MDL-17457 migrated all modules to new db/install.php; added upgrade.txt file for...
[moodle.git] / userfile.php
1 <?php  // $Id$
3     require_once('config.php');
4     require_once('lib/filelib.php');
6     // disable moodle specific debug messages
7     disable_debugging();
9     $relativepath = get_file_argument();
10     $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);
12     // relative path must start with '/'
13     if (!$relativepath) {
14         print_error('invalidargorconf');
15     } else if ($relativepath{0} != '/') {
16         print_error('pathdoesnotstartslash');
17     }
19     // extract relative path components
20     $args = explode('/', ltrim($relativepath, '/'));
22     if (count($args) == 0) { // always at least user id
23         print_error('invalidarguments');
24     }
26     $contextid = (int)array_shift($args);
27     $filearea = array_shift($args);
29     $context = get_context_instance_by_id($contextid);
30     if ($context->contextlevel != CONTEXT_USER) {
31         print_error('invalidarguments');
32     }
34     $userid = $context->instanceid;
36     switch ($filearea) {
37         case 'user_profile':
38             require_login();
39             if (isguestuser()) {
40                 print_error('noguest');
41             }
43             // access controll here must match user edit forms
44             if ($userid == $USER->id) {
45                  if (!has_capability('moodle/user:editownprofile', get_context_instance(CONTEXT_SYSTEM))) {
46                     send_file_not_found();
47                  }
48             } else { 
49                 if (!has_capability('moodle/user:editprofile', $context) and !has_capability('moodle/user:update', $context)) {
50                     send_file_not_found();
51                 }
52             }
53             $itemid = 0;
54             $forcedownload = true;
55             break;
57         case 'user_private':
58             require_login();
59             if (isguestuser()) {
60                 send_file_not_found();
61             }
62             if ($USER->id != $userid) {
63                 send_file_not_found();
64             }
65             $itemid = 0;
66             $forcedownload = true;
67             break;
69         default:
70             send_file_not_found();
71     }
72     
73     $relativepath = '/'.implode('/', $args);
75     $fs = get_file_storage();
77     $fullpath = $context->id.$filearea.$itemid.$relativepath;
79     if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {
80         send_file_not_found();
81     }
83     // ========================================
84     // finally send the file
85     // ========================================
86     session_write_close(); // unlock session during fileserving
87     send_stored_file($file, 0, false, $forcedownload);