/mods/_standard/forums/edit_post.php
PHP | 155 lines | 107 code | 32 blank | 16 comment | 21 complexity | 0d88c629ca86213f69ecb0e4747f086e MD5 | raw file
- <?php
- /****************************************************************************/
- /* ATutor */
- /****************************************************************************/
- /* Copyright (c) 2002-2010 */
- /* Inclusive Design Institute */
- /* http://atutor.ca */
- /* */
- /* This program is free software. You can redistribute it and/or */
- /* modify it under the terms of the GNU General Public License */
- /* as published by the Free Software Foundation. */
- /****************************************************************************/
- // $Id$
- define('AT_INCLUDE_PATH', '../../../include/');
- require (AT_INCLUDE_PATH.'vitals.inc.php');
- require(AT_INCLUDE_PATH.'../mods/_standard/forums/lib/forums.inc.php');
- $fid = intval($_REQUEST['fid']);
- if (isset($_GET['pid'])) {
- $pid = intval($_GET['pid']);
- } else {
- $pid = intval($_POST['pid']);
- }
- if (!$pid || !$fid || !valid_forum_user($fid)) {
- $msg->addError('ITEM_NOT_FOUND');
- header('Location: ../../../forum/list.php');
- exit;
- }
- $sql = "SELECT *, UNIX_TIMESTAMP(date) AS udate FROM ".TABLE_PREFIX."forums_threads WHERE post_id=$pid";
- $result = mysql_query($sql,$db);
- if (!($post_row = mysql_fetch_assoc($result))) {
- $msg->addError('ITEM_NOT_FOUND');
- header('Location: '.url_rewrite('/mods/_standard/forums/forum/list.php', AT_PRETTY_URL_IS_HEADER));
- exit;
- }
- $forum_info = get_forum($fid, $_SESSION['course_id']);
- $expiry = $post_row['udate'] + $forum_info['mins_to_edit'] * 60;
- // check if we're either a) an assistant or, b) own this post and within the time allowed:
- if (!( authenticate(AT_PRIV_FORUMS, AT_PRIV_RETURN)
- || ($post_row['member_id'] == $_SESSION['member_id'] && ($expiry > time() || isset($_POST['edit_post']) ) )
- )
- ) {
- $msg->addError('POST_EDIT_EXPIRE');
- header('Location: '.url_rewrite('mods/_standard/forums/forum/list.php', AT_PRETTY_URL_IS_HEADER));
- exit;
- }
- if ($_POST['cancel']) {
- $msg->addFeedback('CANCELLED');
- Header('Location: '.url_rewrite('mods/_standard/forums/forum/view.php?fid='.$_POST['fid'].SEP.'pid='.$_POST['pid'], AT_PRETTY_URL_IS_HEADER));
- exit;
- }
- if ($_POST['edit_post']) {
- $missing_fields = array();
- // $_POST['subject'] = str_replace('<', '<', trim($_POST['subject']));
- // $_POST['body'] = str_replace('<', '<', trim($_POST['body']));
- $_POST['pid'] = intval($_POST['pid']);
- $_POST['subject'] = $addslashes($_POST['subject']);
- //If subject > 60,then chop subject
- $_POST['subject'] = validate_length($_POST['subject'], 60);
- $_POST['body'] = $addslashes($_POST['body']);
- if ($_POST['subject'] == '') {
- $missing_fields[] = _AT('subject');
- }
- if ($_POST['body'] == '') {
- $missing_fields[] = _AT('body');
- }
- if ($missing_fields) {
- $missing_fields = implode(', ', $missing_fields);
- $msg->addError(array('EMPTY_FIELDS', $missing_fields));
- }
- if (!$msg->containsErrors()) {
- $sql = "UPDATE ".TABLE_PREFIX."forums_threads SET subject='$_POST[subject]', body='$_POST[body]', last_comment=last_comment, date=date WHERE post_id=$_POST[pid]";
- $result = mysql_query($sql,$db);
- $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
- if ($_POST['ppid'] == 0) {
- $_POST['ppid'] = $_POST['pid'];
- }
- header('Location: '.url_rewrite('mods/_standard/forums/forum/view.php?fid='.$_POST['fid'].SEP.'pid='.$_POST['ppid'], AT_PRETTY_URL_IS_HEADER));
- exit;
- }
- }
- $_pages['mods/_standard/forums/forum/index.php?fid='.$fid]['title'] = $forum_info['title'];
- $_pages['mods/_standard/forums/forum/index.php?fid='.$fid]['parent'] = 'mods/_standard/forums/forum/list.php';
- $_pages['mods/_standard/forums/forum/index.php?fid='.$fid]['children'] = array('mods/_standard/forums/forum/new_thread.php?fid='.$fid);
- $_pages['mods/_standard/forums/forum/new_thread.php?fid='.$fid]['title_var'] = 'new_thread';
- $_pages['mods/_standard/forums/forum/new_thread.php?fid='.$fid]['parent'] = 'mods/_standard/forums/forum/index.php?fid='.$fid;
- $_pages['mods/_standard/forums/forum/view.php']['title'] = $post_row['subject'];
- $_pages['mods/_standard/forums/forum/view.php']['parent'] = 'mods/_standard/forums/forum/index.php?fid='.$fid;
- $_pages['mods/_standard/forums/edit_post.php']['title_var'] = 'edit_post';
- $_pages['mods/_standard/forums/edit_post.php']['parent'] = 'mods/_standard/forums/forum/index.php?fid='.$fid;
- $_pages['mods/_standard/forums/edit_post.php']['children'] = array();
- $onload = 'document.form.subject.focus();';
- require(AT_INCLUDE_PATH.'header.inc.php');
- ?>
- <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">
- <input type="hidden" name="edit_post" value="true" />
- <input type="hidden" name="pid" value="<?php echo $pid; ?>" />
- <input type="hidden" name="ppid" value="<?php echo $post_row['parent_id']; ?>" />
- <input type="hidden" name="fid" value="<?php echo $post_row['forum_id']; ?>" />
- <div class="input-form">
- <div class="row">
- <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="subject"><?php echo _AT('subject'); ?></label><br />
- <input type="text" maxlength="80" name="subject" size="36" value="<?php echo stripslashes(htmlspecialchars($post_row['subject'])); ?>" id="subject" />
- </div>
- <div class="row">
- <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="body"><?php echo _AT('body'); ?></label><br />
- <textarea cols="65" name="body" rows="10" id="body"><?php echo AT_print($post_row['body'], 'text.input'); ?></textarea>
- </div>
-
- <div class="row">
- <small class="spacer"><br />· <?php echo _AT('forum_links'); ?><br />
- · <?php echo _AT('forum_email_links'); ?><br />
- · <?php echo _AT('forum_html_disabled'); ?></small>
- </div>
- <div class="row">
- <a href="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES); ?>#jumpcodes" title="<?php echo _AT('jump_codes'); ?>"><img src="images/clr.gif" height="1" width="1" alt="<?php echo _AT('jump_codes'); ?>" border="0" /></a><?php require(AT_INCLUDE_PATH.'html/code_picker.inc.php'); ?>
- <a name="jumpcodes"></a>
- </div>
- <div class="row buttons">
- <input name="submit" type="submit" value=" <?php echo _AT('save'); ?>" accesskey="s" />
- <input type="submit" name="cancel" value=" <?php echo _AT('cancel'); ?> " />
- </div>
- </div>
- </form>
- <?php require (AT_INCLUDE_PATH.'footer.inc.php'); ?>