2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2009 */
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
14 $_user_location = 'public';
16 define('AT_INCLUDE_PATH', '../../../include/');
17 require(AT_INCLUDE_PATH.'vitals.inc.php');
18 require(AT_SOCIAL_INCLUDE.'constants.inc.php');
19 require(AT_SOCIAL_INCLUDE.'friends.inc.php');
20 require(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroup.class.php');
21 require(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroups.class.php');
22 $_custom_css = $_base_path . AT_SOCIAL_BASENAME . 'module.css'; // use a custom stylesheet
23 if (!$_SESSION['valid_user']) {
24 require(AT_INCLUDE_PATH.'header.inc.php');
25 $info = array('INVALID_USER', $_SESSION['course_id']);
26 $msg->printInfos($info);
27 require(AT_INCLUDE_PATH.'footer.inc.php');
32 $social_groups = new SocialGroups();
33 $rand_key = $addslashes($_POST['rand_key']); //should we excape?
35 //if $_GET['q'] is set, handle Ajax.
36 if (isset($_GET['q'])){
37 $query = $addslashes($_GET['q']);
38 $search_result = $social_groups->search($query);
39 if (!empty($search_result)){
40 echo '<div style="border:1px solid #a50707; margin-left:50px; width:45%;">Suggestion:<br/>';
42 foreach($search_result as $group_id=>$group_array){
43 //display 10 suggestions
48 $group_obj = $group_array['obj'];
49 /* A bit of a hack here
50 * Escape XSS for the ajax search. Problem: the ' and " is changed to its entities.
52 * @Apr 2, 2009 - Harris
54 echo '<a href="javascript:void(0);" onclick="document.getElementById(\'search_groups\').value=\''.htmlentities_utf8($group_obj->getName()).'\'; document.getElementById(\'search_group_form\').submit();">'.$group_obj->getName().'</a><br/>';
62 // handle post request
63 if ($rand_key!='' && isset($_POST['search_groups_'.$rand_key]) && !empty($_POST['search_groups_'.$rand_key])){
64 $query = $addslashes($_POST['search_groups_'.$rand_key]);
65 $search_result = $social_groups->search($query);
66 } elseif(empty($_POST['search_groups_'.$rand_key])) {
67 $msg->addError('CANNOT_BE_EMPTY');
71 include(AT_INCLUDE_PATH.'header.inc.php');
72 $savant->display('pubmenu.tmpl.php');
73 $savant->assign('rand_key', $rand_key);
74 $savant->assign('search_result', $search_result);
75 $savant->display('sgroup_search.tmpl.php');
76 include(AT_INCLUDE_PATH.'footer.inc.php');