MDL-29036 WEBSERVICE : webservice upload script should respect maxbytes and userquota...
[moodle.git] / webservice / upload.php
CommitLineData
42b2809f
DC
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Accpet uploading files by web service token
19 * @package moodlecore
20 * @subpackage files
21 * @copyright 2011 Dongsheng Cai <dongsheng@moodle.com>
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25define('AJAX_SCRIPT', true);
26define('NO_MOODLE_COOKIES', true);
27require_once(dirname(dirname(__FILE__)) . '/config.php');
28$token = required_param('token', PARAM_ALPHANUM);
29$filepath = optional_param('filepath', '/', PARAM_PATH);
30
31echo $OUTPUT->header();
32
33// web service must be enabled to use this script
34if (!$CFG->enablewebservices) {
35 throw new moodle_exception('enablewsdescription', 'webservice');
36}
37// Obtain token record
38if (!$token = $DB->get_record('external_tokens', array('token'=>$token))) {
39 throw new webservice_access_exception(get_string('invalidtoken', 'webservice'));
40}
41
42// Validate token date
43if ($token->validuntil and $token->validuntil < time()) {
44 add_to_log(SITEID, 'webservice', get_string('tokenauthlog', 'webservice'), '' , get_string('invalidtimedtoken', 'webservice'), 0);
45 $DB->delete_records('external_tokens', array('token'=>$token->token));
46 throw new webservice_access_exception(get_string('invalidtimedtoken', 'webservice'));
47}
48
49//assumes that if sid is set then there must be a valid associated session no matter the token type
50if ($token->sid) {
51 $session = session_get_instance();
52 if (!$session->session_exists($token->sid)) {
53 $DB->delete_records('external_tokens', array('sid'=>$token->sid));
54 throw new webservice_access_exception(get_string('invalidtokensession', 'webservice'));
55 }
56}
57
58// Check ip
59if ($token->iprestriction and !address_in_subnet(getremoteaddr(), $token->iprestriction)) {
60 add_to_log(SITEID, 'webservice', get_string('tokenauthlog', 'webservice'), '' , get_string('failedtolog', 'webservice').": ".getremoteaddr(), 0);
61 throw new webservice_access_exception(get_string('invalidiptoken', 'webservice'));
62}
63
64$user = $DB->get_record('user', array('id'=>$token->userid, 'deleted'=>0), '*', MUST_EXIST);
65
66// log token access
67$DB->set_field('external_tokens', 'lastaccess', time(), array('id'=>$token->id));
68
69session_set_user($user);
70$context = get_context_instance(CONTEXT_USER, $USER->id);
71require_capability('moodle/user:manageownfiles', $context);
72
73$fs = get_file_storage();
74
7515e1ba
DC
75$totalsize = 0;
76$files = array();
77foreach ($_FILES as $fieldname=>$uploaded_file) {
42b2809f
DC
78 // check upload errors
79 if (!empty($_FILES[$fieldname]['error'])) {
80 switch ($_FILES[$fieldname]['error']) {
81 case UPLOAD_ERR_INI_SIZE:
82 throw new moodle_exception('upload_error_ini_size', 'repository_upload');
83 break;
84 case UPLOAD_ERR_FORM_SIZE:
85 throw new moodle_exception('upload_error_form_size', 'repository_upload');
86 break;
87 case UPLOAD_ERR_PARTIAL:
88 throw new moodle_exception('upload_error_partial', 'repository_upload');
89 break;
90 case UPLOAD_ERR_NO_FILE:
91 throw new moodle_exception('upload_error_no_file', 'repository_upload');
92 break;
93 case UPLOAD_ERR_NO_TMP_DIR:
94 throw new moodle_exception('upload_error_no_tmp_dir', 'repository_upload');
95 break;
96 case UPLOAD_ERR_CANT_WRITE:
97 throw new moodle_exception('upload_error_cant_write', 'repository_upload');
98 break;
99 case UPLOAD_ERR_EXTENSION:
100 throw new moodle_exception('upload_error_extension', 'repository_upload');
101 break;
102 default:
103 throw new moodle_exception('nofile');
104 }
105 }
7515e1ba
DC
106 $file = new stdClass();
107 $file->filename = clean_param($_FILES[$fieldname]['name'], PARAM_FILE);
108 // check system maxbytes setting
109 if (($_FILES[$fieldname]['size'] > $CFG->maxbytes)) {
110 // oversize file will be ignored, error added to array to notify
111 // web service client
112 $file->error = get_string('maxbytes', 'error');
113 } else {
114 $file->filepath = $_FILES[$fieldname]['tmp_name'];
115 // calculate total size of upload
116 $totalsize += $_FILES[$fieldname]['size'];
117 }
118 $files[] = $file;
119}
120
121$fs = get_file_storage();
122
123$usedspace = 0;
124$privatefiles = $fs->get_area_files($context->id, 'user', 'private', false, 'id', false);
125foreach ($privatefiles as $file) {
126 $usedspace += $file->get_filesize();
127}
128
129if ($totalsize > ($CFG->userquota - $usedspace)) {
130 throw new file_exception('userquotalimit');
131}
132
133$results = array();
134foreach ($files as $file) {
135 if (!empty($file->error)) {
136 // including error and filename
137 $results[] = $file;
138 continue;
139 }
42b2809f
DC
140 $file_record = new stdClass;
141 $file_record->component = 'user';
142 $file_record->contextid = $context->id;
143 $file_record->userid = $USER->id;
144 $file_record->filearea = 'private';
7515e1ba 145 $file_record->filename = $file->filename;
42b2809f
DC
146 $file_record->filepath = $filepath;
147 $file_record->itemid = 0;
148 $file_record->license = $CFG->sitedefaultlicense;
149 $file_record->author = fullname($user);;
150 $file_record->source = '';
7515e1ba
DC
151 $stored_file = $fs->create_file_from_pathname($file_record, $file->filepath);
152 $results[] = $file_record;
42b2809f 153}
7515e1ba 154echo json_encode($results);