2 /****************************************************************/
\r
4 /****************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or*/
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************/
\r
14 define('AT_INCLUDE_PATH', '../../../include/');
\r
15 require_once (AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 // authenticate ot+oid..
\r
18 $owner_type = abs($_REQUEST['ot']);
\r
19 $owner_id = abs($_REQUEST['oid']);
\r
20 if (!($owner_status = blogs_authenticate($owner_type, $owner_id))) {
\r
21 $msg->addError('ACCESS_DENIED');
\r
22 header('Location: '.url_rewrite('mods/_standard/blogs/index.php'));
\r
26 $id = abs($_REQUEST['id']);
\r
28 if (!query_bit($owner_status, BLOGS_AUTH_WRITE)) {
\r
29 $auth = 'private=0 AND ';
\r
31 $sql = "SELECT member_id, private, date, title, body FROM ".TABLE_PREFIX."blog_posts WHERE $auth owner_type=".BLOGS_GROUP." AND owner_id=$owner_id AND post_id=$id ORDER BY date DESC";
\r
32 $result = mysql_query($sql, $db);
\r
35 if (isset($_POST['submit']) && $_SESSION['member_id']) {
\r
37 $_POST['body'] = $addslashes(trim($_POST['body']));
\r
38 $_POST['private'] = abs($_POST['private']);
\r
40 if ($_POST['body'] == '') {
\r
41 $msg->addError(array('EMPTY_FIELDS', _AT('comments')));
\r
44 if (!$msg->containsErrors()) {
\r
45 $sql = "INSERT INTO ".TABLE_PREFIX."blog_posts_comments VALUES (NULL, $id, $_SESSION[member_id], NOW(), $_POST[private], '$_POST[body]')";
\r
46 mysql_query($sql, $db);
\r
47 $comments_affected_rows = mysql_affected_rows($db);
\r
49 if (!isset($sub)) {
\r
50 require_once(AT_INCLUDE_PATH .'classes/subscribe.class.php');
\r
51 $sub = new subscription();
\r
53 $sub->send_mail('blogcomment', $owner_id, mysql_insert_id());
\r
55 if ($comments_affected_rows == 1) {
\r
56 $sql = "UPDATE ".TABLE_PREFIX."blog_posts SET num_comments=num_comments+1, date=date WHERE post_id=$id";
\r
57 mysql_query($sql, $db);
\r
60 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
\r
62 header('Location: '.url_rewrite('mods/_standard/blogs/post.php?ot='.$owner_type.SEP.'oid='.$owner_id.SEP.'id='.$id, AT_PRETTY_URL_IS_HEADER));
\r
67 if (!$post_row = mysql_fetch_assoc($result)) {
\r
68 header('Location: '.url_rewrite('mods/_standard/blogs/view.php?ot='.$owner_type.SEP.'oid='.$owner_id));
\r
72 $_pages['mods/_standard/blogs/post.php']['title'] = $post_row['title'] . ($post_row['private'] ? ' - '._AT('private') : '');
\r
73 $_pages['mods/_standard/blogs/post.php']['parent'] = 'mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id;
\r
74 if (query_bit($owner_status, BLOGS_AUTH_WRITE)) {
\r
75 $_pages['mods/_standard/blogs/post.php']['children'] = array('mods/_standard/blogs/edit_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id.SEP.'id='.$id, 'mods/_standard/blogs/delete_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id.SEP.'id='.$id);
\r
77 $_pages['mods/_standard/blogs/post.php']['children'] = array();
\r
80 $_pages['mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id]['title'] = blogs_get_blog_name(BLOGS_GROUP, $owner_id);
\r
81 $_pages['mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id]['parent'] = 'mods/_standard/blogs/index.php';
\r
83 if (query_bit($owner_status, BLOGS_AUTH_WRITE)) {
\r
84 $_pages['mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id]['children'] = array('mods/_standard/blogs/add_post.php');
\r
86 $_pages['mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$owner_id]['children'] = array();
\r
90 require (AT_INCLUDE_PATH.'header.inc.php');
\r
94 <h3 class="date"><?php echo get_display_name($post_row['member_id']); ?> - <?php echo AT_date(_AT('forum_date_format'), $post_row['date'], AT_DATE_MYSQL_DATETIME); ?></h3>
\r
96 <p><?php echo AT_print($post_row['body'], 'blog_posts.body'); ?></p>
\r
99 <a name="comments"></a><h2><?php echo _AT('comments'); ?></h2>
\r
101 $sql = "SELECT comment_id, member_id, date, comment FROM ".TABLE_PREFIX."blog_posts_comments WHERE post_id=$id ORDER BY date";
\r
102 $result = mysql_query($sql, $db);
\r
104 <?php while ($row = mysql_fetch_assoc($result)): ?>
\r
105 <div class="input-form">
\r
107 <h4 class="date"><?php echo get_display_name($row['member_id']); ?> - <?php echo AT_date(_AT('forum_date_format'), $row['date'], AT_DATE_MYSQL_DATETIME); ?></h4>
\r
109 <p><?php echo AT_print($row['comment'], 'blog_posts_comments.comment'); ?></p>
\r
111 <?php if (query_bit($owner_status, BLOGS_AUTH_WRITE)): ?>
\r
112 <div style="text-align: right; font-size: smaller;">
\r
113 <a href="mods/_standard/blogs/delete_comment.php?ot=<?php echo $owner_type.SEP.'oid='.$owner_id.SEP.'id='.$id.SEP.'delete_id='.$row['comment_id']; ?>"><?php echo _AT('delete'); ?></a>
\r
121 <?php if ($_SESSION['member_id']): ?>
\r
122 <form method="post" action="<?php echo $_SERVER['PHP_SELF'].'?ot='.$owner_type.SEP.'oid='.$owner_id; ?>" name="form">
\r
123 <input type="hidden" name="id" value="<?php echo $id; ?>" />
\r
124 <div class="input-form">
\r
126 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="commentsarea"><?php echo _AT('comments'); ?></label><br />
\r
127 <textarea name="body" id="commentsarea" cols="40" rows="3"></textarea>
\r
131 <a href="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES); ?>#jumpcodes" title="<?php echo _AT('jump_codes'); ?>"><img src="images/clr.gif" height="1" width="1" alt="<?php echo _AT('jump_codes'); ?>" border="0" /></a><?php require(AT_INCLUDE_PATH.'html/code_picker.inc.php'); ?>
\r
133 <a name="jumpcodes"></a>
\r
136 <div class="row buttons">
\r
137 <input type="submit" name="submit" value="<?php echo _AT('post'); ?>" accesskey="s" />
\r
143 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>