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t\treturn true;\n\t}\n\n\tfunction confirmation (name)\n\t{\n\t\tif (confirm(\"" . get_lang('ConfirmDelete', '') . " : \"+ name )){\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t\treturn true;\n\t}\n\n\tfunction checkForm (frm)\n\t{\n\t\tif (frm.elements['recipients[]'].selectedIndex < 0){\n\t\t\talert(\"" . get_lang('NoUserSelected', '') . "\");\n\t\t\treturn false;\n\t\t} else if (frm.file.value == '') {\n\t\t\talert(\"" . get_lang('NoFileSpecified', '') . "\");\n\t\t\treturn false;\n\t\t} else {\n\t\t\treturn true;\n\t\t}\n\t}\n\t";
if (dropbox_cnf('allowOverwrite')) {
//sentArray keeps list of all files still available in the sent files list
//of the user.
//This is used to show or hide the overwrite file-radio button of the upload form
$javascript .= "\n\t\tvar sentArray = new Array(";
if (isset($dropbox_person)) {
for ($i = 0; $i < count($dropbox_person->sentWork); $i++) {
if ($i > 0) {
$javascript .= ", ";
}
$javascript .= "'" . $dropbox_person->sentWork[$i]->title . "'";
}
}
$javascript .= ");\n\n\t\tfunction checkfile(str)\n\t\t{\n\n\t\t\tind = str.lastIndexOf('/'); //unix separator\n\t\t\tif (ind == -1) ind = str.lastIndexOf('\\\\');\t//windows separator\n\t\t\tfilename = str.substring(ind+1, str.length);\n\n\t\t\tfound = 0;\n\t\t\tfor (i=0; i<sentArray.length; i++) {\n\t\t\t\tif (sentArray[i] == filename) found=1;\n\t\t\t}\n\n\t\t\t//always start with unchecked box\n\t\t\tel = getElement('cb_overwrite');\n\t\t\tel.checked = false;\n\n\t\t\t//show/hide checkbox\n\t\t\tif (found == 1) {\n\t\t\t\tdisplayEl('overwrite');\n\t\t\t} else {\n\t\t\t\tundisplayEl('overwrite');\n\t\t\t}\n\t\t}\n\n\t\tfunction getElement(id)\n\t\t{\n\t\t\treturn document.getElementById ? document.getElementById(id) :\n\t\t\tdocument.all ? document.all(id) : null;\n\t\t}\n\n\t\tfunction displayEl(id)\n\t\t{\n\t\t\tvar el = getElement(id);\n\t\t\tif (el && el.style) el.style.display = '';\n\t\t}\n\n\t\tfunction undisplayEl(id)\n\t\t{\n\t\t\tvar el = getElement(id);\n\t\t\tif (el && el.style) el.style.display = 'none';\n\t\t}";
}
$javascript .= "\n\t</script>";
foreach ($_POST['recipients'] as $rec) {
if (strpos($rec, 'user_') === 0) {
$newWorkRecipients[] = substr($rec, strlen('user_'));
} elseif (strpos($rec, 'group_') === 0) {
$userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
foreach ($userList as $usr) {
if (!in_array($usr['user_id'], $newWorkRecipients) && $usr['user_id'] != $_user['user_id']) {
$newWorkRecipients[] = $usr['user_id'];
}
}
}
}
}
// After uploading the file, create the db entries
if (!$error) {
@move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename) or die(get_lang('UploadError') . ' (code 407)');
new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $newWorkRecipients);
}
}
}
}
//end if(!$error)
/**
* SUBMIT FORM RESULTMESSAGE
*/
if (!$error) {
$return_message = get_lang('FileUploadSucces');
} else {
$return_message = $errormsg;
}
}