Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
aj
/
chamilo-lms2
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Tree: e7c246f349
Branches Tags
chamilo-lms2
/
main
/
dropbox
/
dropbox_submit.php

dropbox_submit.php 14 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. 

  4. /*
    5. 

  5.  * PREVENT RESUBMITING
    6. 

  6.  * This part checks if the $dropbox_unid var has the same ID
    7. 

  7.  * as the session var $dropbox_uniqueid that was registered as a session
    8. 

  8.  * var before.
    9. 

  9.  * The resubmit prevention only works with GET requests, because it gives some annoying
    10. 

  10.  * behaviours with POST requests.
    11. 

  11.  */
    12. 

  12. 

  13. /**
    14. 

  14.  * FORM SUBMIT
    15. 

  15.  * - VALIDATE POSTED DATA
    16. 

  16.  * - UPLOAD NEW FILE
    17. 

  17.  */
    18. 

  18. if (isset($_POST['submitWork'])) {
    19. 

  19.     $error = false;
    20. 

  20.     $errormsg = '';
    21. 

  21.     /**
    22. 

  22.      * FORM SUBMIT : VALIDATE POSTED DATA
    23. 

  23.      */
    24. 

  24. 

  25.     // the author or description field is empty
    26. 

  26.     if (!isset($_POST['authors']) || !isset($_POST['description'])) {
    27. 

  27.         $error = true;
    28. 

  28.         $errormsg = get_lang('BadFormData');
    29. 

  29.     } elseif (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
    30. 

  30.         $error = true;
    31. 

  31.         $errormsg = get_lang('NoUserSelected');
    32. 

  32.     } else {
    33. 

  33.         $thisIsAMailing = false;
    34. 

  34.         $thisIsJustUpload = false;
    35. 

  35. 

  36.         foreach ($_POST['recipients'] as $rec) {
    37. 

  37.             if ($rec == 'mailing') {
    38. 

  38.                 $thisIsAMailing = true;
    39. 

  39.             } elseif ($rec == 'upload') {
    40. 

  40.                 $thisIsJustUpload = true;
    41. 

  41.             } elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
    42. 

  42.                 echo '401';
    43. 

  43.                 die(get_lang('BadFormData').' (code 401)');
    44. 

  44.             } elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
    45. 

  45.                 echo '402';
    46. 

  46.                 die(get_lang('BadFormData').' (code 402)');
    47. 

  47.             }
    48. 

  48.         }
    49. 

  49. 

  50.         // we are doing a mailing but an additional recipient is selected
    51. 

  51.         if ($thisIsAMailing && (count($_POST['recipients']) != 1)) {
    52. 

  52.             $error = true;
    53. 

  53.             $errormsg = get_lang('MailingSelectNoOther');
    54. 

  54.         } // we are doing a just upload but an additional recipient is selected.
    55. 

  55.         elseif ($thisIsJustUpload && (count($_POST['recipients']) != 1)) {
    56. 

  56.             $error = true;
    57. 

  57.             $errormsg = get_lang('MailingJustUploadSelectNoOther');
    58. 

  58.         } elseif (empty($_FILES['file']['name'])) {
    59. 

  59.             $error = true;
    60. 

  60.             $errormsg = get_lang('NoFileSpecified');
    61. 

  61.         }
    62. 

  62.     }
    63. 

  63. 

  64.     //check if $_POST['cb_overwrite'] is true or false
    65. 

  65.     $dropbox_overwrite = false;
    66. 

  66.     if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) {
    67. 

  67.         $dropbox_overwrite = true;
    68. 

  68.     }
    69. 

  69. 

  70.     /**
    71. 

  71.      * FORM SUBMIT : UPLOAD NEW FILE
    72. 

  72.      */
    73. 

  73. 

  74.     if (!$error) {
    75. 

  75. 

  76.         $dropbox_filename = $_FILES['file']['name'];
    77. 

  77.         $dropbox_filesize = $_FILES['file']['size'];
    78. 

  78.         $dropbox_filetype = $_FILES['file']['type'];
    79. 

  79.         $dropbox_filetmpname = $_FILES['file']['tmp_name'];
    80. 

  80. 

  81.         if ($dropbox_filesize <= 0 || $dropbox_filesize > dropbox_cnf('maxFilesize')) {
    82. 

  82.             $errormsg = get_lang(
    83. 

  83.                 'TooBig'
    84. 

  84.             ); // TODO: The "too big" message does not fit in the case of uploading zero-sized file.
    85. 

  85.             $error = true;
    86. 

  86.         } elseif (!is_uploaded_file($dropbox_filetmpname)) { // check user fraud : no clean error msg.
    87. 

  87.             die(get_lang('BadFormData').' (code 403)');
    88. 

  88.         }
    89. 

  89. 

  90.         if (!$error) {
    91. 

  91.             // Try to add an extension to the file if it hasn't got one
    92. 

  92.             $dropbox_filename = FileManager::add_ext_on_mime($dropbox_filename, $dropbox_filetype);
    93. 

  93.             // Replace dangerous characters
    94. 

  94.             $dropbox_filename = api_replace_dangerous_char($dropbox_filename);
    95. 

  95.             // Transform any .php file in .phps fo security
    96. 

  96.             $dropbox_filename = FileManager::php2phps($dropbox_filename);
    97. 

  97.             if (!FileManager::filter_extension($dropbox_filename)) {
    98. 

  98.                 $error = true;
    99. 

  99.                 $errormsg = get_lang('UplUnableToSaveFileFilteredExtension');
    100. 

  100.             } else {
    101. 

  101.                 // set title
    102. 

  102.                 $dropbox_title = $dropbox_filename;
    103. 

  103. 

  104.                 // set author
    105. 

  105.                 if ($_POST['authors'] == '') {
    106. 

  106.                     $_POST['authors'] = getUserNameFromId($_user['user_id']);
    107. 

  107.                 }
    108. 

  108. 

  109.                 if ($dropbox_overwrite) {
    110. 

  110.                     $dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), $is_courseTutor);
    111. 

  111. 

  112.                     foreach ($dropbox_person->sentWork as $w) {
    113. 

  113.                         if ($w->title == $dropbox_filename) {
    114. 

  114.                             if (($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase')) xor $thisIsAMailing) {
    115. 

  115.                                 $error = true;
    116. 

  116.                                 $errormsg = get_lang('MailingNonMailingError');
    117. 

  117.                             }
    118. 

  118.                             if (($w->recipients[0]['id'] == $_user['user_id']) xor $thisIsJustUpload) {
    119. 

  119.                                 $error = true;
    120. 

  120.                                 $errormsg = get_lang('MailingJustUploadSelectNoOther');
    121. 

  121.                             }
    122. 

  122.                             $dropbox_filename = $w->filename;
    123. 

  123.                             $found = true;
    124. 

  124.                             break;
    125. 

  125.                         }
    126. 

  126.                     }
    127. 

  127.                 } else {
    128. 

  128.                     // rename file to login_filename_uniqueId format
    129. 

  129.                     $dropbox_filename = getLoginFromId($_user['user_id']).'_'.$dropbox_filename.'_'.uniqid('');
    130. 

  130.                 }
    131. 

  131. 

  132.                 if (!is_dir(dropbox_cnf('sysPath'))) {
    133. 

  133.                     //The dropbox subdir doesn't exist yet so make it and create the .htaccess file
    134. 

  134.                     mkdir(dropbox_cnf('sysPath'), api_get_permissions_for_new_directories()) or die(get_lang(
    135. 

  135.                         'ErrorCreatingDir'
    136. 

  136.                     ).' (code 404)');
    137. 

  137.                     $fp = fopen(dropbox_cnf('sysPath').'/.htaccess', 'w') or die(get_lang(
    138. 

  138.                         'ErrorCreatingDir'
    139. 

  139.                     ).' (code 405)');
    140. 

  140.                     fwrite(
    141. 

  141.                         $fp,
    142. 

  142.                         "AuthName AllowLocalAccess
    143. 

  143. 	                             AuthType Basic
    144. 

  144. 

  145. 	                             order deny,allow
    146. 

  146. 	                             deny from all
    147. 

  147. 

  148. 	                             php_flag zlib.output_compression off"
    149. 

  149.                     ) or die(get_lang('ErrorCreatingDir').' (code 406)');
    150. 

  150.                 }
    151. 

  151. 

  152.                 if ($error) {
    153. 

  153.                 } elseif ($thisIsAMailing) {
    154. 

  154.                     if (preg_match(dropbox_cnf('mailingZipRegexp'), $dropbox_title)) {
    155. 

  155.                         $newWorkRecipients = dropbox_cnf('mailingIdBase');
    156. 

  156.                     } else {
    157. 

  157.                         $error = true;
    158. 

  158.                         $errormsg = $dropbox_title.': '.get_lang('MailingWrongZipfile');
    159. 

  159.                     }
    160. 

  160.                 } elseif ($thisIsJustUpload) {
    161. 

  161.                     $newWorkRecipients = array();
    162. 

  162.                 } else {
    163. 

  163.                     // Creating the array that contains all the users who will receive the file
    164. 

  164.                     $newWorkRecipients = array();
    165. 

  165.                     foreach ($_POST['recipients'] as $rec) {
    166. 

  166.                         if (strpos($rec, 'user_') === 0) {
    167. 

  167.                             $newWorkRecipients[] = substr($rec, strlen('user_'));
    168. 

  168.                         } elseif (strpos($rec, 'group_') === 0) {
    169. 

  169.                             $userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
    170. 

  170.                             foreach ($userList as $usr) {
    171. 

  171.                                 if (!in_array(
    172. 

  172.                                     $usr['user_id'],
    173. 

  173.                                     $newWorkRecipients
    174. 

  174.                                 ) && $usr['user_id'] != $_user['user_id']
    175. 

  175.                                 ) {
    176. 

  176.                                     $newWorkRecipients[] = $usr['user_id'];
    177. 

  177.                                 }
    178. 

  178.                             }
    179. 

  179.                         }
    180. 

  180.                     }
    181. 

  181.                 }
    182. 

  182. 

  183.                 // After uploading the file, create the db entries
    184. 

  184. 

  185.                 if (!$error) {
    186. 

  186.                     @move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath').'/'.$dropbox_filename)
    187. 

  187.                         or die(get_lang('UploadError').' (code 407)');
    188. 

  188.                     new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags(
    189. 

  189.                         $_POST['authors']
    190. 

  190.                     ), $dropbox_filename, $dropbox_filesize, $newWorkRecipients);
    191. 

  191.                 }
    192. 

  192.             }
    193. 

  193.         }
    194. 

  194.     } //end if(!$error)
    195. 

  195. 

  196. 

  197.     /**
    198. 

  198.      * SUBMIT FORM RESULTMESSAGE
    199. 

  199.      */
    200. 

  200. 

  201.     if (!$error) {
    202. 

  202.         $return_message = get_lang('FileUploadSucces');
    203. 

  203.     } else {
    204. 

  204.         $return_message = $errormsg;
    205. 

  205.     }
    206. 

  206. } // end if ( isset( $_POST['submitWork']))
    207. 

  207. 

  208. function findRecipient($thisFile)
    209. 

  209. {
    210. 

  210.     // string result = error message, array result = [user_id, lastname, firstname, status]
    211. 

  211.     global $nameParts, $preFix, $preLen, $postFix, $postLen;
    212. 

  212.     if (preg_match(dropbox_cnf('mailingFileRegexp'), $thisFile, $matches)) {
    213. 

  213.         $thisName = $matches[1];
    214. 

  214.         if (api_substr($thisName, 0, $preLen) == $preFix) {
    215. 

  215.             if ($postLen == 0 || api_substr($thisName, -$postLen) == $postFix) {
    216. 

  216.                 $thisRecip = api_substr($thisName, $preLen, api_strlen($thisName) - $preLen - $postLen);
    217. 

  217.                 if ($thisRecip) {
    218. 

  218.                     return getUser($thisRecip);
    219. 

  219.                 }
    220. 

  220. 

  221.                 return ' <'.get_lang('MailingFileNoRecip', '').'>';
    222. 

  222.             } else {
    223. 

  223.                 return ' <'.get_lang('MailingFileNoPostfix', '').$postFix.'>';
    224. 

  224.             }
    225. 

  225.         } else {
    226. 

  226.             return ' <'.get_lang('MailingFileNoPrefix', '').$preFix.'>';
    227. 

  227.         }
    228. 

  228.     } else {
    229. 

  229.         return ' <'.get_lang('MailingFileFunny', '').'>';
    230. 

  230.     }
    231. 

  231. }
    232. 

  232. 

  233. function getUser($thisRecip)
    234. 

  234. {
    235. 

  235.     // string result = error message, array result = [user_id, lastname, firstname]
    236. 

  236. 

  237.     global $var, $sel;
    238. 

  238.     if (isset($students)) {
    239. 

  239.         unset($students);
    240. 

  240.     }
    241. 

  241. 

  242.     $result = Database::query($sel.$thisRecip."'");
    243. 

  243.     while (($res = Database::fetch_array($result))) {
    244. 

  244.         $students[] = $res;
    245. 

  245.     }
    246. 

  246.     Database::free_result($result);
    247. 

  247. 

  248.     if (count($students) == 1) {
    249. 

  249.         return ($students[0]);
    250. 

  250.     } elseif (count($students) > 1) {
    251. 

  251.         return ' <'.get_lang('MailingFileRecipDup', '').$var."= $thisRecip>";
    252. 

  252.     } else {
    253. 

  253.         return ' <'.get_lang('MailingFileRecipNotFound', '').$var."= $thisRecip>";
    254. 

  254.     }
    255. 

  255. }
    256. 

  256. 

  257. 

  258. /**
    259. 

  259.  * DELETE RECEIVED OR SENT FILES - EDIT FEEDBACK
    260. 

  260.  * - DELETE ALL RECEIVED FILES
    261. 

  261.  * - DELETE 1 RECEIVED FILE
    262. 

  262.  * - DELETE ALL SENT FILES
    263. 

  263.  * - DELETE 1 SENT FILE
    264. 

  264.  * - EDIT FEEDBACK
    265. 

  265.  */
    266. 

  266. if (isset($_GET['deleteReceived']) || isset($_GET['deleteSent'])
    267. 

  267.     || isset($_GET['showFeedback']) || isset($_GET['editFeedback'])
    268. 

  268. ) {
    269. 

  269.     if ($_GET['mailing']) {
    270. 

  270.         getUserOwningThisMailing($_GET['mailing'], $_user['user_id'], '408');
    271. 

  271.         $dropbox_person = new Dropbox_Person($_GET['mailing'], api_is_course_admin(), $is_courseTutor);
    272. 

  272.     } else {
    273. 

  273.         $dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), $is_courseTutor);
    274. 

  274.     }
    275. 

  275. 

  276.     if (isset($_SESSION['sentOrder'])) {
    277. 

  277.         $dropbox_person->orderSentWork($_SESSION['sentOrder']);
    278. 

  278.     }
    279. 

  279.     if (isset($_SESSION['receivedOrder'])) {
    280. 

  280.         $dropbox_person->orderReceivedWork($_SESSION['receivedOrder']);
    281. 

  281.     }
    282. 

  282. 

  283.     /*if (!$dropbox_person->isCourseAdmin || ! $dropbox_person->isCourseTutor) {
    284. 

  284.         die(get_lang('GeneralError').' (code 408)');
    285. 

  285.     }*/
    286. 

  286. 

  287.     $tellUser = get_lang('FileDeleted');
    288. 

  288. 

  289.     if (isset($_GET['deleteReceived'])) {
    290. 

  290.         if ($_GET['deleteReceived'] == 'all') {
    291. 

  291.             $dropbox_person->deleteAllReceivedWork();
    292. 

  292.         } elseif (is_numeric($_GET['deleteReceived'])) {
    293. 

  293.             $dropbox_person->deleteReceivedWork($_GET['deleteReceived']);
    294. 

  294.         } else {
    295. 

  295.             die(get_lang('GeneralError').' (code 409)');
    296. 

  296.         }
    297. 

  297.     } elseif (isset($_GET['deleteSent'])) {
    298. 

  298.         if ($_GET['deleteSent'] == 'all') {
    299. 

  299.             $dropbox_person->deleteAllSentWork();
    300. 

  300.         } elseif (is_numeric($_GET['deleteSent'])) {
    301. 

  301.             $dropbox_person->deleteSentWork($_GET['deleteSent']);
    302. 

  302.         } else {
    303. 

  303.             die(get_lang('GeneralError').' (code 410)');
    304. 

  304.         }
    305. 

  305.     } elseif (isset($_GET['showFeedback'])) {
    306. 

  306.         $w = new Dropbox_SentWork($id = $_GET['showFeedback']);
    307. 

  307. 

  308.         if ($w->uploader_id != $_user['user_id']) {
    309. 

  309.             getUserOwningThisMailing($w->uploader_id, $_user['user_id'], '411');
    310. 

  310.         }
    311. 

  311. 

  312.         foreach ($w->recipients as $r) {
    313. 

  313.             if (($fb = $r['feedback'])) {
    314. 

  314.                 $fbarray[$r['feedback_date'].$r['name']] = $r['name'].' '.get_lang(
    315. 

  315.                     'SentOn',
    316. 

  316.                     ''
    317. 

  317.                 ).' '.$r['feedback_date'].":\n".$fb;
    318. 

  318.             }
    319. 

  319.         }
    320. 

  320. 

  321.         if ($fbarray) {
    322. 

  322.             krsort($fbarray);
    323. 

  323.             echo '<textarea class="dropbox_feedbacks">',
    324. 

  324.             htmlspecialchars(implode("\n\n", $fbarray), ENT_QUOTES, api_get_system_encoding()), '</textarea>', "\n";
    325. 

  325.         } else {
    326. 

  326.             echo '<textarea class="dropbox_feedbacks">&nbsp;</textarea>', "\n";
    327. 

  327.         }
    328. 

  328. 

  329.         $tellUser = get_lang('ShowFeedback');
    330. 

  330. 

  331.     } else { // if ( isset( $_GET['editFeedback'])) {
    332. 

  332.         $id = $_GET['editFeedback'];
    333. 

  333.         $found = false;
    334. 

  334.         foreach ($dropbox_person->receivedWork as $w) {
    335. 

  335.             if ($w->id == $id) {
    336. 

  336.                 $found = true;
    337. 

  337.                 break;
    338. 

  338.             }
    339. 

  339.         }
    340. 

  340.         if (!$found) {
    341. 

  341.             die(get_lang('GeneralError').' (code 415)');
    342. 

  342.         }
    343. 

  343. 

  344.         echo '<form method="post" action="index.php">', "\n",
    345. 

  345.         '<input type="hidden" name="feedbackid" value="',
    346. 

  346.         $id, '"/>', "\n",
    347. 

  347.         '<textarea name="feedbacktext" class="dropbox_feedbacks">',
    348. 

  348.         htmlspecialchars($w->feedback, ENT_QUOTES, api_get_system_encoding()), '</textarea>', "<br />\n",
    349. 

  349.         '<input type="submit" name="feedbacksubmit" value="', get_lang('Ok', ''), '"/>', "\n",
    350. 

  350.         '</form>', "\n";
    351. 

  351.         $tellUser = get_lang('GiveFeedback');
    352. 

  352.     }
    353. 

  353. 

  354.     /**
    355. 

  355.      * RESULTMESSAGE FOR DELETE FILE OR EDIT FEEDBACK
    356. 

  356.      */
    357. 

  357.     $return_message = get_lang('BackList');
    358. 

  358. }
    359.