get_installed_plugins(); $capturePluginInstalled = in_array('jcapture', $pluginList); if ($capturePluginInstalled) { $jcapturePath = api_get_path(WEB_PLUGIN_PATH).'jcapture/plugin_applet.php'; $htmlHeadXtra[] = ' '; } if (empty($courseInfo)) { api_not_allowed(true); } // Create directory certificates. DocumentManager::create_directory_certificate_in_course($courseInfo); // Used for avoiding double-click. $dbl_click_id = 0; $selectcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : null; $moveTo = isset($_POST['move_to']) ? Security::remove_XSS($_POST['move_to']) : null; /* Constants and variables */ $userId = api_get_user_id(); $userInfo = api_get_user_info(); $sessionId = api_get_session_id(); $course_code = api_get_course_id(); $groupId = api_get_group_id(); $isAllowedToEdit = api_is_allowed_to_edit(null, true); $group_member_with_upload_rights = false; // If the group id is set, we show them group documents $group_properties = array(); $group_properties['directory'] = null; // For sessions we should check the parameters of visibility if (api_get_session_id() != 0) { $group_member_with_upload_rights = $group_member_with_upload_rights && api_is_allowed_to_session_edit(false, true); } // Get group info $groupIid = 0; $groupMemberWithEditRights = false; // Setting group variables. if (!empty($groupId)) { $group_properties = GroupManager::get_group_properties($groupId); $groupIid = isset($group_properties['iid']) ? $group_properties['iid'] : 0; $isTutorGroup = GroupManager::is_tutor_of_group( $userId, $group_properties, $courseId ); $groupMemberWithEditRights = $isAllowedToEdit || $isTutorGroup; // Let's assume the user cannot upload files for the group $group_member_with_upload_rights = false; if ($group_properties['doc_state'] == 2) { // Documents are private if ($isAllowedToEdit || GroupManager::is_user_in_group($userId, $group_properties)) { // Only courseadmin or group members (members + tutors) allowed $interbreadcrumb[] = array( 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups') ); $interbreadcrumb[] = array( 'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' '.$group_properties['name'] ); //they are allowed to upload $group_member_with_upload_rights = true; } else { $groupId = 0; } } elseif ($group_properties['doc_state'] == 1) { // Documents are public $interbreadcrumb[] = array( 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups') ); $interbreadcrumb[] = array( 'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' '.$group_properties['name'] ); // Allowed to upload? if ($isAllowedToEdit || GroupManager::is_subscribed($userId, $group_properties) || GroupManager::is_tutor_of_group($userId, $group_properties, $courseId) ) { // Only course admin or group members can upload $group_member_with_upload_rights = true; } } Session::write('group_member_with_upload_rights', $group_member_with_upload_rights); } else { Session::write('group_member_with_upload_rights', false); } // Actions. $document_id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : null; $currentUrl = api_get_self().'?'.api_get_cidreq().'&id='.$document_id; /*if (Portfolio::controller()->accept()) { Portfolio::controller()->run(); }*/ $curdirpath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null; switch ($action) { case 'delete_item': if ($isAllowedToEdit || $group_member_with_upload_rights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) || DocumentManager::is_my_shared_folder(api_get_user_id(), $moveTo, $sessionId) ) { if (isset($_GET['deleteid'])) { if (!$isAllowedToEdit) { if (api_is_coach()) { if (!DocumentManager::is_visible_by_id( $_GET['deleteid'], $courseInfo, $sessionId, api_get_user_id() ) ) { api_not_allowed(); } } if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $_GET['deleteid'], true)) { api_not_allowed(); } } $documentInfo = DocumentManager::get_document_data_by_id( $_GET['deleteid'], $courseInfo['code'], false, $sessionId ); // Check whether the document is in the database. if (!empty($documentInfo)) { $deleteDocument = DocumentManager::delete_document( $courseInfo, null, $base_work_dir, $sessionId, $_GET['deleteid'], $groupIid ); if ($deleteDocument) { $certificateId = isset($_GET['delete_certificate_id']) ? $_GET['delete_certificate_id'] : null; DocumentManager::remove_attach_certificate( api_get_course_id(), $certificateId ); Display::addFlash(Display::return_message( get_lang('DocDeleted').': '.$documentInfo['title'], 'success' )); } else { Display::addFlash(Display::return_message(get_lang('DocDeleteError'), 'warning')); } } else { Display::addFlash(Display::return_message(get_lang('FileNotFound'), 'warning')); } header("Location: $currentUrl"); exit; } } break; case 'download': // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), false, $sessionId ); if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the document *from // the session* didn't work, try it from the course (out of a // session context) $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), false, 0 ); } // Check whether the document is in the database if (empty($document_data)) { api_not_allowed(); } // Launch event Event::event_download($document_data['url']); // Check visibility of document and paths if (!($isAllowedToEdit || $group_member_with_upload_rights) && !DocumentManager::is_visible_by_id($document_id, $courseInfo, $sessionId, api_get_user_id()) ) { api_not_allowed(true); } $full_file_name = $base_work_dir.$document_data['path']; if (Security::check_abs_path($full_file_name, $base_work_dir.'/')) { $result = DocumentManager::file_send_for_download($full_file_name, true); if ($result === false) { api_not_allowed(true); } } exit; break; case 'downloadfolder': if (api_get_setting('students_download_folders') == 'true' || $isAllowedToEdit || api_is_platform_admin() ) { // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), false, $sessionId ); if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the // document * from the session* didn't work, try it from the // course (out of a session context) $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), false, 0 ); } //filter when I am into shared folder, I can download only my shared folder if (DocumentManager::is_any_user_shared_folder($document_data['path'], $sessionId)) { if (DocumentManager::is_my_shared_folder(api_get_user_id(), $document_data['path'], $sessionId) || $isAllowedToEdit || api_is_platform_admin() ) { require 'downloadfolder.inc.php'; } } else { require 'downloadfolder.inc.php'; } // Launch event Event::event_download($document_data['url']); exit; } break; case 'export_to_pdf': if (api_get_setting('students_export2pdf') == 'true' || $isAllowedToEdit || api_is_platform_admin() ) { $documentOrientation = api_get_configuration_value('document_pdf_orientation'); $orientation = in_array($documentOrientation, ['landscape', 'portrait']) ? $documentOrientation : 'landscape'; $showHeaderAndFooter = true; if ($is_certificate_mode) { $certificateOrientation = api_get_configuration_value('certificate_pdf_orientation'); $orientation = in_array($certificateOrientation, ['landscape', 'portrait']) ? $certificateOrientation : 'landscape'; $showHeaderAndFooter = !api_get_configuration_value('hide_header_footer_in_certificate'); } DocumentManager::export_to_pdf($document_id, $course_code, $orientation, $showHeaderAndFooter); } break; case 'copytomyfiles': // Copy a file to general my files user's if (api_get_setting('allow_my_files') == 'true' && api_get_setting('users_copy_files') == 'true' && api_get_user_id() != 0 && !api_is_anonymous() ) { // Get the document data from the ID $document_info = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true, $sessionId ); if ($sessionId != 0 && !$document_info) { /* If there is a session defined and asking for the document from the session didn't work, try it from the course (out of a session context)*/ $document_info = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), 0 ); } $parent_id = $document_info['parent_id']; $my_path = UserManager::getUserPathById(api_get_user_id(), 'system'); $user_folder = $my_path.'my_files/'; $my_path = null; if (!file_exists($user_folder)) { $perm = api_get_permissions_for_new_directories(); @mkdir($user_folder, $perm, true); } $file = $sys_course_path.$courseInfo['directory'].'/document'.$document_info['path']; $copyfile = $user_folder.basename($document_info['path']); $cidReq = Security::remove_XSS($_GET['cidReq']); $id_session = Security::remove_XSS($_GET['id_session']); $gidReq = Security::remove_XSS($_GET['gidReq']); $id = Security::remove_XSS($_GET['id']); if (empty($parent_id)) { $parent_id = 0; } $file_link = Display::url( get_lang('SeeFile'), api_get_path(WEB_CODE_PATH).'social/myfiles.php?' .api_get_cidreq_params($cidReq, $id_session, $gidReq). '&parent_id='.$parent_id ); if (api_get_setting('allow_my_files') === 'false') { $file_link = ''; } if (file_exists($copyfile)) { $message = get_lang('CopyAlreadyDone').'
'; $message .= '' .get_lang("No") .'' .' | ' .'' .get_lang('Yes') .'
'; if (!isset($_GET['copy'])) { Display::addFlash(Display::return_message($message, 'warning', false)); } if ($_GET['copy'] === 'yes') { if (!copy($file, $copyfile)) { Display::addFlash(Display::return_message(get_lang('CopyFailed'), 'error')); } else { Display::addFlash(Display::return_message( get_lang('OverwritenFile').' '.$file_link, 'confirmation', false )); } } } else { if (!copy($file, $copyfile)) { Display::addFlash(Display::return_message(get_lang('CopyFailed'), 'error')); } else { Display::addFlash( Display::return_message(get_lang('CopyMade').' '.$file_link, 'confirmation', false) ); } } } break; case 'convertToPdf': // PDF format as target by default $formatTarget = $_REQUEST['formatTarget'] ? strtolower(Security::remove_XSS($_REQUEST['formatTarget'])) : 'pdf'; $formatType = $_REQUEST['formatType'] ? strtolower(Security::remove_XSS($_REQUEST['formatType'])) : 'text'; // Get the document data from the ID $document_info = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true, $session_id ); $file = $sys_course_path.$courseInfo['directory'].'/document'.$document_info['path']; $fileInfo = pathinfo($file); if ($fileInfo['extension'] == $formatTarget) { Display::addFlash(Display::return_message( get_lang('ConversionToSameFileFormat'), 'warning' )); } elseif (!(in_array($fileInfo['extension'], DocumentManager::getJodconverterExtensionList('from', $formatType))) || !(in_array($formatTarget, DocumentManager::getJodconverterExtensionList('to', $formatType))) ) { Display::addFlash(Display::return_message( get_lang('FileFormatNotSupported'), 'warning' )); } else { $convertedFile = $fileInfo['dirname'].DIRECTORY_SEPARATOR .$fileInfo['filename'].'_from_'.$fileInfo['extension'] .'.'.$formatTarget; $convertedTitle = $document_info['title']; $obj = new OpenofficePresentation(true); if (file_exists($convertedFile)) { Display::addFlash(Display::return_message( get_lang('FileExists'), 'error' )); } else { $result = $obj->convertCopyDocument( $file, $convertedFile, $convertedTitle ); if (empty($result)) { Display::addFlash(Display::return_message( get_lang('CopyFailed'), 'error' )); } else { $cidReq = Security::remove_XSS($_GET['cidReq']); $id_session = api_get_session_id(); $gidReq = Security::remove_XSS($_GET['gidReq']); $file_link = Display::url( get_lang('SeeFile'), api_get_path(WEB_CODE_PATH) .'document/showinframes.php?' .api_get_cidreq_params($cidReq, $id_session, $gidReq) .'&id='.current($result) ); Display::addFlash(Display::return_message( get_lang('CopyMade').' '.$file_link, 'confirmation', false )); } } } break; } // If no actions we proceed to show the document (Hack in order to use document.php?id=X) if (isset($document_id) && empty($action)) { // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true, $sessionId ); if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the // document * from the session* didn't work, try it from the course // (out of a session context) $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true, 0 ); } // If the document is not a folder we show the document. if ($document_data) { $parent_id = $document_data['parent_id']; $visibility = DocumentManager::check_visibility_tree( $document_id, api_get_course_id(), $sessionId, api_get_user_id(), $groupIid ); if (!empty($document_data['filetype']) && $document_data['filetype'] == 'file') { if ($visibility && api_is_allowed_to_session_edit()) { $url = api_get_path(WEB_COURSE_PATH). $courseInfo['path'].'/document'.$document_data['path'].'?' .api_get_cidreq(); header("Location: $url"); } exit; } else { if (!$visibility && !$isAllowedToEdit) { api_not_allowed(); } } $_GET['curdirpath'] = $document_data['path']; } // What's the current path? // We will verify this a bit further down if (isset($_GET['curdirpath']) && $_GET['curdirpath'] != '') { $curdirpath = Security::remove_XSS($_GET['curdirpath']); } elseif (isset($_POST['curdirpath']) && $_POST['curdirpath'] != '') { $curdirpath = Security::remove_XSS($_POST['curdirpath']); } else { $curdirpath = '/'; } $curdirpathurl = urlencode($curdirpath); } else { // What's the current path? // We will verify this a bit further down if (isset($_GET['curdirpath']) && $_GET['curdirpath'] != '') { $curdirpath = Security::remove_XSS($_GET['curdirpath']); } elseif (isset($_POST['curdirpath']) && $_POST['curdirpath'] != '') { $curdirpath = Security::remove_XSS($_POST['curdirpath']); } else { $curdirpath = '/'; } $curdirpathurl = urlencode($curdirpath); // Check the path // If the path is not found (no document id), set the path to / $document_id = DocumentManager::get_document_id($courseInfo, $curdirpath); if (!$document_id) { $document_id = DocumentManager::get_document_id($courseInfo, $curdirpath, 0); } $document_data = DocumentManager::get_document_data_by_id( $document_id, api_get_course_id(), true ); $parent_id = $document_data['parent_id']; } if (isset($document_data) && $document_data['path'] == '/certificates') { $is_certificate_mode = true; } if (!$parent_id) { $testParentId = 0; // Get parent id from current path if (!empty($document_data['path'])) { $testParentId = DocumentManager::get_document_id( api_get_course_info(), dirname($document_data['path']), 0 ); } $parent_id = 0; if (!empty($testParentId)) { $parent_id = $testParentId; } } $current_folder_id = $document_id; // Show preview if (isset($_GET['curdirpath']) && $_GET['curdirpath'] == '/certificates' && isset($_GET['set_preview']) && $_GET['set_preview'] == strval(intval($_GET['set_preview'])) ) { if (isset($_GET['set_preview'])) { // Generate document HTML $content_html = DocumentManager::replace_user_info_into_html( api_get_user_id(), api_get_course_id(), api_get_session_id(), true ); $filename = 'certificate_preview/'.api_get_unique_id().'.png'; $qr_code_filename = api_get_path(SYS_ARCHIVE_PATH).$filename; $temp_folder = api_get_path(SYS_ARCHIVE_PATH).'certificate_preview'; if (!is_dir($temp_folder)) { mkdir($temp_folder, api_get_permissions_for_new_directories()); } $qr_code_web_filename = api_get_path(WEB_ARCHIVE_PATH).$filename; $certificate = new Certificate(); $text = $certificate->parse_certificate_variables($content_html['variables']); $result = $certificate->generate_qr($text, $qr_code_filename); $new_content_html = $content_html['content']; $path_image = api_get_path(WEB_COURSE_PATH).api_get_course_path().'/document/images/gallery'; $new_content_html = str_replace('../images/gallery', $path_image, $new_content_html); $path_image_in_default_course = api_get_path(WEB_CODE_PATH).'default_course_document'; $new_content_html = str_replace( '/main/default_course_document', $path_image_in_default_course, $new_content_html ); $new_content_html = str_replace( SYS_CODE_PATH.'img/', api_get_path(WEB_IMG_PATH), $new_content_html ); Display::display_reduced_header(); echo ' '; echo ''; echo Display::return_icon('printmgr.gif', get_lang('Print')); echo ''; if (is_file($qr_code_filename) && is_readable($qr_code_filename)) { $new_content_html = str_replace( '((certificate_barcode))', Display::img($qr_code_web_filename), $new_content_html ); } print_r($new_content_html); exit; } } // Is the document tool visible? // Check whether the tool is actually visible /*$table_course_tool = Database::get_course_table(TABLE_TOOL_LIST); $course_id = api_get_course_int_id(); $tool_sql = 'SELECT visibility FROM '.$table_course_tool.' WHERE c_id = '.$course_id.' AND name = "'.TOOL_DOCUMENT.'" LIMIT 1'; $tool_result = Database::query($tool_sql); $tool_row = Database::fetch_array($tool_result); $tool_visibility = $tool_row['visibility'];*/ $htmlHeadXtra[] = ''; // If they are looking at group documents they can't see the root if ($groupId != 0 && $curdirpath == '/') { $curdirpath = $group_properties['directory']; $curdirpathurl = urlencode($group_properties['directory']); } // Check visibility of the current dir path. Don't show anything if not allowed //@todo check this validation for coaches //if (!$isAllowedToEdit || api_is_coach()) { before if (!$isAllowedToEdit && api_is_coach()) { if ($curdirpath != '/' && !(DocumentManager::is_visible($curdirpath, $courseInfo, $sessionId, 'folder')) ) { api_not_allowed(true); } } /* Create shared folders */ if ($sessionId == 0) { //Create shared folder. Necessary for recycled courses. // session_id should always be zero and should always be created from a // base course, never from a session. if (!file_exists($base_work_dir.'/shared_folder')) { $usf_dir_title = get_lang('UserFolders'); $usf_dir_name = '/shared_folder'; //$groupId = 0; $visibility = 0; create_unexisting_directory( $courseInfo, api_get_user_id(), $sessionId, 0, $to_user_id, $base_work_dir, $usf_dir_name, $usf_dir_title, $visibility ); } // Create dynamic user shared folder if (!file_exists($base_work_dir.'/shared_folder/sf_user_'.$userId)) { $usf_dir_title = $userInfo['complete_name']; $usf_dir_name = '/shared_folder/sf_user_'.$userId; //$groupId = 0; $visibility = 1; create_unexisting_directory( $courseInfo, api_get_user_id(), $sessionId, 0, $to_user_id, $base_work_dir, $usf_dir_name, $usf_dir_title, $visibility ); } } else { // Create shared folder session. if (!file_exists($base_work_dir.'/shared_folder_session_'.$sessionId)) { $usf_dir_title = get_lang('UserFolders').' ('.api_get_session_name($sessionId).')'; $usf_dir_name = '/shared_folder_session_'.$sessionId; //$groupId = 0; $visibility = 0; create_unexisting_directory( $courseInfo, api_get_user_id(), $sessionId, 0, $to_user_id, $base_work_dir, $usf_dir_name, $usf_dir_title, $visibility ); } //Create dynamic user shared folder into a shared folder session if (!file_exists($base_work_dir.'/shared_folder_session_'.$sessionId.'/sf_user_'.$userId)) { $usf_dir_title = $userInfo['complete_name'].'('.api_get_session_name($sessionId).')'; $usf_dir_name = '/shared_folder_session_'.$sessionId.'/sf_user_'.$userId; //$groupId = 0; $visibility = 1; create_unexisting_directory( $courseInfo, $userId, $sessionId, 0, $to_user_id, $base_work_dir, $usf_dir_name, $usf_dir_title, $visibility ); } } /* MAIN SECTION */ // Slideshow inititalisation $_SESSION['image_files_only'] = ''; $image_files_only = ''; if ($is_certificate_mode) { $interbreadcrumb[] = array( 'url' => '../gradebook/index.php', 'name' => get_lang('Gradebook') ); } else { if ((isset($_GET['id']) && $_GET['id'] != 0) || isset($_GET['curdirpath']) || isset($_GET['createdir'])) { $interbreadcrumb[] = array( 'url' => 'document.php', 'name' => get_lang('Documents') ); } else { $interbreadcrumb[] = array( 'url' => '#', 'name' => get_lang('Documents') ); } } // Interbreadcrumb for the current directory root path if (empty($document_data['parents'])) { if (isset($_GET['createdir'])) { $interbreadcrumb[] = array( 'url' => $document_data['document_url'], 'name' => $document_data['title'], ); } else { $interbreadcrumb[] = array( 'url' => '#', 'name' => $document_data['title'] ); } } else { $counter = 0; foreach ($document_data['parents'] as $document_sub_data) { //fixing double group folder in breadcrumb if ($groupId) { if ($counter == 0) { $counter++; continue; } } if (!isset($_GET['createdir']) && $document_sub_data['id'] == $document_data['id']) { $document_sub_data['document_url'] = '#'; } $interbreadcrumb[] = array( 'url' => $document_sub_data['document_url'], 'name' => $document_sub_data['title'], ); $counter++; } } if (isset($_GET['createdir'])) { $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('CreateDir')); } $js_path = api_get_path(WEB_LIBRARY_PATH).'javascript/'; $htmlHeadXtra[] = ''; $htmlHeadXtra[] = ''; $mediaplayer_path = api_get_path(WEB_LIBRARY_PATH).'mediaplayer/player.swf'; $documentAndFolders = DocumentManager::get_all_document_data( $courseInfo, $curdirpath, $groupIid, null, $isAllowedToEdit || $group_member_with_upload_rights, false ); $count = 1; $jquery = null; if (!empty($documentAndFolders)) { foreach ($documentAndFolders as $file) { if ($file['filetype'] == 'file') { $path_info = pathinfo($file['path']); $extension = ''; if (!empty($path_info['extension'])) { $extension = strtolower($path_info['extension']); } //@todo use a js loop to auto generate this code if (in_array($extension, array('ogg', 'mp3', 'wav'))) { // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $file['id'], api_get_course_id(), false, $sessionId ); if ($sessionId != 0 && !$document_data) { /* If there is a session defined and asking for the document * from the session* didn't work, try it from the course (out of a session context) */ $document_data = DocumentManager::get_document_data_by_id( $file['id'], api_get_course_id(), false, 0 ); } if ($extension == 'ogg') { $extension = 'oga'; } $params = array( 'url' => $document_data['direct_url'], 'extension' => $extension, 'count' => $count ); $jquery .= DocumentManager::generate_jplayer_jquery($params); $count++; } } } } $htmlHeadXtra[] = ' '; // Lib for event log, stats & tracking & record of the access Event::event_access_tool(TOOL_DOCUMENT); /* DISPLAY */ if ($groupId != 0) { // Add group name after for group documents $add_group_to_title = ' ('.$group_properties['name'].')'; } $moveForm = ''; /* MOVE FILE OR DIRECTORY */ //Only teacher and all users into their group and each user into his/her shared folder if ($isAllowedToEdit || $group_member_with_upload_rights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) || DocumentManager::is_my_shared_folder(api_get_user_id(), $moveTo, $sessionId) ) { if (isset($_GET['move']) && $_GET['move'] != '') { $my_get_move = intval($_REQUEST['move']); if (api_is_coach()) { if (!DocumentManager::is_visible_by_id($my_get_move, $courseInfo, $sessionId, api_get_user_id())) { api_not_allowed(true); } } if (!$isAllowedToEdit) { if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), $my_get_move)) { api_not_allowed(true); } } // Get the document data from the ID $document_to_move = DocumentManager::get_document_data_by_id( $my_get_move, api_get_course_id(), false, $sessionId ); $move_path = $document_to_move['path']; if (!empty($document_to_move)) { $folders = DocumentManager::get_all_document_folders( $courseInfo, $groupIid, $isAllowedToEdit || $group_member_with_upload_rights, false, $curdirpath ); // filter if is my shared folder. TODO: move this code to build_move_to_selector function if (DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) && !$isAllowedToEdit ) { //only main user shared folder $main_user_shared_folder_main = '/shared_folder/sf_user_'.api_get_user_id(); $main_user_shared_folder_sub = '/shared_folder\/sf_user_'.api_get_user_id().'\//'; //all subfolders $user_shared_folders = array(); foreach ($folders as $fold) { if ($main_user_shared_folder_main == $fold || preg_match($main_user_shared_folder_sub, $fold) ) { $user_shared_folders[] = $fold; } } $moveForm .= ''; $moveForm .= DocumentManager::build_move_to_selector( $user_shared_folders, $move_path, $my_get_move, $group_properties['directory'] ); } else { $moveForm .= ''; $moveForm .= DocumentManager::build_move_to_selector( $folders, $move_path, $my_get_move, $group_properties['directory'] ); } } } if (!empty($moveTo) && isset($_POST['move_file'])) { if (!$isAllowedToEdit) { if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), $_POST['move_file'])) { api_not_allowed(true); } } if (api_is_coach()) { if (!DocumentManager::is_visible_by_id($_POST['move_file'], $courseInfo, $sessionId, api_get_user_id())) { api_not_allowed(true); } } // Get the document data from the ID $document_to_move = DocumentManager::get_document_data_by_id( $_POST['move_file'], api_get_course_id(), false, $sessionId ); // Security fix: make sure they can't move files that are not in the document table if (!empty($document_to_move)) { $real_path_target = $base_work_dir.$moveTo.'/'.basename($document_to_move['path']); $fileExist = false; if (file_exists($real_path_target)) { $fileExist = true; } if (move($base_work_dir.$document_to_move['path'], $base_work_dir.$moveTo)) { DocumentManager::updateDbInfo( 'update', $document_to_move['path'], $moveTo.'/'.basename($document_to_move['path']) ); //update database item property $doc_id = $_POST['move_file']; if (is_dir($real_path_target)) { api_item_property_update( $courseInfo, TOOL_DOCUMENT, $doc_id, 'FolderMoved', api_get_user_id(), $group_properties, null, null, null, $sessionId ); Display::addFlash(Display::return_message(get_lang('DirMv'), 'confirmation')); } elseif (is_file($real_path_target)) { api_item_property_update( $courseInfo, TOOL_DOCUMENT, $doc_id, 'DocumentMoved', api_get_user_id(), $group_properties, null, null, null, $sessionId ); Display::addFlash( Display::return_message( get_lang('DocMv'), 'confirmation' ) ); } // Set the current path $curdirpath = $_POST['move_to']; $curdirpathurl = urlencode($_POST['move_to']); } else { if ($fileExist) { if (is_dir($real_path_target)) { $message = Display::return_message(get_lang('DirExists'), 'error'); } elseif (is_file($real_path_target)) { $message = Display::return_message(get_lang('FileExists'), 'v'); } Display::addFlash($message); } else { Display::addFlash(Display::return_message(get_lang('Impossible'), 'error')); } } } else { Display::addFlash(Display::return_message(get_lang('Impossible'), 'error')); } } } /* DELETE FILE OR DIRECTORY */ //Only teacher and all users into their group if ($isAllowedToEdit || $group_member_with_upload_rights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ) { if (isset($_POST['action']) && isset($_POST['ids'])) { $files = $_POST['ids']; $readonlyAlreadyChecked = false; $messages = ''; $items = array( '/audio', '/flash', '/images', '/shared_folder', '/video', '/chat_files', '/certificates' ); foreach ($files as $documentId) { $data = DocumentManager::get_document_data_by_id($documentId, $courseInfo['code']); if (in_array($data['path'], $items)) { // exclude system directories (do not allow deletion) continue; } else { switch ($_POST['action']) { case 'set_invisible': $visibilityCommand = 'invisible'; if (api_item_property_update( $courseInfo, TOOL_DOCUMENT, $documentId, $visibilityCommand, api_get_user_id(), null, null, null, null, $sessionId )) { $messages .= Display::return_message( get_lang('VisibilityChanged').': '.$data['title'], 'confirmation' ); } else { $messages .= Display::return_message(get_lang('ViModProb'), 'error'); } break; case 'set_visible': $visibilityCommand = 'visible'; if (api_item_property_update( $courseInfo, TOOL_DOCUMENT, $documentId, $visibilityCommand, api_get_user_id(), null, null, null, null, $sessionId )) { $messages .= Display::return_message( get_lang('VisibilityChanged').': '.$data['title'], 'confirmation' ); } else { $messages .= Display::return_message(get_lang('ViModProb'), 'error'); } break; case 'delete': // Check all documents scheduled for deletion // If one of them is read-only, abandon deletion // Note: this is only executed once if (!$readonlyAlreadyChecked) { foreach ($files as $id) { if (!$isAllowedToEdit) { if (DocumentManager::check_readonly( $courseInfo, api_get_user_id(), null, $id, false, $sessionId )) { $messages .= Display::return_message( get_lang('CantDeleteReadonlyFiles'), 'error' ); break 2; } } } $readonlyAlreadyChecked = true; } $deleteDocument = DocumentManager::delete_document( $courseInfo, null, $base_work_dir, $sessionId, $documentId, $groupIid ); if (!empty($deleteDocument)) { $messages .= Display::return_message( get_lang('DocDeleted').': '.$data['title'], 'confirmation' ); } break; } } } // endforeach Display::addFlash($messages); header('Location: '.$currentUrl); exit; } } $dirForm = ''; /* CREATE DIRECTORY */ //Only teacher and all users into their group and any user into his/her shared folder if ($isAllowedToEdit || $group_member_with_upload_rights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ) { // Create directory with $_POST data if (isset($_POST['create_dir']) && $_POST['dirname'] != '') { // Needed for directory creation $post_dir_name = $_POST['dirname']; if ($post_dir_name == '../' || $post_dir_name == '.' || $post_dir_name == '..') { $message = Display::return_message(get_lang('CannotCreateDir'), 'error'); } else { // dir_id is the parent folder id. if (!empty($_POST['dir_id'])) { // Get the document data from the ID $document_data = DocumentManager::get_document_data_by_id( $_POST['dir_id'], api_get_course_id(), false, $sessionId ); if ($sessionId != 0 && !$document_data) { // If there is a session defined and asking for the // document * from the session* didn't work, try it from // the course (out of a session context) $document_data = DocumentManager::get_document_data_by_id( $_POST['dir_id'], api_get_course_id(), false, 0 ); } $curdirpath = $document_data['path']; } $added_slash = ($curdirpath == '/') ? '' : '/'; $dir_name = $curdirpath.$added_slash.api_replace_dangerous_char($post_dir_name); $dir_name = disable_dangerous_file($dir_name); $dir_check = $base_work_dir.$dir_name; $visibility = empty($groupId) ? null : 1; $newFolderData = create_unexisting_directory( $courseInfo, api_get_user_id(), $sessionId, $groupIid, $to_user_id, $base_work_dir, $dir_name, $post_dir_name, $visibility ); if (!empty($newFolderData)) { $message = Display::return_message( get_lang('DirCr').' '.$newFolderData['title'], 'confirmation' ); } else { $message = Display::return_message( get_lang('CannotCreateDir'), 'error' ); } } Display::addFlash($message); } // Show them the form for the directory name if (isset($_GET['createdir'])) { $dirForm = DocumentManager::create_dir_form($document_id); } } /* VISIBILITY COMMANDS */ if ($isAllowedToEdit) { if ((isset($_GET['set_invisible']) && !empty($_GET['set_invisible'])) || (isset($_GET['set_visible']) && !empty($_GET['set_visible'])) ) { // Make visible or invisible? if (isset($_GET['set_visible'])) { $update_id = intval($_GET['set_visible']); $visibility_command = 'visible'; } else { $update_id = intval($_GET['set_invisible']); $visibility_command = 'invisible'; } if (!$isAllowedToEdit) { if (api_is_coach()) { if (!DocumentManager::is_visible_by_id($update_id, $courseInfo, $sessionId, api_get_user_id())) { api_not_allowed(true); } } if (DocumentManager::check_readonly($courseInfo, api_get_user_id(), '', $update_id)) { api_not_allowed(true); } } // Update item_property to change visibility if (api_item_property_update( $courseInfo, TOOL_DOCUMENT, $update_id, $visibility_command, api_get_user_id(), null, null, null, null, $sessionId ) ) { Display::addFlash( Display::return_message(get_lang('VisibilityChanged'), 'confirmation') ); } else { Display::addFlash( Display::return_message(get_lang('ViModProb'), 'error') ); } header('Location: '.$currentUrl); exit; } } $templateForm = ''; /* TEMPLATE ACTION */ //Only teacher and all users into their group if ($isAllowedToEdit || $group_member_with_upload_rights || DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) ) { if (isset($_GET['add_as_template']) && !isset($_POST['create_template'])) { $document_id_for_template = intval($_GET['add_as_template']); // Create the form that asks for the directory name $templateForm .= '