tools/links/add.php

   1 <?php
   2 /****************************************************************************/
   3 /* ATutor                                                                                                                                       */
   4 /****************************************************************************/
   5 /* Copyright (c) 2002-2007 by Greg Gay, Joel Kronenberg & Heidi Hazelton        */
   6 /* Adaptive Technology Resource Centre / University of Toronto                          */
   7 /* http://atutor.ca                                                                                                                     */
   8 /*                                                                                                                                                      */
   9 /* This program is free software. You can redistribute it and/or                        */
  10 /* modify it under the terms of the GNU General Public License                          */
  11 /* as published by the Free Software Foundation.                                                        */
  12 /****************************************************************************/
  13 // $Id$
  14
  15 define('AT_INCLUDE_PATH', '../../include/');
  16 require (AT_INCLUDE_PATH.'vitals.inc.php');
  17 require (AT_INCLUDE_PATH.'lib/links.inc.php');
  18
  19 if (!manage_links()) {
  20         $msg->addError('ACCESS_DENIED');
  21         header('Location: '.AT_BASE_HREF.'links/index.php');
  22         exit;
  23 }
  24
  25 if (!isset($_POST['approved'])) {
  26         $_POST['approved'] = 1;
  27 }
  28
  29 if (isset($_POST['cancel'])) {
  30         $msg->addFeedback('CANCELLED');
  31         header('Location: '.AT_BASE_HREF.'tools/links/index.php');
  32         exit;
  33 }
  34
  35 if (isset($_POST['add_link']) && isset($_POST['submit'])) {
  36
  37         //check category_id and see if user is allowed..
  38         $cat = explode('-', $_POST['cat']);
  39         $cat_id = intval($cat[0]);
  40         $owner_type = intval($cat[1]);
  41         $owner_id = intval($cat[2]);
  42
  43         if (!links_authenticate($owner_type, $owner_id)) {
  44                 $msg->addError('ACCESS_DENIED');
  45                 header('Location: '.AT_BASE_HREF.'links/index.php');
  46                 exit;
  47         }
  48
  49         $missing_fields = array();
  50         if ($_POST['cat'] == 0 || $_POST['cat'] == '') {
  51                 $missing_fields[] = _AT('category');
  52         }
  53         if (trim($_POST['title']) == '') {
  54                 $missing_fields[] = _AT('title');
  55         }
  56         if (trim($_POST['url']) == '' || $_POST['url'] == 'http://') {
  57                 $missing_fields[] = _AT('url');
  58         }
  59         if (trim($_POST['description']) == '') {
  60                 $missing_fields[] = _AT('description');
  61         }
  62
  63         if ($missing_fields) {
  64                 $missing_fields = implode(', ', $missing_fields);
  65                 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
  66         }
  67
  68         if (!$msg->containsErrors() && isset($_POST['submit'])) {
  69                 $_POST['title']  = $addslashes($_POST['title']);
  70                 $_POST['url'] == $addslashes($_POST['url']);
  71                 $_POST['description']  = $addslashes($_POST['description']);
  72
  73                 $name = get_display_name($_SESSION['member_id']);
  74                 $email = '';
  75
  76                 $approved = intval($_POST['approved']);
  77
  78                 $sql = "INSERT INTO ".TABLE_PREFIX."links VALUES (NULL, $cat_id, '$_POST[url]', '$_POST[title]', '$_POST[description]', $approved, '$name', '$email', NOW(), 0)";
  79                 mysql_query($sql, $db);
  80
  81                 $msg->addFeedback('LINK_ADDED');
  82
  83                 header('Location: '.AT_BASE_HREF.'tools/links/index.php');
  84                 exit;
  85         } else {
  86                 $_POST['title']  = stripslashes($_POST['title']);
  87                 $_POST['url'] == stripslashes($_POST['url']);
  88                 $_POST['description']  = stripslashes($_POST['description']);
  89         }
  90 }
  91
  92 if (!isset($_POST['url'])) {
  93         $_POST['url'] = 'http://';
  94 }
  95
  96 $categories = get_link_categories(true);
  97
  98 if (empty($categories)) {
  99         $msg->addError('LINK_CAT_EMPTY');
 100         header('Location: '.AT_BASE_HREF.'tools/links/index.php');
 101         exit;
 102 }
 103
 104 $onload = 'document.form.title.focus();';
 105
 106 require(AT_INCLUDE_PATH.'header.inc.php');
 107
 108 $msg->printErrors();
 109
 110 ?>
 111 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">
 112 <input type="hidden" name="add_link" value="true" />
 113
 114 <div class="input-form">
 115         <div class="row">
 116                 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="title"><?php echo _AT('title'); ?></label><br />
 117                 <input type="text" name="title" size="40" id="title" value="<?php echo $_POST['title']; ?>"/>
 118         </div>
 119
 120         <div class="row">
 121                 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="cat"><?php echo _AT('category'); ?></label><br />
 122                 <select name="cat" id="cat"><?php
 123                         if ($pcat_id) {
 124                                 $current_cat_id = $pcat_id;
 125                                 $exclude = false; /* don't exclude the children */
 126                         } else {
 127                                 $current_cat_id = $cat_id;
 128                                 $exclude = true; /* exclude the children */
 129                         }
 130                         select_link_categories($categories, 0, $_POST['cat'], FALSE, '', TRUE);
 131                         ?>
 132                 </select>
 133         </div>
 134
 135         <div class="row">
 136                 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="url"><?php echo _AT('url'); ?></label><br />
 137                 <input type="text" name="url" size="40" id="url" value="<?php echo $_POST['url']; ?>" />
 138         </div>
 139
 140         <div class="row">
 141                 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="description"><?php echo _AT('description'); ?></label><br />
 142                 <textarea name="description" cols="55" rows="5" id="description" style="width:90%;"><?php echo $_POST['description']; ?></textarea>
 143         </div>
 144
 145         <div class="row">
 146                 <?php echo _AT('approve'); ?><br />
 147                 <?php
 148                         if ($_POST['approved']) {
 149                                 $y = 'checked="checked"';
 150                                 $n = '';
 151                         } else if (isset ($_POST['approved'])) {
 152                                 $n = 'checked="checked"';
 153                                 $y = '';
 154                         } else {
 155                                 $y = 'checked="checked"';
 156                                 $n = '';
 157                         }
 158                 ?>
 159                 <input type="radio" id="yes" name="approved" value="1" <?php echo $y; ?>><label for="yes"><?php echo _AT('yes'); ?></label>  <input type="radio" id="no" name="approved" value="0" <?php echo $n; ?>><label for="no"><?php echo _AT('no'); ?></label>
 160         </div>
 161
 162         <div class="row buttons">
 163                 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" />
 164                 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?> " />
 165         </div>
 166 </div>
 167 </form>
 168
 169 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>