admin/uploadpicture.php

   1 <?php // $Id$
   2
   3 ///////////////////////////////////////////////////////////////////////////
   4 //                                                                       //
   5 // Copyright (C) 2007 Inaki Arenaza                                      //
   6 //                                                                       //
   7 // Based on .../admin/uploaduser.php and .../lib/gdlib.php               //
   8 //                                                                       //
   9 // This program is free software; you can redistribute it and/or modify  //
  10 // it under the terms of the GNU General Public License as published by  //
  11 // the Free Software Foundation; either version 2 of the License, or     //
  12 // (at your option) any later version.                                   //
  13 //                                                                       //
  14 // This program is distributed in the hope that it will be useful,       //
  15 // but WITHOUT ANY WARRANTY; without even the implied warranty of        //
  16 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         //
  17 // GNU General Public License for more details:                          //
  18 //                                                                       //
  19 //          http://www.gnu.org/copyleft/gpl.html                         //
  20 //                                                                       //
  21 ///////////////////////////////////////////////////////////////////////////
  22
  23 require_once('../config.php');
  24 require_once($CFG->libdir.'/uploadlib.php');
  25 require_once($CFG->libdir.'/adminlib.php');
  26 require_once($CFG->libdir.'/gdlib.php');
  27 require_once('uploadpicture_form.php');
  28
  29 $adminroot = admin_get_root();
  30
  31 admin_externalpage_setup('uploadpictures', $adminroot);
  32
  33 require_login();
  34
  35 require_capability('moodle/site:uploadusers', get_context_instance(CONTEXT_SYSTEM, SITEID));
  36
  37 if (!$site = get_site()) {
  38     error("Could not find site-level course");
  39 }
  40
  41 if (!$adminuser = get_admin()) {
  42     error("Could not find site admin");
  43 }
  44
  45 $strfile = get_string('file');
  46 $struser = get_string('user');
  47 $strusersupdated = get_string('usersupdated');
  48 $struploadpictures = get_string('uploadpictures','admin');
  49 $usersupdated = 0;
  50 $userserrors = 0;
  51
  52 $userfields = array (
  53     0 => 'username',
  54     1 => 'idnumber',
  55     2 => 'id' );
  56
  57 $userfield = optional_param('userfield', 0, PARAM_INT);
  58 $overwritepicture = optional_param('overwritepicture', 0, PARAM_BOOL);
  59
  60 /// Print the header
  61 admin_externalpage_print_header();
  62 print_heading_with_help($struploadpictures, 'uploadpictures');
  63
  64 $mform = new admin_uploadpicture_form();
  65 if ($formdata = $mform->get_data()) {
  66     if (!array_key_exists($userfield, $userfields)) {
  67         notify(get_string('uploadpicture_baduserfield','admin'));
  68     } else {
  69         // Large files are likely to take their time and memory. Let PHP know
  70         // that we'll take longer, and that the process should be recycled soon
  71         // to free up memory.
  72         @set_time_limit(0);
  73         @raise_memory_limit("192M");
  74         if (function_exists('apache_child_terminate')) {
  75             @apache_child_terminate();
  76         }
  77
  78         // Create a unique temporary directory, to process the zip file
  79         // contents.
  80         $zipdir = my_mktempdir($CFG->dataroot.'/temp/', 'usrpic');
  81
  82         if (!$mform->save_files($zipdir)) {
  83             notify(get_string('uploadpicture_cannotmovezip','admin'));
  84             @remove_dir($zipdir);
  85         } else {
  86             $dstfile = $zipdir.'/'.$mform->get_new_filename();
  87             if(!unzip_file($dstfile, $zipdir, false)) {
  88                 notify(get_string('uploadpicture_cannotunzip','admin'));
  89                 @remove_dir($zipdir);
  90             } else {
  91                 // We don't need the zip file any longer, so delete it to make
  92                 // it easier to process the rest of the files inside the directory.
  93                 @unlink($dstfile);
  94                 if(! ($handle = opendir($zipdir))) {
  95                     notify(get_string('uploadpicture_cannotprocessdir','admin'));
  96                 } else {
  97                     while (false !== ($item = readdir($handle))) {
  98                         if($item != '.' && $item != '..' && is_file($zipdir.'/'.$item)) {
  99
 100                             // Add additional checks on the filenames, as they are user
 101                             // controlled and we don't want to open any security holes.
 102                             $path_parts = pathinfo(cleardoubleslashes($item));
 103                             $basename  = $path_parts['basename'];
 104                             $extension = $path_parts['extension'];
 105                             if ($basename != clean_param($basename, PARAM_CLEANFILE)) {
 106                                 // The original picture file name has invalid characters
 107                                 notify(get_string('uploadpicture_invalidfilename', 'admin',
 108                                                   clean_param($basename, PARAM_CLEANHTML)));
 109                                 continue;
 110                             }
 111
 112                             // The picture file name (without extension) must match the
 113                             // userfield attribute.
 114                             $uservalue = substr($basename, 0,
 115                                                 strlen($basename) -
 116                                                 strlen($extension) - 1);
 117                             // userfield names are safe, so don't quote them.
 118                             if (!($user = get_record('user', $userfields[$userfield],
 119                                                      addslashes($uservalue)))) {
 120                                 $userserrors++;
 121                                 $a = new Object();
 122                                 $a->userfield = clean_param($userfields[$userfield], PARAM_CLEANHTML);
 123                                 $a->uservalue = clean_param($uservalue, PARAM_CLEANHTML);
 124                                 notify(get_string('uploadpicture_usernotfound', 'admin', $a));
 125                                 continue;
 126                             }
 127                             $haspicture = get_field('user', 'picture', 'id', $user->id);
 128                             if ($haspicture && !$overwritepicture) {
 129                                 notify(get_string('uploadpicture_userskipped', 'admin', $user->username));
 130                                 continue;
 131                             }
 132                             if (my_save_profile_image($user->id, $zipdir.'/'.$item)) {
 133                                 set_field('user', 'picture', 1, 'id', $user->id);
 134                                 $usersupdated++;
 135                                 notify(get_string('uploadpicture_userupdated', 'admin', $user->username));
 136                             } else {
 137                                 $userserrors++;
 138                                 notify(get_string('uploadpicture_cannotsave', 'admin', $user->username));
 139                             }
 140                         }
 141                     }
 142                 }
 143                 closedir($handle);
 144
 145                 // Finally remove the temporary directory with all the user images and print some stats.
 146                 remove_dir($zipdir);
 147                 notify(get_string('usersupdated', 'admin') . ": $usersupdated");
 148                 notify(get_string('errors', 'admin') . ": $userserrors");
 149                 echo '<hr />';
 150             }
 151         }
 152     }
 153 }
 154 $mform->display();
 155 admin_externalpage_print_footer();
 156 exit;
 157
 158 // ----------- Internal functions ----------------
 159
 160 function my_mktempdir($dir, $prefix='', $mode=0700) {
 161     if (substr($dir, -1) != '/') {
 162         $dir .= '/';
 163     }
 164
 165     do {
 166         $path = $dir.$prefix.mt_rand(0, 9999999);
 167     } while (!mkdir($path, $mode));
 168
 169     return $path;
 170 }
 171
 172 function my_save_profile_image($id, $originalfile) {
 173     $destination = create_profile_image_destination($id, 'user');
 174     if ($destination === false) {
 175         return false;
 176     }
 177
 178     return process_profile_image($originalfile, $destination);
 179 }
 180
 181 ?>