chamilo-lms/main/inc/ajax/forum.ajax.php

<?php
/** For licensing terms, see /license.txt */
/**
 * Responses to AJAX calls for forum attachments
 * @package chamilo/forum
 * @author Daniel Barreto Alva <daniel.barreto@beeznest.com>
 */

/**
 * Init
 */
require_once '../global.inc.php';
require_once api_get_path(LIBRARY_PATH).'document.lib.php';

/**
 * Main code
 */
// Create a default error response
$json = array(
    'error' => true,
    'errorMessage' => 'ERROR',
);
$action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
// Check if exist action
if (!empty($action)) {
    require_once api_get_path(SYS_CODE_PATH) . 'forum/forumfunction.inc.php';
    switch($action) {
        case 'upload_file':
            // First, protect this script
            api_protect_course_script(false);
            if (!empty($_FILES) && !empty($_REQUEST['forum'])) {
                // The user is not allowed here if
                // 1. the forum category, forum or thread is invisible (visibility==0)
                // 2. the forum category, forum or thread is locked (locked <>0)
                // 3. if anonymous posts are not allowed
                // The only exception is the course manager
                // They are several pieces for clarity.
                if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)) {
                    $json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';
                    break;
                }
                if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['locked'] <> 0 ) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {
                    $json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';
                    break;
                }
                if (api_is_anonymous() AND $current_forum['allow_anonymous'] == 0) {
                    $json['errorMessage'] = '3. if anonymous posts are not allowed';
                    break;
                }
                // If pass all previous control, user can edit post
                $courseId = isset($_REQUEST['c_id'])? intval($_REQUEST['c_id']) : api_get_course_int_id();
                $json['courseId'] = $courseId;
                $forumId = isset($_REQUEST['forum'])? intval($_REQUEST['forum']) : null;
                $json['forum'] = $forumId;
                $threadId = isset($_REQUEST['thread'])? intval($_REQUEST['thread']) : null;
                $json['thread'] = $threadId;
                $postId = isset($_REQUEST['postId'])? intval($_REQUEST['postId']) : null;
                $json['postId'] = $postId;
                if (!empty($courseId) && !is_null($forumId) && !is_null($threadId) && !is_null($postId)) {
                    // Save forum attachment
                    $attachId = add_forum_attachment_file('', $postId);
                    if ($attachId !== false) {
                        // Get prepared array of attachment data
                        $array = getAttachedFiles($forumId, $threadId, $postId, $attachId, $courseId);
                        // Check if array data is consistent
                        if (isset($array['name'])) {
                            $json['error'] = false;
                            $json['errorMessage'] = 'Success';
                            $json = array_merge($json, $array);
                        }
                    }
                }
            }
            break;
        case 'delete_file':
            // First, protect this script
            api_protect_course_script(false);
            // Check if set attachment ID and thread ID
            if (isset($_REQUEST['attachId']) && isset($_REQUEST['thread'])) {
                api_block_course_item_locked_by_gradebook($_REQUEST['thread'], LINK_FORUM_THREAD);
                // The user is not allowed here if
                // 1. the forum category, forum or thread is invisible (visibility==0)
                // 2. the forum category, forum or thread is locked (locked <>0)
                // 3. if anonymous posts are not allowed
                // 4. if editing of replies is not allowed
                // The only exception is the course manager
                // They are several pieces for clarity.
                if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)) {
                    $json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';
                    break;
                }
                if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['locked'] <> 0 ) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {
                    $json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';
                    break;
                }
                if (api_is_anonymous() AND $current_forum['allow_anonymous'] == 0) {
                    $json['errorMessage'] = '3. if anonymous posts are not allowed';
                    break;
                }
                $group_id = api_get_group_id();
                if (!api_is_allowed_to_edit(null, true) AND $current_forum['allow_edit'] == 0 && !GroupManager::is_tutor_of_group(api_get_user_id(), $group_id)) {
                    $json['errorMessage'] = '4. if editing of replies is not allowed';
                    break;
                }
                // If pass all previous control, user can edit post
                $attachId = $_REQUEST['attachId'];
                $threadId = $_REQUEST['thread'];
                // Delete forum attachment from database and file system
                $affectedRows = delete_attachment(0, $attachId, false);
                if ($affectedRows > 0) {
                    $json['error'] = false;
                    $json['errorMessage'] = 'Success';
                }
            }
            break;
    }
}

/**
 * Display
 */
echo json_encode($json);
exit;
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`<?php`
Add comments and minor refactor - refs #7255 11 years ago			`/** For licensing terms, see /license.txt */`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`/**`
			`* Responses to AJAX calls for forum attachments`
Add comments and minor refactor - refs #7255 11 years ago			`* @package chamilo/forum`
			`* @author Daniel Barreto Alva <daniel.barreto@beeznest.com>`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`*/`

			`/**`
			`* Init`
			`*/`
			`require_once '../global.inc.php';`
			`require_once api_get_path(LIBRARY_PATH).'document.lib.php';`

			`/**`
			`* Main code`
			`*/`
Add comments and minor refactor - refs #7255 11 years ago			`// Create a default error response`
			`$json = array(`
			`'error' => true,`
			`'errorMessage' => 'ERROR',`
			`);`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`$action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;`
Add comments and minor refactor - refs #7255 11 years ago			`// Check if exist action`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`if (!empty($action)) {`
			`require_once api_get_path(SYS_CODE_PATH) . 'forum/forumfunction.inc.php';`
			`switch($action) {`
			`case 'upload_file':`
Add comments and minor refactor - refs #7255 11 years ago			`// First, protect this script`
			`api_protect_course_script(false);`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`if (!empty($_FILES) && !empty($_REQUEST['forum'])) {`
			`// The user is not allowed here if`
			`// 1. the forum category, forum or thread is invisible (visibility==0)`
			`// 2. the forum category, forum or thread is locked (locked <>0)`
			`// 3. if anonymous posts are not allowed`
			`// The only exception is the course manager`
			`// They are several pieces for clarity.`
			`if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)) {`
			`$json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';`
			`break;`
			`}`
			`if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['locked'] <> 0 ) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {`
			`$json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';`
			`break;`
			`}`
			`if (api_is_anonymous() AND $current_forum['allow_anonymous'] == 0) {`
			`$json['errorMessage'] = '3. if anonymous posts are not allowed';`
			`break;`
			`}`
			`// If pass all previous control, user can edit post`
			`$courseId = isset($_REQUEST['c_id'])? intval($_REQUEST['c_id']) : api_get_course_int_id();`
			`$json['courseId'] = $courseId;`
			`$forumId = isset($_REQUEST['forum'])? intval($_REQUEST['forum']) : null;`
			`$json['forum'] = $forumId;`
			`$threadId = isset($_REQUEST['thread'])? intval($_REQUEST['thread']) : null;`
			`$json['thread'] = $threadId;`
			`$postId = isset($_REQUEST['postId'])? intval($_REQUEST['postId']) : null;`
			`$json['postId'] = $postId;`
			`if (!empty($courseId) && !is_null($forumId) && !is_null($threadId) && !is_null($postId)) {`
Add comments and minor refactor - refs #7255 11 years ago			`// Save forum attachment`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`$attachId = add_forum_attachment_file('', $postId);`
			`if ($attachId !== false) {`
Add comments and minor refactor - refs #7255 11 years ago			`// Get prepared array of attachment data`
			`$array = getAttachedFiles($forumId, $threadId, $postId, $attachId, $courseId);`
			`// Check if array data is consistent`
			`if (isset($array['name'])) {`
			`$json['error'] = false;`
			`$json['errorMessage'] = 'Success';`
			`$json = array_merge($json, $array);`
			`}`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`}`
			`}`
			`}`
			`break;`
			`case 'delete_file':`
Add comments and minor refactor - refs #7255 11 years ago			`// First, protect this script`
			`api_protect_course_script(false);`
			`// Check if set attachment ID and thread ID`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`if (isset($_REQUEST['attachId']) && isset($_REQUEST['thread'])) {`
			`api_block_course_item_locked_by_gradebook($_REQUEST['thread'], LINK_FORUM_THREAD);`
			`// The user is not allowed here if`
			`// 1. the forum category, forum or thread is invisible (visibility==0)`
			`// 2. the forum category, forum or thread is locked (locked <>0)`
			`// 3. if anonymous posts are not allowed`
			`// 4. if editing of replies is not allowed`
			`// The only exception is the course manager`
			`// They are several pieces for clarity.`
			`if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['visibility'] == 0) OR $current_forum['visibility'] == 0)) {`
			`$json['errorMessage'] = '1. the forum category, forum or thread is invisible (visibility==0)';`
			`break;`
			`}`
			`if (!api_is_allowed_to_edit(null, true) AND (($current_forum_category && $current_forum_category['locked'] <> 0 ) OR $current_forum['locked'] <> 0 OR $current_thread['locked'] <> 0)) {`
			`$json['errorMessage'] = '2. the forum category, forum or thread is locked (locked <>0)';`
			`break;`
			`}`
			`if (api_is_anonymous() AND $current_forum['allow_anonymous'] == 0) {`
			`$json['errorMessage'] = '3. if anonymous posts are not allowed';`
			`break;`
			`}`
			`$group_id = api_get_group_id();`
			`if (!api_is_allowed_to_edit(null, true) AND $current_forum['allow_edit'] == 0 && !GroupManager::is_tutor_of_group(api_get_user_id(), $group_id)) {`
			`$json['errorMessage'] = '4. if editing of replies is not allowed';`
			`break;`
			`}`
			`// If pass all previous control, user can edit post`
			`$attachId = $_REQUEST['attachId'];`
			`$threadId = $_REQUEST['thread'];`
Add comments and minor refactor - refs #7255 11 years ago			`// Delete forum attachment from database and file system`
Add recover forum.ajax.php Fix javascript code, request params add security, need lang variables translation and more comment the new code - refs #7255 11 years ago			`$affectedRows = delete_attachment(0, $attachId, false);`
			`if ($affectedRows > 0) {`
			`$json['error'] = false;`
			`$json['errorMessage'] = 'Success';`
			`}`
			`}`
			`break;`
			`}`
			`}`

			`/**`
			`* Display`
			`*/`
			`echo json_encode($json);`
			`exit;`