3 ///////////////////////////////////////////////////////////////////////////
5 // Copyright (C) 2007 Inaki Arenaza //
7 // Based on .../admin/uploaduser.php and .../lib/gdlib.php //
9 // This program is free software; you can redistribute it and/or modify //
10 // it under the terms of the GNU General Public License as published by //
11 // the Free Software Foundation; either version 2 of the License, or //
12 // (at your option) any later version. //
14 // This program is distributed in the hope that it will be useful, //
15 // but WITHOUT ANY WARRANTY; without even the implied warranty of //
16 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
17 // GNU General Public License for more details: //
19 // http://www.gnu.org/copyleft/gpl.html //
21 ///////////////////////////////////////////////////////////////////////////
23 require_once('../config.php');
24 require_once($CFG->libdir
.'/uploadlib.php');
25 require_once($CFG->libdir
.'/adminlib.php');
26 require_once($CFG->libdir
.'/gdlib.php');
27 require_once('uploadpicture_form.php');
29 $adminroot = admin_get_root();
31 admin_externalpage_setup('uploadpictures', $adminroot);
35 require_capability('moodle/site:uploadusers', get_context_instance(CONTEXT_SYSTEM
));
37 if (!$site = get_site()) {
38 error("Could not find site-level course");
41 if (!$adminuser = get_admin()) {
42 error("Could not find site admin");
45 $strfile = get_string('file');
46 $struser = get_string('user');
47 $strusersupdated = get_string('usersupdated');
48 $struploadpictures = get_string('uploadpictures','admin');
57 $userfield = optional_param('userfield', 0, PARAM_INT
);
58 $overwritepicture = optional_param('overwritepicture', 0, PARAM_BOOL
);
61 admin_externalpage_print_header();
62 print_heading_with_help($struploadpictures, 'uploadpictures');
64 $mform = new admin_uploadpicture_form();
65 if ($formdata = $mform->get_data()) {
66 if (!array_key_exists($userfield, $userfields)) {
67 notify(get_string('uploadpicture_baduserfield','admin'));
69 // Large files are likely to take their time and memory. Let PHP know
70 // that we'll take longer, and that the process should be recycled soon
73 @raise_memory_limit
("192M");
74 if (function_exists('apache_child_terminate')) {
75 @apache_child_terminate
();
78 // Create a unique temporary directory, to process the zip file
80 $zipdir = my_mktempdir($CFG->dataroot
.'/temp/', 'usrpic');
82 if (!$mform->save_files($zipdir)) {
83 notify(get_string('uploadpicture_cannotmovezip','admin'));
86 $dstfile = $zipdir.'/'.$mform->get_new_filename();
87 if(!unzip_file($dstfile, $zipdir, false)) {
88 notify(get_string('uploadpicture_cannotunzip','admin'));
91 // We don't need the zip file any longer, so delete it to make
92 // it easier to process the rest of the files inside the directory.
94 if(! ($handle = opendir($zipdir))) {
95 notify(get_string('uploadpicture_cannotprocessdir','admin'));
97 while (false !== ($item = readdir($handle))) {
98 if($item != '.' && $item != '..' && is_file($zipdir.'/'.$item)) {
100 // Add additional checks on the filenames, as they are user
101 // controlled and we don't want to open any security holes.
102 $path_parts = pathinfo(cleardoubleslashes($item));
103 $basename = $path_parts['basename'];
104 $extension = $path_parts['extension'];
105 if ($basename != clean_param($basename, PARAM_CLEANFILE
)) {
106 // The original picture file name has invalid characters
107 notify(get_string('uploadpicture_invalidfilename', 'admin',
108 clean_param($basename, PARAM_CLEANHTML
)));
112 // The picture file name (without extension) must match the
113 // userfield attribute.
114 $uservalue = substr($basename, 0,
116 strlen($extension) - 1);
117 // userfield names are safe, so don't quote them.
118 if (!($user = get_record('user', $userfields[$userfield],
119 addslashes($uservalue)))) {
122 $a->userfield
= clean_param($userfields[$userfield], PARAM_CLEANHTML
);
123 $a->uservalue
= clean_param($uservalue, PARAM_CLEANHTML
);
124 notify(get_string('uploadpicture_usernotfound', 'admin', $a));
127 $haspicture = get_field('user', 'picture', 'id', $user->id
);
128 if ($haspicture && !$overwritepicture) {
129 notify(get_string('uploadpicture_userskipped', 'admin', $user->username
));
132 if (my_save_profile_image($user->id
, $zipdir.'/'.$item)) {
133 set_field('user', 'picture', 1, 'id', $user->id
);
135 notify(get_string('uploadpicture_userupdated', 'admin', $user->username
));
138 notify(get_string('uploadpicture_cannotsave', 'admin', $user->username
));
145 // Finally remove the temporary directory with all the user images and print some stats.
147 notify(get_string('usersupdated', 'admin') . ": $usersupdated");
148 notify(get_string('errors', 'admin') . ": $userserrors");
155 admin_externalpage_print_footer();
158 // ----------- Internal functions ----------------
160 function my_mktempdir($dir, $prefix='', $mode=0700) {
161 if (substr($dir, -1) != '/') {
166 $path = $dir.$prefix.mt_rand(0, 9999999);
167 } while (!mkdir($path, $mode));
172 function my_save_profile_image($id, $originalfile) {
173 $destination = create_profile_image_destination($id, 'user');
174 if ($destination === false) {
178 return process_profile_image($originalfile, $destination);