<?php
/* For licensing terms, see /license.txt */

use ChamiloSession as Session;

/**
 * This file allows editing documents.
 *
 * Based on create_document, this file allows
 * - edit name
 * - edit comments
 * - edit metadata (requires a document table entry)
 * - edit html content (only for htm/html files)
 *
 * For all files
 * - show editable name field
 * - show editable comments field
 * Additionally, for html and text files
 * - show RTE
 *
 * Remember, all files and folders must always have an entry in the
 * database, regardless of wether they are visible/invisible, have
 * comments or not.
 *
 * @package chamilo.document
 *
 * @todo improve script structure (FormValidator is used to display form, but
 * not for validation at the moment)
 */
require_once __DIR__.'/../inc/global.inc.php';

$groupRights = Session::read('group_member_with_upload_rights');

// Template's javascript
$htmlHeadXtra[] = '
<script>
$(function() {
    $(".scrollbar-light").scrollbar();
    
    expandColumnToogle("#hide_bar_template", {
        selector: "#template_col",
        width: 3
    }, {
        selector: "#doc_form",
        width: 9
    });

    CKEDITOR.on("instanceReady", function (e) {
        showTemplates();
    });
});

</script>';

$this_section = SECTION_COURSES;
$lib_path = api_get_path(LIBRARY_PATH);

$course_info = api_get_course_info();
$group_id = api_get_group_id();
$sessionId = api_get_session_id();
$dir = '/';
$currentDirPath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null;
$readonly = false;
if (isset($_GET['id'])) {
    $document_data = DocumentManager::get_document_data_by_id(
        $_GET['id'],
        api_get_course_id(),
        true,
        0
    );

    if (!empty($sessionId) && empty($document_data)) {
        $document_data = DocumentManager::get_document_data_by_id(
            $_REQUEST['id'],
            api_get_course_id(),
            true,
            $sessionId
        );
    }

    $document_id = $document_data['id'];
    $file = $document_data['path'];
    $parent_id = DocumentManager::get_document_id($course_info, dirname($file));
    $dir = dirname($document_data['path']);
    $dir_original = $dir;
    $doc = basename($file);
    $readonly = $document_data['readonly'];
    $file_type = $document_data['filetype'];
}

if (empty($document_data)) {
    api_not_allowed(true);
}

if (api_is_in_group()) {
    $group_properties = GroupManager::get_group_properties($group_id);
}

$is_certificate_mode = DocumentManager::is_certificate_mode($dir);

//Call from
$call_from_tool = api_get_origin();
$slide_id = isset($_GET['origin_opt']) ? Security::remove_XSS($_GET['origin_opt']) : null;
$file_name = $doc;
$group_document = false;
$_course = api_get_course_info();
$sessionId = api_get_session_id();
$user_id = api_get_user_id();
$doc_tree = explode('/', $file);
$count_dir = count($doc_tree) - 2; // "2" because at the begin and end there are 2 "/"

// Level correction for group documents.
if (!empty($group_properties['directory'])) {
    $count_dir = $count_dir > 0 ? $count_dir - 1 : 0;
}
$relative_url = '';
for ($i = 0; $i < ($count_dir); $i++) {
    $relative_url .= '../';
}

$editorConfig = [
    'ToolbarSet' => (api_is_allowed_to_edit(null, true) ? 'Documents' : 'DocumentsStudent'),
    'Width' => '100%',
    'Height' => '400',
    'cols-size' => [2, 10, 0],
    'FullPage' => true,
    'InDocument' => true,
    'CreateDocumentDir' => $relative_url,
    'CreateDocumentWebDir' => (empty($group_properties['directory']))
        ? api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/'
        : api_get_path(WEB_COURSE_PATH).api_get_course_path().'/document'.$group_properties['directory'].'/',
    'BaseHref' => api_get_path(WEB_COURSE_PATH).$_course['path'].'/document'.$dir,
];

if ($is_certificate_mode) {
    $editorConfig['CreateDocumentDir'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/';
    $editorConfig['CreateDocumentWebDir'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document/';
    $editorConfig['BaseHref'] = api_get_path(WEB_COURSE_PATH).$_course['path'].'/document'.$dir;
}

$is_allowed_to_edit = api_is_allowed_to_edit(null, true) || $groupRights ||
    DocumentManager::is_my_shared_folder(api_get_user_id(), $dir, $sessionId);

$dbTable = Database::get_course_table(TABLE_DOCUMENT);
$course_id = api_get_course_int_id();

if (!empty($group_id)) {
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
        'name' => get_lang('GroupSpace'),
    ];
    $group_document = true;
}

if (!$is_certificate_mode) {
    $interbreadcrumb[] = [
        "url" => api_get_path(WEB_CODE_PATH)."document/document.php?curdirpath=".urlencode($currentDirPath).'&'.api_get_cidreq(),
        "name" => get_lang('Documents'),
    ];
} else {
    $interbreadcrumb[] = [
        'url' => Category::getUrl(),
        'name' => get_lang('Gradebook'),
    ];
}

if (empty($document_data['parents'])) {
    $interbreadcrumb[] = ['url' => '#', 'name' => $document_data['title']];
} else {
    foreach ($document_data['parents'] as $document_sub_data) {
        if ($document_data['title'] == $document_sub_data['title']) {
            continue;
        }
        $interbreadcrumb[] = ['url' => $document_sub_data['document_url'], 'name' => $document_sub_data['title']];
    }
}

if (!($is_allowed_to_edit ||
    $groupRights ||
    DocumentManager::is_my_shared_folder($user_id, $dir, api_get_session_id()))
) {
    api_not_allowed(true);
}

Event::event_access_tool(TOOL_DOCUMENT);

//TODO:check the below code and his funcionality
if (!api_is_allowed_to_edit()) {
    if (DocumentManager::check_readonly($course_info, $user_id, $file)) {
        api_not_allowed();
    }
}

$document_info = api_get_item_property_info(
    api_get_course_int_id(),
    'document',
    $document_id,
    0
);

// Try to find this document in the session
if (!empty($sessionId)) {
    $document_info = api_get_item_property_info(
        api_get_course_int_id(),
        'document',
        $document_id,
        $sessionId
    );
}

if (api_is_in_group()) {
    $group_properties = GroupManager::get_group_properties($group_id);
    GroupManager::allowUploadEditDocument(
        api_get_user_id(),
        api_get_course_int_id(),
        $group_properties,
        $document_info,
        true
    );
}

/* MAIN TOOL CODE */
/* Code to change the comment */
if (isset($_POST['comment'])) {
    // Fixing the path if it is wrong
    $comment = trim($_POST['comment']);
    $title = trim($_POST['title']);

    // Just in case see BT#3525
    if (empty($title)) {
        $title = $document_data['title'];
    }

    if (empty($title)) {
        $title = get_document_title($_POST['filename']);
    }

    if (!empty($document_id)) {
        $linkExists = false;
        if ($file_type == 'link') {
            $linkExists = DocumentManager::cloudLinkExists($course_info, $file, $_POST['comment']);
        }

        if (!$linkExists || $linkExists == $document_id) {
            $params = [
                'comment' => $comment,
                'title' => $title,
            ];
            Database::update(
                $dbTable,
                $params,
                ['c_id = ? AND id = ?' => [$course_id, $document_id]]
            );

            if ($file_type != 'link') {
                Display::addFlash(Display::return_message(get_lang('fileModified')));
            } else {
                Display::addFlash(Display::return_message(get_lang('CloudLinkModified')));
            }
        } else {
            Display::addFlash(Display::return_message(get_lang('UrlAlreadyExists'), 'warning'));
        }
    }
}

/* WYSIWYG HTML EDITOR - Program Logic */
if ($is_allowed_to_edit) {
    if (isset($_POST['formSent']) && $_POST['formSent'] == 1 && !empty($document_id)) {
        $content = isset($_POST['content']) ? trim(str_replace(["\r", "\n"], '', stripslashes($_POST['content']))) : null;
        $content = Security::remove_XSS($content, COURSEMANAGERLOWSECURITY);
        if ($dir == '/') {
            $dir = '';
        }

        $read_only_flag = isset($_POST['readonly']) ? $_POST['readonly'] : null;
        $read_only_flag = empty($read_only_flag) ? 0 : 1;

        if ($file_type != 'link') {
            $file_size = filesize($document_data['absolute_path']);
        }

        if ($read_only_flag == 0) {
            if (!empty($content)) {
                if ($fp = @fopen($document_data['absolute_path'], 'w')) {
                    // For flv player, change absolute path temporarily to prevent
                    // from erasing it in the following lines
                    $content = str_replace(['flv=h', 'flv=/'], ['flv=h|', 'flv=/|'], $content);
                    fputs($fp, $content);
                    fclose($fp);
                    $filepath = $document_data['absolute_parent_path'];

                    update_existing_document(
                        $_course,
                        $document_id,
                        $file_size,
                        $read_only_flag
                    );
                    api_item_property_update(
                        $_course,
                        TOOL_DOCUMENT,
                        $document_id,
                        'DocumentUpdated',
                        api_get_user_id(),
                        null,
                        null,
                        null,
                        null,
                        $sessionId
                    );
                    // Update parent folders
                    item_property_update_on_folder(
                        $_course,
                        $dir,
                        api_get_user_id()
                    );
                } else {
                    Display::addFlash(Display::return_message(get_lang('Impossible'), 'warning'));
                }
            } else {
                if ($document_id) {
                    update_existing_document($_course, $document_id, $file_size, $read_only_flag);
                }
            }
        } else {
            if ($document_id) {
                update_existing_document($_course, $document_id, $file_size, $read_only_flag);
            }
        }

        header('Location: document.php?id='.$document_data['parent_id'].'&'.api_get_cidreq().($is_certificate_mode ? '&curdirpath=/certificates&selectcat=1' : ''));
        exit;
    }
}

// Replace relative paths by absolute web paths (e.g. './' => 'http://www.chamilo.org/courses/ABC/document/')
$content = null;
$extension = null;
$filename = null;
if (file_exists($document_data['absolute_path'])) {
    $path_info = pathinfo($document_data['absolute_path']);
    $filename = $path_info['filename'];

    if (is_file($document_data['absolute_path'])) {
        $extension = $path_info['extension'];

        if (in_array($extension, ['html', 'htm'])) {
            $content = file($document_data['absolute_path']);
            $content = implode('', $content);
        }
    }
}

// Display the header
$nameTools = get_lang('EditDocument').': '.Security::remove_XSS($document_data['title']);
Display::display_header($nameTools, 'Doc');

$owner_id = $document_info['insert_user_id'];
$last_edit_date = $document_info['lastedit_date'];
$createdDate = $document_info['insert_date'];
$groupInfo = GroupManager::get_group_properties(api_get_group_id());

if ($owner_id == api_get_user_id() ||
    api_is_platform_admin() ||
    $is_allowed_to_edit || GroupManager:: is_user_in_group(
        api_get_user_id(),
        $groupInfo
    )
) {
    $action = api_get_self().'?id='.$document_data['id'].'&'.api_get_cidreq();
    if ($is_certificate_mode) {
        $action .= '&curdirpath=/certificates&selectcat=1';
    }
    $form = new FormValidator(
        'formEdit',
        'post',
        $action,
        null,
        ['class' => 'form-vertical']
    );

    // Form title
    $form->addHeader($nameTools);
    $key_label_title = $file_type != 'link' ? 'Title' : 'LinkName';
    $form->addText(
        'title',
        get_lang($key_label_title),
        true,
        ['cols-size' => [2, 10, 0], 'autofocus']
    );

    $defaults['title'] = $document_data['title'];
    $read_only_flag = isset($_POST['readonly']) ? $_POST['readonly'] : null;

    // Desactivation of IE proprietary commenting tags inside the text before loading it on the online editor.
    // This fix has been proposed by Hubert Borderiou, see Bug #573, http://support.chamilo.org/issues/573
    $defaults['content'] = str_replace('<!--[', '<!-- [', $content);
    // HotPotatoes tests are html files, but they should not be edited in order their functionality to be preserved.
    $showSystemFolders = api_get_course_setting('show_system_folders');
    $condition = stripos($dir, '/HotPotatoes_files') === false;
    if ($showSystemFolders == 1) {
        $condition = true;
    }

    if (($extension == 'htm' || $extension == 'html') && $condition) {
        if (empty($readonly) && $readonly == 0) {
            $form->addHtmlEditor('content', get_lang('Content'), true, true, $editorConfig);
        }
    }

    if (!empty($createdDate)) {
        $form->addLabel(get_lang('CreatedOn'), Display::dateToStringAgoAndLongDate($createdDate));
    }

    if ($file_type != 'link') {
        if (!$group_document && !DocumentManager::is_my_shared_folder(api_get_user_id(), $currentDirPath, $sessionId)) {
            $form->addLabel(get_lang('UpdatedOn'), Display::dateToStringAgoAndLongDate($last_edit_date));
        }

        if (!empty($document_info['insert_user_id'])) {
            $insertByUserInfo = api_get_user_info($document_info['insert_user_id']);
            if (!empty($insertByUserInfo)) {
                $form->addLabel(get_lang('Author'), $insertByUserInfo['complete_name_with_message_link']);
            }
        }
    }

    if ($file_type == 'link') {
        // URLs in whitelist
        $urlWL = DocumentManager::getFileHostingWhiteList();
        sort($urlWL);
        //Matches any of the whitelisted urls preceded by // or .
        $urlWLRegEx = '/(\/\/|\.)('.implode('|', $urlWL).')/i';
        $urlWLText = "\n\t* ".implode("\n\t* ", $urlWL);
        $urlWLHTML = "<ul><li>".implode("</li><li>", $urlWL)."</li></ul>";
        $form->addText('comment', get_lang('Url'));
        $form->addElement(
            'static',
            'info',
            '',
            '<span class="text-primary" data-toggle="tooltip" title="'.$urlWLHTML.'">'.get_lang(
                'ValidDomainList'
            ).' <span class="glyphicon glyphicon-question-sign"></span></span>'
        );
    } else {
        $form->addElement('textarea', 'comment', get_lang('Comment'), ['cols-size' => [2, 10, 0]]);
    }

    if ($file_type != 'link') {
        if ($owner_id == api_get_user_id() || api_is_platform_admin()) {
            $checked = &$form->addElement('checkbox', 'readonly', null, get_lang('ReadOnly'));
            if ($readonly == 1) {
                $checked->setChecked(true);
            }
        }
    }

    if ($file_type == 'link') {
        $form->addRule('title', get_lang('PleaseEnterCloudLinkName'), 'required');
        $form->addRule('comment', get_lang('PleaseEnterURL'), 'required');
        // Well formed url pattern (must have the protocol)
        $urlRegEx = DocumentManager::getWellFormedUrlRegex();
        $form->addRule('comment', get_lang('NotValidURL'), 'regex', $urlRegEx, 'client');
        $form->addRule('comment', get_lang('NotValidURL'), 'regex', $urlRegEx, 'server');
        $form->addRule('comment', get_lang('NotValidDomain').$urlWLText, 'regex', $urlWLRegEx, 'client');
        $form->addRule('comment', get_lang('NotValidDomain').$urlWLHTML, 'regex', $urlWLRegEx, 'server');
    }

    if ($is_certificate_mode) {
        $form->addButtonUpdate(get_lang('SaveCertificate'));
    } elseif ($file_type == 'link') {
        $form->addButtonUpdate(get_lang('SaveLink'));
    } else {
        $form->addButtonUpdate(get_lang('SaveDocument'));
    }
    $form->addHidden('formSent', 1);
    $form->addHidden('filename', $filename);

    $defaults['extension'] = $extension;
    $defaults['file_path'] = isset($_GET['file']) ? Security::remove_XSS($_GET['file']) : null;
    $defaults['commentPath'] = $file;
    $defaults['renameTo'] = $file_name;
    $defaults['comment'] = $document_data['comment'];
    $defaults['origin'] = api_get_origin();
    $defaults['origin_opt'] = isset($_GET['origin_opt']) ? Security::remove_XSS($_GET['origin_opt']) : null;

    $form->setDefaults($defaults);

    show_return(
        $parent_id,
        $dir_original,
        $call_from_tool,
        $slide_id,
        $is_certificate_mode
    );

    if ($is_certificate_mode) {
        $all_information_by_create_certificate = DocumentManager::get_all_info_to_certificate(
            api_get_user_id(),
            api_get_course_id()
        );
        $str_info = '';
        foreach ($all_information_by_create_certificate[0] as $info_value) {
            $str_info .= $info_value.'<br/>';
        }
        $create_certificate = get_lang('CreateCertificateWithTags');
        echo Display::return_message(
            $create_certificate.': <br /><br />'.$str_info,
            'normal',
            false
        );
    }

    if ($extension == 'svg' && !api_browser_support('svg') &&
        api_get_setting('enabled_support_svg') == 'true'
    ) {
        echo Display::return_message(get_lang('BrowserDontSupportsSVG'), 'warning');
    }
    if ($file_type != 'link') {
        // HTML-editor
        echo '<div class="page-create">
                <div class="row" style="overflow:hidden">
                <div id="template_col" class="col-md-3">
                    <div class="panel panel-default">
                    <div class="panel-body">
                        <div id="frmModel" class="items-templates scrollbar-light"></div>
                    </div>
                    </div>
                </div>
                <div id="doc_form" class="col-md-9">
                    '.$form->returnForm().'
                </div>
            </div></div>';
    } else {
        // Add tooltip and correctly parse its inner HTML
        echo '<script>
        $(function() {
            $("[data-toggle=\'tooltip\']").tooltip(
                {
                    content: 
                        function() {
                            return $(this).attr("title");
                        }
                }
            );
        });
        </script>';

        echo $form->returnForm();
    }
}

Display::display_footer();

// return button back to
function show_return($document_id, $path, $call_from_tool = '', $slide_id = 0, $is_certificate_mode = false)
{
    $actionsLeft = null;
    global $parent_id;
    $url = api_get_path(WEB_CODE_PATH).'document/document.php?'.api_get_cidreq().'&id='.$parent_id;

    if ($is_certificate_mode) {
        $selectedCategory = (isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : '');
        $actionsLeft .= '<a href="document.php?curdirpath='.$selectedCategory.'&selectcat='.$selectedCategory.'">'.
            Display::return_icon('back.png', get_lang('Back').' '.get_lang('To').' '.get_lang('CertificateOverview'), '', ICON_SIZE_MEDIUM).'</a>';
        $actionsLeft .= '<a id="hide_bar_template" href="#" role="button">'.Display::return_icon('expand.png', get_lang('Expand'), ['id' => 'expand'], ICON_SIZE_MEDIUM).Display::return_icon('contract.png', get_lang('Collapse'), ['id' => 'contract', 'class' => 'hide'], ICON_SIZE_MEDIUM).'</a>';
    } elseif ($call_from_tool == 'slideshow') {
        $actionsLeft .= '<a href="'.api_get_path(WEB_PATH).'main/document/slideshow.php?slide_id='.$slide_id.'&curdirpath='.Security::remove_XSS(urlencode($_GET['curdirpath'])).'">'.
            Display::return_icon('slideshow.png', get_lang('BackTo').' '.get_lang('ViewSlideshow'), '', ICON_SIZE_MEDIUM).'</a>';
    } elseif ($call_from_tool == 'editdraw') {
        $actionsLeft .= '<a href="'.$url.'">'.
            Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'), '', ICON_SIZE_MEDIUM).'</a>';
        $actionsLeft .= '<a href="javascript:history.back(1)">'.Display::return_icon('draw.png', get_lang('BackTo').' '.get_lang('Draw'), [], 32).'</a>';
    } elseif ($call_from_tool == 'editodf') {
        $actionsLeft .= '<a href="'.$url.'">'.
            Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'), '', ICON_SIZE_MEDIUM).'</a>';
        $actionsLeft .= '<a href="javascript:history.back(1)">'.Display::return_icon('draw.png', get_lang('BackTo').' '.get_lang('Write'), [], 32).'</a>';
        $actionsLeft .= '<a id="hide_bar_template" href="#" role="button">'.Display::return_icon('expand.png', get_lang('Expand'), ['id' => 'expand'], ICON_SIZE_MEDIUM).Display::return_icon('contract.png', get_lang('Collapse'), ['id' => 'contract', 'class' => 'hide'], ICON_SIZE_MEDIUM).'</a>';
    } elseif ($call_from_tool == 'editpaint' && api_get_setting('enabled_support_pixlr') === 'true') {
        $actionsLeft .= '<a href="'.$url.'">'.
            Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'), [], ICON_SIZE_MEDIUM).'</a>';
        $actionsLeft .= '<a href="javascript:history.back(1)">'.Display::return_icon('paint.png', get_lang('BackTo').' '.get_lang('Paint'), [], 32).'</a>';
    } else {
        $actionsLeft .= '<a href="'.$url.'">'.
            Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('DocumentsOverview'), '', ICON_SIZE_MEDIUM).'</a>';
        $actionsLeft .= '<a id="hide_bar_template" href="#" role="button">'.Display::return_icon('expand.png', get_lang('Expand'), ['id' => 'expand'], ICON_SIZE_MEDIUM).Display::return_icon('contract.png', get_lang('Collapse'), ['id' => 'contract', 'class' => 'hide'], ICON_SIZE_MEDIUM).'</a>';
    }

    echo $toolbar = Display::toolbarAction('actions-documents', [$actionsLeft]);
}