(no commit message)
[atutor.git] / mods / _standard / blogs / edit_post.php
1 <?php\r
2 /****************************************************************/\r
3 /* ATutor                                                                                                               */\r
4 /****************************************************************/\r
5 /* Copyright (c) 2002-2010                                      */\r
6 /* Inclusive Design Institute                                   */\r
7 /* http://atutor.ca                                                                                             */\r
8 /*                                                              */\r
9 /* This program is free software. You can redistribute it and/or*/\r
10 /* modify it under the terms of the GNU General Public License  */\r
11 /* as published by the Free Software Foundation.                                */\r
12 /****************************************************************/\r
13 // $Id$\r
14 define('AT_INCLUDE_PATH', '../../../include/');\r
15 require (AT_INCLUDE_PATH.'vitals.inc.php');\r
16 \r
17 // authenticate ot+oid ....\r
18 $owner_type = abs($_REQUEST['ot']);\r
19 $owner_id = abs($_REQUEST['oid']);\r
20 if (!($owner_status = blogs_authenticate($owner_type, $owner_id)) || !query_bit($owner_status, BLOGS_AUTH_WRITE)) {\r
21         $msg->addError('ACCESS_DENIED');\r
22         header('Location: index.php');\r
23         exit;\r
24 }\r
25 \r
26 if (isset($_POST['cancel'])) {\r
27         $msg->addFeedback('CANCELLED');\r
28         header('Location: '.url_rewrite('mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_POST['oid'], AT_PRETTY_URL_IS_HEADER));\r
29         exit;\r
30 } else if (isset($_POST['submit'])) {\r
31         $_POST['title'] = $addslashes(trim($_POST['title']));\r
32         $_POST['body']  = $addslashes(trim($_POST['body']));\r
33         $id = abs($_POST['id']);\r
34 \r
35         if ($_POST['body'] == '') {\r
36                 $msg->addError(array('EMPTY_FIELDS', _AT('body')));\r
37         }\r
38 \r
39         if (!$msg->containsErrors()) {\r
40                 $_POST['title'] = htmlspecialchars($_POST['title']);\r
41                 $_POST['body']  = htmlspecialchars($_POST['body']);\r
42                 $_POST['private'] = abs($_POST['private']);\r
43                 $sql = "UPDATE ".TABLE_PREFIX."blog_posts SET private=$_POST[private], title='$_POST[title]', body='$_POST[body]', date=date WHERE owner_type=".BLOGS_GROUP." AND owner_id=$_REQUEST[oid] AND post_id=$id";\r
44                 mysql_query($sql, $db);\r
45 \r
46                 $msg->addFeedback('POST_ADDED_SUCCESSFULLY');\r
47 \r
48                 header('Location: '.url_rewrite('mods/_standard/blogs/post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_POST['oid'].SEP.'id='.$id, AT_PRETTY_URL_IS_HEADER));\r
49                 exit;\r
50         }\r
51 }\r
52 \r
53 $id = abs($_REQUEST['id']);\r
54 $sql = "SELECT private, title, body FROM ".TABLE_PREFIX."blog_posts WHERE owner_type=".BLOGS_GROUP." AND owner_id=$_REQUEST[oid] AND post_id=$id";\r
55 $result = mysql_query($sql, $db);\r
56 $post_row = mysql_fetch_assoc($result);\r
57 \r
58 $_pages['mods/_standard/blogs/edit_post.php']['parent']    = 'mods/_standard/blogs/post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'].SEP.'id='.$_REQUEST['id'];\r
59 $_pages['mods/_standard/blogs/post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'].SEP.'id='.$_REQUEST['id']] = $_pages['mods/_standard/blogs/post.php'];\r
60 $_pages['mods/_standard/blogs/post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'].SEP.'id='.$_REQUEST['id']]['children'] = array('mods/_standard/blogs/edit_post.php', 'mods/_standard/blogs/delete_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'].SEP.'id='.$_REQUEST['id']);\r
61 \r
62 $_pages['mods/_standard/blogs/post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'].SEP.'id='.$_REQUEST['id']]['parent'] = 'mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'];\r
63 $_pages['mods/_standard/blogs/post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'].SEP.'id='.$_REQUEST['id']]['title'] = $post_row['title'];\r
64 $_pages['mods/_standard/blogs/post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'].SEP.'id='.$_REQUEST['id']]['children'] = array('mods/_standard/blogs/edit_post.php', 'mods/_standard/blogs/delete_post.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid'].SEP.'id='.$_REQUEST['id']);\r
65 \r
66 $_pages['mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['title'] = blogs_get_blog_name(BLOGS_GROUP, $_REQUEST['oid']);\r
67 $_pages['mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['parent']    = 'mods/_standard/blogs/index.php';\r
68 $_pages['mods/_standard/blogs/view.php?ot='.BLOGS_GROUP.SEP.'oid='.$_REQUEST['oid']]['children']  = array('mods/_standard/blogs/add_post.php');\r
69 \r
70 \r
71 $onload = 'document.form.title.focus();';\r
72 require (AT_INCLUDE_PATH.'header.inc.php');\r
73 \r
74 ?>\r
75 \r
76 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form">\r
77 <input type="hidden" name="ot" value="<?php echo BLOGS_GROUP; ?>" />\r
78 <input type="hidden" name="oid" value="<?php echo abs($_REQUEST['oid']); ?>" />\r
79 <input type="hidden" name="id" value="<?php echo $id; ?>" />\r
80 <div class="input-form">\r
81         <div class="row">\r
82                 <label for="title"><?php echo _AT('title'); ?></label><br />\r
83                 <input type="text" name="title" id="title" value="<?php echo $post_row['title']; ?>" size="50" />\r
84         </div>\r
85         <div class="row">\r
86                 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="body"><?php echo _AT('body'); ?></label><br />\r
87                 <textarea name="body" id="body" cols="40" rows="10"><?php echo $post_row['body']; ?></textarea>\r
88         </div>\r
89 \r
90         <div class="row">       \r
91                 <a href="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES); ?>#jumpcodes" title="<?php echo _AT('jump_codes'); ?>"><img src="images/clr.gif" height="1" width="1" alt="<?php echo _AT('jump_codes'); ?>" border="0" /></a><?php require(AT_INCLUDE_PATH.'html/code_picker.inc.php'); ?>\r
92 \r
93                 <a name="jumpcodes"></a>\r
94         </div>\r
95 \r
96         <div class="row">\r
97                 <input type="checkbox" name="private" value="1" id="private" <?php if ($post_row['private']) { echo 'checked="checked"'; } ?> /><label for="private"><?php echo _AT('private'); ?></label>\r
98         </div>\r
99 \r
100         <div class="row buttons">\r
101                 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" /> <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" /> \r
102         </div>\r
103 </div>\r
104 </form>\r
105 \r
106 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>