download.php 2.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * This file is responsible for passing requested documents to the browser.
  5. * Html files are parsed to fix a few problems with URLs,
  6. * but this code will hopefully be replaced soon by an Apache URL
  7. * rewrite mechanism.
  8. *
  9. * @package chamilo.calendar
  10. */
  11. session_cache_limiter('public');
  12. require_once __DIR__.'/../inc/global.inc.php';
  13. $this_section = SECTION_COURSES;
  14. // IMPORTANT to avoid caching of documents
  15. header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
  16. header('Cache-Control: public');
  17. header('Pragma: no-cache');
  18. $course_id = intval($_REQUEST['course_id']);
  19. $user_id = api_get_user_id();
  20. $course_info = api_get_course_info_by_id($course_id);
  21. $doc_url = $_REQUEST['file'];
  22. $session_id = api_get_session_id();
  23. if (empty($course_id)) {
  24. $course_id = api_get_course_int_id();
  25. }
  26. if (empty($course_id) || empty($doc_url)) {
  27. api_not_allowed();
  28. }
  29. $is_user_is_subscribed = CourseManager::is_user_subscribed_in_course(
  30. $user_id,
  31. $course_info['code'],
  32. true,
  33. $session_id
  34. );
  35. if (!api_is_allowed_to_edit() && !$is_user_is_subscribed) {
  36. api_not_allowed();
  37. }
  38. //change the '&' that got rewritten to '///' by mod_rewrite back to '&'
  39. $doc_url = str_replace('///', '&', $doc_url);
  40. //still a space present? it must be a '+' (that got replaced by mod_rewrite)
  41. $doc_url = str_replace(' ', '+', $doc_url);
  42. $doc_url = str_replace('/..', '', $doc_url); //echo $doc_url;
  43. $full_file_name = api_get_path(SYS_COURSE_PATH).$course_info['path'].'/upload/calendar/'.$doc_url;
  44. //if the rewrite rule asks for a directory, we redirect to the document explorer
  45. if (is_dir($full_file_name)) {
  46. while ($doc_url{$dul = strlen($doc_url) - 1} == '/') {
  47. $doc_url = substr($doc_url, 0, $dul);
  48. }
  49. // create the path
  50. $document_explorer = api_get_path(WEB_COURSE_PATH).$course_info['path']; // home course path
  51. // redirect
  52. header('Location: '.$document_explorer);
  53. exit;
  54. }
  55. $tbl_agenda_attachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT);
  56. // launch event
  57. Event::event_download($doc_url);
  58. $sql = 'SELECT filename FROM '.$tbl_agenda_attachment.'
  59. WHERE
  60. c_id = '.$course_id.' AND
  61. path LIKE BINARY "'.Database::escape_string($doc_url).'"';
  62. $result = Database::query($sql);
  63. if (Database::num_rows($result)) {
  64. $row = Database::fetch_array($result);
  65. $title = str_replace(' ', '_', $row['filename']);
  66. if (Security::check_abs_path(
  67. $full_file_name,
  68. api_get_path(SYS_COURSE_PATH).$course_info['path'].'/upload/calendar/'
  69. )) {
  70. $result = DocumentManager::file_send_for_download($full_file_name, true, $title);
  71. if ($result === false) {
  72. api_not_allowed(true);
  73. }
  74. }
  75. }
  76. api_not_allowed();