docs/mods/_core/file_manager/top.php

   1 <?php
   2 /****************************************************************/
   3 /* ATutor                                                                                                               */
   4 /****************************************************************/
   5 /* Copyright (c) 2002-2010                                      */
   6 /* Inclusive Design Institute                                   */
   7 /* http://atutor.ca                                                                                             */
   8 /*                                                              */
   9 /* This program is free software. You can redistribute it and/or*/
  10 /* modify it under the terms of the GNU General Public License  */
  11 /* as published by the Free Software Foundation.                                */
  12 /****************************************************************/
  13
  14 if (!defined('AT_INCLUDE_PATH')) { exit; }
  15
  16
  17 if (!$_GET['f']) {
  18         $_SESSION['done'] = 0;
  19 }
  20 if (!authenticate(AT_PRIV_FILES,AT_PRIV_RETURN)) {
  21         authenticate(AT_PRIV_CONTENT);
  22 }
  23
  24
  25 $current_path = AT_CONTENT_DIR.$_SESSION['course_id'].'/';
  26
  27
  28 if (isset($_POST['rename'])) {
  29         if (!is_array($_POST['check'])) {
  30                 // error: you must select a file/dir to rename
  31                 $msg->addError('NO_ITEM_SELECTED');
  32         } else if (count($_POST['check']) < 1) {
  33                 // error: you must select one file/dir to rename
  34                 $msg->addError('NO_ITEM_SELECTED');
  35         } else if (count($_POST['check']) > 1) {
  36                 // error: you must select ONLY one file/dir to rename
  37                 $msg->addError('SELECT_ONE_ITEM');
  38         } else {
  39                 header('Location: rename.php?pathext='.urlencode($_POST['pathext']).SEP.'framed='.$framed.SEP.'popup='.$popup.SEP.'oldname='.urlencode($_POST['check'][0]).SEP.'cp='.$_GET['cp'].SEP.'pid='.$_GET['pid'].SEP.'cid='.$_GET['cid'].SEP.'a_type='.$_GET['a_type']);
  40                 exit;
  41         }
  42 } else if (isset($_POST['delete'])) {
  43
  44         if (!is_array($_POST['check'])) {
  45                 $msg->addError('NO_ITEM_SELECTED');
  46         } else {
  47
  48                 $list = implode(',', $_POST['check']);
  49                 header('Location: delete.php?pathext=' . urlencode($_POST['pathext']) . SEP . 'framed=' . $framed . SEP . 'popup=' . $popup . SEP . 'list=' . urlencode($list).SEP.'cp='.$_GET['cp'].SEP.'pid='.$_GET['pid'].SEP.'cid='.$_GET['cid'].SEP.'a_type='.$_GET['a_type']);
  50                 exit;
  51         }
  52 } else if (isset($_POST['move'])) {
  53
  54         if (!is_array($_POST['check'])) {
  55                 $msg->addError('NO_ITEM_SELECTED');
  56         } else {
  57
  58                 $list = implode(',', $_POST['check']);
  59                 header('Location: move.php?pathext='.urlencode($_POST['pathext']).SEP.'framed='.$framed.SEP.'popup='.$popup.SEP.'list='.urlencode($list).SEP.'cp='.$_GET['cp'].SEP.'pid='.$_GET['pid'].SEP.'cid='.$_GET['cid'].SEP.'a_type='.$_GET['a_type']);
  60                 exit;
  61         }
  62 }
  63
  64 $MakeDirOn = true;
  65
  66 /* get this courses MaxQuota and MaxFileSize: */
  67 $sql    = "SELECT max_quota, max_file_size FROM ".TABLE_PREFIX."courses WHERE course_id=$_SESSION[course_id]";
  68 $result = mysql_query($sql, $db);
  69 $row    = mysql_fetch_array($result);
  70 $my_MaxCourseSize       = $row['max_quota'];
  71 $my_MaxFileSize         = $row['max_file_size'];
  72
  73 if ($my_MaxCourseSize == AT_COURSESIZE_DEFAULT) {
  74         $my_MaxCourseSize = $MaxCourseSize;
  75 }
  76 if ($my_MaxFileSize == AT_FILESIZE_DEFAULT) {
  77         $my_MaxFileSize = $MaxFileSize;
  78 } else if ($my_MaxFileSize == AT_FILESIZE_SYSTEM_MAX) {
  79         $my_MaxFileSize = megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1));
  80 }
  81
  82 $MaxSubDirs  = 5;
  83 $MaxDirDepth = 10;
  84
  85 if ($_GET['pathext'] != '') {
  86         $pathext = urldecode($_GET['pathext']);
  87 } else if ($_POST['pathext'] != '') {
  88         $pathext = $_POST['pathext'];
  89 }
  90
  91 if (strpos($pathext, '..') !== false) {
  92         require(AT_INCLUDE_PATH.'header.inc.php');
  93         $msg->printErrors('UNKNOWN');
  94         require(AT_INCLUDE_PATH.'footer.inc.php');
  95         exit;
  96 }
  97 if($_GET['back'] == 1) {
  98         $pathext  = substr($pathext, 0, -1);
  99         $slashpos = strrpos($pathext, '/');
 100         if($slashpos == 0) {
 101                 $pathext = '';
 102         } else {
 103                 $pathext = substr($pathext, 0, ($slashpos+1));
 104         }
 105
 106 }
 107
 108 $start_at = 2;
 109 /* remove the forward or backwards slash from the path */
 110 $newpath = $current_path;
 111 $depth = substr_count($pathext, '/');
 112
 113 if ($pathext != '') {
 114         $bits = explode('/', $pathext);
 115         foreach ($bits as $bit) {
 116                 if ($bit != '') {
 117                         $bit_path .= $bit;
 118
 119                         $_section[$start_at][0] = $bit;
 120                         $_section[$start_at][1] = '../mods/_core/file_manager/index.php?pathext=' . urlencode($bit_path) . SEP . 'popup=' . $popup . SEP . 'framed=' . $framed;
 121
 122                         $start_at++;
 123                 }
 124         }
 125         $bit_path = "";
 126         $bit = "";
 127 }
 128
 129 /* if upload successful, close the window */
 130 if ($f) {
 131         $onload = 'closeWindow(\'progWin\');';
 132 }
 133
 134 /* make new directory */
 135 if ($_POST['mkdir_value'] && ($depth < $MaxDirDepth) ) {
 136         $_POST['dirname'] = trim($_POST['dirname']);
 137
 138         /* anything else should be okay, since we're on *nix..hopefully */
 139         $_POST['dirname'] = preg_replace('/[^a-zA-Z0-9._]/', '', $_POST['dirname']);
 140
 141         if ($_POST['dirname'] == '') {
 142                 $msg->addError(array('FOLDER_NOT_CREATED', $_POST['dirname'] ));
 143         }
 144         else if (strpos($_POST['dirname'], '..') !== false) {
 145                 $msg->addError('BAD_FOLDER_NAME');
 146         }
 147         else {
 148                 $result = @mkdir($current_path.$pathext.$_POST['dirname'], 0700);
 149                 if($result == 0) {
 150                         $msg->addError(array('FOLDER_NOT_CREATED', $_POST['dirname'] ));
 151                 }
 152                 else {
 153                         $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
 154                 }
 155         }
 156 }
 157
 158 $newpath = substr($current_path.$pathext, 0, -1);
 159
 160 /* open the directory */
 161 if (!($dir = @opendir($newpath))) {
 162         if (isset($_GET['create']) && ($newpath.'/' == $current_path)) {
 163                 @mkdir($newpath);
 164                 if (!($dir = @opendir($newpath))) {
 165                         require(AT_INCLUDE_PATH.'header.inc.php');
 166                         $msg->printErrors('CANNOT_CREATE_DIR');
 167                         require(AT_INCLUDE_PATH.'footer.inc.php');
 168                         exit;
 169                 } else {
 170                         $msg->addFeedback('CONTENT_DIR_CREATED');
 171                 }
 172         } else {
 173                 require(AT_INCLUDE_PATH.'header.inc.php');
 174
 175                 $msg->printErrors('CANNOT_OPEN_DIR');
 176                 require(AT_INCLUDE_PATH.'footer.inc.php');
 177                 exit;
 178         }
 179 }
 180
 181 if (isset($_POST['cancel'])) {
 182         $msg->addFeedback('CANCELLED');
 183 }
 184
 185 require(AT_INCLUDE_PATH.'header.inc.php');
 186 ?>