tools/filemanager/top.php

   1 <?php
   2 /****************************************************************/
   3 /* ATutor                                                                                                               */
   4 /****************************************************************/
   5 /* Copyright (c) 2002-2008 by Greg Gay & Joel Kronenberg        */
   6 /* Adaptive Technology Resource Centre / University of Toronto  */
   7 /* http://atutor.ca                                                                                             */
   8 /*                                                              */
   9 /* This program is free software. You can redistribute it and/or*/
  10 /* modify it under the terms of the GNU General Public License  */
  11 /* as published by the Free Software Foundation.                                */
  12 /****************************************************************/
  13
  14 if (!defined('AT_INCLUDE_PATH')) { exit; }
  15 //require(AT_INCLUDE_PATH.'vitals.inc.php');
  16 //require(AT_INCLUDE_PATH.'lib/filemanager.inc.php');
  17
  18 if (!$_GET['f']) {
  19         $_SESSION['done'] = 0;
  20 }
  21 if (!authenticate(AT_PRIV_FILES,AT_PRIV_RETURN)) {
  22         authenticate(AT_PRIV_CONTENT);
  23 }
  24
  25
  26 $current_path = AT_CONTENT_DIR.$_SESSION['course_id'].'/';
  27
  28
  29 if (isset($_POST['rename'])) {
  30         if (!is_array($_POST['check'])) {
  31                 // error: you must select a file/dir to rename
  32                 $msg->addError('NO_ITEM_SELECTED');
  33         } else if (count($_POST['check']) < 1) {
  34                 // error: you must select one file/dir to rename
  35                 $msg->addError('NO_ITEM_SELECTED');
  36         } else if (count($_POST['check']) > 1) {
  37                 // error: you must select ONLY one file/dir to rename
  38                 $msg->addError('SELECT_ONE_ITEM');
  39         } else {
  40                 header('Location: rename.php?pathext='.urlencode($_POST['pathext']).SEP.'framed='.$framed.SEP.'popup='.$popup.SEP.'oldname='.urlencode($_POST['check'][0]));
  41                 exit;
  42         }
  43 } else if (isset($_POST['delete'])) {
  44
  45         if (!is_array($_POST['check'])) {
  46                 $msg->addError('NO_ITEM_SELECTED');
  47         } else {
  48
  49                 $list = implode(',', $_POST['check']);
  50                 header('Location: delete.php?pathext=' . urlencode($_POST['pathext']) . SEP . 'framed=' . $framed . SEP . 'popup=' . $popup . SEP . 'list=' . urlencode($list));
  51                 exit;
  52         }
  53 } else if (isset($_POST['move'])) {
  54
  55         if (!is_array($_POST['check'])) {
  56                 $msg->addError('NO_ITEM_SELECTED');
  57         } else {
  58
  59                 $list = implode(',', $_POST['check']);
  60                 header('Location: move.php?pathext='.urlencode($_POST['pathext']).SEP.'framed='.$framed.SEP.'popup='.$popup.SEP.'list='.urlencode($list));
  61                 exit;
  62         }
  63 }
  64
  65 $MakeDirOn = true;
  66
  67 /* get this courses MaxQuota and MaxFileSize: */
  68 $sql    = "SELECT max_quota, max_file_size FROM ".TABLE_PREFIX."courses WHERE course_id=$_SESSION[course_id]";
  69 $result = mysql_query($sql, $db);
  70 $row    = mysql_fetch_array($result);
  71 $my_MaxCourseSize       = $row['max_quota'];
  72 $my_MaxFileSize         = $row['max_file_size'];
  73
  74 if ($my_MaxCourseSize == AT_COURSESIZE_DEFAULT) {
  75         $my_MaxCourseSize = $MaxCourseSize;
  76 }
  77 if ($my_MaxFileSize == AT_FILESIZE_DEFAULT) {
  78         $my_MaxFileSize = $MaxFileSize;
  79 } else if ($my_MaxFileSize == AT_FILESIZE_SYSTEM_MAX) {
  80         $my_MaxFileSize = megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1));
  81 }
  82
  83 $MaxSubDirs  = 5;
  84 $MaxDirDepth = 10;
  85
  86 if ($_GET['pathext'] != '') {
  87         $pathext = urldecode($_GET['pathext']);
  88 } else if ($_POST['pathext'] != '') {
  89         $pathext = $_POST['pathext'];
  90 }
  91
  92 if (strpos($pathext, '..') !== false) {
  93         require(AT_INCLUDE_PATH.'header.inc.php');
  94         $msg->printErrors('UNKNOWN');
  95         require(AT_INCLUDE_PATH.'footer.inc.php');
  96         exit;
  97 }
  98 if($_GET['back'] == 1) {
  99         $pathext  = substr($pathext, 0, -1);
 100         $slashpos = strrpos($pathext, '/');
 101         if($slashpos == 0) {
 102                 $pathext = '';
 103         } else {
 104                 $pathext = substr($pathext, 0, ($slashpos+1));
 105         }
 106
 107 }
 108
 109 $start_at = 2;
 110 /* remove the forward or backwards slash from the path */
 111 $newpath = $current_path;
 112 $depth = substr_count($pathext, '/');
 113
 114 if ($pathext != '') {
 115         $bits = explode('/', $pathext);
 116         foreach ($bits as $bit) {
 117                 if ($bit != '') {
 118                         $bit_path .= $bit;
 119
 120                         $_section[$start_at][0] = $bit;
 121                         $_section[$start_at][1] = 'tools/filemanager/index.php?pathext=' . urlencode($bit_path) . SEP . 'popup=' . $popup . SEP . 'framed=' . $framed;
 122
 123                         $start_at++;
 124                 }
 125         }
 126         $bit_path = "";
 127         $bit = "";
 128 }
 129
 130 /* if upload successful, close the window */
 131 if ($f) {
 132         $onload = 'closeWindow(\'progWin\');';
 133 }
 134
 135 /* make new directory */
 136 if ($_POST['mkdir_value'] && ($depth < $MaxDirDepth) ) {
 137         $_POST['dirname'] = trim($_POST['dirname']);
 138
 139         /* anything else should be okay, since we're on *nix..hopefully */
 140         $_POST['dirname'] = ereg_replace('[^a-zA-Z0-9._]', '', $_POST['dirname']);
 141
 142         if ($_POST['dirname'] == '') {
 143                 $msg->addError(array('FOLDER_NOT_CREATED', $_POST['dirname'] ));
 144         }
 145         else if (strpos($_POST['dirname'], '..') !== false) {
 146                 $msg->addError('BAD_FOLDER_NAME');
 147         }
 148         else {
 149                 $result = @mkdir($current_path.$pathext.$_POST['dirname'], 0700);
 150                 if($result == 0) {
 151                         $msg->addError(array('FOLDER_NOT_CREATED', $_POST['dirname'] ));
 152                 }
 153                 else {
 154                         $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
 155                 }
 156         }
 157 }
 158
 159 $newpath = substr($current_path.$pathext, 0, -1);
 160
 161 /* open the directory */
 162 if (!($dir = @opendir($newpath))) {
 163         if (isset($_GET['create']) && ($newpath.'/' == $current_path)) {
 164                 @mkdir($newpath);
 165                 if (!($dir = @opendir($newpath))) {
 166                         require(AT_INCLUDE_PATH.'header.inc.php');
 167                         $msg->printErrors('CANNOT_CREATE_DIR');
 168                         require(AT_INCLUDE_PATH.'footer.inc.php');
 169                         exit;
 170                 } else {
 171                         $msg->addFeedback('CONTENT_DIR_CREATED');
 172                 }
 173         } else {
 174                 require(AT_INCLUDE_PATH.'header.inc.php');
 175
 176                 $msg->printErrors('CANNOT_OPEN_DIR');
 177                 require(AT_INCLUDE_PATH.'footer.inc.php');
 178                 exit;
 179         }
 180 }
 181
 182 if (isset($_POST['cancel'])) {
 183         $msg->addFeedback('CANCELLED');
 184 }
 185
 186 require(AT_INCLUDE_PATH.'header.inc.php');
 187 ?>