downloadfolder.inc.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. use ChamiloSession as Session;
  4. /**
  5. * Functions and main code for the download folder feature
  6. *
  7. * @package chamilo.document
  8. */
  9. set_time_limit(0);
  10. require_once __DIR__.'/../inc/global.inc.php';
  11. api_protect_course_script();
  12. $sysCoursePath = api_get_path(SYS_COURSE_PATH);
  13. $courseInfo = api_get_course_info();
  14. $courseId = api_get_course_int_id();
  15. $sessionId = api_get_session_id();
  16. $groupId = api_get_group_id();
  17. $courseCode = api_get_course_id();
  18. // Check if folder exists in current course.
  19. $documentInfo = DocumentManager::get_document_data_by_id(
  20. $_GET['id'],
  21. $courseCode,
  22. false,
  23. 0
  24. );
  25. if (!empty($sessionId)) {
  26. /* If no data found and session id exists
  27. try to look the file inside the session */
  28. if (empty($documentInfo)) {
  29. $documentInfo = DocumentManager::get_document_data_by_id(
  30. $_GET['id'],
  31. $courseCode,
  32. false,
  33. $sessionId
  34. );
  35. }
  36. }
  37. $path = $documentInfo['path'];
  38. if (empty($path)) {
  39. $path = '/';
  40. }
  41. // A student should not be able to download a root shared directory
  42. if (($path == '/shared_folder' ||
  43. $path == '/shared_folder_session_'.api_get_session_id()) &&
  44. (!api_is_allowed_to_edit() || !api_is_platform_admin())
  45. ) {
  46. api_not_allowed(true);
  47. exit;
  48. }
  49. // Creating a ZIP file.
  50. $tempZipFile = api_get_path(SYS_ARCHIVE_PATH).api_get_unique_id().".zip";
  51. $zip = new PclZip($tempZipFile);
  52. $doc_table = Database::get_course_table(TABLE_DOCUMENT);
  53. $prop_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
  54. // We need this path to clean it out of the zip file
  55. // I'm not using dir name as it gives too much problems (cfr.)
  56. $remove_dir = ($path != '/') ? substr($path, 0, strlen($path) - strlen(basename($path))) : '/';
  57. // Put the files in the zip
  58. // 2 possibilities: Admins get all files and folders in the selected folder (except for the deleted ones)
  59. // Normal users get only visible files that are in visible folders
  60. function fixDocumentNameCallback($p_event, &$p_header)
  61. {
  62. global $remove_dir;
  63. $files = Session::read('doc_files_to_download');
  64. $storedFile = $remove_dir.$p_header['stored_filename'];
  65. if (!isset($files[$storedFile])) {
  66. return 0;
  67. }
  68. $documentData = $files[$storedFile];
  69. $documentNameFixed = DocumentManager::undoFixDocumentName(
  70. $documentData['path'],
  71. $documentData['c_id'],
  72. $documentData['session_id'],
  73. $documentData['to_group_id']
  74. );
  75. // Changes file.phps to file.php
  76. $basename = basename($documentNameFixed);
  77. $basenamePHPFixed = str_replace('.phps', '.php', $basename);
  78. $documentNameFixed = str_replace(
  79. $basename,
  80. $basenamePHPFixed,
  81. $documentNameFixed
  82. );
  83. if ($remove_dir != '/') {
  84. $documentNameFixed = str_replace($remove_dir, '/', $documentNameFixed);
  85. if (substr($documentNameFixed, 0, 1) == '/') {
  86. $documentNameFixed = substr($documentNameFixed, 1, api_strlen($documentNameFixed));
  87. }
  88. } else {
  89. $documentNameFixed = ltrim($documentNameFixed, '/');
  90. }
  91. $p_header['stored_filename'] = $documentNameFixed;
  92. return 1;
  93. }
  94. $groupJoin = '';
  95. if (!empty($groupId)) {
  96. $table = Database::get_course_table(TABLE_GROUP);
  97. $groupJoin = " INNER JOIN $table g ON (g.iid = props.to_group_id AND g.c_id = docs.c_id)";
  98. $groupCondition = " g.id = ".$groupId;
  99. } else {
  100. $groupCondition = " (props.to_group_id = 0 OR props.to_group_id IS NULL ) ";
  101. }
  102. // Admins are allowed to download invisible files
  103. if (api_is_allowed_to_edit()) {
  104. // Set the path that will be used in the query
  105. if ($path == '/') {
  106. $querypath = ''; // To prevent ...path LIKE '//%'... in query
  107. } else {
  108. $querypath = $path;
  109. }
  110. $querypath = Database::escape_string($querypath);
  111. // Search for all files that are not deleted => visibility != 2
  112. $sql = "SELECT
  113. path,
  114. docs.session_id,
  115. docs.id,
  116. props.to_group_id,
  117. docs.c_id
  118. FROM $doc_table AS docs
  119. INNER JOIN $prop_table AS props
  120. ON
  121. docs.id = props.ref AND
  122. docs.c_id = props.c_id
  123. $groupJoin
  124. WHERE
  125. props.tool ='".TOOL_DOCUMENT."' AND
  126. docs.path LIKE '".$querypath."/%' AND
  127. docs.filetype = 'file' AND
  128. props.visibility <> '2' AND
  129. $groupCondition AND
  130. (props.session_id IN ('0', '$sessionId') OR props.session_id IS NULL) AND
  131. docs.c_id = ".$courseId." ";
  132. $sql .= DocumentManager::getSessionFolderFilters($querypath, $sessionId);
  133. $result = Database::query($sql);
  134. $files = array();
  135. while ($row = Database::fetch_array($result)) {
  136. $files[$row['path']] = $row;
  137. }
  138. Session::write('doc_files_to_download', $files);
  139. foreach ($files as $not_deleted_file) {
  140. // Filtering folders and
  141. if (strpos($not_deleted_file['path'], 'chat_files') > 0 ||
  142. strpos($not_deleted_file['path'], 'shared_folder') > 0
  143. ) {
  144. if (!empty($sessionId)) {
  145. if ($not_deleted_file['session_id'] != $sessionId) {
  146. continue;
  147. }
  148. }
  149. }
  150. //error_log($sysCoursePath.$courseInfo['path'].'/document'.$not_deleted_file['path']);
  151. //error_log($sysCoursePath.$courseInfo['path'].'/document'.$remove_dir);
  152. $zip->add(
  153. $sysCoursePath.$courseInfo['path'].'/document'.$not_deleted_file['path'],
  154. PCLZIP_OPT_REMOVE_PATH,
  155. $sysCoursePath.$courseInfo['path'].'/document'.$remove_dir,
  156. PCLZIP_CB_PRE_ADD,
  157. 'fixDocumentNameCallback'
  158. );
  159. }
  160. Session::erase('doc_files_to_download');
  161. } else {
  162. // For other users, we need to create a zip file with only visible files and folders
  163. if ($path == '/') {
  164. $querypath = ''; // To prevent ...path LIKE '//%'... in query
  165. } else {
  166. $querypath = $path;
  167. }
  168. /* A big problem: Visible files that are in a hidden folder are
  169. included when we do a query for visibility='v'
  170. So... I do it in a couple of steps:
  171. 1st: Get all files that are visible in the given path
  172. */
  173. $querypath = Database::escape_string($querypath);
  174. $sql = "SELECT path, docs.session_id, docs.id, props.to_group_id, docs.c_id
  175. FROM $doc_table AS docs
  176. INNER JOIN $prop_table AS props
  177. ON
  178. docs.id = props.ref AND
  179. docs.c_id = props.c_id
  180. $groupJoin
  181. WHERE
  182. docs.c_id = $courseId AND
  183. props.tool = '".TOOL_DOCUMENT."' AND
  184. docs.path LIKE '".$querypath."/%' AND
  185. props.visibility = '1' AND
  186. docs.filetype = 'file' AND
  187. (props.session_id IN ('0', '$sessionId') OR props.session_id IS NULL) AND
  188. $groupCondition
  189. ";
  190. $sql .= DocumentManager::getSessionFolderFilters($querypath, $sessionId);
  191. $result = Database::query($sql);
  192. $files = [];
  193. $all_visible_files_path = [];
  194. // Add them to an array
  195. while ($all_visible_files = Database::fetch_assoc($result)) {
  196. if (strpos($all_visible_files['path'], 'chat_files') > 0 ||
  197. strpos($all_visible_files['path'], 'shared_folder') > 0
  198. ) {
  199. if (!empty($sessionId)) {
  200. if ($all_visible_files['session_id'] != $sessionId) {
  201. continue;
  202. }
  203. }
  204. }
  205. $all_visible_files_path[] = $all_visible_files['path'];
  206. $files[$all_visible_files['path']] = $all_visible_files;
  207. }
  208. // 2nd: Get all folders that are invisible in the given path
  209. $sql = "SELECT path, docs.session_id, docs.id, props.to_group_id, docs.c_id
  210. FROM $doc_table AS docs
  211. INNER JOIN $prop_table AS props
  212. ON
  213. docs.id = props.ref AND
  214. docs.c_id = props.c_id
  215. WHERE
  216. docs.c_id = $courseId AND
  217. props.tool = '".TOOL_DOCUMENT."' AND
  218. docs.path LIKE '".$querypath."/%' AND
  219. props.visibility <> '1' AND
  220. (props.session_id IN ('0', '$sessionId') OR props.session_id IS NULL) AND
  221. docs.filetype = 'folder'";
  222. $query2 = Database::query($sql);
  223. // If we get invisible folders, we have to filter out these results from all visible files we found
  224. if (Database::num_rows($query2) > 0) {
  225. $files = array();
  226. // Add item to an array
  227. while ($invisible_folders = Database::fetch_assoc($query2)) {
  228. //3rd: Get all files that are in the found invisible folder (these are "invisible" too)
  229. $sql = "SELECT path, docs.id, props.to_group_id, docs.c_id
  230. FROM $doc_table AS docs
  231. INNER JOIN $prop_table AS props
  232. ON
  233. docs.id = props.ref AND
  234. docs.c_id = props.c_id
  235. WHERE
  236. docs.c_id = $courseId AND
  237. props.tool ='".TOOL_DOCUMENT."' AND
  238. docs.path LIKE '".$invisible_folders['path']."/%' AND
  239. docs.filetype = 'file' AND
  240. (props.session_id IN ('0', '$sessionId') OR props.session_id IS NULL) AND
  241. props.visibility ='1'";
  242. $query3 = Database::query($sql);
  243. // Add tem to an array
  244. while ($files_in_invisible_folder = Database::fetch_assoc($query3)) {
  245. $files_in_invisible_folder_path[] = $files_in_invisible_folder['path'];
  246. $files[$files_in_invisible_folder['path']] = $files_in_invisible_folder;
  247. }
  248. }
  249. // Compare the array with visible files and the array with files in invisible folders
  250. // and keep the difference (= all visible files that are not in an invisible folder)
  251. $files_for_zipfile = diff(
  252. (array) $all_visible_files_path,
  253. (array) $files_in_invisible_folder_path
  254. );
  255. } else {
  256. // No invisible folders found, so all visible files can be added to the zipfile
  257. $files_for_zipfile = $all_visible_files_path;
  258. }
  259. Session::write('doc_files_to_download', $files);
  260. // Add all files in our final array to the zipfile
  261. for ($i = 0; $i < count($files_for_zipfile); $i++) {
  262. $zip->add(
  263. $sysCoursePath.$courseInfo['path'].'/document'.$files_for_zipfile[$i],
  264. PCLZIP_OPT_REMOVE_PATH,
  265. $sysCoursePath.$courseInfo['path'].'/document'.$remove_dir,
  266. PCLZIP_CB_PRE_ADD,
  267. 'fixDocumentNameCallback'
  268. );
  269. }
  270. Session::erase('doc_files_to_download');
  271. }
  272. // Launch event
  273. Event::event_download(
  274. ($path == '/') ? 'documents.zip (folder)' : basename($path).'.zip (folder)'
  275. );
  276. // Start download of created file
  277. $name = ($path == '/') ? 'documents.zip' : $documentInfo['title'].'.zip';
  278. if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) {
  279. $result = DocumentManager::file_send_for_download($tempZipFile, true, $name);
  280. if ($result === false) {
  281. api_not_allowed(true);
  282. }
  283. @unlink($tempZipFile);
  284. exit;
  285. } else {
  286. api_not_allowed(true);
  287. }
  288. /**
  289. * Returns the difference between two arrays, as an array of those key/values
  290. * Use this as array_diff doesn't give the
  291. *
  292. * @param array $arr1 first array
  293. * @param array $arr2 second array
  294. *
  295. * @return array difference between the two arrays
  296. */
  297. function diff($arr1, $arr2)
  298. {
  299. $res = array();
  300. $r = 0;
  301. foreach ($arr1 as & $av) {
  302. if (!in_array($av, $arr2)) {
  303. $res[$r] = $av;
  304. $r++;
  305. }
  306. }
  307. return $res;
  308. }