Initial revision
[moodle.git] / files / index.php
CommitLineData
f9903ed0 1<?PHP // $Id$
2
3// Manage all uploaded files in a course file area
4
5// All the Moodle-specific stuff is in this top section
6// Configuration and access control occurs here.
7// Must define: USER, basedir, baseweb, html_header and html_footer
8// USER is a persistent variable using sessions
9
10 require("../config.php");
11
12 require_variable($id);
13
14 if (! $course = get_record("course", "id", $id) ) {
15 error("That's an invalid course id");
16 }
17
18 require_login($course->id);
19 add_to_log("Files area", $course->id);
20
21 if (! isteacher($course->id) ) {
22 error("Only teachers can edit files");
23 }
24
25 function html_footer() {
26 global $course;
27 echo "</td></tr></table></body></html>";
28 print_footer($course);
29 }
30
31 function html_header($formfield=""){
32 global $course;
33
34 print_header("$course->shortname: Files", "$course->shortname: Files",
35 "<A HREF=\"../course/view.php?id=$course->id\">$course->shortname</A> -> Files", $formfield);
36 echo "<table border=0 align=center cellspacing=3 cellpadding=3 width=640>";
37 echo "<tr>";
38 echo "<td colspan=\"2\">";
39 }
40
41 if (! file_exists($CFG->dataroot)) {
42 if (! mkdir($CFG->dataroot, 0750)) {
43 error("You need to create the directory $CFG->dataroot with web server write access");
44 }
45 }
46 $basedir = "$CFG->dataroot/$course->id";
47
48 if (! file_exists($basedir)) {
49 if (! mkdir($basedir, 0750)) {
50 error("Could not create a directory for this course ($basedir)");
51 }
52 }
53 $baseweb = $CFG->wwwroot;
54
55// End of configuration and access control
56
57
58 require("mimetypes.php");
59
60 $regexp="\\.\\.";
61 if (ereg( $regexp, $file, $regs )| ereg( $regexp, $wdir,$regs )) {
62 $message = "Error: Directories can not contain \"..\"";
63 $wdir = "/";
64 $action = "";
65 }
66
67
68 if (!match_referer("$baseweb/files/index.php")) { // To stop spoofing
69 $action="cancel";
70 $wdir="/";
71 }
72
73 if (!$wdir) {
74 $wdir="/";
75 }
76
77
78
79 switch ($action) {
80
81 case "upload":
82 html_header();
83 if ($save) {
84 if ($userfile == "none" || $userfile_size==0) {
85 echo "<P>Error: That was not a valid file.";
86 } else {
87 $userfile_name = clean_filename($userfile_name);
88 if ($userfile_name != "") {
89 $newfile = "$basedir$wdir/$userfile_name";
90 copy ($userfile, $newfile);
91 chmod ($newfile, 0750);
92 echo "Uploaded $userfile_name ($userfile_type) to $wdir";
93 }
94 }
95 displaydir($wdir);
96
97 } else {
98 echo "<P>Upload a file into <B>$wdir</B>:";
99 echo "<TABLE><TR><TD COLSPAN=2>";
100 echo "<FORM ENCTYPE=\"multipart/form-data\" METHOD=\"post\" ACTION=index.php>";
101 echo " <INPUT TYPE=hidden NAME=MAX_FILE_SIZE value=5000000>";
102 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
103 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
104 echo " <INPUT TYPE=hidden NAME=action VALUE=upload>";
105 echo " <INPUT NAME=\"userfile\" TYPE=\"file\" size=\"50\">";
106 echo " </TD><TR><TD WIDTH=10>";
107 echo " <INPUT TYPE=submit NAME=save VALUE=\"Upload this file\">";
108 echo "</FORM>";
109 echo "</TD><TD WIDTH=100%>";
110 echo "<FORM ACTION=index.php METHOD=get>";
111 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
112 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
113 echo " <INPUT TYPE=hidden NAME=action VALUE=cancel>";
114 echo " <INPUT TYPE=submit VALUE=\"Cancel\">";
115 echo "</FORM>";
116 echo "</TD></TR></TABLE>";
117 }
118 html_footer();
119 break;
120
121 case "delete":
122 if ($confirm) {
123 html_header();
124 foreach ($USER->filelist as $file) {
125 $fullfile = $basedir.$file;
126 if (! fulldelete($fullfile)) {
127 echo "<BR>Error: Could not delete: $fullfile";
128 }
129 }
130 clearfilelist();
131 displaydir($wdir);
132 html_footer();
133
134 } else {
135 html_header();
136 if (setfilelist($HTTP_POST_VARS)) {
137 echo "<P ALIGN=CENTER>You are about to delete:</P>";
138 print_simple_box_start("center");
139 printfilelist($USER->filelist);
140 print_simple_box_end();
141 echo "<BR>";
142 notice_yesno ("Are you sure you want to delete these?",
143 "index.php?id=$id&wdir=$wdir&action=delete&confirm=1",
144 "index.php?id=$id&wdir=$wdir&action=cancel");
145 } else {
146 displaydir($wdir);
147 }
148 html_footer();
149 }
150 break;
151
152 case "move":
153 html_header();
154 if ($count = setfilelist($HTTP_POST_VARS)) {
155 $USER->fileop = $action;
156 $USER->filesource = $wdir;
157 echo "<P align=center>$count files selected for moving. Now go to the destination and press \"Move files to here\".</P>";
158 }
159 displaydir($wdir);
160 html_footer();
161 break;
162
163 case "paste":
164 html_header();
165 if ($USER->fileop == "move") {
166 foreach ($USER->filelist as $file) {
167 $shortfile = basename($file);
168 $oldfile = $basedir.$file;
169 $newfile = $basedir.$wdir."/".$shortfile;
170 if (!rename($oldfile, $newfile)) {
171 echo "<P>Error: $shortfile not moved";
172 }
173 }
174 }
175 clearfilelist();
176 displaydir($wdir);
177 html_footer();
178 break;
179
180 case "rename":
181 if ($name) {
182 html_header();
183 $name = clean_filename($name);
184 if (file_exists($basedir.$wdir."/".$name)) {
185 echo "Error: $name already exists!";
186 } else if (!rename($basedir.$wdir."/".$oldname, $basedir.$wdir."/".$name)) {
187 echo "Error: could not rename $oldname to $name";
188 }
189 displaydir($wdir);
190
191 } else {
192 html_header("form.name");
193 echo "<P>Rename <B>$file</B> to:";
194 echo "<TABLE><TR><TD>";
195 echo "<FORM ACTION=index.php METHOD=post NAME=form>";
196 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
197 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
198 echo " <INPUT TYPE=hidden NAME=action VALUE=rename>";
199 echo " <INPUT TYPE=hidden NAME=oldname VALUE=\"$file\">";
200 echo " <INPUT TYPE=text NAME=name SIZE=35 VALUE=\"$file\">";
201 echo " <INPUT TYPE=submit VALUE=\"Rename\">";
202 echo "</FORM>";
203 echo "</TD><TD>";
204 echo "<FORM ACTION=index.php METHOD=get>";
205 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
206 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
207 echo " <INPUT TYPE=hidden NAME=action VALUE=cancel>";
208 echo " <INPUT TYPE=submit VALUE=\"Cancel\">";
209 echo "</FORM>";
210 echo "</TD></TR></TABLE>";
211 }
212 html_footer();
213 break;
214
215 case "mkdir":
216 if ($name) {
217 html_header();
218 $name = clean_filename($name);
219 if (file_exists($basedir.$wdir."/".$name)) {
220 echo "Error: $name already exists!";
221 } else if (!mkdir($basedir.$wdir."/".$name, 0750)) {
222 echo "Error: could not create $name";
223 }
224 displaydir($wdir);
225
226 } else {
227 html_header("form.name");
228 echo "<P>Create folder in $wdir:";
229 echo "<TABLE><TR><TD>";
230 echo "<FORM ACTION=index.php METHOD=post NAME=form>";
231 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
232 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
233 echo " <INPUT TYPE=hidden NAME=action VALUE=mkdir>";
234 echo " <INPUT TYPE=text NAME=name SIZE=35>";
235 echo " <INPUT TYPE=submit VALUE=\"Create\">";
236 echo "</FORM>";
237 echo "</TD><TD>";
238 echo "<FORM ACTION=index.php METHOD=get>";
239 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
240 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
241 echo " <INPUT TYPE=hidden NAME=action VALUE=cancel>";
242 echo " <INPUT TYPE=submit VALUE=\"Cancel\">";
243 echo "</FORM>";
244 echo "</TD></TR></TABLE>";
245 }
246 html_footer();
247 break;
248
249 case "edit":
250 html_header();
251 if (isset($text)) {
252 $fileptr = fopen($basedir.$file,"w");
253 fputs($fileptr, stripslashes($text));
254 fclose($fileptr);
255 displaydir($wdir);
256
257 } else {
258 $fileptr = fopen($basedir.$file, "r");
259 $contents = fread($fileptr, filesize($basedir.$file));
260 fclose($fileptr);
261
262 echo "<P>Editing <B>$file</B>:";
263 echo "<TABLE><TR><TD COLSPAN=2>";
264 echo "<FORM ACTION=index.php METHOD=post NAME=form>";
265 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
266 echo " <INPUT TYPE=hidden NAME=wdir VALUE=\"$wdir\">";
267 echo " <INPUT TYPE=hidden NAME=file VALUE=\"$file\">";
268 echo " <INPUT TYPE=hidden NAME=action VALUE=edit>";
269 echo "<TEXTAREA ROWS=20 COLS=60 NAME=text>";
270 echo htmlspecialchars($contents);
271 echo "</TEXTAREA>";
272 echo "</TD></TR><TR><TD>";
273 echo " <INPUT TYPE=submit VALUE=\"Save changes\">";
274 echo "</FORM>";
275 echo "</TD><TD>";
276 echo "<FORM ACTION=index.php METHOD=get>";
277 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
278 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
279 echo " <INPUT TYPE=hidden NAME=action VALUE=cancel>";
280 echo " <INPUT TYPE=submit VALUE=\"Cancel\">";
281 echo "</FORM>";
282 echo "</TD></TR></TABLE>";
283 }
284 html_footer();
285 break;
286
287 case "zip":
288 if ($name) {
289 html_header();
290 $name = clean_filename($name);
291 $files = "";
292 foreach ($USER->filelist as $file) {
293 $files .= basename($file);
294 $files .= " ";
295 }
296 $command = "cd $basedir/$wdir ; /usr/bin/zip -r $name $files";
297 Exec($command);
298 clearfilelist();
299 displaydir($wdir);
300
301 } else {
302 html_header("form.name");
303 if (setfilelist($HTTP_POST_VARS)) {
304 echo "<P ALIGN=CENTER>You are about create a zip file containing:</P>";
305 print_simple_box_start("center");
306 printfilelist($USER->filelist);
307 print_simple_box_end();
308 echo "<BR>";
309 echo "<P ALIGN=CENTER>What do you want to call the zip file?";
310 echo "<TABLE><TR><TD>";
311 echo "<FORM ACTION=index.php METHOD=post NAME=form>";
312 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
313 echo " <INPUT TYPE=hidden NAME=wdir VALUE=\"$wdir\">";
314 echo " <INPUT TYPE=hidden NAME=action VALUE=zip>";
315 echo " <INPUT TYPE=text NAME=name SIZE=35 VALUE=\"new.zip\">";
316 echo " <INPUT TYPE=submit VALUE=\"Create zip file\">";
317 echo "</FORM>";
318 echo "</TD><TD>";
319 echo "<FORM ACTION=index.php METHOD=get>";
320 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
321 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
322 echo " <INPUT TYPE=hidden NAME=action VALUE=cancel>";
323 echo " <INPUT TYPE=submit VALUE=\"Cancel\">";
324 echo "</FORM>";
325 echo "</TD></TR></TABLE>";
326 } else {
327 displaydir($wdir);
328 clearfilelist();
329 }
330 }
331 html_footer();
332 break;
333
334 case "unzip":
335 html_header();
336 if ($file) {
337 echo "<P ALIGN=CENTER>Unzipping $file:</P>";
338 print_simple_box_start("center");
339 echo "<PRE>";
340 $file = basename($file);
341 $command = "cd $basedir/$wdir ; /usr/bin/unzip -o $file 2>&1";
342 passthru($command);
343 echo "</PRE>";
344 print_simple_box_end();
345 echo "<CENTER><FORM ACTION=index.php METHOD=get>";
346 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
347 echo " <INPUT TYPE=hidden NAME=wdir VALUE=$wdir>";
348 echo " <INPUT TYPE=hidden NAME=action VALUE=cancel>";
349 echo " <INPUT TYPE=submit VALUE=\"OK\">";
350 echo "</FORM>";
351 echo "</CENTER>";
352 } else {
353 displaydir($wdir);
354 }
355 html_footer();
356 break;
357
358 case "cancel";
359 clearfilelist();
360
361 default:
362 html_header();
363 displaydir($wdir);
364 html_footer();
365 break;
366}
367
368
369/// FILE FUNCTIONS ///////////////////////////////////////////////////////////
370
371
372function fulldelete($location) {
373 if (is_dir($location)) {
374 $currdir = opendir($location);
375 while ($file = readdir($currdir)) {
376 if ($file <> ".." && $file <> ".") {
377 $fullfile = $location."/".$file;
378 if (is_dir($fullfile)) {
379 if (!fulldelete($fullfile)) {
380 return false;
381 }
382 } else {
383 if (!unlink($fullfile)) {
384 return false;
385 }
386 }
387 }
388 }
389 closedir($currdir);
390 if (! rmdir($location)) {
391 return false;
392 }
393
394 } else {
395 if (!unlink($location)) {
396 return false;
397 }
398 }
399 return true;
400}
401
402function clean_filename($string) {
403 $string = eregi_replace("\.\.", "", $string);
404 $string = eregi_replace("[^([:alnum:]|\.)]", "_", $string);
405 return eregi_replace("_+", "_", $string);
406}
407
408
409
410function setfilelist($VARS) {
411 global $USER;
412
413 $USER->filelist = array ();
414 $USER->fileop = "";
415
416 $count = 0;
417 foreach ($VARS as $key => $val) {
418 if (substr($key,0,4) == "file") {
419 $count++;
420 $USER->filelist[] = rawurldecode($val);
421 }
422 }
423
424 return $count;
425}
426
427function clearfilelist() {
428 global $USER;
429
430 $USER->filelist = array ();
431 $USER->fileop = "";
432}
433
434
435function printfilelist($filelist) {
436 global $basedir;
437
438 foreach ($filelist as $file) {
439 if (is_dir($basedir.$file)) {
440 echo "<IMG SRC=\"pix/folder.gif\" HEIGHT=16 WIDTH=16> $file<BR>";
441 $subfilelist = array();
442 $currdir = opendir($basedir.$file);
443 while ($subfile = readdir($currdir)) {
444 if ($subfile <> ".." && $subfile <> ".") {
445 $subfilelist[] = $file."/".$subfile;
446 }
447 }
448 printfilelist($subfilelist);
449
450 } else {
451 $icon = mimeinfo("icon", $file);
452 echo "<IMG SRC=\"pix/$icon\" HEIGHT=16 WIDTH=16> $file<BR>";
453 }
454 }
455}
456
457
458function display_size($file) {
459 $file_size = filesize($file);
460 if ($file_size >= 1073741824) {
461 $file_size = round($file_size / 1073741824 * 100) / 100 . "g";
462 } else if ($file_size >= 1048576) {
463 $file_size = round($file_size / 1048576 * 100) / 100 . "m";
464 } else if ($file_size >= 1024) {
465 $file_size = round($file_size / 1024 * 100) / 100 . "k";
466 } else {
467 $file_size = $file_size . "b";
468 }
469 return $file_size;
470}
471
472
473function print_cell($alignment="center", $text="&nbsp;") {
474 echo "<TD ALIGN=\"$alignment\" NOWRAP>";
475 echo "<FONT SIZE=\"-1\" FACE=\"Arial, Helvetica\">";
476 echo "$text";
477 echo "</FONT>";
478 echo "</TD>\n";
479}
480
481function displaydir ($wdir) {
482// $wdir == / or /a or /a/b/c/d etc
483
484 global $basedir;
485 global $id;
486 global $USER;
487
488 $fullpath = $basedir.$wdir;
489
490 $directory = opendir($fullpath); // Find all files
491 while ($file = readdir($directory)) {
492 if ($file == "." || $file == "..") {
493 continue;
494 }
495
496 if (is_dir($fullpath."/".$file)) {
497 $dirlist[] = $file;
498 } else {
499 $filelist[] = $file;
500 }
501 }
502 closedir($directory);
503
504
505 echo "<FORM ACTION=\"index.php\" METHOD=post NAME=dirform>";
506 echo "<HR WIDTH=640 ALIGN=CENTER NOSHADE SIZE=1>";
507 echo "<TABLE BORDER=0 cellspacing=2 cellpadding=2 width=640>";
508 echo "<TR><TD>&nbsp;</TD><TD COLSPAN=5><P><B>Current folder: $wdir</B></P>";
509 echo "<TR>";
510 echo "<TH WIDTH=5></TH>";
511 echo "<TH ALIGN=left>Name</TH>";
512 echo "<TH ALIGN=right>Size</TH>";
513 echo "<TH ALIGN=right>Modified</TH>";
514 echo "<TH ALIGN=right>Action</TH>";
515 echo "</TR>\n";
516
517 if ($wdir == "/") {
518 $wdir = "";
519 } else {
520 $updir = dirname($wdir);
521 echo "<TR>";
522 print_cell("center", "");
523 print_cell("left", "<A HREF=\"index.php?id=$id&wdir=$updir\"><IMG SRC=\"pix/parent.gif\" HEIGHT=16 WIDTH=16 BORDER=0 ALT=\"Parent folder\"></A> <A HREF=\"index.php?id=$id&wdir=$updir\">Up to $updir</A>");
524 echo "</TR>\n";
525 }
526
527
528 $count = 0;
529
530 if ($dirlist) {
531 asort($dirlist);
532 foreach ($dirlist as $dir) {
533
534 $count++;
535
536 $filename = $fullpath."/".$dir;
537 $fileurl = rawurlencode($wdir."/".$dir);
538 $filesafe = rawurlencode($dir);
539 $filedate = date("d-m-Y H:i:s", filectime($filename));
540
541 echo "<TR>";
542
543 print_cell("center", "<INPUT TYPE=checkbox NAME=\"file$count\" VALUE=\"$fileurl\">");
544 print_cell("left", "<A HREF=\"index.php?id=$id&wdir=$fileurl\"><IMG SRC=\"pix/folder.gif\" HEIGHT=16 WIDTH=16 BORDER=0 ALT=\"Folder\"></A> <A HREF=\"index.php?id=$id&wdir=$fileurl\">".htmlspecialchars($dir)."</A>");
545 print_cell("right", "-");
546 print_cell("right", $filedate);
547 print_cell("right", "<A HREF=\"index.php?id=$id&wdir=$wdir&file=$filesafe&action=rename\">rename</A>");
548
549 echo "</TR>";
550 }
551 }
552
553
554 if ($filelist) {
555 asort($filelist);
556 foreach ($filelist as $file) {
557
558 $icon = mimeinfo("icon", $file);
559
560 $count++;
561 $filename = $fullpath."/".$file;
562 $fileurl = "$wdir/$file";
563 $filesafe = rawurlencode($file);
564 $fileurlsafe = rawurlencode($fileurl);
565 $filedate = date("d-m-Y H:i:s", filectime($filename));
566
567 echo "<TR>";
568
569 print_cell("center", "<INPUT TYPE=checkbox NAME=\"file$count\" VALUE=\"$fileurl\">");
570 echo "<TD ALIGN=left NOWRAP>";
571 link_to_popup_window ("/file.php/$id$fileurl", "display",
572 "<IMG SRC=\"pix/$icon\" HEIGHT=16 WIDTH=16 BORDER=0 ALT=\"File\">",
573 480, 640);
574 echo "<FONT SIZE=\"-1\" FACE=\"Arial, Helvetica\">";
575 link_to_popup_window ("/file.php/$id$fileurl", "display",
576 htmlspecialchars($file),
577 480, 640);
578 echo "</FONT></TD>";
579
580 print_cell("right", display_size($filename));
581 print_cell("right", $filedate);
582 if ($icon == "text.gif" || $icon == "html.gif") {
583 $edittext = "<A HREF=\"index.php?id=$id&wdir=$wdir&file=$fileurl&action=edit\">edit</A>";
584 } else if ($icon == "zip.gif") {
585 $edittext = "<A HREF=\"index.php?id=$id&wdir=$wdir&file=$fileurl&action=unzip\">unzip</A>";
586 } else {
587 $edittext = "";
588 }
589 print_cell("right", "$edittext <A HREF=\"index.php?id=$id&wdir=$wdir&file=$filesafe&action=rename\">rename</A>");
590
591 echo "</TR>";
592 }
593 }
594 echo "</TABLE>";
595 echo "<HR WIDTH=640 ALIGN=CENTER NOSHADE SIZE=1>";
596
597 if (!$wdir) {
598 $wdir = "/";
599 }
600
601 echo "<TABLE BORDER=0 cellspacing=2 cellpadding=2 width=640>";
602 echo "<TR><TD>";
603 echo "<INPUT TYPE=hidden NAME=id VALUE=\"$id\">";
604 echo "<INPUT TYPE=hidden NAME=wdir VALUE=\"$wdir\"> ";
605 $options = array (
606 "move" => "Move to another folder",
607 "delete" => "Delete completely",
608 "zip" => "Create zip archive"
609 );
610 if ($count) {
611 choose_from_menu ($options, "action", "", $nothing="With chosen files...", "javascript:document.dirform.submit()");
612 //echo "<INPUT TYPE=submit VALUE=Go>";
613 }
614
615 echo "</FORM>";
616 echo "<TD ALIGN=center>";
617 if (($USER->fileop == "move") && $USER->filesource <> $wdir) {
618 echo "<FORM ACTION=index.php METHOD=get>";
619 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
620 echo " <INPUT TYPE=hidden NAME=wdir VALUE=\"$wdir\">";
621 echo " <INPUT TYPE=hidden NAME=action VALUE=paste>";
622 echo " <INPUT TYPE=submit VALUE=\"Move files to here\">";
623 echo "</FORM>";
624 }
625 echo "<TD ALIGN=right>";
626 echo "<FORM ACTION=index.php METHOD=get>";
627 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
628 echo " <INPUT TYPE=hidden NAME=wdir VALUE=\"$wdir\">";
629 echo " <INPUT TYPE=hidden NAME=action VALUE=mkdir>";
630 echo " <INPUT TYPE=submit VALUE=\"Make a folder\">";
631 echo "</FORM>";
632 echo "</TD>";
633 echo "<TD ALIGN=right>";
634 echo "<FORM ACTION=index.php METHOD=get>";
635 echo " <INPUT TYPE=hidden NAME=id VALUE=$id>";
636 echo " <INPUT TYPE=hidden NAME=wdir VALUE=\"$wdir\">";
637 echo " <INPUT TYPE=hidden NAME=action VALUE=upload>";
638 echo " <INPUT TYPE=submit VALUE=\"Upload a file\">";
639 echo "</FORM>";
640 echo "</TD></TR>";
641 echo "</TABLE>";
642 echo "<HR WIDTH=640 ALIGN=CENTER NOSHADE SIZE=1>";
643
644}
645
646?>