chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r16234] improve forum handling with sessions FS#2743

Browse Source
skala
Eric Marguin 18 years ago
parent 46f5d3e8d3
commit 3d33711668
14 changed files with 120 additions and 77 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      main/forum/editpost.php
  2. 59
      main/forum/forumfunction.inc.php
  3. 4
      main/forum/iframe_thread.php
  4. 35
      main/forum/index.php
  5. 8
      main/forum/newthread.php
  6. 6
      main/forum/reply.php
  7. 18
      main/forum/viewforum.php
  8. 22
      main/forum/viewforumcategory.php
  9. 10
      main/forum/viewthread.php
  10. 6
      main/forum/viewthread_flat.inc.php
  11. 6
      main/forum/viewthread_nested.inc.php
  12. 6
      main/forum/viewthread_threaded.inc.php
  13. 5
      main/inc/lib/add_course.lib.inc.php
  14. 2
      main/install/migrate-db-1.8.5-1.8.6-pre.sql

10
main/forum/editpost.php
Unescape View File

@ -84,7 +84,7 @@ $fck_attribute['Config']['CreateDocumentDir'] = '../../courses/'.api_get_course_
require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
include_once (api_get_path(LIBRARY_PATH).'groupmanager.lib.php');
if(!api_is_allowed_to_edit())
if(!api_is_allowed_to_edit(false,true))
{
$fck_attribute['Config']['UserStatus'] = 'student';
}
@ -161,19 +161,19 @@ api_display_tool_title($nameTools);
// The only exception is the course manager
// I have split this is several pieces for clarity.
//if (!api_is_allowed_to_edit() AND (($current_forum_category['visibility']==0 OR $current_forum['visibility']==0) OR ($current_forum_category['locked']<>0 OR $current_forum['locked']<>0 OR $current_thread['locked']<>0)))
if (!api_is_allowed_to_edit() AND (($current_forum_category['visibility']==0 OR $current_forum['visibility']==0)))
if (!api_is_allowed_to_edit(false,true) AND (($current_forum_category['visibility']==0 OR $current_forum['visibility']==0)))
{
forum_not_allowed_here();
}
if (!api_is_allowed_to_edit() AND ($current_forum_category['locked']<>0 OR $current_forum['locked']<>0 OR $current_thread['locked']<>0))
if (!api_is_allowed_to_edit(false,true) AND ($current_forum_category['locked']<>0 OR $current_forum['locked']<>0 OR $current_thread['locked']<>0))
{
forum_not_allowed_here();
}
if (!$_user['user_id'] AND $current_forum['allow_anonymous']==0)
{
forum_not_allowed_here();
forum_not_allowed_here(false,true);
}
if (!api_is_allowed_to_edit() AND $current_forum['allow_edit']==0)
if (!api_is_allowed_to_edit(false,true) AND $current_forum['allow_edit']==0)
{
forum_not_allowed_here();
}

59
main/forum/forumfunction.inc.php
Unescape View File

@ -445,7 +445,7 @@ function store_forumcategory($values)
}
else
{
$sql="INSERT INTO ".$table_categories." (cat_title, cat_comment, cat_order) VALUES ('".$clean_cat_title."','".Database::escape_string($values['forum_category_comment'])."','".Database::escape_string($new_max)."')";
$sql="INSERT INTO ".$table_categories." (cat_title, cat_comment, cat_order, session_id) VALUES ('".$clean_cat_title."','".Database::escape_string($values['forum_category_comment'])."','".Database::escape_string($new_max)."',".intval($_SESSION['id_session']).")";
api_sql_query($sql,__FILE__,__LINE__);
$last_id=Database::get_last_insert_id();
api_item_property_update($_course, TOOL_FORUM_CATEGORY, $last_id,"ForumCategoryAdded", api_get_user_id());
@ -1110,19 +1110,23 @@ function get_forum_categories($id='')
$table_categories = Database :: get_course_table(TABLE_FORUM_CATEGORY);
$table_item_property = Database :: get_course_table(TABLE_ITEM_PROPERTY);
$session_condition = isset($_SESSION['id_session']) ? 'AND forum_categories.session_id IN (0,'.intval($_SESSION['id_session']).')' : '';
if ($id=='')
{
$sql="SELECT * FROM".$table_categories." forum_categories, ".$table_item_property." item_properties
WHERE forum_categories.cat_id=item_properties.ref
AND item_properties.visibility=1
AND item_properties.tool='".TOOL_FORUM_CATEGORY."'
$session_condition
ORDER BY forum_categories.cat_order ASC";
if (is_allowed_to_edit())
if (is_allowed_to_edit(false,true))
{
$sql="SELECT * FROM".$table_categories." forum_categories, ".$table_item_property." item_properties
WHERE forum_categories.cat_id=item_properties.ref
AND item_properties.visibility<>2
AND item_properties.tool='".TOOL_FORUM_CATEGORY."'
$session_condition
ORDER BY forum_categories.cat_order ASC";
}
}
@ -1132,11 +1136,18 @@ function get_forum_categories($id='')
WHERE forum_categories.cat_id=item_properties.ref
AND item_properties.tool='".TOOL_FORUM_CATEGORY."'
AND forum_categories.cat_id='".Database::escape_string($id)."'
$session_condition
ORDER BY forum_categories.cat_order ASC";
}
$result=api_sql_query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($result))
{
if($row['session_id']>0)
{
$sql_session = 'SELECT name FROM '.Database::get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$row['session_id'];
$rs_session = api_sql_query($sql_session,__FILE__,__LINE__);
$row['session_name'] = mysql_result($rs_session,0,0);
}
if ($id=='')
{
$forum_categories_list[$row['cat_id']]=$row;
@ -1169,7 +1180,7 @@ function get_forums_in_category($cat_id)
AND item_properties.visibility=1
AND item_properties.tool='".TOOL_FORUM."'
ORDER BY forum.forum_order ASC";
if (is_allowed_to_edit())
if (is_allowed_to_edit(false,true))
{
$sql="SELECT * FROM ".$table_forums." forum , ".$table_item_property." item_properties
WHERE forum.forum_category='".Database::escape_string($cat_id)."'
@ -1233,7 +1244,7 @@ function get_forums($id='')
GROUP BY threads.forum_id";
//-------------- Course Admin -----------------//
if (is_allowed_to_edit())
if (is_allowed_to_edit(false,true))
{
// select all the forum information of all forums (that are not deleted)
$sql="SELECT * FROM ".$table_forums." forum , ".$table_item_property." item_properties
@ -1287,6 +1298,12 @@ function get_forums($id='')
$result=api_sql_query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($result))
{
if($row['session_id']>0)
{
$sql_session = 'SELECT name FROM '.Database::get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$row['session_id'];
$rs_session = api_sql_query($sql_session,__FILE__,__LINE__);
$row['session_name'] = mysql_result($rs_session,0,0);
}
if ($id=='')
{
$forum_list[$row['forum_id']]=$row;
@ -1334,7 +1351,7 @@ function get_forums($id='')
{
foreach ($forum_list as $key=>$value)
{
$last_post_info_of_forum=get_last_post_information($key,is_allowed_to_edit());
$last_post_info_of_forum=get_last_post_information($key,is_allowed_to_edit(false,true));
$forum_list[$key]['last_post_id']=$last_post_info_of_forum['last_post_id'];
$forum_list[$key]['last_poster_id']=$last_post_info_of_forum['last_poster_id'];
$forum_list[$key]['last_post_date']=$last_post_info_of_forum['last_post_date'];
@ -1350,7 +1367,7 @@ function get_forums($id='')
}
else
{
$last_post_info_of_forum=get_last_post_information($id,is_allowed_to_edit());
$last_post_info_of_forum=get_last_post_information($id,is_allowed_to_edit(false,true));
$forum_list['last_post_id']=$last_post_info_of_forum['last_post_id'];
$forum_list['last_poster_id']=$last_post_info_of_forum['last_poster_id'];
$forum_list['last_post_date']=$last_post_info_of_forum['last_post_date'];
@ -1456,7 +1473,7 @@ function get_threads($forum_id)
ON post.poster_id= last_poster_users.user_id
WHERE thread.forum_id='".Database::escape_string($forum_id)."'
ORDER BY thread.thread_sticky DESC, thread.thread_date DESC";
if (is_allowed_to_edit())
if (is_allowed_to_edit(false,true))
{
// important note: it might seem a little bit awkward that we have 'thread.locked as locked' in the sql statement
// because we also have thread.* in it. This is because thread has a field locked and post also has the same field
@ -1500,7 +1517,7 @@ function get_posts($thread_id)
global $table_users;
// note: change these SQL so that only the relevant fields of the user table are used
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
$sql = "SELECT * FROM $table_posts posts
LEFT JOIN $table_users users
@ -1706,7 +1723,7 @@ function store_thread($values)
$post_date=date('Y-m-d H:i:s');
if ($current_forum['approval_direct_post']=='1' AND !api_is_allowed_to_edit())
if ($current_forum['approval_direct_post']=='1' AND !api_is_allowed_to_edit(false,true))
{
$visible=0; // the post is not approved yet.
}
@ -1805,7 +1822,7 @@ function store_thread($values)
$message.='<br />';
}
if ($current_forum['approval_direct_post']=='1' AND !api_is_allowed_to_edit())
if ($current_forum['approval_direct_post']=='1' AND !api_is_allowed_to_edit(false,true))
{
$message.=get_lang('MessageHasToBeApproved').'<br />';
$message.=get_lang('ReturnTo').' <a href="viewforum.php?'.api_get_cidreq().'&forum='.$values['forum_id'].'">'.get_lang('Forum').'</a><br />';
@ -1878,12 +1895,12 @@ function show_add_post_form($action='', $id='', $form_values='')
$form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail').' ('.$_user['mail'].')');
}
if ($forum_setting['allow_sticky'] AND api_is_allowed_to_edit() AND $action=='newthread')
if ($forum_setting['allow_sticky'] AND api_is_allowed_to_edit(false,true) AND $action=='newthread')
{
$form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost'));
}
if ($current_forum['allow_attachments']=='1' OR api_is_allowed_to_edit())
if ($current_forum['allow_attachments']=='1' OR api_is_allowed_to_edit(false,true))
{
//$form->add_resource_button();
$values = $form->exportValues();
@ -1970,7 +1987,7 @@ function store_reply($values)
global $origin;
$post_date=date('Y-m-d H:i:s');
if ($current_forum['approval_direct_post']=='1' AND !api_is_allowed_to_edit())
if ($current_forum['approval_direct_post']=='1' AND !api_is_allowed_to_edit(false,true))
{
$visible=0; // the post is not approved yet.
}
@ -2051,7 +2068,7 @@ function store_reply($values)
if ($current_forum['approval_direct_post']=='1' AND !api_is_allowed_to_edit())
if ($current_forum['approval_direct_post']=='1' AND !api_is_allowed_to_edit(false,true))
{
$message.='<br />'.get_lang('MessageHasToBeApproved').'<br />';
}
@ -2117,7 +2134,7 @@ function show_edit_post_form($current_post, $current_thread, $current_forum, $fo
{
$form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail').' ('.$current_post['email'].')');
}
if ($forum_setting['allow_sticky'] and api_is_allowed_to_edit() and $current_post['post_parent_id']==0) // the sticky checkbox only appears when it is the first post of a thread
if ($forum_setting['allow_sticky'] and api_is_allowed_to_edit(false,true) and $current_post['post_parent_id']==0) // the sticky checkbox only appears when it is the first post of a thread
{
$form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost'));
if ($current_thread['thread_sticky']==1)
@ -2125,7 +2142,7 @@ function show_edit_post_form($current_post, $current_thread, $current_forum, $fo
$defaults['thread_sticky']=true;
}
}
if ($current_forum['allow_attachments']=='1' OR api_is_allowed_to_edit())
if ($current_forum['allow_attachments']=='1' OR api_is_allowed_to_edit(false,true))
{
if (empty($form_values) AND !$_POST['SubmitPost'])
{
@ -2394,7 +2411,7 @@ function get_post_topics_of_forum($forum_id)
global $table_item_property;
$sql="SELECT count(*) as number_of_posts FROM $table_posts WHERE forum_id='".$forum_id."'";
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
$sql="SELECT count(*) as number_of_posts
FROM $table_posts posts, $table_threads threads, $table_item_property item_property
@ -2422,7 +2439,7 @@ function get_post_topics_of_forum($forum_id)
$number_of_posts=$row['number_of_posts'];
// we could loop through the result array and count the number of different group_ids but I have chosen to use a second sql statement
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
$sql="SELECT count(*) as number_of_topics
FROM $table_threads threads, $table_item_property item_property
@ -3036,7 +3053,7 @@ function display_forum_search_results($search_term)
3. thread is visible (to do)
4. post is visible
*/
if (!api_is_allowed_to_edit())
if (!api_is_allowed_to_edit(false,true))
{
if ($forum_categories_list[$row['forum_id']['forum_category']]['visibility'] == '1' AND $forum_list[$row['forum_id']]['visibility'] == '1' AND $row['visible'] == '1')
{
@ -3190,7 +3207,7 @@ function get_forums_of_group($group_id)
GROUP BY threads.forum_id";
//-------------- Course Admin -----------------//
if (is_allowed_to_edit())
if (is_allowed_to_edit(false,true))
{
// select all the forum information of all forums (that are not deleted)
$sql="SELECT * FROM ".$table_forums." forum , ".$table_item_property." item_properties
@ -3250,7 +3267,7 @@ function get_forums_of_group($group_id)
{
foreach ($forum_list as $key=>$value)
{
$last_post_info_of_forum=get_last_post_information($key,is_allowed_to_edit());
$last_post_info_of_forum=get_last_post_information($key,is_allowed_to_edit(false,true));
$forum_list[$key]['last_post_id']=$last_post_info_of_forum['last_post_id'];
$forum_list[$key]['last_poster_id']=$last_post_info_of_forum['last_poster_id'];
$forum_list[$key]['last_post_date']=$last_post_info_of_forum['last_post_date'];

4
main/forum/iframe_thread.php
Unescape View File

@ -79,7 +79,7 @@ $fck_attribute['Height'] = '400';
$fck_attribute['ToolbarSet'] = 'Middle';
$fck_attribute['Config']['IMUploadPath'] = 'upload/forum/';
$fck_attribute['Config']['FlashUploadPath'] = 'upload/forum/';
if(!api_is_allowed_to_edit()) $fck_attribute['Config']['UserStatus'] = 'student';
if(!api_is_allowed_to_edit(false,true)) $fck_attribute['Config']['UserStatus'] = 'student';
$nameTools=get_lang('Forum');
@ -132,7 +132,7 @@ $current_forum_category=get_forumcategory_information($current_forum['forum_cate
*/
// if the user is not a course administrator and the forum is hidden
// then the user is not allowed here.
if (!api_is_allowed_to_edit() AND ($current_forum['visibility']==0 OR $current_thread['visibility']==0))
if (!api_is_allowed_to_edit(false,true) AND ($current_forum['visibility']==0 OR $current_thread['visibility']==0))
{
forum_not_allowed_here();
}

35
main/forum/index.php
Unescape View File

@ -75,7 +75,7 @@ $fck_attribute['Config']['FlashUploadPath'] = 'upload/forum/';
$fck_attribute['Config']['InDocument'] = false;
$fck_attribute['Config']['CreateDocumentDir'] = '../../courses/'.api_get_course_path().'/document/';
if(!api_is_allowed_to_edit()) $fck_attribute['Config']['UserStatus'] = 'student';
if(!api_is_allowed_to_edit(false,true)) $fck_attribute['Config']['UserStatus'] = 'student';
//error_reporting(E_ALL);
/*
@ -112,7 +112,7 @@ Display::display_introduction_section(TOOL_FORUM);
ACTIONS
------------------------------------------------------------------------------------------------------
*/
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
$fck_attribute['ToolbarSet'] = 'ForumLight';
handle_forum_and_forumcategories();
@ -181,7 +181,7 @@ if ($_GET['action']!='add' && $_GET['action']!='edit' )
*/
//if (api_is_allowed_to_edit() and !$_GET['action'])
echo '<span style="float:right;">'.search_link().'</span>';
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&action=add&amp;content=forumcategory"> '.Display::return_icon('forum_category_new.gif').' '.get_lang('AddForumCategory').'</a> ';
if (is_array($forum_categories_list))
@ -202,8 +202,15 @@ if ($_GET['action']!='add' && $_GET['action']!='edit' )
{
foreach ($forum_categories_list as $forum_category_key => $forum_category)
{
if((!isset($_SESSION['id_session']) || $_SESSION['id_session']==0) && !empty($forum_category['session_name']))
{
$session_displayed = ' ('.$forum_category['session_name'].')';
}
else
$session_displayed = '';
echo "\t<tr>\n\t\t<th style=\"padding-left:5px;\" align=\"left\" colspan=\"6\">";
echo '<a href="viewforumcategory.php?'.api_get_cidreq().'&forumcategory='.prepare4display($forum_category['cat_id']).'" '.class_visible_invisible(prepare4display($forum_category['visibility'])).'>'.prepare4display($forum_category['cat_title']).'</a><br />';
echo '<a href="viewforumcategory.php?'.api_get_cidreq().'&forumcategory='.prepare4display($forum_category['cat_id']).'" '.class_visible_invisible(prepare4display($forum_category['visibility'])).'>'.prepare4display($forum_category['cat_title']).$session_displayed.'</a><br />';
if ($forum_category['cat_comment']<>'' AND trim($forum_category['cat_comment'])<>'&nbsp;')
{
@ -212,7 +219,8 @@ if ($_GET['action']!='add' && $_GET['action']!='edit' )
echo "</th>\n";
echo '<th style="padding: 5px; vertical-align: top;" align="center" >';
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true) && !($forum_category['session_id']==0 && intval($_SESSION['id_session'])!=0))
{
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=edit&amp;content=forumcategory&amp;id=".prepare4display($forum_category['cat_id'])."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>";
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=delete&amp;content=forumcategory&amp;id=".prepare4display($forum_category['cat_id'])."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeleteForumCategory"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>";
@ -270,7 +278,7 @@ if ($_GET['action']!='add' && $_GET['action']!='edit' )
// SHOULD WE SHOW THIS PARTICULAR FORUM
// you are teacher => show forum
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
//echo 'teacher';
$show_forum=true;
@ -371,8 +379,15 @@ if ($_GET['action']!='add' && $_GET['action']!='edit' )
{
$forum_title_group_addition='';
}
echo "\t\t<td><a href=\"viewforum.php?".api_get_cidreq()."&forum=".prepare4display($forum['forum_id'])."\" ".class_visible_invisible(prepare4display($forum['visibility'])).">".prepare4display($forum['forum_title']).'</a>'.$forum_title_group_addition.'<br />'.prepare4display($forum['forum_comment'])."</td>\n";
if((!isset($_SESSION['id_session']) || $_SESSION['id_session']==0) && !empty($forum['session_name']))
{
$session_displayed = ' ('.$forum['session_name'].')';
}
else
$session_displayed = '';
echo "\t\t<td><a href=\"viewforum.php?".api_get_cidreq()."&forum=".prepare4display($forum['forum_id'])."\" ".class_visible_invisible(prepare4display($forum['visibility'])).">".prepare4display($forum['forum_title']).$session_displayed.'</a>'.$forum_title_group_addition.'<br />'.prepare4display($forum['forum_comment'])."</td>\n";
//$number_forum_topics_and_posts=get_post_topics_of_forum($forum['forum_id']); // deprecated
// the number of topics and posts
echo "\t\t<td>".$forum['number_of_threads']."</td>\n";
@ -398,7 +413,7 @@ if ($_GET['action']!='add' && $_GET['action']!='edit' )
echo "\t\t<td NOWRAP align='center'>";
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true) && !($forum['session_id']==0 && intval($_SESSION['id_session'])!=0))
{
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=edit&amp;content=forum&amp;id=".$forum['forum_id']."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>";
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&action=delete&amp;content=forum&amp;id=".$forum['forum_id']."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeleteForum"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>";
@ -424,7 +439,7 @@ if ($_GET['action']!='add' && $_GET['action']!='edit' )
if (count($forum_list)==0)
{
echo "\t<tr><td>".get_lang('NoForumInThisCategory')."</td>".(api_is_allowed_to_edit()?'<td colspan="5"></td>':'<td colspan="4"></td>')."</tr>\n";
echo "\t<tr><td>".get_lang('NoForumInThisCategory')."</td>".(api_is_allowed_to_edit(false,true)?'<td colspan="5"></td>':'<td colspan="4"></td>')."</tr>\n";
}
}
}

8
main/forum/newthread.php
Unescape View File

@ -70,7 +70,7 @@ $fck_attribute['Config']['InDocument'] = false;
$fck_attribute['Config']['CreateDocumentDir'] = '../../courses/'.api_get_course_path().'/document/';
if(!api_is_allowed_to_edit())
if(!api_is_allowed_to_edit(false,true))
{
$fck_attribute['Config']['UserStatus'] = 'student';
}
@ -153,17 +153,17 @@ if($origin=='learnpath')
// 4. anonymous posts are not allowed and the user is not logged in
// I have split this is several pieces for clarity.
if (!api_is_allowed_to_edit() AND (($current_forum_category['visibility']==0 OR $current_forum['visibility']==0)))
if (!api_is_allowed_to_edit(false,true) AND (($current_forum_category['visibility']==0 OR $current_forum['visibility']==0)))
{
forum_not_allowed_here();
}
// 2. the forumcategory or forum is locked (locked <>0) and the user is not a course manager
if (!api_is_allowed_to_edit() AND ($current_forum_category['locked']<>0 OR $current_forum['locked']<>0))
if (!api_is_allowed_to_edit(false,true) AND ($current_forum_category['locked']<>0 OR $current_forum['locked']<>0))
{
forum_not_allowed_here();
}
// 3. new threads are not allowed and the user is not a course manager
if (!api_is_allowed_to_edit() AND $current_forum['allow_new_threads']<>1)
if (!api_is_allowed_to_edit(false,true) AND $current_forum['allow_new_threads']<>1)
{
forum_not_allowed_here();
}

6
main/forum/reply.php
Unescape View File

@ -64,7 +64,7 @@ $fck_attribute['Config']['FlashUploadPath'] = 'upload/forum/';
$fck_attribute['Config']['InDocument'] = false;
$fck_attribute['Config']['CreateDocumentDir'] = '../../courses/'.api_get_course_path().'/document/';
if(!api_is_allowed_to_edit())
if(!api_is_allowed_to_edit(false,true))
{
$fck_attribute['Config']['UserStatus'] = 'student';
}
@ -161,11 +161,11 @@ else
// The only exception is the course manager
// I have split this is several pieces for clarity.
//if (!api_is_allowed_to_edit() AND (($current_forum_category['visibility']==0 OR $current_forum['visibility']==0) OR ($current_forum_category['locked']<>0 OR $current_forum['locked']<>0 OR $current_thread['locked']<>0)))
if (!api_is_allowed_to_edit() AND (($current_forum_category['visibility']==0 OR $current_forum['visibility']==0)))
if (!api_is_allowed_to_edit(false,true) AND (($current_forum_category['visibility']==0 OR $current_forum['visibility']==0)))
{
forum_not_allowed_here();
}
if (!api_is_allowed_to_edit() AND ($current_forum_category['locked']<>0 OR $current_forum['locked']<>0 OR $current_thread['locked']<>0))
if (!api_is_allowed_to_edit(false,true) AND ($current_forum_category['locked']<>0 OR $current_forum['locked']<>0 OR $current_thread['locked']<>0))
{
forum_not_allowed_here();
}

18
main/forum/viewforum.php
Unescape View File

@ -123,22 +123,22 @@ if($origin=='learnpath')
-----------------------------------------------------------
*/
// Change visibility of a forum or a forum category
if (($_GET['action']=='invisible' OR $_GET['action']=='visible') AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit())
if (($_GET['action']=='invisible' OR $_GET['action']=='visible') AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true))
{
$message=change_visibility($_GET['content'], $_GET['id'],$_GET['action']);// note: this has to be cleaned first
}
// locking and unlocking
if (($_GET['action']=='lock' OR $_GET['action']=='unlock') AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit())
if (($_GET['action']=='lock' OR $_GET['action']=='unlock') AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true))
{
$message=change_lock_status($_GET['content'], $_GET['id'],$_GET['action']);// note: this has to be cleaned first
}
// deleting
if ($_GET['action']=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit())
if ($_GET['action']=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true))
{
$message=delete_forum_forumcategory_thread($_GET['content'],$_GET['id']); // note: this has to be cleaned first
}
// moving
if ($_GET['action']=='move' and isset($_GET['thread']) AND api_is_allowed_to_edit())
if ($_GET['action']=='move' and isset($_GET['thread']) AND api_is_allowed_to_edit(false,true))
{
$message=move_thread_form();
}
@ -156,7 +156,7 @@ if ($_GET['action'] == 'notify' AND isset($_GET['content']) AND isset($_GET['id'
*/
// if the user is not a course administrator and the forum is hidden
// then the user is not allowed here.
if (!api_is_allowed_to_edit() AND ($current_forum_category['visibility']==0 OR $current_forum['visibility']==0))
if (!api_is_allowed_to_edit(false,true) AND ($current_forum_category['visibility']==0 OR $current_forum['visibility']==0))
{
forum_not_allowed_here();
}
@ -183,7 +183,7 @@ echo '<span style="float:right;">'.search_link().'</span>';
// 1. the course admin is here
// 2. the course member is here and new threads are allowed
// 3. a visitor is here and new threads AND allowed AND anonymous posts are allowed
if (api_is_allowed_to_edit() OR ($current_forum['allow_new_threads']==1 AND isset($_user['user_id'])) OR ($current_forum['allow_new_threads']==1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous']==1))
if (api_is_allowed_to_edit(false,true) OR ($current_forum['allow_new_threads']==1 AND isset($_user['user_id'])) OR ($current_forum['allow_new_threads']==1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous']==1))
{
if ($current_forum['locked'] <> 1 AND $current_forum['locked'] <> 1)
{
@ -247,7 +247,7 @@ if(is_array($threads))
foreach ($threads as $row)
{
// thread who have no replies yet and the only post is invisible should not be displayed to students.
if (api_is_allowed_to_edit() OR !($row['thread_replies']=='0' AND $row['visible']=='0'))
if (api_is_allowed_to_edit(false,true) OR !($row['thread_replies']=='0' AND $row['visible']=='0'))
{
if($counter%2==0)
{
@ -305,7 +305,7 @@ if(is_array($threads))
}
// if the last post is invisible and it is not the teacher who is looking then we have to find the last visible post of the thread
if (($row['visible']=='1' OR api_is_allowed_to_edit()) && $origin!='learnpath')
if (($row['visible']=='1' OR api_is_allowed_to_edit(false,true)) && $origin!='learnpath')
{
$last_post=$row['thread_date']." ".get_lang('By').' '.display_user_link($row['last_poster_user_id'], $name);
}
@ -327,7 +327,7 @@ if(is_array($threads))
}
echo "\t\t<td>".$last_post."</td>\n";
echo "\t\t<td>";
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;action=delete&amp;content=thread&amp;id=".$row['thread_id'].$origin_string."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeleteCompleteThread"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>";
display_visible_invisible_icon('thread', $row['thread_id'], $row['visibility'], array("forum"=>$_GET['forum'],'origin'=>$origin));

22
main/forum/viewforumcategory.php
Unescape View File

@ -79,7 +79,7 @@ $fck_attribute['Height'] = '300';
$fck_attribute['ToolbarSet'] = 'Middle';
$fck_attribute['Config']['IMUploadPath'] = 'upload/forum/';
$fck_attribute['Config']['FlashUploadPath'] = 'upload/forum/';
if(!api_is_allowed_to_edit())
if(!api_is_allowed_to_edit(false,true))
{
$fck_attribute['Config']['UserStatus'] = 'student';
}
@ -119,7 +119,7 @@ $whatsnew_post_info=$_SESSION['whatsnew_post_info'];
*/
// if the user is not a course administrator and the forum is hidden
// then the user is not allowed here.
if (!api_is_allowed_to_edit() AND $current_forum_category['visibility']==0)
if (!api_is_allowed_to_edit(false,true) AND $current_forum_category['visibility']==0)
{
forum_not_allowed_here();
}
@ -129,7 +129,7 @@ if (!api_is_allowed_to_edit() AND $current_forum_category['visibility']==0)
ACTIONS
------------------------------------------------------------------------------------------------------
*/
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
handle_forum_and_forumcategories();
}
@ -173,7 +173,7 @@ $groups_of_user=GroupManager::get_group_ids($_course['dbName'], $_user['user_id'
-----------------------------------------------------------
*/
echo '<span style="float:right;">'.search_link().'</span>';
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
//echo '<a href="'.api_get_self().'?forumcategory='.$_GET['forumcategory'].'&amp;action=add&amp;content=forumcategory">'.get_lang('AddForumCategory').'</a> | ';
echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&forumcategory='.Security::remove_XSS($_GET['forumcategory']).'&amp;action=add&amp;content=forum">'.Display::return_icon('forum_new.gif').' '.get_lang('AddForum').'</a>';
@ -190,7 +190,7 @@ if (api_is_allowed_to_edit())
echo '<span class="forum_title">'.prepare4display($forum_category['cat_title']).'</span><br />';
echo '<span class="forum_description">'.prepare4display($forum_category['cat_comment']).'</span>';
echo "</th>\n";
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true) && !($forum_category['session_id']==0 && intval($_SESSION['id_session'])!=0))
{
echo '<th style="padding: 5px; vertical-align: top;" align="center" >';
@ -232,7 +232,7 @@ foreach ($forum_list as $key=>$forum)
// SHOULD WE SHOW THIS PARTICULAR FORUM
// you are teacher => show forum
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
//echo 'teacher';
$show_forum=true;
@ -306,7 +306,13 @@ foreach ($forum_list as $key=>$forum)
}
}
echo "</td>\n";
echo "\t\t<td><a href=\"viewforum.php?".api_get_cidreq()."&forum=".$forum['forum_id']."&amp;search=".Security::remove_XSS(urlencode($_GET['search']))."\" ".class_visible_invisible($forum['visibility']).">".prepare4display($forum['forum_title']).'</a><br />'.prepare4display($forum['forum_comment'])."</td>\n";
if((!isset($_SESSION['id_session']) || $_SESSION['id_session']==0) && !empty($forum['session_name']))
{
$session_displayed = ' ('.$forum['session_name'].')';
}
else
$session_displayed = '';
echo "\t\t<td><a href=\"viewforum.php?".api_get_cidreq()."&forum=".$forum['forum_id']."&amp;search=".Security::remove_XSS(urlencode($_GET['search']))."\" ".class_visible_invisible($forum['visibility']).">".prepare4display($forum['forum_title']).$session_displayed.'</a><br />'.prepare4display($forum['forum_comment'])."</td>\n";
//$number_forum_topics_and_posts=get_post_topics_of_forum($forum['forum_id']); // deprecated
// the number of topics and posts
echo "\t\t<td>".$forum['number_of_threads']."</td>\n";
@ -329,7 +335,7 @@ foreach ($forum_list as $key=>$forum)
}
echo "</td>\n";
echo "\t\t<td NOWRAP align='center'>";
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true) && !($forum['session_id']==0 && intval($_SESSION['id_session'])!=0))
{
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forumcategory=".Security::remove_XSS($_GET['forumcategory'])."&amp;action=edit&amp;content=forum&amp;id=".$forum['forum_id']."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>";
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forumcategory=".Security::remove_XSS($_GET['forumcategory'])."&amp;action=delete&amp;content=forum&amp;id=".$forum['forum_id']."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeleteForum"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>";

10
main/forum/viewthread.php
Unescape View File

@ -139,7 +139,7 @@ if($origin=='learnpath')
*/
// if the user is not a course administrator and the forum is hidden
// then the user is not allowed here.
if (!api_is_allowed_to_edit() AND ($current_forum['visibility']==0 OR $current_thread['visibility']==0))
if (!api_is_allowed_to_edit(false,true) AND ($current_forum['visibility']==0 OR $current_thread['visibility']==0))
{
forum_not_allowed_here();
}
@ -149,11 +149,11 @@ if (!api_is_allowed_to_edit() AND ($current_forum['visibility']==0 OR $current_t
Actions
-----------------------------------------------------------
*/
if ($_GET['action']=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit())
if ($_GET['action']=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true))
{
$message=delete_post($_GET['id']); // note: this has to be cleaned first
}
if (($_GET['action']=='invisible' OR $_GET['action']=='visible') AND isset($_GET['id']) AND api_is_allowed_to_edit())
if (($_GET['action']=='invisible' OR $_GET['action']=='visible') AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true))
{
$message=approve_post($_GET['id'],$_GET['action']); // note: this has to be cleaned first
}
@ -195,7 +195,7 @@ if ($message<>'PostDeletedSpecial') // in this case the first and only post of t
echo '</div>';
// the reply to thread link should only appear when the forum_category is not locked AND the forum is not locked AND the thread is not locked.
// if one of the three levels is locked then the link should not be displayed
if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit())
if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true))
{
// The link should only appear when the user is logged in or when anonymous posts are allowed.
if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id']))
@ -204,7 +204,7 @@ if ($message<>'PostDeletedSpecial') // in this case the first and only post of t
echo '<a href="reply.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'&amp;action=replythread&origin='.$origin.'">'.get_lang('ReplyToThread').'</a>';
//new thread link
if (api_is_allowed_to_edit() OR ($current_forum['allow_new_threads']==1 AND isset($_user['user_id'])) OR ($current_forum['allow_new_threads']==1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous']==1))
if (api_is_allowed_to_edit(false,true) OR ($current_forum['allow_new_threads']==1 AND isset($_user['user_id'])) OR ($current_forum['allow_new_threads']==1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous']==1))
{
if ($current_forum['locked'] <> 1 AND $current_forum['locked'] <> 1)
{

6
main/forum/viewthread_flat.inc.php
Unescape View File

@ -100,11 +100,11 @@ foreach ($rows as $row)
echo $row['post_date'].'<br /><br />';
// The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
// The course admin him/herself can do this off course always
if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or api_is_allowed_to_edit())
if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or api_is_allowed_to_edit(false,true))
{
echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$row['post_id']."&origin=".$origin."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
}
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;action=delete&amp;content=post&amp;id=".$row['post_id']."&origin=".$origin."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeletePost"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>\n";
display_visible_invisible_icon('post', $row['post_id'], $row['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']), 'origin'=>$origin ));
@ -113,7 +113,7 @@ foreach ($rows as $row)
}
echo '<br /><br />';
//if (($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0) OR api_is_allowed_to_edit())
if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit())
if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true))
{
if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id']))
{

6
main/forum/viewthread_nested.inc.php
Unescape View File

@ -91,11 +91,11 @@ foreach ($rows as $post)
echo $post['post_date'].'<br /><br />';
// The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
// The course admin him/herself can do this off course always
if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or api_is_allowed_to_edit())
if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or api_is_allowed_to_edit(false,true))
{
echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$post['post_id']."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
}
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;action=delete&amp;content=post&amp;id=".$post['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeletePost"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>\n";
display_visible_invisible_icon('post', $post['post_id'], $post['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']) ));
@ -104,7 +104,7 @@ foreach ($rows as $post)
}
echo '<br /><br />';
//if (($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0) OR api_is_allowed_to_edit())
if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit())
if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true))
{
if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id']))
{

6
main/forum/viewthread_threaded.inc.php
Unescape View File

@ -222,11 +222,11 @@ echo display_user_link($rows[$display_post_id]['user_id'], $name).'<br />';
echo $rows[$display_post_id]['post_date'].'<br /><br />';
// The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum
// The course admin him/herself can do this off course always
if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or api_is_allowed_to_edit())
if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or api_is_allowed_to_edit(false,true))
{
echo "<a href=\"editpost.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$rows[$display_post_id]['post_id']."\">".icon('../img/edit.gif',get_lang('Edit'))."</a>\n";
}
if (api_is_allowed_to_edit())
if (api_is_allowed_to_edit(false,true))
{
echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;action=delete&amp;content=post&amp;id=".$rows[$display_post_id]['post_id']."\" onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("DeletePost"),ENT_QUOTES,$charset))."')) return false;\">".icon('../img/delete.gif',get_lang('Delete'))."</a>\n";
display_visible_invisible_icon('post', $rows[$display_post_id]['post_id'], $rows[$display_post_id]['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']), 'post'=>Security::remove_XSS($_GET['post']) ));
@ -235,7 +235,7 @@ if (api_is_allowed_to_edit())
}
echo '<br /><br />';
//if (($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0) OR api_is_allowed_to_edit())
if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit())
if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true))
{
if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id']))
{

5
main/inc/lib/add_course.lib.inc.php
Unescape View File

@ -474,10 +474,13 @@ function update_Db_course($courseDbName)
cat_comment text,
cat_order int NOT NULL default 0,
locked int NOT NULL default 0,
session_id smallint unsigned NOT NULL default 0,
PRIMARY KEY (cat_id)
) TYPE=MyISAM";
api_sql_query($sql, __FILE__, __LINE__);
$sql = "ALTER TABLE `".$TABLETOOLFORUMCATEGORY . "` ADD INDEX ( session_id ) ";
api_sql_query($sql, __FILE__, __LINE__);
// Forum
$sql = "
@ -2084,7 +2087,7 @@ function fill_Db_course($courseDbName, $courseRepository, $language,$default_doc
Forum tool
-----------------------------------------------------------
*/
api_sql_query("INSERT INTO `$TABLEFORUMCATEGORIES` VALUES (1,'".lang2db(get_lang('ExampleForumCategory'))."', '', 1, 0)", __FILE__, __LINE__);
api_sql_query("INSERT INTO `$TABLEFORUMCATEGORIES` VALUES (1,'".lang2db(get_lang('ExampleForumCategory'))."', '', 1, 0, 0)", __FILE__, __LINE__);
$insert_id = Database :: get_last_insert_id();
api_sql_query("INSERT INTO `".$TABLEITEMPROPERTY . "` (tool,insert_user_id,insert_date,lastedit_date,ref,lastedit_type,lastedit_user_id,to_group_id,to_user_id,visibility) VALUES ('forum_category',1,NOW(),NOW(),$insert_id,'ForumCategoryAdded',1,0,NULL,1)", __FILE__, __LINE__);

2
main/install/migrate-db-1.8.5-1.8.6-pre.sql
Unescape View File

@ -56,3 +56,5 @@ ALTER TABLE group_category ADD COLUMN wiki_state tinyint unsigned NOT NULL defau
ALTER TABLE group_info ADD COLUMN wiki_state enum('0','1','2') NOT NULL default '0';
ALTER TABLE announcement ADD session_id SMALLINT UNSIGNED NOT NULL;
ALTER TABLE announcement ADD INDEX ( session_id ) ;
ALTER TABLE forum_category ADD session_id SMALLINT UNSIGNED NOT NULL ;
ALTER TABLE forum_category ADD INDEX ( session_id ) ;

Write Preview
Loading…
Cancel
Save