1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<?php // $Id: comment.php,v 1.10.2.1 2006/06/29 06:47:35 skodak Exp $
require_once('../../config.php');
require_once('lib.php');
//param needed to go back to view.php
$rid = required_param('rid', PARAM_INT); // Record ID
$page = optional_param('page', 0, PARAM_INT); // Page ID
//param needed for comment operations
$mode = optional_param('mode','',PARAM_ALPHA);
$commentid = optional_param('commentid','',PARAM_INT);
$confirm = optional_param('confirm','',PARAM_INT);
$commentcontent = trim(optional_param('commentcontent','',PARAM_NOTAGS));
$template = optional_param('template','',PARAM_ALPHA);
if (! $record = get_record('data_records', 'id', $rid)) {
error('Record ID is incorrect');
}
if (! $data = get_record('data', 'id', $record->dataid)) {
error('Data ID is incorrect');
}
if (! $course = get_record('course', 'id', $data->course)) {
error('Course is misconfigured');
}
require_login($course->id);
if ($commentid) {
if (! $comment = get_record('data_comments', 'id', $commentid)) {
error('Comment ID is misconfigured');
}
if ($comment->recordid != $record->id) {
error('Comment ID is misconfigured');
}
if (!isteacher($course->id) && $comment->userid != $USER->id) {
error('Comment is not yours to edit!');
}
}
switch ($mode) {
case 'add':
if (empty($commentcontent)) {
redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentempty', 'data'));
}
$newcomment = new object;
$newcomment->userid = $USER->id;
$newcomment->created = time();
$newcomment->modified = time();
if (($newcomment->content = $commentcontent) && ($newcomment->recordid = $record->id)) {
insert_record('data_comments',$newcomment);
}
redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentsaved', 'data'));
break;
case 'edit': //print edit form
print_header();
print_heading(get_string('edit'));
echo '<div align="center">';
echo '<form action="comment.php" method="post">';
echo '<input type="hidden" name="commentid" value="'.$comment->id.'" />';
echo '<input type="hidden" name="rid" value="'.$record->id.'" />';
echo '<input type="hidden" name="page" value="'.$page.'" />';
echo '<textarea name="commentcontent">'.s($comment->content).'</textarea>';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="mode" value="editcommit" />';
echo '<br /><input type="submit" value="'.get_string('ok').'" />';
echo '<input type="button" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
echo '</form></div>';
print_footer();
break;
case 'editcommit': //update db
if (empty($commentcontent)) {
redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentempty', 'data'));
}
if ($comment) {
$newcomment = new object;
$newcomment->id = $comment->id;
$newcomment->content = $commentcontent;
$newcomment->modified = time();
update_record('data_comments',$newcomment);
}
redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentsaved', 'data'));
break;
case 'delete': //deletes single comment from db
if ($confirm and confirm_sesskey() and $comment) {
delete_records('data_comments','id',$comment->id);
redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentdeleted', 'data'));
} else { //print confirm delete form
print_header();
data_print_comment($data, $comment, $page);
notice_yesno(get_string('deletecomment','data'),
'comment.php?rid='.$record->id.'&commentid='.$comment->id.'&page='.$page.
'&sesskey='.sesskey().'&mode=delete&confirm=1',
'view.php?rid='.$record->id.'&page='.$page);
print_footer();
}
break;
default: //print all listing, and add comment form
print_header();
data_print_comments($data, $record, $search, $template, $sort, $page, $rid, $order, $group);
print_footer();
break;
}
?>
|
