function webform_protected_downloads_download_page in Webform Protected Downloads 7
Same name and namespace in other branches
- 6 webform_protected_downloads.page.inc \webform_protected_downloads_download_page()
Displays the download page
It is important that the first thing to do is the session check and registration, because the function webform_protected_downloads_file_user_has_access($nid, $fid) uses information from the session to determine the access state of the current user.
Parameters
string $hash:
Return value
void
1 string reference to 'webform_protected_downloads_download_page'
- webform_protected_downloads_menu in ./
webform_protected_downloads.module - Implementation of hook_menu().
File
- ./
webform_protected_downloads.page.inc, line 17
Code
function webform_protected_downloads_download_page($node, $hash = NULL) {
global $conf;
// don't cache access allowed or denied
$conf['cache'] = 0;
$admin_access = FALSE;
$access = FALSE;
if ($hash === NULL) {
global $user;
$admin_access = user_access('administer webform protected downloads');
$nid = $node->nid;
}
else {
// check if the hash is registered
$nid = webform_protected_downloads_get_node_from_hash($hash);
// check if access should be granted if a node is found for this hash
$access = webform_protected_downloads_hash_is_valid($hash) || webform_protected_downloads_session_is_valid($hash);
}
drupal_set_title($node->title);
$configuration = webform_protected_downloads_get_configuration($node->nid);
// check if the hash is valid for this node and has not yet expired
if ($nid && $node->nid == $nid && ($access || $admin_access)) {
$hash_details = webform_protected_downloads_get_hash_details($hash);
if (!$admin_access) {
// create or write the access information into the session
webform_protected_downloads_session_update($node, $hash);
// update the timestamp of the "used" column so that we know when this
// hash has been last used, this is important for one-time access
db_update("wpd_access_hashes")
->fields(array(
'used' => time(),
))
->condition('hash', $hash)
->execute();
// get the submission, including all it's data
module_load_include('inc', 'webform', 'includes/webform.submissions');
$submission = webform_get_submission($node->nid, $hash_details->sid);
}
// set all protected files listed
$files = array();
foreach ($node->wpd['private_files'] as $key => $file) {
if (webform_protected_downloads_file_user_has_access($node->nid, $key) || $admin_access) {
$files[] = (array) $file;
}
}
// render the text above the file listing
$output = _webform_protected_downloads_token_replace($configuration->text_download_access, $node, $hash);
if (!$admin_access) {
// we need to sanitize the user entered data before we let webform do
// the token replacement, because we can't set strict to true and so must
// care for this on our own
foreach ($submission->data as $cid => $data_value) {
// webform 7.x-3.x
if (isset($submission->data[$cid]['value'])) {
foreach ($submission->data[$cid]['value'] as $key => $value) {
$submission->data[$cid]['value'][$key] = _webform_filter_xss($value);
}
}
else {
// webform 7.x-4.x
foreach ($submission->data[$cid] as $key => $value) {
$submission->data[$cid][$key] = _webform_filter_xss($value);
}
}
}
// now replace the placeholders with the submitted user data
// we need to set $allow_anonymous to TRUE, otherwise the replacement won't
// work, this should be save, since the hash is already a security measure
// strict is set to false so that filter_xss will not get called after the
// value replacement
$output = _webform_filter_values($output, $node, $submission, $email = NULL, $strict = FALSE, $allow_anonymous = TRUE);
}
// filter the output according to the nodes filter format, don't check if
// the current user has access to this format
$output = check_markup($output, $configuration->text_download_access_format, $node->language);
// Prepare the files table
$files_table = '<p>' . t('No files have been found.') . '</p>';
if (count($files)) {
$files_table = theme('file_formatter_table', array(
'items' => $files,
));
}
return theme('webform_protected_downloads_download_page', array(
'text' => $output,
'files_table' => $files_table,
));
}
$output = _webform_protected_downloads_token_replace($configuration->text_download_noaccess, $node, $hash);
$output = check_markup($output, $configuration->text_download_noaccess_format, $node->language);
return theme('webform_protected_downloads_download_page', array(
'text' => $output,
));
}