/** * @param string $courseCode * @param string $fileName * @return \Symfony\Component\HttpFoundation\BinaryFileResponse */ public function getFileAction($courseCode, $fileName) { $courseInfo = api_get_course_info($courseCode); $sessionId = $this->getRequest()->get('id_session'); $docId = \DocumentManager::get_document_id($courseInfo, "/" . $fileName); $filePath = null; if ($docId) { $isVisible = \DocumentManager::is_visible_by_id($docId, $courseInfo, $sessionId, api_get_user_id()); $documentData = \DocumentManager::get_document_data_by_id($docId, $courseCode); $filePath = $documentData['absolute_path']; event_download($filePath); } if (!api_is_allowed_to_edit() && !$isVisible) { $this->abort(500); } return $this->sendFile($filePath); }
$files[basename($not_deleted_file['url'])] = $filename; $zip_folder->add($sys_course_path . $_course['path'] . '/' . $not_deleted_file['url'], PCLZIP_OPT_REMOVE_PATH, $sys_course_path . $_course['path'] . '/work', PCLZIP_CB_PRE_ADD, 'my_pre_add_callback'); } //Convert texts in html files if ($not_deleted_file['contains_file'] == 0) { $filename = trim($filename) . ".html"; $work_temp = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . '_' . $filename; file_put_contents($work_temp, $not_deleted_file['description']); $files[basename($work_temp)] = $filename; $zip_folder->add($work_temp, PCLZIP_OPT_REMOVE_PATH, api_get_path(SYS_ARCHIVE_PATH), PCLZIP_CB_PRE_ADD, 'my_pre_add_callback'); @unlink($work_temp); } } if (!empty($files)) { //logging event_download(basename($work_data['title']) . '.zip (folder)'); //start download of created file $name = basename($work_data['title']) . '.zip'; if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) { DocumentManager::file_send_for_download($temp_zip_file, true, $name); @unlink($temp_zip_file); exit; } } else { exit; } /* Extra function (only used here) */ function my_pre_add_callback($p_event, &$p_header) { global $files; if (isset($files[basename($p_header['stored_filename'])])) {
if (isset($path_info['extension']) && $path_info['extension'] == 'swf') { $fixed_url = str_replace('-', '_', $doc_url); $doc_id = DocumentManager::get_document_id(api_get_course_info(), $doc_url); if (!$doc_id) { $fix_file_name = true; } } if (Security::check_abs_path($sys_course_path . $doc_url, $sys_course_path . '/')) { $full_file_name = $sys_course_path . $doc_url; if ($fix_file_name) { $doc_url = $fixed_url; } // Check visibility of document and paths $is_visible = DocumentManager::is_visible($doc_url, $_course, api_get_session_id()); //Document's slideshow thumbnails //correct $is_visible used in below and ??. Now the students can view the thumbnails too if (preg_match('/\\.thumbs\\/\\./', $doc_url)) { $doc_url_thumbs = str_replace('.thumbs/.', '', $doc_url); $is_visible = DocumentManager::is_visible($doc_url_thumbs, $_course, api_get_session_id()); } if (!api_is_allowed_to_edit() && !$is_visible) { Display::display_error_message(get_lang('ProtectedDocument')); //api_not_allowed backbutton won't work. exit; // You shouldn't be here anyway. } // Launch event event_download($doc_url); DocumentManager::file_send_for_download($full_file_name); } exit;
if (empty($document_data)) { // File not found! header('HTTP/1.0 404 Not Found'); $error404 = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'; $error404 .= '<html><head>'; $error404 .= '<title>404 Not Found</title>'; $error404 .= '</head><body>'; $error404 .= '<h1>Not Found</h1>'; $error404 .= '<p>The requested URL was not found on this server.</p>'; $error404 .= '<hr>'; $error404 .= '</body></html>'; echo $error404; exit; } // Launch event event_download($document_data['url']); // Check visibility of document and paths if (!($is_allowed_to_edit || $group_member_with_upload_rights) && !DocumentManager::is_visible_by_id($document_id, $course_info, api_get_session_id(), api_get_user_id())) { api_not_allowed(true); } $full_file_name = $base_work_dir . $document_data['path']; if (Security::check_abs_path($full_file_name, $base_work_dir . '/')) { DocumentManager::file_send_for_download($full_file_name, true); } exit; break; case 'downloadfolder': if (api_get_setting('students_download_folders') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin()) { $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id()); //filter when I am into shared folder, I can donwload only my shared folder if (is_any_user_shared_folder($document_data['path'], $session_id)) {
/** * Downloads all user files per user * @param int $userId * @param array $courseInfo * @return bool */ function downloadAllFilesPerUser($userId, $courseInfo) { $userInfo = api_get_user_info($userId); if (empty($userInfo) || empty($courseInfo)) { return false; } require_once api_get_path(LIBRARY_PATH).'pclzip/pclzip.lib.php'; $tempZipFile = api_get_path(SYS_ARCHIVE_PATH).api_get_unique_id().".zip"; $coursePath = api_get_path(SYS_COURSE_PATH).$courseInfo['path'].'/work/'; $zip = new PclZip($tempZipFile); $workPerUser = getWorkPerUser($userId); if (!empty($workPerUser)) { $files = array(); foreach ($workPerUser as $work) { $work = $work['work']; foreach ($work->user_results as $userResult) { if (empty($userResult['url']) || empty($userResult['contains_file'])) { continue; } $data = getFileContents($userResult['id'], $courseInfo); if (!empty($data) && isset($data['path'])) { $files[basename($data['path'])] = array( 'title' => $data['title'], 'path' => $data['path'] ); } } } if (!empty($files)) { Session::write('files', $files); foreach ($files as $data) { $zip->add( $data['path'], PCLZIP_OPT_REMOVE_PATH, $coursePath, PCLZIP_CB_PRE_ADD, 'preAddAllWorkStudentCallback' ); } } // Start download of created file $name = basename(replace_dangerous_char($userInfo['complete_name'])).'.zip'; event_download($name.'.zip (folder)'); if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) { DocumentManager::file_send_for_download($tempZipFile, true, $name); @unlink($tempZipFile); exit; } } exit; }
*/ if (count($files) == 0) { Response::not_found(); } $root_dir = ''; $items = array_merge($folders, $files); foreach ($items as $item) { $path = $item->get_absolute_path(); $path = realpath($path); $dir = dirname($path); if (empty($root_dir) || strlen($root_dir) > strlen($dir)) { $root_dir = $dir; } } /** * Zip files together. */ $temp_zip_path = Chamilo::temp_file('zip'); $zip_folder = new PclZip($temp_zip_path); foreach ($files as $file) { if (empty($root_dir)) { $root_dir = dirname($file); } $file = (string) $file; $zip_folder->add($file, PCLZIP_OPT_REMOVE_PATH, $root_dir); } /** * Send file for download */ event_download(Uri::here()); DocumentManager::file_send_for_download($temp_zip_path, false, get_lang('Documents') . '.zip');
$files[basename($work_temp)] = $filename; $addStatus = $zip_folder->add( $work_temp, PCLZIP_OPT_REMOVE_PATH, api_get_path(SYS_ARCHIVE_PATH), PCLZIP_CB_PRE_ADD, 'my_pre_add_callback' ); @unlink($work_temp); } } if (!empty($files)) { $fileName = replace_dangerous_char($work_data['title']); // Logging event_download($fileName .'.zip (folder)'); //start download of created file $name = $fileName .'.zip'; if (Security::check_abs_path($temp_zip_file, api_get_path(SYS_ARCHIVE_PATH))) { DocumentManager::file_send_for_download($temp_zip_file, true, $name); @unlink($temp_zip_file); exit; } } else { exit; } /* Extra function (only used here) */ function my_pre_add_callback($p_event, &$p_header)
function rename_zip($FileZip) { event_download($FileZip['PATH'] == '/' ? 'full_export_' . date('Ymd') . '.zip (folder)' : basename($FileZip['PATH']) . '.zip (folder)'); $name = $FileZip['PATH'] == '/' ? 'full_export_' . date('Ymd') . '.zip' : basename($FileZip['PATH']) . '.zip'; if (file_exists($FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name)) { unlink($FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name); } if (file_exists($FileZip['TEMP_FILE_ZIP'])) { rename($FileZip['TEMP_FILE_ZIP'], $FileZip['PATH_TEMP_ARCHIVE'] . '/' . $name); return $name; } else { return false; } }
// Compare the array with visible files and the array with files in invisible folders // and keep the difference (= all visible files that are not in an invisible folder) $files_for_zipfile = diff((array) $all_visible_files_path, (array) $files_in_invisible_folder_path); } else { // No invisible folders found, so all visible files can be added to the zipfile $files_for_zipfile = $all_visible_files_path; } Session::write('doc_files_to_download', $files); // Add all files in our final array to the zipfile for ($i = 0; $i < count($files_for_zipfile); $i++) { $zip->add($sysCoursePath . $courseInfo['path'] . '/document' . $files_for_zipfile[$i], PCLZIP_OPT_REMOVE_PATH, $sysCoursePath . $courseInfo['path'] . '/document' . $remove_dir, PCLZIP_CB_PRE_ADD, 'fixDocumentNameCallback'); } Session::erase('doc_files_to_download'); } // Launch event event_download($path == '/' ? 'documents.zip (folder)' : basename($path) . '.zip (folder)'); // Start download of created file $name = $path == '/' ? 'documents.zip' : $documentInfo['title'] . '.zip'; if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) { $result = DocumentManager::file_send_for_download($tempZipFile, true, $name); @unlink($tempZipFile); exit; } else { api_not_allowed(true); } /** * Returns the difference between two arrays, as an array of those key/values * Use this as array_diff doesn't give the * * @param array $arr1 first array * @param array $arr2 second array
1 => Allow learners to delete their own publications = YES +------------------+------------------------------+----------------------------+ |Can download work?| doc visible for all = 0 | doc visible for all = 1| +------------------+------------------------------+----------------------------+ | visibility = 0 | editor only | editor only | | | | | +------------------+------------------------------+----------------------------+ | visibility = 1 | editor | editor | | | + owner of the work | + any student | +------------------+------------------------------+----------------------------+ (editor = teacher + admin + anybody with right api_is_allowed_to_edit) */ $work_is_visible = $item_info['visibility'] == 1 && $row['accepted'] == 1; $doc_visible_for_all = $course_info['show_score'] == 1; $is_editor = api_is_allowed_to_edit(true, true, true); $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']); if ($is_editor || $student_is_owner_of_work || $doc_visible_for_all && $work_is_visible) { $title = str_replace(' ', '_', $row['title']); event_download($title); if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) { DocumentManager::file_send_for_download($full_file_name, true, $title); } } else { api_not_allowed(); } } } else { api_not_allowed(); } exit;
} $usergroup = new UserGroup(); // allow to the correct user for download this file $not_allowed_to_edit = false; if (!empty($row_users['group_id'])) { $users_group = $usergroup->get_all_users_by_group($row_users['group_id']); if (!in_array($current_uid, array_keys($users_group))) { $not_allowed_to_edit = true; } } else { if ($current_uid != $message_uid) { $not_allowed_to_edit = true; } } if ($not_allowed_to_edit) { api_not_allowed(); exit; } // set the path directory file if (!empty($row_users['group_id'])) { $path_user_info = $usergroup->get_group_picture_path_by_id($row_users['group_id'], 'system', true); } else { $path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true); } $full_file_name = $path_user_info['dir'] . 'message_attachments/' . $file_url; if (Security::check_abs_path($full_file_name, $path_user_info['dir'] . 'message_attachments/')) { // launch event event_download($file_url); DocumentManager::file_send_for_download($full_file_name, TRUE, $title); } exit;