, Ghent University * @copyright Ghent University */ require_once __DIR__.'/../inc/global.inc.php'; $cid = isset($_REQUEST['cid']) ? (int) $_REQUEST['cid'] : null; $sid = isset($_REQUEST['sid']) ? (int) $_REQUEST['sid'] : null; // A notice for unauthorized people. api_protect_course_script(true, false, '', $cid); $nameTools = get_lang('Forums'); $forumId = isset($_GET['forum']) ? (int) $_GET['forum'] : 0; $threadId = isset($_GET['thread']) ? (int) $_GET['thread'] : 0; $repo = Container::getForumRepository(); $forumEntity = null; if (!empty($forumId)) { /** @var CForum $forumEntity */ $forumEntity = $repo->find($forumId); } $repoThread = Container::getForumThreadRepository(); $threadEntity = null; if (!empty($threadId)) { /** @var CForumThread $threadEntity */ $threadEntity = $repoThread->find($threadId); } $courseEntity = api_get_course_entity($cid); $sessionEntity = api_get_session_entity($sid); /* Is the user allowed here? */ // if the user is not a course administrator and the forum is hidden // then the user is not allowed here. if (!api_is_allowed_to_create_course() && (false == $forumEntity->isVisible($courseEntity) || false == $threadEntity->isVisible($courseEntity) ) ) { api_not_allowed(false); } $table_posts = Database::get_course_table(TABLE_FORUM_POST); $table_users = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT username, firstname, lastname, u.id, post_date, title as post_title, post_text FROM $table_posts posts INNER JOIN $table_users u ON (posts.poster_id = u.id) WHERE posts.thread_id='".$threadEntity->getIid()."' ORDER BY posts.iid ASC"; $result = Database::query($sql); $template = new Template('', false, false); $content = ''; while ($row = Database::fetch_array($result)) { $content .= ''; $content .= ''; $content .= ''; $content .= ''; $content .= ''; $content .= ''; $content .= ''; } $content .= '

'; $username = api_htmlentities(sprintf(get_lang('Login: %s'), $row['username']), ENT_QUOTES); if ('0' == $row['id']) { $name = $row['poster_name']; } else { $name = api_get_person_name($row['firstname'], $row['lastname']); } $content .= Display::tag('span', $name, ['title' => $username]).' '; $content .= api_convert_and_format_date($row['post_date']).' '; $content .= '	'.Security::remove_XSS($row['post_title']).'
	'.Security::remove_XSS($row['post_text'], STUDENT).'

'; $template->assign('content', $content); $template->display_no_layout_template();