// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
// +---------------------------------------------------------------------------+
ob_start();
require '../lib/bootstrap.php';
page_open(array("sess" => "Seminar_Session", "auth" => "Seminar_Default_Auth", "perm" => "Seminar_Perm", "user" => "Seminar_User"));
require_once 'lib/datei.inc.php';
//basename() needs setlocale()
init_i18n($_SESSION['_language']);
// Set Base URL, otherwise links will fail on SENDFILE_LINK_MODE = rewrite
URLHelper::setBaseURL($GLOBALS['ABSOLUTE_URI_STUDIP']);
$file_id = escapeshellcmd(basename(Request::get('file_id')));
$type = Request::int('type');
if ($type < 0 || $type > 7) {
$type = 0;
}
$document = new StudipDocument($file_id);
$object_id = $document->getValue('seminar_id');
$no_access = true;
//download from course or institute or document is a message attachement
if ($object_id && in_array($type, array(0, 6, 7))) {
$no_access = !$document->checkAccess($GLOBALS['user']->id);
}
//download from archive, allowed if former participant
if ($type == 1) {
$query = "SELECT seminar_id FROM archiv WHERE archiv_file_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($file_id));
$archiv_seminar_id = $statement->fetchColumn();
if ($archiv_seminar_id) {
$no_access = !archiv_check_perm($archiv_seminar_id);
} else {
public function post_files_action()
{
$context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
$context_type = Request::option("context_type");
if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
throw new AccessDeniedException("Kein Zugriff");
}
//check folders
$db = DBManager::get();
$folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
$parent_folder_id = md5("Blubber_" . $context);
if ($context_type !== "course") {
$folder_id = $parent_folder_id;
}
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
if ($context_type === "course") {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
}
$output = array();
foreach ($_FILES as $file) {
$GLOBALS['msg'] = '';
if ($context_type === "course") {
validate_upload($file);
if ($GLOBALS['msg']) {
$output['errors'][] = $file['name'] . ': ' . studip_utf8encode(html_entity_decode(trim(substr($GLOBALS['msg'], 6), '§')));
continue;
}
}
if ($file['size']) {
$document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['seminar_id'] = $context;
$document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
$document['filesize'] = $file['size'];
if ($newfile = StudipDocument::createWithFile($file['tmp_name'], $document)) {
$type = null;
strpos($file['type'], 'image') === false || ($type = "img");
strpos($file['type'], 'video') === false || ($type = "video");
if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
$type = "audio";
}
$url = GetDownloadLink($newfile->getId(), $newfile['filename']);
if ($type) {
$output['inserts'][] = "[" . $type . "]" . $url;
} else {
$output['inserts'][] = "[" . $newfile['filename'] . "]" . $url;
}
}
}
}
$this->render_json($output);
}
public function getNumAttachments()
{
return StudipDocument::countBySQL("range_id=?", array($this->id));
}
/**
*
* checks if the 'protected' flag of a file is set and if
* the course access is closed
*
* @param string MD5 id of the file
* @return bool
*/
function check_protected_download($document_id) {
$ok = true;
if (Config::GetInstance()->getValue('ENABLE_PROTECTED_DOWNLOAD_RESTRICTION')) {
$doc = new StudipDocument($document_id);
if ($doc->getValue('protected')) {
$ok = false;
$range_id = $doc->getValue('seminar_id');
if (get_object_type($range_id) == 'sem') {
$seminar = Seminar::GetInstance($range_id);
$timed_admission = $seminar->getAdmissionTimeFrame();
if ($seminar->isPasswordProtected() ||
$seminar->isAdmissionLocked()
|| ($timed_admission['end_time'] > 0 && $timed_admission['end_time'] < time())) {
$ok = true;
} else if (StudygroupModel::isStudygroup($range_id)) {
$studygroup = Seminar::GetInstance($range_id);
if ($studygroup->admission_prelim == 1) {
$ok = true;
}
}
}
}
}
return $ok;
}
/**
* Create a new Stud.IP document from an uploaded file.
*
* @param array $file Metadata of uploaded file.
* @param string $folder_id ID of Stud.IP folder to which file is stored.
* @return StudipDocument New Stud.IP document for uploaded file.
* @throws AccessDeniedException if file is forbidden or upload failed.
*/
public static function fromUpload($file, $folder_id)
{
self::verifyUpload($file);
// throw exception if file is forbidden
$newfile = \StudipDocument::createWithFile($file['tmp_name'], self::studipData($file, $folder_id));
if (!$newfile) {
// file creation failed
throw new \AccessDeniedException(_('Stud.IP-Dokument konnte nicht erstellt werden.'));
}
return new WysiwygDocument($newfile, \studip_utf8decode($file['type']));
}
public function add_to_course_action($material_id)
{
$this->material = new LernmarktplatzMaterial($material_id);
if (Request::isPost() && Request::option("seminar_id") && $GLOBALS['perm']->have_studip_perm("autor", Request::option("seminar_id"))) {
//$course = new Course(Request::option("seminar_id"));
$query = "SELECT folder_id FROM folder WHERE range_id = ? ORDER BY name";
$statement = DBManager::get()->prepare($query);
$statement->execute(array(Request::option("seminar_id")));
$folder_id = $statement->fetch(PDO::FETCH_COLUMN, 0);
if ($folder_id && ($GLOBALS['perm']->have_studip_perm("tutor", Request::option("seminar_id")) || in_array("writable", DocumentFolder::find($folder_id)->getPermissions()))) {
if ($this->material['host_id']) {
$path = $GLOBALS['TMP_PATH'] . "/tmp_download_" . md5(uniqid());
file_put_contents($path, file_get_contents($this->material->host->url . "download/" . $this->material['foreign_material_id']));
} else {
$path = $this->material->getFilePath();
}
$document = StudipDocument::createWithFile($path, array('name' => $this->material['name'], 'range_id' => $folder_id, 'user_id' => $GLOBALS['user']->id, 'seminar_id' => Request::option("seminar_id"), 'description' => $this->material['description'] ?: $this->material['short_description'], 'filename' => $this->material['filename'], 'filesize' => filesize($path), 'author_name' => get_fullname()));
PageLayout::postMessage(MessageBox::success(_("Datei wurde erfolgreich kopiert.")));
$this->redirect(URLHelper::getURL("folder.php#anker", array('cid' => Request::option("seminar_id"), 'data' => array('cmd' => "tree", 'open' => array($folder_id => 1, $document->getId() => 1)), 'open' => $document->getId())));
if ($this->material['host_id']) {
//cleanup
@unlink($path);
}
} else {
PageLayout::postMessage(MessageBox::error(_("Veranstaltung hat keinen allgemeinen Dateiordner.")));
$this->redirect(PluginEngine::getURL($this->plugin, array(), "market/details/" . $material_id));
}
}
$this->courses = Course::findBySQL("INNER JOIN seminar_user USING (Seminar_id) WHERE seminar_user.user_id = ? ORDER BY seminare.mkdate DESC", array($GLOBALS['user']->id));
}
/**
* Saves given files (dragged into the textarea) and returns the link to the
* file to the user as json.
* @throws AccessDeniedException
*/
public function post_files_action()
{
$context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
$context_type = Request::option("context_type");
if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
throw new AccessDeniedException();
}
//check folders
$db = DBManager::get();
$folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
$parent_folder_id = md5("Blubber_" . $context);
if ($context_type !== "course") {
$folder_id = $parent_folder_id;
}
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
if ($context_type === "course") {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
}
$output = array();
foreach ($_FILES as $file) {
$GLOBALS['msg'] = '';
validate_upload($file);
if ($GLOBALS['msg']) {
$output['errors'][] = $file['name'] . ': ' . decodeHTML(trim(substr($GLOBALS['msg'], 6), '§'));
continue;
}
if ($file['size']) {
$document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['seminar_id'] = $context;
$document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
$document['filesize'] = $file['size'];
if ($context === $GLOBALS['user']->id && Config::get()->PERSONALDOCUMENT_ENABLE) {
try {
$root_dir = RootDirectory::find($GLOBALS['user']->id);
$blubber_directory = $root_dir->listDirectories()->findOneBy('name', 'Blubber');
if (!$blubber_directory) {
$blubber_directory = $root_dir->mkdir('Blubber', _('Ihre Dateien aus Blubberstreams'));
}
$newfile = $blubber_directory->file->createFile($document['name']);
$newfile->name = $document['name'];
$newfile->store();
$handle = $newfile->file;
$handle->restricted = 0;
$handle->mime_type = $file['type'];
$handle->setContentFromFile($file['tmp_name']);
$handle->update();
$url = $newfile->getDownloadLink(true, true);
$success = true;
} catch (Exception $e) {
$output['error'][] = $e->getMessage();
$success = false;
}
} else {
$newfile = StudipDocument::createWithFile($file['tmp_name'], $document);
$success = (bool) $newfile;
if ($success) {
$url = GetDownloadLink($newfile->getId(), $newfile['filename']);
}
}
if ($success) {
$type = null;
strpos($file['type'], 'image') === false || ($type = "img");
strpos($file['type'], 'video') === false || ($type = "video");
if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
$type = "audio";
}
if ($type) {
$output['inserts'][] = "[" . $type . "]" . $url;
} else {
$output['inserts'][] = "[" . $document['filename'] . "]" . $url;
}
}
}
}
$this->render_json($output);
}
/**
* Create a new document using the given file and metadata.
* This method makes sure that there are no inconsistencies between a real
* file and its database entry. Only if the file were copied/moved to the
* documents folder, the database entry is written. If this fails too, the
* file will be unlinked again.
* The first parameter can either be an uploaded file or the path to an
* already existing one. This file will either be moved using
* move_uploaded_file or it will be copied.
* The destination is determined this way: If the second parameter $data
* already contains a "dokument_id", this will be used as the file's
* destination. This is usually the case when refreshing a file.
* If there is no such parameter, a new "dokument_id" is generated as usual
* and is used as the file's destination.
*
* Before a document (and its file) is created, the notification
* "DocumentWillCreate" will be posted.
* If the document was created successfuly, the notification
* "DocumentDidCreate" will be posted.
* It the document was updated rather than created (see above), the
* notifications will be "DocumentWillUpdate" and "DocumentDidUpdate".
* The subject of the notification will always be that document.
*
* @param $file string full path to a file (either uploaded or already existing)
* @param $data array an array containing the metadata of the document;
* just use the same way as StudipDocument::setData
* @return StudipDocument|null if successful the created document, null otherwise
*/
static function createWithFile($file, $data)
{
$doc = new StudipDocument(@$data['dokument_id']);
$doc->setData($data);
// create new ID (and thus path)
if (!$doc->getId()) {
$doc->setId($doc->getNewId());
}
$notifications = !isset($data['dokument_id']) ? array('DocumentWillCreate', 'DocumentDidCreate') : array('DocumentWillUpdate', 'DocumentDidUpdate');
// send DocumentWill(Create|Update) notification
NotificationCenter::postNotification($notifications[0], $doc);
if (!$doc->attachFile($file) || !$doc->safeStore()) {
return null;
}
// send DocumentDid(Create|Update) notification
NotificationCenter::postNotification($notifications[1], $doc);
return $doc;
}
$statement->execute(array(Request::get("moveintofolder"),Request::get("movefile")));
}
}
//Datei soll in einen Ordner kopiert werden
if ((Request::get("copyintofolder")) && (Request::get("copyfile"))) {
$query = "SELECT name, description, filename, mkdate, filesize,
autor_host, url, protected
FROM dokumente
WHERE dokument_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array(Request::get("copyfile")));
$result = $statement->fetch(PDO::FETCH_ASSOC);
if (($rechte) || ($folder_tree->isWriteable(Request::get("copyintofolder") , $user->id))) {
$doc = new StudipDocument();
$doc->setData(
array(
'range_id' => Request::get("copyintofolder"),
'user_id' => $user->id,
'seminar_id' => $SessSemName[1],
'name' => $result['name'],
'description' => $result['description'],
'filename' => $result['filename'],
'mkdate' => $result['mkdate'],
'chdate' => time(),
'filesize' => $result['filesize'],
'autor_host' => $result['autor_host'],
'download' => 0,
'url' => $result['url'],
'protected' => $result['protected'],
public function delete_attachment_action()
{
CSRFProtection::verifyUnsafeRequest();
$doc = StudipDocument::find(Request::option('document_id'));
if ($doc && $doc->range_id == 'provisional' && $doc->description == Request::option('message_id')) {
@unlink(get_upload_file_path($doc->id));
$doc->delete();
}
$this->render_nothing();
}
/**
* Converts URLs in images so that the webserver can access them without proxy.
* @param string $url of an image
* @return string " src=\"".$converted_url."\""
*/
protected function convertURL($url)
{
$convurl = $url;
$url_elements = @parse_url($url);
$url = $url_elements['path'] . '?' . $url_elements['query'];
if (strpos(implode('#', $this->domains), $url_elements['host']) !== false) {
if (strpos($url, 'dispatch.php/media_proxy?url=') !== false) {
$targeturl = urldecode(substr($url, 4));
try {
// is file in cache?
if (!($metadata = $this->media_proxy->getMetaData($targeturl))) {
$convurl = $targeturl;
} else {
$convurl = $this->config->getValue('MEDIA_CACHE_PATH') . '/' . md5($targeturl);
}
} catch (Exception $e) {
$convurl = '';
}
} else {
if (stripos($url, 'dispatch.php/document/download') !== false) {
if (preg_match('#([a-f0-9]{32})#', $url, $matches)) {
$convurl = DirectoryEntry::find($matches[1])->file->getStorageObject()->getPath();
}
} else {
if (stripos($url, 'download') !== false || stripos($url, 'sendfile.php') !== false) {
//// get file id
if (preg_match('#([a-f0-9]{32})#', $url, $matches)) {
$document = new StudipDocument($matches[1]);
if ($document->checkAccess($GLOBALS['user']->id)) {
$convurl = get_upload_file_path($matches[1]);
} else {
$convurl = Assets::image_path('messagebox/exception.png');
}
}
}
}
}
}
return 'src="' . $convurl . '"';
}
private function loadDocuments($folder_id)
{
$files = \StudipDocument::findByFolderId($folder_id);
$result = array();
foreach ($files as $file) {
$url = $this->urlf('/file/%s', array($file->id));
$result[$url] = $this->fileToJSON($file);
}
return $result;
}
static function find_files($id, $user_id)
{
$db = \DBManager::get();
$query = " SELECT *\n\t\t\t\t\t\tFROM dokumente\n\t\t\t\t\t\tWHERE seminar_id = '{$id}'\n\t\t\t\t\t\tORDER BY mkdate DESC\n\t\t\tLIMIT 0,30\n\t\t\t";
$result = $db->query($query);
$files = array();
foreach ($result as $row) {
// getLink
$link = $row['url'];
if ($row['url'] == "" or !$row['url']) {
$link = GetDownloadLink($row['dokument_id'], $row['filename'], 0, 'force_download');
}
// get file extension
$path_parts = pathinfo($row['filename']);
$extension = strtoupper($path_parts['extension']);
//get extension icon
switch ($extension) {
case "PDF":
$icon_link = "/public/images/icons/files32/pdf.png";
break;
case "XLS":
$icon_link = "/public/images/icons/files32/xls.png";
break;
case "PPT":
$icon_link = "/public/images/icons/files32/ppt.png";
break;
case "ZIP":
$icon_link = "/public/images/icons/files32/zip.png";
break;
case "RTF":
$icon_link = "/public/images/icons/files32/rtf.png";
break;
case "TXT":
$icon_link = "/public/images/icons/files32/txt.png";
break;
case "TGZ":
$icon_link = "/public/images/icons/files32/tgz.png";
break;
default:
$icon_link = "/public/images/icons/files32/_blank.png";
}
//check access
$file_object = \StudipDocument::find($row['dokument_id']);
// Falls $file_oject vorhanden ab in den Array
if (isset($file_object) && $file_object->checkAccess($user_id)) {
$files[] = array('id' => $row['dokument_id'], 'name' => $row['name'], 'Seminar_id' => $row['seminar_id'], 'author' => $row['author_name'], 'author_id' => $row['user_id'], 'description' => $row['description'], 'mkdate' => $row['mkdate'], 'filesize' => $row['filesize'], 'link' => $link, 'filename' => $row['filename'], 'icon_link' => $icon_link, 'extension' => $extension);
}
}
return $files;
}
/**
* @param $dokument_id
* @return StudipMail provides fluent interface
*/
function addStudipAttachment($dokument_id)
{
$doc = new StudipDocument($dokument_id);
if (!$doc->isNew()) {
$this->addFileAttachment(get_upload_file_path($doc->getId()), $doc->getValue('filename'));
}
return $this;
}
