webservice/upload.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Accpet uploading files by web service token
  19  * @package    moodlecore
  20  * @subpackage files
  21  * @copyright  2011 Dongsheng Cai <dongsheng@moodle.com>
  22  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  */
  24
  25 define('AJAX_SCRIPT', true);
  26 define('NO_MOODLE_COOKIES', true);
  27 require_once(dirname(dirname(__FILE__)) . '/config.php');
  28 $token = required_param('token', PARAM_ALPHANUM);
  29 $filepath = optional_param('filepath', '/', PARAM_PATH);
  30
  31 echo $OUTPUT->header();
  32
  33 // web service must be enabled to use this script
  34 if (!$CFG->enablewebservices) {
  35     throw new moodle_exception('enablewsdescription', 'webservice');
  36 }
  37 // Obtain token record
  38 if (!$token = $DB->get_record('external_tokens', array('token'=>$token))) {
  39     throw new webservice_access_exception(get_string('invalidtoken', 'webservice'));
  40 }
  41
  42 // Validate token date
  43 if ($token->validuntil and $token->validuntil < time()) {
  44     add_to_log(SITEID, 'webservice', get_string('tokenauthlog', 'webservice'), '' , get_string('invalidtimedtoken', 'webservice'), 0);
  45     $DB->delete_records('external_tokens', array('token'=>$token->token));
  46     throw new webservice_access_exception(get_string('invalidtimedtoken', 'webservice'));
  47 }
  48
  49 //assumes that if sid is set then there must be a valid associated session no matter the token type
  50 if ($token->sid) {
  51     $session = session_get_instance();
  52     if (!$session->session_exists($token->sid)) {
  53         $DB->delete_records('external_tokens', array('sid'=>$token->sid));
  54         throw new webservice_access_exception(get_string('invalidtokensession', 'webservice'));
  55     }
  56 }
  57
  58 // Check ip
  59 if ($token->iprestriction and !address_in_subnet(getremoteaddr(), $token->iprestriction)) {
  60     add_to_log(SITEID, 'webservice', get_string('tokenauthlog', 'webservice'), '' , get_string('failedtolog', 'webservice').": ".getremoteaddr(), 0);
  61     throw new webservice_access_exception(get_string('invalidiptoken', 'webservice'));
  62 }
  63
  64 $user = $DB->get_record('user', array('id'=>$token->userid, 'deleted'=>0), '*', MUST_EXIST);
  65
  66 // log token access
  67 $DB->set_field('external_tokens', 'lastaccess', time(), array('id'=>$token->id));
  68
  69 session_set_user($user);
  70 $context = get_context_instance(CONTEXT_USER, $USER->id);
  71 require_capability('moodle/user:manageownfiles', $context);
  72
  73 $fs = get_file_storage();
  74
  75 foreach ($_FILES as $fieldname=>$file) {
  76     // check upload errors
  77     if (!empty($_FILES[$fieldname]['error'])) {
  78         switch ($_FILES[$fieldname]['error']) {
  79         case UPLOAD_ERR_INI_SIZE:
  80             throw new moodle_exception('upload_error_ini_size', 'repository_upload');
  81             break;
  82         case UPLOAD_ERR_FORM_SIZE:
  83             throw new moodle_exception('upload_error_form_size', 'repository_upload');
  84             break;
  85         case UPLOAD_ERR_PARTIAL:
  86             throw new moodle_exception('upload_error_partial', 'repository_upload');
  87             break;
  88         case UPLOAD_ERR_NO_FILE:
  89             throw new moodle_exception('upload_error_no_file', 'repository_upload');
  90             break;
  91         case UPLOAD_ERR_NO_TMP_DIR:
  92             throw new moodle_exception('upload_error_no_tmp_dir', 'repository_upload');
  93             break;
  94         case UPLOAD_ERR_CANT_WRITE:
  95             throw new moodle_exception('upload_error_cant_write', 'repository_upload');
  96             break;
  97         case UPLOAD_ERR_EXTENSION:
  98             throw new moodle_exception('upload_error_extension', 'repository_upload');
  99             break;
 100         default:
 101             throw new moodle_exception('nofile');
 102         }
 103     }
 104     $file_record = new stdClass;
 105     $file_record->component = 'user';
 106     $file_record->contextid = $context->id;
 107     $file_record->userid    = $USER->id;
 108     $file_record->filearea  = 'private';
 109     $file_record->filename = clean_param($_FILES[$fieldname]['name'], PARAM_FILE);
 110     $file_record->filepath  = $filepath;
 111     $file_record->itemid    = 0;
 112     $file_record->license   = $CFG->sitedefaultlicense;
 113     $file_record->author    = fullname($user);;
 114     $file_record->source    = '';
 115     $stored_file = $fs->create_file_from_pathname($file_record, $_FILES[$fieldname]['tmp_name']);
 116     $uploaded_files[] = $file_record;
 117 }
 118 echo json_encode($uploaded_files);