dropbox_cnf("maxFilesize"))
{
$errormsg = dropbox_lang("tooBig");
$error = TRUE;
}elseif ( !is_uploaded_file( $dropbox_filetmpname)) // check user fraud : no clean error msg.
{
die ( dropbox_lang("badFormData")." (code 403)");
}
if ( !$error)
{
// Try to add an extension to the file if it hasn't got one
$dropbox_filename = add_ext_on_mime( $dropbox_filename,$dropbox_filetype);
// Replace dangerous characters
$dropbox_filename = replace_dangerous_char( $dropbox_filename);
// Transform any .php file in .phps fo security
$dropbox_filename = php2phps ( $dropbox_filename);
if(!filter_extension($dropbox_filename))
{
$error = true;
$errormsg = get_lang('UplUnableToSaveFileFilteredExtension');
}
else
{
// set title
$dropbox_title = $dropbox_filename;
// set author
if ( $_POST['authors'] == '')
{
$_POST['authors'] = getUserNameFromId( $_user['user_id']);
}
if ( $dropbox_overwrite) // RH: Mailing: adapted
{
$dropbox_person = new Dropbox_Person( $_user['user_id'], $is_courseAdmin, $is_courseTutor);
foreach($dropbox_person->sentWork as $w)
{
if ($w->title == $dropbox_filename)
{
if ( ($w->recipients[0]['id'] > dropbox_cnf("mailingIdBase")) xor $thisIsAMailing)
{
$error = TRUE;
$errormsg = dropbox_lang("mailingNonMailingError");
}
if ( ($w->recipients[0]['id'] == $_user['user_id']) xor $thisIsJustUpload)
{
$error = TRUE;
$errormsg = get_lang("MailingJustUploadSelectNoOther");
}
$dropbox_filename = $w->filename; $found = true;
break;
}
}
}
else // rename file to login_filename_uniqueId format
{
$dropbox_filename = getLoginFromId( $_user['user_id']) . "_" . $dropbox_filename . "_".uniqid('');
}
if ( ( ! is_dir( dropbox_cnf("sysPath"))))
{
//The dropbox subdir doesn't exist yet so make it and create the .htaccess file
mkdir( dropbox_cnf("sysPath"), 0700) or die ( dropbox_lang("errorCreatingDir")." (code 404)");
$fp = fopen( dropbox_cnf("sysPath")."/.htaccess", "w") or die (dropbox_lang("errorCreatingDir")." (code 405)");
fwrite($fp, "AuthName AllowLocalAccess
AuthType Basic
order deny,allow
deny from all
php_flag zlib.output_compression off") or die (dropbox_lang("errorCreatingDir")." (code 406)");
}
if ( $error) {}
elseif ( $thisIsAMailing) // RH: $newWorkRecipients is integer - see class
{
if ( preg_match( dropbox_cnf("mailingZipRegexp"), $dropbox_title))
{
$newWorkRecipients = dropbox_cnf("mailingIdBase");
}
else
{
$error = TRUE;
$errormsg = $dropbox_title . ": " . dropbox_lang("mailingWrongZipfile");
}
}
elseif ( $thisIsJustUpload) // RH: $newWorkRecipients is empty array
{
$newWorkRecipients = array();
}
else
{ // creating the array that contains all the users who will receive the file
$newWorkRecipients = array();
foreach ($_POST["recipients"] as $rec)
{
if (strpos($rec, 'user_') === 0) {
$newWorkRecipients[] = substr($rec, strlen('user_') );
}
elseif (strpos($rec, 'group_') === 0 )
{
$userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_') ));
foreach ($userList as $usr)
{
if (! in_array($usr['user_id'], $newWorkRecipients) && $usr['user_id'] != $_user['user_id'])
{
$newWorkRecipients[] = $usr['user_id'];
}
}
}
}
}
//After uploading the file, create the db entries
if ( !$error)
{
@move_uploaded_file( $dropbox_filetmpname, dropbox_cnf("sysPath") . '/' . $dropbox_filename)
or die( dropbox_lang("uploadError")." (code 407)");
new Dropbox_SentWork( $_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $newWorkRecipients);
}
}
}
} //end if(!$error)
/**
* ========================================
* SUBMIT FORM RESULTMESSAGE
* ========================================
*/
if ( !$error)
{
$return_message=get_lang('FileUploadSucces');
}
else
{
$return_message=$errormsg;
}
} // end if ( isset( $_POST["submitWork"]))
/**
* ========================================
* // RH: EXAMINE OR SEND MAILING (NEW)
* ========================================
*/
if ( isset( $_GET['mailingIndex'])) // examine or send
{
$dropbox_person = new Dropbox_Person( $_user['user_id'], $is_courseAdmin, $is_courseTutor);
if ( isset($_SESSION["sentOrder"]))
{
$dropbox_person->orderSentWork ($_SESSION["sentOrder"]);
}
$i = $_GET['mailingIndex']; $mailing_item = $dropbox_person->sentWork[$i];
$mailing_title = $mailing_item->title;
$mailing_file = dropbox_cnf("sysPath") . '/' . $mailing_item->filename;
$errormsg = '' . $mailing_item->recipients[0]['name'] . ' ('
. ""
. htmlspecialchars($mailing_title,ENT_QUOTES,$charset) . '):
';
if ( preg_match( dropbox_cnf("mailingZipRegexp"), $mailing_title, $nameParts))
{
$var = strtoupper($nameParts[2]); // the variable part of the name
$course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sel = "SELECT u.user_id, u.lastname, u.firstname, cu.status
FROM `".$_configuration['main_database']."`.`user` u
LEFT JOIN $course_user cu
ON cu.user_id = u.user_id AND cu.course_code = '".$_course['sysCode']."'";
$sel .= " WHERE u.".dropbox_cnf("mailingWhere".$var)." = '";
function getUser($thisRecip)
{
// string result = error message, array result = [user_id, lastname, firstname]
global $var, $sel; unset($students);
$result = api_sql_query($sel . $thisRecip . "'",__FILE__,__LINE__);
while ( ($res = mysql_fetch_array($result))) {$students[] = $res;}
mysql_free_result($result);
if (count($students) == 1)
{
return($students[0]);
}
elseif (count($students) > 1)
{
return ' <'.dropbox_lang("mailingFileRecipDup", "noDLTT").$var."= $thisRecip>";
}
else
{
return ' <'.dropbox_lang("mailingFileRecipNotFound", "noDLTT").$var."= $thisRecip>";
}
}
$preFix = $nameParts[1]; $postFix = $nameParts[3];
$preLen = strlen($preFix); $postLen = strlen($postFix);
function findRecipient($thisFile)
{
// string result = error message, array result = [user_id, lastname, firstname, status]
global $nameParts, $preFix, $preLen, $postFix, $postLen;
if ( preg_match(dropbox_cnf("mailingFileRegexp"), $thisFile, $matches))
{
$thisName = $matches[1];
if ( substr($thisName, 0, $preLen) == $preFix)
{
if ( $postLen == 0 || substr($thisName, -$postLen) == $postFix)
{
$thisRecip = substr($thisName, $preLen, strlen($thisName) - $preLen - $postLen);
if ( $thisRecip) return getUser($thisRecip);
return ' <'.dropbox_lang("mailingFileNoRecip", "noDLTT").'>';
}
else
{
return ' <'.dropbox_lang("mailingFileNoPostfix", "noDLTT").$postFix.'>';
}
}
else
{
return ' <'.dropbox_lang("mailingFileNoPrefix", "noDLTT").$preFix.'>';
}
}
else
{
return ' <'.dropbox_lang("mailingFileFunny", "noDLTT").'>';
}
}
if (file_exists(api_get_path(INCLUDE_PATH) . "/pclzip/pclzip.lib.php"))
{
require(api_get_path(INCLUDE_PATH) . "/pclzip/pclzip.lib.php");
}
else
{
require(api_get_path(LIBRARY_PATH) . "/pclzip/pclzip.lib.php");
}
$zipFile = new pclZip($mailing_file); $goodFiles = array();
$zipContent = $zipFile->listContent(); $ucaseFiles = array();
if ( $zipContent)
{
foreach( $zipFile->listContent() as $thisContent)
{
$thisFile = substr(strrchr('/' . $thisContent['filename'], '/'), 1);
$thisFileUcase = strtoupper($thisFile);
if ( preg_match("~.(php.*|phtml)$~i", $thisFile) )
{
$error = TRUE; $errormsg .= $thisFile . ': ' . dropbox_lang("mailingZipPhp");
break;
}
elseif ( !$thisContent['folder'])
{
if ( $ucaseFiles[$thisFileUcase])
{
$error = TRUE; $errormsg .= $thisFile . ': ' . dropbox_lang("mailingZipDups");
break;
}
else
{
$goodFiles[$thisFile] = findRecipient($thisFile);
$ucaseFiles[$thisFileUcase] = "yep";
}
}
}
}
else
{
$error = TRUE; $errormsg .= dropbox_lang("mailingZipEmptyOrCorrupt");
}
if ( !$error)
{
$students = array(); // collect all recipients in this course
foreach( $goodFiles as $thisFile => $thisRecip)
{
$errormsg .= htmlspecialchars($thisFile,ENT_QUOTES,$charset) . ': ';
if ( is_string($thisRecip)) // see findRecipient
{
$errormsg .= ''
. htmlspecialchars($thisRecip,ENT_QUOTES,$charset) . '
';
}
else
{
if ( isset( $_GET['mailingSend']))
{
$errormsg .= dropbox_lang("mailingFileSentTo");
}
else
{
$errormsg .= dropbox_lang("mailingFileIsFor");
}
$errormsg .= htmlspecialchars($thisRecip[1].' '.$thisRecip[2],ENT_QUOTES,$charset);
if ( is_null($thisRecip[3]))
{
$errormsg .= dropbox_lang("mailingFileNotRegistered");
}
else
{
$students[] = $thisRecip[0];
}
$errormsg .= '
';
}
}
// find student course members not among the recipients
$course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "SELECT u.lastname, u.firstname
FROM $course_user cu
LEFT JOIN `".$_configuration['main_database']."`.`user` u
ON cu.user_id = u.user_id AND cu.course_code = '".$_course['sysCode']."'
WHERE cu.status = 5
AND u.user_id NOT IN ('" . implode("', '" , $students) . "')";
$result = api_sql_query($sql,__FILE__,__LINE__);
if ( mysql_num_rows($result) > 0)
{
$remainingUsers = '';
while ( ($res = mysql_fetch_array($result)))
{
$remainingUsers .= ', ' . htmlspecialchars($res[0].' '.$res[1],ENT_QUOTES,$charset);
}
$errormsg .= '
' . dropbox_lang("mailingNothingFor") . substr($remainingUsers, 1) . '.
';
}
if ( isset( $_GET['mailingSend']))
{
chdir(dropbox_cnf("sysPath"));
$zipFile->extract(PCLZIP_OPT_REMOVE_ALL_PATH);
$mailingPseudoId = dropbox_cnf("mailingIdBase") + $mailing_item->id;
foreach( $goodFiles as $thisFile => $thisRecip)
{
if ( is_string($thisRecip)) // remove problem file
{
@unlink(dropbox_cnf("sysPath") . '/' . $thisFile);
}
else
{
$newName = getLoginFromId( $_user['user_id']) . "_" . $thisFile . "_" . uniqid('');
if ( rename(dropbox_cnf("sysPath") . '/' . $thisFile, dropbox_cnf("sysPath") . '/' . $newName))
new Dropbox_SentWork( $mailingPseudoId, $thisFile, $mailing_item->description, $mailing_item->author, $newName, $thisContent['size'], array($thisRecip[0]));
}
}
$sendDT = addslashes(date("Y-m-d H:i:s",time()));
// set filesize to zero on send, to avoid 2nd send (see index.php)
$sql = "UPDATE ".dropbox_cnf("tbl_file")."
SET filesize = '0'
, upload_date = '".$sendDT."', last_upload_date = '".$sendDT."'
WHERE id='".addslashes($mailing_item->id)."'";
$result =api_sql_query($sql,__FILE__,__LINE__);
}
elseif ( $mailing_item->filesize != 0)
{
$errormsg .= '
' . dropbox_lang("mailingNotYetSent") . '
';
}
}
}
else
{
$error = TRUE; $errormsg .= dropbox_lang("mailingWrongZipfile");
}
/**
* ========================================
* EXAMINE OR SEND MAILING RESULTMESSAGE
* ========================================
*/
if ( $error)
{
?>
">
">
orderSentWork ($_SESSION["sentOrder"]);
}
if ( isset($_SESSION["receivedOrder"]))
{
$dropbox_person->orderReceivedWork ($_SESSION["receivedOrder"]);
}
/*if (! $dropbox_person->isCourseAdmin || ! $dropbox_person->isCourseTutor) {
die(dropbox_lang("generalError")." (code 408)");
}*/
$tellUser = dropbox_lang("fileDeleted"); // RH: Feedback
if ( isset( $_GET['deleteReceived']))
{
if ( $_GET["deleteReceived"] == "all")
{
$dropbox_person->deleteAllReceivedWork( );
}elseif ( is_numeric( $_GET["deleteReceived"]))
{
$dropbox_person->deleteReceivedWork( $_GET['deleteReceived']);
}
else
{
die(dropbox_lang("generalError")." (code 409)");
}
}
elseif ( isset( $_GET['deleteSent'])) // RH: Feedback
{
if ( $_GET["deleteSent"] == "all")
{
$dropbox_person->deleteAllSentWork( );
}elseif ( is_numeric( $_GET["deleteSent"]))
{
$dropbox_person->deleteSentWork( $_GET['deleteSent']);
}
else
{
die(dropbox_lang("generalError")." (code 410)");
}
}
elseif ( isset( $_GET['showFeedback'])) // RH: Feedback
{
$w = new Dropbox_SentWork($id = $_GET['showFeedback']);
if ($w->uploader_id != $_user['user_id'])
getUserOwningThisMailing($w->uploader_id, $_user['user_id'], '411'); // RH or die
foreach( $w -> recipients as $r) if (($fb = $r["feedback"]))
{
$fbarray [$r["feedback_date"].$r["name"]]=
$r["name"] . ' ' . dropbox_lang("sentOn", "noDLTT") .
' ' . $r["feedback_date"] . ":\n" . $fb;
}
if ($fbarray)
{
krsort($fbarray);
echo '', "\n";
}
else
{
echo '', "\n";
}
$tellUser = dropbox_lang("showFeedback");
}
else // if ( isset( $_GET['editFeedback'])) // RH: Feedback
{
$id = $_GET['editFeedback']; $found = false;
foreach($dropbox_person->receivedWork as $w) {
if ($w->id == $id) {
$found = true; break;
}
}
if (! $found) die(dropbox_lang("generalError")." (code 415)");
echo '