mods/social/groups/search.php

   1 <?php
   2 /****************************************************************/
   3 /* ATutor                                                                                                               */
   4 /****************************************************************/
   5 /* Copyright (c) 2002-2009                                                                              */
   6 /* Adaptive Technology Resource Centre / University of Toronto  */
   7 /* http://atutor.ca                                                                                             */
   8 /*                                                              */
   9 /* This program is free software. You can redistribute it and/or*/
  10 /* modify it under the terms of the GNU General Public License  */
  11 /* as published by the Free Software Foundation.                                */
  12 /****************************************************************/
  13 // $Id$
  14 $_user_location = 'public';
  15
  16 define('AT_INCLUDE_PATH', '../../../include/');
  17 require(AT_INCLUDE_PATH.'vitals.inc.php');
  18 require(AT_SOCIAL_INCLUDE.'constants.inc.php');
  19 require(AT_SOCIAL_INCLUDE.'friends.inc.php');
  20 require(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroup.class.php');
  21 require(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroups.class.php');
  22 $_custom_css = $_base_path . AT_SOCIAL_BASENAME . 'module.css'; // use a custom stylesheet
  23 if (!$_SESSION['valid_user']) {
  24         require(AT_INCLUDE_PATH.'header.inc.php');
  25         $info = array('INVALID_USER', $_SESSION['course_id']);
  26         $msg->printInfos($info);
  27         require(AT_INCLUDE_PATH.'footer.inc.php');
  28         exit;
  29 }
  30
  31 //social groups init
  32 $social_groups = new SocialGroups();
  33 $rand_key = $addslashes($_POST['rand_key']);    //should we excape?
  34
  35 //if $_GET['q'] is set, handle Ajax.
  36 if (isset($_GET['q'])){
  37         $query = $addslashes($_GET['q']);
  38         $search_result = $social_groups->search($query);
  39         if (!empty($search_result)){
  40                 echo '<div style="border:1px solid #a50707; margin-left:50px; width:45%;">Suggestion:<br/>';
  41                 $counter = 0;
  42                 foreach($search_result as $group_id=>$group_array){
  43                         //display 10 suggestions
  44                         if ($counter > 10){
  45                                 break;
  46                         }
  47
  48                         $group_obj = $group_array['obj'];
  49                         /* A bit of a hack here
  50                          * Escape XSS for the ajax search. Problem: the ' and " is changed to its entities.
  51                          *
  52                          * @Apr 2, 2009 - Harris
  53                          */
  54                         echo '<a href="javascript:void(0);" onclick="document.getElementById(\'search_groups\').value=\''.htmlentities_utf8($group_obj->getName()).'\'; document.getElementById(\'search_group_form\').submit();">'.$group_obj->getName().'</a><br/>';
  55                         $counter++;
  56                 }
  57                 echo '</div>';
  58         }
  59         exit;
  60 }
  61
  62 // handle post request
  63 if ($rand_key!='' && isset($_POST['search_groups_'.$rand_key]) && !empty($_POST['search_groups_'.$rand_key])){
  64         $query = $addslashes($_POST['search_groups_'.$rand_key]);
  65         $search_result = $social_groups->search($query);
  66 } elseif(empty($_POST['search_groups_'.$rand_key])) {
  67         $msg->addError('CANNOT_BE_EMPTY');
  68 }
  69
  70 //Display
  71 include(AT_INCLUDE_PATH.'header.inc.php');
  72 $savant->display('pubmenu.tmpl.php');
  73 $savant->assign('rand_key', $rand_key);
  74 $savant->assign('search_result', $search_result);
  75 $savant->display('sgroup_search.tmpl.php');
  76 include(AT_INCLUDE_PATH.'footer.inc.php');
  77 ?>