function student_files_handle_upload

6.x student_files.module student_files_handle_upload($student_id, $bool_goto_history_when_done = TRUE, $file = array())
7.x student_files.module student_files_handle_upload($student_id, $bool_goto_history_when_done = TRUE, $file = array())

Handles the upload of a file which we assume is located at $_FILES["student_file_upload_file"], or the provided $file array.

2 calls to student_files_handle_upload()
student_files_little_upload_form_submit in modules/student_files/student_files.module
student_files_upload_any_student_files_form_submit in modules/student_files/student_files.module
We can assume at this point that eveything is peachy, so let's get to uploading!

File

modules/student_files/student_files.module, line 451
This is the student_files module, which will facilitate uploading (securely) files to be associated with student accounts.

Code

function student_files_handle_upload($student_id, $bool_goto_history_when_done = TRUE, $file = array()) {
  global $user;
  $system_files_path = $GLOBALS ["fp_system_settings"]["file_system_path"];

  $access_type = @$file ["access_type"];

  if (count($file) == 0) {
    $file = $_FILES ["student_file_upload_file"];
    $temp = fp_re_array_files($file);
    $file = $temp [0];
    $access_type = $_POST ["access_type"];
  }

  $files_path = variable_get("student_files_path", "$system_files_path/custom/files/student_files");
  $sub_dir_pattern = variable_get("student_files_sub_dir_pattern", "%year/%student_cwid");
  $filename_pattern = variable_get("student_files_filename_pattern", "%student_cwid.%random.%ext");
  $encryption = variable_get("student_files_encryption", "yes");

  // Let's set up our eventual replacement pattern values.
  $r = array();
  $r ["%year"] = date("Y");
  $r ["%student_cwid"] = $student_id;
  $r ["%timestamp"] = time();
  $r ["%random"] = fp_get_random_string(7);
  $original_filename = $file ["name"];
  $r ["%original_filename"] = $original_filename;
  $is_encrypted = 0;

  $type = $file ["type"];
  $tmp_name = $file ["tmp_name"];

  if (trim($tmp_name) == "") {
    // No file was selected for upload!
    fp_add_message(t("No file was selected for upload.  Please try again."), "error");
    if ($bool_goto_history_when_done) {
      fp_goto("history", "current_student_id=$student_id");
    }
    return;
  }

  // Figure out the extension of the original filename.
  $temp = explode(".", $original_filename);
  $r ["%ext"] = $temp [count($temp) - 1];

  // Make sure that this extension is allowed.
  $allowed_extensions = csv_to_array(strtolower(variable_get("student_files_allowed_extensions", "txt,pdf,doc,docx,csv,xls,xlsx,ppt,pptx,rtf,odt,jpg,jpeg,png,gif,zip,7z")));
  if (!in_array(strtolower($r ["%ext"]), $allowed_extensions)) {
    // Meaning, this extension is not allowed!
    fp_add_message(t("Sorry, the file's type/extension (%ext) is not allowed.  Please rename or select another file, then try again.", array("%ext" => $original_filename)), "error");
    if ($bool_goto_history_when_done) {
      fp_goto("history", "current_student_id=$student_id");
    }
    return;
  }






  // If we will be encrypting this, then the ext is actually .txt.enc  or .pdf.enc.  So we know its encrypted.
  if (module_enabled("encryption") && $encryption == "yes") {
    $r ["%ext"] .= ".enc";
  }

  // Okay, create the replaced strings...
  $sub_dir = $filename = "";
  foreach ($r as $k => $v) {
    $sub_dir_pattern = str_replace($k, $v, $sub_dir_pattern);
    $filename_pattern = str_replace($k, $v, $filename_pattern);
  }

  $sub_dir = $sub_dir_pattern;
  $filename = $filename_pattern;

  // Okay, now let's make sure we can create the sub_dir if it doesn't already exist.
  if (!file_exists($files_path . "/" . $sub_dir)) {
    if (!mkdir($files_path . "/" . $sub_dir, 0777, TRUE)) {
      fp_add_message(t("Could not upload file because destination directory, %dir, could not be created or its parent
                        directory is not writable.", array("%dir" => $files_path . "/" . $sub_dir)), "error");

      return;
    }
  }

  // If the filename is too long, shorten it.  Linux won't allow more than 255 bytes (usually corresponds to chars, depending on file system), 
  // Windows its 260 chars.  Let's be safe and stop at 100 chars + ext.
  if (strlen($filename) > 100) {
    $filename = substr($filename, 0, 100) . "." . $r ["%ext"];
  }

  // Make sure the filename doesn't already exist.  If it does, we add a little more randomness to the end of the file.
  if (file_exists($files_path . "/" . $sub_dir . "/" . $filename)) {
    while (true) {
      $test_filename = $filename . "." . fp_get_random_string(5) . "." . $r ["%ext"];
      if (!file_exists($files_path . "/" . $sub_dir . "/" . $test_filename)) {
        $filename = $test_filename;
        break;
      }
    }
  }

  // Okay, if we are here we can proceed with the copy.

  // if encryption is enabled, we must use the encryption module to do this instead of a simple copy.
  if (module_enabled("encryption") && $encryption === "yes" && encryption_get_key()) {
    // Yep, we should encrypt this file.

    // We need to do that by loading the file into memory, then getting the encrypted version, then writing it
    // out to the destination.
    $file_contents = file_get_contents($tmp_name);
    $enc_file_contents = encryption_encrypt($file_contents);
    if (!file_put_contents($files_path . "/" . $sub_dir . "/" . $filename, $enc_file_contents)) {
      fp_add_message(t("Could not upload file.  Possibly because of permission issues on the destination directory,
                        the disk is full, or some other reason."), "error");
      return;
    }

    $is_encrypted = 1;

  }
  else {

    // No encryption-- just copy it the traditional way.

    if (!copy($tmp_name, $files_path . "/" . $sub_dir . "/" . $filename)) {
      fp_add_message(t("Could not upload file.  Possibly because of permission issues on the destination directory,
                        the disk is full, or some other reason."), "error");
      return;
    }
  }


  // Okay, write to our database table our values.
  db_query("INSERT INTO student_files(student_id, original_filename, filepath, filename, filetype, uploaded_by_uid, uploaded_by_cwid, is_encrypted, posted, access_type)
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $student_id, $original_filename, $files_path . '/' . $sub_dir, $filename, $type, 
  $user->id, $user->cwid, $is_encrypted, time(), $access_type);

  // Go back to history tab.
  fp_add_message(t("File %ofile was uploaded successfully for student %cwid.", array("%ofile" => $original_filename, "%cwid" => $student_id)));
  if ($bool_goto_history_when_done) {
    fp_goto("history", "current_student_id=$student_id");
  }
}