Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
aj
/
chamilo-lms2
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 0e3191628e
Branch-ok Tag-ek
chamilo-lms2
/
main
/
messages
/
download.php

download.php 3.0 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. /**
    4. 

  4. *	This file is responsible for  passing requested file attachments from messages
    5. 

  5. *	Html files are parsed to fix a few problems with URLs,
    6. 

  6. *	but this code will hopefully be replaced soon by an Apache URL
    7. 

  7. *	rewrite mechanism.
    8. 

  8. *
    9. 

  9. *	@package chamilo.messages
    10. 

  10. */
    11. 

  11. /**
    12. 

  12.  * MAIN CODE
    13. 

  13.  */
    14. 

  14. 

  15. session_cache_limiter('public');
    16. 

  16. 

  17. require_once '../inc/global.inc.php';
    18. 

  18. require_once api_get_path(LIBRARY_PATH).'group_portal_manager.lib.php';
    19. 

  19. require_once api_get_path(LIBRARY_PATH).'document.lib.php';
    20. 

  20. 

  21. // IMPORTANT to avoid caching of documents
    22. 

  22. header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
    23. 

  23. header('Cache-Control: public');
    24. 

  24. header('Pragma: no-cache');
    25. 

  25. 

  26. $file_url = $_GET['file'];
    27. 

  27. //change the '&' that got rewritten to '///' by mod_rewrite back to '&'
    28. 

  28. $file_url = str_replace('///', '&', $file_url);
    29. 

  29. //still a space present? it must be a '+' (that got replaced by mod_rewrite)
    30. 

  30. $file_url = str_replace(' ', '+', $file_url);
    31. 

  31. $file_url = str_replace('/..', '', $file_url); //echo $doc_url;
    32. 

  32. 

  33. $tbl_messsage = Database::get_main_table(TABLE_MESSAGE);
    34. 

  34. $tbl_messsage_attachment = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
    35. 

  35. 

  36. $file_url = Database::escape_string($file_url);
    37. 

  37. $sql= "SELECT filename, message_id FROM $tbl_messsage_attachment WHERE path LIKE BINARY '$file_url'";
    38. 

  38. 

  39. $result     = Database::query($sql);
    40. 

  40. $row        = Database::fetch_array($result, 'ASSOC');
    41. 

  41. $title      = str_replace(' ','_', $row['filename']);
    42. 

  42. $message_id = $row['message_id'];
    43. 

  43. 

  44. // allow download only for user sender and user receiver
    45. 

  45. $sql = "SELECT user_sender_id, user_receiver_id, group_id FROM $tbl_messsage WHERE id = '$message_id'";
    46. 

  46. $rs           = Database::query($sql);
    47. 

  47. $row_users    = Database::fetch_array($rs, 'ASSOC');
    48. 

  48. $current_uid  = api_get_user_id();
    49. 

  49. 

  50. // get message user id for inbox/outbox
    51. 

  51. $message_uid = '';
    52. 

  52. $message_type = array('inbox','outbox');
    53. 

  53. if (in_array($_GET['type'],$message_type)) {
    54. 

  54. 	if ($_GET['type'] == 'inbox') {
    55. 

  55. 		$message_uid = $row_users['user_receiver_id'];
    56. 

  56. 	} else {
    57. 

  57. 		$message_uid = $row_users['user_sender_id'];
    58. 

  58. 	}
    59. 

  59. }
    60. 

  60. 

  61. // allow to the correct user for download this file
    62. 

  62. $not_allowed_to_edit = false;
    63. 

  63. if (!empty($row_users['group_id'])) {
    64. 

  64. 	$users_group = GroupPortalManager::get_all_users_by_group($row_users['group_id']);
    65. 

  65. 	if (!in_array($current_uid,array_keys($users_group))) {
    66. 

  66. 		$not_allowed_to_edit = true;
    67. 

  67. 	}
    68. 

  68. } else {
    69. 

  69. 	if ($current_uid != $message_uid) {
    70. 

  70. 		$not_allowed_to_edit = true;
    71. 

  71. 	}
    72. 

  72. }
    73. 

  73. 

  74. if ($not_allowed_to_edit) {
    75. 

  75. 	api_not_allowed();
    76. 

  76. 	exit;
    77. 

  77. }
    78. 

  78. 

  79. // set the path directory file
    80. 

  80. if (!empty($row_users['group_id'])) {
    81. 

  81. 	$path_user_info = GroupPortalManager::get_group_picture_path_by_id($row_users['group_id'], 'system', true);
    82. 

  82. } else {
    83. 

  83. 	$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true);
    84. 

  84. }
    85. 

  85. 

  86. $full_file_name = $path_user_info['dir'].'message_attachments/'.$file_url;
    87. 

  87. 

  88. if (Security::check_abs_path($full_file_name, $path_user_info['dir'].'message_attachments/')) {
    89. 

  89.     // launch event
    90. 

  90.     event_download($file_url);
    91. 

  91.     DocumentManager::file_send_for_download($full_file_name,TRUE, $title);
    92. 

  92. }
    93. 

  93. exit;
    94.