Exemplo n.º 1
0
//echo $_REQUEST['tab'];
//echo $alter;
/* get this courses MaxQuota and MaxFileSize: */
$sql = "SELECT max_quota, max_file_size FROM " . TABLE_PREFIX . "courses WHERE course_id={$_SESSION['course_id']}";
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
$my_MaxCourseSize = $row['max_quota'];
$my_MaxFileSize = $row['max_file_size'];
if ($my_MaxCourseSize == AT_COURSESIZE_DEFAULT) {
    $my_MaxCourseSize = $MaxCourseSize;
}
if ($my_MaxFileSize == AT_FILESIZE_DEFAULT) {
    $my_MaxFileSize = $MaxFileSize;
} else {
    if ($my_MaxFileSize == AT_FILESIZE_SYSTEM_MAX) {
        $my_MaxFileSize = megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1));
    }
}
$path = AT_CONTENT_DIR . $_SESSION['course_id'] . '/' . $_POST['pathext'];
if (isset($_POST['submit'])) {
    if ($_FILES['file']) {
        $_FILES['uploadedfile'] = $_FILES['file'];
    }
    if ($_FILES['uploadedfile']['name']) {
        $_FILES['uploadedfile']['name'] = trim($_FILES['uploadedfile']['name']);
        $_FILES['uploadedfile']['name'] = str_replace(' ', '_', $_FILES['uploadedfile']['name']);
        $path_parts = pathinfo($_FILES['uploadedfile']['name']);
        $ext = $path_parts['extension'];
        /* check if this file extension is allowed: */
        /* $IllegalExtentions is defined in ./include/config.inc.php */
        if (in_array($ext, $IllegalExtentions)) {
Exemplo n.º 2
0
    if ($this->row['max_quota'] != AT_COURSESIZE_UNLIMITED && $this->row['max_quota'] != AT_COURSESIZE_DEFAULT) {
        echo bytes_to_megabytes($this->row['max_quota']);
    }
    ?>
" size="4" /> <?php 
    echo _AT('mb');
    ?>
	</div>

	<div class="row">
		<?php 
    echo _AT('max_file_size');
    ?>
<br />
		<?php 
    $max_allowed = megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1));
    if ($this->row['max_file_size'] == AT_FILESIZE_DEFAULT) {
        $f_def = ' checked="checked" ';
        $f_oth2 = ' disabled="disabled" ';
    } elseif ($this->row['max_file_size'] == AT_FILESIZE_SYSTEM_MAX) {
        $f_max = ' checked="checked" ';
        $f_oth2 = ' disabled="disabled" ';
    } else {
        $f_oth = ' checked="checked" ';
        $f_oth2 = '';
    }
    ?>
		<input type="radio" id="f_default" name="filesize" value="<?php 
    echo AT_FILESIZE_DEFAULT;
    ?>
" onclick="disableOther2();" <?php 
Exemplo n.º 3
0
function add_update_course($course_data, $isadmin = FALSE)
{
    require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
    global $addslashes;
    global $db;
    global $system_courses;
    global $MaxCourseSize;
    global $msg;
    global $_config;
    global $_config_defaults;
    global $stripslashes;
    $Backup = new Backup($db);
    $missing_fields = array();
    if ($course_data['title'] == '') {
        $missing_fields[] = _AT('title');
    }
    if (!$course_data['instructor']) {
        $missing_fields[] = _AT('instructor');
    }
    if ($missing_fields) {
        $missing_fields = implode(', ', $missing_fields);
        $msg->addError(array('EMPTY_FIELDS', $missing_fields));
    }
    $course_data['access'] = $addslashes($course_data['access']);
    $course_data['title'] = $addslashes($course_data['title']);
    $course_data['description'] = $addslashes($course_data['description']);
    $course_data['hide'] = $addslashes($course_data['hide']);
    $course_data['pri_lang'] = $addslashes($course_data['pri_lang']);
    $course_data['created_date'] = $addslashes($course_data['created_date']);
    $course_data['copyright'] = $addslashes($course_data['copyright']);
    $course_data['icon'] = $addslashes($course_data['icon']);
    $course_data['banner'] = $addslashes($course_data['banner']);
    $course_data['course_dir_name'] = $addslashes($course_data['course_dir_name']);
    $course_data['course'] = intval($course_data['course']);
    $course_data['notify'] = intval($course_data['notify']);
    $course_data['hide'] = intval($course_data['hide']);
    $course_data['instructor'] = intval($course_data['instructor']);
    $course_data['category_parent'] = intval($course_data['category_parent']);
    $course_data['rss'] = intval($course_data['rss']);
    // Course directory name (aka course slug)
    if ($course_data['course_dir_name'] != '') {
        //validate the course_dir_name, allow only alphanumeric, underscore.
        if (preg_match('/^[\\w][\\w\\d\\_]+$/', $course_data['course_dir_name']) == 0) {
            $msg->addError('COURSE_DIR_NAME_INVALID');
        }
        //check if the course_dir_name is already being used
        $sql = "SELECT COUNT(course_id) as cnt FROM %scourses WHERE course_id!=%d AND course_dir_name='%s'";
        $num_of_dir = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['course_dir_name']), TRUE);
        if (intval($num_of_dir['cnt']) > 0) {
            $msg->addError('COURSE_DIR_NAME_IN_USE');
        }
    }
    // Custom icon
    if ($_FILES['customicon']['name'] != '') {
        // Use custom icon instead if it exists
        $course_data['icon'] = $addslashes($_FILES['customicon']['name']);
    }
    if ($_FILES['customicon']['error'] == UPLOAD_ERR_FORM_SIZE) {
        // Check if filesize is too large for a POST
        $msg->addError(array('FILE_MAX_SIZE', $_config['prof_pic_max_file_size'] . ' ' . _AT('bytes')));
    }
    if ($course_data['release_date']) {
        $day_release = intval($course_data['day_release']);
        $month_release = intval($course_data['month_release']);
        $year_release = intval($course_data['year_release']);
        $hour_release = intval($course_data['hour_release']);
        $min_release = intval($course_data['min_release']);
        if (!checkdate($month_release, $day_release, $year_release)) {
            //or date is in the past
            $msg->addError('RELEASE_DATE_INVALID');
        }
        if (strlen($month_release) == 1) {
            $month_release = "0{$month_release}";
        }
        if (strlen($day_release) == 1) {
            $day_release = "0{$day_release}";
        }
        if (strlen($hour_release) == 1) {
            $hour_release = "0{$hour_release}";
        }
        if (strlen($min_release) == 1) {
            $min_release = "0{$min_release}";
        }
        $release_date = "{$year_release}-{$month_release}-{$day_release} {$hour_release}:{$min_release}:00";
    } else {
        $release_date = "0000-00-00 00:00:00";
    }
    if ($course_data['end_date']) {
        $day_end = intval($course_data['day_end']);
        $month_end = intval($course_data['month_end']);
        $year_end = intval($course_data['year_end']);
        $hour_end = intval($course_data['hour_end']);
        $min_end = intval($course_data['min_end']);
        if (!checkdate($month_end, $day_end, $year_end)) {
            //or date is in the past
            $msg->addError('END_DATE_INVALID');
        }
        if (strlen($month_end) == 1) {
            $month_end = "0{$month_end}";
        }
        if (strlen($day_end) == 1) {
            $day_end = "0{$day_end}";
        }
        if (strlen($hour_end) == 1) {
            $hour_end = "0{$hour_end}";
        }
        if (strlen($min_end) == 1) {
            $min_end = "0{$min_end}";
        }
        $end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
    } else {
        $end_date = "0000-00-00 00:00:00";
    }
    $initial_content_info = explode('_', $course_data['initial_content'], 2);
    //admin
    $course_quotas = '';
    if ($isadmin) {
        $instructor = $course_data['instructor'];
        $quota = intval($course_data['quota']);
        $quota_entered = intval($course_data['quota_entered']);
        $filesize = intval($course_data['filesize']);
        $filesize_entered = intval($course_data['filesize_entered']);
        //if they checked 'other', set quota=entered value, if it is empty or negative, set to default (-2)
        if ($quota == '2') {
            if ($quota_entered == '' || empty($quota_entered) || $quota_entered < 0) {
                $quota = AT_COURSESIZE_DEFAULT;
            } else {
                $quota = floatval($quota_entered);
                $quota = megabytes_to_bytes($quota);
            }
        }
        //if they checked 'other', set filesize=entered value, if it is empty or negative, set to default
        if ($filesize == '2') {
            if ($filesize_entered == '' || empty($filesize_entered) || $filesize_entered < 0) {
                $filesize = AT_FILESIZE_DEFAULT;
                $msg->addFeedback('COURSE_DEFAULT_FSIZE');
            } else {
                $filesize = floatval($filesize_entered);
                $filesize = megabytes_to_bytes($filesize);
            }
        }
        $course_quotas = "max_quota='{$quota}', max_file_size='{$filesize}',";
    } else {
        $instructor = $_SESSION['member_id'];
        if (!$course_data['course']) {
            $course_quotas = "max_quota=" . AT_COURSESIZE_DEFAULT . ", max_file_size=" . AT_FILESIZE_DEFAULT . ",";
            $row = $Backup->getRow($initial_content_info[0], $initial_content_info[1]);
            if (count($initial_content_info) == 2 && $system_courses[$initial_content_info[1]]['member_id'] == $_SESSION['member_id']) {
                if ($MaxCourseSize < $row['contents']['file_manager']) {
                    $msg->addError('RESTORE_TOO_BIG');
                }
            } else {
                $initial_content_info = intval($course_data['initial_content']);
            }
        } else {
            unset($initial_content_info);
            $course_quotas = "max_quota='{$system_courses[$course_data[course]][max_quota]}', max_file_size='{$system_courses[$course_data[course]][max_file_size]}',";
        }
    }
    if ($msg->containsErrors()) {
        return FALSE;
    }
    //display defaults
    if (!$course_data['course']) {
        $menu_defaults = ",home_links='{$_config['home_defaults']}', main_links='{$_config['main_defaults']}', side_menu='{$_config['side_defaults']}'";
    } else {
        $menu_defaults = ',home_links=\'' . $system_courses[$course_data['course']]['home_links'] . '\', main_links=\'' . $system_courses[$course_data['course']]['main_links'] . '\', side_menu=\'' . $system_courses[$course_data['course']]['side_menu'] . '\'';
    }
    $sql = "REPLACE INTO %scourses \n                SET \n                course_id=%d, \n                member_id='%s', \n                access='%s', \n                title='%s', \n                description='%s', \n                course_dir_name='%s', \n                cat_id=%d, \n                content_packaging='%s', \n                notify=%d, \n                hide=%d, \n                {$course_quotas}\n                primary_language='%s',\n                created_date='%s',\n                rss=%d,\n                copyright='%s',\n                icon='%s',\n                banner='%s',\n                release_date='%s', \n                end_date='%s' \n                {$menu_defaults}";
    $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['instructor'], $course_data['access'], $course_data['title'], $course_data['description'], $course_data['course_dir_name'], $course_data['category_parent'], $course_data['content_packaging'], $course_data['notify'], $course_data['hide'], $course_data['pri_lang'], $course_data['created_date'], $course_data['rss'], $course_data['copyright'], $course_data['icon'], $course_data['banner'], $release_date, $end_date));
    if (!$result) {
        echo at_db_error();
        echo 'DB Error';
        exit;
    }
    $new_course_id = $_SESSION['course_id'] = at_insert_id();
    if (isset($isadmin)) {
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_REPLACE, 'courses', $result, $sqlout);
    }
    if (isset($isadmin)) {
        //get current instructor and unenroll from course if different from POST instructor
        $old_instructor = $system_courses[$course_data['course']]['member_id'];
        if ($old_instructor != $course_data['instructor']) {
            //remove old from course enrollment
            $sql = "DELETE FROM %scourse_enrollment WHERE course_id=%d AND member_id=%d";
            $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $old_instructor));
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout);
        }
    }
    //enroll new instructor
    $sql = "REPLACE INTO %scourse_enrollment VALUES (%d, %d, 'y', 0, '" . _AT('instructor') . "', 0)";
    $result = queryDB($sql, array(TABLE_PREFIX, $course_data['instructor'], $new_course_id));
    if (isset($isadmin)) {
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_REPLACE, 'course_enrollment', $result, $sqlout);
    }
    // create the course content directory
    $path = AT_CONTENT_DIR . $new_course_id . '/';
    @mkdir($path, 0700);
    @copy(AT_CONTENT_DIR . 'index.html', AT_CONTENT_DIR . $new_course_id . '/index.html');
    // create the course backup directory
    $path = AT_BACKUP_DIR . $new_course_id . '/';
    @mkdir($path, 0700);
    @copy(AT_CONTENT_DIR . 'index.html', AT_BACKUP_DIR . $new_course_id . '/index.html');
    /* insert some default content: */
    if (!$course_data['course_id'] && $course_data['initial_content'] == '1') {
        $contentManager = new ContentManager($db, $new_course_id);
        $contentManager->initContent();
        $cid = $contentManager->addContent($new_course_id, 0, 1, _AT('welcome_to_atutor'), addslashes(_AT('this_is_content')), '', '', 1, date('Y-m-d H:00:00'));
        $announcement = _AT('default_announcement');
        $sql = "INSERT INTO %snews VALUES (NULL, %d, %d, NOW(), 1, '%s', '%s')";
        $result = queryDB($sql, array(TABLE_PREFIX, $new_course_id, $instructor, _AT('welcome_to_atutor'), $announcement));
        if ($isadmin) {
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_INSERT, 'news', $result, $sqlout);
        }
    } else {
        if (!$course_data['course'] && count($initial_content_info) == 2) {
            $Backup->setCourseID($new_course_id);
            $Backup->restore($material = TRUE, 'append', $initial_content_info[0], $initial_content_info[1]);
        }
    }
    // custom icon, have to be after directory is created
    if ($_FILES['customicon']['tmp_name'] != '') {
        $course_data['comments'] = trim($course_data['comments']);
        $owner_id = $_SESSION['course_id'];
        $owner_type = "1";
        if ($_FILES['customicon']['error'] == UPLOAD_ERR_INI_SIZE) {
            $msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1)))));
        } else {
            if (!isset($_FILES['customicon']['name']) || $_FILES['customicon']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['customicon']['size'] == 0) {
                $msg->addError('FILE_NOT_SELECTED');
            } else {
                if ($_FILES['customicon']['error'] || !is_uploaded_file($_FILES['customicon']['tmp_name'])) {
                    $msg->addError('FILE_NOT_SAVED');
                }
            }
        }
        if (!$msg->containsErrors()) {
            $course_data['description'] = $addslashes(trim($course_data['description']));
            $_FILES['customicon']['name'] = addslashes($_FILES['customicon']['name']);
            if ($course_data['comments']) {
                $num_comments = 1;
            } else {
                $num_comments = 0;
            }
            $path = AT_CONTENT_DIR . $owner_id . "/custom_icons/";
            if (!is_dir($path)) {
                @mkdir($path);
            }
            // if we can upload custom course icon, it means GD is enabled, no need to check extension again.
            $gd_info = gd_info();
            $supported_images = array();
            if ($gd_info['GIF Create Support']) {
                $supported_images[] = 'gif';
            }
            if ($gd_info['JPG Support'] || $gd_info['JPEG Support']) {
                $supported_images[] = 'jpg';
            }
            if ($gd_info['PNG Support']) {
                $supported_images[] = 'png';
            }
            // check if this is a supported file type
            $filename = $stripslashes($_FILES['customicon']['name']);
            $path_parts = pathinfo($filename);
            $extension = strtolower($path_parts['extension']);
            $image_attributes = getimagesize($_FILES['customicon']['tmp_name']);
            if ($extension == 'jpeg') {
                $extension = 'jpg';
            }
            // resize the original but don't backup a copy.
            $width = $image_attributes[0];
            $height = $image_attributes[1];
            $original_img = $_FILES['customicon']['tmp_name'];
            $thumbnail_img = $path . $_FILES['customicon']['name'];
            if ($width > $height && $width > 79) {
                $thumbnail_height = intval(79 * $height / $width);
                $thumbnail_width = 79;
                if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
                    $msg->addError('FILE_NOT_SAVED');
                }
            } else {
                if ($width <= $height && $height > 79) {
                    $thumbnail_height = 100;
                    $thumbnail_width = intval(100 * $width / $height);
                    if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
                        $msg->addError('FILE_NOT_SAVED');
                    }
                } else {
                    // no resizing, just copy the image.
                    // it's too small to resize.
                    copy($original_img, $thumbnail_img);
                }
            }
        } else {
            $msg->addError('FILE_NOT_SAVED');
        }
    }
    //----------------------------------------
    /* delete the RSS feeds just in case: */
    if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS1.0.xml')) {
        @unlink(AT_CONTENT_DIR . 'feeds/' . $course_data['course'] . '/RSS1.0.xml');
    }
    if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml')) {
        @unlink(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml');
    }
    if ($isadmin) {
        $_SESSION['course_id'] = -1;
    }
    $_SESSION['course_title'] = $stripslashes($course_data['title']);
    return $new_course_id;
}
Exemplo n.º 4
0
     if (!$msg->containsErrors()) {
         $_POST['new_folder_name'] = $addslashes($_POST['new_folder_name']);
         $parent_folder_id = abs($_POST['folder']);
         $sql = "INSERT INTO " . TABLE_PREFIX . "folders VALUES (NULL, {$parent_folder_id}, {$owner_type}, {$owner_id}, '{$_POST['new_folder_name']}')";
         $result = mysql_query($sql, $db);
         $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
         header('Location: ' . url_rewrite('mods/_standard/file_storage/index.php' . $owner_arg_prefix . 'folder=' . $parent_folder_id, AT_PRETTY_URL_IS_HEADER));
         exit;
     }
 } else {
     if (query_bit($owner_status, WORKSPACE_AUTH_WRITE) && isset($_POST['upload'])) {
         // handle the file upload
         $_POST['comments'] = trim($_POST['comments']);
         $parent_folder_id = abs($_POST['folder']);
         if ($_FILES['file']['error'] == UPLOAD_ERR_INI_SIZE) {
             $msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1)))));
         } else {
             if (!isset($_FILES['file']['name']) || $_FILES['file']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['file']['size'] == 0) {
                 $msg->addError('FILE_NOT_SELECTED');
             } else {
                 if ($_FILES['file']['error'] || !is_uploaded_file($_FILES['file']['tmp_name'])) {
                     $msg->addError('FILE_NOT_SAVED');
                 }
             }
         }
         // check that we own this folder
         if ($parent_folder_id) {
             $sql = "SELECT folder_id FROM " . TABLE_PREFIX . "folders WHERE folder_id={$parent_folder_id} AND owner_type={$owner_type} AND owner_id={$owner_id}";
             $result = mysql_query($sql, $db);
             if (!($row = mysql_fetch_assoc($result))) {
                 $msg->addError('ACCESS_DENIED');