172dd12c |
1 | <?php // $Id$ |
2 | |
3 | require_once('config.php'); |
4 | require_once('lib/filelib.php'); |
5 | |
6 | // disable moodle specific debug messages |
7 | disable_debugging(); |
8 | |
11e7b506 |
9 | $relativepath = get_file_argument(); |
172dd12c |
10 | $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL); |
11 | |
12 | // relative path must start with '/' |
13 | if (!$relativepath) { |
14 | print_error('invalidargorconf'); |
15 | } else if ($relativepath{0} != '/') { |
16 | print_error('pathdoesnotstartslash'); |
17 | } |
18 | |
19 | // extract relative path components |
20 | $args = explode('/', ltrim($relativepath, '/')); |
21 | |
22 | if (count($args) == 0) { // always at least user id |
23 | print_error('invalidarguments'); |
24 | } |
25 | |
26 | $contextid = (int)array_shift($args); |
27 | $filearea = array_shift($args); |
28 | |
29 | $context = get_context_instance_by_id($contextid); |
30 | $fs = get_file_storage(); |
31 | |
32 | |
33 | if ($context->contextlevel == CONTEXT_SYSTEM) { |
34 | if ($filearea === 'blog') { |
35 | |
36 | if (empty($CFG->bloglevel)) { |
37 | print_error('siteblogdisable', 'blog'); |
38 | } |
39 | if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { |
40 | require_login(); |
41 | if (isguestuser()) { |
42 | print_error('noguest'); |
43 | } |
44 | if ($CFG->bloglevel == BLOG_USER_LEVEL) { |
45 | if ($USER->id != $entry->userid) { |
9e5fa330 |
46 | send_file_not_found(); |
172dd12c |
47 | } |
48 | } |
49 | } |
50 | $entryid = (int)array_shift($args); |
51 | if (!$entry = $DB->get_record('post', array('module'=>'blog', 'id'=>$entryid))) { |
9e5fa330 |
52 | send_file_not_found(); |
172dd12c |
53 | } |
54 | if ('publishstate' === 'public') { |
55 | if ($CFG->forcelogin) { |
56 | require_login(); |
57 | } |
58 | |
59 | } else if ('publishstate' === 'site') { |
60 | require_login(); |
61 | //ok |
62 | } else if ('publishstate' === 'draft') { |
63 | require_login(); |
64 | if ($USER->id != $entry->userid) { |
9e5fa330 |
65 | send_file_not_found(); |
172dd12c |
66 | } |
67 | } |
68 | |
69 | //TODO: implement shared course and shared group access |
70 | |
71 | $relativepath = '/'.implode('/', $args); |
72 | $fullpath = $context->id.'blog'.$entryid.$relativepath; |
73 | |
74 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { |
9e5fa330 |
75 | send_file_not_found(); |
172dd12c |
76 | } |
77 | |
6c0d09ee |
78 | send_stored_file($file, 10*60, 0, true); // download MUST be forced - security! |
172dd12c |
79 | |
80 | } else { |
9e5fa330 |
81 | send_file_not_found(); |
172dd12c |
82 | } |
83 | |
84 | |
85 | } else if ($context->contextlevel == CONTEXT_USER) { |
9e5fa330 |
86 | send_file_not_found(); |
172dd12c |
87 | |
88 | |
89 | } else if ($context->contextlevel == CONTEXT_COURSECAT) { |
106f3b67 |
90 | if ($filearea !== 'coursecat_intro') { |
9e5fa330 |
91 | send_file_not_found(); |
172dd12c |
92 | } |
93 | |
94 | if ($CFG->forcelogin) { |
95 | // no login necessary - unless login forced everywhere |
96 | require_login(); |
97 | } |
98 | |
99 | $relativepath = '/'.implode('/', $args); |
106f3b67 |
100 | $fullpath = $context->id.'coursecat_intro0'.$relativepath; |
172dd12c |
101 | |
102 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { |
9e5fa330 |
103 | send_file_not_found(); |
172dd12c |
104 | } |
105 | |
56949c17 |
106 | session_get_instance()->write_close(); // unlock session during fileserving |
172dd12c |
107 | send_stored_file($file, 60*60, 0, $forcedownload); |
108 | |
109 | |
110 | } else if ($context->contextlevel == CONTEXT_COURSE) { |
172dd12c |
111 | if (!$course = $DB->get_record('course', array('id'=>$context->instanceid))) { |
112 | print_error('invalidcourseid'); |
113 | } |
114 | |
106f3b67 |
115 | if ($filearea === 'course_backup') { |
172dd12c |
116 | require_login($course); |
117 | require_capability('moodle/site:backupdownload', $context); |
106f3b67 |
118 | |
119 | $relativepath = '/'.implode('/', $args); |
120 | $fullpath = $context->id.'course_backup0'.$relativepath; |
121 | |
122 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { |
123 | send_file_not_found(); |
124 | } |
125 | |
56949c17 |
126 | session_get_instance()->write_close(); // unlock session during fileserving |
106f3b67 |
127 | send_stored_file($file, 0, 0, true); |
128 | |
129 | } else if ($filearea === 'course_intro') { |
172dd12c |
130 | if ($CFG->forcelogin) { |
131 | require_login(); |
132 | } |
172dd12c |
133 | |
106f3b67 |
134 | $relativepath = '/'.implode('/', $args); |
135 | $fullpath = $context->id.'course_intro0'.$relativepath; |
172dd12c |
136 | |
106f3b67 |
137 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { |
138 | send_file_not_found(); |
139 | } |
172dd12c |
140 | |
56949c17 |
141 | session_get_instance()->write_close(); // unlock session during fileserving |
3156b8ca |
142 | send_stored_file($file, 60*60, 0, false); // TODO: change timeout? |
143 | |
144 | } else if ($filearea === 'course_section') { |
145 | if ($CFG->forcelogin) { |
146 | require_login($course); |
147 | } else if ($course->id !== SITEID) { |
148 | require_login($course); |
149 | } |
150 | |
151 | $sectionid = (int)array_shift($args); |
152 | |
153 | if ($course->numsections < $sectionid) { |
154 | if (!has_capability('moodle/course:update', $context)) { |
155 | // disable access to invisible sections if can not edit course |
156 | // this is going to break some ugly hacks, but is necessary |
157 | send_file_not_found(); |
158 | } |
159 | } |
160 | |
161 | $relativepath = '/'.implode('/', $args); |
162 | $fullpath = $context->id.'course_section'.$sectionid.$relativepath; |
163 | |
164 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { |
165 | send_file_not_found(); |
166 | } |
167 | |
168 | session_get_instance()->write_close(); // unlock session during fileserving |
106f3b67 |
169 | send_stored_file($file, 60*60, 0, false); // TODO: change timeout? |
172dd12c |
170 | |
106f3b67 |
171 | } else if ($filearea === 'user_profile') { |
172 | $userid = (int)array_shift($args); |
173 | $usercontext = get_context_instance(CONTEXT_USER, $userid); |
174 | |
175 | if (!empty($CFG->forceloginforprofiles)) { |
176 | require_login(); |
177 | if (isguestuser()) { |
178 | print_error('noguest'); |
179 | } |
180 | |
181 | if (!isteacherinanycourse() |
182 | and !isteacherinanycourse($userid) |
183 | and !has_capability('moodle/user:viewdetails', $usercontext)) { |
184 | print_error('usernotavailable'); |
185 | } |
186 | if (!has_capability('moodle/user:viewdetails', $context) && |
187 | !has_capability('moodle/user:viewdetails', $usercontext)) { |
188 | print_error('cannotviewprofile'); |
189 | } |
190 | if (!has_capability('moodle/course:view', $context, $userid, false)) { |
191 | print_error('notenrolledprofile'); |
192 | } |
193 | if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { |
194 | print_error('groupnotamember'); |
195 | } |
196 | } |
197 | |
198 | $relativepath = '/'.implode('/', $args); |
199 | $fullpath = $usercontext->id.'user_profile0'.$relativepath; |
200 | |
201 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { |
202 | send_file_not_found(); |
203 | } |
204 | |
56949c17 |
205 | session_get_instance()->write_close(); // unlock session during fileserving |
106f3b67 |
206 | send_stored_file($file, 0, 0, true); // must force download - security! |
207 | |
208 | } else { |
209 | send_file_not_found(); |
210 | } |
172dd12c |
211 | |
212 | } else if ($context->contextlevel == CONTEXT_MODULE) { |
106f3b67 |
213 | |
172dd12c |
214 | if (!$coursecontext = get_context_instance_by_id(get_parent_contextid($context))) { |
9e5fa330 |
215 | send_file_not_found(); |
172dd12c |
216 | } |
217 | |
218 | if (!$course = $DB->get_record('course', array('id'=>$coursecontext->instanceid))) { |
9e5fa330 |
219 | send_file_not_found(); |
172dd12c |
220 | } |
221 | $modinfo = get_fast_modinfo($course); |
222 | if (empty($modinfo->cms[$context->instanceid])) { |
9e5fa330 |
223 | send_file_not_found(); |
172dd12c |
224 | } |
225 | |
226 | $cminfo = $modinfo->cms[$context->instanceid]; |
227 | $modname = $cminfo->modname; |
228 | $libfile = "$CFG->dirroot/mod/$modname/lib.php"; |
dc5c2bd9 |
229 | if (!file_exists($libfile)) { |
230 | send_file_not_found(); |
231 | } |
232 | |
233 | require_once($libfile); |
234 | if ($filearea === $modname.'_intro') { |
235 | if (!plugin_supports('mod', $modname, FEATURE_MOD_INTRO, true)) { |
236 | send_file_not_found(); |
237 | } |
238 | if (!$cminfo->uservisible) { |
239 | send_file_not_found(); |
240 | } |
241 | // all users may access it |
dc5c2bd9 |
242 | $relativepath = '/'.implode('/', $args); |
243 | $fullpath = $context->id.$filearea.'0'.$relativepath; |
244 | |
245 | $fs = get_file_storage(); |
246 | if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { |
247 | send_file_not_found(); |
248 | } |
249 | |
250 | $lifetime = isset($CFG->filelifetime) ? $CFG->filelifetime : 86400; |
251 | |
252 | // finally send the file |
253 | send_stored_file($file, $lifetime, 0); |
254 | } |
255 | |
256 | $filefunction = $modname.'_pluginfile'; |
257 | if (function_exists($filefunction)) { |
258 | if ($filefunction($course, $cminfo, $context, $filearea, $args) !== false) { |
259 | die; |
172dd12c |
260 | } |
261 | } |
172dd12c |
262 | |
263 | } else if ($context->contextlevel == CONTEXT_BLOCK) { |
264 | //not supported yet |
9e5fa330 |
265 | send_file_not_found(); |
172dd12c |
266 | |
267 | |
268 | } else { |
9e5fa330 |
269 | send_file_not_found(); |
172dd12c |
270 | } |