<?php
/*
    DOKEOS - elearning and course management software

    For a full list of contributors, see documentation/credits.html

	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.
    See "documentation/licence.html" more details.

    Contact: 
		Dokeos
		Rue des Palais 44 Paleizenstraat
		B-1030 Brussels - Belgium
		Tel. +32 (2) 211 34 56
*/

/**
*	@package dokeos.studentpublications
* 	@author Thomas, Hugues, Christophe - original version
* 	@author Patrick Cool <patrick.cool@UGent.be>, Ghent University - ability for course admins to specify wether uploaded documents are visible or invisible by default.
* 	@author Roan Embrechts, code refactoring and virtual course support
* 	@version $Id: work.php 10418 2006-12-07 15:48:25Z pcool $
* 
* 	@todo refactor more code into functions, use quickforms, coding standards, ...
*/
/**
==============================================================================
 * 	STUDENT PUBLICATIONS MODULE
 *
 * Note: for a more advanced module, see the dropbox tool.
 * This one is easier with less options.
 * This tool is better used for publishing things,
 * sending in assignments is better in the dropbox.
 *
 * GOALS
 * *****
 * Allow student to quickly send documents immediately
 * visible on the course website.
 *
 * The script does 5 things:
 *
 * 	1. Upload documents
 * 	2. Give them a name
 * 	3. Modify data about documents
 * 	4. Delete link to documents and simultaneously remove them
 * 	5. Show documents list to students and visitors
 *
 * On the long run, the idea is to allow sending realvideo . Which means only
 * establish a correspondence between RealServer Content Path and the user's
 * documents path.
 *
 * All documents are sent to the address /$_configuration['root_sys']/$currentCourseID/document/
 * where $currentCourseID is the web directory for the course and $_configuration['root_sys']
 * usually /var/www/html
 *
 *	Modified by Patrick Cool, february 2004:
 *	Allow course managers to specify wether newly uploaded documents should 
 *	be visible or unvisible by default
 *	This is ideal for reviewing the uploaded documents before the document 
 *	is available for everyone.
 *	
 *	note: maybe the form to change the behaviour should go into the course 
 *	properties page?
 *	note 2: maybe a new field should be created in the course table for 
 *	this behaviour.
 *
 *	We now use the show_score field since this is not used.
 *
==============================================================================
 */

/*
==============================================================================
		INIT SECTION
==============================================================================
*/

// name of the language file that needs to be included 
$language_file = "work";

// Section (for the tabs)
$this_section=SECTION_COURSES;

// @todo why is this needed? 
//session
if(isset($_GET['id_session']))
{
	$_SESSION['id_session'] = $_GET['id_session'];
}

	
/*
-----------------------------------------------------------
	Including necessary files
-----------------------------------------------------------
*/ 
include('../inc/global.inc.php');
include_once(api_get_path(LIBRARY_PATH) . "course.lib.php");
include_once(api_get_path(LIBRARY_PATH) . "debug.lib.inc.php");
include_once(api_get_path(LIBRARY_PATH) . "events.lib.inc.php");
include_once('work.lib.php');
/*
-----------------------------------------------------------
	Table definitions
-----------------------------------------------------------
*/
$tool_name = get_lang(TOOL_STUDENTPUBLICATION);
$main_course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$work_table 		= Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$iprop_table 		= Database::get_course_table(TABLE_ITEM_PROPERTY);

/*
-----------------------------------------------------------
	Constants and variables
-----------------------------------------------------------
*/


$user_id = api_get_user_id();
$course_code = $_course['sysCode'];
$is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_code, $_SESSION['id_session']);
$currentCourseRepositorySys =  api_get_path(SYS_COURSE_PATH) . $_course["path"]."/";
$currentCourseRepositoryWeb =  api_get_path(WEB_COURSE_PATH) . $_course["path"]."/";
$currentUserFirstName       = $_user['firstName'];
$currentUserLastName        = $_user['lastName'];

$authors = $_POST['authors'];
$delete = $_REQUEST['delete'];
$description = $_REQUEST['description'];
$display_tool_options = $_REQUEST['display_tool_options'];
$display_upload_form = $_REQUEST['display_upload_form'];
$edit = $_REQUEST['edit'];
$make_invisible = $_REQUEST['make_invisible'];
$make_visible = $_REQUEST['make_visible'];
$origin = $_REQUEST['origin'];
$submitGroupWorkUrl = $_REQUEST['submitGroupWorkUrl'];
$submitWork = $_REQUEST['submitWork'];
$title = $_REQUEST['title'];
$uploadvisibledisabled = $_REQUEST['uploadvisibledisabled'];
$id = (int) $_REQUEST['id'];

/*
-----------------------------------------------------------
	Configuration settings
-----------------------------------------------------------
*/
$link_target_parameter = ""; //or e.g. "target=\"_blank\"";
$always_show_tool_options = false;
$always_show_upload_form = false;
if ($always_show_tool_options)
{
	$display_tool_options = true;
}
if ($always_show_upload_form)
{
	$display_upload_form = true;
}

api_protect_course_script();

/*
-----------------------------------------------------------
	More init stuff
-----------------------------------------------------------
*/

if(isset($_POST['cancelForm']) && !empty($_POST['cancelForm']))
{
	header('Location: '.$_SERVER['PHP_SELF']."?origin=$origin");
	exit();
}

if ($submitWork || $submitGroupWorkUrl)
{
	// these libraries are only used for upload purpose
	// so we only include them when necessary
	include_once(api_get_path(INCLUDE_PATH)."lib/fileUpload.lib.php");
	include_once(api_get_path(INCLUDE_PATH)."lib/fileDisplay.lib.php"); // need format_url function
}

// If the POST's size exceeds 8M (default value in php.ini) the $_POST array is emptied
// If that case happens, we set $submitWork to 1 to allow displaying of the error message
// The redirection with header() is needed to avoid apache to show an error page on the next request
if($_SERVER['REQUEST_METHOD'] == 'POST' && !sizeof($_POST))
{
	if(strstr($_SERVER['REQUEST_URI'],'?'))
	{
		header('Location: '.$_SERVER['REQUEST_URI'].'&submitWork=1');
		exit();
	}
	else
	{
		header('Location: '.$_SERVER['REQUEST_URI'].'?submitWork=1');
		exit();
	}
}
//toolgroup comes from group. the but of tis variable is to limit post to the group of the student
if (!api_is_course_admin()){
	if (!empty($_GET['toolgroup'])){
		$toolgroup=$_GET['toolgroup'];
		api_session_register('toolgroup');
	}
}
/*
-----------------------------------------------------------
	Header
-----------------------------------------------------------
*/
if ($origin != 'learnpath')
{
	Display::display_header($tool_name,"Work");
}
else
{
	//we are in the learnpath tool
	?> <link rel="stylesheet" type="text/css" href="<?php echo api_get_path(WEB_CODE_PATH); ?>css/default.css"> <?php
}

//stats
event_access_tool(TOOL_STUDENTPUBLICATION);


$is_allowed_to_edit = api_is_allowed_to_edit(); //has to come after display_tool_view_option();
//api_display_tool_title($tool_name);


/*
==============================================================================
		MAIN CODE
==============================================================================
*/ 

if (isset($_POST['changeProperties']))
{
	$query="UPDATE ".$main_course_table." SET show_score='".$uploadvisibledisabled."' WHERE code='".$_course['sysCode']."'";
	api_sql_query($query,__FILE__,__LINE__);

	$_course['show_score']=$uploadvisibledisabled;
}
else
{
	$query="SELECT * FROM ".$main_course_table." WHERE code=\"".$_course['sysCode']."\"";
	$result=api_sql_query($query,__FILE__,__LINE__);
	$row=mysql_fetch_array($result);
	$uploadvisibledisabled = $row["show_score"];
}


/*
-----------------------------------------------------------
	Introduction section
-----------------------------------------------------------
*/
Display::display_introduction_section(TOOL_STUDENTPUBLICATION);

/*
-----------------------------------------------------------
	COMMANDS SECTION (reserved for course administrator)
-----------------------------------------------------------
*/ 
if ($is_allowed_to_edit)
{
	/*-------------------------------------------
				DELETE WORK COMMAND
	-----------------------------------------*/
	if ($delete)
	{	
		if ($delete == "all")
		{
			$queryString1 = "SELECT url FROM ".$work_table."";
			$queryString2 = "DELETE FROM  ".$work_table."";
		}
		else
		{
			$queryString1 = "SELECT url FROM  ".$work_table."  WHERE id = '$delete'";
			$queryString2 = "DELETE FROM  ".$work_table."  WHERE id='$delete'";
		}

		$result1 = api_sql_query($queryString1,__FILE__,__LINE__);
		$result2 = api_sql_query($queryString2,__FILE__,__LINE__);

		if ($result1)
		{
			while ($thisUrl = mysql_fetch_array($result1))
			{
				// check the url really points to a file in the work area
				// (some work links can come from groups area...)

				if (substr (dirname($thisUrl['url']), -4) == "work")
				{
					@unlink($currentCourseRepositorySys."work/".$thisWork);
				}
			}
		}
	}

	/*-------------------------------------------
	           EDIT COMMAND WORK COMMAND
	  -----------------------------------------*/

	if ($edit)
	{
		$sql    = "SELECT * FROM  ".$work_table."  WHERE id='".$edit."'";
		$result = api_sql_query($sql,__FILE__,__LINE__);

		if ($result)
		{
			$row = mysql_fetch_array($result);

			$workTitle       = $row ['title'      ];
			$workAuthor      = $row ['author'     ];
			$workDescription = $row ['description'];
			$workUrl         = $row ['url'        ];
		}
	}


	/*-------------------------------------------
		MAKE INVISIBLE WORK COMMAND
	  -----------------------------------------*/

	if ($make_invisible)
	{
		if ($make_invisible == "all")
		{
			$sql = "ALTER TABLE ".$work_table."
			        CHANGE accepted accepted TINYINT(1) DEFAULT '0'";

			api_sql_query($sql,__FILE__,__LINE__);

			$sql = "UPDATE  ".$work_table."
			        SET accepted = 0";

			api_sql_query($sql,__FILE__,__LINE__);
		}
		else
		{
			$sql = "UPDATE  ".$work_table."
			        SET accepted = 0
					WHERE id = '".$make_invisible."'";

			api_sql_query($sql,__FILE__,__LINE__);
		}
	}


	/*-------------------------------------------
		MAKE VISIBLE WORK COMMAND
	  -----------------------------------------*/

	if ($make_visible)
	{
		if ($make_visible == "all")
		{
			$sql = "ALTER TABLE  ".$work_table."
			        CHANGE accepted accepted TINYINT(1) DEFAULT '1'";

			api_sql_query($sql,__FILE__,__LINE__);

			$sql = "UPDATE  ".$work_table."
			        SET accepted = 1";

			api_sql_query($sql,__FILE__,__LINE__);

		}
		else
		{
			$sql = "UPDATE  ".$work_table."
			        SET accepted = 1
					WHERE id = '".$make_visible."'";

			api_sql_query($sql,__FILE__,__LINE__);
		}
	}

}

/*
==============================================================================
		FORM SUBMIT PROCEDURE
==============================================================================
*/ 

$error_message="";

if($submitWork && $is_course_member)
{
	if($_FILES['file']['size'])
	{
		$updir           = $currentCourseRepositorySys.'work/'; //directory path to upload

		// Try to add an extension to the file if it has'nt one
		$new_file_name = add_ext_on_mime(stripslashes($_FILES['file']['name']),$_FILES['file']['type']);

		// Replace dangerous characters
		$new_file_name = replace_dangerous_char($new_file_name,'strict');

		// Transform any .php file in .phps fo security
		$new_file_name = php2phps($new_file_name);

		if( ! $title )
		{
			$title = $_FILES['file']['name'];
		}

		if ( ! $authors)
		{
			$authors = $currentUserFirstName." ".$currentUserLastName;
		}

		// compose a unique file name to avoid any conflict

		$new_file_name = uniqid('').$new_file_name;
		
		if (isset($_SESSION['toolgroup']))
		{
			$post_group_id = $_SESSION['toolgroup'];
		}
		else{$post_group_id = '0';}
		//if we come from the group tools the groupid will be saved in $work_table

		move_uploaded_file($_FILES['file']['tmp_name'],$updir.$new_file_name);

		$url = "work/".$new_file_name;

		$result = api_sql_query("SHOW FIELDS FROM ".$work_table." LIKE 'sent_date'",__FILE__,__LINE__);

		if(!mysql_num_rows($result))
		{
			api_sql_query("ALTER TABLE ".$work_table." ADD sent_date DATETIME NOT NULL");
		}

		$sql_add_publication = "INSERT INTO ".$work_table."
		               SET url         = '".mysql_real_escape_string($url)."',
					       title       = '".mysql_real_escape_string($title)."',
		                   description = '".mysql_real_escape_string($description)."',
		                   author      = '".mysql_real_escape_string($authors)."',
						   active		= '".$active."',
						   accepted		= '".(!$uploadvisibledisabled)."',
						   post_group_id = '".$post_group_id."',
						   sent_date	= NOW()";

		api_sql_query($sql_add_publication,__FILE__,__LINE__);

        $Id = mysql_insert_id();
        api_item_property_update($_course,'work',$Id,get_lang('DocumentAdded'),$user_id);       
		$succeed = true;
	}

	/*
	 * SPECIAL CASE ! For a work coming from another area (i.e. groups)
	 */

	elseif ($newWorkUrl)
	{

		$url = str_replace('../../'.$_course['path'].'/','',$newWorkUrl);


		if( ! $title )
		{
			$title = basename($workUrl);
		}

		$result = api_sql_query("SHOW FIELDS FROM ".$work_table." LIKE 'sent_date'",__FILE__,__LINE__);

		if(!mysql_num_rows($result))
		{
			api_sql_query("ALTER TABLE ".$work_table." ADD sent_date DATETIME NOT NULL");
		}

		$sql = "INSERT INTO  ".$work_table."
		        SET url         = '".$url."',
		            title       = '".$title."',
		            description = '".$description."',
		            author      = '".$authors."',
		            sent_date     = NOW()";

		api_sql_query($sql,__FILE__,__LINE__);

		$insertId = mysql_insert_id();
		api_item_property_update($_course,'work',$insertId,get_lang('DocumentAdded'),$user_id);
		$succeed = true;
	}

	/*
	 * SPECIAL CASE ! For a work edited
	 */

	else
	{
		//Get the author ID for that document from the item_property table
		$is_author = false;
		$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=".mysql_real_escape_string($id);
		$author_qry = api_sql_query($author_sql,__FILE__,__LINE__);
		if(Database::num_rows($author_qry)==1)
		{
			$is_author=true;
		}
		
		if ($id && ($is_allowed_to_edit or $is_author))
		{
			if( ! $title )
			{
				$title = basename($newWorkUrl);
			}
	
			$sql = "UPDATE  ".$work_table."
			        SET	title       = '".$title."',
			            description = '".$description."',
			            author      = '".$authors."'
			        WHERE id        = '".$id."'";
	
			api_sql_query($sql,__FILE__,__LINE__);
	        $insertId = $id;
	        api_item_property_update($_course,'work',$insertId,get_lang('DocumentUpdated'),$user_id);
			$succeed = true;
		}
		else
		{
			$error_message = get_lang('TooBig');
		}
	}
}
if ($submitWork && $succeed &&!$id) //last value is to check this is not "just" an edit
{
		//YW Tis part serve to send a e-mail to the tutors when a new file is send
	// Lets predefine some variables. Be sure to change the from address!
	$table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
	$table_user = Database::get_main_table(TABLE_MAIN_USER);
	$sql_resp = 'SELECT u.email as myemail FROM '.$table_course_user.' cu, '.$table_user.' u WHERE cu.course_code = '."'".api_get_course_id()."'".' AND cu.status = 1 AND u.user_id = cu.user_id';
	//echo $sql_resp;
	$res_resp = api_sql_query($sql_resp,__FILE__,__LINE__);
	if(Database::num_rows($res_resp)>0){
		$emailto = '';
		while($row_email = Database::fetch_array($res_resp)){
			if(!empty($row_email['myemail'])){
				$emailto .= $row_email['myemail'].',';
			}
		}
		$emailfromaddr = get_setting('emailAdministrator');
		$emailfromname = get_setting('siteName');
		$emailsubject  = "[".get_setting('siteName')."] ";
	
		// The body can be as long as you wish, and any combination of text and variables
	
		//$emailbody=get_lang('SendMailBody').' '.api_get_path(WEB_CODE_PATH)."work/work.php?".api_get_cidreq()." ($title)\n\n".get_setting('administratorName')." ".get_setting('administratorSurname')."\n". get_lang('Manager'). " ".get_setting('siteName')."\nT. ".get_setting('administratorTelephone')."\n" .get_lang('Email') ." : ".get_setting('emailAdministrator');
		$emailbody=get_lang('SendMailBody').' '.api_get_path(WEB_CODE_PATH)."work/work.php?".api_get_cidreq()." ($title)\n\n".get_setting('administratorName')." ".get_setting('administratorSurname')."\n". get_lang('Manager'). " ".get_setting('siteName')."\n" .get_lang('Email') ." : ".get_setting('emailAdministrator');
	
		// Here we are forming one large header line
		// Every header must be followed by a \n except the last
		$emailheaders = "From: ".get_setting('administratorSurname')." ".get_setting('administratorName')." <".get_setting('emailAdministrator').">\n";
		$emailheaders .= "Reply-To: ".get_setting('emailAdministrator');
	
		// Because I predefined all of my variables, this api_send_mail() function looks nice and clean hmm?
		@api_send_mail( $emailto, $emailsubject, $emailbody, $emailheaders);
	}
	$message = get_lang('DocAdd');
    if ($uploadvisibledisabled && !$is_allowed_to_edit)
	{
		$message .= "<br />".get_lang('_doc_unvisible')."<br />";
	}

	//stats
	if(!$Id) { $Id = $insertId; }
    event_upload($Id);
	$submit_success_message	= $message . "<br />\n";
	Display::display_normal_message($submit_success_message);
}

//{
	/*=======================================
		 Display links to upload form and tool options
	  =======================================*/
	
	display_action_links($always_show_tool_options, $always_show_upload_form);

	/*=======================================
		 Display form to upload document
	  =======================================*/
	  
	if($is_course_member)
	{
		if ($display_upload_form || $edit)
		{
			if($edit){
				//Get the author ID for that document from the item_property table
				$is_author = false;
				$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=".mysql_real_escape_string($edit);
				$author_qry = api_sql_query($author_sql,__FILE__,__LINE__);
				if(Database::num_rows($author_qry)==1)
				{
					$is_author = true;
				}
			}

			echo	"<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."?origin=$origin\" enctype=\"multipart/form-data\" >\n",
					
					"<table>\n";
	
			if(!empty($error_message)) Display::display_error_message($error_message);
	
			if ($submitGroupWorkUrl) // For user comming from group space to publish his work
			{
				$realUrl = str_replace ($_configuration['root_sys'], $_configuration['root_web'], str_replace("\\", "/", realpath($submitGroupWorkUrl) ) ) ;
	
				echo	"<tr>\n",
	
						"<td align=\"right\">",
						"<input type=\"hidden\" name=\"newWorkUrl\" value=\"",$submitGroupWorkUrl,"\">",
						get_lang("Document")," : ",
						"</td>\n",
						"<td align=\"right\">",
						"<a href=\"",format_url($submitGroupWorkUrl),"\">",$realUrl,"</a>",
						"</td>\n",
	
						"</tr>\n";
			}
			elseif ($edit && ($is_allowed_to_edit or $is_author))
			{
				$workUrl = $currentCourseRepositoryWeb.$workUrl;
	
				echo	"<tr>\n",
	
						"<td>",
						"<input type=\"hidden\" name=\"id\" value=\"",$edit,"\">\n",
						get_lang('Document')," : ",
						"</td>\n",
	
						"<td>",
						"<a href=\"",$workUrl,"\">",$workUrl,"</a>",
						"</td>\n",
	
						"</tr>\n";
			}
			else // else standard upload option
			{
				echo	"<tr>\n",
	
						"<td  align=\"right\"><strong>",
						get_lang("DownloadFile"),"</strong>&nbsp;&nbsp;",
						"</td>\n",
	
						"<td>",
						"<input type=\"file\" name=\"file\" size=\"20\">",
						"</td>\n",
	
						"</tr>\n";
			}
	
			if(empty($authors))
			{
				$authors=$_user['lastName']." ".$_user['firstName'];
			}
	
			echo	"<tr>\n",
	
					"<td  align=\"right\"><strong>",
					get_lang("TitleWork"),"</strong>&nbsp;&nbsp;",
					"</td>\n",
	
					"<td>",
					"<input type=\"text\" name=\"title\" value=\"",($edit?htmlentities(stripslashes($workTitle)):htmlentities(stripslashes($title))),"\" size=\"30\">",
					"</td>\n",
	
					"</tr>\n",
	
					"<tr>\n",
	
					"<td valign=\"top\"  align=\"right\"><strong>",
					get_lang("Authors")."</strong>&nbsp;&nbsp;",
					"</td>\n",
	
					"<td>",
					"<input type=\"text\" name=\"authors\" value=\"",($edit?htmlentities(stripslashes($workAuthor)):htmlentities(stripslashes($authors))),"\" size=\"30\">\n",
					"</td>\n",
	
					"</tr>\n",
	
					"<tr>\n",
	
					"<td valign=\"top\"  align=\"right\">",
					get_lang("Description"),"&nbsp;&nbsp;",
					"</td>\n",
	
					"<td>",
					"<textarea name=\"description\" cols=\"30\" rows=\"3\">",
					($edit?htmlentities(stripslashes($workDescription)):htmlentities(stripslashes($description))),
					"</textarea>",
					"<input type=\"hidden\" name=\"active\" value=\"1\">",
					"<input type=\"hidden\" name=\"accepted\" value=\"1\">",
					"</td>\n",
	
					"</tr>\n",
	
					"<tr>\n",
	
					"<td></td>",
	
					"<td>",
					"<input type=\"submit\" name=\"submitWork\" value=\"".get_lang('Ok')."\">";
	
			if($submitWork || $edit)
			{
				echo "&nbsp;&nbsp;<input type=\"submit\" name=\"cancelForm\" value=\"".get_lang('Cancel')."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang('ConfirmYourChoice')))."')) return false;\">";
			}
	
			echo	"</td>\n",
	
					"</tr>\n",
	
					"</table>\n",
	
					"</form>\n",
	
					"<p>&nbsp;</p>";
		}
	}
	else
	{
		//the user is not registered in this course
		echo "<p style=\"font-weight:bold\">" . get_lang("MustBeRegisteredUser") . "</p>";
	}

/*
==============================================================================
		Display of tool options
==============================================================================
*/

	if ($display_tool_options)
	{
		display_tool_options($uploadvisibledisabled, $origin);
	}

/*
==============================================================================
		Display list of student publications
==============================================================================
*/

	/*if ( ! $id )*/ display_student_publications_list($currentCourseRepositoryWeb, $link_target_parameter, $dateFormatLong, $origin);
//}

/*
==============================================================================
		Footer 
==============================================================================
*/ 
if ($origin != 'learnpath')
{
	//we are not in the learning path tool
	Display::display_footer();
}
?>