docs/file_manager/top.php

   1 <?php
   2 /************************************************************************/
   3 /* AContent                                                             */
   4 /************************************************************************/
   5 /* Copyright (c) 2010                                                   */
   6 /* Inclusive Design Institute                                           */
   7 /*                                                                      */
   8 /* This program is free software. You can redistribute it and/or        */
   9 /* modify it under the terms of the GNU General Public License          */
  10 /* as published by the Free Software Foundation.                        */
  11 /************************************************************************/
  12
  13 if (!defined('TR_INCLUDE_PATH')) { exit; }
  14 require_once(TR_INCLUDE_PATH.'classes/DAO/CoursesDAO.class.php');
  15
  16 if (!$_GET['f']) {
  17         $_SESSION['done'] = 0;
  18 }
  19
  20 global $_course_id;
  21 Utility::authenticate(TR_PRIV_ISAUTHOR_OF_CURRENT_COURSE);
  22 $coursesDAO = new CoursesDAO();
  23
  24 $current_path = TR_CONTENT_DIR.$_course_id.'/';
  25
  26
  27 if (isset($_POST['rename'])) {
  28         if (!is_array($_POST['check'])) {
  29                 // error: you must select a file/dir to rename
  30                 $msg->addError('NO_ITEM_SELECTED');
  31         } else if (count($_POST['check']) < 1) {
  32                 // error: you must select one file/dir to rename
  33                 $msg->addError('NO_ITEM_SELECTED');
  34         } else if (count($_POST['check']) > 1) {
  35                 // error: you must select ONLY one file/dir to rename
  36                 $msg->addError('SELECT_ONE_ITEM');
  37         } else {
  38                 header('Location: rename.php?pathext='.urlencode($_POST['pathext']).SEP.'framed='.$framed.SEP.'popup='.$popup.SEP.'oldname='.urlencode($_POST['check'][0]).SEP.'cp='.$_GET['cp'].SEP.'pid='.$_GET['pid'].SEP.'cid='.$_GET['cid'].SEP.'a_type='.$_GET['a_type'].SEP.'_course_id='.$_course_id);
  39                 exit;
  40         }
  41 } else if (isset($_POST['delete'])) {
  42
  43         if (!is_array($_POST['check'])) {
  44                 $msg->addError('NO_ITEM_SELECTED');
  45         } else {
  46
  47                 $list = implode(',', $_POST['check']);
  48                 header('Location: delete.php?pathext=' . urlencode($_POST['pathext']) . SEP . 'framed=' . $framed . SEP . 'popup=' . $popup . SEP . 'list=' . urlencode($list).SEP.'cp='.$_GET['cp'].SEP.'pid='.$_GET['pid'].SEP.'cid='.$_GET['cid'].SEP.'a_type='.$_GET['a_type'].SEP.'_course_id='.$_course_id);
  49                 exit;
  50         }
  51 } else if (isset($_POST['move'])) {
  52
  53         if (!is_array($_POST['check'])) {
  54                 $msg->addError('NO_ITEM_SELECTED');
  55         } else {
  56
  57                 $list = implode(',', $_POST['check']);
  58                 header('Location: move.php?pathext='.urlencode($_POST['pathext']).SEP.'framed='.$framed.SEP.'popup='.$popup.SEP.'list='.urlencode($list).SEP.'cp='.$_GET['cp'].SEP.'pid='.$_GET['pid'].SEP.'cid='.$_GET['cid'].SEP.'a_type='.$_GET['a_type'].SEP.'_course_id='.$_course_id);
  59                 exit;
  60         }
  61 }
  62
  63 $MakeDirOn = true;
  64
  65 /* get this courses MaxQuota and MaxFileSize: */
  66 $row = $coursesDAO->get($_course_id);
  67 $my_MaxCourseSize       = $row['max_quota'];
  68 $my_MaxFileSize         = $row['max_file_size'];
  69
  70 if ($my_MaxCourseSize == TR_COURSESIZE_DEFAULT) {
  71         $my_MaxCourseSize = $MaxCourseSize;
  72 }
  73 if ($my_MaxFileSize == TR_FILESIZE_DEFAULT) {
  74         $my_MaxFileSize = $MaxFileSize;
  75 } else if ($my_MaxFileSize == TR_FILESIZE_SYSTEM_MAX) {
  76         $my_MaxFileSize = megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1));
  77 }
  78
  79 $MaxSubDirs  = 5;
  80 $MaxDirDepth = 10;
  81
  82 if ($_GET['pathext'] != '') {
  83         $pathext = urldecode($_GET['pathext']);
  84 } else if ($_POST['pathext'] != '') {
  85         $pathext = $_POST['pathext'];
  86 }
  87
  88 if (strpos($pathext, '..') !== false) {
  89         require(TR_INCLUDE_PATH.'header.inc.php');
  90         $msg->printErrors('UNKNOWN');
  91         require(TR_INCLUDE_PATH.'footer.inc.php');
  92         exit;
  93 }
  94 if($_GET['back'] == 1) {
  95         $pathext  = substr($pathext, 0, -1);
  96         $slashpos = strrpos($pathext, '/');
  97         if($slashpos == 0) {
  98                 $pathext = '';
  99         } else {
 100                 $pathext = substr($pathext, 0, ($slashpos+1));
 101         }
 102
 103 }
 104
 105 $start_at = 2;
 106 /* remove the forward or backwards slash from the path */
 107 $newpath = $current_path;
 108 $depth = substr_count($pathext, '/');
 109
 110 if ($pathext != '') {
 111         $bits = explode('/', $pathext);
 112         foreach ($bits as $bit) {
 113                 if ($bit != '') {
 114                         $bit_path .= $bit;
 115
 116                         $_section[$start_at][0] = $bit;
 117                         $_section[$start_at][1] = '../file_manager/index.php?pathext=' . urlencode($bit_path) . SEP . 'popup=' . $popup . SEP . 'framed=' . $framed.SEP.'_course_id='.$_course_id;
 118
 119                         $start_at++;
 120                 }
 121         }
 122         $bit_path = "";
 123         $bit = "";
 124 }
 125
 126 /* if upload successful, close the window */
 127 if ($f) {
 128         $onload = 'closeWindow(\'progWin\');';
 129 }
 130
 131 /* make new directory */
 132 if ($_POST['mkdir_value'] && ($depth < $MaxDirDepth) ) {
 133         $_POST['dirname'] = trim($_POST['dirname']);
 134
 135         /* anything else should be okay, since we're on *nix..hopefully */
 136         $_POST['dirname'] = preg_replace('/[^a-zA-Z0-9._]/', '', $_POST['dirname']);
 137
 138         if ($_POST['dirname'] == '') {
 139                 $msg->addError(array('FOLDER_NOT_CREATED', $_POST['dirname'] ));
 140         }
 141         else if (strpos($_POST['dirname'], '..') !== false) {
 142                 $msg->addError('BAD_FOLDER_NAME');
 143         }
 144         else {
 145                 $result = @mkdir($current_path.$pathext.$_POST['dirname'], 0700);
 146                 if($result == 0) {
 147                         $msg->addError(array('FOLDER_NOT_CREATED', $_POST['dirname'] ));
 148                 }
 149                 else {
 150                         $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
 151                 }
 152         }
 153 }
 154
 155 $newpath = substr($current_path.$pathext, 0, -1);
 156
 157 /* open the directory */
 158 if (!($dir = @opendir($newpath))) {
 159         if (isset($_GET['create']) && ($newpath.'/' == $current_path)) {
 160                 @mkdir($newpath);
 161                 if (!($dir = @opendir($newpath))) {
 162                         require(TR_INCLUDE_PATH.'header.inc.php');
 163                         $msg->printErrors('CANNOT_CREATE_DIR');
 164                         require(TR_INCLUDE_PATH.'footer.inc.php');
 165                         exit;
 166                 } else {
 167                         $msg->addFeedback('CONTENT_DIR_CREATED');
 168                 }
 169         } else {
 170                 require(TR_INCLUDE_PATH.'header.inc.php');
 171
 172                 $msg->printErrors('CANNOT_OPEN_DIR');
 173                 require(TR_INCLUDE_PATH.'footer.inc.php');
 174                 exit;
 175         }
 176 }
 177
 178 if (isset($_POST['cancel'])) {
 179         $msg->addFeedback('CANCELLED');
 180 }
 181
 182 require(TR_INCLUDE_PATH.'header.inc.php');
 183 ?>