mods/_standard/forums/forum/subscribe.php

   1 <?php
   2 /****************************************************************/
   3 /* ATutor                                                                                                               */
   4 /****************************************************************/
   5 /* Copyright (c) 2002-2010                                      */
   6 /* Inclusive Design Institute                                   */
   7 /* http://atutor.ca                                                                                             */
   8 /*                                                              */
   9 /* This program is free software. You can redistribute it and/or*/
  10 /* modify it under the terms of the GNU General Public License  */
  11 /* as published by the Free Software Foundation.                                */
  12 /****************************************************************/
  13
  14 define('AT_INCLUDE_PATH', '../../../../include/');
  15 require(AT_INCLUDE_PATH.'vitals.inc.php');
  16 require(AT_INCLUDE_PATH.'../mods/_standard/forums/lib/forums.inc.php');
  17
  18 $_section[0][0] = _AT('discussions');
  19 $_section[0][1] = 'discussions/';
  20
  21 $pid = intval($_GET['pid']);
  22 $fid = intval($_GET['fid']);
  23
  24 // check if they have access
  25 if (!valid_forum_user($fid) || !$_SESSION['enroll']) {
  26         $msg->addError('FORUM_NOT_FOUND');
  27         header('Location: list.php');
  28         exit;
  29 }
  30
  31 $sql = "SELECT subject FROM ".TABLE_PREFIX."forums_threads WHERE post_id=$pid AND forum_id=$fid";
  32 $result = mysql_query($sql, $db);
  33 if (!($row = mysql_fetch_assoc($result))) {
  34         $msg->addError('FORUM_NOT_FOUND');
  35         header('Location: list.php');
  36         exit;
  37 } // else:
  38 $thread_name = $row['subject'];
  39
  40 /**
  41  * Protect against url injection
  42  * Maintain consistency in data by not allowing any subscription to a reply thread, only top level id's (0).
  43  */
  44  $sql = "SELECT parent_id FROM " . TABLE_PREFIX."forums_threads WHERE post_id=$pid AND forum_id=$fid";
  45  $result = mysql_query($sql, $db);
  46  if ($row = mysql_fetch_assoc($result)) {
  47         if ($row['parent_id'] > 0) { // not allowed, only top level
  48                 $msg->addError('FORUM_NO_SUBSCRIBE');
  49                 header('Location: view.php?fid='.$fid.SEP.'pid='.$row['parent_id']); // take us back to where we were
  50                 exit;
  51         }
  52  }
  53
  54 if ($_GET['us']) {
  55         // unsubscribe:
  56         $sql    = "UPDATE ".TABLE_PREFIX."forums_accessed SET subscribe=0 WHERE post_id=$pid AND member_id=$_SESSION[member_id]";
  57         $result = mysql_query($sql, $db);
  58 } else {
  59         // subscribe:
  60         $sql    = "REPLACE INTO ".TABLE_PREFIX."forums_accessed VALUES ($pid, $_SESSION[member_id], NOW(), 1)";
  61         $result = mysql_query($sql, $db);
  62 }
  63
  64
  65 if($_REQUEST['t']){
  66         $this_pid = 'index.php?fid='.$fid;
  67 } else{
  68         $this_pid = 'view.php?fid='.$fid.SEP.'pid='.$pid;
  69 }
  70
  71 if ($_GET['us'] == '1') {
  72         $msg->addFeedback(array('THREAD_UNSUBSCRIBED', $thread_name));
  73         header('Location: '.AT_BASE_HREF.'mods/_standard/forums/forum/'.$this_pid);
  74         exit;
  75 }
  76
  77 /* else: */
  78         $msg->addFeedback(array('THREAD_SUBSCRIBED', $thread_name ));
  79         header('Location: '.AT_BASE_HREF.'mods/_standard/forums/forum/'.$this_pid);
  80         exit;
  81
  82 ?>