chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r20388] image in public survey

Browse Source
skala
Arnaud Ligot 17 years ago
parent 68b8969d74
commit 9750f9e2c4
2 changed files with 174 additions and 26 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 69
      main/document/download.php
  2. 131
      main/survey/survey.download.inc.php

69
main/document/download.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: download.php 17795 2009-01-17 19:31:51Z spyroux $
<?php // $Id: download.php 20388 2009-05-07 12:38:12Z spyroux $
/*
==============================================================================
Dokeos - elearning and course management software
@ -55,9 +55,6 @@ $this_section=SECTION_COURSES;
include(api_get_path(LIBRARY_PATH).'document.lib.php');
//protection
api_protect_course_script();
$doc_url = $_GET['doc_url'];
//change the '&' that got rewritten to '///' by mod_rewrite back to '&'
$doc_url = str_replace('///', '&', $doc_url);
@ -65,32 +62,51 @@ $doc_url = str_replace('///', '&', $doc_url);
$doc_url = str_replace(' ', '+', $doc_url);
$doc_url = str_replace('/..', '', $doc_url); //echo $doc_url;
include(api_get_path(LIBRARY_PATH).'events.lib.inc.php');
if (! isset($_course))
{
api_not_allowed(true);
}
// dealing with image included into survey: when users receive a link towards a
// survey while not being authenticated on the plateform.
// the administrator should probably be able to disable this code through admin
// inteface
$refer_script = strrchr($_SERVER["HTTP_REFERER"],'/');
if (substr($refer_script,0,15) == "/fillsurvey.php") {
$invitation = substr(strstr($refer_script, 'invitationcode='),15);
$course = strstr($refer_script, 'course=');
$course = substr($course, 7, strpos($course, '&')-7);
include ("../survey/survey.download.inc.php");
$_course = check_download_survey($course, $invitation, $doc_url);
$_course['path']=$_course['directory'];
} else {
//protection
api_protect_course_script();
include(api_get_path(LIBRARY_PATH).'events.lib.inc.php');
if (! isset($_course))
{
api_not_allowed(true);
}
//if the rewrite rule asks for a directory, we redirect to the document explorer
if(is_dir(api_get_path(SYS_COURSE_PATH).$_course['path']."/document".$doc_url))
{
//remove last slash if present
//$doc_url = ($doc_url{strlen($doc_url)-1}=='/')?substr($doc_url,0,strlen($doc_url)-1):$doc_url;
//mod_rewrite can change /some/path/ to /some/path// in some cases, so clean them all off (Ren<EFBFBD>)
while ($doc_url{$dul = strlen($doc_url)-1}=='/') $doc_url = substr($doc_url,0,$dul);
//group folder?
$gid_req = ($_GET['gidReq'])?'&gidReq='.$_GET['gidReq']:'';
//create the path
$document_explorer = api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.urlencode($doc_url).'&cidReq='.$_GET['cidReq'].$gid_req;
//redirect
header('Location: '.$document_explorer);
}
// launch event
event_download($doc_url);
//if the rewrite rule asks for a directory, we redirect to the document explorer
if(is_dir(api_get_path(SYS_COURSE_PATH).$_course['path']."/document".$doc_url))
{
//remove last slash if present
//$doc_url = ($doc_url{strlen($doc_url)-1}=='/')?substr($doc_url,0,strlen($doc_url)-1):$doc_url;
//mod_rewrite can change /some/path/ to /some/path// in some cases, so clean them all off (Ren<EFBFBD>)
while ($doc_url{$dul = strlen($doc_url)-1}=='/') $doc_url = substr($doc_url,0,$dul);
//group folder?
$gid_req = ($_GET['gidReq'])?'&gidReq='.$_GET['gidReq']:'';
//create the path
$document_explorer = api_get_path(WEB_CODE_PATH).'document/document.php?curdirpath='.urlencode($doc_url).'&cidReq='.$_GET['cidReq'].$gid_req;
//redirect
header('Location: '.$document_explorer);
}
// launch event
event_download($doc_url);
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$full_file_name = $sys_course_path.$_course['path'].'/document'.$doc_url;
@ -103,4 +119,5 @@ if (!$is_allowed_to_edit &&
}
DocumentManager::file_send_for_download($full_file_name);
?>

131
main/survey/survey.download.inc.php
Unescape View File

@ -0,0 +1,131 @@
<?php
/*
DOKEOS - elearning and course management software
For a full list of contributors, see documentation/credits.html
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See "documentation/licence.html" more details.
Contact:
Dokeos
Rue des Palais 44 Paleizenstraat
B-1030 Brussels - Belgium
Tel. +32 (2) 211 34 56
*/
/**
* @package dokeos.survey
* @author Arnaud Ligot <arnaud@cblue.be>
* @version $Id: $
*
* small peace code to enable user to access images included into survey
* which are accessible by non authenticated users. This file is included
* by document/download.php
*/
function check_download_survey($course, $invitation, $doc_url) {
require_once('survey.lib.php');
require_once (api_get_path(LIBRARY_PATH)."/course.lib.php");
// getting all the course information
$_course = CourseManager::get_course_information($course);
// Database table definitions
$table_survey = Database :: get_course_table(TABLE_SURVEY, $_course['db_name']);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION, $_course['db_name']);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION, $_course['db_name']);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION, $_course['db_name']);
// now we check if the invitationcode is valid
$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '".Database::escape_string($invitation)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) < 1)
{
Display :: display_error_message(get_lang('WrongInvitationCode'), false);
Display :: display_footer();
exit;
}
$survey_invitation = mysql_fetch_assoc($result);
// now we check if the user already filled the survey
if ($survey_invitation['answered'] == 1)
{
Display :: display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false);
Display :: display_footer();
exit;
}
// very basic security check: check if a text field from a survey/answer/option contains the name of the document requested
//////////////
// fetch survey ID
//////////////
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) > 1)
{
if ($_POST['language'])
{
$survey_invitation['survey_id'] = $_POST['language'];
}
else
{
echo '<form id="language" name="language" method="POST" action="'.api_get_self().'?course='.$_GET['course'].'&invitationcode='.$_GET['invitationcode'].'">';
echo ' <select name="language">';
while ($row=mysql_fetch_assoc($result))
{
echo '<option value="'.$row['survey_id'].'">'.$row['lang'].'</option>';
}
echo '</select>';
echo ' <input type="submit" name="Submit" value="'.get_lang('Ok').'" />';
echo '</form>';
display::display_footer();
exit;
}
}
else
{
$row=mysql_fetch_assoc($result);
$survey_invitation['survey_id'] = $row['survey_id'];
}
$sql = "select count(*) from $table_survey where survey_id = ".$survey_invitation['survey_id']."
and (
title LIKE '%$doc_url%'
or subtitle LIKE '%$doc_url%'
or intro LIKE '%$doc_url%'
or surveythanks LIKE '%$doc_url%'
)
union select count(*) from $table_survey_question where survey_id = ".$survey_invitation['survey_id']."
and (
survey_question LIKE '%$doc_url%'
or survey_question_comment LIKE '%$doc_url%'
)
union select count(*) from $table_survey_question_option where survey_id = ".$survey_invitation['survey_id']."
and (
option_text LIKE '%$doc_url%'
)";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) == 0)
{
Display :: display_error_message(get_lang('WrongInvitationCode'), false);
Display :: display_footer();
exit;
}
return $_course;
}
?>
Write Preview
Loading…
Cancel
Save