2 require(dirname(__FILE__) .'/common/vitals.inc.php');
\r
3 function my_add_null_slashes( $string ) {
\r
7 if ( get_magic_quotes_gpc() == 1 ) {
\r
8 $addslashes = 'my_add_null_slashes';
\r
10 $addslashes = 'mysql_real_escape_string';
\r
14 if (isset($_POST['submit'])) {
\r
15 $_POST['email'] = str_replace('@', ' at ', $_POST['email']);
\r
16 $_POST['email'] = str_replace('.', ' dot ', $_POST['email']);
\r
17 $_POST['email'] = str_replace('<', '<', $_POST['email']);
\r
19 $_POST['note'] = str_replace('<', '<', $_POST['note']);
\r
21 $_POST['email'] = $addslashes($_POST['email']);
\r
22 $_POST['note'] = $addslashes($_POST['note']);
\r
23 $_POST['section'] = $addslashes($_POST['section']);
\r
24 $_POST['page'] = $addslashes($_POST['page']);
\r
26 // all this stuff has to go into some common vitals type file.
\r
28 $enable_user_notes = false;
\r
30 $config_location = '../include/config.inc.php';
\r
31 if (is_file($config_location) && is_readable($config_location)) {
\r
32 require($config_location);
\r
33 $db = mysql_connect(DB_HOST . ':' . DB_PORT, DB_USER, DB_PASSWORD);
\r
34 mysql_select_db(DB_NAME, $db);
\r
36 // check atutor config table to see if handbook notes is enabled.
\r
37 $sql = "SELECT value FROM ".TABLE_PREFIX."config WHERE name='user_notes'";
\r
38 $result = @mysql_query($sql, $db);
\r
39 if (($row = mysql_fetch_assoc($result)) && $row['value']) {
\r
40 define('AT_HANDBOOK_ENABLE', true);
\r
41 $enable_user_notes = true;
\r
43 define('AT_HANDBOOK_DB_TABLE_PREFIX', TABLE_PREFIX);
\r
45 if (!defined('AT_HANDBOOK_ENABLE')) {
\r
46 // use local config file
\r
47 require('./config.inc.php');
\r
50 if (!$db && defined('AT_HANDBOOK_ENABLE') && AT_HANDBOOK_ENABLE) {
\r
51 $db = @mysql_connect(AT_HANDBOOK_DB_HOST . ':' . AT_HANDBOOK_DB_PORT, AT_HANDBOOK_DB_USER, AT_HANDBOOK_DB_PASSWORD);
\r
52 if (@mysql_select_db(AT_HANDBOOK_DB_DATABASE, $db)) {
\r
53 $enable_user_notes = true;
\r
57 if ($enable_user_notes) {
\r
59 $sql = "INSERT INTO ".AT_HANDBOOK_DB_TABLE_PREFIX."handbook_notes VALUES (NULL, NOW(), '$_POST[section]', '$_POST[page]', 0, '$_POST[email]', '$_POST[note]')";
\r
60 mysql_query($sql, $db);
\r
61 header('Location: '.$_POST['section']. '/' . $_POST['page'].'?noted');
\r
66 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
\r
69 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
\r
70 <title><?php get_text('add_note'); ?></title>
\r
71 <link rel="stylesheet" href="common/styles.css" type="text/css" />
\r
72 <style type="text/css">
\r
73 div.input-form div.row {
\r
74 margin-bottom: 10px;
\r
79 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
\r
80 <input type="hidden" name="section" value="<?php echo $section; ?>" />
\r
81 <input type="hidden" name="page" value="<?php echo htmlspecialchars($_GET['p']); ?>" />
\r
83 <div class="input-form">
\r
85 <p><?php get_text('add_note_blurb'); ?></p>
\r
89 <label for="email"><?php get_text('email_name'); ?>:</label><br />
\r
90 <input type="text" name="email" value="" id="email" size="40" />
\r
94 <label for="note"><?php get_text('your_note');?>:</label><br />
\r
95 <textarea name="note" id="note" cols="50" rows="20"></textarea>
\r
98 <div class="row buttons">
\r
99 <input type="submit" name="submit" value="<?php get_text('add_note'); ?>" />
\r