2 /****************************************************************************/
4 /****************************************************************************/
5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton */
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************************/
15 if (!defined('AT_INCLUDE_PATH')) { exit; }
18 * Returns an array of (shared and non-shared) forums belonging to the given course
20 * @param integer $course id of the course
21 * @return string array each row is a forum
22 * @see $db in include/vitals.inc.php
23 * @see is_shared_forum()
24 * @author Heidi Hazelton
25 * @author Joel Kronenberg
27 function get_forums($course) {
31 $sql = "SELECT F.*, DATE_FORMAT(F.last_post, '%Y-%m-%d %H:%i:%s') AS last_post FROM ".TABLE_PREFIX."forums_courses FC INNER JOIN ".TABLE_PREFIX."forums F USING (forum_id) WHERE FC.course_id=$course GROUP BY FC.forum_id ORDER BY F.title";
33 $sql = "SELECT F.*, FC.course_id, DATE_FORMAT(F.last_post, '%Y-%m-%d %H:%i:%s') AS last_post FROM ".TABLE_PREFIX."forums_courses FC INNER JOIN ".TABLE_PREFIX."forums F USING (forum_id) GROUP BY FC.forum_id ORDER BY F.title";
36 // 'nonshared' forums are always listed first:
37 $forums['nonshared'] = array();
38 $forums['shared'] = array();
39 $forums['group'] = array();
41 $result = mysql_query($sql, $db);
42 while ($row = mysql_fetch_assoc($result)) {
43 // for each forum, check if it's shared or not:
45 if (is_shared_forum($row['forum_id'])) {
46 $forums['shared'][] = $row;
48 $forums['nonshared'][] = $row;
52 // retrieve the group forums:
54 if (!$_SESSION['groups']) {
58 $groups = implode(',',$_SESSION['groups']);
60 $sql = "SELECT F.*, G.group_id FROM ".TABLE_PREFIX."forums_groups G INNER JOIN ".TABLE_PREFIX."forums F USING (forum_id) WHERE G.group_id IN ($groups) ORDER BY F.title";
61 $result = mysql_query($sql, $db);
62 while ($row = mysql_fetch_assoc($result)) {
63 $row['title'] = get_group_title($row['group_id']);
64 $forums['group'][] = $row;
71 * Returns true/false whether or not this forum is shared.
73 * @param integer $forum_id id of the forum
74 * @return boolean true if this forum is shared, false otherwise
75 * @see $db in include/vitals.inc.php
76 * @author Joel Kronenberg
78 function is_shared_forum($forum_id) {
81 $sql = "SELECT COUNT(*) AS cnt FROM ".TABLE_PREFIX."forums_courses WHERE forum_id=$forum_id";
82 $result = mysql_query($sql, $db);
83 $row = mysql_fetch_assoc($result);
85 if ($row['cnt'] > 1) {
94 * Returns forum information for given forum_id
96 * @param integer $forum_id id of the forum
97 * @param integer $course id of the course (for non-admins)
98 * @return string array each row is a forum
99 * @see $db in include/vitals.inc.php
100 * @author Heidi Hazelton
102 function get_forum($forum_id, $course = '') {
105 if (!empty($course)) {
106 $sql = "SELECT * FROM ".TABLE_PREFIX."forums_courses fc, ".TABLE_PREFIX."forums f WHERE (fc.course_id=$course OR fc.course_id=0) AND fc.forum_id=f.forum_id and fc.forum_id=$forum_id ORDER BY title";
107 $result = mysql_query($sql, $db);
108 $forum = mysql_fetch_assoc($result);
109 } else if (empty($course)) { //only admins should be retrieving forums w/o a course! add this check
110 $sql = "SELECT * FROM ".TABLE_PREFIX."forums WHERE forum_id=$forum_id";
111 $result = mysql_query($sql, $db);
112 $forum = mysql_fetch_assoc($result);
122 * Checks to see if signed in member is allowed to view the forum page
124 * @param integer $forum_id id of the forum
125 * @return boolean view (true) or not view (false)
126 * @see $db in include/vitals.inc.php
127 * @author Heidi Hazelton
129 function valid_forum_user($forum_id) {
132 $sql = "SELECT forum_id FROM ".TABLE_PREFIX."forums_courses WHERE (course_id=$_SESSION[course_id] OR course_id=0) AND forum_id=$forum_id";
133 $result = mysql_query($sql, $db);
134 $row = mysql_fetch_assoc($result);
137 // not a course forum, let's check group:
138 if (!empty($_SESSION['groups'])){
139 $groups = implode(',', $_SESSION['groups']);
140 $sql = "SELECT forum_id FROM ".TABLE_PREFIX."forums_groups WHERE group_id IN ($groups) AND forum_id=$forum_id";
141 $result = mysql_query($sql, $db);
142 if ($row = mysql_fetch_assoc($result)) {
156 * @param array $_POST add-forum form variables
157 * @see $db in include/vitals.inc.php
158 * @see $addslashes in include/vitals.inc.php
159 * @author Heidi Hazelton
161 function add_forum($_POST) {
165 $_POST['title'] = $addslashes($_POST['title']);
166 $_POST['body'] = $addslashes($_POST['body']);
167 $_POST['edit'] = intval($_POST['edit']);
169 $sql = "INSERT INTO ".TABLE_PREFIX."forums VALUES (NULL,'$_POST[title]', '$_POST[body]', 0, 0, NOW(), $_POST[edit])";
170 $result = mysql_query($sql,$db);
172 $sql = "INSERT INTO ".TABLE_PREFIX."forums_courses VALUES (LAST_INSERT_ID(), $_SESSION[course_id])";
173 $result = mysql_query($sql,$db);
181 * @param array $_POST add-forum form variables
182 * @see $db in include/vitals.inc.php
183 * @see $addslashes in include/vitals.inc.php
184 * @author Heidi Hazelton
186 function edit_forum($_POST) {
190 $_POST['title'] = $addslashes($_POST['title']);
191 $_POST['body'] = $addslashes($_POST['body']);
193 $_POST['fid'] = intval($_POST['fid']);
194 $_POST['edit'] = intval($_POST['edit']);
196 $sql = "UPDATE ".TABLE_PREFIX."forums SET title='$_POST[title]', description='$_POST[body]', last_post=last_post, mins_to_edit=$_POST[edit] WHERE forum_id=$_POST[fid]";
197 $result = mysql_query($sql,$db);
203 * Deletes a forum (checks if its shared).
204 * Assumes the forum is not shared.
205 * Assumes the user has the priv to delete this forum.
207 * @param array $_POST add-forum form variables
208 * @see $db in include/vitals.inc.php
209 * @see $addslashes in include/vitals.inc.php
210 * @author Heidi Hazelton
212 function delete_forum($forum_id) {
215 $sql = "SELECT post_id FROM ".TABLE_PREFIX."forums_threads WHERE forum_id=$forum_id";
216 $result = mysql_query($sql, $db);
217 while ($row = mysql_fetch_array($result)) {
218 $sql = "DELETE FROM ".TABLE_PREFIX."forums_accessed WHERE post_id=$row[post_id]";
219 $result2 = mysql_query($sql, $db);
222 $sql = "DELETE FROM ".TABLE_PREFIX."forums_subscriptions WHERE forum_id=$forum_id";
223 $result = mysql_query($sql, $db);
225 $sql = "DELETE FROM ".TABLE_PREFIX."forums_threads WHERE forum_id=$forum_id";
226 $result = mysql_query($sql, $db);
228 $sql = "DELETE FROM ".TABLE_PREFIX."forums_courses WHERE forum_id=$forum_id";
229 $result = mysql_query($sql, $db);
231 $sql = "DELETE FROM ".TABLE_PREFIX."forums WHERE forum_id=$forum_id";
232 $result = mysql_query($sql, $db);
234 $sql = "OPTIMIZE TABLE ".TABLE_PREFIX."forums_threads";
235 $result = mysql_query($sql, $db);
239 function print_entry($row) {
240 global $page,$system_courses, $forum_info;
244 $reply_link = '<a href="forum/view.php?fid='.$row['forum_id'].SEP.'pid=';
245 if ($row['parent_id'] == 0) {
246 $reply_link .= $row['post_id'];
248 $reply_link .= $row['parent_id'];
250 $reply_link .= SEP.'reply='.$row['post_id'].SEP.'page='.$page.'#post" >'._AT('reply').'</a>';
254 <li class="<?php if ($counter %2) { echo 'odd'; } else { echo 'even'; } ?>">
255 <a name="<?php echo $row['post_id']; ?>"></a>
256 <div class="forum-post-author">
257 <a href="profile.php?id=<?php echo $row['member_id']; ?>" class="title"><?php echo htmlspecialchars(get_display_name($row['member_id'])); ?></a><br />
258 <?php print_profile_img($row['member_id']); ?>
261 <div class="forum-post-content">
262 <h3><?php echo AT_Print(htmlspecialchars($row['subject'], ENT_COMPAT, "UTF-8"), 'forums_threads.subject'); ?></h3>
264 <div class="forum-post-ctrl">
265 <?php if (authenticate(AT_PRIV_FORUMS, AT_PRIV_RETURN)): ?>
266 <?php echo $reply_link; ?> | <a href="editor/edit_post.php?fid=<?php echo $row['forum_id'].SEP.'pid='.$row['post_id']; ?>"><?php echo _AT('edit'); ?></a> | <a href="forum/delete_thread.php?fid=<?php echo $row['forum_id'].SEP.'pid='.$row['post_id'].SEP.'ppid='.$row['parent_id'].SEP; ?>nest=1"><?php echo _AT('delete'); ?></a>
267 <?php elseif (($row['member_id'] == $_SESSION['member_id']) && (($row['udate'] + $forum_info['mins_to_edit'] * 60) > time())): ?>
268 <?php echo $reply_link; ?> | <a href="editor/edit_post.php?fid=<?php echo $row['forum_id'].SEP.'pid='.$row['post_id']; ?>"><?php echo _AT('edit'); ?></a> <span>(<?php echo _AT('edit_for_minutes', round((($row['udate'] + $forum_info['mins_to_edit'] * 60) - time())/60)); ?>)</span>
269 <?php elseif ($_SESSION['valid_user']): ?>
270 <?php echo $reply_link; ?>
273 <p class="date"> <?php echo AT_date(_AT('forum_date_format'), $row['date'], AT_DATE_MYSQL_DATETIME); ?></p>
278 <p><?php echo AT_print(htmlspecialchars($row['body'], ENT_COMPAT, "UTF-8"), 'forums_threads.body'); ?></p>