Accueil Explorer Aide
S'inscrire Connexion
aj
/
chamilo-lms2
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: skala
Branches Tags
chamilo-lms2
/
main
/
forum
/
download.php

download.php 2.8 KB
Lien permanent Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. /**
    4. 

  4.  * This file is responsible for  passing requested documents to the browser.
    5. 

  5.  * Html files are parsed to fix a few problems with URLs,
    6. 

  6.  * but this code will hopefully be replaced soon by an Apache URL
    7. 

  7.  * rewrite mechanism.
    8. 

  8.  *
    9. 

  9.  * @package chamilo.document
    10. 

  10.  */
    11. 

  11. 

  12. /*
    13. 

  13.         MAIN CODE
    14. 

  14. */
    15. 

  15. 

  16. session_cache_limiter('public');
    17. 

  17. 

  18. require_once '../inc/global.inc.php';
    19. 

  19. $this_section=SECTION_COURSES;
    20. 

  20. 

  21. require_once 'forumconfig.inc.php';
    22. 

  22. 

  23. // IMPORTANT to avoid caching of documents
    24. 

  24. header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
    25. 

  25. header('Cache-Control: public');
    26. 

  26. header('Pragma: no-cache');
    27. 

  27. 

  28. //protection
    29. 

  29. api_protect_course_script(true);
    30. 

  30. 

  31. $doc_url = $_GET['file'];
    32. 

  32. //change the '&' that got rewritten to '///' by mod_rewrite back to '&'
    33. 

  33. $doc_url = str_replace('///', '&', $doc_url);
    34. 

  34. //still a space present? it must be a '+' (that got replaced by mod_rewrite)
    35. 

  35. $doc_url = str_replace(' ', '+', $doc_url);
    36. 

  36. $doc_url = str_replace('/..', '', $doc_url); //echo $doc_url;
    37. 

  37. 

  38. if (! isset($_course)) {
    39. 

  39.     api_not_allowed(true);
    40. 

  40. }
    41. 

  41. 

  42. $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/forum/'.$doc_url;
    43. 

  43. 

  44. //if the rewrite rule asks for a directory, we redirect to the document explorer
    45. 

  45. if (is_dir($full_file_name)) {
    46. 

  46.     //remove last slash if present
    47. 

  47.     //$doc_url = ($doc_url{strlen($doc_url)-1}=='/')?substr($doc_url,0,strlen($doc_url)-1):$doc_url;
    48. 

  48.     //mod_rewrite can change /some/path/ to /some/path// in some cases, so clean them all off (René)
    49. 

  49.     while ($doc_url{$dul = strlen($doc_url)-1}=='/') $doc_url = substr($doc_url,0,$dul);
    50. 

  50.     //create the path
    51. 

  51.     $document_explorer = api_get_path(WEB_COURSE_PATH).api_get_course_path(); // home course path
    52. 

  52.     //redirect
    53. 

  53.     header('Location: '.$document_explorer);
    54. 

  54. }
    55. 

  55. 

  56. $tbl_forum_attachment  = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
    57. 

  57. $tbl_forum_post 	   = Database::get_course_table(TABLE_FORUM_POST);
    58. 

  58. 

  59. $course_id = api_get_course_int_id();
    60. 

  60. 

  61. // launch event
    62. 

  62. event_download($doc_url);
    63. 

  63. 

  64. $sql='SELECT thread_id, forum_id,filename FROM '.$tbl_forum_post.'  f  INNER JOIN '.$tbl_forum_attachment.' a
    65. 

  65.         ON a.post_id=f.post_id 
    66. 

  66.       WHERE f.c_id = '.$course_id.' AND a.c_id = '.$course_id.' AND path LIKE BINARY "'.$doc_url.'"';
    67. 

  67. 

  68. $result = Database::query($sql);
    69. 

  69. $row    = Database::fetch_array($result);
    70. 

  70. 

  71. $forum_thread_visibility = api_get_item_visibility(api_get_course_info($course_code),TOOL_FORUM_THREAD,$row['thread_id'], api_get_session_id());
    72. 

  72. $forum_forum_visibility  = api_get_item_visibility(api_get_course_info($course_code),TOOL_FORUM,$row['forum_id'], api_get_session_id());
    73. 

  73. 

  74. if ($forum_thread_visibility==1 && $forum_forum_visibility==1) {
    75. 

  75.     if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/forum/')) {
    76. 

  76.        DocumentManager::file_send_for_download($full_file_name, TRUE, $row['filename']);
    77. 

  77.     }
    78. 

  78. }
    79. 

  79. exit;
    80.