MDL-17457 migrated all modules to new db/install.php; added upgrade.txt file for...
[moodle.git] / userfile.php
CommitLineData
172dd12c 1<?php // $Id$
2
3 require_once('config.php');
4 require_once('lib/filelib.php');
5
172dd12c 6 // disable moodle specific debug messages
7 disable_debugging();
8
11e7b506 9 $relativepath = get_file_argument();
172dd12c 10 $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);
11
12 // relative path must start with '/'
13 if (!$relativepath) {
14 print_error('invalidargorconf');
15 } else if ($relativepath{0} != '/') {
16 print_error('pathdoesnotstartslash');
17 }
18
19 // extract relative path components
20 $args = explode('/', ltrim($relativepath, '/'));
21
22 if (count($args) == 0) { // always at least user id
23 print_error('invalidarguments');
24 }
25
26 $contextid = (int)array_shift($args);
27 $filearea = array_shift($args);
28
29 $context = get_context_instance_by_id($contextid);
30 if ($context->contextlevel != CONTEXT_USER) {
31 print_error('invalidarguments');
32 }
33
fc7fac62 34 $userid = $context->instanceid;
fc7fac62 35
172dd12c 36 switch ($filearea) {
fc7fac62 37 case 'user_profile':
106f3b67 38 require_login();
39 if (isguestuser()) {
40 print_error('noguest');
41 }
42
43 // access controll here must match user edit forms
44 if ($userid == $USER->id) {
45 if (!has_capability('moodle/user:editownprofile', get_context_instance(CONTEXT_SYSTEM))) {
46 send_file_not_found();
47 }
48 } else {
49 if (!has_capability('moodle/user:editprofile', $context) and !has_capability('moodle/user:update', $context)) {
50 send_file_not_found();
fc7fac62 51 }
fc7fac62 52 }
53 $itemid = 0;
54 $forcedownload = true;
55 break;
106f3b67 56
783b6db4 57 case 'user_private':
fc7fac62 58 require_login();
59 if (isguestuser()) {
106f3b67 60 send_file_not_found();
61 }
62 if ($USER->id != $userid) {
63 send_file_not_found();
783b6db4 64 }
783b6db4 65 $itemid = 0;
66 $forcedownload = true;
67 break;
106f3b67 68
783b6db4 69 default:
70 send_file_not_found();
172dd12c 71 }
fc7fac62 72
172dd12c 73 $relativepath = '/'.implode('/', $args);
74
172dd12c 75 $fs = get_file_storage();
76
77 $fullpath = $context->id.$filearea.$itemid.$relativepath;
78
79 if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {
2aea0c5e 80 send_file_not_found();
172dd12c 81 }
82
83 // ========================================
84 // finally send the file
85 // ========================================
86 session_write_close(); // unlock session during fileserving
87 send_stored_file($file, 0, false, $forcedownload);