PageRenderTime 43ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/php/main/conference/api.php

https://bitbucket.org/frchico/chamilo_openshift
PHP | 251 lines | 213 code | 13 blank | 25 comment | 18 complexity | 2f43364c5c7f1f19fc44155065f26ae5 MD5 | raw file
    

  1. <?php
    2. 

  2. /* See license terms in /license.txt */
    3. 

  3. 

  4. /* FIX for IE cache when using https */
    5. 

  5. session_cache_limiter("none");
    6. 

  6. 

  7. /**
    8. 

  8. *	This is an interface between Chamilo and Videoconference application
    9. 

  9. *
    10. 

    11. 

  11. */
    12. 

  12. /*==== DEBUG ====*/
    13. 

  13. $debug=0;
    14. 

  14. /*==== CONSTANTS ==== */
    15. 

  15. define('VIDEOCONF_UPLOAD_PATH', '/videoconf');
    16. 

  16. $presentation_extension = array('.ppt', '.odp');
    17. 

  17. $image_extension = array ('.png', '.jpg', '.gif', '.jpeg');
    18. 

  18. 

  19. if ($debug>0)
    20. 

  20. {
    21. 

  21. 	// dump the request
    22. 

  22. 	$v = array_keys(get_defined_vars());
    23. 

  23. 	error_log(var_export($v, true),3, '/tmp/log');
    24. 

  24. 

  25. 	foreach (array_keys(get_defined_vars()) as $k) {
    26. 

  26. 		if ($k == 'GLOBALS')
    27. 

  27. 			continue;
    28. 

  28. 		error_log($k, 3, '/tmp/log');
    29. 

  29. 		error_log(var_export($$k, true), 3, '/tmp/log');
    30. 

  30. 	}
    31. 

  31. 

  32. }
    33. 

  33. 

  34. 

  35. /*==== Flash loose the cookie ===*/
    36. 

  36. /* needed when using the nice upload window :
    37. 

  37. if ($_SERVER['HTTP_USER_AGENT'] == 'Shockwave Flash') {
    38. 

  38. 	$sid = $_REQUEST['sid'];
    39. 

  39. 	if ($debug>0) error_log("reusing: ".$sid);
    40. 

  40. 	session_id($sid);
    41. 

  41. } */
    42. 

  42. 

  43. /*==== INCLUDE ====*/
    44. 

  44. require_once '../inc/global.inc.php';
    45. 

  45. api_block_anonymous_users();
    46. 

  46. require_once (api_get_path(LIBRARY_PATH)."course.lib.php");
    47. 

  47. require_once (api_get_path(LIBRARY_PATH)."document.lib.php");
    48. 

  48. require_once (api_get_path(LIBRARY_PATH)."fileUpload.lib.php");
    49. 

  49. require_once ("../newscorm/learnpath.class.php");
    50. 

  50. require_once ("../newscorm/openoffice_presentation.class.php");
    51. 

  51. 

  52. /*==== Variables initialisation ====*/
    53. 

  53. $action = $_REQUEST["action"]; //safe as only used in if()'s
    54. 

  54. $seek = array('/','%2F','..');
    55. 

  55. $destroy = array('','','');
    56. 

  56. $cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]);
    57. 

  57. $cidReq = Security::remove_XSS($cidReq);
    58. 

  58. 

  59. $user_id = api_get_user_id();
    60. 

  60. $coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
    61. 

  61. $_course = CourseManager::get_course_information($cidReq);
    62. 

  62. $_course['path'] = $_course['directory'];
    63. 

  63. // FIXME: add_document needs this to work
    64. 

  64. $_course['dbName'] = $_course['db_name'];
    65. 

  65. 

  66. // FIXME: check if CourseManager::get_user_in_course_status return !=
    67. 

  67. //	COURSEMANAGER when the code is not valid
    68. 

  68. if ($debug>0) error_log($coursePath, 0);
    69. 

  69. 

  70. if ($action == "uploadgui")
    71. 

  71. {
    72. 

  72. 	echo '<form enctype="multipart/form-data" action="api.php" method="POST">
    73. 

  73. 	<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
    74. 

  74. 	<input type="hidden" name="action" value="upload" />
    75. 

  75. 	<input type="hidden" name="cidReq" value="'.$cidReq.'" />
    76. 

  76. 	<input type="hidden" name="sid" value="'.Security::remove_XSS($_REQUEST["sid"]).'" />
    77. 

  77. 

  78. 	'.get_lang('SelectFile').': <input name="Filedata" type="file" /><br />
    79. 

  79. 	<input type="submit" value="'.get_lang('UploadFile').'"  />
    80. 

  80. 	</form>
    81. 

  81. 	';
    82. 

  82. 	die();
    83. 

  83. }
    84. 

  84. else if ($action == "upload")
    85. 

  85. {
    86. 

  86. 	if ($debug >0) error_log("upload".$_FILES['Filedata']);
    87. 

  87. 	/*==== PERMISSION ====*/
    88. 

  88. 	$permissions = CourseManager::get_user_in_course_status($user_id, $cidReq);
    89. 

  89. 	if ($permissions != COURSEMANAGER)
    90. 

  90. 	{
    91. 

  91. 		if ($debug >0) error_log("Upload from videoconf not allowed !!!",0);
    92. 

  92. 		die('Not allowed'); // this user is not allowed to add upload documents
    93. 

  93. 	}
    94. 

  94. 	/*==== UPLOAD ====*/
    95. 

  95. 	$destPath = $coursePath.VIDEOCONF_UPLOAD_PATH;
    96. 

  96. 

  97. 	/*==== creation of /videoconf ====*/
    98. 

  98. 	if (!is_dir($destPath))
    99. 

  99. 	{
    100. 

  100. 		$result = create_unexisting_directory($_course,$user_id, api_get_session_id(), 0,NULL,$coursePath,VIDEOCONF_UPLOAD_PATH);
    101. 

  101. 		if (!$result)
    102. 

  102. 		{
    103. 

  103. 			if ($debug>0) error_log("Can't create ".$destPath." folder",0);
    104. 

  104. 		}
    105. 

  105. 	}
    106. 

  106. 

  107. 	/*==== file upload ====*/
    108. 

  108. 	$newPath = $_FILES['Filedata']['name'];
    109. 

  109. 	if($debug>0) error_log($newPath);
    110. 

  110. 

  111. 	/*==== extension extraction ====*/
    112. 

  112. 	$file_name = (strrpos($newPath,'.')>0 ? substr($newPath, 0, strrpos($newPath,'.')) : $newPath);
    113. 

  113.  	$file_extension = (strrpos($newPath,'.')>0 ? substr($newPath, strrpos($newPath,'.'),10) : '');
    114. 

  114. 	if($debug>0) error_log(strrpos($newPath,'.'));
    115. 

  115. 	if($debug>0) error_log($file_extension);
    116. 

  116. 

  117. 	/*==== conversion if needed ====*/
    118. 

  118. 	if (!in_array(strtolower($file_extension), $image_extension))
    119. 

  119. 	{
    120. 

  120. 		if($debug>0) error_log("converting: ".$file_extension);
    121. 

  121. 		$take_slide_name = false;
    122. 

  122. 		$o_ppt = new OpenofficePresentation($take_slide_name);
    123. 

  123. 		$o_ppt -> set_slide_size(640,480);
    124. 

  124. 		$o_ppt -> convert_document($_FILES['Filedata'],'add_docs_to_visio');
    125. 

  125. 	}
    126. 

  126. 

  127. 	echo '<html><body><script language="javascript">setTimeout(1000,window.close());</script></body></html>';
    128. 

  128. }
    129. 

  129. else if ($action == "service")
    130. 

  130. {
    131. 

  131. 	/*==== List files ====*/
    132. 

  132. 	if ($debug>0) error_log("sending file list",0);
    133. 

  133. 	$subaction = $_REQUEST["subaction"];
    134. 

  134. 	$is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
    135. 

  135. 	if ($subaction == "list")
    136. 

  136. 	{
    137. 

  137. 		// FIXME: check security around $_REQUEST["cwd"]
    138. 

  138. 		$cwd = $_REQUEST["cwd"];
    139. 

  139. 

  140. 

  141. 		// treat /..
    142. 

  142. 		$nParent = 0; // the number of /.. into the url
    143. 

  143. 		while (substr($cwd, -3, 3) == "/..")
    144. 

  144. 		{
    145. 

  145. 			// go to parent directory
    146. 

  146. 			$cwd= substr($cwd, 0, -3);
    147. 

  147. 			if (strlen($cwd) == 0) $cwd="/";
    148. 

  148. 			$nParent++;
    149. 

  149. 		}
    150. 

  150. 		for (;$nParent >0; $nParent--){
    151. 

  151. 			$cwd = (strrpos($cwd,'/')>-1 ? substr($cwd, 0, strrpos($cwd,'/')) : $cwd);
    152. 

  152. 		}
    153. 

  153. 

  154. 		if (strlen($cwd) == 0) $cwd="/";
    155. 

  155. 

  156. 		if (Security::check_abs_path($cwd,api_get_path(SYS_PATH)))
    157. 

  157. 			die();
    158. 

  158. 

  159. 		// check if user can delete files. He must be manager and be inside /videoconf
    160. 

  160. 		$is_below_videoconf_dir = (substr($cwd,0,strlen(VIDEOCONF_UPLOAD_PATH)) == VIDEOCONF_UPLOAD_PATH);
    161. 

  161. 		if($debug>0) error_log('Current working directory: '.$cwd);
    162. 

  162. 		if($debug>0) error_log('Videoconf upload path: '.VIDEOCONF_UPLOAD_PATH);
    163. 

  163. 		/* $canDelete = ($canDelete && $isBellowVideoConfUploadPath);
    164. 

  164. 		*/
    165. 

  165. 		$can_delete = ($is_manager && $is_below_videoconf_dir);
    166. 

  166. 

  167. 		// get files list
    168. 

  168. 		$files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false);
    169. 

  169. 		printf("<dokeosobject><fileListMeta></fileListMeta><fileList>");
    170. 

  170. 		printf("<folders>");
    171. 

  171. 

  172. 		// title filter
    173. 

  173. 		if (is_array($files)) foreach (array_keys($files) as $k)
    174. 

  174. 		{
    175. 

  175. 			// converting to UTF-8
    176. 

  176. 			$files[$k]['title'] = api_convert_encoding(
    177. 

  177. 						api_strlen($files[$k]['title']) > 32 ?
    178. 

  178. 							api_substr($files[$k]['title'],0, 32)."..." :
    179. 

  179. 							$files[$k]['title'],
    180. 

  180. 						'utf-8',api_get_system_encoding());
    181. 

  181. 			// removing '<', '>' and '_'
    182. 

  182. 			$files[$k]['title'] = str_replace(array('<','>','_'),' ', $files[$k]['title']);
    183. 

  183. 		}
    184. 

  184. 

  185. 		if(is_array($files))
    186. 

  186. 		{
    187. 

  187. 

  188. 			foreach($files as $i)
    189. 

  189. 			{
    190. 

  190. 				if ($i["filetype"] == "folder")
    191. 

  191. 					printf('<folder><path>%s</path><title>%s</title><canDelete>%s</canDelete></folder>', $i['path'],$i['title'],($can_delete?'true':'false'));
    192. 

  192. 			}
    193. 

  193. 		}
    194. 

  194. 		printf("</folders><files>");
    195. 

  195. 		if(is_array($files))
    196. 

  196. 		{
    197. 

  197. 			foreach($files as $i) {
    198. 

  198. 	  			$extension = (strrpos($i['path'],'.')>0 ? substr($i['path'], strrpos($i['path'],'.'),10) : '');
    199. 

  199. 				if ($i["filetype"] == "file" && in_array(strtolower($extension), $image_extension))
    200. 

  200. 					printf('<file><path>%s</path><title>%s</title><canDelete>%s</canDelete></file>', $i['path'],$i['title'],($can_delete?'true':'false'));
    201. 

  201. 			}
    202. 

  202. 		}
    203. 

  203. 		printf("</files><ppts>");
    204. 

  204. 		printf("</ppts>");
    205. 

  205. 		printf("</fileList></dokeosobject>");
    206. 

  206. 	}
    207. 

  207. 	else if ($subaction == "delete")
    208. 

  208. 	{
    209. 

  209. 		/*==== PERMISSION ====*/
    210. 

  210. 		$permissions = CourseManager::get_user_in_course_status($user_id, $cidReq);
    211. 

  211. 		if ($permissions != COURSEMANAGER)
    212. 

  212. 		{
    213. 

  213. 			if ($debug > 0) error_log("Upload from videoconf not allowed !!!",0);
    214. 

  214. 			die(); // this user is not allowed to add upload documents
    215. 

  215. 		}
    216. 

  216. 		/*==== DELETE ====*/
    217. 

  217. 		$path = str_replace('../','',$_REQUEST["path"]);
    218. 

  218. 		if ((substr($path,0,strlen(VIDEOCONF_UPLOAD_PATH)) != VIDEOCONF_UPLOAD_PATH))
    219. 

  219. 		{
    220. 

  220. 			if ($debug >0 ) error_log("Delete from videoconf for "+$path+" NOT ALLOWED",0);
    221. 

  221. 			die();
    222. 

  222. 		}
    223. 

  223. 		DocumentManager::delete_document($_course, $path, $coursePath);
    224. 

  224. 		echo "<result>OK</result>"; // We have to return something to OpenLaszlo
    225. 

  225. 	}
    226. 

  226. } else if ($action == "download") {
    227. 

  227. 	/*==== DOWNLOAD ====*/
    228. 

  228. 	//check if the document is in the database
    229. 

  229. 	if(!DocumentManager::get_document_id($_course,$_REQUEST['file'])) {
    230. 

  230. 		//file not found!
    231. 

  231. 		if ($debug>0) error_log("404 ".$_REQUEST["file"]);
    232. 

  232. 		header("HTTP/1.0 404 Not Found");
    233. 

  233. 		$error404 = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">';
    234. 

  234. 		$error404 .= '<html><head>';
    235. 

  235. 		$error404 .= '<title>404 Not Found</title>';
    236. 

  236. 		$error404 .= '</head><body>';
    237. 

  237. 		$error404 .= '<h1>Not Found</h1>';
    238. 

  238. 		$error404 .= '<p>The requested URL was not found on this server.</p>';
    239. 

  239. 		$error404 .= '<hr>';
    240. 

  240. 		$error404 .= '</body></html>';
    241. 

  241. 		echo($error404);
    242. 

  242. 		exit;
    243. 

  243. 	}
    244. 

  244. 	$doc_url = str_replace('../','',$_REQUEST['file']);
    245. 

  245. 	if ($debug >0) error_log($doc_url);
    246. 

  246. 	$full_file_name = $coursePath.$doc_url;
    247. 

  247.     if (Security::check_abs_path($full_file_name, $coursePath.'/')) {
    248. 

  248. 	   DocumentManager::file_send_for_download($full_file_name,false);
    249. 

  249.     }
    250. 

  250. 	exit;
    251. 

  251. }
    252.