| 172dd12c |
1 | <?php // $Id$ |
| 2 | |
| 3 | require_once('config.php'); |
| 4 | require_once('lib/filelib.php'); |
| 5 | |
| 6 | // disable moodle specific debug messages |
| 7 | disable_debugging(); |
| 8 | |
| d8c1ec43 |
9 | $relativepath = get_file_argument('pluginfile.php'); |
| 172dd12c |
10 | $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL); |
| 11 | |
| 12 | // relative path must start with '/' |
| 13 | if (!$relativepath) { |
| 14 | print_error('invalidargorconf'); |
| 15 | } else if ($relativepath{0} != '/') { |
| 16 | print_error('pathdoesnotstartslash'); |
| 17 | } |
| 18 | |
| 19 | // extract relative path components |
| 20 | $args = explode('/', ltrim($relativepath, '/')); |
| 21 | |
| 22 | if (count($args) == 0) { // always at least user id |
| 23 | print_error('invalidarguments'); |
| 24 | } |
| 25 | |
| 26 | $contextid = (int)array_shift($args); |
| 27 | $filearea = array_shift($args); |
| 28 | |
| 29 | $context = get_context_instance_by_id($contextid); |
| 30 | $fs = get_file_storage(); |
| 31 | |
| 32 | |
| 33 | if ($context->contextlevel == CONTEXT_SYSTEM) { |
| 34 | if ($filearea === 'blog') { |
| 35 | |
| 36 | if (empty($CFG->bloglevel)) { |
| 37 | print_error('siteblogdisable', 'blog'); |
| 38 | } |
| 39 | if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { |
| 40 | require_login(); |
| 41 | if (isguestuser()) { |
| 42 | print_error('noguest'); |
| 43 | } |
| 44 | if ($CFG->bloglevel == BLOG_USER_LEVEL) { |
| 45 | if ($USER->id != $entry->userid) { |
| 9e5fa330 |
46 | send_file_not_found(); |
| 172dd12c |
47 | } |
| 48 | } |
| 49 | } |
| 50 | $entryid = (int)array_shift($args); |
| 51 | if (!$entry = $DB->get_record('post', array('module'=>'blog', 'id'=>$entryid))) { |
| 9e5fa330 |
52 | send_file_not_found(); |
| 172dd12c |
53 | } |
| 54 | if ('publishstate' === 'public') { |
| 55 | if ($CFG->forcelogin) { |
| 56 | require_login(); |
| 57 | } |
| 58 | |
| 59 | } else if ('publishstate' === 'site') { |
| 60 | require_login(); |
| 61 | //ok |
| 62 | } else if ('publishstate' === 'draft') { |
| 63 | require_login(); |
| 64 | if ($USER->id != $entry->userid) { |
| 9e5fa330 |
65 | send_file_not_found(); |
| 172dd12c |
66 | } |
| 67 | } |
| 68 | |
| 69 | //TODO: implement shared course and shared group access |
| 70 | |
| 71 | $relativepath = '/'.implode('/', $args); |
| 72 | $fullpath = $context->id.'blog'.$entryid.$relativepath; |
| 73 | |
| 74 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { |
| 9e5fa330 |
75 | send_file_not_found(); |
| 172dd12c |
76 | } |
| 77 | |
| 6c0d09ee |
78 | send_stored_file($file, 10*60, 0, true); // download MUST be forced - security! |
| 172dd12c |
79 | |
| 80 | } else { |
| 9e5fa330 |
81 | send_file_not_found(); |
| 172dd12c |
82 | } |
| 83 | |
| 84 | |
| 85 | } else if ($context->contextlevel == CONTEXT_USER) { |
| 9e5fa330 |
86 | send_file_not_found(); |
| 172dd12c |
87 | |
| 88 | |
| 89 | } else if ($context->contextlevel == CONTEXT_COURSECAT) { |
| 90 | if ($filearea !== 'intro') { |
| 9e5fa330 |
91 | send_file_not_found(); |
| 172dd12c |
92 | } |
| 93 | |
| 94 | if ($CFG->forcelogin) { |
| 95 | // no login necessary - unless login forced everywhere |
| 96 | require_login(); |
| 97 | } |
| 98 | |
| 99 | $relativepath = '/'.implode('/', $args); |
| 100 | $fullpath = $context->id.'intro0'.$relativepath; |
| 101 | |
| 102 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { |
| 9e5fa330 |
103 | send_file_not_found(); |
| 172dd12c |
104 | } |
| 105 | |
| 106 | session_write_close(); // unlock session during fileserving |
| 107 | send_stored_file($file, 60*60, 0, $forcedownload); |
| 108 | |
| 109 | |
| 110 | } else if ($context->contextlevel == CONTEXT_COURSE) { |
| 111 | if ($filearea !== 'intro' and $filearea !== 'backup') { |
| 9e5fa330 |
112 | send_file_not_found(); |
| 172dd12c |
113 | } |
| 114 | |
| 115 | if (!$course = $DB->get_record('course', array('id'=>$context->instanceid))) { |
| 116 | print_error('invalidcourseid'); |
| 117 | } |
| 118 | |
| 119 | if ($filearea === 'backup') { |
| 120 | require_login($course); |
| 121 | require_capability('moodle/site:backupdownload', $context); |
| 122 | } else { |
| 123 | if ($CFG->forcelogin) { |
| 124 | require_login(); |
| 125 | } |
| 126 | } |
| 127 | |
| 128 | $relativepath = '/'.implode('/', $args); |
| 129 | $fullpath = $context->id.'intro0'.$relativepath; |
| 130 | |
| 131 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { |
| 9e5fa330 |
132 | send_file_not_found(); |
| 172dd12c |
133 | } |
| 134 | |
| 135 | session_write_close(); // unlock session during fileserving |
| 136 | send_stored_file($file, 60*60, 0, $forcedownload); |
| 137 | |
| 138 | |
| 139 | } else if ($context->contextlevel == CONTEXT_MODULE) { |
| 140 | |
| 141 | if (!$coursecontext = get_context_instance_by_id(get_parent_contextid($context))) { |
| 9e5fa330 |
142 | send_file_not_found(); |
| 172dd12c |
143 | } |
| 144 | |
| 145 | if (!$course = $DB->get_record('course', array('id'=>$coursecontext->instanceid))) { |
| 9e5fa330 |
146 | send_file_not_found(); |
| 172dd12c |
147 | } |
| 148 | $modinfo = get_fast_modinfo($course); |
| 149 | if (empty($modinfo->cms[$context->instanceid])) { |
| 9e5fa330 |
150 | send_file_not_found(); |
| 172dd12c |
151 | } |
| 152 | |
| 153 | $cminfo = $modinfo->cms[$context->instanceid]; |
| 154 | $modname = $cminfo->modname; |
| 155 | $libfile = "$CFG->dirroot/mod/$modname/lib.php"; |
| 156 | if (file_exists($libfile)) { |
| 157 | require_once($libfile); |
| 158 | $filefunction = $modname.'_pluginfile'; |
| 159 | if (function_exists($filefunction)) { |
| 160 | if ($filefunction($course, $cminfo, $context, $filearea, $args) !== false) { |
| 161 | die; |
| 162 | } |
| 163 | } |
| 164 | } |
| 9e5fa330 |
165 | send_file_not_found(); |
| 172dd12c |
166 | |
| 167 | } else if ($context->contextlevel == CONTEXT_BLOCK) { |
| 168 | //not supported yet |
| 9e5fa330 |
169 | send_file_not_found(); |
| 172dd12c |
170 | |
| 171 | |
| 172 | } else { |
| 9e5fa330 |
173 | send_file_not_found(); |
| 172dd12c |
174 | } |
