You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
301 lines
12 KiB
301 lines
12 KiB
<?php
|
|
/* See license terms in /license.txt */
|
|
|
|
/* FIX for IE cache when using https */
|
|
session_cache_limiter("none");
|
|
|
|
/**
|
|
* This is an interface between Chamilo and Videoconference application
|
|
*
|
|
|
|
*/
|
|
/*==== DEBUG ====*/
|
|
$debug = 0;
|
|
/*==== CONSTANTS ==== */
|
|
define('VIDEOCONF_UPLOAD_PATH', '/videoconf');
|
|
$presentation_extension = array('.ppt', '.odp');
|
|
$image_extension = array('.png', '.jpg', '.gif', '.jpeg');
|
|
|
|
if ($debug > 0) {
|
|
// dump the request
|
|
$v = array_keys(get_defined_vars());
|
|
error_log(var_export($v, true), 3, '/tmp/log');
|
|
|
|
foreach (array_keys(get_defined_vars()) as $k) {
|
|
if ($k == 'GLOBALS') {
|
|
continue;
|
|
}
|
|
error_log($k, 3, '/tmp/log');
|
|
error_log(var_export($$k, true), 3, '/tmp/log');
|
|
}
|
|
|
|
}
|
|
|
|
|
|
/*==== Flash loose the cookie ===*/
|
|
/* needed when using the nice upload window :
|
|
if ($_SERVER['HTTP_USER_AGENT'] == 'Shockwave Flash') {
|
|
$sid = $_REQUEST['sid'];
|
|
if ($debug>0) error_log("reusing: ".$sid);
|
|
session_id($sid);
|
|
} */
|
|
|
|
/*==== INCLUDE ====*/
|
|
require_once '../inc/global.inc.php';
|
|
api_block_anonymous_users();
|
|
|
|
require_once ("../newscorm/learnpath.class.php");
|
|
require_once ("../newscorm/openoffice_presentation.class.php");
|
|
|
|
/*==== Variables initialisation ====*/
|
|
$action = $_REQUEST["action"]; //safe as only used in if()'s
|
|
$seek = array('/', '%2F', '..');
|
|
$destroy = array('', '', '');
|
|
$cidReq = str_replace($seek, $destroy, $_REQUEST["cidReq"]);
|
|
$cidReq = Security::remove_XSS($cidReq);
|
|
|
|
$user_id = api_get_user_id();
|
|
$coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
|
|
$_course = CourseManager::get_course_information($cidReq);
|
|
$_course['path'] = $_course['directory'];
|
|
// FIXME: FileManager::add_document needs this to work
|
|
$_course['dbName'] = $_course['db_name'];
|
|
|
|
// FIXME: check if CourseManager::get_user_in_course_status return !=
|
|
// COURSEMANAGER when the code is not valid
|
|
if ($debug > 0) {
|
|
error_log($coursePath, 0);
|
|
}
|
|
|
|
if ($action == "uploadgui") {
|
|
echo '<form enctype="multipart/form-data" action="api.php" method="POST">
|
|
<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
|
|
<input type="hidden" name="action" value="upload" />
|
|
<input type="hidden" name="cidReq" value="'.$cidReq.'" />
|
|
<input type="hidden" name="sid" value="'.Security::remove_XSS($_REQUEST["sid"]).'" />
|
|
|
|
'.get_lang('SelectFile').': <input name="Filedata" type="file" /><br />
|
|
<input type="submit" value="'.get_lang('UploadFile').'" />
|
|
</form>
|
|
';
|
|
die();
|
|
} else {
|
|
if ($action == "upload") {
|
|
if ($debug > 0) {
|
|
error_log("upload".$_FILES['Filedata']);
|
|
}
|
|
/*==== PERMISSION ====*/
|
|
$permissions = CourseManager::get_user_in_course_status($user_id, $cidReq);
|
|
if ($permissions != COURSEMANAGER) {
|
|
if ($debug > 0) {
|
|
error_log("Upload from videoconf not allowed !!!", 0);
|
|
}
|
|
die('Not allowed'); // this user is not allowed to add upload documents
|
|
}
|
|
/*==== UPLOAD ====*/
|
|
$destPath = $coursePath.VIDEOCONF_UPLOAD_PATH;
|
|
|
|
/*==== creation of /videoconf ====*/
|
|
if (!is_dir($destPath)) {
|
|
$result = FileManager::create_unexisting_directory(
|
|
$_course,
|
|
$user_id,
|
|
api_get_session_id(),
|
|
0,
|
|
null,
|
|
$coursePath,
|
|
VIDEOCONF_UPLOAD_PATH
|
|
);
|
|
if (!$result) {
|
|
if ($debug > 0) {
|
|
error_log("Can't create ".$destPath." folder", 0);
|
|
}
|
|
}
|
|
}
|
|
|
|
/*==== file upload ====*/
|
|
$newPath = $_FILES['Filedata']['name'];
|
|
if ($debug > 0) {
|
|
error_log($newPath);
|
|
}
|
|
|
|
/*==== extension extraction ====*/
|
|
$file_name = (strrpos($newPath, '.') > 0 ? substr($newPath, 0, strrpos($newPath, '.')) : $newPath);
|
|
$file_extension = (strrpos($newPath, '.') > 0 ? substr($newPath, strrpos($newPath, '.'), 10) : '');
|
|
if ($debug > 0) {
|
|
error_log(strrpos($newPath, '.'));
|
|
}
|
|
if ($debug > 0) {
|
|
error_log($file_extension);
|
|
}
|
|
|
|
/*==== conversion if needed ====*/
|
|
if (!in_array(strtolower($file_extension), $image_extension)) {
|
|
if ($debug > 0) {
|
|
error_log("converting: ".$file_extension);
|
|
}
|
|
$take_slide_name = false;
|
|
$o_ppt = new OpenofficePresentation($take_slide_name);
|
|
$o_ppt->set_slide_size(640, 480);
|
|
$o_ppt->convert_document($_FILES['Filedata'], 'add_docs_to_visio');
|
|
}
|
|
|
|
echo '<html><body><script language="javascript">setTimeout(1000,window.close());</script></body></html>';
|
|
} else {
|
|
if ($action == "service") {
|
|
/*==== List files ====*/
|
|
if ($debug > 0) {
|
|
error_log("sending file list", 0);
|
|
}
|
|
$subaction = $_REQUEST["subaction"];
|
|
$is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
|
|
if ($subaction == "list") {
|
|
// FIXME: check security around $_REQUEST["cwd"]
|
|
$cwd = $_REQUEST["cwd"];
|
|
|
|
|
|
// treat /..
|
|
$nParent = 0; // the number of /.. into the url
|
|
while (substr($cwd, -3, 3) == "/..") {
|
|
// go to parent directory
|
|
$cwd = substr($cwd, 0, -3);
|
|
if (strlen($cwd) == 0) {
|
|
$cwd = "/";
|
|
}
|
|
$nParent++;
|
|
}
|
|
for (; $nParent > 0; $nParent--) {
|
|
$cwd = (strrpos($cwd, '/') > -1 ? substr($cwd, 0, strrpos($cwd, '/')) : $cwd);
|
|
}
|
|
|
|
if (strlen($cwd) == 0) {
|
|
$cwd = "/";
|
|
}
|
|
|
|
if (Security::check_abs_path($cwd, api_get_path(SYS_PATH))) {
|
|
die();
|
|
}
|
|
|
|
// check if user can delete files. He must be manager and be inside /videoconf
|
|
$is_below_videoconf_dir = (substr($cwd, 0, strlen(VIDEOCONF_UPLOAD_PATH)) == VIDEOCONF_UPLOAD_PATH);
|
|
if ($debug > 0) {
|
|
error_log('Current working directory: '.$cwd);
|
|
}
|
|
if ($debug > 0) {
|
|
error_log('Videoconf upload path: '.VIDEOCONF_UPLOAD_PATH);
|
|
}
|
|
/* $canDelete = ($canDelete && $isBellowVideoConfUploadPath);
|
|
*/
|
|
$can_delete = ($is_manager && $is_below_videoconf_dir);
|
|
|
|
// get files list
|
|
$files = DocumentManager::get_all_document_data($_course, $cwd, 0, null, false);
|
|
printf("<dokeosobject><fileListMeta></fileListMeta><fileList>");
|
|
printf("<folders>");
|
|
|
|
// title filter
|
|
if (is_array($files)) {
|
|
foreach (array_keys($files) as $k) {
|
|
// converting to UTF-8
|
|
$files[$k]['title'] = api_convert_encoding(
|
|
api_strlen($files[$k]['title']) > 32 ?
|
|
api_substr($files[$k]['title'], 0, 32)."..." :
|
|
$files[$k]['title'],
|
|
'utf-8',
|
|
api_get_system_encoding()
|
|
);
|
|
// removing '<', '>' and '_'
|
|
$files[$k]['title'] = str_replace(array('<', '>', '_'), ' ', $files[$k]['title']);
|
|
}
|
|
}
|
|
|
|
if (is_array($files)) {
|
|
|
|
foreach ($files as $i) {
|
|
if ($i["filetype"] == "folder") {
|
|
printf(
|
|
'<folder><path>%s</path><title>%s</title><canDelete>%s</canDelete></folder>',
|
|
$i['path'],
|
|
$i['title'],
|
|
($can_delete ? 'true' : 'false')
|
|
);
|
|
}
|
|
}
|
|
}
|
|
printf("</folders><files>");
|
|
if (is_array($files)) {
|
|
foreach ($files as $i) {
|
|
$extension = (strrpos($i['path'], '.') > 0 ? substr(
|
|
$i['path'],
|
|
strrpos($i['path'], '.'),
|
|
10
|
|
) : '');
|
|
if ($i["filetype"] == "file" && in_array(strtolower($extension), $image_extension)) {
|
|
printf(
|
|
'<file><path>%s</path><title>%s</title><canDelete>%s</canDelete></file>',
|
|
$i['path'],
|
|
$i['title'],
|
|
($can_delete ? 'true' : 'false')
|
|
);
|
|
}
|
|
}
|
|
}
|
|
printf("</files><ppts>");
|
|
printf("</ppts>");
|
|
printf("</fileList></dokeosobject>");
|
|
} else {
|
|
if ($subaction == "delete") {
|
|
/*==== PERMISSION ====*/
|
|
$permissions = CourseManager::get_user_in_course_status($user_id, $cidReq);
|
|
if ($permissions != COURSEMANAGER) {
|
|
if ($debug > 0) {
|
|
error_log("Upload from videoconf not allowed !!!", 0);
|
|
}
|
|
die(); // this user is not allowed to add upload documents
|
|
}
|
|
/*==== DELETE ====*/
|
|
$path = str_replace('../', '', $_REQUEST["path"]);
|
|
if ((substr($path, 0, strlen(VIDEOCONF_UPLOAD_PATH)) != VIDEOCONF_UPLOAD_PATH)) {
|
|
if ($debug > 0) {
|
|
error_log("Delete from videoconf for " + $path + " NOT ALLOWED", 0);
|
|
}
|
|
die();
|
|
}
|
|
DocumentManager::delete_document($_course, $path, $coursePath);
|
|
echo "<result>OK</result>"; // We have to return something to OpenLaszlo
|
|
}
|
|
}
|
|
} else {
|
|
if ($action == "download") {
|
|
/*==== DOWNLOAD ====*/
|
|
//check if the document is in the database
|
|
if (!DocumentManager::get_document_id($_course, $_REQUEST['file'])) {
|
|
//file not found!
|
|
if ($debug > 0) {
|
|
error_log("404 ".$_REQUEST["file"]);
|
|
}
|
|
header("HTTP/1.0 404 Not Found");
|
|
$error404 = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">';
|
|
$error404 .= '<html><head>';
|
|
$error404 .= '<title>404 Not Found</title>';
|
|
$error404 .= '</head><body>';
|
|
$error404 .= '<h1>Not Found</h1>';
|
|
$error404 .= '<p>The requested URL was not found on this server.</p>';
|
|
$error404 .= '<hr>';
|
|
$error404 .= '</body></html>';
|
|
echo($error404);
|
|
exit;
|
|
}
|
|
$doc_url = str_replace('../', '', $_REQUEST['file']);
|
|
if ($debug > 0) {
|
|
error_log($doc_url);
|
|
}
|
|
$full_file_name = $coursePath.$doc_url;
|
|
if (Security::check_abs_path($full_file_name, $coursePath.'/')) {
|
|
DocumentManager::file_send_for_download($full_file_name, false);
|
|
}
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
} |