function student_files_handle_upload
Search API
| 6.x student_files.module | student_files_handle_upload($student_id, $bool_goto_history_when_done = TRUE, $file = array()) |
Handles the upload of a file which we assume is located at $_FILES["student_file_upload_file"], or the provided $file array.
2 calls to student_files_handle_upload()
- student_files_little_upload_form_submit in modules/
student_files/ student_files.module - student_files_upload_any_student_files_form_submit in modules/
student_files/ student_files.module - We can assume at this point that eveything is peachy, so let's get to uploading!
File
- modules/
student_files/ student_files.module, line 451 - This is the student_files module, which will facilitate uploading (securely) files to be associated with student accounts.
Code
function student_files_handle_upload($student_id, $bool_goto_history_when_done = TRUE, $file = array()) {
global $user;
$system_files_path = $GLOBALS ["fp_system_settings"]["file_system_path"];
$access_type = @$file ["access_type"];
if (count($file) == 0) {
$file = $_FILES ["student_file_upload_file"];
$temp = fp_re_array_files($file);
$file = $temp [0];
$access_type = $_POST ["access_type"];
}
$files_path = variable_get("student_files_path", "$system_files_path/custom/files/student_files");
$sub_dir_pattern = variable_get("student_files_sub_dir_pattern", "%year/%student_cwid");
$filename_pattern = variable_get("student_files_filename_pattern", "%student_cwid.%random.%ext");
$encryption = variable_get("student_files_encryption", "yes");
// Let's set up our eventual replacement pattern values.
$r = array();
$r ["%year"] = date("Y");
$r ["%student_cwid"] = $student_id;
$r ["%timestamp"] = time();
$r ["%random"] = fp_get_random_string(7);
$original_filename = $file ["name"];
$r ["%original_filename"] = $original_filename;
$is_encrypted = 0;
$type = $file ["type"];
$tmp_name = $file ["tmp_name"];
if (trim($tmp_name) == "") {
// No file was selected for upload!
fp_add_message(t("No file was selected for upload. Please try again."), "error");
if ($bool_goto_history_when_done) {
fp_goto("history", "current_student_id=$student_id");
}
return;
}
// Figure out the extension of the original filename.
$temp = explode(".", $original_filename);
$r ["%ext"] = $temp [count($temp) - 1];
// Make sure that this extension is allowed.
$allowed_extensions = csv_to_array(strtolower(variable_get("student_files_allowed_extensions", "txt,pdf,doc,docx,xls,xlsx,ppt,pptx,rtf,odt,jpg,jpeg,png,gif,zip,7z")));
if (!in_array(strtolower($r ["%ext"]), $allowed_extensions)) {
// Meaning, this extension is not allowed!
fp_add_message(t("Sorry, the file's type/extension (%ext) is not allowed. Please rename or select another file, then try again.", array("%ext" => $original_filename)), "error");
if ($bool_goto_history_when_done) {
fp_goto("history", "current_student_id=$student_id");
}
return;
}
// If we will be encrypting this, then the ext is actually .txt.enc or .pdf.enc. So we know its encrypted.
if (module_enabled("encryption") && $encryption == "yes") {
$r ["%ext"] .= ".enc";
}
// Okay, create the replaced strings...
$sub_dir = $filename = "";
foreach ($r as $k => $v) {
$sub_dir_pattern = str_replace($k, $v, $sub_dir_pattern);
$filename_pattern = str_replace($k, $v, $filename_pattern);
}
$sub_dir = $sub_dir_pattern;
$filename = $filename_pattern;
// Okay, now let's make sure we can create the sub_dir if it doesn't already exist.
if (!file_exists($files_path . "/" . $sub_dir)) {
if (!mkdir($files_path . "/" . $sub_dir, 0777, TRUE)) {
fp_add_message(t("Could not upload file because destination directory, %dir, could not be created or its parent
directory is not writable.", array("%dir" => $files_path . "/" . $sub_dir)), "error");
return;
}
}
// If the filename is too long, shorten it. Linux won't allow more than 255 bytes (usually corresponds to chars, depending on file system),
// Windows its 260 chars. Let's be safe and stop at 100 chars + ext.
if (strlen($filename) > 100) {
$filename = substr($filename, 0, 100) . "." . $r ["%ext"];
}
// Make sure the filename doesn't already exist. If it does, we add a little more randomness to the end of the file.
if (file_exists($files_path . "/" . $sub_dir . "/" . $filename)) {
while (true) {
$test_filename = $filename . "." . fp_get_random_string(5) . "." . $r ["%ext"];
if (!file_exists($files_path . "/" . $sub_dir . "/" . $test_filename)) {
$filename = $test_filename;
break;
}
}
}
// Okay, if we are here we can proceed with the copy.
// if encryption is enabled, we must use the encryption module to do this instead of a simple copy.
if (module_enabled("encryption") && $encryption === "yes" && encryption_get_key()) {
// Yep, we should encrypt this file.
// We need to do that by loading the file into memory, then getting the encrypted version, then writing it
// out to the destination.
$file_contents = file_get_contents($tmp_name);
$enc_file_contents = encryption_encrypt($file_contents);
if (!file_put_contents($files_path . "/" . $sub_dir . "/" . $filename, $enc_file_contents)) {
fp_add_message(t("Could not upload file. Possibly because of permission issues on the destination directory,
the disk is full, or some other reason."), "error");
return;
}
$is_encrypted = 1;
}
else {
// No encryption-- just copy it the traditional way.
if (!copy($tmp_name, $files_path . "/" . $sub_dir . "/" . $filename)) {
fp_add_message(t("Could not upload file. Possibly because of permission issues on the destination directory,
the disk is full, or some other reason."), "error");
return;
}
}
// Okay, write to our database table our values.
db_query("INSERT INTO student_files(student_id, original_filename, filepath, filename, filetype, uploaded_by_uid, uploaded_by_cwid, is_encrypted, posted, access_type)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $student_id, $original_filename, $files_path . '/' . $sub_dir, $filename, $type,
$user->id, $user->cwid, $is_encrypted, time(), $access_type);
// Go back to history tab.
fp_add_message(t("File %ofile was uploaded successfully for student %cwid.", array("%ofile" => $original_filename, "%cwid" => $student_id)));
if ($bool_goto_history_when_done) {
fp_goto("history", "current_student_id=$student_id");
}
}