You are here

Home » API reference » Webform Protected Downloads 6 » webform_protected_downloads.page.inc

function webform_protected_downloads_download_page in Webform Protected Downloads 6

Same name and namespace in other branches
  1. 7 webform_protected_downloads.page.inc \webform_protected_downloads_download_page()

Displays the download page

It is important that the first thing to do is the session check and registration, because the function webform_protected_downloads_file_user_has_access($nid, $fid) uses information from the session to determine the access state of the current user.

Parameters

string $hash :

Return value

void

1 string reference to 'webform_protected_downloads_download_page'
webform_protected_downloads_menu in ./webform_protected_downloads.module
Implementation of hook_menu().

File

./webform_protected_downloads.page.inc, line 16

Code

function webform_protected_downloads_download_page($node, $hash = NULL) {
  global $conf;

  // don't cache access allowed or denied
  $conf['cache'] = CACHE_DISABLED;
  $admin_access = FALSE;
  $access = FALSE;
  if ($hash === NULL) {
    global $user;
    $admin_access = user_access('administer webform protected downloads');
    $nid = $node->nid;
  }
  else {

    // check if the hash is registered
    $nid = webform_protected_downloads_get_node_from_hash($hash);

    // check if access should be granted if a node is found for this hash
    $access = webform_protected_downloads_hash_is_valid($hash) || webform_protected_downloads_session_is_valid($hash);
  }

  // check if the hash is valid for this node and has not yet expired
  if ($nid && $node->nid == $nid && ($access || $admin_access)) {
    $hash_details = webform_protected_downloads_get_hash_details($hash);
    if (!$admin_access) {

      // create or write the access information into the session
      webform_protected_downloads_session_update($node, $hash);

      // update the timestamp of the "used" column so that we know when this
      // hash has been last used, this is important for one-time access
      db_query("UPDATE {wpd_access_hashes} SET used = %d WHERE hash = '%s'", time(), $hash);

      // get the submission, including all it's data
      module_load_include('inc', 'webform', 'includes/webform.submissions');
      $submission = webform_get_submission($node->nid, $hash_details->sid);
    }

    // set all protected files listed
    $count_files = 0;
    foreach ($node->files as $key => $file) {
      $node->files[$key]->list = $admin_access || webform_protected_downloads_file_user_has_access($node->nid, $key);
      $count_files = $node->files[$key]->list ? $count_files + 1 : $count_files;
    }

    // render the text above the file listing
    $output = webform_protected_downloads_get_configuration($node->nid, 'text_download_access', WEBFORM_PROTECTED_DOWNLOADS_DEFAULT_TEXT_DOWNLOAD_ACCESS);

    // token replacement of global placeholders
    if (module_exists('token')) {
      $output = _webform_protected_downloads_token_replace($output, $node, $hash);
    }
    if (!$admin_access) {

      // we need to sanitize the user entered data before we let webform do
      // the token replacement, because we can't set strict to true and so must
      // care for this on our own
      foreach ($submission->data as $data_key => $data_value) {
        foreach ($submission->data[$data_key]['value'] as $key => $value) {
          $submission->data[$data_key]['value'][$key] = _webform_filter_xss($value);
        }
      }

      // now replace the placeholders with the submitted user data
      // we need to set $allow_anonymous to TRUE, otherwise the replacement won't
      // work, this should be save, since the hash is already a security measure
      // strict is set to false so that filter_xss will not get called after the
      // value replacement
      $output = _webform_filter_values($output, $node, $submission, $email = NULL, $strict = FALSE, $allow_anonymous = TRUE);
    }

    // filter the output according to the nodes filter format, don't check if
    // the current user has access to this format
    $output = check_markup($output, $node->format, FALSE);
    if ($count_files) {

      // render the protected files the same as on a nodes page view
      // previously we called theme_private_upload_attachments here, but it is
      // better to go for node_build_content, because that way other modules
      // can alter the display, e.g. itweak_upload
      $node = node_build_content($node);
      $output .= $node->content['files']['#value'];
    }
    else {

      // no files found
      $output .= '<p>' . t('No files have been found.') . '</p>';
    }

    // set the page title to the title of the node
    drupal_set_title($node->title);
    return $output;
  }
  $output = webform_protected_downloads_get_configuration($node->nid, 'text_download_noaccess', WEBFORM_PROTECTED_DOWNLOADS_DEFAULT_TEXT_DOWNLOAD_NOACCESS);

  // token replacement of global placeholders
  if (module_exists('token')) {
    $output = token_replace_multiple($output, array(
      'global' => NULL,
    ), '[', ']');
  }

  // filter the output according to the nodes filter format, don't check if
  // the current user has access to this format
  $output = check_markup($output, $node->format, FALSE);
  return $output;
}