/**
* @param int $eventId
* @param array $settings = array('comment' => $comment, 'file' => $file
* @return bool
*/
private function addAttachment($eventId, $settings)
{
$table = Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
if (!isset($settings['file'])) {
return false;
}
$file = $settings['file'];
if (!empty($file['name'])) {
$upload_ok = FileManager::process_uploaded_file($file);
}
$_course = api_get_course_info();
if (!empty($upload_ok)) {
$courseDir = $_course['path'] . '/upload/calendar';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = FileManager::add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
// user's file name
$file_name = $_FILES['user_upload']['name'];
if (!FileManager::filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = move_uploaded_file($file['tmp_name'], $new_path);
$safe_file_comment = Database::escape_string($settings['comment']);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$course_id = api_get_course_int_id();
// Storing the attachments if any
if ($result) {
$sql = 'INSERT INTO ' . $table . '(c_id, filename,comment, path,agenda_id,size) ' . "VALUES ({$course_id}, '" . $safe_file_name . "', '" . $safe_file_comment . "', '" . $safe_new_file_name . "' , '" . $eventId . "', '" . intval($file['size']) . "' )";
Database::query($sql);
$last_id_file = Database::insert_id();
api_item_property_update($_course, 'calendar_event_attachment', $last_id_file, 'AgendaAttachmentAdded', api_get_user_id());
}
}
}
}
/**
* Uploads an author image to the upload/learning_path/images directory
* @param array The image array, coming from the $_FILES superglobal
* @return boolean True on success, false on error
*/
public function upload_image($image_array)
{
$image_moved = false;
if (!empty($image_array['name'])) {
$upload_ok = FileManager::process_uploaded_file($image_array);
$has_attachment = true;
} else {
$image_moved = true;
}
if ($upload_ok) {
if ($has_attachment) {
$courseDir = api_get_course_path() . '/upload/learning_path/images';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one.
$new_file_name = FileManager::add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']);
if (!FileManager::filter_extension($new_file_name)) {
//Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
$image_moved = false;
} else {
$file_extension = explode('.', $image_array['name']);
$file_extension = strtolower($file_extension[sizeof($file_extension) - 1]);
$filename = uniqid('');
$new_file_name = $filename . '.' . $file_extension;
$new_path = $updir . '/' . $new_file_name;
// Resize the image.
$temp = new Image($image_array['tmp_name']);
$picture_infos = $temp->get_image_info();
if ($picture_infos['width'] > 104) {
$thumbwidth = 104;
} else {
$thumbwidth = $picture_infos['width'];
}
if ($picture_infos['height'] > 96) {
$new_height = 96;
} else {
$new_height = $picture_infos['height'];
}
$temp->resize($thumbwidth, $new_height, 0);
$result = $temp->send_image($new_path);
// Storing the image filename.
if ($result) {
$image_moved = true;
$this->set_preview_image($new_file_name);
//Resize to 64px to use on course homepage
$temp->resize(64, 64, 0);
$temp->send_image($updir . '/' . $filename . '.64.' . $file_extension);
return true;
}
}
}
}
return false;
}
/**
* Creates a comment on a post in a given blog
* @author Toon Keppens
* @param String $title
* @param String $full_text
* @param Integer $blog_id
* @param Integer $post_id
* @param Integer $parent_id
*/
public static function create_comment($title, $full_text, $file_comment, $blog_id, $post_id, $parent_id, $task_id = 'NULL')
{
$_course = api_get_course_info();
$userId = api_get_user_id();
global $blog_table_attachment;
$upload_ok = true;
$has_attachment = false;
$current_date = date('Y-m-d H:i:s', time());
$course_id = api_get_course_int_id();
if (!empty($_FILES['user_upload']['name'])) {
$upload_ok = FileManager::process_uploaded_file($_FILES['user_upload']);
$has_attachment = true;
}
if ($upload_ok) {
// Table Definition
$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
// Create the comment
$sql = "INSERT INTO {$tbl_blogs_comments} (c_id, title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id )\n\t\t\t\t\tVALUES ({$course_id}, '" . Database::escape_string($title) . "', '" . Database::escape_string($full_text) . "', '" . $userId . "','" . $current_date . "', '" . (int) $blog_id . "', '" . (int) $post_id . "', '" . (int) $parent_id . "', '" . (int) $task_id . "')";
Database::query($sql);
// Empty post values, or they are shown on the page again
$_POST['comment_title'] = "";
$_POST['comment_text'] = "";
$last_id = Database::insert_id();
if ($has_attachment) {
$courseDir = $_course['path'] . '/upload/blog';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = FileManager::add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
// user's file name
$file_name = $_FILES['user_upload']['name'];
if (!FileManager::filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
$comment = Database::escape_string($file_comment);
// Storing the attachments if any
if ($result) {
$sql = 'INSERT INTO ' . $blog_table_attachment . '(c_id, filename,comment, path, post_id,size,blog_id,comment_id) ' . "VALUES ({$course_id}, '" . Database::escape_string($file_name) . "', '" . Database::escape_string($comment) . "', '" . Database::escape_string($new_file_name) . "' , '" . $post_id . "', '" . $_FILES['user_upload']['size'] . "', '" . $blog_id . "', '" . $last_id . "' )";
$result = Database::query($sql);
$message .= ' / ' . get_lang('AttachmentUpload');
}
}
}
}
}
/**
* @return array|null|string
*/
function store_add_dropbox()
{
$_course = api_get_course_info();
$_user = api_get_user_info();
$dropbox_cnf = getDropboxConf();
// Validating the form data
// there are no recipients selected
if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
return get_lang('YouMustSelectAtLeastOneDestinee');
} else {
// Check if all the recipients are valid
$thisIsAMailing = false;
$thisIsJustUpload = false;
foreach ($_POST['recipients'] as $rec) {
if ($rec == 'mailing') {
$thisIsAMailing = true;
} elseif ($rec == 'upload') {
$thisIsJustUpload = true;
} elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
return get_lang('InvalideUserDetected');
} elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
return get_lang('InvalideGroupDetected');
}
}
}
// we are doing a mailing but an additional recipient is selected
if ($thisIsAMailing && count($_POST['recipients']) != 1) {
return get_lang('MailingSelectNoOther');
}
// we are doing a just upload but an additional recipient is selected.
// note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails)
if ($thisIsJustUpload && count($_POST['recipients']) != 1) {
return get_lang('MailingJustUploadSelectNoOther');
}
if (empty($_FILES['file']['name'])) {
$error = true;
return get_lang('NoFileSpecified');
}
// are we overwriting a previous file or sending a new one
$dropbox_overwrite = false;
if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) {
$dropbox_overwrite = true;
}
// doing the upload
$dropbox_filename = $_FILES['file']['name'];
$dropbox_filesize = $_FILES['file']['size'];
$dropbox_filetype = $_FILES['file']['type'];
$dropbox_filetmpname = $_FILES['file']['tmp_name'];
// check if the filesize does not exceed the allowed size.
if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) {
return get_lang('DropboxFileTooBig');
// TODO: The "too big" message does not fit in the case of uploading zero-sized file.
}
// check if the file is actually uploaded
if (!is_uploaded_file($dropbox_filetmpname)) {
// check user fraud : no clean error msg.
return get_lang('TheFileIsNotUploaded');
}
$upload_ok = FileManager::process_uploaded_file($_FILES['file'], true);
if (!$upload_ok) {
return null;
}
// Try to add an extension to the file if it hasn't got one
$dropbox_filename = FileManager::add_ext_on_mime($dropbox_filename, $dropbox_filetype);
// Replace dangerous characters
$dropbox_filename = api_replace_dangerous_char($dropbox_filename);
// Transform any .php file in .phps fo security
$dropbox_filename = FileManager::php2phps($dropbox_filename);
//filter extension
if (!FileManager::filter_extension($dropbox_filename)) {
return get_lang('UplUnableToSaveFileFilteredExtension');
}
// set title
$dropbox_title = $dropbox_filename;
// set author
if (!isset($_POST['authors'])) {
$_POST['authors'] = getUserNameFromId($_user['user_id']);
}
// note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload
if ($dropbox_overwrite) {
$dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor());
foreach ($dropbox_person->sentWork as $w) {
if ($w->title == $dropbox_filename) {
if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) {
return get_lang('MailingNonMailingError');
}
if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) {
return get_lang('MailingJustUploadSelectNoOther');
}
$dropbox_filename = $w->filename;
$found = true;
// note: do we still need this?
break;
}
}
} else {
// rename file to login_filename_uniqueId format
$dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid('');
}
// creating the array that contains all the users who will receive the file
$new_work_recipients = array();
foreach ($_POST['recipients'] as $rec) {
if (strpos($rec, 'user_') === 0) {
$new_work_recipients[] = substr($rec, strlen('user_'));
} elseif (strpos($rec, 'group_') === 0) {
$userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
foreach ($userList as $usr) {
if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) {
$new_work_recipients[] = $usr['user_id'];
}
}
}
}
@move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename);
$b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox');
if ($b_send_mail) {
foreach ($new_work_recipients as $recipient_id) {
$recipent_temp = UserManager::get_user_info_by_id($recipient_id);
@api_mail(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail']);
}
}
new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients);
Security::clear_token();
return get_lang('FileUploadSucces');
}
/**
* This function edits an attachment file into a forum
* @param string a comment about file
* @param int Post Id
* @param int attachment file Id
* @return void
*/
function edit_forum_attachment_file($file_comment, $post_id, $id_attach)
{
$_course = api_get_course_info();
$table_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
$course_id = api_get_course_int_id();
// Storing the attachments.
if (!empty($_FILES['user_upload']['name'])) {
$upload_ok = FileManager::process_uploaded_file($_FILES['user_upload']);
}
if (!empty($upload_ok)) {
$course_dir = $_course['path'] . '/upload/forum';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $course_dir;
// Try to add an extension to the file if it hasn't one.
$new_file_name = FileManager::add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
// User's file name
$file_name = $_FILES['user_upload']['name'];
if (!FileManager::filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$safe_post_id = (int) $post_id;
$safe_id_attach = (int) $id_attach;
// Storing the attachments if any.
if ($result) {
$sql = "UPDATE {$table_forum_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', post_id = '{$safe_post_id}', size ='" . $_FILES['user_upload']['size'] . "'\n WHERE c_id = {$course_id} AND id = '{$safe_id_attach}'";
$result = Database::query($sql);
api_item_property_update($_course, TOOL_FORUM_ATTACH, $safe_id_attach, 'ForumAttachmentUpdated', api_get_user_id());
}
}
}
}
/**
* Upload a submitted user production.
*
* @param $user_id User id
* @return The filename of the new production or FALSE if the upload has failed
*/
function upload_user_production($user_id)
{
$image_path = UserManager::get_user_picture_path_by_id($user_id, 'system', true);
$production_repository = $image_path['dir'] . $user_id . '/';
if (!file_exists($production_repository)) {
@mkdir($production_repository, api_get_permissions_for_new_directories(), true);
}
$filename = api_replace_dangerous_char($_FILES['production']['name']);
$filename = FileManager::disable_dangerous_file($filename);
if (FileManager::filter_extension($filename)) {
if (@move_uploaded_file($_FILES['production']['tmp_name'], $production_repository . $filename)) {
return $filename;
}
}
return false;
// this should be returned if anything went wrong with the upload
}
/**
* This function edit a attachment file into announcement
* @param int attach id
* @param array uploaded file $_FILES
* @param string file comment
* @return int
*/
public static function edit_announcement_attachment_file($id_attach, $file, $file_comment)
{
$_course = api_get_course_info();
$tbl_announcement_attachment = Database::get_course_table(TABLE_ANNOUNCEMENT_ATTACHMENT);
$return = 0;
$course_id = api_get_course_int_id();
if (is_array($file) && $file['error'] == 0) {
$courseDir = $_course['path'] . '/upload/announcements';
// TODO: This path is obsolete. The new document repository scheme should be kept in mind here.
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = FileManager::add_ext_on_mime(stripslashes($file['name']), $file['type']);
// user's file name
$file_name = $file['name'];
if (!FileManager::filter_extension($new_file_name)) {
$return - 1;
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($file['tmp_name'], $new_path);
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$id_attach = intval($id_attach);
$sql = "UPDATE {$tbl_announcement_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', size ='" . intval($file['size']) . "'\n\t\t\t\t\t \tWHERE c_id = {$course_id} AND id = '{$id_attach}'";
$result = Database::query($sql);
if ($result === false) {
$return = -1;
Display::display_error_message(get_lang('UplUnableToSaveFile'));
} else {
$return = 1;
}
}
}
return $return;
}
/**
* Saves a message attachment files
* @param array $_FILES['name']
* @param string a comment about the uploaded file
* @param int message id
* @param int receiver user id (optional)
* @param int sender user id (optional)
* @param int group id (optional)
* @return void
*/
public static function save_message_attachment_file($file_attach, $file_comment, $message_id, $receiver_user_id = 0, $sender_user_id = 0, $group_id = 0)
{
$tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
// Try to add an extension to the file if it hasn't one
$new_file_name = FileManager::add_ext_on_mime(stripslashes($file_attach['name']), $file_attach['type']);
// user's file name
$file_name = $file_attach['name'];
if (!FileManager::filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$usergroup = new UserGroup();
if (!empty($receiver_user_id)) {
$message_user_id = $receiver_user_id;
} else {
$message_user_id = $sender_user_id;
}
// User-reserved directory where photos have to be placed.
if (!empty($group_id)) {
$path_user_info = $usergroup->get_group_picture_path_by_id($group_id, 'system', true);
} else {
$path_user_info = UserManager::get_user_picture_path_by_id($message_user_id, 'system', true);
}
$path_message_attach = $path_user_info['dir'] . 'message_attachments/';
// If this directory does not exist - we create it.
if (!file_exists($path_message_attach)) {
mkdir($path_message_attach, api_get_permissions_for_new_directories(), true);
}
$new_path = $path_message_attach . $new_file_name;
if (is_uploaded_file($file_attach['tmp_name'])) {
copy($file_attach['tmp_name'], $new_path);
}
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
// Storing the attachments if any
$sql = "INSERT INTO {$tbl_message_attach}(filename,comment, path,message_id,size)\n\t\t\t\t VALUES ( '{$safe_file_name}', '{$safe_file_comment}', '{$safe_new_file_name}' , '{$message_id}', '" . $file_attach['size'] . "' )";
Database::query($sql);
}
}
function accept($filename)
{
return (bool) FileManager::filter_extension($filename);
}
