2 /****************************************************************/
\r
4 /****************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or*/
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************/
\r
15 define('AT_INCLUDE_PATH', '../../../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 require(AT_INCLUDE_PATH.'../mods/_standard/file_storage/file_storage.inc.php');
\r
19 $owner_type = abs($_REQUEST['ot']);
\r
20 $owner_id = abs($_REQUEST['oid']);
\r
21 $owner_arg_prefix = '?ot='.$owner_type.SEP.'oid='.$owner_id. SEP;
\r
22 if (!fs_authenticate($owner_type, $owner_id)) {
\r
23 $msg->addError('ACCESS_DENIED');
\r
24 header('Location: '.url_rewrite('mods/_standard/file_storage/index.php', AT_PRETTY_URL_IS_HEADER));
\r
28 if (isset($_GET['done'])) {
\r
29 header('Location: '.url_rewrite('mods/_standard/file_storage/index.php'.$owner_arg_prefix.'folder='.abs($_GET['folder']), AT_PRETTY_URL_IS_HEADER));
\r
31 } else if (isset($_GET['cancel'])) {
\r
32 $msg->addFeedback('CANCELLED');
\r
33 header('Location: '.url_rewrite('mods/_standard/file_storage/index.php'.$owner_arg_prefix.'folder='.abs($_GET['folder']), AT_PRETTY_URL_IS_HEADER));
\r
35 } else if (isset($_POST['edit_cancel'])) {
\r
36 $msg->addFeedback('CANCELLED');
\r
37 header('Location: '.url_rewrite('mods/_standard/file_storage/comments.php'.$owner_arg_prefix.'id='.$_GET['id'], AT_PRETTY_URL_IS_HEADER));
\r
39 } else if (isset($_POST['edit_submit'])) {
\r
40 $_POST['comment'] = trim($_POST['comment']);
\r
41 $_POST['comment_id'] = abs($_POST['comment_id']);
\r
43 if (!$_POST['edit_comment']) {
\r
44 $msg->addError(array('EMPTY_FIELDS', _AT('comments')));
\r
47 if (!$msg->containsErrors()) {
\r
48 $_POST['edit_comment'] = $addslashes($_POST['edit_comment']);
\r
50 $sql = "UPDATE ".TABLE_PREFIX."files_comments SET comment='$_POST[edit_comment]', date=date WHERE member_id=$_SESSION[member_id] AND comment_id=$_POST[comment_id]";
\r
51 mysql_query($sql, $db);
\r
52 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
\r
53 header('Location: '.url_rewrite('mods/_standard/file_storage/comments.php'.$owner_arg_prefix.'id='.$_GET['id'], AT_PRETTY_URL_IS_HEADER));
\r
56 } else if (isset($_POST['cancel'])) {
\r
57 $msg->addFeedback('CANCELLED');
\r
58 header('Location: '.url_rewrite('mods/_standard/file_storage/index.php'.$owner_arg_prefix.'folder='.$_POST['folder'], AT_PRETTY_URL_IS_HEADER));
\r
60 } else if (isset($_POST['submit'])) {
\r
61 $_POST['comment'] = trim($_POST['comment']);
\r
62 $_POST['id'] = abs($_POST['id']);
\r
64 if (!$_POST['comment']) {
\r
65 $msg->addError(array('EMPTY_FIELDS', _AT('comments')));
\r
68 if (!$msg->containsErrors()) {
\r
69 $_POST['comment'] = $addslashes($_POST['comment']);
\r
71 $sql = "INSERT INTO ".TABLE_PREFIX."files_comments VALUES (NULL, $_POST[id], $_SESSION[member_id], NOW(), '$_POST[comment]')";
\r
72 if (mysql_query($sql, $db)) {
\r
73 $sql = "UPDATE ".TABLE_PREFIX."files SET num_comments=num_comments+1, date=date WHERE file_id=$_POST[id]";
\r
74 mysql_query($sql, $db);
\r
77 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
\r
78 header('Location: '.url_rewrite('mods/_standard/file_storage/comments.php'.$owner_arg_prefix.'id='.$_POST['id'], AT_PRETTY_URL_IS_HEADER));
\r
81 $_GET['id'] = $_POST['id'];
\r
84 if (isset($_GET['comment_id'])) {
\r
85 $onload = 'document.form.edit_comment.focus();';
\r
88 require(AT_INCLUDE_PATH.'header.inc.php');
\r
90 $id = abs($_GET['id']);
\r
92 $files = fs_get_revisions($id, $owner_type, $owner_id);
\r
94 $msg->printErrors('FILE_NOT_FOUND');
\r
95 require(AT_INCLUDE_PATH.'footer.inc.php');
\r
100 <?php if ($_config['fs_versioning']): ?>
\r
101 <form method="get" action="<?php echo 'mods/_standard/file_storage/comments.php'
\r
102 //@harris echo $_SERVER['PHP_SELF']; ?>">
\r
103 <input type="hidden" name="ot" value="<?php echo $owner_type; ?>" />
\r
104 <input type="hidden" name="oid" value="<?php echo $owner_id; ?>" />
\r
105 <div class="input-form" style="width: 95%">
\r
107 <select name="id" size="<?php echo min(count($files), 5);?>">
\r
108 <?php foreach ($files as $file): ?>
\r
111 if ($file['file_id'] == $id) {
\r
112 $current_file = $file;
\r
113 $selected = ' selected="selected"';
\r
116 <option value="<?php echo $file['file_id'];?>" <?php echo $selected; ?>><?php echo _AT('revision'); ?> <?php echo $file['num_revisions']; ?>. <?php echo htmlentities_utf8($file['file_name']); ?> - <?php echo $file['num_comments']; ?> <?php echo _AT('comments'); ?></option>
\r
117 <?php endforeach; ?>
\r
120 <div class="row buttons">
\r
121 <input type="submit" name="comments" value="<?php echo _AT('comments'); ?>" />
\r
122 <input type="submit" name="done" value="<?php echo _AT('done'); ?>" />
\r
125 <input type="hidden" name="folder" value="<?php echo $current_file['folder_id']; ?>" />
\r
128 <?php $current_file = current($files); ?>
\r
131 <div class="input-form">
\r
133 <h3><?php echo htmlentities_utf8($current_file['file_name']); ?> <small> - <?php echo _AT('revision'); ?> <?php echo $current_file['num_revisions']; ?></small></h3>
\r
134 <span style="font-size: small"><?php echo get_display_name($current_file['member_id']); ?> - <?php echo AT_date(_AT('filemanager_date_format'), $current_file['date'], AT_DATE_MYSQL_DATETIME); ?></span>
\r
135 <p><?php echo nl2br(htmlspecialchars($current_file['description'])); ?></p>
\r
140 $_GET['comment_id'] = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : 0;
\r
141 $sql = "SELECT * FROM ".TABLE_PREFIX."files_comments WHERE file_id=$id ORDER BY date ASC";
\r
142 $result = mysql_query($sql, $db);
\r
143 if ($row = mysql_fetch_assoc($result)): ?>
\r
145 <div class="input-form">
\r
146 <?php if (($row['member_id'] == $_SESSION['member_id']) && ($row['comment_id'] == $_GET['comment_id'])): ?>
\r
147 <form method="post" action="mods/_standard/file_storage/comments.php<?php echo $owner_arg_prefix.'id='.$id;?>" name="form">
\r
148 <input type="hidden" name="comment_id" value="<?php echo $row['comment_id']; ?>" />
\r
150 <a name="c<?php echo $row['comment_id']; ?>"></a><h4><?php echo get_display_name($row['member_id']); ?> - <?php echo AT_DATE(_AT('server_date_format'), $row['date'], AT_DATE_MYSQL_DATETIME); ?></h4>
\r
151 <textarea rows="4" cols="40" name="edit_comment"><?php echo htmlspecialchars($row['comment']); ?></textarea>
\r
153 <div class="row buttons">
\r
154 <input type="submit" name="edit_submit" value="<?php echo _AT('save'); ?>" />
\r
155 <input type="submit" name="edit_cancel" value="<?php echo _AT('cancel'); ?>" />
\r
161 <h4><?php echo get_display_name($row['member_id']); ?> - <?php echo AT_date(_AT('filemanager_date_format'), $row['date'], AT_DATE_MYSQL_DATETIME); ?></h4>
\r
162 <p><?php echo nl2br(htmlspecialchars($row['comment'])); ?></p>
\r
163 <?php if ($row['member_id'] == $_SESSION['member_id'] || $current_file['member_id'] == $_SESSION['member_id']): ?>
\r
164 <div style="text-align:right; font-size: smaller">
\r
165 <a href="<?php echo url_rewrite('mods/_standard/file_storage/comments.php'.$owner_arg_prefix.'id='.$id.SEP.'comment_id='.$row['comment_id'].'#c'.$row['comment_id']); ?>"><?php echo _AT('edit'); ?></a> | <a href="mods/_standard/file_storage/delete_comment.php<?php echo $owner_arg_prefix . 'file_id='.$id.SEP; ?>id=<?php echo $row['comment_id']; ?>"><?php echo _AT('delete'); ?></a>
\r
171 <?php } while ($row = mysql_fetch_assoc($result)); ?>
\r
172 <?php elseif(0): ?>
\r
173 <div class="input-form">
\r
175 <p><?php echo _AT('none_found'); ?></p>
\r
180 <?php if ($_SESSION['is_guest'] == 0): ?>
\r
181 <form method="post" action="<?php echo $_SERVER['PHP_SELF'].$owner_arg_prefix; ?>id=<?php echo $id; ?>">
\r
182 <input type="hidden" name="id" value="<?php echo $id; ?>" />
\r
183 <input type="hidden" name="folder" value="<?php echo $current_file['folder_id']; ?>" />
\r
184 <div class="input-form">
\r
186 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="comment"><?php echo _AT('comment'); ?></label><br />
\r
187 <textarea cols="40" rows="4" id="comment" name="comment"></textarea>
\r
190 <div class="row buttons">
\r
191 <input type="submit" name="submit" value="<?php echo _AT('post'); ?>" />
\r
192 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
\r
198 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>
\r