2 // This file is part of Moodle - http://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
18 * Accpet uploading files by web service token
21 * @copyright 2011 Dongsheng Cai <dongsheng@moodle.com>
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25 define('AJAX_SCRIPT', true);
26 define('NO_MOODLE_COOKIES', true);
27 require_once(dirname(dirname(__FILE__
)) . '/config.php');
28 $token = required_param('token', PARAM_ALPHANUM
);
29 $filepath = optional_param('filepath', '/', PARAM_PATH
);
31 echo $OUTPUT->header();
33 // web service must be enabled to use this script
34 if (!$CFG->enablewebservices
) {
35 throw new moodle_exception('enablewsdescription', 'webservice');
37 // Obtain token record
38 if (!$token = $DB->get_record('external_tokens', array('token'=>$token))) {
39 throw new webservice_access_exception(get_string('invalidtoken', 'webservice'));
42 // Validate token date
43 if ($token->validuntil
and $token->validuntil
< time()) {
44 add_to_log(SITEID
, 'webservice', get_string('tokenauthlog', 'webservice'), '' , get_string('invalidtimedtoken', 'webservice'), 0);
45 $DB->delete_records('external_tokens', array('token'=>$token->token
));
46 throw new webservice_access_exception(get_string('invalidtimedtoken', 'webservice'));
49 //assumes that if sid is set then there must be a valid associated session no matter the token type
51 $session = session_get_instance();
52 if (!$session->session_exists($token->sid
)) {
53 $DB->delete_records('external_tokens', array('sid'=>$token->sid
));
54 throw new webservice_access_exception(get_string('invalidtokensession', 'webservice'));
59 if ($token->iprestriction
and !address_in_subnet(getremoteaddr(), $token->iprestriction
)) {
60 add_to_log(SITEID
, 'webservice', get_string('tokenauthlog', 'webservice'), '' , get_string('failedtolog', 'webservice').": ".getremoteaddr(), 0);
61 throw new webservice_access_exception(get_string('invalidiptoken', 'webservice'));
64 $user = $DB->get_record('user', array('id'=>$token->userid
, 'deleted'=>0), '*', MUST_EXIST
);
67 $DB->set_field('external_tokens', 'lastaccess', time(), array('id'=>$token->id
));
69 session_set_user($user);
70 $context = get_context_instance(CONTEXT_USER
, $USER->id
);
71 require_capability('moodle/user:manageownfiles', $context);
73 $fs = get_file_storage();
75 foreach ($_FILES as $fieldname=>$file) {
76 // check upload errors
77 if (!empty($_FILES[$fieldname]['error'])) {
78 switch ($_FILES[$fieldname]['error']) {
79 case UPLOAD_ERR_INI_SIZE
:
80 throw new moodle_exception('upload_error_ini_size', 'repository_upload');
82 case UPLOAD_ERR_FORM_SIZE
:
83 throw new moodle_exception('upload_error_form_size', 'repository_upload');
85 case UPLOAD_ERR_PARTIAL
:
86 throw new moodle_exception('upload_error_partial', 'repository_upload');
88 case UPLOAD_ERR_NO_FILE
:
89 throw new moodle_exception('upload_error_no_file', 'repository_upload');
91 case UPLOAD_ERR_NO_TMP_DIR
:
92 throw new moodle_exception('upload_error_no_tmp_dir', 'repository_upload');
94 case UPLOAD_ERR_CANT_WRITE
:
95 throw new moodle_exception('upload_error_cant_write', 'repository_upload');
97 case UPLOAD_ERR_EXTENSION
:
98 throw new moodle_exception('upload_error_extension', 'repository_upload');
101 throw new moodle_exception('nofile');
104 $file_record = new stdClass
;
105 $file_record->component
= 'user';
106 $file_record->contextid
= $context->id
;
107 $file_record->userid
= $USER->id
;
108 $file_record->filearea
= 'private';
109 $file_record->filename
= clean_param($_FILES[$fieldname]['name'], PARAM_FILE
);
110 $file_record->filepath
= $filepath;
111 $file_record->itemid
= 0;
112 $file_record->license
= $CFG->sitedefaultlicense
;
113 $file_record->author
= fullname($user);;
114 $file_record->source
= '';
115 $stored_file = $fs->create_file_from_pathname($file_record, $_FILES[$fieldname]['tmp_name']);
116 $uploaded_files[] = $file_record;
118 echo json_encode($uploaded_files);