MDL-14741: re-activate the contextmenu plugin
[moodle.git] / admin / uploadpicture.php
CommitLineData
b352b2e9 1<?php // $Id$
2
3///////////////////////////////////////////////////////////////////////////
4// //
5// Copyright (C) 2007 Inaki Arenaza //
6// //
7// Based on .../admin/uploaduser.php and .../lib/gdlib.php //
8// //
9// This program is free software; you can redistribute it and/or modify //
10// it under the terms of the GNU General Public License as published by //
11// the Free Software Foundation; either version 2 of the License, or //
12// (at your option) any later version. //
13// //
14// This program is distributed in the hope that it will be useful, //
15// but WITHOUT ANY WARRANTY; without even the implied warranty of //
16// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
17// GNU General Public License for more details: //
18// //
19// http://www.gnu.org/copyleft/gpl.html //
20// //
21///////////////////////////////////////////////////////////////////////////
22
23require_once('../config.php');
24require_once($CFG->libdir.'/uploadlib.php');
25require_once($CFG->libdir.'/adminlib.php');
26require_once($CFG->libdir.'/gdlib.php');
27require_once('uploadpicture_form.php');
28
29$adminroot = admin_get_root();
30
31admin_externalpage_setup('uploadpictures', $adminroot);
32
33require_login();
34
957f6fc9 35require_capability('moodle/site:uploadusers', get_context_instance(CONTEXT_SYSTEM));
b352b2e9 36
37if (!$site = get_site()) {
8e9d88f2 38 print_error('cannotfindsite', 'error');
b352b2e9 39}
40
41if (!$adminuser = get_admin()) {
8e9d88f2 42 print_error('noadmins', 'error');
b352b2e9 43}
44
45$strfile = get_string('file');
46$struser = get_string('user');
47$strusersupdated = get_string('usersupdated');
48$struploadpictures = get_string('uploadpictures','admin');
49$usersupdated = 0;
50$userserrors = 0;
51
52$userfields = array (
53 0 => 'username',
54 1 => 'idnumber',
55 2 => 'id' );
56
57$userfield = optional_param('userfield', 0, PARAM_INT);
58$overwritepicture = optional_param('overwritepicture', 0, PARAM_BOOL);
59
60/// Print the header
61admin_externalpage_print_header();
62print_heading_with_help($struploadpictures, 'uploadpictures');
63
64$mform = new admin_uploadpicture_form();
294ce987 65if ($formdata = $mform->get_data()) {
b352b2e9 66 if (!array_key_exists($userfield, $userfields)) {
67 notify(get_string('uploadpicture_baduserfield','admin'));
68 } else {
69 // Large files are likely to take their time and memory. Let PHP know
70 // that we'll take longer, and that the process should be recycled soon
71 // to free up memory.
72 @set_time_limit(0);
73 @raise_memory_limit("192M");
74 if (function_exists('apache_child_terminate')) {
75 @apache_child_terminate();
76 }
77
78 // Create a unique temporary directory, to process the zip file
79 // contents.
80 $zipdir = my_mktempdir($CFG->dataroot.'/temp/', 'usrpic');
81
82 if (!$mform->save_files($zipdir)) {
83 notify(get_string('uploadpicture_cannotmovezip','admin'));
84 @remove_dir($zipdir);
85 } else {
86 $dstfile = $zipdir.'/'.$mform->get_new_filename();
87 if(!unzip_file($dstfile, $zipdir, false)) {
88 notify(get_string('uploadpicture_cannotunzip','admin'));
89 @remove_dir($zipdir);
90 } else {
91 // We don't need the zip file any longer, so delete it to make
92 // it easier to process the rest of the files inside the directory.
93 @unlink($dstfile);
94 if(! ($handle = opendir($zipdir))) {
95 notify(get_string('uploadpicture_cannotprocessdir','admin'));
96 } else {
97 while (false !== ($item = readdir($handle))) {
98 if($item != '.' && $item != '..' && is_file($zipdir.'/'.$item)) {
99
100 // Add additional checks on the filenames, as they are user
101 // controlled and we don't want to open any security holes.
102 $path_parts = pathinfo(cleardoubleslashes($item));
103 $basename = $path_parts['basename'];
104 $extension = $path_parts['extension'];
105 if ($basename != clean_param($basename, PARAM_CLEANFILE)) {
106 // The original picture file name has invalid characters
107 notify(get_string('uploadpicture_invalidfilename', 'admin',
108 clean_param($basename, PARAM_CLEANHTML)));
109 continue;
110 }
111
112 // The picture file name (without extension) must match the
113 // userfield attribute.
114 $uservalue = substr($basename, 0,
115 strlen($basename) -
116 strlen($extension) - 1);
117 // userfield names are safe, so don't quote them.
b9a66360 118 if (!($user = $DB->get_record('user', array($userfields[$userfield], $uservalue)))) {
b352b2e9 119 $userserrors++;
120 $a = new Object();
121 $a->userfield = clean_param($userfields[$userfield], PARAM_CLEANHTML);
122 $a->uservalue = clean_param($uservalue, PARAM_CLEANHTML);
123 notify(get_string('uploadpicture_usernotfound', 'admin', $a));
124 continue;
125 }
b9a66360 126 $haspicture = $DB->get_field('user', 'picture', array('id'=>$user->id));
b352b2e9 127 if ($haspicture && !$overwritepicture) {
128 notify(get_string('uploadpicture_userskipped', 'admin', $user->username));
129 continue;
130 }
131 if (my_save_profile_image($user->id, $zipdir.'/'.$item)) {
a5d424df 132 $DB->set_field('user', 'picture', 1, array('id'=>$user->id));
b352b2e9 133 $usersupdated++;
134 notify(get_string('uploadpicture_userupdated', 'admin', $user->username));
135 } else {
136 $userserrors++;
137 notify(get_string('uploadpicture_cannotsave', 'admin', $user->username));
138 }
139 }
140 }
141 }
142 closedir($handle);
143
144 // Finally remove the temporary directory with all the user images and print some stats.
145 remove_dir($zipdir);
146 notify(get_string('usersupdated', 'admin') . ": $usersupdated");
147 notify(get_string('errors', 'admin') . ": $userserrors");
148 echo '<hr />';
149 }
150 }
151 }
152}
153$mform->display();
154admin_externalpage_print_footer();
155exit;
156
157// ----------- Internal functions ----------------
158
159function my_mktempdir($dir, $prefix='', $mode=0700) {
160 if (substr($dir, -1) != '/') {
161 $dir .= '/';
162 }
163
164 do {
165 $path = $dir.$prefix.mt_rand(0, 9999999);
166 } while (!mkdir($path, $mode));
167
168 return $path;
169}
170
171function my_save_profile_image($id, $originalfile) {
172 $destination = create_profile_image_destination($id, 'user');
173 if ($destination === false) {
174 return false;
175 }
176
177 return process_profile_image($originalfile, $destination);
178}
179
180?>