2 /****************************************************************/
\r
4 /****************************************************************/
\r
5 /* Copyright (c) 2002-2006 by Greg Gay & Joel Kronenberg */
\r
6 /* Adaptive Technology Resource Centre / University of Toronto */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or*/
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************/
\r
14 define('AT_INCLUDE_PATH', '../include/');
\r
15 require (AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 // authenticate ot+oid ....
\r
18 $owner_type = abs($_REQUEST['ot']);
\r
19 $owner_id = abs($_REQUEST['oid']);
\r
20 if (!($owner_status = blogs_authenticate($owner_type, $owner_id)) || !query_bit($owner_status, BLOGS_AUTH_WRITE)) {
\r
21 $msg->addError('ACCESS_DENIED');
\r
22 header('Location: index.php');
\r
27 if (isset($_POST['cancel'])) {
\r
28 $msg->addFeedback('CANCELLED');
\r
29 header('Location: view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_POST['oid']);
\r
31 } else if (isset($_POST['submit'])) {
\r
32 $_POST['title'] = $addslashes(trim($_POST['title']));
\r
33 $_POST['body'] = $addslashes(trim($_POST['body']));
\r
35 if ($_POST['body'] == '') {
\r
36 $msg->addError(array('EMPTY_FIELDS', _AT('body')));
\r
39 if (!$msg->containsErrors()) {
\r
40 $_POST['title'] = htmlspecialchars($_POST['title']);
\r
41 $_POST['body'] = htmlspecialchars($_POST['body']);
\r
42 $_POST['private'] = abs($_POST['private']);
\r
43 $sql = "INSERT INTO ".TABLE_PREFIX."blog_posts VALUES (NULL, $_SESSION[member_id], ".BLOGS_GROUP.", $_POST[oid], $_POST[private], NOW(), 0, '$_POST[title]', '$_POST[body]')";
\r
44 mysql_query($sql, $db);
\r
46 $msg->addFeedback('POST_ADDED_SUCCESSFULLY');
\r
48 header('Location: view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_POST['oid']);
\r
53 // this will also be dynamic as the parent page changes
\r
54 $_pages['blogs/add_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['title_var'] = 'add';
\r
55 $_pages['blogs/add_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['parent'] = 'blogs/view.php';
\r
57 $_pages['blogs/add_post.php']['title_var'] = 'add';
\r
58 $_pages['blogs/add_post.php']['parent'] = 'blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'];
\r
60 $_pages['blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['title'] = blogs_get_blog_name(BLOGS_GROUP, $_REQUEST['oid']);
\r
61 $_pages['blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['parent'] = 'blogs/index.php';
\r
62 $_pages['blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['children'] = array('blogs/add_post.php');
\r
65 $onload = 'document.form.title.focus();';
\r
66 require (AT_INCLUDE_PATH.'header.inc.php');
\r
69 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form">
\r
70 <input type="hidden" name="ot" value="<?php echo BLOGS_GROUP; ?>" />
\r
71 <input type="hidden" name="oid" value="<?php echo abs($_REQUEST['oid']); ?>" />
\r
72 <div class="input-form">
\r
74 <label for="title"><?php echo _AT('title'); ?></label><br />
\r
75 <input type="text" name="title" id="title" value="<?php echo htmlspecialchars(stripslashes($_POST['title'])); ?>" size="50" />
\r
78 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="body"><?php echo _AT('body'); ?></label><br />
\r
79 <textarea name="body" id="body" cols="40" rows="10"></textarea>
\r
83 <a href="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES); ?>#jumpcodes" title="<?php echo _AT('jump_codes'); ?>"><img src="images/clr.gif" height="1" width="1" alt="<?php echo _AT('jump_codes'); ?>" border="0" /></a><?php require(AT_INCLUDE_PATH.'html/code_picker.inc.php'); ?>
\r
85 <a name="jumpcodes"></a>
\r
89 <input type="checkbox" name="private" value="1" id="private" /><label for="private"><?php echo _AT('private'); ?></label>
\r
92 <div class="row buttons">
\r
93 <input type="submit" name="submit" value="<?php echo _AT('post'); ?>" accesskey="s" /> <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
\r
98 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>