/**
* Serves up files only after passing access checks
*
* @return void
*/
public function downloadTask()
{
// Incoming
$section = Request::getVar('section', '');
$category = Request::getVar('category', '');
$thread = Request::getInt('thread', 0);
$post = Request::getInt('post', 0);
$file = Request::getVar('file', '');
// Ensure we have a database object
if (!$this->database) {
throw new Exception(Lang::txt('COM_FORUM_DATABASE_NOT_FOUND'), 500);
}
// Instantiate an attachment object
$attach = new Tables\Attachment($this->database);
if (!$post) {
$attach->loadByThread($thread, $file);
} else {
$attach->loadByPost($post);
}
if (!$attach->filename) {
throw new Exception(Lang::txt('COM_FORUM_FILE_NOT_FOUND'), 404);
}
$file = $attach->filename;
// Get the parent ticket the file is attached to
$row = new Tables\Post($this->database);
$row->load($attach->post_id);
if (!$row->id) {
throw new Exception(Lang::txt('COM_FORUM_POST_NOT_FOUND'), 404);
}
// Check logged in status
if ($row->access > 0 && User::isGuest()) {
$return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '§ion=' . $section . '&category=' . $category . '&thread=' . $thread . '&post=' . $post . '&file=' . $file));
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return));
return;
}
// Load ACL
$this->_authorize('thread', $row->id);
// Ensure the user is authorized to view this file
if (!$this->config->get('access-view-thread')) {
throw new Exception(Lang::txt('COM_FORUM_NOT_AUTH_FILE'), 403);
}
// Ensure we have a path
if (empty($file)) {
throw new Exception(Lang::txt('COM_FORUM_FILE_NOT_FOUND'), 404);
}
// Get the configured upload path
$basePath = DS . trim($this->config->get('webpath', '/site/forum'), DS) . DS . $attach->parent . DS . $attach->post_id;
// Does the path start with a slash?
if (substr($file, 0, 1) != DS) {
$file = DS . $file;
// Does the beginning of the $attachment->filename match the config path?
if (substr($file, 0, strlen($basePath)) == $basePath) {
// Yes - this means the full path got saved at some point
} else {
// No - append it
$file = $basePath . $file;
}
}
// Add PATH_CORE
$filename = PATH_APP . $file;
// Ensure the file exist
if (!file_exists($filename)) {
throw new Exception(Lang::txt('COM_FORUM_FILE_NOT_FOUND') . ' ' . $filename, 404);
}
// Initiate a new content server and serve up the file
$server = new \Hubzero\Content\Server();
$server->filename($filename);
$server->disposition('inline');
$server->acceptranges(false);
// @TODO fix byte range support
if (!$server->serve()) {
// Should only get here on error
throw new Exception(Lang::txt('COM_FORUM_SERVER_ERROR'), 500);
} else {
exit;
}
return;
}
/**
* Sets the state of one or more entries
*
* @return void
*/
public function accessTask()
{
// Check for request forgeries
Request::checkToken(['get', 'post']);
// Incoming
$category = Request::getInt('category_id', 0);
$state = Request::getInt('access', 0);
$ids = Request::getVar('id', array());
$ids = !is_array($ids) ? array($ids) : $ids;
// Check for an ID
if (count($ids) < 1) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&category_id=' . $category, false), Lang::txt('COM_FORUM_SELECT_ENTRY_TO_CHANGE_ACCESS'), 'error');
return;
}
foreach ($ids as $id) {
// Update record(s)
$row = new Post($this->database);
$row->load(intval($id));
$row->access = $state;
if (!$row->store()) {
throw new Exception($row->getError(), 500);
}
}
// set message
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&category_id=' . $category, false), Lang::txt('COM_FORUM_ITEMS_ACCESS_CHANGED', count($ids)));
}
