mirror of
https://github.com/moodle/moodle.git
synced 2025-01-19 14:27:22 +01:00
330 lines
12 KiB
PHP
Executable File
330 lines
12 KiB
PHP
Executable File
<?php //$Id$
|
|
|
|
require_once('../config.php');
|
|
include_once('lib.php');
|
|
require_login();
|
|
|
|
$userid = optional_param('userid', 0, PARAM_INT);
|
|
$courseid = optional_param('courseid', SITEID, PARAM_INT);
|
|
$act = optional_param('act','',PARAM_ALPHA);
|
|
|
|
// detemine where the user is coming from in case we need to send them back there
|
|
if (isset($_SERVER['HTTP_REFERER'])) {
|
|
$referrer = $_SERVER['HTTP_REFERER'];
|
|
} else {
|
|
$referrer = $CFG->wwwroot;
|
|
}
|
|
|
|
//first verify that user is not a guest
|
|
if (isguest()) {
|
|
error(get_string('noguestpost', 'blog'), $referrer);
|
|
}
|
|
|
|
$userid = optional_param('userid', 0, PARAM_INT);
|
|
$editid = optional_param('editid', 0, PARAM_INT);
|
|
|
|
//check to see if there is a requested blog to edit
|
|
if (!empty($userid) && $userid != 0) {
|
|
if (blog_isLoggedIn() && $userid == $USER->id ) {
|
|
; // Daryl Hawes note: is this a placeholder for missing functionality?
|
|
}
|
|
} else if ( blog_isLoggedIn() ) {
|
|
//the user is logged in and have not specified a blog - so they will be editing their own
|
|
//$tempBlogInfo = blog_user_bloginfo();
|
|
$userid = $USER->id;//$tempBlogInfo->userid;
|
|
//unset($tempBlogInfo); //free memory from temp object - bloginfo will be created again in the included header
|
|
} else {
|
|
error(get_string('noblogspecified', 'blog') .'<a href="'. $CFG->blog_blogurl .'">' .get_string('viewentries', 'blog') .'</a>');
|
|
}
|
|
|
|
$pageNavigation = 'edit';
|
|
|
|
include($CFG->dirroot .'/blog/header.php');
|
|
|
|
//check if user is in blog's acl
|
|
if ( !blog_user_has_rights($editid) ) {
|
|
if ($editid != '') {
|
|
$blogEntry = get_record('post','id',$editid);
|
|
if (! (isteacher($blogEntry->$entryCourseId)) ) {
|
|
// error( get_string('notallowedtoedit'.' You do not teach in this course.', 'blog'), $CFG->wwwroot .'/login/index.php');
|
|
error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
|
|
}
|
|
} else {
|
|
error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
|
|
}
|
|
}
|
|
|
|
//////////// SECURITY AND SETUP COMPLETE - NOW PAGE LOGIC ///////////////////
|
|
|
|
if (isset($act) && ($act == 'del') && confirm_sesskey())
|
|
{
|
|
$postid = required_param('editid', PARAM_INT);
|
|
if (optional_param('confirm',0,PARAM_INT)) {
|
|
do_delete($postid);
|
|
} else {
|
|
/// prints blog entry and what confirmation form
|
|
echo '<div align="center"><form method="GET" action="edit.php">';
|
|
echo '<input type="hidden" name="act" value="del" />';
|
|
echo '<input type="hidden" name="confirm" value="1" />';
|
|
echo '<input type="hidden" name="editid" value="'.$postid.'" />';
|
|
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
|
|
print_string('blogdeleteconfirm', 'blog');
|
|
|
|
$post = get_record('post', 'id', $postid);
|
|
blog_print_entry($post);
|
|
echo '<br />';
|
|
echo '<input type="submit" value="'.get_string('delete').'" /> ';
|
|
echo ' <input type="button" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
|
|
echo '</form></div>';
|
|
print_footer($course);
|
|
die;
|
|
}
|
|
}
|
|
if ($usehtmleditor = can_use_richtext_editor()) {
|
|
$defaultformat = FORMAT_HTML;
|
|
$onsubmit = '';
|
|
} else {
|
|
$defaultformat = FORMAT_MOODLE;
|
|
$onsubmit = '';
|
|
}
|
|
|
|
if (($post = data_submitted( get_referer() )) && confirm_sesskey()) {
|
|
if (!empty($post->editform)) { //make sure we're processing the edit form here
|
|
//print_object($post); //debug
|
|
|
|
if (!$post->etitle or !$post->body) {
|
|
$post->error = get_string('emptymessage', 'forum');
|
|
}
|
|
if ($post->act == 'save') {
|
|
do_save($post);
|
|
} else if ($post->act == 'update') {
|
|
do_update($post);
|
|
} else if ($post->act == 'del') {
|
|
$postid = required_param('postid', PARAM_INT);
|
|
do_delete($postid);
|
|
}
|
|
}
|
|
} else {
|
|
|
|
//no post data yet, so load up the post array with default information
|
|
$post->etitle = '';
|
|
$post->userid = $USER->id;
|
|
$post->body = '';
|
|
$post->format = $defaultformat;
|
|
$post->publishstate = 'draft';
|
|
$post->courseid = $courseid;
|
|
|
|
}
|
|
|
|
if ($editid != '') { // User is editing a post
|
|
// ensure that editing is allowed first - admin users can edit any posts
|
|
|
|
$blogEntry = get_record('post','id',$editid);
|
|
|
|
//using an unformatted entry body here so that extra formatting information is not stored in the db
|
|
$post->body = $blogEntry->summary;
|
|
$post->etitle = $blogEntry->subject;
|
|
$post->postid = $editid;
|
|
$post->userid = $blogEntry->userid;
|
|
$post->format = $blogEntry->format;
|
|
$post->publishstate = $blogEntry->publishstate;
|
|
}
|
|
|
|
if (isset($post->postid) && ($post->postid != -1) ) {
|
|
|
|
$formHeading = get_string('updateentrywithid', 'blog');
|
|
|
|
} else {
|
|
$formHeading = get_string('addnewentry', 'blog');
|
|
}
|
|
|
|
if (isset($post->error)) {
|
|
notify($post->error);
|
|
}
|
|
|
|
print_simple_box_start("center");
|
|
require('edit.html');
|
|
print_simple_box_end();
|
|
|
|
// Janne comment: Let's move this in here
|
|
// so IE gets more time to load the
|
|
// Page.
|
|
if ($usehtmleditor) {
|
|
// Janne comment: there are two text fields in form
|
|
// so lets try to replace them both with
|
|
// HTMLArea editors
|
|
use_html_editor();
|
|
}
|
|
|
|
include($CFG->dirroot .'/blog/footer.php');
|
|
|
|
|
|
/***************************** edit.php functions ***************************/
|
|
/*
|
|
* do_delete
|
|
* takes $bloginfo_arg argument as reference to a blogInfo object.
|
|
* also takes the postid - the id of the entry to be removed
|
|
*/
|
|
function do_delete($postid) {
|
|
global $CFG, $USER;
|
|
// make sure this user is authorized to delete this entry.
|
|
// cannot use $post->pid because it may not have been initialized yet. Also the pid may be in get format rather than post.
|
|
// check ownership
|
|
$post = get_record('post','id',$postid);
|
|
|
|
if (($USER->id == $post->userid) || (blog_is_blog_admin($post->userid)) || (isadmin())) {
|
|
|
|
if (delete_records('post','id',$postid)) {
|
|
//echo "bloginfo_arg:"; //debug
|
|
//print_object($bloginfo_arg); //debug
|
|
//echo "pid to delete:".$postid; //debug
|
|
delete_records('blog_tag_instance', 'entryid', $postid);
|
|
print '<strong>'. get_string('entrydeleted', 'blog') .'</strong><p>';
|
|
|
|
//record a log message of this entry deletion
|
|
if ($site = get_site()) {
|
|
add_to_log($site->id, 'blog', 'delete', 'index.php?userid='. $bloginfo_arg->userid, 'deleted blog entry with entry id# '. $postid);
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
error(get_string('entryerrornotyours', 'blog'));
|
|
}
|
|
|
|
//comment out this redirect to debug the deletion of entries
|
|
redirect($CFG->wwwroot .'/blog/index.php?userid='. $post->userid);
|
|
}
|
|
|
|
/**
|
|
* do_save
|
|
*
|
|
* @param object $post argument is a reference to the post object which is used to store information for the form
|
|
* @param object $bloginfo_arg argument is reference to a blogInfo object.
|
|
*/
|
|
function do_save($post) {
|
|
global $USER, $CFG;
|
|
// echo 'Debug: Post object in do_save function of edit.php<br />'; //debug
|
|
// print_object($post); //debug
|
|
|
|
if ($post->body == '') {
|
|
$post->error = get_string('nomessagebodyerror', 'blog');
|
|
} else {
|
|
|
|
/// Write a blog entry into database
|
|
$blogEntry = new object;
|
|
$blogEntry->subject = addslashes($post->etitle);
|
|
$blogEntry->summary = addslashes($post->body);
|
|
$blogEntry->module = 'blog';
|
|
$blogEntry->userid = $USER->id;
|
|
$blogEntry->format = $post->format;
|
|
$blogEntry->publishstate = $post->publishstate;
|
|
$blogEntry->lastmodified = time();
|
|
$blogEntry->created = time();
|
|
|
|
// Insert the new blog entry.
|
|
$entryID = insert_record('post',$blogEntry);
|
|
|
|
// print 'Debug: created a new entry - entryId = '.$entryID.'<br />'; //debug
|
|
// echo 'Debug: do_save() in edit.php calling blog_do_*back_pings<br />'."\n"; //debug
|
|
if ($entryID) {
|
|
|
|
/// Creates a unique hash. I don't know what this is for (Yu)
|
|
$dataobject = new object;
|
|
$dataobject->uniquehash = md5($blogEntry->userid.$CFG->wwwroot.$entryID);
|
|
update_record('post', $dataobject);
|
|
|
|
/// Associate tags with entries
|
|
$otags = optional_param('otags','', PARAM_INT);
|
|
$ptags = optional_param('ptags','', PARAM_INT);
|
|
|
|
$tag = NULL;
|
|
$tag->entryid = $entryID;
|
|
$tag->userid = $USER->id;
|
|
$tag->timemodified = time();
|
|
|
|
/// Add tags information
|
|
foreach ($otags as $otag) {
|
|
$tag->tagid = $otag;
|
|
insert_record('blog_tag_instance',$tag);
|
|
}
|
|
|
|
foreach ($ptags as $ptag) {
|
|
$tag->tagid = $ptag;
|
|
insert_record('blog_tag_instance',$tag);
|
|
}
|
|
|
|
print '<strong>'. get_string('entrysaved', 'blog') .'</strong><br />';
|
|
}
|
|
//record a log message of this entry addition
|
|
if ($site = get_site()) {
|
|
add_to_log($site->id, 'blog', 'add', 'archive.php?userid='. $bloginfo_arg->userid .'&postid='. $entryID, 'created new blog entry with entry id# '. $entryID);
|
|
}
|
|
//to debug this save function comment out the following redirect code
|
|
if ($courseid == SITEID || $courseid == 0 || $courseid == '') {
|
|
redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
|
|
} else {
|
|
redirect($CFG->wwwroot .'/course/view.php?id='. $courseid);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param . $post argument is a reference to the post object which is used to store information for the form
|
|
* @param . $bloginfo_arg argument is reference to a blogInfo object.
|
|
* @todo complete documenting this function. enable trackback and pingback between entries on the same server
|
|
*/
|
|
function do_update($post) {
|
|
// here post = data_submitted();
|
|
global $CFG, $USER;
|
|
$blogEntry = get_record('post','id',$post->postid);
|
|
// echo "id id ".$post->postid;
|
|
// print_object($blogentry); //debug
|
|
|
|
$blogEntry->subject = addslashes($post->etitle);
|
|
$blogEntry->summary = addslashes($post->body);
|
|
if ($blogEntry->summary == '<br />') {
|
|
$blogEntry->summary = '';
|
|
}
|
|
$blogEntry->format = $post->format;
|
|
$blogEntry->publishstate = $post->publishstate; //we don't care about the return value here
|
|
|
|
if ( update_record('post',$blogEntry)) {
|
|
delete_records('blog_tag_instance', 'entryid', $blogEntry->id);
|
|
|
|
$otags = optional_param('otags','', PARAM_INT);
|
|
$ptags = optional_param('ptags','', PARAM_INT);
|
|
|
|
$tag = NULL;
|
|
$tag->entryid = $blogEntry->id;
|
|
$tag->userid = $USER->id;
|
|
$tag->timemodified = time();
|
|
|
|
/// Add tags information
|
|
foreach ($otags as $otag) {
|
|
$tag->tagid = $otag;
|
|
insert_record('blog_tag_instance',$tag);
|
|
}
|
|
|
|
foreach ($ptags as $ptag) {
|
|
$tag->tagid = $ptag;
|
|
insert_record('blog_tag_instance',$tag);
|
|
}
|
|
|
|
// only do pings if the entry is published to the world
|
|
// Daryl Hawes note - eventually should check if it's on the same server
|
|
// and if so allow pb/tb as well - especially now that moderation is in place
|
|
print '<strong>'. get_string('entryupdated', 'blog') .'</strong><p>';
|
|
|
|
//record a log message of this entry update action
|
|
if ($site = get_site()) {
|
|
add_to_log($site->id, 'blog', 'update', 'archive.php?userid='. $bloginfo->userid .'&postid='. $post->postid, 'updated existing blog entry with entry id# '. $post->postid);
|
|
}
|
|
|
|
redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
|
|
} else {
|
|
// get_string('', 'blog') //Daryl Hawes note: localize this line
|
|
$post->error = 'There was an error updating this post in the database: '. $error;
|
|
}
|
|
}
|
|
?>
|