$metadataPath = $_POST['metadataPath'] . ".xml";
$oldFilename = $_POST['meta_filename'] . ".xml";
$xml_filename = $basedir . str_replace('/..', '', $metadataPath);
$xml_date = date("Y\\-m\\-d G\\:i\\:s");
$file_format = ".meta";
metaCreateDomDocument($xml_filename);
$result = Database::get()->querySingle("SELECT * FROM document WHERE {$group_sql} AND path = ?s", $metadataPath);
if ($result) {
Database::get()->query("UPDATE document SET\n creator = ?s,\n date_modified = NOW(),\n format = ?s,\n language = ?s\n WHERE {$group_sql} AND path = ?s", $_SESSION['givenname'] . " " . $_SESSION['surname'], $file_format, $_POST['meta_language'], $metadataPath);
} else {
Database::get()->query("INSERT INTO document SET\n course_id = ?d ,\n subsystem = ?d ,\n subsystem_id = ?d ,\n path = ?s,\n filename = ?s ,\n visible = 0,\n creator = ?s,\n date = ?t ,\n date_modified = ?t ,\n format = ?s,\n language = ?s", $course_id, $subsystem, $subsystem_id, $metadataPath, $oldFilename, $_SESSION['givenname'] . " " . $_SESSION['surname'], $xml_date, $xml_date, $file_format, $_POST['meta_language']);
}
$action_message = "<div class='alert alert-success'>{$langMetadataMod}</div>";
}
if (isset($_POST['replacePath']) and isset($_FILES['newFile']) and is_uploaded_file($_FILES['newFile']['tmp_name'])) {
validateUploadedFile($_FILES['newFile']['name'], $menuTypeID);
$replacePath = $_POST['replacePath'];
// Check if file actually exists
$result = Database::get()->querySingle("SELECT id, path, format FROM document WHERE\n {$group_sql} AND\n format <> '.dir' AND\n path=?s", $replacePath);
if ($result) {
$docId = $result->id;
$oldpath = $result->path;
$oldformat = $result->format;
// check for disk quota
$diskUsed = dir_total_space($basedir);
if ($diskUsed - filesize($basedir . $oldpath) + $_FILES['newFile']['size'] > $diskQuotaDocument) {
$action_message = "<div class='alert alert-danger'>{$langNoSpace}</div>";
} elseif (unwanted_file($_FILES['newFile']['name'])) {
$action_message = "<div class='alert alert-danger'>{$langUnwantedFiletype}: " . q($_FILES['newFile']['name']) . "</div>";
} else {
$newformat = get_file_extension($_FILES['newFile']['name']);
function validateZipFile($file)
{
$validationResult = validateUploadedFile($file);
if (!isset($file["tmp_name"]) || $file["tmp_name"] == "") {
return "No file uploaded for deployment.";
}
if (!endsWith($file['name'], '.zip', true)) {
return "The file uploaded is not a valid ZIP file. Please try again.";
}
return $validationResult;
}
/**
* Main logic and control flow for all PUT funcions
* @param unknown_type $action
*/
function put($action)
{
$confirmAction = 'Confirm ' . ucwords($action);
if (isset($_POST['action']) && $_POST['action'] == $confirmAction) {
if (isset($_POST['sourceType']) && $_POST['sourceType'] == "singleRecord") {
$singleRecordCsv = array();
if (requiresObject($action)) {
$fields = WorkbenchContext::get()->describeSObjects(WorkbenchContext::get()->getDefaultObject())->fields;
} else {
$idField = new stdClass();
$idField->name = "Id";
$fields['Id'] = $idField;
}
$singleRecordFieldMap = convertFieldMapToArray($_POST, fieldsToNameArray($fields));
$anySet = false;
foreach ($fields as $field) {
if (isset($_POST[$field->name])) {
if (get_magic_quotes_gpc()) {
$_POST[$field->name] = stripslashes($_POST[$field->name]);
}
$anySet |= $_POST[$field->name] != "";
$singleRecordCsv[0][] = $field->name;
$singleRecordCsv[1][] = trim($_POST[$field->name]);
$singleRecordFieldMap[$field->name]["csvField"] = $field->name;
}
}
if (!$anySet) {
displayError("Must set a value for at least one field to {$action}.", true, true);
}
$_SESSION['csv_array'] = $singleRecordCsv;
$_SESSION['field_map'] = $singleRecordFieldMap;
}
if ($action == 'upsert' && (isset($_SESSION['_ext_id']) || isset($_POST['_ext_id']))) {
$extId = isset($_SESSION['_ext_id']) ? $_SESSION['_ext_id'] : $_POST['_ext_id'];
} else {
$extId = NULL;
}
if ($action == 'delete' && isset($_POST['doHardDelete']) && $_POST['doHardDelete']) {
$action = 'hardDelete';
}
if (isset($_POST['doAsync'])) {
putAsync($action, $extId, isset($_SESSION['field_map']) ? $_SESSION['field_map'] : null, isset($_SESSION['csv_array']) ? $_SESSION['csv_array'] : null, isset($_SESSION['tempZipFile']) ? $_SESSION['tempZipFile'] : null, isset($_POST['contentType']) ? $_POST['contentType'] : null);
} else {
require_once 'header.php';
$apiCall = $action == 'insert' ? 'create' : $action;
if ($action == "insert" || $action == "update" || $action == "upsert") {
putSync($apiCall, $extId, isset($_SESSION['field_map']) ? $_SESSION['field_map'] : null, isset($_SESSION['csv_array']) ? $_SESSION['csv_array'] : null, true);
} else {
putSyncIdOnly($action, isset($_SESSION['field_map']) ? $_SESSION['field_map'] : null, isset($_SESSION['csv_array']) ? $_SESSION['csv_array'] : null, true);
}
include_once 'footer.php';
}
unset($_SESSION['field_map'], $_SESSION['csv_array'], $_SESSION['_ext_id'], $_SESSION['file_tmp_name'], $_SESSION['tempZipFile']);
} else {
if (isset($_POST['action']) && $_POST['action'] == 'Map Fields') {
require_once 'header.php';
array_pop($_POST);
//remove header row
if (isset($_POST['_ext_id'])) {
$_SESSION['_ext_id'] = $_POST['_ext_id'];
$_POST['_ext_id'] = NULL;
}
if (requiresObject($action)) {
$fields = WorkbenchContext::get()->describeSObjects(WorkbenchContext::get()->getDefaultObject())->fields;
} else {
$idField = new stdClass();
$idField->name = "Id";
$fields['Id'] = $idField;
}
$fieldNames = fieldsToNameArray($fields);
$_SESSION['field_map'] = convertFieldMapToArray($_POST, $fieldNames);
confirmFieldMappings($confirmAction, $_SESSION['field_map'], isset($_SESSION['csv_array']) ? $_SESSION['csv_array'] : null, isset($_SESSION['_ext_id']) ? $_SESSION['_ext_id'] : null);
include_once 'footer.php';
} else {
if (isset($_REQUEST['sourceType']) && $_REQUEST['sourceType'] == "singleRecord") {
require_once 'header.php';
setFieldMappings($action, false);
include_once 'footer.php';
} else {
if (isset($_REQUEST['sourceType']) && $_REQUEST['sourceType'] == "file" && isset($_FILES['file'])) {
require_once 'header.php';
$validationResult = validateUploadedFile($_FILES['file']);
if ($validationResult === 0) {
$fileType = resolveFileType($_FILES['file']);
}
if ($validationResult || $fileType != "csv" && $fileType != "zip") {
displayError($validationResult);
} else {
if (requiresObject($action) && $_POST['default_object'] == "") {
displayError("Must select an object to {$action}.");
} else {
if ($fileType == "csv") {
$csvFileName = basename($_FILES['file']['name']);
$_SESSION['file_tmp_name'] = $_FILES['file']['tmp_name'];
$_SESSION['csv_array'] = convertCsvFileToArray($_SESSION['file_tmp_name']);
$csvArrayCount = count($_SESSION['csv_array']) - 1;
if (!$csvArrayCount) {
displayError("The file uploaded contains no records. Please try again.", false, true);
} else {
if ($csvArrayCount > WorkbenchConfig::get()->value("maxFileLengthRows")) {
displayError("The file uploaded contains more than " . WorkbenchConfig::get()->value("maxFileLengthRows") . " records. Please try again.", false, true);
}
}
$info = "The file {$csvFileName} was uploaded successfully and contains {$csvArrayCount} row";
if ($csvArrayCount !== 1) {
$info .= 's';
}
displayInfo($info);
print "<br/>";
setFieldMappings($action, $_SESSION['csv_array']);
} else {
if ($fileType == "zip") {
if (!supportsBulk($action)) {
displayError("ZIP-based " . $action . "s not supported.", false, true);
exit;
}
if (!WorkbenchContext::get()->isApiVersionAtLeast(20.0)) {
displayError("ZIP-based " . $action . "s not supported until API 20.0", false, true);
exit;
}
$_SESSION['tempZipFile'] = file_get_contents($_FILES['file']['tmp_name']);
displayInfo(array("Successfully staged " . ceil($_FILES["file"]["size"] / 1024) . " KB zip file " . $_FILES["file"]["name"] . " for {$action} via the Bulk API. ", "Note, custom field mappings are not available for ZIP-based requests."));
print "<br/>";
print "<form method='POST' action=''>" . getCsrfFormTag() . "<div class='instructions'>Choose the options below and confirm the {$action}:<p/></div>" . "<table border='0'>";
if ($action == 'upsert') {
print "<tr><td align='right'><label><strong>External Id:</strong> </label></td>" . "<td><select name='_ext_id'>\n";
foreach (WorkbenchContext::get()->describeSObjects($_POST['default_object'])->fields as $field) {
if ($field->idLookup) {
print " <option value='{$field->name}'";
if ($field->name == 'Id') {
print " selected='true'";
}
print ">{$field->name}</option>\n";
}
}
print "</select></td></tr>";
}
print "<tr><td align='right'><label><strong>Manifest Format:</strong> </label></td>" . "<td><select name='contentType'>\n" . "<option value='ZIP_CSV'>CSV</option>\n" . "<option value='ZIP_XML'>XML</option>\n" . "</select></td></tr>";
print "</table>";
displayBulkApiOptions($confirmAction, true);
print "<br/><p><input type='submit' name='action' value='{$confirmAction}' /></p>\n";
print "</form>\n";
} else {
throw new Exception("Illegal State");
}
}
}
}
include_once 'footer.php';
} else {
unset($_SESSION['field_map'], $_SESSION['csv_array'], $_SESSION['_ext_id'], $_SESSION['file_tmp_name'], $_SESSION['tempZipFile']);
displayUploadFileWithObjectSelectionForm($action);
}
}
}
}
}
$objQuestion->updateDifficulty($difficulty);
$objQuestion->updateCategory($category);
//If grade field set (only in Free text questions)
if (isset($questionGrade)) {
$objQuestion->updateWeighting($questionGrade);
}
(isset($exerciseId)) ? $objQuestion->save($exerciseId) : $objQuestion->save();
$questionId = $objQuestion->selectId();
// upload or delete picture
if (isset($_POST['deletePicture'])) {
$objQuestion->removePicture();
} elseif (isset($_FILES['imageUpload']) && is_uploaded_file($_FILES['imageUpload']['tmp_name'])) {
require_once 'include/lib/fileUploadLib.inc.php';
validateUploadedFile($_FILES['imageUpload']['name'], 2);
$type = $_FILES['imageUpload']['type'];
if (!$objQuestion->uploadPicture($_FILES['imageUpload']['tmp_name'], $type)) {
$tool_content .= "<div class='alert alert-danger'>$langInvalidPicture</div>";
}
}
if (isset($exerciseId)) {
// adds the question ID into the question list of the Exercise object
if ($objExercise->addToList($questionId)) {
$objExercise->save();
$nbrQuestions++;
}
}
//if the answer type is free text (which means doesn't have predefined answers)
//redirects to either pool or edit exercise page
$retrieveAsyncResults = WorkbenchContext::get()->getMetadataConnection()->retrieve($_SESSION[$retrieveRequestId]);
if (!isset($retrieveAsyncResults->id)) {
throw new Exception("Unknown retrieval error.\n" . isset($retrieveAsyncResults->message) ? $retrieveAsyncResults->message : "");
}
unset($_SESSION[$retrieveRequestId]);
header("Location: metadataStatus.php?asyncProcessId=" . $retrieveAsyncResults->id . "&op=R");
} else {
if (isset($_POST['stageForRetrieval'])) {
if (isset($_FILES["packageXmlFile"]["name"]) && $_FILES["packageXmlFile"]["name"] == "" && isset($_POST['packageNames']) && $_POST['packageNames'] == "") {
throw new WorkbenchHandledException("Must specify at least an unpackaged manifest file or a package name.");
}
$retrieveRequest = new RetrieveRequest();
$retrieveRequest->apiVersion = WorkbenchContext::get()->getApiVersion();
$retrieveRequest->singlePackage = isset($_POST['singlePackage']);
if (isset($_FILES["packageXmlFile"]["name"]) && $_FILES["packageXmlFile"]["name"] != "") {
$validationErrors = validateUploadedFile($_FILES["packageXmlFile"]);
if ($validationErrors) {
throw new WorkbenchHandledException($validationErrors);
}
if (!endsWith($_FILES["packageXmlFile"]["name"], ".xml", true)) {
throw new WorkbenchHandledException("The file uploaded is not a valid XML file. Please try again.");
}
$retrieveRequest->unpackaged = parseUnpackagedManifest($_FILES["packageXmlFile"]["tmp_name"]);
}
if (isset($_POST['packageNames']) && $_POST['packageNames'] != "") {
$encodedPackageNames = array();
foreach (explodeCommaSeparated(htmlspecialchars($_POST['packageNames'])) as $p) {
if ($p == "unpackaged") {
throw new WorkbenchHandledException("Cannot retrieve a package named 'unpackaged' -- to retrieve metadata not in a package, upload an unpackaged manifest file (i.e. 'package.xml').");
}
$encodedPackageNames[] = urlencode($p);
function edit_assignment($id)
{
global $tool_content, $langBackAssignment, $langEditSuccess, $m, $langTheField, $langEditError, $course_code, $works_url, $course_id, $uid, $workPath, $langFormErrors;
$v = new Valitron\Validator($_POST);
$v->rule('required', array('title', 'max_grade'));
$v->rule('numeric', array('max_grade'));
$v->labels(array('title' => "{$langTheField} {$m['title']}", 'max_grade' => "{$langTheField} {$m['max_grade']}"));
if ($v->validate()) {
$row = Database::get()->querySingle("SELECT * FROM assignment WHERE id = ?d", $id);
$title = $_POST['title'];
$desc = purify($_POST['desc']);
$deadline = trim($_POST['WorkEnd']) == FALSE ? '0000-00-00 00:00' : date('Y-m-d H:i', strtotime($_POST['WorkEnd']));
$late_submission = isset($_POST['late_submission']) && trim($_POST['WorkEnd']) != FALSE ? 1 : 0;
$group_submissions = $_POST['group_submissions'];
$max_grade = filter_input(INPUT_POST, 'max_grade', FILTER_VALIDATE_FLOAT);
$assign_to_specific = filter_input(INPUT_POST, 'assign_to_specific', FILTER_VALIDATE_INT);
$assigned_to = filter_input(INPUT_POST, 'ingroup', FILTER_VALIDATE_INT, FILTER_REQUIRE_ARRAY);
$auto_judge = filter_input(INPUT_POST, 'auto_judge', FILTER_VALIDATE_INT);
$auto_judge_scenarios = serialize($_POST['auto_judge_scenarios']);
$lang = filter_input(INPUT_POST, 'lang');
if ($assign_to_specific == 1 && empty($assigned_to)) {
$assign_to_specific = 0;
}
if (!isset($_POST['comments'])) {
$comments = '';
} else {
$comments = purify($_POST['comments']);
}
if (!isset($_FILES) || !$_FILES['userfile']['size']) {
$_FILES['userfile']['name'] = '';
$_FILES['userfile']['tmp_name'] = '';
$filename = $row->file_path;
$file_name = $row->file_name;
} else {
validateUploadedFile($_FILES['userfile']['name'], 2);
if (preg_match('/\\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|' . 'inf|ins|isp|jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|' . 'shb|url|vbe|vbs|wsc|wsf|wsh)$/', $_FILES['userfile']['name'])) {
$tool_content .= "<p class=\"caution\">{$langUnwantedFiletype}: {$_FILES['userfile']['name']}<br />";
$tool_content .= "<a href=\"{$_SERVER['SCRIPT_NAME']}?course={$course_code}&id={$id}\">{$langBack}</a></p><br />";
return;
}
$local_name = uid_to_name($uid);
$am = Database::get()->querySingle("SELECT am FROM user WHERE id = ?d", $uid)->am;
if (!empty($am)) {
$local_name .= $am;
}
$local_name = greek_to_latin($local_name);
$local_name = replace_dangerous_char($local_name);
$secret = $row->secret_directory;
$ext = get_file_extension($_FILES['userfile']['name']);
$filename = "{$secret}/{$local_name}" . (empty($ext) ? '' : '.' . $ext);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], "{$workPath}/admin_files/{$filename}")) {
@chmod("{$workPath}/admin_files/{$filename}", 0644);
$file_name = $_FILES['userfile']['name'];
}
}
Database::get()->query("UPDATE assignment SET title = ?s, description = ?s, deadline = ?t, late_submission = ?d, comments = ?s,\n group_submissions = ?d, max_grade = ?d, assign_to_specific = ?d, file_path = ?s, file_name = ?s,\n auto_judge = ?d, auto_judge_scenarios = ?s, lang = ?s WHERE course_id = ?d AND id = ?d", $title, $desc, $deadline, $late_submission, $comments, $group_submissions, $max_grade, $assign_to_specific, $filename, $file_name, $auto_judge, $auto_judge_scenarios, $lang, $course_id, $id);
Database::get()->query("DELETE FROM assignment_to_specific WHERE assignment_id = ?d", $id);
if ($assign_to_specific && !empty($assigned_to)) {
if ($group_submissions == 1) {
$column = 'group_id';
$other_column = 'user_id';
} else {
$column = 'user_id';
$other_column = 'group_id';
}
foreach ($assigned_to as $assignee_id) {
Database::get()->query("INSERT INTO assignment_to_specific ({$column}, {$other_column}, assignment_id) VALUES (?d, ?d, ?d)", $assignee_id, 0, $id);
}
}
Log::record($course_id, MODULE_ID_ASSIGN, LOG_MODIFY, array('id' => $id, 'title' => $title, 'description' => $desc, 'deadline' => $deadline, 'group' => $group_submissions));
\Session::Messages($langEditSuccess, 'alert-success');
redirect_to_home_page("modules/work/index.php?course={$course_code}");
} else {
// $new_or_modify = isset($_GET['NewExercise']) ? "&NewExercise=Yes" : "&exerciseId=$_GET[exerciseId]&modifyExercise=yes";
Session::flashPost()->Messages($langFormErrors)->Errors($v->errors());
redirect_to_home_page("modules/work/index.php?course={$course_code}&id={$id}&choice=edit");
}
}
require_once '../../include/baseTheme.php';
require_once 'modules/units/functions.php';
require_once 'include/lib/fileUploadLib.inc.php';
$pageName = $langEditCourseProgram;
$navigation[] = array('url' => 'index.php?course=' . $course_code, 'name' => $langCourseProgram);
$course = Database::get()->querySingle('SELECT description, home_layout, course_image FROM course WHERE id = ?d', $course_id);
if (isset($_GET['delete_image'])) {
Database::get()->query("UPDATE course SET course_image = NULL WHERE id = ?d", $course_id);
unlink("{$webDir}/courses/{$course_code}/image/{$course->course_image}");
redirect_to_home_page('modules/course_home/editdesc.php');
} elseif (isset($_POST['submit'])) {
$db_vars = array(purify($_POST['description']), $_POST['layout']);
$extra_sql = '';
if (isset($_FILES['course_image']) && is_uploaded_file($_FILES['course_image']['tmp_name'])) {
$file_name = $_FILES['course_image']['name'];
validateUploadedFile($file_name, 2);
$i = 0;
while (is_file("{$webDir}/courses/{$course_code}/image/{$file_name}")) {
$i++;
$name = pathinfo($file_name, PATHINFO_FILENAME);
$ext = get_file_extension($file_name);
$file_name = "{$name}-{$i}.{$ext}";
}
move_uploaded_file($_FILES['course_image']['tmp_name'], "{$webDir}/courses/{$course_code}/image/{$file_name}");
$extra_sql = ", course_image = ?s";
array_push($db_vars, $file_name);
}
array_push($db_vars, $course_id);
Database::get()->query("UPDATE course SET description = ?s, home_layout = ?d{$extra_sql} WHERE id = ?d", $db_vars);
// update index
require_once 'modules/search/indexer.class.php';
function upload_images()
{
global $webDir, $theme;
if (isset($_FILES['imageUpload']) && is_uploaded_file($_FILES['imageUpload']['tmp_name'])) {
$file_name = $_FILES['imageUpload']['name'];
validateUploadedFile($file_name, 2);
$i = 0;
while (is_file("{$webDir}/template/{$theme}/img/{$file_name}")) {
$i++;
$name = pathinfo($file_name, PATHINFO_FILENAME);
$ext = get_file_extension($file_name);
$file_name = "{$name}-{$i}.{$ext}";
}
move_uploaded_file($_FILES['imageUpload']['tmp_name'], "{$webDir}/template/{$theme}/img/{$file_name}");
$_POST['custom_logo'] = $file_name;
}
if (isset($_FILES['imageUploadSmall']) && is_uploaded_file($_FILES['imageUploadSmall']['tmp_name'])) {
$file_name = $_FILES['imageUploadSmall']['name'];
validateUploadedFile($file_name, 2);
$i = 0;
while (is_file("{$webDir}/template/{$theme}/img/{$file_name}")) {
$i++;
$name = pathinfo($file_name, PATHINFO_FILENAME);
$ext = get_file_extension($file_name);
$file_name = "{$name}-{$i}.{$ext}";
}
move_uploaded_file($_FILES['imageUploadSmall']['tmp_name'], "{$webDir}/template/{$theme}/img/{$file_name}");
$_POST['custom_logo_small'] = $file_name;
}
if (isset($_FILES['bgImage']) && is_uploaded_file($_FILES['bgImage']['tmp_name'])) {
$file_name = $_FILES['bgImage']['name'];
validateUploadedFile($file_name, 2);
$i = 0;
while (is_file("{$webDir}/template/{$theme}/img/{$file_name}")) {
$i++;
$name = pathinfo($file_name, PATHINFO_FILENAME);
$ext = get_file_extension($file_name);
$file_name = "{$name}-{$i}.{$ext}";
}
move_uploaded_file($_FILES['bgImage']['tmp_name'], "{$webDir}/template/{$theme}/img/{$file_name}");
$_POST['bgImage'] = $file_name;
}
if (isset($_FILES['loginImg']) && is_uploaded_file($_FILES['loginImg']['tmp_name'])) {
$file_name = $_FILES['loginImg']['name'];
validateUploadedFile($file_name, 2);
$i = 0;
while (is_file("{$webDir}/template/{$theme}/img/{$file_name}")) {
$i++;
$name = pathinfo($file_name, PATHINFO_FILENAME);
$ext = get_file_extension($file_name);
$file_name = "{$name}-{$i}.{$ext}";
}
move_uploaded_file($_FILES['loginImg']['tmp_name'], "{$webDir}/template/{$theme}/img/{$file_name}");
$_POST['loginImg'] = $file_name;
}
}
function upload_images($new_theme_id = null) {
global $webDir, $theme, $theme_id;
if (isset($new_theme_id)) $theme_id = $new_theme_id;
if(!is_dir("$webDir/courses/theme_data/$theme_id")) {
mkdir("$webDir/courses/theme_data/$theme_id", 0755);
}
$images = array('bgImage','imageUpload','imageUploadSmall','loginImg');
foreach($images as $image) {
if (isset($_FILES[$image]) && is_uploaded_file($_FILES[$image]['tmp_name'])) {
$file_name = $_FILES[$image]['name'];
validateUploadedFile($file_name, 2);
$i=0;
while (is_file("$webDir/courses/theme_data/$theme_id/$file_name")) {
$i++;
$name = pathinfo($file_name, PATHINFO_FILENAME);
$ext = get_file_extension($file_name);
$file_name = "$name-$i.$ext";
}
$file_name = php2phps($file_name);
move_uploaded_file($_FILES[$image]['tmp_name'], "$webDir/courses/theme_data/$theme_id/$file_name");
$_POST[$image] = $file_name;
}
}
}
function submit_work($id, $on_behalf_of = null) {
global $course_id, $uid, $langOnBehalfOfGroupComment,
$works_url, $langOnBehalfOfUserComment, $workPath,
$langUploadSuccess, $langUploadError, $course_code,
$langAutoJudgeEmptyFile, $langAutoJudgeInvalidFileType,
$langAutoJudgeScenariosPassed;
$connector = AutojudgeApp::getAutojudge();
$langExt = $connector->getSupportedLanguages();
$row = Database::get()->querySingle("SELECT id, title, group_submissions, submission_type,
deadline, late_submission, CAST(UNIX_TIMESTAMP(deadline)-UNIX_TIMESTAMP(NOW()) AS SIGNED) AS time,
auto_judge, auto_judge_scenarios, lang, max_grade
FROM assignment
WHERE course_id = ?d AND id = ?d",
$course_id, $id);
$auto_judge = $row->auto_judge;
$auto_judge_scenarios = ($auto_judge == true) ? unserialize($row->auto_judge_scenarios) : null;
$lang = $row->lang;
$max_grade = $row->max_grade;
$nav[] = $works_url;
$nav[] = array('url' => "$_SERVER[SCRIPT_NAME]?id=$id", 'name' => q($row->title));
$submit_ok = FALSE; // Default do not allow submission
if (isset($uid) && $uid) { // check if logged-in
if ($GLOBALS['status'] == USER_GUEST) { // user is guest
$submit_ok = FALSE;
} else { // user NOT guest
if (isset($_SESSION['courses']) && isset($_SESSION['courses'][$_SESSION['dbname']])) {
// user is registered to this lesson
if (($row->time < 0 && (int) $row->deadline && !$row->late_submission) and !$on_behalf_of) {
$submit_ok = FALSE; // after assignment deadline
} else {
$submit_ok = TRUE; // before deadline
}
} else {
//user NOT registered to this lesson
$submit_ok = FALSE;
}
}
} //checks for submission validity end here
if ($submit_ok) {
$success_msgs = array();
$error_msgs = array();
//Preparing variables
$user_id = isset($on_behalf_of) ? $on_behalf_of : $uid;
if ($row->group_submissions) {
$group_id = isset($_POST['group_id']) ? intval($_POST['group_id']) : -1;
$gids = user_group_info($on_behalf_of ? null : $user_id, $course_id);
} else {
$group_id = 0;
}
// If submission type is Online Text
if($row->submission_type){
$filename = '';
$file_name = '';
$success_msgs[] = $langUploadSuccess;
} else { // If submission type is File
if ($row->group_submissions) {
$local_name = isset($gids[$group_id]) ? greek_to_latin($gids[$group_id]) : '';
} else {
$student_name = trim(uid_to_name($user_id));
$local_name = !empty($student_name)? $student_name : uid_to_name($user_id, 'username');
$am = Database::get()->querySingle("SELECT am FROM user WHERE id = ?d", $user_id)->am;
if (!empty($am)) {
$local_name .= $am;
}
$local_name = greek_to_latin($local_name);
}
$local_name = replace_dangerous_char($local_name);
if (isset($on_behalf_of) and !isset($_FILES)) {
$_FILES['userfile']['name'] = '';
$_FILES['userfile']['tmp_name'] = '';
$no_files = true;
} else {
$no_files = false;
}
$file_name = $_FILES['userfile']['name'];
validateUploadedFile($file_name, 2);
$secret = work_secret($row->id);
$ext = get_file_extension($file_name);
$filename = "$secret/$local_name" . (empty($ext) ? '' : '.' . $ext);
if ($no_files or move_uploaded_file($_FILES['userfile']['tmp_name'], "$workPath/$filename")) {
if ($no_files) {
$filename = '';
} else {
@chmod("$workPath/$filename", 0644);
}
$success_msgs[] = $langUploadSuccess;
} else {
$error_msgs[] = $langUploadError;
Session::Messages($error_msgs, 'alert-danger');
redirect_to_home_page("modules/work/index.php?course=$course_code&id=$id");
}
}
$submit_ip = $_SERVER['REMOTE_ADDR'];
$submission_text = isset($_POST['submission_text']) ? purify($_POST['submission_text']) : NULL;
if (isset($on_behalf_of)) {
if ($row->group_submissions) {
$stud_comments = sprintf($langOnBehalfOfGroupComment, uid_to_name($uid), $gids[$group_id]);
} else {
$stud_comments = sprintf($langOnBehalfOfUserComment, uid_to_name($uid), uid_to_name($user_id));
}
$grade_comments = $_POST['stud_comments'];
$grade_valid = filter_input(INPUT_POST, 'grade', FILTER_VALIDATE_FLOAT);
(isset($_POST['grade']) && $grade_valid!== false) ? $grade = $grade_valid : $grade = NULL;
$grade_ip = $submit_ip;
} else {
if ($row->group_submissions) {
if (array_key_exists($group_id, $gids)) {
$del_submission_msg = delete_submissions_by_uid(-1, $group_id, $row->id);
if (!empty($del_submission_msg)) {
$success_msgs[] = $del_submission_msg;
}
}
} else {
$del_submission_msg = delete_submissions_by_uid($user_id, -1, $row->id);
if (!empty($del_submission_msg)) {
$success_msgs[] = $del_submission_msg;
}
}
$stud_comments = $_POST['stud_comments'];
$grade = NULL;
$grade_comments = $grade_ip = "";
}
if (!$row->group_submissions || array_key_exists($group_id, $gids)) {
$data = array(
$user_id,
$row->id,
$submit_ip,
$filename,
$file_name,
$submission_text,
$stud_comments,
$grade,
$grade_comments,
$grade_ip,
$group_id
);
$sid = Database::get()->query("INSERT INTO assignment_submit
(uid, assignment_id, submission_date, submission_ip, file_path,
file_name, submission_text, comments, grade, grade_comments, grade_submission_ip,
grade_submission_date, group_id)
VALUES (?d, ?d, NOW(), ?s, ?s, ?s, ?s, ?s, ?f, ?s, ?s, NOW(), ?d)", $data)->lastInsertID;
Log::record($course_id, MODULE_ID_ASSIGN, LOG_INSERT, array('id' => $sid,
'title' => $row->title,
'assignment_id' => $row->id,
'filepath' => $filename,
'filename' => $file_name,
'comments' => $stud_comments,
'group_id' => $group_id));
if ($row->group_submissions) {
$group_id = Database::get()->querySingle("SELECT group_id FROM assignment_submit WHERE id = ?d", $sid)->group_id;
$user_ids = Database::get()->queryArray("SELECT user_id FROM group_members WHERE group_id = ?d", $group_id);
foreach ($user_ids as $user_id) {
update_attendance_book($user_id, $row->id, GRADEBOOK_ACTIVITY_ASSIGNMENT);
update_gradebook_book($user_id, $row->id, $grade/$row->max_grade, GRADEBOOK_ACTIVITY_ASSIGNMENT);
}
} else {
$quserid = Database::get()->querySingle("SELECT uid FROM assignment_submit WHERE id = ?d", $sid)->uid;
// update attendance book as well
update_attendance_book($quserid, $row->id, GRADEBOOK_ACTIVITY_ASSIGNMENT);
//update gradebook if needed
update_gradebook_book($quserid, $id, $grade/$row->max_grade, GRADEBOOK_ACTIVITY_ASSIGNMENT);
}
if ($on_behalf_of and isset($_POST['email'])) {
$email_grade = $_POST['grade'];
$email_comments = "\n$auto_comments\n\n" . $_POST['stud_comments'];
grade_email_notify($row->id, $sid, $email_grade, $email_comments);
}
}
// Auto-judge: Send file to hackearth
if(AutojudgeApp::getAutojudge()->isEnabled()) {
if ($auto_judge && $ext === $langExt[$lang]) {
$content = file_get_contents("$workPath/$filename");
// Run each scenario and count how many passed
$auto_judge_scenarios_output = array(
array(
'student_output'=> '',
'passed'=> 0,
)
);
$passed = 0;
$i = 0;
$partial = 0;
$errorsComment = '';
$weight_sum = 0;
foreach($auto_judge_scenarios as $curScenario) {
$input = new AutoJudgeConnectorInput();
$input->input = $curScenario['input'];
$input->code = $content;
$input->lang = $lang;
$result = $connector->compile($input);
// Check if we have compilation errors.
if ($result->compileStatus !== $result::COMPILE_STATUS_OK) {
// Write down the error message.
$num = $i+1;
$errorsComment = $result->compileStatus." ".$result->output."<br />";
$auto_judge_scenarios_output[$i]['passed'] = 0;
} else {
// Get all needed values to run the assertion.
$auto_judge_scenarios_output[$i]['student_output'] = $result->output;
$scenarioOutputExpectation = trim($curScenario['output']);
$scenarionAssertion = $curScenario['assertion'];
// Do it now.
$assertionResult = doScenarioAssertion(
$scenarionAssertion,
$auto_judge_scenarios_output[$i]['student_output'],
$scenarioOutputExpectation
);
// Check if assertion passed.
if ($assertionResult) {
$passed++;
$auto_judge_scenarios_output[$i]['passed'] = 1;
$partial += $curScenario['weight'];
} else {
$num = $i+1;
$auto_judge_scenarios_output[$i]['passed'] = 0;
}
}
$weight_sum += $curScenario['weight'];
$i++;
}
// 3 decimal digits precision
$grade = round($partial / $weight_sum * $max_grade, 3);
// allow an error of 0.001
if($max_grade - $grade <= 0.001)
$grade = $max_grade;
// Add the output as a comment
$comment = $langAutoJudgeScenariosPassed.': '.$passed.'/'.count($auto_judge_scenarios);
rtrim($errorsComment, '<br />');
if ($errorsComment !== '') {
$comment .= '<br /><br />'.$errorsComment;
}
submit_grade_comments(array(
'assignment' => $id,
'submission' => $sid,
'grade' => $grade,
'comments' => $comment,
'email' => false,
'auto_judge_scenarios_output' => $auto_judge_scenarios_output,
'preventUiAlterations' => true,
));
} else if ($auto_judge && $ext !== $langExt[$lang]) {
if($lang == null) { die('Auto Judge is enabled but no language is selected'); }
if($langExt[$lang] == null) { die('An unsupported language was selected. Perhaps platform-wide auto judge settings have been changed?'); }
submit_grade_comments($id, $sid, 0, sprintf($langAutoJudgeInvalidFileType, $langExt[$lang], $ext), false, null, true);
}
}
// End Auto-judge
Session::Messages($success_msgs, 'alert-success');
redirect_to_home_page("modules/work/index.php?course=$course_code&id=$id");
} else { // not submit_ok
Session::Messages($langExerciseNotPermit);
redirect_to_home_page("modules/work/index.php?course=$course_code");
}
}
if (isset($_POST['message_title']) and $_POST['message_title'] != '') {
$subject = $_POST['message_title'];
} else {
$subject = $langMessage;
}
$msg = new Msg($uid, $cid, $subject, $_POST['body'], $recipients, $filename, $real_filename, $filesize);
} else {
$cwd = getcwd();
if (is_dir($dropbox_dir)) {
$dropbox_space = dir_total_space($dropbox_dir);
}
$filename = php2phps($_FILES['file']['name']);
$filesize = $_FILES['file']['size'];
$filetype = $_FILES['file']['type'];
$filetmpname = $_FILES['file']['tmp_name'];
validateUploadedFile($_FILES['file']['name'], 1);
if ($filesize + $dropbox_space > $diskQuotaDropbox) {
$errormsg = $langNoSpace;
$error = TRUE;
} elseif (!is_uploaded_file($filetmpname)) {
// check user found : no clean error msg
die($langBadFormData);
}
// set title
if (isset($_POST['message_title']) and $_POST['message_title'] != '') {
$subject = $_POST['message_title'];
} else {
$subject = $langMessage;
}
$format = get_file_extension($filename);
$real_filename = $filename;
Database::get()->query("UPDATE user SET lang = ?s WHERE id = ?d", $langcode, $uid);
$all_ok = register_posted_variables(array('am_form' => get_config('am_required') and $myrow->status != 1, 'desc_form' => false, 'phone_form' => false, 'email_form' => get_config('email_required'), 'surname_form' => !$is_admin, 'givenname_form' => true, 'username_form' => true, 'email_public' => false, 'phone_public' => false, 'am_public' => false), 'all');
$departments = null;
if (!get_config('restrict_owndep')) {
if (!isset($_POST['department']) and !$is_admin) {
$all_ok = false;
} else {
$departments = $_POST['department'];
}
}
$email_public = valid_access($email_public);
$phone_public = valid_access($phone_public);
$am_public = valid_access($am_public);
// upload user picture
if (isset($_FILES['userimage']) && is_uploaded_file($_FILES['userimage']['tmp_name'])) {
validateUploadedFile($_FILES['userimage']['name'], 1);
$type = $_FILES['userimage']['type'];
$image_file = $_FILES['userimage']['tmp_name'];
if (!copy_resized_image($image_file, $type, IMAGESIZE_LARGE, IMAGESIZE_LARGE, $image_path . '_' . IMAGESIZE_LARGE . '.jpg')) {
Session::Messages($langInvalidPicture);
redirect_to_home_page("main/profile/profile.php");
}
if (!copy_resized_image($image_file, $type, IMAGESIZE_SMALL, IMAGESIZE_SMALL, $image_path . '_' . IMAGESIZE_SMALL . '.jpg')) {
Session::Messages($langInvalidPicture);
redirect_to_home_page("main/profile/profile.php");
}
Database::get()->query("UPDATE user SET has_icon = 1 WHERE id = ?d", $_SESSION['uid']);
Log::record(0, 0, LOG_PROFILE, array('uid' => intval($_SESSION['uid']), 'addimage' => 1, 'imagetype' => $type));
}
// check if email is valid
if (get_config('email_required') | get_config('email_verification_required') and !email_seems_valid($email_form)) {
} else { // add video
if (isset($_POST['fileCloudInfo'])) { // upload cloud file
$cloudfile = CloudFile::fromJSON($_POST['fileCloudInfo']);
$file_name = $cloudfile->name();
} else if (isset($_FILES['userFile']) && is_uploaded_file($_FILES['userFile']['tmp_name'])) { // upload local file
$file_name = $_FILES['userFile']['name'];
if ($diskUsed + @$_FILES['userFile']['size'] > $diskQuotaVideo) {
$tool_content .= "<div class='alert alert-danger'>$langNoSpace<br>
<a href='$_SERVER[SCRIPT_NAME]?course=$course_code'>$langBack</a></div><br>";
draw($tool_content, $menuTypeID, null, $head_content);
exit;
} else {
$tmpfile = $_FILES['userFile']['tmp_name'];
}
}
validateUploadedFile($file_name, $menuTypeID);
// convert php file in phps to protect the platform against malicious codes
$file_name = php2phps($file_name);
$file_name = str_replace(" ", "%20", $file_name);
$file_name = str_replace("%20", "", $file_name);
$file_name = str_replace("\'", "", $file_name);
$uploaded = true;
if ($uploaded) {
$safe_filename = sprintf('%x', time()) . randomkeys(16) . "." . get_file_extension($file_name);
if (isset($cloudfile)) {
$iscopy = ($cloudfile->storeToLocalFile("$updir/$safe_filename") == CloudDriveResponse::OK);
} else {
$iscopy = copy("$tmpfile", "$updir/$safe_filename");
}
if (!$iscopy) {
$tool_content .= "<div class='alert alert-success'>$langFileNot<br>
<legend>" . $langFileSent . "</legend>
<table class='table-default'>
<tr><th width='150'>$langFileSentName</td><td>" . q($_FILES['archiveZipped']['name']) . "</th></tr>
<tr><th>$langFileSentSize</td><td>" . q($_FILES['archiveZipped']['size']) . "</th></tr>
<tr><th>$langFileSentType</td><td>" . q($_FILES['archiveZipped']['type']) . "</th></tr>
<tr><th>$langFileSentTName</td><td>" . q($_FILES['archiveZipped']['tmp_name']) . "</th></tr>
</table></fieldset>
<fieldset>
<legend>" . $langFileUnzipping . "</legend>
<table class='table-default'>
<tr><td>" . unpack_zip_show_files($_FILES['archiveZipped']['tmp_name']) . "</td></tr>
</table></fieldset>";
} elseif (isset($_POST['send_path']) and isset($_POST['pathToArchive'])) {
if (!isset($_POST['token']) || !validate_csrf_token($_POST['token'])) csrf_token_error();
$pathToArchive = $_POST['pathToArchive'];
validateUploadedFile(basename($pathToArchive), 3);
if (get_file_extension($pathToArchive) !== 'zip') {
$tool_content .= "<div class='alert alert-danger'>" . $langErrorFileMustBeZip . "</div>";
} else if (file_exists($pathToArchive)) {
$tool_content .= "<fieldset>
<legend>" . $langFileUnzipping . "</legend>
<table class='table-default'>";
$tool_content .= "<tr><td>" . unpack_zip_show_files($pathToArchive) . "</td></tr>";
$tool_content .= "</table></fieldset>";
} else {
$tool_content .= "<div class='alert alert-danger'>$langFileNotFound</div>";
}
} elseif (isset($_POST['create_restored_course'])) {
if (!isset($_POST['token']) || !validate_csrf_token($_POST['token'])) csrf_token_error();
register_posted_variables(array('restoreThis' => true,
'course_code' => true,
