MDL-21695 adding help and link strings
[moodle.git] / userfile.php
blobee11ca26c12cc2cb63a1669b4a1bb867443259bb
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
18 /**
19 * This script serves user's private files
21 * @package moodlecore
22 * @subpackage file
23 * @copyright 2008 Petr Skoda (http://skodak.org)
24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
27 // disable moodle specific debug messages and any errors in output
28 define('NO_DEBUG_DISPLAY', true);
30 require_once('config.php');
31 require_once('lib/filelib.php');
34 $relativepath = get_file_argument();
35 $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);
37 // relative path must start with '/'
38 if (!$relativepath) {
39 print_error('invalidargorconf');
40 } else if ($relativepath{0} != '/') {
41 print_error('pathdoesnotstartslash');
44 // extract relative path components
45 $args = explode('/', ltrim($relativepath, '/'));
47 if (count($args) == 0) { // always at least user id
48 print_error('invalidarguments');
51 $contextid = (int)array_shift($args);
52 $filearea = array_shift($args);
54 $context = get_context_instance_by_id($contextid);
55 if ($context->contextlevel != CONTEXT_USER) {
56 print_error('invalidarguments');
59 $userid = $context->instanceid;
61 switch ($filearea) {
62 case 'user_profile':
63 require_login();
64 if (isguestuser()) {
65 print_error('noguest');
68 // access controll here must match user edit forms
69 if ($userid == $USER->id) {
70 if (!has_capability('moodle/user:editownprofile', get_context_instance(CONTEXT_SYSTEM))) {
71 send_file_not_found();
73 } else {
74 if (!has_capability('moodle/user:editprofile', $context) and !has_capability('moodle/user:update', $context)) {
75 send_file_not_found();
78 $itemid = 0;
79 $forcedownload = true;
80 break;
82 case 'user_private':
83 require_login();
84 if (isguestuser()) {
85 send_file_not_found();
87 if ($USER->id != $userid) {
88 send_file_not_found();
90 $itemid = 0;
91 $forcedownload = true;
92 break;
93 case 'user_backup':
94 require_login();
95 if (isguestuser()) {
96 send_file_not_found();
98 if ($USER->id != $userid) {
99 send_file_not_found();
101 $itemid = 0;
102 $forcedownload = true;
103 break;
105 default:
106 send_file_not_found();
109 $relativepath = '/'.implode('/', $args);
111 $fs = get_file_storage();
113 $fullpath = $context->id.$filearea.$itemid.$relativepath;
115 if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {
116 send_file_not_found();
119 // ========================================
120 // finally send the file
121 // ========================================
122 session_get_instance()->write_close(); // unlock session during fileserving
123 send_stored_file($file, 0, false, $forcedownload);