dokeos
[ class tree: dokeos ] [ index: dokeos ] [ all elements ]
Packages:
dokeos

Cpdf
dokeos-admin
dokeos-announcements
dokeos-auth
dokeos-auth-ldap
dokeos-backup
dokeos-blogs
dokeos-calendar
dokeos-chat
dokeos-course_description
dokeos-course_home
dokeos-course_info
dokeos-create_course
dokeos-document
dokeos-dropbox
dokeos-exercise
dokeos-external_module
dokeos-forum
dokeos-gradebook
dokeos-group
dokeos-help
dokeos-inc-lib-javascript
dokeos-include
dokeos-install
dokeos-learningpath
dokeos-learnpath
dokeos-learnpath-aicc
dokeos-learnpath-openofficedocument
dokeos-learnpath-scorm
dokeos-library
dokeos-link
dokeos-main
dokeos-metadata
dokeos-online
dokeos-plugin
dokeos-resourcelinker
dokeos-scorm
dokeos-search
dokeos-statistics
dokeos-studentpublications
dokeos-survey
dokeos-tracking
dokeos-upload
dokeos-user
dokeos-whoisonline
HTML_QuickForm
HTML_QuickForm_advmultiselect
HTML_QuickForm_Controller
HTML_Table
Image
ImageManager
kses
OLE
Pager
PEAR
PHPMailer
QuickForm
scorm-learnpath
Spreadsheet_Excel_Writer
xajax

Source for file api.php

Documentation is available at api.php

  1. <?php
  2. /* See license terms in /dokeos_license.txt */
  3. /**
  4. ==============================================================================
  5. *    This is an interface between Dokeos and Videoconference application
  6. *
  7. ==============================================================================
  8. */
  9. /*==== DEBUG ====*/
  10. $debug=255;
  11. /*==== CONSTANTS ==== */
  12. define('VIDEOCONF_UPLOAD_PATH''/videoconf');
  13. $presentation_extension array('.ppt''.odp');
  14. $image_extension array ('.png''.jpg''.gif''.jpeg');
  15.  
  16. if ($debug>0)
  17. {
  18.     // dump the request
  19.     $v array_keys(get_defined_vars());
  20.     error_log(var_export($vtrue),3'/tmp/log');
  21.  
  22.     foreach (array_keys(get_defined_vars()) as $k{
  23.         if ($k == 'GLOBALS')
  24.             continue;
  25.         error_log($k3'/tmp/log');
  26.         error_log(var_export($$ktrue)3'/tmp/log');
  27.     }
  28.  
  29. }
  30.  
  31.  
  32. /*==== Flash loose the cookie ===*/
  33. /* needed when using the nice upload window : 
  34. if ($_SERVER['HTTP_USER_AGENT'] == 'Shockwave Flash') {
  35.     $sid = $_REQUEST['sid'];
  36.     if ($debug>0) error_log("reusing: ".$sid);
  37.     session_id($sid);
  38. } */
  39.  
  40. /*==== INCLUDE ====*/
  41. require_once ('../inc/global.inc.php');
  42. api_block_anonymous_users();
  43. require_once (api_get_path(LIBRARY_PATH)."course.lib.php");
  44. require_once (api_get_path(LIBRARY_PATH)."document.lib.php");
  45. require_once (api_get_path(LIBRARY_PATH)."fileUpload.lib.php");
  46. require_once ("../newscorm/learnpath.class.php");
  47. require_once ("../newscorm/openoffice_presentation.class.php");
  48.  
  49. /*==== Variables initialisation ====*/
  50. $action $_REQUEST["action"]//safe as only used in if()'s
  51. $seek array('/','%2F','..');
  52. $destroy array('','','');
  53. $cidReq str_replace($seek,$destroy,$_REQUEST["cidReq"]);
  54. $cidReq Security::remove_XSS($cidReq);
  55.  
  56. $user_id api_get_user_id();
  57. $coursePath api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
  58. $_course CourseManager::get_course_information($cidReq);
  59. $_course['path'$_course['directory'];
  60. // FIXME: add_document needs this to work
  61. $_course['dbName'$_course['db_name'];
  62.  
  63. // FIXME: check if CourseManager::get_user_in_course_status return != 
  64. //    COURSEMANAGER when the code is not valid
  65. if ($debug>0error_log($coursePath0);
  66.  
  67. if ($action == "uploadgui")
  68. {
  69.     echo '<form enctype="multipart/form-data" action="api.php" method="POST">
  70.     <input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
  71.     <input type="hidden" name="action" value="upload" />
  72.     <input type="hidden" name="cidReq" value="'.$cidReq.'" />
  73.     <input type="hidden" name="sid" value="'.Security::remove_XSS($_REQUEST["sid"]).'" />
  74.  
  75.     '.get_lang('SelectFile').': <input name="Filedata" type="file" /><br />
  76.     <input type="submit" value="'.get_lang('UploadFile').'"  />
  77.     </form>
  78.     ';
  79.     die();
  80. }
  81. else if ($action == "upload")
  82. {
  83.     if ($debug >0error_log("upload".$_FILES['Filedata']);
  84.     /*==== PERMISSION ====*/
  85.     $permissions CourseManager::get_user_in_course_status($user_id$cidReq);
  86.     if ($permissions != COURSEMANAGER)
  87.     {
  88.         if ($debug >0error_log("Upload from videoconf not allowed !!!",0);
  89.         die('Not allowed')// this user is not allowed to add upload documents
  90.     }
  91.     /*==== UPLOAD ====*/
  92.     $destPath $coursePath.VIDEOCONF_UPLOAD_PATH;
  93.  
  94.     /*==== creation of /videoconf ====*/
  95.     if (!is_dir($destPath))
  96.     {
  97.         $result create_unexisting_directory($_course,$user_id,0,NULL,$coursePath,VIDEOCONF_UPLOAD_PATH);
  98.         if (!$result)
  99.         {
  100.             if ($debug>0error_log("Can't create ".$destPath." folder",0);
  101.         }
  102.     }
  103.  
  104.     /*==== file upload ====*/
  105.     $newPath $_FILES['Filedata']['name'];
  106.     if($debug>0error_log($newPath);
  107.  
  108.     /*==== extension extraction ====*/
  109.     $file_name (strrpos($newPath,'.')>substr($newPath0strrpos($newPath,'.')) $newPath);
  110.      $file_extension (strrpos($newPath,'.')>substr($newPathstrrpos($newPath,'.'),10'');
  111.     if($debug>0error_log(strrpos($newPath,'.'));
  112.     if($debug>0error_log($file_extension);
  113.  
  114.     /*==== conversion if needed ====*/
  115.     if (!in_array(strtolower($file_extension)$image_extension))
  116.     {
  117.         if($debug>0error_log("converting: ".$file_extension);
  118.         $take_slide_name false;
  119.         $o_ppt new OpenofficePresentation($take_slide_name);
  120.         $o_ppt -> set_slide_size(640,480);
  121.         $o_ppt -> convert_document($_FILES['Filedata'],'add_docs_to_visio');
  122.     }
  123.  
  124.     echo '<html><body><script language="javascript">setTimeout(1000,window.close());</script></body></html>';
  126. else if ($action == "service"
  127. {
  128.     /*==== List files ====*/
  129.     if ($debug>0error_log("sending file list",0);
  130.     $subaction $_REQUEST["subaction"];
  131.     $is_manager (CourseManager::get_user_in_course_status($user_id$cidReq== COURSEMANAGER);
  132.     if ($subaction == "list"
  133.     {
  134.         // FIXME: check security around $_REQUEST["cwd"]
  135.         $cwd $_REQUEST["cwd"];
  136.  
  137.         
  138.         // treat /..
  139.         $nParent 0// the number of /.. into the url
  140.         while (substr($cwd-33== "/..")
  141.         {
  142.             // go to parent directory
  143.             $cwdsubstr($cwd0-3);
  144.             if (strlen($cwd== 0$cwd="/";
  145.             $nParent++;
  146.         }
  147.         for (;$nParent >0$nParent--){
  148.             $cwd (strrpos($cwd,'/')>-substr($cwd0strrpos($cwd,'/')) $cwd);
  149.         }        
  150.  
  151.         if (strlen($cwd== 0$cwd="/";
  152.         
  153.         if (Security::check_abs_path($cwd,api_get_path(SYS_PATH)))
  154.             die();
  155.  
  156.         // check if user can delete files. He must be manager and be inside /videoconf
  157.         $is_below_videoconf_dir (substr($cwd,0,strlen(VIDEOCONF_UPLOAD_PATH)) == VIDEOCONF_UPLOAD_PATH);
  158.         if($debug>0error_log('Current working directory: '.$cwd);
  159.         if($debug>0error_log('Videoconf upload path: '.VIDEOCONF_UPLOAD_PATH);
  160.         /* $canDelete = ($canDelete && $isBellowVideoConfUploadPath);
  161.         */
  162.         $can_delete ($is_manager && $is_below_videoconf_dir);
  163.         
  164.         // get files list
  165.         $files DocumentManager::get_all_document_data($_course$cwd0NULLfalse);
  166.         printf("<dokeosobject><fileListMeta></fileListMeta><fileList>");
  167.         printf("<folders>");
  168.  
  169.         // title filter
  170.         if (is_array($files)) foreach (array_keys($filesas $k)
  171.         {
  172.             // converting to UTF-8
  173.             $files[$k]['title'mb_convert_encoding(
  174.                         strlen($files[$k]['title']32 
  175.                             substr($files[$k]['title'],032)."..." 
  176.                             $files[$k]['title'],
  177.                         'utf-8',api_get_setting('platform_charset'))
  178.             // removing '<', '>' and '_'
  179.             $files[$k]['title'str_replace(array('<','>','_'),' '$files[$k]['title']);
  180.         }
  181.  
  182.         if(is_array($files))
  183.         {
  184.     
  185.             foreach($files as $i)
  186.             {
  187.                 if ($i["filetype"== "folder")
  188.                     printf('<folder><path>%s</path><title>%s</title><canDelete>%s</canDelete></folder>'$i['path'],$i['title'],($can_delete?'true':'false'));
  189.             }
  190.         }
  191.         printf("</folders><files>");
  192.         if(is_array($files))
  193.         {
  194.             foreach($files as $i{
  195.                   $extension (strrpos($i['path'],'.')>substr($i['path']strrpos($i['path'],'.'),10'');
  196.                 if ($i["filetype"== "file" && in_array(strtolower($extension)$image_extension))
  197.                     printf('<file><path>%s</path><title>%s</title><canDelete>%s</canDelete></file>'$i['path'],$i['title'],($can_delete?'true':'false'));
  198.             }
  199.         }
  200.         printf("</files><ppts>");
  201.         printf("</ppts>");
  202.         printf("</fileList></dokeosobject>");
  203.     
  204.     else if ($subaction == "delete"
  205.     {
  206.         /*==== PERMISSION ====*/
  207.         $permissions CourseManager::get_user_in_course_status($user_id$cidReq);
  208.         if ($permissions != COURSEMANAGER)
  209.         {
  210.             if ($debug 0error_log("Upload from videoconf not allowed !!!",0);
  211.             die()// this user is not allowed to add upload documents
  212.         }
  213.         /*==== DELETE ====*/
  214.         $path str_replace('../','',$_REQUEST["path"]);
  215.         if ((substr($path,0,strlen(VIDEOCONF_UPLOAD_PATH)) != VIDEOCONF_UPLOAD_PATH))
  216.         {
  217.             if ($debug >error_log("Delete from videoconf for "+$path+" NOT ALLOWED",0);
  218.             die();
  219.         }
  220.         DocumentManager::delete_document($_course$path$coursePath);
  221.         echo "<result>OK</result>"// We have to returns something to OpenLaszlo 
  222.     }
  223. }
  224. else if ($action == "download")
  225. {
  226.     /*==== DOWNLOAD ====*/
  227.     //check if the document is in the database
  228.     if(!DocumentManager::get_document_id($_course,$_REQUEST['file']))
  229.     {
  230.         //file not found!
  231.         if ($debug>0error_log("404 ".$_REQUEST["file"]);
  232.         header("HTTP/1.0 404 Not Found");
  233.         $error404 '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">';
  234.         $error404 .= '<html><head>';
  235.         $error404 .= '<title>404 Not Found</title>';
  236.         $error404 .= '</head><body>';
  237.         $error404 .= '<h1>Not Found</h1>';
  238.         $error404 .= '<p>The requested URL was not found on this server.</p>';
  239.         $error404 .= '<hr>';
  240.         $error404 .= '</body></html>';
  241.         echo($error404);
  242.         exit;
  243.     }
  244.     $doc_url str_replace('../','',$_REQUEST['file']);
  245.     if ($debug >0error_log($doc_url);
  246.     $full_file_name $coursePath.$doc_url;
  247.     DocumentManager::file_send_for_download($full_file_name,false);
  248.     exit;
  249. }
  250. ?>
Documentation generated on Thu, 12 Jun 2008 12:59:07 -0500 by phpDocumentor 1.4.1