[svn r14409] Videoconference:

- Removed useless script and updated to match the new tool - Using Dokeos translation files - Using random encryption salt generation - General cleaning
18 years ago · 1013249a5d
parent ebab1b4cb8
commit 1013249a5d
5 changed files with 129 additions and 192 deletions
--- a/main/conference/index.php
+++ b/main/conference/index.php
@ -1,3 +1,12 @@
 <?php
-header('Location: liveconf.php?'.$_SERVER['QUERY_STRING']);
+/* See license terms in /dokeos_license.txt */
+/**
+ * Generates the HTML page containing the iframe that loads the videoconference's Flash plugin
+ */
+include("../inc/global.inc.php");
+api_protect_course_script();
+$_SESSION["roomType"] = $_GET['type'];
 ?>
+<span align="center">
+<iframe frameborder="0" scrolling="no" width="100%" height="100%" src="../webrooms/videoconference.html"></iframe>
+</span>
--- a/main/conference/liveconf.php
+++ b/main/conference/liveconf.php
@ -1,29 +0,0 @@
-<?php
-/*
- * Created on 8 nov. 06
- *
- * To change the template for this generated file go to
- * Window - Preferences - PHPeclipse - PHP - Code Templates
- */
- include("../inc/global.inc.php");
-api_protect_course_script();
-//$nameTool = get_lang('conference');
-//Display::display_header($nameTool);
-
-if($_GET['type'] == 'classroom')
-{
-	$visio_link = api_get_setting('service_visio','visioclassroom_url');
-}
-else if($_GET['type'] == 'conference')
-{
-	$visio_link = api_get_setting('service_visio','visioconference_url');
-}
-
-
-?>
-<span align="center">
-<iframe frameborder="0" scrolling="no" width="100%" height="100%" src="<?php echo $visio_link ?>"></iframe>
-</span>
-<?php 
-//Display::display_footer();
-?>
--- a/main/webrooms/api.php
+++ b/main/webrooms/api.php
@ -1,58 +1,17 @@
 <?php
-/*
-===============================================================================
-	Dokeos - elearning and course management software
-
-	Copyright (c) 2004-2007 Dokeos S.A.
-	Copyright (c) Arnaud Ligot
-
-	For a full list of contributors, see "credits.txt".
-	The full license can be read in "license.txt".
-
-	This program is free software; you can redistribute it and/or
-	modify it under the terms of the GNU General Public License
-	as published by the Free Software Foundation; either version 2
-	of the License, or (at your option) any later version.
-
-	See the GNU General Public License for more details.
-
-	Contact address: Dokeos, 44 rue des palais, B-1030 Brussels, Belgium
-	Mail: info@dokeos.com
-===============================================================================
-*/
+/* See license terms in /dokeos_license.txt */
 /**
 ==============================================================================
 *	This is an interface between Dokeos and Videoconference application
 *
 ==============================================================================
 */
-
-/*
-==============================================================================
-		DEBUG
-==============================================================================
-*/
+/*==== DEBUG ====*/
 $debug=0;
-
-/*
-==============================================================================
-		CONSTANTS
-==============================================================================
-*/
-
-
+/*==== CONSTANTS ==== */
 define('VIDEOCONF_UPLOAD_PATH', '/videoconf');
-$PRESENTATION_EXTENSION = array('.ppt', '.odp');
-$IMAGE_EXTENSION = array ('.png', '.jpg', '.gif', '.jpeg');
-/*
-==============================================================================
-		SETTING Session ID because flash do not send the cookie
-==============================================================================
-*/
-if (!is_array($_COOKIE) || !isset($_COOKIE["dk_sid"])){
-	if ($debug>0) error_log("setting SID to:".$_REQUEST["sid"]);
-	session_id($_REQUEST["sid"]);
-}
+$presentation_extension = array('.ppt', '.odp');
+$image_extension = array ('.png', '.jpg', '.gif', '.jpeg');

 if ($debug>0)
 {
@ -69,75 +28,70 @@ if ($debug>0)

 }

-/*
-==============================================================================
-		INCLUDE
-==============================================================================
-*/
+/*==== INCLUDE ====*/
 require_once ('../inc/global.inc.php');
 api_block_anonymous_users();
 require_once (api_get_path(LIBRARY_PATH)."course.lib.php");
 require_once (api_get_path(LIBRARY_PATH)."document.lib.php");
 require_once (api_get_path(LIBRARY_PATH)."fileUpload.lib.php");

-/*
-==============================================================================
-		SETTING UP SOME VARIABLES
-==============================================================================
-*/
-$debug=0;
-$action = $_REQUEST["action"];
-$cidReq = $_REQUEST["cidReq"];
+/*==== Variables initialisation ====*/
+$action = $_REQUEST["action"]; //safe as only used in if()'s
+$seek = array('/','%2F','..');
+$destroy = array('','','');
+$cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]);
+$cidReq = Security::remove_XSS($cidReq);

 $user_id = api_get_user_id();
 $coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
 $_course = CourseManager::get_course_information($cidReq);

-// FIXME: this sound very strange !!! but add_document need this to works
+// FIXME: add_document needs this to work
 $_course['dbName'] = $_course['db_name'];

 // FIXME: check if CourseManager::get_user_in_course_status return != 
 //	COURSEMANAGER when the code is not valid
-// FIXME: There is no valid course code which contains things like ../
 if ($debug>0) error_log($coursePath, 0);

+if ($action == "uploadgui")
+{
+	echo '<form enctype="multipart/form-data" action="api.php" method="POST">
+	<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
+	<input type="hidden" name="action" value="upload" />
+	<input type="hidden" name="cidReq" value="'.$cidReq.'" />
+	<input type="hidden" name="sid" value="'.Security::remove_XSS($_REQUEST["sid"]).'" />

-
-if ($action == "upload")
+	Choose a file to upload: <input name="filedata" type="file" /><br />
+	<input type="submit" value="Upload File"  />
+	</form>
+	';
+	die();
+}
+else if ($action == "upload")
 {
-/*
-==============================================================================
-		PERMISSION
-==============================================================================
-*/
+	/*==== PERMISSION ====*/
 	$permissions = CourseManager::get_user_in_course_status($user_id, $cidReq);
 	if ($permissions != COURSEMANAGER)
 	{
 		if ($debug >0) error_log("Upload from videoconf not allowed !!!",0);
-		die(); // this user is not allowed to add upload documents
+		die('Not allowed'); // this user is not allowed to add upload documents
 	}
-/*
-==============================================================================
-		UPLOAD
-==============================================================================
-*/
-
+	/*==== UPLOAD ====*/
 	$destPath = $coursePath.VIDEOCONF_UPLOAD_PATH;
-	if (!is_dir($destPath)){
+	if (!is_dir($destPath))
+	{
 		$result = create_unexisting_directory($_course,$user_id,0,NULL,$coursePath,VIDEOCONF_UPLOAD_PATH);
 		if (!$result)
+		{
 			if ($debug>0) error_log("Can't create ".$destPath." folder",0);
+		}
 	}
 	
-	$newPath = handle_uploaded_document($_course,$_FILES['Filedata'],$coursePath,VIDEOCONF_UPLOAD_PATH,$user_id,0,NULL,'',0,'rename',false);
+	$newPath = handle_uploaded_document($_course,$_FILES['filedata'],$coursePath,VIDEOCONF_UPLOAD_PATH,$user_id,0,NULL,'',0,'rename',false);
 	// based on ../newscorm/presentation.class.php
-    	$file_name = (strrpos($newPath,'.')>0 ? substr($newPath, 0, strrpos($newPath,'.')) : $newPath);
-    	$file_extension = (strrpos($newPath,'.')>0 ? substr($newPath, strrpos($newPath,'.'),10) : '');
-/*	error_log($newPath,0);
-	error_log($file_name,0);
-	error_log($file_extension,0);
-*/
-	if (in_array($file_extension, $PRESENTATION_EXTENSION))
+   	$file_name = (strrpos($newPath,'.')>0 ? substr($newPath, 0, strrpos($newPath,'.')) : $newPath);
+   	$file_extension = (strrpos($newPath,'.')>0 ? substr($newPath, strrpos($newPath,'.'),10) : '');
+	if (in_array($file_extension, $presentation_extension))
 	{
 		if ($debug > 0) error_log("converting $coursePath$newPath", 0);
 		/* creating output folder */
@ -188,19 +142,20 @@ if ($action == "upload")
 				api_item_property_update($_course, TOOL_DOCUMENT, $did, 'DocumentAdded', $user_id, 0, NULL);
 		}
 	}
-} else if ($action == "service") 
-{/*
-==============================================================================
-		LIST FILES
-==============================================================================
-*/
+	echo '<html><body><script language="javascript">setTimeout(1000,window.close());</script></body></html>';
+} 
+else if ($action == "service") 
+{
+	/*==== List files ====*/
 	if ($debug>0) error_log("sending file list",0);
 	$subaction = $_REQUEST["subaction"];
-	$canDelete = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
-	if ($subaction == "list") {
+	$can_delete = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
+	if ($subaction == "list") 
+	{
 		// FIXME: check security around $_REQUEST["cwd"]
 		$cwd = $_REQUEST["cwd"];
-
+		$is_bellow_videoconf_upload_path = Security::check_abs_path($cwd,api_get_path(SYS_PATH));
+		/*
 		// treat /..
 		$nParent = 0; // the number of /.. into the url
 		while (substr($cwd, -3, 3) == "/..")
@ -219,77 +174,63 @@ if ($action == "upload")
 		// check if user can delete files. He must be manager and be inside /videoconf
 		$isBellowVideoConfUploadPath = (substr($cwd,0,strlen(VIDEOCONF_UPLOAD_PATH)) == VIDEOCONF_UPLOAD_PATH);
 		$canDelete = ($canDelete && $isBellowVideoConfUploadPath);
+		*/
+		$can_delete = ($can_delete && $is_bellow_videoconf_upload_path);
 		
 		// get files list
 		$files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false);
 		printf("<dokeosobject><fileListMeta></fileListMeta><fileList>");
 		printf("<folders>");
 		foreach($files as $i)
+		{
 			if ($i["filetype"] != "folder")
+			{
 				continue;
+			}
 			else 
 			{
-				printf('<folder><path>%s</path><title>%s</title><canDelete>%s</canDelete></folder>', $i['path'],$i['title'],($canDelete?"true":"false"));
+				printf('<folder><path>%s</path><title>%s</title><canDelete>%s</canDelete></folder>', $i['path'],$i['title'],($can_delete?'true':'false'));
 			}
+		}
 		printf("</folders><files>");
 		foreach($files as $i) {
  			$extension = (strrpos($i['path'],'.')>0 ? substr($i['path'], strrpos($i['path'],'.'),10) : '');
-			if ($i["filetype"] != "file" || !in_array($extension, $IMAGE_EXTENSION))
+			if ($i["filetype"] != "file" || !in_array($extension, $image_extension))
+			{
 				continue;
+			}
 			else 
 			{
-				printf('<file><path>%s</path><title>%s</title><canDelete>%s</canDelete></file>', $i['path'],$i['title'],($canDelete?"true":"false"));
+				printf('<file><path>%s</path><title>%s</title><canDelete>%s</canDelete></file>', $i['path'],$i['title'],($can_delete?'true':'false'));
 			}
 		}
 		printf("</files><ppts>");
-//		foreach($files as $i) {
-			// FIXME: Please optimise me !!!
-//  			$extension = (strrpos($i['path'],'.')>0 ? substr($i['path'], strrpos($i['path'],'.'),10) : '');
-//			if ($i["filetype"] != "file" || !in_array($extension, $PRESENTATION_EXTENSION))
-//				continue;
-//			else 
-//			{
-//				printf('<ppt><path>%s</path><title>%s</title><canDelete>%s</canDelete></ppt>', $i['path'], $i['title'],($canDelete?"true":"false"));
-//			}
-//		}
-//		printf("<file><realname>fr1</realname><name>fn1</name></file>");
-
 		printf("</ppts>");
 		printf("</fileList></dokeosobject>");
-	} else if ($subaction == "delete") {/*
-==============================================================================
-		PERMISSION
-==============================================================================
-*/
-	$permissions = CourseManager::get_user_in_course_status($user_id, $cidReq);
-	if ($permissions != COURSEMANAGER)
+	} 
+	else if ($subaction == "delete") 
 	{
-		if ($debug > 0) error_log("Upload from videoconf not allowed !!!",0);
-		die(); // this user is not allowed to add upload documents
-	}
-
-/*
-==============================================================================
-		DELETE
-==============================================================================
-*/
-		$path = $_REQUEST["path"];
+		/*==== PERMISSION ====*/
+		$permissions = CourseManager::get_user_in_course_status($user_id, $cidReq);
+		if ($permissions != COURSEMANAGER)
+		{
+			if ($debug > 0) error_log("Upload from videoconf not allowed !!!",0);
+			die(); // this user is not allowed to add upload documents
+		}
+		/*==== DELETE ====*/
+		$path = str_replace('../','',$_REQUEST["path"]);
 		if ((substr($path,0,strlen(VIDEOCONF_UPLOAD_PATH)) != VIDEOCONF_UPLOAD_PATH))
 		{
 			if ($debug >0 ) error_log("Delete from videoconf for "+$path+" NOT ALLOWED",0);
 			die();
 		}
-	
 		DocumentManager::delete_document($_course, $path, $coursePath);
 		echo "<result>OK</result>"; // We have to returns something to OpenLaszlo 
 	}
-} else if ($action == "download")
+} 
+else if ($action == "download")
 {
-/*
-==============================================================================
-		DOWNLOAD
-==============================================================================
-*/
+	/*==== DOWNLOAD ====*/
 	//check if the document is in the database
 	if(!DocumentManager::get_document_id($_course,$_REQUEST['file']))
 	{
@ -307,11 +248,10 @@ if ($action == "upload")
 		echo($error404);
 		exit;
 	}
-	$doc_url=$_REQUEST['file'];
+	$doc_url = str_replace('../','',$_REQUEST['file']);
 	if ($debug >0) error_log($doc_url);
 	$full_file_name = $coursePath.$doc_url;
 	DocumentManager::file_send_for_download($full_file_name,false);
 	exit;
 }
-
-?>
+?>
--- a/main/webrooms/checksession.php
+++ b/main/webrooms/checksession.php
@ -1,57 +1,61 @@
 <?php
+/* See license terms in /dokeos_license.txt */
 /**
- * Created on 08.11.2006
 * This script gives information to the videoconference scripts (in OpenLaszlo)
 * to use the right URL and ports for the videoconference.
 */
 require_once('../newscorm/learnpath.class.php');
+if($debug>0) error_log('New LP - Included learnpath',0);
 require_once('../newscorm/learnpathItem.class.php');
+if($debug>0) error_log('New LP - Included learnpathItem',0);
 require_once('../newscorm/scorm.class.php');
+if($debug>0) error_log('New LP - Included scorm',0);
 require_once('../newscorm/scormItem.class.php');
+if($debug>0) error_log('New LP - Included scormItem',0);
 require_once('../newscorm/aicc.class.php');
+if($debug>0) error_log('New LP - Included aicc',0);
 require_once('../newscorm/aiccItem.class.php');
-require_once('get_translation.lib.php');
+if($debug>0) error_log('New LP - Included aiccItem',0);

 include("../../main/inc/global.inc.php");
 api_block_anonymous_users();

+//$confkey = "0123456789abcdef0123456789abcdef";
+$confkey = api_get_setting('service_visio','visio_pass');
+$challenge = api_generate_password(32); //generate a 32 characters-long challenge key
+
 require_once (api_get_path(LIBRARY_PATH)."course.lib.php");
 printf ('<?xml version="1.0" encoding="UTF-8" ?>');

 printf('<dokeosobject>');

 printf('<courseobject>');
-if(count($_SESSION['course'])>0)
-{
-	foreach ($_SESSION['_course'] as $key => $val)
-	{	
+foreach ($_SESSION['_course'] as $key => $val)	
 		printf('<%s>%s</%s>',$key,utf8_encode($val),$key);
-	}
-}
 printf('</courseobject>');

 printf('<userobject>');
-if(count($_SESSION['_user'])>0)
-{
-	foreach ($_SESSION['_user'] as $key => $val) 
-	{
-		if ($key != "auth_source") 
-		{
-			printf('<%s>%s</%s>',$key,utf8_encode($val),$key);
-		}
-	}
-}
+foreach ($_SESSION['_user'] as $key => $val) if ($key != "auth_source") printf('<%s>%s</%s>',$key,utf8_encode($val),$key);
 printf('<sid>%s</sid>', session_id());
-printf('<isUploadAllowed>%s</isUploadAllowed>', (CourseManager::get_user_in_course_status($_SESSION['_user']['user_id'], $_SESSION['_course']['sysCode']) == COURSEMANAGER) ? "true" : "false");
+$isadmin =((CourseManager::get_user_in_course_status($_SESSION['_user']['user_id'], $_SESSION['_course']['sysCode']) == COURSEMANAGER)||api_is_platform_admin() ? "true" : "false");
+printf('<key>%s</key>', md5($confkey.$challenge));
+printf('<challenge>%s</challenge>', $challenge);
+printf('<isUploadAllowed>%s</isUploadAllowed>', $isadmin);
+printf('<canStartModerator>%s</canStartModerator>',($isadmin=='true' || $_SESSION["roomType"] == "conference")?'true':'false');
+printf('<mustStartModerator>%s</mustStartModerator>',($isadmin=='true' || $_SESSION["roomType"] == "conference")?'true':'false');
 printf('</userobject>');

 printf('<config>');
-printf('<rmpthostlocal>'.api_get_setting('service_visio','visio_rtmp_host_local').'</rmpthostlocal>');
-printf('<iswebrtmp>'.api_get_setting('service_visio','visio_is_web_rtmp').'</iswebrtmp>');
-printf('<rtmpport>'.api_get_setting('service_visio','visio_rtmp_port').'</rtmpport>');
-printf('<rtmpTunnelport>'.api_get_setting('service_visio','visio_rtmp_tunnel_port').'</rtmpTunnelport>');
+printf('<host>'.api_get_setting('service_visio','visio_host').'</host>');
+printf('<port>'.api_get_setting('service_visio','visio_port').'</port>');
 printf('</config>');

+$path = preg_replace('/^([^:]*:\/\/)/','',api_get_path(WEB_PATH));
+$path = str_replace('/','_',$path);
+printf('<roomConfig>');
+printf('<portal>%s</portal>', $path);
+printf('<roomType>%s</roomType>', $_SESSION['roomType']); // fixme remove +
+printf('</roomConfig>');

 printf('<recorderparams>');

@ -69,8 +73,8 @@ if(isset($_SESSION['oLP']))
 	$document_id = $_SESSION['oLP']->current;
 }

-printf('  <studentview>%s</studentview>',$student_view);
-printf('  <documentid>%s</documentid>',$document_id);
+printf('<studentview>%s</studentview>',$student_view);
+printf('<documentid>%s</documentid>',$document_id);
 printf('</recorderparams>');
 printf('<languageobject>');
 printf(get_language_file_as_xml($language_interface));
--- a/main/webrooms/get_translation.lib.php
+++ b/main/webrooms/get_translation.lib.php
@ -1,4 +1,5 @@
 <?php
+/* See license terms in /dokeos_license.txt */
 /**
 * Library for language translation from Dokeos language files to XML for videoconference
 * @uses main_api.lib.php for api_get_path() 
@ -21,7 +22,7 @@ function get_language_file_as_xml($language='english')
 			return '';
 		}
 	}
-	error_log('Analysing path '.$path);
+	//error_log('Analysing path '.$path);
 	$file = $path.'videoconf.inc.php';
 	if(!is_file($file) or !is_readable($file))
 	{
@ -34,6 +35,11 @@ function get_language_file_as_xml($language='english')
 			return '';
 		}
 	}
+	$convert = true;
+	if(substr($language,-7,7) == 'unicode')
+	{//do not convert if the language ends with 'unicode', which means it's in UTF-8
+		$convert=false;
+	}
 	$list = file($file);
 	$xml = '';
 	foreach ( $list as $line )
@ -45,7 +51,14 @@ function get_language_file_as_xml($language='english')
 			if($match)
 			{
 				//todo: The following conversion should only happen for old language files (encoded in ISO-8859-1).
-				$string = iconv('ISO-8859-1','UTF-8',$items[2]);
+				if($convert)
+				{
+					$string = mb_convert_encoding($items[2],'UTF-8','ISO-8859-1');
+				}
+				else
+				{
+					$string = $items[2];
+				}
 				$xml .= '<labelfield><labelid>'.$items[1].'</labelid><labelvalue>'.$string.'</labelvalue></labelfield>'."\n";
 			}
 		}