projects / atutor.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
tagging as ATutor 1.5.4-release
[atutor.git] / blogs / add_post.php
1 <?php\r
2 /****************************************************************/\r
3 /* ATutor                                                                                                               */\r
4 /****************************************************************/\r
5 /* Copyright (c) 2002-2006 by Greg Gay & Joel Kronenberg        */\r
6 /* Adaptive Technology Resource Centre / University of Toronto  */\r
7 /* http://atutor.ca                                                                                             */\r
8 /*                                                              */\r
9 /* This program is free software. You can redistribute it and/or*/\r
10 /* modify it under the terms of the GNU General Public License  */\r
11 /* as published by the Free Software Foundation.                                */\r
12 /****************************************************************/\r
13 // $Id$\r
14 define('AT_INCLUDE_PATH', '../include/');\r
15 require (AT_INCLUDE_PATH.'vitals.inc.php');\r
16 \r
17 // authenticate ot+oid ....\r
18 $owner_type = abs($_REQUEST['ot']);\r
19 $owner_id = abs($_REQUEST['oid']);\r
20 if (!($owner_status = blogs_authenticate($owner_type, $owner_id)) || !query_bit($owner_status, BLOGS_AUTH_WRITE)) {\r
21         $msg->addError('ACCESS_DENIED');\r
22         header('Location: index.php');\r
23         exit;\r
24 }\r
25 \r
26 \r
27 if (isset($_POST['cancel'])) {\r
28         $msg->addFeedback('CANCELLED');\r
29         header('Location: view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_POST['oid']);\r
30         exit;\r
31 } else if (isset($_POST['submit'])) {\r
32         $_POST['title'] = $addslashes(trim($_POST['title']));\r
33         $_POST['body']  = $addslashes(trim($_POST['body']));\r
34 \r
35         if ($_POST['body'] == '') {\r
36                 $msg->addError(array('EMPTY_FIELDS', _AT('body')));\r
37         }\r
38 \r
39         if (!$msg->containsErrors()) {\r
40                 $_POST['title'] = htmlspecialchars($_POST['title']);\r
41                 $_POST['body']  = htmlspecialchars($_POST['body']);\r
42                 $_POST['private'] = abs($_POST['private']);\r
43                 $sql = "INSERT INTO ".TABLE_PREFIX."blog_posts VALUES (NULL, $_SESSION[member_id], ".BLOGS_GROUP.", $_POST[oid], $_POST[private], NOW(), 0, '$_POST[title]', '$_POST[body]')";\r
44                 mysql_query($sql, $db);\r
45 \r
46                 $msg->addFeedback('POST_ADDED_SUCCESSFULLY');\r
47 \r
48                 header('Location: view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_POST['oid']);\r
49                 exit;\r
50         }\r
51 }\r
52 \r
53 // this will also be dynamic as the parent page changes\r
54 $_pages['blogs/add_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['title_var'] = 'add';\r
55 $_pages['blogs/add_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['parent'] = 'blogs/view.php';\r
56 \r
57 $_pages['blogs/add_post.php']['title_var'] = 'add';\r
58 $_pages['blogs/add_post.php']['parent']    = 'blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'];\r
59 \r
60 $_pages['blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['title'] = blogs_get_blog_name(BLOGS_GROUP, $_REQUEST['oid']);\r
61 $_pages['blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['parent']    = 'blogs/index.php';\r
62 $_pages['blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['children']  = array('blogs/add_post.php');\r
63 \r
64 \r
65 $onload = 'document.form.title.focus();';\r
66 require (AT_INCLUDE_PATH.'header.inc.php');\r
67 ?>\r
68 \r
69 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form">\r
70 <input type="hidden" name="ot" value="<?php echo BLOGS_GROUP; ?>" />\r
71 <input type="hidden" name="oid" value="<?php echo abs($_REQUEST['oid']); ?>" />\r
72 <div class="input-form">\r
73         <div class="row">\r
74                 <label for="title"><?php echo _AT('title'); ?></label><br />\r
75                 <input type="text" name="title" id="title" value="<?php echo htmlspecialchars(stripslashes($_POST['title'])); ?>" size="50" />\r
76         </div>\r
77         <div class="row">\r
78                 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="body"><?php echo _AT('body'); ?></label><br />\r
79                 <textarea name="body" id="body" cols="40" rows="10"></textarea>\r
80         </div>\r
81 \r
82         <div class="row">       \r
83                 <a href="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES); ?>#jumpcodes" title="<?php echo _AT('jump_codes'); ?>"><img src="images/clr.gif" height="1" width="1" alt="<?php echo _AT('jump_codes'); ?>" border="0" /></a><?php require(AT_INCLUDE_PATH.'html/code_picker.inc.php'); ?>\r
84 \r
85                 <a name="jumpcodes"></a>\r
86         </div>\r
87 \r
88         <div class="row">\r
89                 <input type="checkbox" name="private" value="1" id="private" /><label for="private"><?php echo _AT('private'); ?></label>\r
90         </div>\r
91 \r
92         <div class="row buttons">\r
93                 <input type="submit" name="submit" value="<?php echo _AT('post'); ?>" accesskey="s" /> <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" /> \r
94         </div>\r
95 </div>\r
96 </form>\r
97 \r
98 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>
Course Management Learning Management Tools