docs/mods/_standard/social/groups/search.php

   1 <?php
   2 /****************************************************************/
   3 /* ATutor                                                                                                               */
   4 /****************************************************************/
   5 /* Copyright (c) 2002-2009                                                                              */
   6 /* Inclusive Design Institute                                   */
   7 /* http://atutor.ca                                                                                             */
   8 /*                                                              */
   9 /* This program is free software. You can redistribute it and/or*/
  10 /* modify it under the terms of the GNU General Public License  */
  11 /* as published by the Free Software Foundation.                                */
  12 /****************************************************************/
  13 // $Id$
  14 $_user_location = 'public';
  15
  16 define('AT_INCLUDE_PATH', '../../../../include/');
  17 require(AT_INCLUDE_PATH.'vitals.inc.php');
  18 require(AT_SOCIAL_INCLUDE.'constants.inc.php');
  19 require(AT_SOCIAL_INCLUDE.'friends.inc.php');
  20 require(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroup.class.php');
  21 require(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroups.class.php');
  22 $_custom_css = $_base_path . AT_SOCIAL_BASENAME . 'module.css'; // use a custom stylesheet
  23 if (!$_SESSION['valid_user']) {
  24         require(AT_INCLUDE_PATH.'header.inc.php');
  25         $info = array('INVALID_USER', $_SESSION['course_id']);
  26         $msg->printInfos($info);
  27         require(AT_INCLUDE_PATH.'footer.inc.php');
  28         exit;
  29 }
  30
  31 //social groups init
  32 $social_groups = new SocialGroups();
  33 $rand_key = $addslashes($_REQUEST['rand_key']); //should we excape?
  34
  35 //if $_GET['q'] is set, handle Ajax.
  36 if (isset($_GET['q'])){
  37         $query = $addslashes($_GET['q']);
  38         $search_result = $social_groups->search($query);
  39         if (!empty($search_result)){
  40                 echo '<div style="border:1px solid #a50707; margin-left:50px; width:45%;">Suggestion:<br/>';
  41                 $counter = 0;
  42                 foreach($search_result as $group_id=>$group_array){
  43                         //display 10 suggestions
  44                         if ($counter > 10){
  45                                 break;
  46                         }
  47
  48                         $group_obj = $group_array['obj'];
  49                         /* A bit of a hack here
  50                          * Escape XSS for the ajax search. Problem: the ' and " is changed to its entities.
  51                          *
  52                          * @Apr 2, 2009 - Harris
  53                          */
  54                         echo '<a href="javascript:void(0);" onclick="document.getElementById(\'search_groups\').value=\''.htmlentities_utf8($group_obj->getName()).'\'; document.getElementById(\'search_group_form\').submit();">'.$group_obj->getName().'</a><br/>';
  55                         $counter++;
  56                 }
  57                 echo '</div>';
  58         }
  59         exit;
  60 }
  61
  62 //paginator settings
  63 $page = intval($_GET['p']);
  64 if (!$page) {
  65         $page = 1;
  66 }
  67 $count  = (($page-1) * SOCIAL_GROUP_MAX) + 1;
  68 $offset = ($page-1) * SOCIAL_GROUP_MAX;
  69
  70
  71 // handle post request
  72 if ($rand_key!='' && isset($_REQUEST['search_groups_'.$rand_key])){
  73         $query = $addslashes($_REQUEST['search_groups_'.$rand_key]);
  74         $search_result = $social_groups->search($query);
  75         $num_pages = sizeof($search_result)/SOCIAL_GROUP_MAX;
  76         $search_result = $social_groups->search($query, $offset);
  77 }
  78 /*elseif(empty($_POST['search_groups_'.$rand_key])) {
  79         $msg->addError('CANNOT_BE_EMPTY');
  80 } */
  81
  82 //Generate a random number for the search input name fields, so that the browser will not remember any previous entries.
  83 $rand = md5(rand(0, time()));
  84 if ($rand_key != ''){
  85         $last_search = $_REQUEST['search_groups_'.$rand_key];
  86 } else {
  87         $last_search = $_REQUEST['search_groups_'.$rand];
  88 }
  89 //take out double quotes until there is a way to escape XSS from the ajax script.
  90 $last_search = preg_replace('/\"/', '', $last_search);
  91
  92 //Display
  93 include(AT_INCLUDE_PATH.'header.inc.php');
  94 $savant->display('social/pubmenu.tmpl.php');
  95 ?>
  96 <div class="pageinator_box">
  97 <?php
  98 print_paginator($page, $num_pages, 'search_groups_'.$rand_key.'='.$query.SEP.'rand_key='.$rand_key, 1);
  99 ?>
 100 </div>
 101 <?php
 102 $savant->assign('rand_key', $rand);
 103 $savant->assign('last_search', $last_search);
 104 $savant->assign('search_result', $search_result);
 105 $savant->display('social/sgroup_search.tmpl.php');
 106 include(AT_INCLUDE_PATH.'footer.inc.php');
 107 ?>