, Ghent University - ability for course admins to specify wether uploaded documents are visible or invisible by default. * @author Roan Embrechts, code refactoring and virtual course support * @author Frederic Vauthier, directories management * @version $Id: work.php 10875 2007-01-24 15:37:27Z bmol $ * * @todo refactor more code into functions, use quickforms, coding standards, ... */ /** ============================================================================== * STUDENT PUBLICATIONS MODULE * * Note: for a more advanced module, see the dropbox tool. * This one is easier with less options. * This tool is better used for publishing things, * sending in assignments is better in the dropbox. * * GOALS * ***** * Allow student to quickly send documents immediately * visible on the course website. * * The script does 5 things: * * 1. Upload documents * 2. Give them a name * 3. Modify data about documents * 4. Delete link to documents and simultaneously remove them * 5. Show documents list to students and visitors * * On the long run, the idea is to allow sending realvideo . Which means only * establish a correspondence between RealServer Content Path and the user's * documents path. * * All documents are sent to the address /$_configuration['root_sys']/$currentCourseID/document/ * where $currentCourseID is the web directory for the course and $_configuration['root_sys'] * usually /var/www/html * * Modified by Patrick Cool, february 2004: * Allow course managers to specify wether newly uploaded documents should * be visible or unvisible by default * This is ideal for reviewing the uploaded documents before the document * is available for everyone. * * note: maybe the form to change the behaviour should go into the course * properties page? * note 2: maybe a new field should be created in the course table for * this behaviour. * * We now use the show_score field since this is not used. * ============================================================================== */ /* ============================================================================== INIT SECTION ============================================================================== */ // name of the language file that needs to be included $language_file = array('work','document','admin'); // Section (for the tabs) $this_section=SECTION_COURSES; // @todo why is this needed? //session if(isset($_GET['id_session'])) { $_SESSION['id_session'] = $_GET['id_session']; } /* ----------------------------------------------------------- Including necessary files ----------------------------------------------------------- */ include('../inc/global.inc.php'); include_once(api_get_path(LIBRARY_PATH) . "course.lib.php"); include_once(api_get_path(LIBRARY_PATH) . "debug.lib.inc.php"); include_once(api_get_path(LIBRARY_PATH) . "events.lib.inc.php"); include_once('work.lib.php'); /* ----------------------------------------------------------- Table definitions ----------------------------------------------------------- */ $main_course_table = Database::get_main_table(TABLE_MAIN_COURSE); $work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION); $iprop_table = Database::get_course_table(TABLE_ITEM_PROPERTY); /* ----------------------------------------------------------- Constants and variables ----------------------------------------------------------- */ $tool_name = get_lang('StudentPublications'); $user_id = api_get_user_id(); $course_code = $_course['sysCode']; $is_course_member = CourseManager::is_user_subscribed_in_real_or_linked_course($user_id, $course_code, $_SESSION['id_session']); $currentCourseRepositorySys = api_get_path(SYS_COURSE_PATH) . $_course["path"]."/"; $currentCourseRepositoryWeb = api_get_path(WEB_COURSE_PATH) . $_course["path"]."/"; $currentUserFirstName = $_user['firstName']; $currentUserLastName = $_user['lastName']; $authors = $_POST['authors']; $delete = $_REQUEST['delete']; $description = $_REQUEST['description']; $display_tool_options = $_REQUEST['display_tool_options']; $display_upload_form = $_REQUEST['display_upload_form']; $edit = $_REQUEST['edit']; $make_invisible = $_REQUEST['make_invisible']; $make_visible = $_REQUEST['make_visible']; $origin = $_REQUEST['origin']; $submitGroupWorkUrl = $_REQUEST['submitGroupWorkUrl']; $title = $_REQUEST['title']; $uploadvisibledisabled = $_REQUEST['uploadvisibledisabled']; $id = (int) $_REQUEST['id']; //directories management $sys_course_path = api_get_path(SYS_COURSE_PATH); $course_dir = $sys_course_path.$_course['path']; $base_work_dir = $course_dir.'/work'; $http_www = api_get_path('WEB_COURSE_PATH').$_course['path'].'/work'; if(isset($_GET['curdirpath']) && $_GET['curdirpath']!='') { $cur_dir_path = preg_replace('#[\.]+/#','',$_GET['curdirpath']); //escape '..' hack attempts } elseif (isset($_POST['curdirpath']) && $_POST['curdirpath']!='') { $cur_dir_path = preg_replace('#[\.]+/#','/',$_POST['curdirpath']); //escape '..' hack attempts } else { $cur_dir_path = '/'; } if (!is_subdir_of($cur_dir_path,$base_work_dir) or ($cur_dir_path == '.')) { $cur_dir_path='/'; } $cur_dir_path_url = urlencode($cur_dir_path); //prepare a form of path that can easily be added at the end of any url ending with "work/" $my_cur_dir_path = $cur_dir_path; if($my_cur_dir_path == '/') { $my_cur_dir_path = ''; } elseif(substr($my_cur_dir_path,-1,1)!='/') { $my_cur_dir_path = $my_cur_dir_path.'/'; } /* ----------------------------------------------------------- Configuration settings ----------------------------------------------------------- */ $link_target_parameter = ""; //or e.g. "target=\"_blank\""; $always_show_tool_options = false; $always_show_upload_form = false; if ($always_show_tool_options) { $display_tool_options = true; } if ($always_show_upload_form) { $display_upload_form = true; } api_protect_course_script(); /* ----------------------------------------------------------- More init stuff ----------------------------------------------------------- */ if(isset($_POST['cancelForm']) && !empty($_POST['cancelForm'])) { header('Location: '.$_SERVER['PHP_SELF']."?origin=$origin"); exit(); } if ($_POST['submitWork'] || $submitGroupWorkUrl) { // these libraries are only used for upload purpose // so we only include them when necessary include_once(api_get_path(INCLUDE_PATH)."lib/fileUpload.lib.php"); include_once(api_get_path(INCLUDE_PATH)."lib/fileDisplay.lib.php"); // need format_url function } // If the POST's size exceeds 8M (default value in php.ini) the $_POST array is emptied // If that case happens, we set $submitWork to 1 to allow displaying of the error message // The redirection with header() is needed to avoid apache to show an error page on the next request if($_SERVER['REQUEST_METHOD'] == 'POST' && !sizeof($_POST)) { if(strstr($_SERVER['REQUEST_URI'],'?')) { header('Location: '.$_SERVER['REQUEST_URI'].'&submitWork=1'); exit(); } else { header('Location: '.$_SERVER['REQUEST_URI'].'?submitWork=1'); exit(); } } //toolgroup comes from group. the but of tis variable is to limit post to the group of the student if (!api_is_course_admin()){ if (!empty($_GET['toolgroup'])) { $toolgroup=$_GET['toolgroup']; api_session_register('toolgroup'); } } /* ----------------------------------------------------------- Header ----------------------------------------------------------- */ if ($origin != 'learnpath') { Display::display_header($tool_name,"Work"); } else { //we are in the learnpath tool ?> ".$created_dir." was created!"); Display::display_normal_message(''.get_lang('DirCr').''); //uncomment if you want to enter the created dir //$curdirpath = $created_dir; //$curdirpathurl = urlencode($curdirpath); } else { Display::display_error_message(get_lang('CannotCreateDir')); } } /* ------------------- * Delete dir command --------------------*/ if(!empty($_REQUEST['delete_dir'])) { //TODO implement del_dir($base_work_dir.'/',$_REQUEST['delete_dir']); Display::display_normal_message($_REQUEST['delete_dir'].' '.get_lang('DirDeleted')); } /* ---------------------- * Move file form request ----------------------- */ if(!empty($_REQUEST['move'])) { $folders = get_subdirs_list($base_work_dir,1); Display::display_normal_message(build_move_to_selector($folders,$cur_dir_path,$_REQUEST['move'])); } /* ------------------ * Move file command ------------------- */ if (isset($_POST['move_to']) && isset($_POST['move_file'])) { include_once(api_get_path(LIBRARY_PATH) . "/fileManage.lib.php"); $move_to = $_POST['move_to']; if($move_to == '/' or empty($move_to)) { $move_to = ''; } elseif(substr($move_to,-1,1)!='/') { $move_to = $move_to.'/'; } //security fix: make sure they can't move files that are not in the document table if($path = get_work_path($_POST['move_file'])) { //echo "got path $path"; //Display::display_normal_message('We want to move '.$_POST['move_file'].' to '.$_POST['move_to']); if ( move($course_dir.'/'.$path,$base_work_dir.'/'.$move_to) ) { //update db update_work_url($_POST['move_file'],'work/'.$move_to); //set the current path $cur_dir_path = $move_to; $cur_dir_path_url = urlencode($move_to); Display::display_normal_message(get_lang('DirMv')); } else { Display::display_error_message(get_lang('Impossible')); } } else { Display::display_error_message(get_lang('Impossible')); } } } /* ----------------------------------------------------------- COMMANDS SECTION (reserved for others - check they're authors each time) ----------------------------------------------------------- */ else { $iprop_table = Database::get_course_table(TABLE_ITEM_PROPERTY); $user_id = api_get_user_id(); /*------------------------------------------- DELETE WORK COMMAND -----------------------------------------*/ if ($delete) { if ($delete == "all") { /*not authorized to this user */ } else { //Get the author ID for that document from the item_property table $author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=".mysql_real_escape_string($delete); $author_qry = api_sql_query($author_sql,__FILE__,__LINE__); if(Database::num_rows($author_qry)==1) { //we found the current user is the author $queryString1 = "SELECT url FROM ".$work_table." WHERE id = '$delete'"; $queryString2 = "DELETE FROM ".$work_table." WHERE id='$delete'"; $result1 = api_sql_query($queryString1,__FILE__,__LINE__); $result2 = api_sql_query($queryString2,__FILE__,__LINE__); if ($result1) { api_item_property_update($_course,'work',$delete,get_lang('DocumentDeleted'),$user_id); while ($thisUrl = mysql_fetch_array($result1)) { // check the url really points to a file in the work area // (some work links can come from groups area...) if (substr (dirname($thisUrl['url']), -4) == "work") { @unlink($currentCourseRepositorySys."work/".$thisWork); } } } } } } /*------------------------------------------- EDIT COMMAND WORK COMMAND -----------------------------------------*/ if ($edit) { //Get the author ID for that document from the item_property table $author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=".mysql_real_escape_string($edit); $author_qry = api_sql_query($author_sql,__FILE__,__LINE__); if(Database::num_rows($author_qry)==1) { //we found the current user is the author $sql = "SELECT * FROM ".$work_table." WHERE id='".$edit."'"; $result = api_sql_query($sql,__FILE__,__LINE__); if ($result) { $row = mysql_fetch_array($result); $workTitle = $row ['title' ]; $workAuthor = $row ['author' ]; $workDescription = $row ['description']; $workUrl = $row ['url' ]; } } } } /* ============================================================================== FORM SUBMIT PROCEDURE ============================================================================== */ $error_message=""; if($_POST['submitWork'] && $is_course_member) { if($_FILES['file']['size']) { $updir = $currentCourseRepositorySys.'work/'; //directory path to upload // Try to add an extension to the file if it has'nt one $new_file_name = add_ext_on_mime(stripslashes($_FILES['file']['name']),$_FILES['file']['type']); // Replace dangerous characters $new_file_name = replace_dangerous_char($new_file_name,'strict'); // Transform any .php file in .phps fo security $new_file_name = php2phps($new_file_name); if( ! $title ) { $title = $_FILES['file']['name']; } if ( ! $authors) { $authors = $currentUserFirstName." ".$currentUserLastName; } // compose a unique file name to avoid any conflict $new_file_name = uniqid('').$new_file_name; if (isset($_SESSION['toolgroup'])) { $post_group_id = $_SESSION['toolgroup']; } else { $post_group_id = '0'; } //if we come from the group tools the groupid will be saved in $work_table move_uploaded_file($_FILES['file']['tmp_name'],$updir.$my_cur_dir_path.$new_file_name); $url = "work/".$my_cur_dir_path.$new_file_name; $result = api_sql_query("SHOW FIELDS FROM ".$work_table." LIKE 'sent_date'",__FILE__,__LINE__); if(!mysql_num_rows($result)) { api_sql_query("ALTER TABLE ".$work_table." ADD sent_date DATETIME NOT NULL"); } $sql_add_publication = "INSERT INTO ".$work_table." SET url = '".mysql_real_escape_string($url)."', title = '".mysql_real_escape_string($title)."', description = '".mysql_real_escape_string($description)."', author = '".mysql_real_escape_string($authors)."', active = '".$active."', accepted = '".(!$uploadvisibledisabled)."', post_group_id = '".$post_group_id."', sent_date = NOW()"; api_sql_query($sql_add_publication,__FILE__,__LINE__); $Id = mysql_insert_id(); api_item_property_update($_course,'work',$Id,get_lang('DocumentAdded'),$user_id); $succeed = true; } /* * SPECIAL CASE ! For a work coming from another area (i.e. groups) */ elseif ($newWorkUrl) { $url = str_replace('../../'.$_course['path'].'/','',$newWorkUrl); if( ! $title ) { $title = basename($workUrl); } $result = api_sql_query("SHOW FIELDS FROM ".$work_table." LIKE 'sent_date'",__FILE__,__LINE__); if(!mysql_num_rows($result)) { api_sql_query("ALTER TABLE ".$work_table." ADD sent_date DATETIME NOT NULL"); } $sql = "INSERT INTO ".$work_table." SET url = '".$url."', title = '".$title."', description = '".$description."', author = '".$authors."', sent_date = NOW()"; api_sql_query($sql,__FILE__,__LINE__); $insertId = mysql_insert_id(); api_item_property_update($_course,'work',$insertId,get_lang('DocumentAdded'),$user_id); $succeed = true; } /* * SPECIAL CASE ! For a work edited */ else { //Get the author ID for that document from the item_property table $is_author = false; $author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=".mysql_real_escape_string($id); $author_qry = api_sql_query($author_sql,__FILE__,__LINE__); if(Database::num_rows($author_qry)==1) { $is_author=true; } if ($id && ($is_allowed_to_edit or $is_author)) { if( ! $title ) { $title = basename($newWorkUrl); } $sql = "UPDATE ".$work_table." SET title = '".$title."', description = '".$description."', author = '".$authors."' WHERE id = '".$id."'"; api_sql_query($sql,__FILE__,__LINE__); $insertId = $id; api_item_property_update($_course,'work',$insertId,get_lang('DocumentUpdated'),$user_id); $succeed = true; } else { $error_message = get_lang('TooBig'); } } } if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is not "just" an edit { //YW Tis part serve to send a e-mail to the tutors when a new file is send // Lets predefine some variables. Be sure to change the from address! $table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER); $table_user = Database::get_main_table(TABLE_MAIN_USER); $sql_resp = 'SELECT u.email as myemail FROM '.$table_course_user.' cu, '.$table_user.' u WHERE cu.course_code = '."'".api_get_course_id()."'".' AND cu.status = 1 AND u.user_id = cu.user_id'; //echo $sql_resp; $res_resp = api_sql_query($sql_resp,__FILE__,__LINE__); if(Database::num_rows($res_resp)>0){ $emailto = ''; while($row_email = Database::fetch_array($res_resp)){ if(!empty($row_email['myemail'])){ $emailto .= $row_email['myemail'].','; } } $emailfromaddr = get_setting('emailAdministrator'); $emailfromname = get_setting('siteName'); $emailsubject = "[".get_setting('siteName')."] "; // The body can be as long as you wish, and any combination of text and variables //$emailbody=get_lang('SendMailBody').' '.api_get_path(WEB_CODE_PATH)."work/work.php?".api_get_cidreq()." ($title)\n\n".get_setting('administratorName')." ".get_setting('administratorSurname')."\n". get_lang('Manager'). " ".get_setting('siteName')."\nT. ".get_setting('administratorTelephone')."\n" .get_lang('Email') ." : ".get_setting('emailAdministrator'); $emailbody=get_lang('SendMailBody').' '.api_get_path(WEB_CODE_PATH)."work/work.php?".api_get_cidreq()." ($title)\n\n".get_setting('administratorName')." ".get_setting('administratorSurname')."\n". get_lang('Manager'). " ".get_setting('siteName')."\n" .get_lang('Email') ." : ".get_setting('emailAdministrator'); // Here we are forming one large header line // Every header must be followed by a \n except the last $emailheaders = "From: ".get_setting('administratorSurname')." ".get_setting('administratorName')." <".get_setting('emailAdministrator').">\n"; $emailheaders .= "Reply-To: ".get_setting('emailAdministrator'); // Because I predefined all of my variables, this api_send_mail() function looks nice and clean hmm? @api_send_mail( $emailto, $emailsubject, $emailbody, $emailheaders); } $message = get_lang('DocAdd'); if ($uploadvisibledisabled && !$is_allowed_to_edit) { $message .= "
".get_lang('_doc_unvisible')."
"; } //stats if(!$Id) { $Id = $insertId; } event_upload($Id); $submit_success_message = $message . "
\n"; Display::display_normal_message($submit_success_message); } //{ /*======================================= Display links to upload form and tool options =======================================*/ display_action_links($cur_dir_path,$always_show_tool_options, $always_show_upload_form); /*======================================= Display form to upload document =======================================*/ if($is_course_member) { if ($display_upload_form || $edit) { if($edit){ //Get the author ID for that document from the item_property table $is_author = false; $author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=".mysql_real_escape_string($edit); $author_qry = api_sql_query($author_sql,__FILE__,__LINE__); if(Database::num_rows($author_qry)==1) { $is_author = true; } } echo "
\n", "\n"; if(!empty($error_message)) Display::display_error_message($error_message); if ($submitGroupWorkUrl) // For user comming from group space to publish his work { $realUrl = str_replace ($_configuration['root_sys'], $_configuration['root_web'], str_replace("\\", "/", realpath($submitGroupWorkUrl) ) ) ; echo "\n", "\n", "\n", "\n"; } elseif ($edit && ($is_allowed_to_edit or $is_author)) { $workUrl = $currentCourseRepositoryWeb.$workUrl; echo "\n", "\n", "\n", "\n"; } else // else standard upload option { echo "\n", "\n", "\n", "\n"; } if(empty($authors)) { $authors=$_user['lastName']." ".$_user['firstName']; } echo "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "", "\n", "\n", "
", "", get_lang("Document")," : ", "", "",$realUrl,"", "
", "\n", get_lang('Document')," : ", "", "",$workUrl,"", "
", get_lang("DownloadFile"),"  ", "", "", "
", get_lang("TitleWork"),"  ", "", "", "
", get_lang("Authors")."  ", "", "\n", "
", get_lang("Description"),"  ", "", "", "", "", "
", ""; if($_POST['submitWork'] || $edit) { echo "  "; } echo "
\n", "
\n", "

 

"; } //show them the form for the directory name if(isset($_REQUEST['createdir']) && $is_allowed_to_edit) { //create the form that asks for the directory name $new_folder_text = '
'; $new_folder_text .= ''; $new_folder_text .= get_lang('NewDir') .' '; $new_folder_text .= ''; $new_folder_text .= ''; $new_folder_text .= '
'; //show the form echo $new_folder_text; } } else { //the user is not registered in this course echo "

" . get_lang("MustBeRegisteredUser") . "

"; } /* ============================================================================== Display of tool options ============================================================================== */ if ($display_tool_options) { display_tool_options($uploadvisibledisabled, $origin,$base_work_dir,$cur_dir_path,$cur_dir_path_url); } /* ============================================================================== Display list of student publications ============================================================================== */ if($cur_dir_path =='/'){$my_cur_dir_path = '';}else{$my_cur_dir_path = $cur_dir_path;} display_student_publications_list($base_work_dir.'/'.$my_cur_dir_path,'work/'.$my_cur_dir_path,$currentCourseRepositoryWeb, $link_target_parameter, $dateFormatLong, $origin); //} /* ============================================================================== Footer ============================================================================== */ if ($origin != 'learnpath') { //we are not in the learning path tool Display::display_footer(); } ?>