search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix a possible race condition in the PaintWeb DML code.
[moodle/mihaisucan.git] / mod / data / preset.php
blob7dd60eb00992900bfbe86a27420478b897686d26
1 <?php // $Id$
2 /* Preset Menu
3 *
4 * This is the page that is the menu item in the config database
5 * pages.
6 */
7
8 require_once('../../config.php');
9 require_once('lib.php');
10 require_once($CFG->libdir.'/uploadlib.php');
11 require_once($CFG->libdir.'/xmlize.php');
12
13 $id = optional_param('id', 0, PARAM_INT); // course module id
14 $d = optional_param('d', 0, PARAM_INT); // database activity id
15 $action = optional_param('action', 'base', PARAM_ALPHANUM); // current action
16 $fullname = optional_param('fullname', '', PARAM_PATH); // directory the preset is in
17 $file = optional_param('file', '', PARAM_PATH); // uploaded file
18
19 // find out preset owner userid and shortname
20 $parts = explode('/', $fullname);
21 $userid = empty($parts[0]) ? 0 : (int)$parts[0];
22 $shortname = empty($parts[1]) ? '' : $parts[1];
23 unset($parts);
24 unset($fullname);
25
26 if ($id) {
27 if (! $cm = get_coursemodule_from_id('data', $id)) {
28 error('Course Module ID was incorrect');
29 }
30 if (! $course = get_record('course', 'id', $cm->course)) {
31 error('Course is misconfigured');
32 }
33 if (! $data = get_record('data', 'id', $cm->instance)) {
34 error('Module Incorrect');
35 }
36 } else if ($d) {
37 if (! $data = get_record('data', 'id', $d)) {
38 error('Database ID Incorrect');
39 }
40 if (! $course = get_record('course', 'id', $data->course)) {
41 error('Course is misconfigured');
42 }
43 if (! $cm = get_coursemodule_from_instance('data', $data->id, $course->id)) {
44 error('Course Module ID was incorrect');
45 }
46 } else {
47 error('Parameter missing');
48 }
49
50 // fill in missing properties needed for updating of instance
51 $data->course = $cm->course;
52 $data->cmidnumber = $cm->idnumber;
53 $data->instance = $cm->instance;
54
55 if (!$context = get_context_instance(CONTEXT_MODULE, $cm->id)) {
56 error('Could not find context');
57 }
58
59 require_login($course->id, false, $cm);
60
61 require_capability('mod/data:managetemplates', $context);
62
63 if ($userid && ($userid != $USER->id) && !has_capability('mod/data:viewalluserpresets', $context)) {
64 error('You are not allowed to access presets from other users');
65 }
66
67 /* Need sesskey security check here for import instruction */
68 $sesskey = sesskey();
69
70 /********************************************************************/
71 /* Output */
72 if ($action !== 'export') {
73 data_print_header($course, $cm, $data, 'presets');
74 }
75
76 switch ($action) {
77 /***************** Deleting *****************/
78 case 'confirmdelete' :
79 if (!confirm_sesskey()) { // GET request ok here
80 error("Sesskey Invalid");
81 }
82
83 if ($userid > 0 and ($userid == $USER->id || has_capability('mod/data:manageuserpresets', $context))) {
84 //ok can delete
85 } else {
86 error("Invalid request");
87 }
88
89 $path = data_preset_path($course, $userid, $shortname);
90
91 $strwarning = get_string('deletewarning', 'data').'<br />'.
92 data_preset_name($shortname, $path);
93
94 $options = new object();
95 $options->fullname = $userid.'/'.$shortname;
96 $options->action = 'delete';
97 $options->d = $data->id;
98 $options->sesskey = sesskey();
99
100 $optionsno = new object();
101 $optionsno->d = $data->id;
102 notice_yesno($strwarning, 'preset.php', 'preset.php', $options, $optionsno, 'post', 'get');
103 print_footer($course);
104 exit(0);
105 break;
106
107 case 'delete' :
108 if (!data_submitted() and !confirm_sesskey()) {
109 error("Invalid request");
110 }
111
112 if ($userid > 0 and ($userid == $USER->id || has_capability('mod/data:manageuserpresets', $context))) {
113 //ok can delete
114 } else {
115 error("Invalid request");
116 }
117
118 $presetpath = data_preset_path($course, $userid, $shortname);
119
120 if (!clean_preset($presetpath)) {
121 error("Error deleting a preset!");
122 }
123 @rmdir($presetpath);
124
125 $strdeleted = get_string('deleted', 'data');
126 notify("$shortname $strdeleted", 'notifysuccess');
127 break;
128
129 /***************** Importing *****************/
130 case 'importpreset' :
131 if (!data_submitted() or !confirm_sesskey()) {
132 error("Invalid request");
133 }
134
135 $pimporter = new PresetImporter($course, $cm, $data, $userid, $shortname);
136 $pimporter->import_options();
137
138 print_footer($course);
139 exit(0);
140 break;
141
142 /* Imports a zip file. */
143 case 'importzip' :
144 if (!data_submitted() or !confirm_sesskey()) {
145 error("Invalid request");
146 }
147
148 if (!make_upload_directory('temp/data/'.$USER->id)) {
149 error("Can't Create Directory");
150 }
151
152 $presetfile = $CFG->dataroot.'/temp/data/'.$USER->id;
153 clean_preset($presetfile);
154
155 if (!unzip_file($CFG->dataroot."/$course->id/$file", $presetfile, false)) {
156 error("Can't unzip file");
157 }
158
159 $pimporter = new PresetImporter($course, $cm, $data, -$USER->id, $shortname);
160 $pimporter->import_options();
161
162 print_footer($course);
163 exit(0);
164 break;
165
166 case 'finishimport':
167 if (!data_submitted() or !confirm_sesskey()) {
168 error("Invalid request");
169 }
170
171 $pimporter = new PresetImporter($course, $cm, $data, $userid, $shortname);
172 $pimporter->import();
173
174 $strimportsuccess = get_string('importsuccess', 'data');
175 $straddentries = get_string('addentries', 'data');
176 $strtodatabase = get_string('todatabase', 'data');
177 if (!get_records('data_records', 'dataid', $data->id)) {
178 notify("$strimportsuccess <a href='edit.php?d=$data->id'>$straddentries</a> $strtodatabase", 'notifysuccess');
179 } else {
180 notify("$strimportsuccess", 'notifysuccess');
181 }
182 break;
183
184 /* Exports as a zip file ready for download. */
185 case 'export':
186 if (!data_submitted() or !confirm_sesskey()) {
187 error("Invalid request");
188 }
189 $exportfile = data_presets_export($course, $cm, $data);
190 $exportfilename = basename($exportfile);
191 header("Content-Type: application/download\n");
192 header("Content-Disposition: attachment; filename=$exportfilename");
193 header('Expires: 0');
194 header('Cache-Control: must-revalidate,post-check=0,pre-check=0');
195 header('Pragma: public');
196 $exportfilehandler = fopen($exportfile, 'rb');
197 print fread($exportfilehandler, filesize($exportfile));
198 fclose($exportfilehandler);
199 unlink($exportfile);
200 exit(0);
201 break;
202
203 /***************** Exporting *****************/
204 case 'save1':
205 if (!data_submitted() or !confirm_sesskey()) {
206 error("Invalid request");
207 }
208
209 $strcontinue = get_string('continue');
210 $strwarning = get_string('presetinfo', 'data');
211 $strname = get_string('shortname');
212
213 echo '<div style="text-align:center">';
214 echo '<p>'.$strwarning.'</p>';
215 echo '<form action="preset.php" method="post">';
216 echo '<fieldset class="invisiblefieldset">';
217 echo '<label for="shorname">'.$strname.'</label> <input type="text" id="shorname" name="name" value="'.$data->name.'" />';
218 echo '<input type="hidden" name="action" value="save2" />';
219 echo '<input type="hidden" name="d" value="'.$data->id.'" />';
220 echo '<input type="hidden" name="sesskey" value="'.$sesskey.'" />';
221 echo '<input type="submit" value="'.$strcontinue.'" /></fieldset></form></div>';
222 print_footer($course);
223 exit(0);
224 break;
225
226 case 'save2':
227 if (!data_submitted() or !confirm_sesskey()) {
228 error("Invalid request");
229 }
230
231 $strcontinue = get_string('continue');
232 $stroverwrite = get_string('overwrite', 'data');
233 $strname = get_string('shortname');
234
235 $name = optional_param('name', $data->name, PARAM_FILE);
236
237 if (is_directory_a_preset("$CFG->dataroot/data/preset/$USER->id/$name")) {
238 notify("Preset already exists: Pick another name or overwrite");
239
240 echo '<div style="text-align:center">';
241 echo '<form action="preset.php" method="post">';
242 echo '<fieldset class="invisiblefieldset">';
243 echo '<label for="shorname">'.$strname.'</label> <input type="textbox" name="name" value="'.$name.'" />';
244 echo '<input type="hidden" name="action" value="save2" />';
245 echo '<input type="hidden" name="d" value="'.$data->id.'" />';
246 echo '<input type="hidden" name="sesskey" value="'.$sesskey.'" />';
247 echo '<input type="submit" value="'.$strcontinue.'" /></fieldset></form>';
248
249 echo '<form action="preset.php" method="post">';
250 echo '<div>';
251 echo '<input type="hidden" name="name" value="'.$name.'" />';
252 echo '<input type="hidden" name="action" value="save3" />';
253 echo '<input type="hidden" name="d" value="'.$data->id.'" />';
254 echo '<input type="hidden" name="sesskey" value="'.$sesskey.'" />';
255 echo '<input type="submit" value="'.$stroverwrite.'" /></div></form>';
256 echo '</div>';
257 print_footer($course);
258 exit(0);
259 break;
260 }
261
262 case 'save3':
263 if (!data_submitted() or !confirm_sesskey()) {
264 error("Invalid request");
265 }
266
267 $name = optional_param('name', $data->name, PARAM_FILE);
268 $presetdirectory = "/data/preset/$USER->id/$name";
269
270 make_upload_directory($presetdirectory);
271 clean_preset($CFG->dataroot.$presetdirectory);
272
273 $file = data_presets_export($course, $cm, $data);
274 if (!unzip_file($file, $CFG->dataroot.$presetdirectory, false)) {
275 error("Can't unzip to the preset directory");
276 }
277 notify(get_string('savesuccess', 'data'), 'notifysuccess');
278 break;
279 }
280
281 $presets = data_get_available_presets($context);
282
283 $strimport = get_string('import');
284 $strfromfile = get_string('fromfile', 'data');
285 $strchooseorupload = get_string('chooseorupload', 'data');
286 $strusestandard = get_string('usestandard', 'data');
287 $strchoose = get_string('choose');
288 $strexport = get_string('export', 'data');
289 $strexportaszip = get_string('exportaszip', 'data');
290 $strsaveaspreset = get_string('saveaspreset', 'data');
291 $strsave = get_string('save', 'data');
292 $strdelete = get_string('delete');
293
294 echo '<div style="text-align:center">';
295 echo '<table class="presets" cellpadding="5">';
296 echo '<tr><td valign="top" colspan="2" align="center"><h3>'.$strexport.'</h3></td></tr>';
297
298 echo '<tr><td><label>'.$strexportaszip.'</label>';
299 helpbutton('exportzip', '', 'data', true, true);
300 echo '</td><td>';
301 $options = new object();
302 $options->action = 'export';
303 $options->d = $data->id;
304 $options->sesskey = sesskey();
305 print_single_button('preset.php', $options, $strexport, 'post');
306 echo '</td></tr>';
307
308 echo '<tr><td><label>'.$strsaveaspreset.'</label>';
309 helpbutton('savepreset', '', 'data', true, true);
310 echo '</td><td>';
311 $options = new object();
312 $options->action = 'save1';
313 $options->d = $data->id;
314 $options->sesskey = sesskey();
315 print_single_button('preset.php', $options, $strsave, 'post');
316 echo '</td></tr>';
317 echo '<tr><td valign="top" colspan="2" align="center"><h3>'.$strimport.'</h3></td></tr>';
318 echo '<tr><td><label for="fromfile">'.$strfromfile.'</label>';
319 helpbutton('importfromfile', '', 'data', true, true);
320 echo '</td><td>';
321 echo '<form id="uploadpreset" method="post" action="preset.php">';
322 echo '<fieldset class="invisiblefieldset">';
323 echo '<input type="hidden" name="d" value="'.$data->id.'" />';
324 echo '<input type="hidden" name="action" value="importzip" />';
325 echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
326 echo '<input name="file" size="20" value="" id="fromfile" type="text" /><input name="coursefiles" value="'.$strchooseorupload.'" onclick="return openpopup('."'/files/index.php?id={$course->id}&amp;choose=uploadpreset.file', 'coursefiles', 'menubar=0,location=0,scrollbars,resizable,width=750,height=500', 0".');" type="button" />';
327 echo '<input type="submit" value="'.$strimport.'" />';
328 echo '</fieldset></form>';
329 echo '</td></tr>';
330
331 echo '<tr valign="top"><td><label>'.$strusestandard.'</label>';
332 helpbutton('usepreset', '', 'data', true, true);
333 echo '</td><td>';
334
335 echo '<form id="presets" method="post" action="preset.php" >';
336 echo '<fieldset class="invisiblefieldset">';
337 echo '<input type="hidden" name="d" value="'.$data->id.'" />';
338 echo '<input type="hidden" name="action" value="importpreset" />';
339 echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
340
341 $i = 0;
342 foreach ($presets as $id => $preset) {
343 $screenshot = '';
344 if (!empty($preset->userid)) {
345 $user = get_record('user', 'id', $preset->userid);
346 $desc = $preset->name.' ('.fullname($user, true).')';
347 } else {
348 $desc = $preset->name;
349 }
350
351 if (!empty($preset->screenshot)) {
352 $screenshot = '<img width="150" class="presetscreenshot" src="'.$preset->screenshot.'" alt="'.get_string('screenshot').' '.$desc.'" />&nbsp;';
353 }
354
355 $fullname = $preset->userid.'/'.$preset->shortname;
356
357 $dellink = '';
358 if ($preset->userid > 0 and ($preset->userid == $USER->id || has_capability('mod/data:manageuserpresets', $context))) {
359 $dellink = '&nbsp;<a href="preset.php?d='.$data->id.'&amp;action=confirmdelete&amp;fullname='.$fullname.'&amp;sesskey='.sesskey().'">'.
360 '<img src="'.$CFG->pixpath.'/t/delete.gif" class="iconsmall" alt="'.$strdelete.' '.$desc.'" /></a>';
361 }
362
363 echo '<input type="radio" name="fullname" id="usepreset'.$i.'" value="'.$fullname.'" /><label for="usepreset'.$i++.'">'.$desc.'</label>'.$dellink.'<br />';
364 }
365 echo '<br />';
366 echo '<input type="submit" value="'.$strchoose.'" />';
367 echo '</fieldset></form>';
368 echo '</td></tr>';
369 echo '</table>';
370 echo '</div>';
371
372 print_footer($course);
373 exit(0);
374
375 ################################################################################
376
377
378 function data_presets_export($course, $cm, $data) {
379 global $CFG;
380 $presetname = clean_filename($data->name) . '-preset-' . gmdate("Ymd_Hi");
381 $exportsubdir = "$course->id/moddata/data/$data->id/$presetname";
382 make_upload_directory($exportsubdir);
383 $exportdir = "$CFG->dataroot/$exportsubdir";
384
385 // Assemble "preset.xml":
386 $presetxmldata = "<preset>\n\n";
387
388 // Raw settings are not preprocessed during saving of presets
389 $raw_settings = array(
390 'intro',
391 'comments',
392 'requiredentries',
393 'requiredentriestoview',
394 'maxentries',
395 'rssarticles',
396 'approval',
397 'defaultsortdir'
398 );
399
400 $presetxmldata .= "<settings>\n";
401 // First, settings that do not require any conversion
402 foreach ($raw_settings as $setting) {
403 $presetxmldata .= "<$setting>" . htmlspecialchars($data->$setting) . "</$setting>\n";
404 }
405
406 // Now specific settings
407 if ($data->defaultsort > 0 && $sortfield = data_get_field_from_id($data->defaultsort, $data)) {
408 $presetxmldata .= '<defaultsort>' . htmlspecialchars($sortfield->field->name) . "</defaultsort>\n";
409 } else {
410 $presetxmldata .= "<defaultsort>0</defaultsort>\n";
411 }
412 $presetxmldata .= "</settings>\n\n";
413
414 // Now for the fields. Grab all that are non-empty
415 $fields = get_records('data_fields', 'dataid', $data->id);
416 ksort($fields);
417 if (!empty($fields)) {
418 foreach ($fields as $field) {
419 $presetxmldata .= "<field>\n";
420 foreach ($field as $key => $value) {
421 if ($value != '' && $key != 'id' && $key != 'dataid') {
422 $presetxmldata .= "<$key>" . htmlspecialchars($value) . "</$key>\n";
423 }
424 }
425 $presetxmldata .= "</field>\n\n";
426 }
427 }
428 $presetxmldata .= '</preset>';
429
430 // After opening a file in write mode, close it asap
431 $presetxmlfile = fopen($exportdir . '/preset.xml', 'w');
432 fwrite($presetxmlfile, $presetxmldata);
433 fclose($presetxmlfile);
434
435 // Now write the template files
436 $singletemplate = fopen($exportdir . '/singletemplate.html', 'w');
437 fwrite($singletemplate, $data->singletemplate);
438 fclose($singletemplate);
439
440 $listtemplateheader = fopen($exportdir . '/listtemplateheader.html', 'w');
441 fwrite($listtemplateheader, $data->listtemplateheader);
442 fclose($listtemplateheader);
443
444 $listtemplate = fopen($exportdir . '/listtemplate.html', 'w');
445 fwrite($listtemplate, $data->listtemplate);
446 fclose($listtemplate);
447
448 $listtemplatefooter = fopen($exportdir . '/listtemplatefooter.html', 'w');
449 fwrite($listtemplatefooter, $data->listtemplatefooter);
450 fclose($listtemplatefooter);
451
452 $addtemplate = fopen($exportdir . '/addtemplate.html', 'w');
453 fwrite($addtemplate, $data->addtemplate);
454 fclose($addtemplate);
455
456 $rsstemplate = fopen($exportdir . '/rsstemplate.html', 'w');
457 fwrite($rsstemplate, $data->rsstemplate);
458 fclose($rsstemplate);
459
460 $rsstitletemplate = fopen($exportdir . '/rsstitletemplate.html', 'w');
461 fwrite($rsstitletemplate, $data->rsstitletemplate);
462 fclose($rsstitletemplate);
463
464 $csstemplate = fopen($exportdir . '/csstemplate.css', 'w');
465 fwrite($csstemplate, $data->csstemplate);
466 fclose($csstemplate);
467
468 $jstemplate = fopen($exportdir . '/jstemplate.js', 'w');
469 fwrite($jstemplate, $data->jstemplate);
470 fclose($jstemplate);
471
472 $asearchtemplate = fopen($exportdir . '/asearchtemplate.html', 'w');
473 fwrite($asearchtemplate, $data->asearchtemplate);
474 fclose($asearchtemplate);
475
476 // Check if all files have been generated
477 if (! is_directory_a_preset($exportdir)) {
478 error('Not all files generated!');
479 // should be migrated to print_error()
480 }
481
482 $filelist = array(
483 'preset.xml',
484 'singletemplate.html',
485 'listtemplateheader.html',
486 'listtemplate.html',
487 'listtemplatefooter.html',
488 'addtemplate.html',
489 'rsstemplate.html',
490 'rsstitletemplate.html',
491 'csstemplate.css',
492 'jstemplate.js',
493 'asearchtemplate.html'
494 );
495
496 foreach ($filelist as $key => $file) {
497 $filelist[$key] = $exportdir . '/' . $filelist[$key];
498 }
499
500 $exportfile = "$CFG->dataroot/$course->id/moddata/data/$data->id/$presetname.zip";
501 file_exists($exportfile) && unlink($exportfile);
502 $status = zip_files($filelist, $exportfile);
503 // ToDo: status check
504 foreach ($filelist as $file) {
505 unlink($file);
506 }
507 rmdir($exportdir);
508
509 // Return the full path to the exported preset file:
510 return $exportfile;
511 }
512
513 ?>
Mihai Sucan's work on Moodle