diff --git a/main/inc/lib/blog.lib.php b/main/inc/lib/blog.lib.php index bd963e7a1e..af9b366bec 100755 --- a/main/inc/lib/blog.lib.php +++ b/main/inc/lib/blog.lib.php @@ -25,7 +25,7 @@ class Blog { $course_id = api_get_course_int_id(); - if(is_numeric($blog_id)) { + if (is_numeric($blog_id)) { // init $tbl_blogs = Database::get_course_table(TABLE_BLOGS); @@ -48,7 +48,7 @@ class Blog * * @return String Blog description */ - public static function get_blog_subtitle ($blog_id) + public static function get_blog_subtitle($blog_id) { $tbl_blogs = Database::get_course_table(TABLE_BLOGS); $course_id = api_get_course_int_id(); @@ -56,10 +56,10 @@ class Blog WHERE c_id = $course_id AND blog_id ='".intval($blog_id)."'"; $result = Database::query($sql); $blog = Database::fetch_array($result); + return stripslashes($blog['blog_subtitle']); } - /** * Get the users of a blog * @author Toon Keppens @@ -68,7 +68,8 @@ class Blog * * @return Array Returns an array with [userid]=>[username] */ - public static function get_blog_users ($blog_id) { + public static function get_blog_users($blog_id) + { // Database table definitions $tbl_users = Database::get_main_table(TABLE_MAIN_USER); $tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER); @@ -78,9 +79,11 @@ class Blog // Get blog members $sql = "SELECT user.user_id, user.firstname, user.lastname FROM " . $tbl_blogs_rel_user . " blogs_rel_user - INNER JOIN " . $tbl_users . " user ON blogs_rel_user.user_id = user.user_id - WHERE blogs_rel_user.c_id = $course_id AND - blogs_rel_user.blog_id = '" . (int)$blog_id."'"; + INNER JOIN " . $tbl_users . " user + ON blogs_rel_user.user_id = user.user_id + WHERE + blogs_rel_user.c_id = $course_id AND + blogs_rel_user.blog_id = '" . (int)$blog_id."'"; $result = Database::query($sql); $blog_members = array (); while($user = Database::fetch_array($result)) { @@ -97,26 +100,29 @@ class Blog * @param String $title * @param Text $description */ - public static function create_blog ($title, $subtitle) { - global $_user; - + public static function create_blog($title, $subtitle) + { + $_user = api_get_user_info(); $course_id = api_get_course_int_id(); $current_date=date('Y-m-d H:i:s',time()); $session_id = api_get_session_id(); // Tabel definitions - $tbl_blogs = Database::get_course_table(TABLE_BLOGS); - $tbl_tool = Database::get_course_table(TABLE_TOOL_LIST); - $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); - $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); + $tbl_blogs = Database::get_course_table(TABLE_BLOGS); + $tbl_tool = Database::get_course_table(TABLE_TOOL_LIST); + $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); + $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); //verified if exist blog $sql = 'SELECT COUNT(*) as count FROM '.$tbl_blogs.' - WHERE c_id = '.$course_id.' AND blog_name="'.Database::escape_string($title).'" AND blog_subtitle="'.Database::escape_string($subtitle).'";'; - $res=Database::query($sql); - $info_count=Database::result($res,0,0); - - if ($info_count==0) { + WHERE + c_id = '.$course_id.' AND + blog_name="'.Database::escape_string($title).'" AND + blog_subtitle="'.Database::escape_string($subtitle).'"'; + $res = Database::query($sql); + $info_count = Database::result($res, 0, 0); + + if ($info_count == 0) { // Create the blog $sql = "INSERT INTO $tbl_blogs (c_id, blog_name, blog_subtitle, date_creation, visibility, session_id ) VALUES ($course_id, '".Database::escape_string($title)."', '".Database::escape_string($subtitle)."', '".$current_date."', '1', '$session_id');"; @@ -124,22 +130,44 @@ class Blog $this_blog_id = Database::insert_id(); if ($this_blog_id > 0) { + + $sql = "UPDATE $tbl_blogs SET blog_id = iid WHERE iid = $this_blog_id"; + Database::query($sql); + //insert into item_property - api_item_property_update(api_get_course_info(), TOOL_BLOGS, $this_blog_id, 'BlogAdded', api_get_user_id()); + api_item_property_update( + api_get_course_info(), + TOOL_BLOGS, + $this_blog_id, + 'BlogAdded', + api_get_user_id() + ); } // Make first post. :) - $sql = "INSERT INTO $tbl_blogs_posts (c_id, title, full_text, date_creation, blog_id, author_id ) + $sql = "INSERT INTO $tbl_blogs_posts (c_id, title, full_text, date_creation, blog_id, author_id) VALUES ($course_id, '".get_lang("Welcome")."', '" . get_lang('FirstPostText')."','".$current_date."', '".Database::escape_string((int)$this_blog_id)."', '".Database::escape_string((int)$_user['user_id'])."');"; Database::query($sql); + $postId = Database::insert_id(); + if ($postId) { + $sql = "UPDATE $tbl_blogs_posts SET post_id = iid WHERE iid = $postId"; + Database::query($sql); + } // Put it on course homepage $sql = "INSERT INTO $tbl_tool (c_id, name, link, image, visibility, admin, address, added_tool, session_id) VALUES ($course_id, '".Database::escape_string($title)."','blog/blog.php?blog_id=".(int)$this_blog_id."','blog.gif','1','0','pastillegris.gif',0,'$session_id')"; Database::query($sql); + $toolId = Database::insert_id(); + if ($toolId) { + $sql = "UPDATE $tbl_tool SET id = iid WHERE iid = $toolId"; + Database::query($sql); + } + + // Subscribe the teacher to this blog - Blog::set_user_subscribed((int)$this_blog_id,(int)$_user['user_id']); + Blog::set_user_subscribed($this_blog_id, $_user['user_id']); } } @@ -161,16 +189,29 @@ class Blog $course_id = api_get_course_int_id(); // Update the blog - $sql = "UPDATE $tbl_blogs SET blog_name = '".Database::escape_string($title)."', blog_subtitle = '".Database::escape_string($subtitle)."' - WHERE c_id = $course_id AND blog_id ='".Database::escape_string((int)$blog_id)."' LIMIT 1"; + $sql = "UPDATE $tbl_blogs SET + blog_name = '".Database::escape_string($title)."', + blog_subtitle = '".Database::escape_string($subtitle)."' + WHERE + c_id = $course_id AND + blog_id ='".Database::escape_string((int)$blog_id)."' + LIMIT 1"; Database::query($sql); $this_blog_id = Database::insert_id(); //update item_property (update) - api_item_property_update(api_get_course_info(), TOOL_BLOGS, intval($blog_id), 'BlogUpdated', api_get_user_id()); + api_item_property_update( + api_get_course_info(), + TOOL_BLOGS, + intval($blog_id), + 'BlogUpdated', + api_get_user_id() + ); // Update course homepage link - $sql = "UPDATE $tbl_tool SET name = '".Database::escape_string($title)."' WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1"; + $sql = "UPDATE $tbl_tool SET + name = '".Database::escape_string($title)."' + WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1"; Database::query($sql); } @@ -179,48 +220,55 @@ class Blog * @author Toon Keppens * @param Integer $blog_id */ - public static function delete_blog ($blog_id) + public static function delete_blog($blog_id) { // Init - $tbl_blogs = Database::get_course_table(TABLE_BLOGS); - $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); - $tbl_blogs_comment = Database::get_course_table(TABLE_BLOGS_COMMENTS); - $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); - $tbl_tool = Database::get_course_table(TABLE_TOOL_LIST); - $tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING); + $tbl_blogs = Database::get_course_table(TABLE_BLOGS); + $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); + $tbl_blogs_comment = Database::get_course_table(TABLE_BLOGS_COMMENTS); + $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); + $tbl_tool = Database::get_course_table(TABLE_TOOL_LIST); + $tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING); $tbl_blogs_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT); $course_id = api_get_course_int_id(); + $blog_id = intval($blog_id); // Delete posts from DB and the attachments delete_all_blog_attachment($blog_id); //Delete comments - $sql = "DELETE FROM $tbl_blogs_comment WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_comment WHERE c_id = $course_id AND blog_id ='".$blog_id."'"; Database::query($sql); // Delete posts - $sql = "DELETE FROM $tbl_blogs_posts WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_posts WHERE c_id = $course_id AND blog_id ='".$blog_id."'"; Database::query($sql); // Delete tasks - $sql = "DELETE FROM $tbl_blogs_tasks WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_tasks WHERE c_id = $course_id AND blog_id ='".$blog_id."'"; Database::query($sql); // Delete ratings - $sql = "DELETE FROM $tbl_blogs_rating WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_blogs_rating WHERE c_id = $course_id AND blog_id ='".$blog_id."'"; Database::query($sql); // Delete blog - $sql ="DELETE FROM $tbl_blogs WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."'"; + $sql ="DELETE FROM $tbl_blogs WHERE c_id = $course_id AND blog_id ='".$blog_id."'"; Database::query($sql); // Delete from course homepage - $sql = "DELETE FROM $tbl_tool WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".(int)$blog_id."'"; + $sql = "DELETE FROM $tbl_tool WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".$blog_id."'"; Database::query($sql); //update item_property (delete) - api_item_property_update(api_get_course_info(), TOOL_BLOGS, intval($blog_id), 'delete', api_get_user_id()); + api_item_property_update( + api_get_course_info(), + TOOL_BLOGS, + $blog_id, + 'delete', + api_get_user_id() + ); } /** @@ -255,7 +303,12 @@ class Blog VALUES ($course_id, '".Database::escape_string($title)."', '".Database::escape_string($full_text)."','".$current_date."', '".(int)$blog_id."', '".(int)$_user['user_id']."');"; Database::query($sql); - $last_post_id=Database::insert_id(); + $last_post_id = Database::insert_id(); + + if ($last_post_id) { + $sql = "UPDATE $tbl_blogs_posts SET post_id = iid WHERE iid = $last_post_id"; + Database::query($sql); + } if ($has_attachment) { $courseDir = $_course['path'].'/upload/blog'; @@ -266,14 +319,14 @@ class Blog $new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']); // user's file name - $file_name =$_FILES['user_upload']['name']; + $file_name = $_FILES['user_upload']['name']; if (!filter_extension($new_file_name)) { Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir.'/'.$new_file_name; - $result= @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path); + $result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path); $comment = Database::escape_string($file_comment); // Storing the attachments if any @@ -281,6 +334,11 @@ class Blog $sql = 'INSERT INTO '.$blog_table_attachment.'(c_id, filename,comment, path, post_id,size, blog_id,comment_id) '. "VALUES ($course_id, '".Database::escape_string($file_name)."', '".$comment."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".intval($_FILES['user_upload']['size'])."', '".$blog_id."', '0' )"; Database::query($sql); + $id = Database::insert_id(); + if ($id) { + $sql = "UPDATE $blog_table_attachment SET id = iid WHERE iid = $id"; + Database::query($sql); + } } } } @@ -297,15 +355,18 @@ class Blog * @param String $full_text * @param Integer $blog_id */ - public static function edit_post ($post_id, $title, $full_text, $blog_id) + public static function edit_post($post_id, $title, $full_text, $blog_id) { // Init $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); $course_id = api_get_course_int_id(); // Create the post - $sql = "UPDATE $tbl_blogs_posts SET title = '" . Database::escape_string($title)."', full_text = '" . Database::escape_string($full_text)."' - WHERE c_id = $course_id AND post_id ='".(int)$post_id."' AND blog_id ='".(int)$blog_id."' LIMIT 1 ;"; + $sql = "UPDATE $tbl_blogs_posts SET + title = '" . Database::escape_string($title)."', + full_text = '" . Database::escape_string($full_text)."' + WHERE c_id = $course_id AND post_id ='".(int)$post_id."' AND blog_id ='".(int)$blog_id."' + LIMIT 1 "; Database::query($sql); } @@ -355,12 +416,12 @@ class Blog { $_user = api_get_user_info(); $_course = api_get_course_info(); - global $blog_table_attachment; + $blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT); - $upload_ok = true; - $has_attachment = false; - $current_date = date('Y-m-d H:i:s',time()); - $course_id = api_get_course_int_id(); + $upload_ok = true; + $has_attachment = false; + $current_date = date('Y-m-d H:i:s', time()); + $course_id = api_get_course_int_id(); if (!empty($_FILES['user_upload']['name'])) { $upload_ok = process_uploaded_file($_FILES['user_upload']); @@ -379,6 +440,11 @@ class Blog // Empty post values, or they are shown on the page again $last_id = Database::insert_id(); + if ($last_id) { + $sql = "UPDATE $tbl_blogs_comments SET comment_id = iid WHERE iid = $last_id"; + Database::query($sql); + } + if ($has_attachment) { $courseDir = $_course['path'].'/upload/blog'; $sys_course_path = api_get_path(SYS_COURSE_PATH); @@ -406,6 +472,13 @@ class Blog $sql='INSERT INTO '.$blog_table_attachment.'(c_id, filename,comment, path, post_id,size,blog_id,comment_id) '. "VALUES ($course_id, '".Database::escape_string($file_name)."', '".$comment."', '".Database::escape_string($new_file_name)."' , '".$post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '".$last_id."' )"; Database::query($sql); + + $id = Database::insert_id(); + + if ($id) { + $sql = "UPDATE $blog_table_attachment SET id = iid WHERE iid = $id"; + Database::query($sql); + } } } } @@ -415,10 +488,10 @@ class Blog /** * Deletes a comment from a blogpost * @author Toon Keppens - * @param Integer $blog_id - * @param Integer $comment_id + * @param int $blog_id + * @param int $comment_id */ - public static function delete_comment ($blog_id, $post_id, $comment_id) + public static function delete_comment($blog_id, $post_id, $comment_id) { $tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS); $tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING); @@ -431,7 +504,11 @@ class Blog // Delete ratings on this comment $sql = "DELETE FROM $tbl_blogs_rating - WHERE c_id = $course_id AND blog_id = '".$blog_id."' AND item_id = '".$comment_id."' AND rating_type = 'comment'"; + WHERE + c_id = $course_id AND + blog_id = '".$blog_id."' AND + item_id = '".$comment_id."' AND + rating_type = 'comment'"; Database::query($sql); // select comments that have the selected comment as their parent @@ -440,7 +517,7 @@ class Blog $result = Database::query($sql); // Delete them recursively - while($comment = Database::fetch_array($result)) { + while ($comment = Database::fetch_array($result)) { Blog::delete_comment($blog_id,$post_id,$comment['comment_id']); } @@ -458,7 +535,7 @@ class Blog * @param String $description * @param String $color */ - public static function create_task ($blog_id, $title, $description, $articleDelete, $articleEdit, $commentsDelete, $color) + public static function create_task($blog_id, $title, $description, $articleDelete, $articleEdit, $commentsDelete, $color) { // Init $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); @@ -467,11 +544,17 @@ class Blog $course_id = api_get_course_int_id(); // Create the task - $sql = "INSERT INTO $tbl_blogs_tasks (c_id, blog_id, title, description, color, system_task ) + $sql = "INSERT INTO $tbl_blogs_tasks (c_id, blog_id, title, description, color, system_task) VALUES ($course_id , '".(int)$blog_id."', '" . Database::escape_string($title)."', '" . Database::escape_string($description)."', '" . Database::escape_string($color)."', '0');"; Database::query($sql); $task_id = Database::insert_id(); + + if ($task_id) { + $sql = "UPDATE $tbl_blogs_tasks SET task_id = iid WHERE iid = $task_id"; + Database::query($sql); + } + $tool = 'BLOG_' . $blog_id; if ($articleDelete == 'on') { @@ -482,9 +565,16 @@ class Blog 'article_delete' )"; Database::query($sql); - } - if($articleEdit == 'on') { + $id = Database::insert_id(); + + if ($id) { + $sql = "UPDATE $tbl_tasks_permissions SET id = iid WHERE iid = $id"; + Database::query($sql); + } + } + + if ($articleEdit == 'on') { $sql = " INSERT INTO " . $tbl_tasks_permissions . " (c_id, task_id, tool, action ) VALUES ( '" . (int)$course_id . "', @@ -493,6 +583,12 @@ class Blog 'article_edit' )"; Database::query($sql); + $id = Database::insert_id(); + + if ($id) { + $sql = "UPDATE $tbl_tasks_permissions SET id = iid WHERE iid = $id"; + Database::query($sql); + } } if ($commentsDelete == 'on') { @@ -503,8 +599,13 @@ class Blog '" . Database::escape_string($tool) . "', 'article_comments_delete' )"; - Database::query($sql); + $id = Database::insert_id(); + + if ($id) { + $sql = "UPDATE $tbl_tasks_permissions SET id = iid WHERE iid = $id"; + Database::query($sql); + } } } @@ -518,7 +619,7 @@ class Blog */ public static function edit_task($blog_id, $task_id, $title, $description, $articleDelete, $articleEdit, $commentsDelete, $color) { - $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); + $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $tbl_tasks_permissions = Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS); $course_id = api_get_course_int_id(); @@ -544,11 +645,16 @@ class Blog '" . Database::escape_string($tool) . "', 'article_delete' )"; - Database::query($sql); + $id = Database::insert_id(); + + if ($id) { + $sql = "UPDATE $tbl_tasks_permissions SET id = iid WHERE iid = $id"; + Database::query($sql); + } } - if($articleEdit == 'on') { + if ($articleEdit == 'on') { $sql = "INSERT INTO " . $tbl_tasks_permissions . " (c_id, task_id, tool, action) VALUES ( '" . (int)$course_id . "', '" . (int)$task_id . "', @@ -556,9 +662,15 @@ class Blog 'article_edit' )"; Database::query($sql); + $id = Database::insert_id(); + + if ($id) { + $sql = "UPDATE $tbl_tasks_permissions SET id = iid WHERE iid = $id"; + Database::query($sql); + } } - if($commentsDelete == 'on') { + if ($commentsDelete == 'on') { $sql = " INSERT INTO " . $tbl_tasks_permissions . " (c_id, task_id, tool, action) VALUES ( '" . (int)$course_id . "', '" . (int)$task_id . "', @@ -566,6 +678,12 @@ class Blog 'article_comments_delete' )"; Database::query($sql); + $id = Database::insert_id(); + + if ($id) { + $sql = "UPDATE $tbl_tasks_permissions SET id = iid WHERE iid = $id"; + Database::query($sql); + } } } @@ -597,7 +715,11 @@ class Blog // Delete posts $sql = "DELETE FROM $tbl_blogs_tasks_rel_user - WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."' AND user_id = '".(int)$user_id."'"; + WHERE + c_id = $course_id AND + blog_id = '".(int)$blog_id."' AND + task_id = '".(int)$task_id."' AND + user_id = '".(int)$user_id."'"; Database::query($sql); } @@ -611,9 +733,9 @@ class Blog $_user = api_get_user_info(); // Init - $tbl_blogs = Database::get_course_table(TABLE_BLOGS); + $tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER); - $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); + $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $course_id = api_get_course_int_id(); @@ -634,7 +756,7 @@ class Blog if (Database::num_rows($result) > 0) { echo '