editor/edit_post.php

   1 <?php
   2 /****************************************************************************/
   3 /* ATutor                                                                                                                                       */
   4 /****************************************************************************/
   5 /* Copyright (c) 2002-2006 by Greg Gay, Joel Kronenberg & Heidi Hazelton        */
   6 /* Adaptive Technology Resource Centre / University of Toronto                          */
   7 /* http://atutor.ca                                                                                                                     */
   8 /*                                                                                                                                                      */
   9 /* This program is free software. You can redistribute it and/or                        */
  10 /* modify it under the terms of the GNU General Public License                          */
  11 /* as published by the Free Software Foundation.                                                        */
  12 /****************************************************************************/
  13 // $Id$
  14
  15 define('AT_INCLUDE_PATH', '../include/');
  16 require (AT_INCLUDE_PATH.'vitals.inc.php');
  17
  18 require(AT_INCLUDE_PATH.'lib/forums.inc.php');
  19
  20 $fid = intval($_REQUEST['fid']);
  21
  22 if (isset($_GET['pid'])) {
  23         $pid = intval($_GET['pid']);
  24 } else {
  25         $pid = intval($_POST['pid']);
  26 }
  27 if (!$pid || !$fid || !valid_forum_user($fid)) {
  28         $msg->addError('ITEM_NOT_FOUND');
  29         header('Location: ../forum/list.php');
  30         exit;
  31 }
  32
  33 $sql = "SELECT *, UNIX_TIMESTAMP(date) AS udate FROM ".TABLE_PREFIX."forums_threads WHERE post_id=$pid";
  34 $result = mysql_query($sql,$db);
  35 if (!($post_row = mysql_fetch_assoc($result))) {
  36         $msg->addError('ITEM_NOT_FOUND');
  37         header('Location: ../forum/list.php');
  38         exit;
  39 }
  40
  41 $forum_info = get_forum($fid, $_SESSION['course_id']);
  42
  43 $expiry = $post_row['udate'] + $forum_info['mins_to_edit'] * 60;
  44
  45 // check if we're either a) an assistant or, b) own this post and within the time allowed:
  46 if (!(     authenticate(AT_PRIV_FORUMS, AT_PRIV_RETURN)
  47                 || ($post_row['member_id'] == $_SESSION['member_id'] && ($expiry > time() || isset($_POST['edit_post']) ) )
  48           )
  49    ) {
  50         $msg->addError('POST_EDIT_EXPIRE');
  51         header('Location: ../forum/list.php');
  52         exit;
  53 }
  54
  55 if ($_POST['cancel']) {
  56         $msg->addFeedback('CANCELLED');
  57         Header('Location: ../forum/view.php?fid='.$_POST['fid'].SEP.'pid='.$_POST['pid']);
  58         exit;
  59 }
  60
  61 if ($_POST['edit_post']) {
  62         $missing_fields = array();
  63
  64         $_POST['subject']       = str_replace('<', '&lt;', trim($_POST['subject']));
  65         $_POST['body']          = str_replace('<', '&lt;', trim($_POST['body']));
  66         $_POST['pid']           = intval($_POST['pid']);
  67
  68         $_POST['subject']  = $addslashes($_POST['subject']);
  69         $_POST['body']  = $addslashes($_POST['body']);
  70
  71         if ($_POST['subject'] == '')  {
  72                 $missing_fields[] = _AT('subject');
  73         }
  74
  75         if ($_POST['body'] == '') {
  76                 $missing_fields[] = _AT('body');
  77         }
  78         if ($missing_fields) {
  79                 $missing_fields = implode(', ', $missing_fields);
  80                 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
  81         }
  82         if (!$msg->containsErrors()) {
  83                 $sql = "UPDATE ".TABLE_PREFIX."forums_threads SET subject='$_POST[subject]', body='$_POST[body]', last_comment=last_comment, date=date WHERE post_id=$_POST[pid]";
  84                 $result = mysql_query($sql,$db);
  85
  86                 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
  87                 if ($_POST['ppid'] == 0) {
  88                         $_POST['ppid'] = $_POST['pid'];
  89                 }
  90                 header('Location: ../forum/view.php?fid='.$_POST['fid'].SEP.'pid='.$_POST['ppid']);
  91                 exit;
  92         }
  93 }
  94
  95 $_pages['forum/index.php?fid='.$fid]['title']    = $forum_info['title'];
  96 $_pages['forum/index.php?fid='.$fid]['parent']   = 'forum/list.php';
  97 $_pages['forum/index.php?fid='.$fid]['children'] = array('forum/new_thread.php?fid='.$fid);
  98
  99 $_pages['forum/new_thread.php?fid='.$fid]['title_var'] = 'new_thread';
 100 $_pages['forum/new_thread.php?fid='.$fid]['parent']    = 'forum/index.php?fid='.$fid;
 101
 102 $_pages['forum/view.php']['title']  = $post_row['subject'];
 103 $_pages['forum/view.php']['parent'] = 'forum/index.php?fid='.$fid;
 104
 105 $_pages['editor/edit_post.php']['title_var'] = 'edit_post';
 106 $_pages['editor/edit_post.php']['parent']    = 'forum/index.php?fid='.$fid;
 107 $_pages['editor/edit_post.php']['children']  = array();
 108
 109
 110 $onload = 'document.form.subject.focus();';
 111
 112 require(AT_INCLUDE_PATH.'header.inc.php');
 113
 114 ?>
 115
 116 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">
 117 <input type="hidden" name="edit_post" value="true" />
 118 <input type="hidden" name="pid" value="<?php echo $pid; ?>" />
 119 <input type="hidden" name="ppid" value="<?php echo $post_row['parent_id']; ?>" />
 120 <input type="hidden" name="fid" value="<?php echo $post_row['forum_id']; ?>" />
 121
 122 <div class="input-form">
 123         <div class="row">
 124                 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="subject"><?php echo _AT('subject'); ?></label><br />
 125                 <input type="text" maxlength="45" name="subject" size="36" value="<?php echo stripslashes(htmlspecialchars($post_row['subject'])); ?>" id="subject" />
 126         </div>
 127
 128         <div class="row">
 129                 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="body"><?php echo _AT('body'); ?></label>
 130                 <textarea cols="65" name="body" rows="10" id="body"><?php echo $post_row['body']; ?></textarea>
 131         </div>
 132
 133         <div class="row">
 134                 <small class="spacer">&middot;<?php echo _AT('forum_links'); ?>
 135                 &middot; <?php echo _AT('forum_email_links'); ?>
 136                 &middot; <?php echo _AT('forum_html_disabled'); ?></small>
 137         </div>
 138
 139         <div class="row buttons">
 140                 <input name="submit" type="submit" value="  <?php echo _AT('save'); ?>" accesskey="s" />
 141                 <input type="submit" name="cancel" value=" <?php echo _AT('cancel'); ?> " />
 142         </div>
 143 </div>
 144 </form>
 145
 146 <?php require (AT_INCLUDE_PATH.'footer.inc.php'); ?>