PageRenderTime 47ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/mods/_standard/forums/edit_post.php

https://github.com/harriswong/ATutor
PHP | 155 lines | 107 code | 32 blank | 16 comment | 21 complexity | 0d88c629ca86213f69ecb0e4747f086e MD5 | raw file
    

  1. <?php
    2. 

  2. /****************************************************************************/
    3. 

  3. /* ATutor																	*/
    4. 

  4. /****************************************************************************/
    5. 

  5. /* Copyright (c) 2002-2010                                                  */
    6. 

  6. /* Inclusive Design Institute                                               */
    7. 

  7. /* http://atutor.ca															*/
    8. 

  8. /*																			*/
    9. 

  9. /* This program is free software. You can redistribute it and/or			*/
    10. 

  10. /* modify it under the terms of the GNU General Public License				*/
    11. 

  11. /* as published by the Free Software Foundation.							*/
    12. 

  12. /****************************************************************************/
    13. 

  13. // $Id$
    14. 

  14. 

  15. define('AT_INCLUDE_PATH', '../../../include/');
    16. 

  16. require (AT_INCLUDE_PATH.'vitals.inc.php');
    17. 

  17. 

  18. require(AT_INCLUDE_PATH.'../mods/_standard/forums/lib/forums.inc.php');
    19. 

  19. 

  20. $fid = intval($_REQUEST['fid']);
    21. 

  21. 

  22. if (isset($_GET['pid'])) {
    23. 

  23. 	$pid = intval($_GET['pid']);
    24. 

  24. } else {
    25. 

  25. 	$pid = intval($_POST['pid']);
    26. 

  26. }
    27. 

  27. if (!$pid || !$fid || !valid_forum_user($fid)) {
    28. 

  28. 	$msg->addError('ITEM_NOT_FOUND');
    29. 

  29. 	header('Location: ../../../forum/list.php');
    30. 

  30. 	exit;
    31. 

  31. }
    32. 

  32. 

  33. $sql = "SELECT *, UNIX_TIMESTAMP(date) AS udate FROM ".TABLE_PREFIX."forums_threads WHERE post_id=$pid";
    34. 

  34. $result = mysql_query($sql,$db);
    35. 

  35. if (!($post_row = mysql_fetch_assoc($result))) {
    36. 

  36. 	$msg->addError('ITEM_NOT_FOUND');
    37. 

  37. 	header('Location: '.url_rewrite('/mods/_standard/forums/forum/list.php', AT_PRETTY_URL_IS_HEADER));
    38. 

  38. 	exit;
    39. 

  39. }
    40. 

  40. 

  41. $forum_info = get_forum($fid, $_SESSION['course_id']);
    42. 

  42. 

  43. $expiry = $post_row['udate'] + $forum_info['mins_to_edit'] * 60;
    44. 

  44. 

  45. // check if we're either a) an assistant or, b) own this post and within the time allowed:
    46. 

  46. if (!(     authenticate(AT_PRIV_FORUMS, AT_PRIV_RETURN) 
    47. 

  47. 		|| ($post_row['member_id'] == $_SESSION['member_id'] && ($expiry > time() || isset($_POST['edit_post']) ) )
    48. 

  48. 	  ) 
    49. 

  49.    ) {
    50. 

  50. 	$msg->addError('POST_EDIT_EXPIRE');
    51. 

  51. 	header('Location: '.url_rewrite('mods/_standard/forums/forum/list.php', AT_PRETTY_URL_IS_HEADER));
    52. 

  52. 	exit;
    53. 

  53. }
    54. 

  54. 

  55. if ($_POST['cancel']) {
    56. 

  56. 	$msg->addFeedback('CANCELLED');
    57. 

  57. 	Header('Location: '.url_rewrite('mods/_standard/forums/forum/view.php?fid='.$_POST['fid'].SEP.'pid='.$_POST['pid'], AT_PRETTY_URL_IS_HEADER));
    58. 

  58. 	exit;
    59. 

  59. }
    60. 

  60. 

  61. if ($_POST['edit_post']) {
    62. 

  62. 	$missing_fields = array();
    63. 

  63. 

  64. //	$_POST['subject']	= str_replace('<', '&lt;', trim($_POST['subject']));
    65. 

  65. //	$_POST['body']		= str_replace('<', '&lt;', trim($_POST['body']));
    66. 

  66. 	$_POST['pid']		= intval($_POST['pid']);
    67. 

  67. 

  68. 	$_POST['subject']  = $addslashes($_POST['subject']);
    69. 

  69. 	//If subject > 60,then chop subject
    70. 

  70. 	$_POST['subject'] = validate_length($_POST['subject'], 60);
    71. 

  71. 

  72. 	$_POST['body']  = $addslashes($_POST['body']);
    73. 

  73. 

  74. 	if ($_POST['subject'] == '')  {
    75. 

  75. 		$missing_fields[] = _AT('subject');
    76. 

  76. 	}
    77. 

  77. 

  78. 	if ($_POST['body'] == '') {
    79. 

  79. 		$missing_fields[] = _AT('body');
    80. 

  80. 	}
    81. 

  81. 	if ($missing_fields) {
    82. 

  82. 		$missing_fields = implode(', ', $missing_fields);
    83. 

  83. 		$msg->addError(array('EMPTY_FIELDS', $missing_fields));
    84. 

  84. 	}
    85. 

  85. 	if (!$msg->containsErrors()) {
    86. 

  86. 		$sql = "UPDATE ".TABLE_PREFIX."forums_threads SET subject='$_POST[subject]', body='$_POST[body]', last_comment=last_comment, date=date WHERE post_id=$_POST[pid]";
    87. 

  87. 		$result = mysql_query($sql,$db);
    88. 

  88. 

  89. 		$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
    90. 

  90. 		if ($_POST['ppid'] == 0) {
    91. 

  91. 			$_POST['ppid'] = $_POST['pid'];
    92. 

  92. 		}
    93. 

  93. 		header('Location: '.url_rewrite('mods/_standard/forums/forum/view.php?fid='.$_POST['fid'].SEP.'pid='.$_POST['ppid'], AT_PRETTY_URL_IS_HEADER));
    94. 

  94. 		exit;
    95. 

  95. 	}
    96. 

  96. }
    97. 

  97. 

  98. $_pages['mods/_standard/forums/forum/index.php?fid='.$fid]['title']    = $forum_info['title'];
    99. 

  99. $_pages['mods/_standard/forums/forum/index.php?fid='.$fid]['parent']   = 'mods/_standard/forums/forum/list.php';
    100. 

  100. $_pages['mods/_standard/forums/forum/index.php?fid='.$fid]['children'] = array('mods/_standard/forums/forum/new_thread.php?fid='.$fid);
    101. 

  101. 

  102. $_pages['mods/_standard/forums/forum/new_thread.php?fid='.$fid]['title_var'] = 'new_thread';
    103. 

  103. $_pages['mods/_standard/forums/forum/new_thread.php?fid='.$fid]['parent']    = 'mods/_standard/forums/forum/index.php?fid='.$fid;
    104. 

  104. 

  105. $_pages['mods/_standard/forums/forum/view.php']['title']  = $post_row['subject'];
    106. 

  106. $_pages['mods/_standard/forums/forum/view.php']['parent'] = 'mods/_standard/forums/forum/index.php?fid='.$fid;
    107. 

  107. 

  108. $_pages['mods/_standard/forums/edit_post.php']['title_var'] = 'edit_post';
    109. 

  109. $_pages['mods/_standard/forums/edit_post.php']['parent']    = 'mods/_standard/forums/forum/index.php?fid='.$fid;
    110. 

  110. $_pages['mods/_standard/forums/edit_post.php']['children']  = array();
    111. 

  111. 

  112. 

  113. $onload = 'document.form.subject.focus();';
    114. 

  114. 

  115. require(AT_INCLUDE_PATH.'header.inc.php');
    116. 

  116. 

  117. ?>
    118. 

  118. 

  119. <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">
    120. 

  120. <input type="hidden" name="edit_post" value="true" />
    121. 

  121. <input type="hidden" name="pid" value="<?php echo $pid; ?>" />
    122. 

  122. <input type="hidden" name="ppid" value="<?php echo $post_row['parent_id']; ?>" />
    123. 

  123. <input type="hidden" name="fid" value="<?php echo $post_row['forum_id']; ?>" />
    124. 

  124. 

  125. <div class="input-form">
    126. 

  126. 	<div class="row">
    127. 

  127. 		<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="subject"><?php echo _AT('subject'); ?></label><br />
    128. 

  128. 		<input type="text" maxlength="80" name="subject" size="36" value="<?php echo stripslashes(htmlspecialchars($post_row['subject'])); ?>" id="subject" />
    129. 

  129. 	</div>
    130. 

  130. 

  131. 	<div class="row">
    132. 

  132. 		<span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="body"><?php echo _AT('body'); ?></label><br />
    133. 

  133. 		<textarea cols="65" name="body" rows="10" id="body"><?php echo AT_print($post_row['body'], 'text.input'); ?></textarea>
    134. 

  134. 	</div>
    135. 

  135. 	
    136. 

  136. 	<div class="row">
    137. 

  137. 		<small class="spacer"><br />&middot; <?php echo _AT('forum_links'); ?><br />
    138. 

  138. 		&middot; <?php echo _AT('forum_email_links'); ?><br />
    139. 

  139. 		&middot; <?php echo _AT('forum_html_disabled'); ?></small>
    140. 

  140. 	</div>
    141. 

  141. 

  142.     <div class="row">	
    143. 

  143. 		<a href="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES); ?>#jumpcodes" title="<?php echo _AT('jump_codes'); ?>"><img src="images/clr.gif" height="1" width="1" alt="<?php echo _AT('jump_codes'); ?>" border="0" /></a><?php require(AT_INCLUDE_PATH.'html/code_picker.inc.php'); ?>
    144. 

  144. 

  145. 		<a name="jumpcodes"></a>
    146. 

  146.     </div>
    147. 

  147. 

  148. 	<div class="row buttons">
    149. 

  149. 		<input name="submit" type="submit" value="  <?php echo _AT('save'); ?>" accesskey="s" />
    150. 

  150. 		<input type="submit" name="cancel" value=" <?php echo _AT('cancel'); ?> " />
    151. 

  151. 	</div>
    152. 

  152. </div>
    153. 

  153. </form>
    154. 

  154. 

  155. <?php require (AT_INCLUDE_PATH.'footer.inc.php'); ?>
    156.