2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2009 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
14 $_user_location = 'public';
16 define('AT_INCLUDE_PATH', '../../../../include/');
17 require(AT_INCLUDE_PATH.'vitals.inc.php');
18 require(AT_SOCIAL_INCLUDE.'constants.inc.php');
19 require(AT_SOCIAL_INCLUDE.'friends.inc.php');
20 require(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroup.class.php');
21 require(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroups.class.php');
22 $_custom_css = $_base_path . AT_SOCIAL_BASENAME . 'module.css'; // use a custom stylesheet
23 if (!$_SESSION['valid_user']) {
24 require(AT_INCLUDE_PATH.'header.inc.php');
25 $info = array('INVALID_USER', $_SESSION['course_id']);
26 $msg->printInfos($info);
27 require(AT_INCLUDE_PATH.'footer.inc.php');
32 $social_groups = new SocialGroups();
33 $rand_key = $addslashes($_REQUEST['rand_key']); //should we excape?
35 //if $_GET['q'] is set, handle Ajax.
36 if (isset($_GET['q'])){
37 $query = $addslashes($_GET['q']);
38 $search_result = $social_groups->search($query);
39 if (!empty($search_result)){
40 echo '<div style="border:1px solid #a50707; margin-left:50px; width:45%;">Suggestion:<br/>';
42 foreach($search_result as $group_id=>$group_array){
43 //display 10 suggestions
48 $group_obj = $group_array['obj'];
49 /* A bit of a hack here
50 * Escape XSS for the ajax search. Problem: the ' and " is changed to its entities.
52 * @Apr 2, 2009 - Harris
54 echo '<a href="javascript:void(0);" onclick="document.getElementById(\'search_groups\').value=\''.htmlentities_utf8($group_obj->getName()).'\'; document.getElementById(\'search_group_form\').submit();">'.$group_obj->getName().'</a><br/>';
63 $page = intval($_GET['p']);
67 $count = (($page-1) * SOCIAL_GROUP_MAX) + 1;
68 $offset = ($page-1) * SOCIAL_GROUP_MAX;
71 // handle post request
72 if ($rand_key!='' && isset($_REQUEST['search_groups_'.$rand_key])){
73 $query = $addslashes($_REQUEST['search_groups_'.$rand_key]);
74 $search_result = $social_groups->search($query);
75 $num_pages = sizeof($search_result)/SOCIAL_GROUP_MAX;
76 $search_result = $social_groups->search($query, $offset);
78 /*elseif(empty($_POST['search_groups_'.$rand_key])) {
79 $msg->addError('CANNOT_BE_EMPTY');
82 //Generate a random number for the search input name fields, so that the browser will not remember any previous entries.
83 $rand = md5(rand(0, time()));
85 $last_search = $_REQUEST['search_groups_'.$rand_key];
87 $last_search = $_REQUEST['search_groups_'.$rand];
89 //take out double quotes until there is a way to escape XSS from the ajax script.
90 $last_search = preg_replace('/\"/', '', $last_search);
93 include(AT_INCLUDE_PATH.'header.inc.php');
94 $savant->display('social/pubmenu.tmpl.php');
96 <div class="pageinator_box">
98 print_paginator($page, $num_pages, 'search_groups_'.$rand_key.'='.$query.SEP.'rand_key='.$rand_key, 1);
102 $savant->assign('rand_key', $rand);
103 $savant->assign('last_search', $last_search);
104 $savant->assign('search_result', $search_result);
105 $savant->display('social/sgroup_search.tmpl.php');
106 include(AT_INCLUDE_PATH.'footer.inc.php');