/**
* Saves a message attachment files
* @param array $_FILES['name']
* @param string a comment about the uploaded file
* @param int message id
* @param int receiver user id (optional)
* @param int sender user id (optional)
* @param int group id (optional)
* @return void
*/
public static function save_message_attachment_file($file_attach, $file_comment, $message_id, $receiver_user_id = 0, $sender_user_id = 0, $group_id = 0)
{
$tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($file_attach['name']), $file_attach['type']);
// user's file name
$file_name = $file_attach['name'];
if (!filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
if (!empty($receiver_user_id)) {
$message_user_id = $receiver_user_id;
} else {
$message_user_id = $sender_user_id;
}
// User-reserved directory where photos have to be placed.
if (!empty($group_id)) {
$path_user_info = GroupPortalManager::get_group_picture_path_by_id($group_id, 'system', true);
} else {
$path_user_info = UserManager::get_user_picture_path_by_id($message_user_id, 'system', true);
}
$path_message_attach = $path_user_info['dir'] . 'message_attachments/';
// If this directory does not exist - we create it.
if (!file_exists($path_message_attach)) {
@mkdir($path_message_attach, api_get_permissions_for_new_directories(), true);
}
$new_path = $path_message_attach . $new_file_name;
if (is_uploaded_file($file_attach['tmp_name'])) {
@copy($file_attach['tmp_name'], $new_path);
}
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
// Storing the attachments if any
$sql = "INSERT INTO {$tbl_message_attach}(filename,comment, path,message_id,size)\n\t\t\t\t VALUES ('{$safe_file_name}', '{$safe_file_comment}', '{$safe_new_file_name}' , '{$message_id}', '" . $file_attach['size'] . "' )";
Database::query($sql);
}
}
function SanitizeFileName($sNewFileName, $sMimeType = null)
{
global $Config;
if (empty($sMimeType)) {
$sNewFileName = stripslashes($sNewFileName);
} else {
$sNewFileName = add_ext_on_mime(stripslashes($sNewFileName), $sMimeType);
}
// Replace dots in the name with underscores (only one dot can be there... security issue).
if ($Config['ForceSingleExtension']) {
$sNewFileName = preg_replace('/\\.(?![^.]*$)/', '_', $sNewFileName);
}
// Remove \ / | : ? * " < >
//$sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
$sNewFileName = replace_dangerous_char($sNewFileName, 'strict');
$sNewFileName = php2phps($sNewFileName);
return $sNewFileName;
}
$_course = api_get_course_info();
$currentCourseRepositorySys = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/';
$succeed = false;
if ($form->validate()) {
if ($student_can_edit_in_session && $check) {
// Check the token inserted into the form
if (isset($_POST['submitWork'])) {
$url = null;
$contains_file = 0;
$title = isset($_POST['title']) ? $_POST['title'] : null;
$description = isset($_POST['description']) ? $_POST['description'] : null;
if ($_POST['contains_file'] && !empty($_FILES['file']['size'])) {
$updir = $currentCourseRepositorySys . 'work/';
//directory path to upload
// Try to add an extension to the file if it has'nt one
$new_file_name = add_ext_on_mime(stripslashes($_FILES['file']['name']), $_FILES['file']['type']);
// Replace dangerous characters
$new_file_name = replace_dangerous_char($new_file_name, 'strict');
// Transform any .php file in .phps fo security
$new_file_name = php2phps($new_file_name);
$filesize = filesize($_FILES['file']['tmp_name']);
if (empty($filesize)) {
$error_message .= Display::return_message(get_lang('UplUploadFailedSizeIsZero'), 'error');
$succeed = false;
} elseif (!filter_extension($new_file_name)) {
//filter extension
$error_message .= Display::return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error');
$succeed = false;
}
if (!$title) {
$title = $_FILES['file']['name'];
/**
*
* @author Hugues Peeters <*****@*****.**>
*
* @param array $uploaded_file - follows the $_FILES Structure
* @param string $base_work_dir - base working directory of the module
* @param string $upload_path - destination of the upload.
* This path is to append to $base_work_dir
* @param int $max_filled_space - amount of bytes to not exceed in the base
* working directory
*
* @return boolean true if it succeds, false otherwise
*/
function treat_uploaded_file($uploaded_file, $base_work_dir, $upload_path, $max_filled_space, $uncompress = '')
{
$uploaded_file['name'] = stripslashes($uploaded_file['name']);
if (!enough_size($uploaded_file['size'], $base_work_dir, $max_filled_space)) {
return api_failure::set_failure('not_enough_space');
}
if ($uncompress == 'unzip' && preg_match('/.zip$/', strtolower($uploaded_file['name']))) {
return unzip_uploaded_file($uploaded_file, $upload_path, $base_work_dir, $max_filled_space);
} else {
$file_name = trim($uploaded_file['name']);
// CHECK FOR NO DESIRED CHARACTERS
$file_name = api_replace_dangerous_char($file_name, 'strict');
// TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION
$file_name = add_ext_on_mime($file_name, $uploaded_file['type']);
// HANDLE PHP FILES
$file_name = $file_name;
// COPY THE FILE TO THE DESIRED DESTINATION
if (move_uploaded_file($uploaded_file['tmp_name'], $base_work_dir . $upload_path . '/' . $file_name)) {
set_default_settings($upload_path, $file_name);
}
return true;
}
}
/**
* Saves a message attachment files
* @param array $file_attach $_FILES['name']
* @param string a comment about the uploaded file
* @param int message id
* @param int receiver user id (optional)
* @param int sender user id (optional)
* @param int group id (optional)
* @return void
*/
public static function save_message_attachment_file($file_attach, $file_comment, $message_id, $receiver_user_id = 0, $sender_user_id = 0, $group_id = 0)
{
$tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($file_attach['name']), $file_attach['type']);
// user's file name
$file_name = $file_attach['name'];
if (!filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
if (!empty($receiver_user_id)) {
$message_user_id = $receiver_user_id;
} else {
$message_user_id = $sender_user_id;
}
// User-reserved directory where photos have to be placed.*
$userGroup = new UserGroup();
if (!empty($group_id)) {
$path_user_info = $userGroup->get_group_picture_path_by_id($group_id, 'system', true);
} else {
$path_user_info['dir'] = UserManager::getUserPathById($message_user_id, 'system');
}
$path_message_attach = $path_user_info['dir'] . 'message_attachments/';
// If this directory does not exist - we create it.
if (!file_exists($path_message_attach)) {
@mkdir($path_message_attach, api_get_permissions_for_new_directories(), true);
}
$new_path = $path_message_attach . $new_file_name;
if (is_uploaded_file($file_attach['tmp_name'])) {
@copy($file_attach['tmp_name'], $new_path);
}
// Storing the attachments if any
$params = ['filename' => $file_name, 'comment' => $file_comment, 'path' => $new_file_name, 'message_id' => $message_id, 'size' => $file_attach['size']];
Database::insert($tbl_message_attach, $params);
}
}
$vis = $result->visible;
Database::get()->query("DELETE FROM document WHERE\n {$group_sql} AND\n path = ?s", $file_path);
} else {
$error = $langFileExists;
}
}
}
if ($error) {
$action_message .= "<div class='alert alert-danger'>{$error}</div><br>";
} elseif ($uploaded) {
// No errors, so proceed with upload
// File date is current date
$file_date = date("Y\\-m\\-d G\\:i\\:s");
// Try to add an extension to files witout extension,
// change extension of PHP files
$fileName = php2phps(add_ext_on_mime($fileName));
// File name used in file system and path field
$safe_fileName = safe_filename(get_file_extension($fileName));
if ($uploadPath == '.') {
$file_path = '/' . $safe_fileName;
} else {
$file_path = $uploadPath . '/' . $safe_fileName;
}
if ($extra_path or isset($userFile) and @copy($userFile, $basedir . $file_path)) {
$vis = 1;
$file_format = get_file_extension($fileName);
$id = Database::get()->query("INSERT INTO document SET\n course_id = ?d,\n subsystem = ?d,\n subsystem_id = ?d,\n path = ?s,\n extra_path = ?s,\n filename = ?s,\n visible = ?d,\n comment = ?s,\n category = ?d,\n title = ?s,\n creator = ?s,\n date = ?t,\n date_modified = ?t,\n subject = ?s,\n description = ?s,\n author = ?s,\n format = ?s,\n language = ?s,\n copyrighted = ?d", $course_id, $subsystem, $subsystem_id, $file_path, $extra_path, $fileName, $vis, $_POST['file_comment'], $_POST['file_category'], $_POST['file_title'], $_POST['file_creator'], $file_date, $file_date, $_POST['file_subject'], $_POST['file_description'], $_POST['file_author'], $file_format, $_POST['file_language'], $_POST['file_copyrighted'])->lastInsertID;
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $id);
// Logging
Log::record($course_id, MODULE_ID_DOCS, LOG_INSERT, array('id' => $id, 'filepath' => $file_path, 'filename' => $fileName, 'comment' => $_POST['file_comment'], 'title' => $_POST['file_title']));
Session::Messages($langDownloadEnd, 'alert-success');
/**
* @return array|null|string
*/
function store_add_dropbox()
{
$_course = api_get_course_info();
$_user = api_get_user_info();
$dropbox_cnf = getDropboxConf();
// Validating the form data
// there are no recipients selected
if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
return get_lang('YouMustSelectAtLeastOneDestinee');
} else {
// Check if all the recipients are valid
$thisIsAMailing = false;
$thisIsJustUpload = false;
foreach ($_POST['recipients'] as $rec) {
if ($rec == 'mailing') {
$thisIsAMailing = true;
} elseif ($rec == 'upload') {
$thisIsJustUpload = true;
} elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
return get_lang('InvalideUserDetected');
} elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
return get_lang('InvalideGroupDetected');
}
}
}
// we are doing a mailing but an additional recipient is selected
if ($thisIsAMailing && count($_POST['recipients']) != 1) {
return get_lang('MailingSelectNoOther');
}
// we are doing a just upload but an additional recipient is selected.
// note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails)
if ($thisIsJustUpload && count($_POST['recipients']) != 1) {
return get_lang('MailingJustUploadSelectNoOther');
}
if (empty($_FILES['file']['name'])) {
$error = true;
return get_lang('NoFileSpecified');
}
// are we overwriting a previous file or sending a new one
$dropbox_overwrite = false;
if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) {
$dropbox_overwrite = true;
}
// doing the upload
$dropbox_filename = $_FILES['file']['name'];
$dropbox_filesize = $_FILES['file']['size'];
$dropbox_filetype = $_FILES['file']['type'];
$dropbox_filetmpname = $_FILES['file']['tmp_name'];
// check if the filesize does not exceed the allowed size.
if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) {
return get_lang('DropboxFileTooBig');
// TODO: The "too big" message does not fit in the case of uploading zero-sized file.
}
// check if the file is actually uploaded
if (!is_uploaded_file($dropbox_filetmpname)) {
// check user fraud : no clean error msg.
return get_lang('TheFileIsNotUploaded');
}
$upload_ok = process_uploaded_file($_FILES['file'], true);
if (!$upload_ok) {
return null;
}
// Try to add an extension to the file if it hasn't got one
$dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype);
// Replace dangerous characters
$dropbox_filename = replace_dangerous_char($dropbox_filename);
// Transform any .php file in .phps fo security
$dropbox_filename = php2phps($dropbox_filename);
//filter extension
if (!filter_extension($dropbox_filename)) {
return get_lang('UplUnableToSaveFileFilteredExtension');
}
// set title
$dropbox_title = $dropbox_filename;
// set author
if (!isset($_POST['authors'])) {
$_POST['authors'] = getUserNameFromId($_user['user_id']);
}
// note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload
if ($dropbox_overwrite) {
$dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor());
foreach ($dropbox_person->sentWork as $w) {
if ($w->title == $dropbox_filename) {
if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) {
return get_lang('MailingNonMailingError');
}
if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) {
return get_lang('MailingJustUploadSelectNoOther');
}
$dropbox_filename = $w->filename;
$found = true;
// note: do we still need this?
break;
}
}
} else {
// rename file to login_filename_uniqueId format
$dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid('');
}
// creating the array that contains all the users who will receive the file
$new_work_recipients = array();
foreach ($_POST['recipients'] as $rec) {
if (strpos($rec, 'user_') === 0) {
$new_work_recipients[] = substr($rec, strlen('user_'));
} elseif (strpos($rec, 'group_') === 0) {
$userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
foreach ($userList as $usr) {
if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) {
$new_work_recipients[] = $usr['user_id'];
}
}
}
}
@move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename);
$b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox');
if ($b_send_mail) {
foreach ($new_work_recipients as $recipient_id) {
$recipent_temp = UserManager::get_user_info_by_id($recipient_id);
$additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']);
api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters);
}
}
new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients);
Security::clear_token();
return get_lang('FileUploadSucces');
}
/**
* This function edits an attachment file into a forum
* @param string $file_comment a comment about file
* @param int $post_id
* @param int $id_attach attachment file Id
* @return void
*/
function edit_forum_attachment_file($file_comment, $post_id, $id_attach)
{
$_course = api_get_course_info();
$table_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
$course_id = api_get_course_int_id();
$fileCount = count($_FILES['user_upload']['name']);
$filesData = [];
if (!is_array($_FILES['user_upload']['name'])) {
$filesData[] = $_FILES['user_upload'];
} else {
$fileKeys = array_keys($_FILES['user_upload']);
for ($i = 0; $i < $fileCount; $i++) {
foreach ($fileKeys as $key) {
$filesData[$i][$key] = $_FILES['user_upload'][$key][$i];
}
}
}
foreach ($filesData as $attachment) {
if (empty($attachment['name'])) {
continue;
}
$upload_ok = process_uploaded_file($attachment);
if (!$upload_ok) {
continue;
}
$course_dir = $_course['path'] . '/upload/forum';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $course_dir;
// Try to add an extension to the file if it hasn't one.
$new_file_name = add_ext_on_mime(stripslashes($attachment['name']), $attachment['type']);
// User's file name
$file_name = $attachment['name'];
if (!filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($attachment['tmp_name'], $new_path);
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$safe_post_id = (int) $post_id;
$safe_id_attach = (int) $id_attach;
// Storing the attachments if any.
if ($result) {
$sql = "UPDATE {$table_forum_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', post_id = '{$safe_post_id}', size ='" . $attachment['size'] . "'\n WHERE c_id = {$course_id} AND id = '{$safe_id_attach}'";
Database::query($sql);
api_item_property_update($_course, TOOL_FORUM_ATTACH, $safe_id_attach, 'ForumAttachmentUpdated', api_get_user_id());
}
}
}
}
if (!$error) {
$dropbox_filename = $_FILES['file']['name'];
$dropbox_filesize = $_FILES['file']['size'];
$dropbox_filetype = $_FILES['file']['type'];
$dropbox_filetmpname = $_FILES['file']['tmp_name'];
if ($dropbox_filesize <= 0 || $dropbox_filesize > dropbox_cnf('maxFilesize')) {
$errormsg = get_lang('TooBig');
// TODO: The "too big" message does not fit in the case of uploading zero-sized file.
$error = true;
} elseif (!is_uploaded_file($dropbox_filetmpname)) {
// check user fraud : no clean error msg.
die(get_lang('BadFormData') . ' (code 403)');
}
if (!$error) {
// Try to add an extension to the file if it hasn't got one
$dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype);
// Replace dangerous characters
$dropbox_filename = api_replace_dangerous_char($dropbox_filename);
// Transform any .php file in .phps fo security
$dropbox_filename = php2phps($dropbox_filename);
if (!filter_extension($dropbox_filename)) {
$error = true;
$errormsg = get_lang('UplUnableToSaveFileFilteredExtension');
} else {
// set title
$dropbox_title = $dropbox_filename;
// set author
if ($_POST['authors'] == '') {
$_POST['authors'] = getUserNameFromId($_user['user_id']);
}
if ($dropbox_overwrite) {
/**
* This function edit a attachment file into announcement
* @param int attach id
* @param array uploaded file $_FILES
* @param string file comment
* @return int
*/
public static function edit_announcement_attachment_file($id_attach, $file, $file_comment)
{
$_course = api_get_course_info();
$tbl_announcement_attachment = Database::get_course_table(TABLE_ANNOUNCEMENT_ATTACHMENT);
$return = 0;
$course_id = api_get_course_int_id();
if (is_array($file) && $file['error'] == 0) {
// TODO: This path is obsolete. The new document repository scheme should be kept in mind here.
$courseDir = $_course['path'] . '/upload/announcements';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($file['name']), $file['type']);
// user's file name
$file_name = $file['name'];
if (!filter_extension($new_file_name)) {
$return - 1;
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
@move_uploaded_file($file['tmp_name'], $new_path);
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$id_attach = intval($id_attach);
$sql = "UPDATE {$tbl_announcement_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', size ='" . intval($file['size']) . "'\n\t\t\t\t\t \tWHERE c_id = {$course_id} AND id = '{$id_attach}'";
$result = Database::query($sql);
if ($result === false) {
$return = -1;
Display::display_error_message(get_lang('UplUnableToSaveFile'));
} else {
$return = 1;
}
}
}
return $return;
}
/**
* Uploads an author image to the upload/learning_path/images directory
* @param array The image array, coming from the $_FILES superglobal
* @return boolean True on success, false on error
*/
public function upload_image($image_array)
{
$image_moved = false;
if (!empty($image_array['name'])) {
$upload_ok = process_uploaded_file($image_array);
$has_attachment = true;
} else {
$image_moved = true;
}
if ($upload_ok) {
if ($has_attachment) {
$courseDir = api_get_course_path() . '/upload/learning_path/images';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one.
$new_file_name = add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']);
if (!filter_extension($new_file_name)) {
//Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
$image_moved = false;
} else {
$file_extension = explode('.', $image_array['name']);
$file_extension = strtolower($file_extension[sizeof($file_extension) - 1]);
$filename = uniqid('');
$new_file_name = $filename . '.' . $file_extension;
$new_path = $updir . '/' . $new_file_name;
// Resize the image.
$temp = new Image($image_array['tmp_name']);
$picture_infos = $temp->get_image_info();
if ($picture_infos['width'] > 104) {
$thumbwidth = 104;
} else {
$thumbwidth = $picture_infos['width'];
}
if ($picture_infos['height'] > 96) {
$new_height = 96;
} else {
$new_height = $picture_infos['height'];
}
$temp->resize($thumbwidth, $new_height, 0);
$result = $temp->send_image($new_path);
// Storing the image filename.
if ($result) {
$image_moved = true;
$this->set_preview_image($new_file_name);
//Resize to 64px to use on course homepage
$temp->resize(64, 64, 0);
$temp->send_image($updir . '/' . $filename . '.64.' . $file_extension);
return true;
}
}
}
}
return false;
}
/**
* Add (or edit) a template. This function displays the form and also takes care of uploading the image and storing the information in the database
*
* @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
* @version August 2008
* @since Dokeos 1.8.6
*/
function add_edit_template()
{
// initiate the object
$form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . $_GET['action'] . '&id=' . $_GET['id']);
// settting the form elements: the header
if ($_GET['action'] == 'add') {
$title = get_lang('AddTemplate');
} else {
$title = get_lang('EditTemplate');
}
$form->addElement('header', '', $title);
// settting the form elements: the title of the template
$form->add_textfield('title', get_lang('Title'), false);
// settting the form elements: the content of the template (wysiwyg editor)
$form->addElement('html_editor', 'template_text', get_lang('Text'));
// settting the form elements: the form to upload an image to be used with the template
$form->addElement('file', 'template_image', get_lang('Image'), '');
// settting the form elements: a little bit information about the template image
$form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70'));
// getting all the information of the template when editing a template
if ($_GET['action'] == 'edit') {
// Database table definition
$table_system_template = Database::get_main_table('system_template');
$sql = "SELECT * FROM {$table_system_template} WHERE id = '" . Database::escape_string($_GET['id']) . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$defaults['template_id'] = $_GET['id'];
$defaults['template_text'] = $row['content'];
$defaults['title'] = $row['title'];
// adding an extra field: a hidden field with the id of the template we are editing
$form->addElement('hidden', 'template_id');
// adding an extrra field: a preview of the image that is currently used
if (!empty($row['image'])) {
$form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>');
} else {
$form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>');
}
// setting the information of the template that we are editing
$form->setDefaults($defaults);
}
// settting the form elements: the submit button
$form->addElement('style_submit_button', 'submit', get_lang('Ok'), 'class="save"');
// setting the rules: the required fields
$form->addRule('title', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('template_text', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required');
// if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed)
if ($form->validate()) {
// exporting the values
$values = $form->exportValues();
// upload the file
if (!empty($_FILES['template_image']['name'])) {
include_once api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php';
$upload_ok = process_uploaded_file($_FILES['template_image']);
if ($upload_ok) {
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']);
// upload dir
$upload_dir = api_get_path(SYS_PATH) . 'home/default_platform_document/';
// create dir if not exists
if (!is_dir($upload_dir)) {
$perm = api_get_setting('permissions_for_new_directories');
$perm = octdec(!empty($perm) ? $perm : '0770');
$res = @mkdir($upload_dir, $perm);
}
// resize image to max default and upload
require_once api_get_path(LIBRARY_PATH) . 'image.lib.php';
$temp = new image($_FILES['template_image']['tmp_name']);
$picture_infos = @getimagesize($_FILES['template_image']['tmp_name']);
$max_width_for_picture = 100;
if ($picture_infos[0] > $max_width_for_picture) {
$thumbwidth = $max_width_for_picture;
if (empty($thumbwidth) or $thumbwidth == 0) {
$thumbwidth = $max_width_for_picture;
}
$new_height = round($thumbwidth / $picture_infos[0] * $picture_infos[1]);
$temp->resize($thumbwidth, $new_height, 0);
}
$type = $picture_infos[2];
switch (!empty($type)) {
case 2:
$temp->send_image('JPG', $upload_dir . $new_file_name);
break;
case 3:
$temp->send_image('PNG', $upload_dir . $new_file_name);
break;
case 1:
$temp->send_image('GIF', $upload_dir . $new_file_name);
break;
}
}
}
// store the information in the database (as insert or as update)
$table_system_template = Database::get_main_table('system_template');
if ($_GET['action'] == 'add') {
$sql = "INSERT INTO {$table_system_template} (title, content, image) VALUES ('" . Database::escape_string($values['title']) . "','" . Database::escape_string($values['template_text']) . "','" . Database::escape_string($new_file_name) . "')";
$result = api_sql_query($sql, __FILE__, __LINE__);
// display a feedback message
Display::display_confirmation_message('TemplateAdded');
echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('add_template.gif', get_lang('AddTemplate')) . get_lang('AddTemplate') . '</a>';
} else {
$sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "',\n\t\t\t\t\t\t\t\t\t\t\t \t\t content = '" . Database::escape_string($values['template_text']) . "'";
if (!empty($new_file_name)) {
$sql .= ", image = '" . Database::escape_string($new_file_name) . "'";
}
$sql .= " WHERE id='" . Database::escape_string($_GET['id']) . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
// display a feedback message
Display::display_confirmation_message('TemplateEdited');
}
display_templates();
} else {
// display the form
$form->display();
}
}
/**
* This function edit a attachment file into agenda
* @param string a comment about file
* @param int Agenda Id
* @param int attachment file Id
*/
function edit_agenda_attachment_file($file_comment, $agenda_id, $id_attach)
{
global $_course;
$agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
// Storing the attachments
if (!empty($_FILES['user_upload']['name'])) {
$upload_ok = process_uploaded_file($_FILES['user_upload']);
}
if (!empty($upload_ok)) {
$courseDir = $_course['path'] . '/upload/calendar';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
// user's file name
$file_name = $_FILES['user_upload']['name'];
if (!filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$safe_agenda_id = intval($agenda_id);
$safe_id_attach = intval($id_attach);
// Storing the attachments if any
if ($result) {
$sql = "UPDATE {$agenda_table_attachment} SET filename = '{$safe_file_name}', comment = '{$safe_file_comment}', path = '{$safe_new_file_name}', agenda_id = '{$safe_agenda_id}', size ='" . intval($_FILES['user_upload']['size']) . "'\n\t\t\t\t\t\t WHERE id = '{$safe_id_attach}'";
Database::query($sql);
api_item_property_update($_course, 'calendar_event_attachment', $safe_id_attach, 'AgendaAttachmentUpdated', api_get_user_id());
}
}
}
}
/**
* Attachment files when a message is sent
* @param $file_attach
* @param $ticket_id
* @param $message_id
* @param $message_attch_id
* @return array
*/
public static function save_message_attachment_file(
$file_attach,
$ticket_id,
$message_id,
$message_attch_id
) {
$now = api_get_utc_datetime();
$user_id = api_get_user_id();
$ticket_id = intval($ticket_id);
$new_file_name = add_ext_on_mime(
stripslashes($file_attach['name']), $file_attach['type']
);
$file_name = $file_attach['name'];
$table_support_message_attachments = Database::get_main_table(TABLE_TICKET_MESSAGE_ATTACHMENTS);
if (!filter_extension($new_file_name)) {
Display :: display_error_message(
get_lang('UplUnableToSaveFileFilteredExtension')
);
} else {
$new_file_name = uniqid('');
$path_attachment = api_get_path(SYS_ARCHIVE_PATH);
$path_message_attach = $path_attachment . 'plugin_ticket_messageattch/';
if (!file_exists($path_message_attach)) {
@mkdir($path_message_attach, api_get_permissions_for_new_directories(), true);
}
$new_path = $path_message_attach . $new_file_name;
if (is_uploaded_file($file_attach['tmp_name'])) {
$result = @copy($file_attach['tmp_name'], $new_path);
}
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
$sql = "INSERT INTO $table_support_message_attachments (
filename,
path,
ticket_id,
message_id,
message_attch_id,
size,
sys_insert_user_id,
sys_insert_datetime,
sys_lastedit_user_id,
sys_lastedit_datetime
) VALUES (
'$safe_file_name',
'$safe_new_file_name',
'$ticket_id',
'$message_id',
'$message_attch_id',
'" . $file_attach['size'] . "',
'$user_id',
'$now',
'$user_id',
'$now'
)";
Database::query($sql);
return array(
'path' => $path_message_attach . $safe_new_file_name,
'filename' => $safe_file_name
);
}
}
/**
* Uploads the nanogong wav file
* @param bool
*/
public function upload_file($is_nano = false)
{
if (!empty($_FILES)) {
$upload_ok = process_uploaded_file($_FILES['file'], false);
if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
return 0;
}
if ($upload_ok) {
// Check if there is enough space to save the file
if (!DocumentManager::enough_space($_FILES['file']['size'], DocumentManager::get_course_quota())) {
return 0;
}
//first we delete everything before uploading the file
$this->delete_files();
//Reload the filename variable
$file_name = add_ext_on_mime($_FILES['file']['name'], $_FILES['file']['type']);
$file_name = strtolower($file_name);
$file_info = pathinfo($file_name);
if ($is_nano == true) {
$file_info['extension'] = 'wav';
}
$file_name = $this->filename . '.' . $file_info['extension'];
if (in_array($file_info['extension'], $this->available_extensions)) {
if (move_uploaded_file($_FILES['file']['tmp_name'], $this->store_path . $file_name)) {
$this->store_filename = $this->store_path . $file_name;
return 1;
}
}
}
}
return 0;
}
<hr>
';
} elseif (isset($_GET['add_as_template']) && isset($_POST['create_template'])) {
$document_id_for_template = intval($_GET['add_as_template']);
$title = Security::remove_XSS($_POST['template_title']);
$user_id = api_get_user_id();
// Create the template_thumbnails folder in the upload folder (if needed)
if (!is_dir(api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/')) {
@mkdir(api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/', api_get_permissions_for_new_directories());
}
// Upload the file
if (!empty($_FILES['template_image']['name'])) {
$upload_ok = process_uploaded_file($_FILES['template_image']);
if ($upload_ok) {
// Try to add an extension to the file if it hasn't one
$new_file_name = $courseInfo['code'] . '-' . add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']);
// Upload dir
$upload_dir = api_get_path(SYS_COURSE_PATH) . $courseInfo['directory'] . '/upload/template_thumbnails/';
// Resize image to max default and end upload
$temp = new Image($_FILES['template_image']['tmp_name']);
$picture_info = $temp->get_image_info();
$max_width_for_picture = 100;
if ($picture_info['width'] > $max_width_for_picture) {
$temp->resize($max_width_for_picture);
}
$temp->send_image($upload_dir . $new_file_name);
}
}
DocumentManager::set_document_as_template($title, '', $document_id_for_template, $course_code, $user_id, $new_file_name);
Display::addFlash(Display::return_message(get_lang('DocumentSetAsTemplate'), 'confirmation'));
}
if (count($lp_items_to_remove_audio) > 0) {
$sql = "UPDATE {$tbl_lp_item} SET audio = '' WHERE c_id = {$course_id} AND id IN (" . $in . ")";
$result = Database::query($sql);
}
// Uploading the audio files.
foreach ($_FILES as $key => $value) {
if (substr($key, 0, 7) == 'mp3file' and !empty($_FILES[$key]['tmp_name'])) {
// The id of the learning path item.
$lp_item_id = str_ireplace('mp3file', '', $key);
// Create the audio folder if it does not exist yet.
DocumentManager::createDefaultAudioFolder($_course);
// Check if file already exits into document/audio/
$file_name = $_FILES[$key]['name'];
$file_name = stripslashes($file_name);
// Add extension to files without one (if possible).
$file_name = add_ext_on_mime($file_name, $_FILES[$key]['type']);
$clean_name = api_replace_dangerous_char($file_name);
// No "dangerous" files.
$clean_name = disable_dangerous_file($clean_name);
$check_file_path = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document/audio/' . $clean_name;
// If the file exists we generate a new name.
if (file_exists($check_file_path)) {
$filename_components = explode('.', $clean_name);
// Gettting the extension of the file.
$file_extension = $filename_components[count($filename_components) - 1];
// Adding something random to prevent overwriting.
$filename_components[count($filename_components) - 1] = time();
// Reconstructing the new filename.
$clean_name = implode($filename_components) . '.' . $file_extension;
// Using the new name in the $_FILES superglobal.
$_FILES[$key]['name'] = $clean_name;
/**
* Add an attachment file into agenda
* @param int $eventId
* @param array $fileUserUpload ($_FILES['user_upload'])
* @param string comment about file
* @param array $courseInfo
* @return string
*/
public function addAttachment($eventId, $fileUserUpload, $comment, $courseInfo)
{
$agenda_table_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
$eventId = intval($eventId);
// Storing the attachments
$upload_ok = false;
if (!empty($fileUserUpload['name'])) {
$upload_ok = process_uploaded_file($fileUserUpload);
}
if (!empty($upload_ok)) {
$courseDir = $courseInfo['directory'] . '/upload/calendar';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$uploadDir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($fileUserUpload['name']), $fileUserUpload['type']);
// user's file name
$file_name = $fileUserUpload['name'];
if (!filter_extension($new_file_name)) {
return Display::return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error');
} else {
$new_file_name = uniqid('');
$new_path = $uploadDir . '/' . $new_file_name;
$result = @move_uploaded_file($fileUserUpload['tmp_name'], $new_path);
$course_id = api_get_course_int_id();
$size = intval($fileUserUpload['size']);
// Storing the attachments if any
if ($result) {
$params = ['c_id' => $course_id, 'filename' => $file_name, 'comment' => $comment, 'path' => $new_file_name, 'agenda_id' => $eventId, 'size' => $size];
$id = Database::insert($agenda_table_attachment, $params);
if ($id) {
$sql = "UPDATE {$agenda_table_attachment}\n SET id = iid WHERE iid = {$id}";
Database::query($sql);
api_item_property_update($courseInfo, 'calendar_event_attachment', $id, 'AgendaAttachmentAdded', api_get_user_id());
}
}
}
}
}
/**
* @param array $my_folder_data
* @param array $_course
* @return array
*/
function uploadWork($my_folder_data, $_course)
{
if (empty($_FILES['file']['size'])) {
return array('error' => Display :: return_message(get_lang('UplUploadFailedSizeIsZero'), 'error'));
}
$updir = api_get_path(SYS_COURSE_PATH).$_course['path'].'/work/'; //directory path to upload
// Try to add an extension to the file if it has'nt one
$filename = add_ext_on_mime(stripslashes($_FILES['file']['name']), $_FILES['file']['type']);
// Replace dangerous characters
$filename = replace_dangerous_char($filename, 'strict');
// Transform any .php file in .phps fo security
$filename = php2phps($filename);
$filesize = filesize($_FILES['file']['tmp_name']);
if (empty($filesize)) {
return array('error' => Display :: return_message(get_lang('UplUploadFailedSizeIsZero'), 'error'));
} elseif (!filter_extension($new_file_name)) {
return array('error' => Display :: return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error'));
}
$totalSpace = DocumentManager::documents_total_space($_course['real_id']);
$course_max_space = DocumentManager::get_course_quota($_course['code']);
$total_size = $filesize + $totalSpace;
if ($total_size > $course_max_space) {
return array(
'error' => Display :: return_message(get_lang('NoSpace'), 'error')
);
}
// Compose a unique file name to avoid any conflict
$new_file_name = api_get_unique_id();
$curdirpath = basename($my_folder_data['url']);
// If we come from the group tools the groupid will be saved in $work_table
if (is_dir($updir.$curdirpath) || empty($curdirpath)) {
$result = move_uploaded_file(
$_FILES['file']['tmp_name'],
$updir.$curdirpath.'/'.$new_file_name
);
} else {
return array(
'error' => Display :: return_message(
get_lang('FolderDoesntExistsInFileSystem'),
'error'
)
);
}
$url = null;
if ($result) {
$url = 'work/'.$curdirpath.'/'.$new_file_name;
}
return array(
'url' => $url,
'filename' => $filename,
'error' => null
);
}
/**
* Creates a comment on a post in a given blog
* @author Toon Keppens
* @param String $title
* @param String $full_text
* @param Integer $blog_id
* @param Integer $post_id
* @param Integer $parent_id
*/
public static function create_comment($title, $full_text, $file_comment, $blog_id, $post_id, $parent_id, $task_id = 'NULL')
{
$_user = api_get_user_info();
$_course = api_get_course_info();
$blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT);
$upload_ok = true;
$has_attachment = false;
$current_date = date('Y-m-d H:i:s', time());
$course_id = api_get_course_int_id();
if (!empty($_FILES['user_upload']['name'])) {
$upload_ok = process_uploaded_file($_FILES['user_upload']);
$has_attachment = true;
}
if ($upload_ok) {
// Table Definition
$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
// Create the comment
$sql = "INSERT INTO {$tbl_blogs_comments} (c_id, title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id )\n\t\t\t\t\tVALUES ({$course_id}, '" . Database::escape_string($title) . "', '" . Database::escape_string($full_text) . "', '" . (int) $_user['user_id'] . "','" . $current_date . "', '" . (int) $blog_id . "', '" . (int) $post_id . "', '" . (int) $parent_id . "', '" . (int) $task_id . "')";
Database::query($sql);
// Empty post values, or they are shown on the page again
$last_id = Database::insert_id();
if ($last_id) {
$sql = "UPDATE {$tbl_blogs_comments} SET comment_id = iid WHERE iid = {$last_id}";
Database::query($sql);
}
if ($has_attachment) {
$courseDir = $_course['path'] . '/upload/blog';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
// user's file name
$file_name = $_FILES['user_upload']['name'];
if (!filter_extension($new_file_name)) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
$comment = Database::escape_string($file_comment);
// Storing the attachments if any
if ($result) {
$sql = 'INSERT INTO ' . $blog_table_attachment . '(c_id, filename,comment, path, post_id,size,blog_id,comment_id) ' . "VALUES ({$course_id}, '" . Database::escape_string($file_name) . "', '" . $comment . "', '" . Database::escape_string($new_file_name) . "' , '" . $post_id . "', '" . $_FILES['user_upload']['size'] . "', '" . $blog_id . "', '" . $last_id . "' )";
Database::query($sql);
$id = Database::insert_id();
if ($id) {
$sql = "UPDATE {$blog_table_attachment} SET id = iid WHERE iid = {$id}";
Database::query($sql);
}
}
}
}
}
}
/**
* Add (or edit) a template. This function displays the form and also takes
* care of uploading the image and storing the information in the database
*
* @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
* @version August 2008
* @since Dokeos 1.8.6
*/
function add_edit_template()
{
// Initialize the object.
$id = isset($_GET['id']) ? '&id=' . Security::remove_XSS($_GET['id']) : '';
$form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . Security::remove_XSS($_GET['action']) . $id);
// Setting the form elements: the header.
if ($_GET['action'] == 'add') {
$title = get_lang('AddTemplate');
} else {
$title = get_lang('EditTemplate');
}
$form->addElement('header', '', $title);
// Setting the form elements: the title of the template.
$form->addText('title', get_lang('Title'), false);
// Setting the form elements: the content of the template (wysiwyg editor).
$form->addHtmlEditor('template_text', get_lang('Text'), false, false, array('ToolbarSet' => 'AdminTemplates', 'Width' => '100%', 'Height' => '400'));
// Setting the form elements: the form to upload an image to be used with the template.
$form->addElement('file', 'template_image', get_lang('Image'), '');
// Setting the form elements: a little bit information about the template image.
$form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70'));
// Getting all the information of the template when editing a template.
if ($_GET['action'] == 'edit') {
// Database table definition.
$table_system_template = Database::get_main_table('system_template');
$sql = "SELECT * FROM {$table_system_template} WHERE id = " . intval($_GET['id']) . "";
$result = Database::query($sql);
$row = Database::fetch_array($result);
$defaults['template_id'] = intval($_GET['id']);
$defaults['template_text'] = $row['content'];
// Forcing get_lang().
$defaults['title'] = get_lang($row['title']);
// Adding an extra field: a hidden field with the id of the template we are editing.
$form->addElement('hidden', 'template_id');
// Adding an extra field: a preview of the image that is currently used.
if (!empty($row['image'])) {
$form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>');
} else {
$form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>');
}
// Setting the information of the template that we are editing.
$form->setDefaults($defaults);
}
// Setting the form elements: the submit button.
$form->addButtonSave(get_lang('Ok'), 'submit');
// Setting the rules: the required fields.
$form->addRule('template_image', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('title', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('template_text', get_lang('ThisFieldIsRequired'), 'required');
// if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed)
if ($form->validate()) {
$check = Security::check_token('post');
if ($check) {
// Exporting the values.
$values = $form->exportValues();
// Upload the file.
if (!empty($_FILES['template_image']['name'])) {
$upload_ok = process_uploaded_file($_FILES['template_image']);
if ($upload_ok) {
// Try to add an extension to the file if it hasn't one.
$new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']);
// The upload directory.
$upload_dir = api_get_path(SYS_APP_PATH) . 'home/default_platform_document/template_thumb/';
// Create the directory if it does not exist.
if (!is_dir($upload_dir)) {
mkdir($upload_dir, api_get_permissions_for_new_directories());
}
// Resize the preview image to max default and upload.
$temp = new Image($_FILES['template_image']['tmp_name']);
$picture_info = $temp->get_image_info();
$max_width_for_picture = 100;
if ($picture_info['width'] > $max_width_for_picture) {
$temp->resize($max_width_for_picture);
}
$temp->send_image($upload_dir . $new_file_name);
}
}
// Store the information in the database (as insert or as update).
$table_system_template = Database::get_main_table('system_template');
if ($_GET['action'] == 'add') {
$content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY);
$params = ['title' => $values['title'], 'content' => $content_template, 'image' => $new_file_name];
Database::insert($table_system_template, $params);
// Display a feedback message.
Display::display_confirmation_message(get_lang('TemplateAdded'));
echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>';
} else {
$content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>' . Database::escape_string($values['template_text']) . '</body>';
$sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "', content = '" . $content_template . "'";
if (!empty($new_file_name)) {
$sql .= ", image = '" . Database::escape_string($new_file_name) . "'";
}
$sql .= " WHERE id = " . intval($_GET['id']) . "";
Database::query($sql);
// Display a feedback message.
Display::display_confirmation_message(get_lang('TemplateEdited'));
}
}
Security::clear_token();
display_templates();
} else {
$token = Security::get_token();
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
// Display the form.
$form->display();
}
}
/**
* Uploads an author image to the upload/learning_path/images directory
* @param array The image array, coming from the $_FILES superglobal
* @return boolean True on success, false on error
*/
function upload_image($image_array)
{
$image_moved = false;
if (!empty($image_array['name'])) {
$upload_ok = process_uploaded_file($image_array);
$has_attachment = true;
} else {
$image_moved = true;
}
if ($upload_ok) {
if ($has_attachment) {
$courseDir = api_get_course_path() . '/upload/learning_path/images';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $courseDir;
// Try to add an extension to the file if it hasn't one
$new_file_name = add_ext_on_mime(stripslashes($image_array['name']), $image_array['type']);
if (!filter_extension($new_file_name)) {
//Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
$image_moved = false;
} else {
$file_extension = explode('.', $image_array['name']);
$file_extension = strtolower($file_extension[sizeof($file_extension) - 1]);
$new_file_name = uniqid('') . '.' . $file_extension;
$new_path = $updir . '/' . $new_file_name;
//$result= @move_uploaded_file($image_array['tmp_name'], $new_path);
// resize the image
include_once api_get_path(LIBRARY_PATH) . 'image.lib.php';
$temp = new image($image_array['tmp_name']);
$picture_infos = @getimagesize($image_array['tmp_name']);
// $picture_infos[0]-> width
if ($picture_infos[0] > 104) {
$thumbwidth = 104;
} else {
$thumbwidth = $picture_infos[0];
}
if ($picture_infos[1] > 96) {
$new_height = 96;
} else {
$new_height = $picture_infos[1];
}
//$new_height = round(($thumbwidth/$picture_infos[0])*$picture_infos[1]);
$temp->resize($thumbwidth, $new_height, 0);
$type = $picture_infos[2];
$result = false;
switch ($type) {
case 2:
$result = $temp->send_image('JPG', $new_path);
break;
case 3:
$result = $temp->send_image('PNG', $new_path);
break;
case 1:
$result = $temp->send_image('GIF', $new_path);
break;
}
$temp->resize($thumbwidth, $new_height, 0);
$type = $picture_infos[2];
$result = false;
switch ($type) {
case 2:
$result = $temp->send_image('JPG', $new_path);
break;
case 3:
$result = $temp->send_image('PNG', $new_path);
break;
case 1:
$result = $temp->send_image('GIF', $new_path);
break;
}
// Storing the image filename
if ($result) {
$image_moved = true;
$this->set_preview_image($new_file_name);
return true;
}
}
}
}
return false;
}
/**
* This function does the save-work for the documents.
* It handles the uploaded file and adds the properties to the database
* If unzip=1 and the file is a zipfile, it is extracted
* If we decide to save ALL kinds of documents in one database,
* we could extend this with a $type='document', 'scormdocument',...
*
* @param array $courseInfo
* @param array $uploadedFile ($_FILES)
* array(
* 'name' => 'picture.jpg',
* 'tmp_name' => '...', // absolute path
* );
* @param string $documentDir Example: /var/www/chamilo/courses/ABC/document
* @param string $uploadPath Example: /folder1/folder2/
* @param int $userId
* @param int $groupId, 0 for everybody
* @param int $toUserId, NULL for everybody
* @param int $unzip 1/0
* @param string $whatIfFileExists overwrite, rename or warn if exists (default)
* @param boolean $output Optional output parameter.
* @param bool $onlyUploadFile
* @param string $comment
* @param int $sessionId
*
* So far only use for unzip_uploaded_document function.
* If no output wanted on success, set to false.
* @param string $comment
* @return string path of the saved file
*/
function handle_uploaded_document($courseInfo, $uploadedFile, $documentDir, $uploadPath, $userId, $groupId = 0, $toUserId = null, $unzip = 0, $whatIfFileExists = '', $output = true, $onlyUploadFile = false, $comment = null, $sessionId = null)
{
if (!$userId) {
return false;
}
$userInfo = api_get_user_info();
$uploadedFile['name'] = stripslashes($uploadedFile['name']);
// Add extension to files without one (if possible)
$uploadedFile['name'] = add_ext_on_mime($uploadedFile['name'], $uploadedFile['type']);
if (empty($sessionId)) {
$sessionId = api_get_session_id();
} else {
$sessionId = intval($sessionId);
}
// Just in case process_uploaded_file is not called
$maxSpace = DocumentManager::get_course_quota();
// Check if there is enough space to save the file
if (!DocumentManager::enough_space($uploadedFile['size'], $maxSpace)) {
if ($output) {
Display::display_error_message(get_lang('UplNotEnoughSpace'));
}
return false;
}
// If the want to unzip, check if the file has a .zip (or ZIP,Zip,ZiP,...) extension
if ($unzip == 1 && preg_match('/.zip$/', strtolower($uploadedFile['name']))) {
return unzip_uploaded_document($courseInfo, $userInfo, $uploadedFile, $uploadPath, $documentDir, $maxSpace, $sessionId, $groupId, $output);
} elseif ($unzip == 1 && !preg_match('/.zip$/', strtolower($uploadedFile['name']))) {
// We can only unzip ZIP files (no gz, tar,...)
if ($output) {
Display::display_error_message(get_lang('UplNotAZip') . " " . get_lang('PleaseTryAgain'));
}
return false;
} else {
// Clean up the name, only ASCII characters should stay. (and strict)
$cleanName = api_replace_dangerous_char($uploadedFile['name'], 'strict');
// No "dangerous" files
$cleanName = disable_dangerous_file($cleanName);
// Checking file extension
if (!filter_extension($cleanName)) {
if ($output) {
Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
}
return false;
} else {
// If the upload path differs from / (= root) it will need a slash at the end
if ($uploadPath != '/') {
$uploadPath = $uploadPath . '/';
}
// Full path to where we want to store the file with trailing slash
$whereToSave = $documentDir . $uploadPath;
// At least if the directory doesn't exist, tell so
if (!is_dir($whereToSave)) {
if (!mkdir($whereToSave, api_get_permissions_for_new_directories())) {
if ($output) {
Display::display_error_message(get_lang('DestDirectoryDoesntExist') . ' (' . $uploadPath . ')');
}
return false;
}
}
// Just upload the file "as is"
if ($onlyUploadFile) {
$errorResult = moveUploadedFile($uploadedFile, $whereToSave . $cleanName);
if ($errorResult) {
return $whereToSave . $cleanName;
} else {
return $errorResult;
}
}
/*
Based in the clean name we generate a new filesystem name
Using the session_id and group_id if values are not empty
*/
/*$fileExists = DocumentManager::documentExists(
$uploadPath.$cleanName,
$courseInfo,
$sessionId,
$groupId
);*/
$fileSystemName = DocumentManager::fixDocumentName($cleanName, 'file', $courseInfo, $sessionId, $groupId);
// Name of the document without the extension (for the title)
$documentTitle = get_document_title($uploadedFile['name']);
// Size of the uploaded file (in bytes)
$fileSize = $uploadedFile['size'];
// File permissions
$filePermissions = api_get_permissions_for_new_files();
// Example: /var/www/chamilo/courses/xxx/document/folder/picture.jpg
$fullPath = $whereToSave . $fileSystemName;
// Example: /folder/picture.jpg
$filePath = $uploadPath . $fileSystemName;
$docId = DocumentManager::get_document_id($courseInfo, $filePath, $sessionId);
$documentList = DocumentManager::getDocumentByPathInCourse($courseInfo, $filePath);
// This means that the path already exists in this course.
if (!empty($documentList) && $whatIfFileExists != 'overwrite') {
//$found = false;
// Checking if we are talking about the same course + session
/*foreach ($documentList as $document) {
if ($document['session_id'] == $sessionId) {
$found = true;
break;
}
}*/
//if ($found == false) {
$whatIfFileExists = 'rename';
//}
}
// What to do if the target file exists
switch ($whatIfFileExists) {
// Overwrite the file if it exists
case 'overwrite':
// Check if the target file exists, so we can give another message
$fileExists = file_exists($fullPath);
if (moveUploadedFile($uploadedFile, $fullPath)) {
chmod($fullPath, $filePermissions);
if ($fileExists && $docId) {
// UPDATE DATABASE
$documentId = DocumentManager::get_document_id($courseInfo, $filePath);
if (is_numeric($documentId)) {
// Update file size
update_existing_document($courseInfo, $documentId, $uploadedFile['size']);
// Update document item_property
api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentUpdated', $userId, $groupId, $toUserId, null, null, $sessionId);
// Redo visibility
api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo);
} else {
// There might be cases where the file exists on disk but there is no registration of that in the database
// In this case, and if we are in overwrite mode, overwrite and create the db record
$documentId = add_document($courseInfo, $filePath, 'file', $fileSize, $documentTitle, $comment, 0, true, $groupId, $sessionId);
if ($documentId) {
// Put the document in item_property update
api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentAdded', $userId, $groupId, $toUserId, null, null, $sessionId);
// Redo visibility
api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo);
}
}
// If the file is in a folder, we need to update all parent folders
item_property_update_on_folder($courseInfo, $uploadPath, $userId);
// Display success message with extra info to user
if ($output) {
Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br /> ' . $documentTitle . ' ' . get_lang('UplFileOverwritten'), false);
}
return $filePath;
} else {
// Put the document data in the database
$documentId = add_document($courseInfo, $filePath, 'file', $fileSize, $documentTitle, $comment, 0, true, $groupId, $sessionId);
if ($documentId) {
// Put the document in item_property update
api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentAdded', $userId, $groupId, $toUserId, null, null, $sessionId);
// Redo visibility
api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo);
}
// If the file is in a folder, we need to update all parent folders
item_property_update_on_folder($courseInfo, $uploadPath, $userId);
// Display success message to user
if ($output) {
Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br /> ' . $documentTitle, false);
}
return $filePath;
}
} else {
if ($output) {
Display::display_error_message(get_lang('UplUnableToSaveFile'));
}
return false;
}
break;
// Rename the file if it exists
// Rename the file if it exists
case 'rename':
// Always rename.
$cleanName = DocumentManager::getUniqueFileName($uploadPath, $cleanName, $courseInfo, $sessionId, $groupId);
$fileSystemName = DocumentManager::fixDocumentName($cleanName, 'file', $courseInfo, $sessionId, $groupId);
$documentTitle = get_document_title($cleanName);
$fullPath = $whereToSave . $fileSystemName;
$filePath = $uploadPath . $fileSystemName;
if (moveUploadedFile($uploadedFile, $fullPath)) {
chmod($fullPath, $filePermissions);
// Put the document data in the database
$documentId = add_document($courseInfo, $filePath, 'file', $fileSize, $documentTitle, $comment, 0, true, $groupId, $sessionId);
if ($documentId) {
// Update document item_property
api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentAdded', $userId, $groupId, $toUserId, null, null, $sessionId);
// Redo visibility
api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo);
}
// If the file is in a folder, we need to update all parent folders
item_property_update_on_folder($courseInfo, $uploadPath, $userId);
// Display success message to user
if ($output) {
Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br />' . get_lang('UplFileSavedAs') . ' ' . $documentTitle, false);
}
return $filePath;
} else {
if ($output) {
Display::display_error_message(get_lang('UplUnableToSaveFile'));
}
return false;
}
break;
default:
// Only save the file if it doesn't exist or warn user if it does exist
if (file_exists($fullPath) && $docId) {
if ($output) {
Display::display_error_message($cleanName . ' ' . get_lang('UplAlreadyExists'));
}
} else {
if (moveUploadedFile($uploadedFile, $fullPath)) {
chmod($fullPath, $filePermissions);
// Put the document data in the database
$documentId = add_document($courseInfo, $filePath, 'file', $fileSize, $documentTitle, $comment, 0, true, $groupId, $sessionId);
if ($documentId) {
// Update document item_property
api_item_property_update($courseInfo, TOOL_DOCUMENT, $documentId, 'DocumentAdded', $userId, $groupId, $toUserId, null, null, $sessionId);
// Redo visibility
api_set_default_visibility($documentId, TOOL_DOCUMENT, null, $courseInfo);
}
// If the file is in a folder, we need to update all parent folders
item_property_update_on_folder($courseInfo, $uploadPath, $userId);
// Display success message to user
if ($output) {
Display::display_confirmation_message(get_lang('UplUploadSucceeded') . '<br /> ' . $documentTitle, false);
}
return $filePath;
} else {
if ($output) {
Display::display_error_message(get_lang('UplUnableToSaveFile'));
}
return false;
}
}
break;
}
}
}
}
