|
|
|
|
@ -42,32 +42,48 @@ $tbl_messsage_attachment = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); |
|
|
|
|
$sql= "SELECT filename,message_id FROM $tbl_messsage_attachment WHERE path LIKE BINARY '$file_url'"; |
|
|
|
|
|
|
|
|
|
$result= Database::query($sql, __FILE__, __LINE__); |
|
|
|
|
$row= Database::fetch_array($result); |
|
|
|
|
$row= Database::fetch_array($result,MYSQL_ASSOC); |
|
|
|
|
$title = str_replace(' ','_', $row['filename']); |
|
|
|
|
$message_id = $row['message_id']; |
|
|
|
|
|
|
|
|
|
// allow download only for user sender and user receiver |
|
|
|
|
$sql = "SELECT user_sender_id, user_receiver_id, group_id FROM $tbl_messsage WHERE id = '$message_id'"; |
|
|
|
|
$rs= Database::query($sql, __FILE__, __LINE__); |
|
|
|
|
$row_users= Database::fetch_row($rs); |
|
|
|
|
$row_users= Database::fetch_array($rs,MYSQL_ASSOC); |
|
|
|
|
$current_uid = api_get_user_id(); |
|
|
|
|
if (!in_array($current_uid,$row_users)) { |
|
|
|
|
api_not_allowed(); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// get message user id for inbox/outbox |
|
|
|
|
$message_uid = ''; |
|
|
|
|
$message_type = array('inbox','outbox'); |
|
|
|
|
if (in_array($_GET['type'],$message_type)) { |
|
|
|
|
if ($_GET['type'] == 'inbox') { |
|
|
|
|
$message_uid = $row_users[1]; |
|
|
|
|
} else { |
|
|
|
|
$message_uid = $row_users[0]; |
|
|
|
|
if ($_GET['type'] == 'inbox') { |
|
|
|
|
$message_uid = $row_users['user_receiver_id']; |
|
|
|
|
} else { |
|
|
|
|
$message_uid = $row_users['user_sender_id']; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (!empty($row_users[2])) { |
|
|
|
|
$path_user_info = GroupPortalManager::get_group_picture_path_by_id($row_users[2], 'system', true); |
|
|
|
|
// allow to the correct user for download this file |
|
|
|
|
$not_allowed_to_edit = false; |
|
|
|
|
if (!empty($row_users['group_id'])) { |
|
|
|
|
$users_group = GroupPortalManager::get_all_users_by_group($row_users['group_id']); |
|
|
|
|
if (!in_array($current_uid,array_keys($users_group))) { |
|
|
|
|
$not_allowed_to_edit = true; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
if ($current_uid != $message_uid) { |
|
|
|
|
$not_allowed_to_edit = true; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ($not_allowed_to_edit) { |
|
|
|
|
api_not_allowed(); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// set the path directory file |
|
|
|
|
if (!empty($row_users['group_id'])) { |
|
|
|
|
$path_user_info = GroupPortalManager::get_group_picture_path_by_id($row_users['group_id'], 'system', true); |
|
|
|
|
} else { |
|
|
|
|
$path_user_info = UserManager::get_user_picture_path_by_id($message_uid, 'system', true); |
|
|
|
|
} |
|
|
|
|
@ -77,5 +93,4 @@ $full_file_name = $path_user_info['dir'].'message_attachments/'.$file_url; |
|
|
|
|
// launch event |
|
|
|
|
event_download($file_url); |
|
|
|
|
DocumentManager::file_send_for_download($full_file_name,TRUE, $title); |
|
|
|
|
exit; |
|
|
|
|
?> |
|
|
|
|
exit; |
Cristian Fasanando
15 years ago