You are here

Home » API reference » Webform Protected Downloads 7 » webform_protected_downloads.page.inc

function webform_protected_downloads_download_page in Webform Protected Downloads 7

Same name and namespace in other branches
  1. 6 webform_protected_downloads.page.inc \webform_protected_downloads_download_page()

Displays the download page

It is important that the first thing to do is the session check and registration, because the function webform_protected_downloads_file_user_has_access($nid, $fid) uses information from the session to determine the access state of the current user.

Parameters

string $hash:

Return value

void

1 string reference to 'webform_protected_downloads_download_page'
webform_protected_downloads_menu in ./webform_protected_downloads.module
Implementation of hook_menu().

File

./webform_protected_downloads.page.inc, line 17

Code

function webform_protected_downloads_download_page($node, $hash = NULL) {
  global $conf;

  // don't cache access allowed or denied
  $conf['cache'] = 0;
  $admin_access = FALSE;
  $access = FALSE;
  if ($hash === NULL) {
    global $user;
    $admin_access = user_access('administer webform protected downloads');
    $nid = $node->nid;
  }
  else {

    // check if the hash is registered
    $nid = webform_protected_downloads_get_node_from_hash($hash);

    // check if access should be granted if a node is found for this hash
    $access = webform_protected_downloads_hash_is_valid($hash) || webform_protected_downloads_session_is_valid($hash);
  }
  drupal_set_title($node->title);
  $configuration = webform_protected_downloads_get_configuration($node->nid);

  // check if the hash is valid for this node and has not yet expired
  if ($nid && $node->nid == $nid && ($access || $admin_access)) {
    $hash_details = webform_protected_downloads_get_hash_details($hash);
    if (!$admin_access) {

      // create or write the access information into the session
      webform_protected_downloads_session_update($node, $hash);

      // update the timestamp of the "used" column so that we know when this
      // hash has been last used, this is important for one-time access
      db_update("wpd_access_hashes")
        ->fields(array(
        'used' => time(),
      ))
        ->condition('hash', $hash)
        ->execute();

      // get the submission, including all it's data
      module_load_include('inc', 'webform', 'includes/webform.submissions');
      $submission = webform_get_submission($node->nid, $hash_details->sid);
    }

    // set all protected files listed
    $files = array();
    foreach ($node->wpd['private_files'] as $key => $file) {
      if (webform_protected_downloads_file_user_has_access($node->nid, $key) || $admin_access) {
        $files[] = (array) $file;
      }
    }

    // render the text above the file listing
    $output = _webform_protected_downloads_token_replace($configuration->text_download_access, $node, $hash);
    if (!$admin_access) {

      // we need to sanitize the user entered data before we let webform do
      // the token replacement, because we can't set strict to true and so must
      // care for this on our own
      foreach ($submission->data as $cid => $data_value) {

        // webform 7.x-3.x
        if (isset($submission->data[$cid]['value'])) {
          foreach ($submission->data[$cid]['value'] as $key => $value) {
            $submission->data[$cid]['value'][$key] = _webform_filter_xss($value);
          }
        }
        else {

          // webform 7.x-4.x
          foreach ($submission->data[$cid] as $key => $value) {
            $submission->data[$cid][$key] = _webform_filter_xss($value);
          }
        }
      }

      // now replace the placeholders with the submitted user data
      // we need to set $allow_anonymous to TRUE, otherwise the replacement won't
      // work, this should be save, since the hash is already a security measure
      // strict is set to false so that filter_xss will not get called after the
      // value replacement
      $output = _webform_filter_values($output, $node, $submission, $email = NULL, $strict = FALSE, $allow_anonymous = TRUE);
    }

    // filter the output according to the nodes filter format, don't check if
    // the current user has access to this format
    $output = check_markup($output, $configuration->text_download_access_format, $node->language);

    // Prepare the files table
    $files_table = '<p>' . t('No files have been found.') . '</p>';
    if (count($files)) {
      $files_table = theme('file_formatter_table', array(
        'items' => $files,
      ));
    }
    return theme('webform_protected_downloads_download_page', array(
      'text' => $output,
      'files_table' => $files_table,
    ));
  }
  $output = _webform_protected_downloads_token_replace($configuration->text_download_noaccess, $node, $hash);
  $output = check_markup($output, $configuration->text_download_noaccess_format, $node->language);
  return theme('webform_protected_downloads_download_page', array(
    'text' => $output,
  ));
}