From 36f857428e81ef6c2accf28b1e162aaa61f9eb5d Mon Sep 17 00:00:00 2001 From: Paolo Date: Tue, 16 Sep 2025 17:12:59 +0200 Subject: [PATCH] - Fixed typos - application/controllers/Cis/Pub.php bild method refactored - Replaced AkteModel with AkteLib where possible - application/core/FHC_Controller->outputFile added new features + improvements - Added new public methods outputImageByContent and outputImageByFile to application/core/FHC_Controller - Added new private method _outputImage to application/core/FHC_Controller - AkteLib fixes --- application/controllers/Cis/ProfilUpdate.php | 6 +- application/controllers/Cis/Pub.php | 130 +++++++----------- .../frontend/v1/studstatus/Unterbrechung.php | 2 +- .../controllers/api/frontend/v1/stv/Akte.php | 29 ++-- .../lehre/anrechnung/RequestAnrechnung.php | 2 +- application/core/FHC_Controller.php | 119 +++++++++++++--- application/libraries/AkteLib.php | 46 +++---- 7 files changed, 181 insertions(+), 153 deletions(-) diff --git a/application/controllers/Cis/ProfilUpdate.php b/application/controllers/Cis/ProfilUpdate.php index 6b4b09d33..af5a6b35c 100644 --- a/application/controllers/Cis/ProfilUpdate.php +++ b/application/controllers/Cis/ProfilUpdate.php @@ -217,7 +217,6 @@ class ProfilUpdate extends Auth_Controller public function show($dms_id) { - $profil_update = $this->ProfilUpdateModel->loadWhere(['attachment_id' => $dms_id]); $profil_update = hasData($profil_update) ? getData($profil_update)[0] : null; @@ -239,13 +238,10 @@ class ProfilUpdate extends Auth_Controller // Download file $this->outputFile(getData($download)); - - } else { show_error($this->p->t('profilUpdate', 'profilUpdate_permission_error')); return; } - } else { show_error($this->p->t('profilUpdate', 'profilUpdate_dms_error')); return; @@ -299,7 +295,7 @@ class ProfilUpdate extends Auth_Controller getData($uploadDataResult)['file_name'], getData($uploadDataResult)['file_type'], fopen(getData($uploadDataResult)['full_path'], 'r'), - 'profil_aenderung' + 'profil_aenderung', null, // dokument_kurzbz null, // beschreibung false, // cis_suche diff --git a/application/controllers/Cis/Pub.php b/application/controllers/Cis/Pub.php index bebc844ab..7718e7aba 100644 --- a/application/controllers/Cis/Pub.php +++ b/application/controllers/Cis/Pub.php @@ -29,10 +29,14 @@ class Pub extends Auth_Controller */ public function bild($source, $id) { - $this->load->model('person/Person_model', 'PersonModel'); - - $person_id_user = ''; + $person_id_user = getAuthPersonId(); $serverzugriff = false; + // Default Bild (Dummy Profilbild) + $outputFileName = FHCPATH . 'skin/images/profilbild_dummy.jpg'; + $outputFileContent = ''; + $mimetype = 'application/jpeg'; + + $this->load->model('person/Person_model', 'PersonModel'); // Wenn das Bild direkt aufgerufen wird, ist eine Authentifizierung erforderlich // Wenn es vom Server selbst aufgerufen wird, ist keine Auth. notwendig @@ -45,31 +49,27 @@ class Pub extends Auth_Controller 'zugangscode' => $_SESSION['incoming/user'] ]); if (hasData($result)) - $person_id_user = current(getData($result))->person_id; + $person_id_user = getData($result)[0]->person_id; } elseif (isset($_SESSION['prestudent/user'])) { // Von Prestudententool $result = $this->PersonModel->loadWhere([ 'zugangscode' => $_SESSION['prestudent/user'] ]); if (hasData($result)) - $person_id_user = current(getData($result))->person_id; + $person_id_user = getData($result)[0]->person_id; } elseif (isset($_SESSION['bewerbung/personId'])) { // Von Bewerbungstool $person_id_user = $_SESSION['bewerbung/personId']; - } else { - $person_id_user = getAuthPersonId(); } } else { $serverzugriff = true; } - // Default Bild (Dummy Profilbild) - $cTmpHEX = base64_encode(file_get_contents(FHCPATH . 'skin/images/profilbild_dummy.jpg')); - - if ($source == 'person' && $id) { + // If the picture is from the person table + if ($source == 'person' && is_numeric($id)) { $foto_gesperrt = false; // Person laden und Fotosperre überprüfen $result = $this->PersonModel->load($id); if (hasData($result)) { - $person = current(getData($result)); + $person = getData($result)[0]; if ($person->foto_sperre) { // Wenn der User selbst darauf zugreift darf er das Bild sehen $foto_gesperrt = ($person_id_user != $id); @@ -77,91 +77,57 @@ class Pub extends Auth_Controller $foto_gesperrt = true; } - if ($person->foto && !$foto_gesperrt) { - $cTmpHEX = base64_decode($person->foto); + if (!isEmptyString($person->foto) && !$foto_gesperrt) { + $outputFileContent = base64_decode($person->foto); } } } - if($source == 'akte' && $id != '') + + // If the picture is from the akte/dms + if($source == 'akte' && is_numeric($id)) { - $this->load->model('crm/Akte_model', 'AkteModel'); + $mimetype = ''; + $this->load->library('AkteLib'); - $this->AkteModel->addJoin('public.tbl_person', 'person_id'); - $result = $this->AkteModel->loadWhere([ - 'person_id' => $id, - 'dokument_kurzbz' => 'Lichtbil' - ]); + $akteResult = $this->aktelib->getByAkteId($id, 'Lichtbil'); - if (hasData($result)) { + if (hasData($akteResult)) { $foto_gesperrt = false; + $akte = getData($akteResult)[0]; - $akte = current(getData($result)); - if ($akte->foto_sperre) { - // Wenn der User selbst darauf zugreift darf er das Bild sehen - $foto_gesperrt = ($person_id_user != $id); - } elseif (!$person_id_user && !$serverzugriff) { - $foto_gesperrt = true; - } - - // Wenn das Foto nicht im Inhalt steht wird aus aus dem DMS geladen - if (!$akte->inhalt && $akte->dms_id) { - $this->load->model('content/Dms_model', 'DmsModel'); - $this->load->model('content/DmsVersion_model', 'DmsVersionModel'); - - $this->DmsModel->addJoin('campus.tbl_dms_version', 'dms_id'); - $this->DmsModel->addOrder('version', 'DESC'); - $this->DmsModel->addLimit(1); - $result = $this->DmsModel->load($akte->dms_id); - - if (!hasData($result)) - die('Kein Dokument vorhanden'); - - $dms = current(getData($result)); - - $filename = DMS_PATH . $dms->filename; - - $this->DmsVersionModel->update([ - 'dms_id' => $dms->dms_id, - 'version' => $dms->version - ], [ - 'letzterzugriff' => date('c') - ]); - - if (file_exists($filename)) { - $handle = fopen($filename, "r"); - if ($handle) { - while (!feof($handle)) { - $akte->inhalt .= fread($handle, 8192); - } - fclose($handle); - } else { - echo 'Fehler: Datei konnte nicht geoeffnet werden'; - } - } else { - echo 'Die Datei existiert nicht'; + $personResult = $this->PersonModel->load($akte->person_id); + if (hasData($personResult)) { + $person = getData($personResult)[0]; + if ($person->foto_sperre) { + $foto_gesperrt = ($person_id_user != $id); + } elseif (!$person_id_user && !$serverzugriff) { + $foto_gesperrt = true; } } - if ($akte->inhalt && !$foto_gesperrt) { - $cTmpHEX = $akte->inhalt; + // Wenn das Foto nicht im Inhalt steht wird aus aus dem DMS geladen + if (!isEmptyString($akte->inhalt)) { + $outputFileContent = base64_decode($akte->inhalt); + $mimetype = $akte->mimetype; } } } - // die bilder werden, sofern es funktioniert, in jpg umgewandelt da es sonst zu fehlern beim erstellen - // von pdfs kommen kann. - - $im = @imagecreatefromstring(base64_decode($cTmpHEX)); - if ($im) { - @ob_clean(); - header("Content-type: image/jpeg"); - exit(imagejpeg($im)); - } else { - // bei manchen Bildern funktioniert die konvertierung nicht - // diese werden dann einfach so angezeigt. - @ob_clean(); - header("Content-type: image/gif"); - exit($cTmpHEX); + // If file content is provided + if (!isEmptyString($outputFileContent)) + { + // If a mimetype is still not found + if (isEmptyString($mimetype)) + { + $fo = finfo_open(); + $mimetype = finfo_buffer($fo, $outputFileContent, FILEINFO_MIME_TYPE); + } + $this->outputImageByContent($mimetype, $outputFileContent); + } + else // otherwise use the file + { + $this->outputImageByFile($mimetype, $outputFileName); } } } + diff --git a/application/controllers/api/frontend/v1/studstatus/Unterbrechung.php b/application/controllers/api/frontend/v1/studstatus/Unterbrechung.php index 0892321d4..4ba16f1d9 100644 --- a/application/controllers/api/frontend/v1/studstatus/Unterbrechung.php +++ b/application/controllers/api/frontend/v1/studstatus/Unterbrechung.php @@ -168,7 +168,7 @@ class Unterbrechung extends FHCAPI_Controller getData($uploadDataResult)['file_name'], getData($uploadDataResult)['file_type'], fopen(getData($uploadDataResult)['full_path'], 'r'), - 'studierendenantrag' + 'studierendenantrag', null, // dokument_kurzbz null, // beschreibung false, // cis_suche diff --git a/application/controllers/api/frontend/v1/stv/Akte.php b/application/controllers/api/frontend/v1/stv/Akte.php index 1d38c96d4..d14fb3c63 100644 --- a/application/controllers/api/frontend/v1/stv/Akte.php +++ b/application/controllers/api/frontend/v1/stv/Akte.php @@ -32,8 +32,8 @@ class Akte extends Auth_Controller 'download' => ['admin:w', 'assistenz:w'], ]); - // Load models - $this->load->model('crm/Akte_model', 'AkteModel'); + // Load libraries + $this->load->library('AkteLib'); } //------------------------------------------------------------------------------------------------------------------ @@ -49,22 +49,23 @@ class Akte extends Auth_Controller if (!is_numeric($akte_id)) $this->terminateWithError('akte Id missing'); - $result = $this->AkteModel->load($akte_id); + $akteResult = $this->aktelib->getByAkteId($akte_id); - if (!hasData($result)) $this->terminateWithError('Akte not found'); + if (!hasData($akteResult)) $this->terminateWithError('Akte not found'); - $data = getData($result)[0]; + $data = getData($akteResult)[0]; - if (isset($data->inhalt) && $data->inhalt != '') + if (!isEmptyString($data->inhalt)) { - header('Content-Description: File Transfer'); - header('Content-Type: '. $data->mimetype); - header('Expires: 0'); - header('Cache-Control: must-revalidate'); - header('Pragma: public'); - header('Content-Disposition: attachment; filename="'.$data->titel.'"'); - echo base64_decode($data->inhalt); - die(); + $fileObj = new stdClass(); + $fileObj->filename = $data->filename; + $fileObj->file_content = base64_decode($data->inhalt); + $fileObj->name = $data->titel; + $fileObj->mimetype = $data->mimetype; + $fileObj->disposition = 'attachment'; + + $this->outputFile($fileObj); } } } + diff --git a/application/controllers/lehre/anrechnung/RequestAnrechnung.php b/application/controllers/lehre/anrechnung/RequestAnrechnung.php index cff6051e7..094af2b98 100644 --- a/application/controllers/lehre/anrechnung/RequestAnrechnung.php +++ b/application/controllers/lehre/anrechnung/RequestAnrechnung.php @@ -377,7 +377,7 @@ class requestAnrechnung extends Auth_Controller getData($uploadDataResult)['file_name'], getData($uploadDataResult)['file_type'], fopen(getData($uploadDataResult)['full_path'], 'r'), - 'anrechnung' + 'anrechnung', null, // dokument_kurzbz null, // beschreibung false, // cis_suche diff --git a/application/core/FHC_Controller.php b/application/core/FHC_Controller.php index 9bd12b1dd..dc8647272 100644 --- a/application/core/FHC_Controller.php +++ b/application/core/FHC_Controller.php @@ -136,38 +136,78 @@ abstract class FHC_Controller extends CI_Controller /** * To download the given file represented by the fileObj parameter. * fileObj has the following structure: - * $fileObj->filename - * $fileObj->file + * $fileObj->file_name + * $fileObj->file OR $fileObj->file_content * $fileObj->name * $fileObj->mimetype - * $fileObj->disposition + * $fileObj->disposition (inline OR attachment) */ protected function outputFile($fileObj) { // If the file exists - if (isset($fileObj->file) && !isEmptyString($fileObj->file) && file_exists($fileObj->file)) + if ((isset($fileObj->file) && !isEmptyString($fileObj->file) && file_exists($fileObj->file)) + || (isset($fileObj->file_content) && !isEmptyString($fileObj->file_content))) { - header('Cache-Control: must-revalidate'); - header('Content-Description: File Transfer'); - header('Content-Type: '. $fileObj->mimetype); - header('Expires: 0'); - header('Pragma: public'); - header('Content-Length: ' . filesize($fileObj->file)); - header('Content-Transfer-Encoding: binary'); + $content_length = 0; - if (isset($fileObj->disposition) - && ($fileObj->disposition == 'inline' || $fileObj->disposition == 'attachment')) + // If file content has been provided + if (isset($fileObj->file_content) && !isEmptyString($fileObj->file_content)) { - header('Content-Disposition: '. $fileObj->disposition. '; filename="'. $fileObj->name. '"'); + $content_length = strlen($fileObj->file_content); + } + else // otherwise the path + name of the file + { + $content_length = filesize($fileObj->file); } - readfile($fileObj->file); // reads the file content to the output buffer - } - else - { - // Otherwise print an error - show_error('The provided file does not exist: '.(isset($fileObj->file) ? $fileObj->file : 'file not given')); + header('Content-Description: File Transfer'); + header('Content-Type: '. $fileObj->mimetype); + header('Content-Length: ' . $content_length); + header('Content-Transfer-Encoding: binary'); + header('Content-Disposition: '. $fileObj->disposition. '; file_name="'. $fileObj->name. '"'); + header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); + header('Expires: ' . date("D, d M Y H:i:s", time())); + header('Pragma: public'); + + // Clean the output buffer + flush(); + + // If file content has been provided + if (isset($fileObj->file_content) && !isEmptyString($fileObj->file_content)) + { + echo $fileObj->file_content; + } + else // otherwise get the content from file system + { + readfile($fileObj->file); + } + + // Terminate the execution + exit(); } + + // Otherwise return an error + show_error('The provided file does not exist or file content is empty'); + } + + /** + * + */ + protected function outputImageByContent($mimetype, $file_content) + { + if (isEmptyString($file_content)) show_error('The provided file content is not valid'); + + $this->_outputImage($mimetype, $file_content); + } + + /** + * + */ + protected function outputImageByFile($mimetype, $file_name) + { + if (!file_exists($file_name)) show_error('The provided file does not exist'); + + $this->_outputImage($mimetype, null, $file_name); } /** @@ -194,5 +234,44 @@ abstract class FHC_Controller extends CI_Controller show_error('This web site cannot work correctly without the HTTPS protocol enabled'); } } + + /** + * + */ + private function _outputImage($mimetype, $file_content = null, $file_name = null) + { + $content_length = 0; + + // If file content has been provided + if ($file_content != null) + { + $content_length = strlen($file_content); + } + else // otherwise the path + name of the file + { + $content_length = filesize($file_name); + } + + header('Content-Type: '. $mimetype); + header('Content-Length: ' . $content_length); + header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); + header('Expires: ' . date("D, d M Y H:i:s", time())); + + // Clean the output buffer + flush(); + + // If file content has been provided + if ($file_content != null) + { + echo $file_content; + } + else // otherwise get the content from file system + { + readfile($file_name); + } + + // Terminate the execution + exit(); + } } diff --git a/application/libraries/AkteLib.php b/application/libraries/AkteLib.php index 0ac039cdd..825edfde1 100644 --- a/application/libraries/AkteLib.php +++ b/application/libraries/AkteLib.php @@ -23,7 +23,6 @@ if (! defined('BASEPATH')) exit('No direct script access allowed'); class AkteLib { const AKTE_KATEGORIE_KURZBZ = 'Akte'; // kategorie_kurzbz of dms when inserting for akte - const FILE_CONTENT_PROPERTY = 'file_content'; private $_ci; // Code igniter instance private $_who; // who added this document @@ -131,28 +130,12 @@ class AkteLib * Gets akte data and associated dms data by akte Id * Returns success with akte and dms data or error */ - public function getByAkteId($akte_id, $archiv = null, $signiert = null, $stud_selfservice = null) + public function getByAkteId($akte_id, $dokument_kurzbz = null, $archiv = null, $signiert = null, $stud_selfservice = null) { return $this->_get( $akte_id, null, // person_id - null, // dokument_kurzbz - $archiv, - $signiert, - $stud_selfservice - ); - } - - /** - * Gets Akte data and associated dms data by person Id - * Returns success with result array with akte and dms data or error - */ - public function getByPersonId($person_id, $archiv = null, $signiert = null, $stud_selfservice = null) - { - return $this->_get( - null, // akte_id - $person_id, - null, // dokument_kurzbz + $dokument_kurzbz, $archiv, $signiert, $stud_selfservice @@ -163,7 +146,7 @@ class AkteLib * Gets Akte data and associated dms data by person Id and dokument_kurzbz * Returns success with result array with akte and dms data or error */ - public function getByPersonIdAndDocumentType($person_id, $dokument_kurzbz) + public function getByPersonId($person_id, $dokument_kurzbz = null, $archiv = null, $signiert = null, $stud_selfservice = null) { return $this->_get( null, // akte_id @@ -234,18 +217,18 @@ class AkteLib $paramArray = array(); // akte_id - if (is_int($akte_id) || is_array($akte_id)) + if (is_numeric($akte_id) || is_array($akte_id)) { $paramArray[] = $akte_id; - if (is_int($akte_id)) $query .= ' AND akte_id = ?'; + if (is_numeric($akte_id)) $query .= ' AND akte_id = ?'; if (is_array($akte_id)) $query .= ' AND akte_id IN ?'; } // person_id - if (is_int($person_id) || is_array($person_id)) + if (is_numeric($person_id) || is_array($person_id)) { $paramArray[] = $person_id; - if (is_int($person_id)) $query .= ' AND person_id = ?'; + if (is_numeric($person_id)) $query .= ' AND person_id = ?'; if (is_array($person_id)) $query .= ' AND person_id IN ?'; } @@ -277,6 +260,9 @@ class AkteLib $query .= ' AND stud_selfservice = ?'; } + // If no parameters has been provided exit + if (isEmptyArray($paramArray)) return error('Called without giving any parameter'); + // Loads data from DB $akteResult = $dbModel->execReadOnlyQuery($query, $paramArray); @@ -293,12 +279,12 @@ class AkteLib if (isError($dmsResult)) return $dmsResult; // properties to retrieve from dms - $dmsProperties = array('version', 'filename', 'mimetype', 'name', 'beschreibung', 'cis_suche', 'schlagworte', AkteLib::FILE_CONTENT_PROPERTY); + $dmsProperties = array('version', 'filename', 'mimetype', 'name', 'beschreibung', 'cis_suche', 'schlagworte'); // set dms properties if (hasData($dmsResult)) { - $dmsData = getData($dmsResult); + $dmsData = getData($dmsResult)[0]; foreach ($dmsProperties as $dmsProperty) { @@ -312,7 +298,7 @@ class AkteLib } else { - // set null if no dms result found + // Set null if no dms result found foreach ($dmsProperties as $dmsProperty) { if ($dmsProperty != 'mimetype') $resultObject->{$dmsProperty} = null; @@ -337,9 +323,9 @@ class AkteLib $paramArray = array(); - if (is_int($akte_id)) $paramArray['akte_id'] = $akte_id; - if (is_int($person_id)) $paramArray['person_id'] = $person_id; - if (is_int($dms_id)) $paramArray['dms_id'] = $dms_id; + if (is_numeric($akte_id)) $paramArray['akte_id'] = $akte_id; + if (is_numeric($person_id)) $paramArray['person_id'] = $person_id; + if (is_numeric($dms_id)) $paramArray['dms_id'] = $dms_id; $akteResult = $this->_ci->AkteModel->loadWhere($paramArray);