Fixes for capability checks.
[moodle.git] / blog / edit.php
CommitLineData
4a173181 1<?php //$Id$
2
3require_once('../config.php');
4include_once('lib.php');
4a173181 5require_login();
eccfc1ca 6
eccfc1ca 7$courseid = optional_param('courseid', SITEID, PARAM_INT);
8$act = optional_param('act','',PARAM_ALPHA);
9
4a173181 10// detemine where the user is coming from in case we need to send them back there
9ffcd15f 11if (!$referrer = optional_param('referrer','', PARAM_URL)) {
12 if (isset($_SERVER['HTTP_REFERER'])) {
13 $referrer = $_SERVER['HTTP_REFERER'];
14 } else {
15 $referrer = $CFG->wwwroot;
16 }
4a173181 17}
18
bbbf2d40 19
20$context = get_context_instance(CONTEXT_SYSTEM, SITEID);
d7bf6d17 21if (!has_capability('moodle/blog:view', $context)) {
bbbf2d40 22 error(get_string('nopost', 'blog'), $referrer);
4a173181 23}
24
bbbf2d40 25
26// Make sure that the person trying to edit have access right
6524adcf 27if ($editid = optional_param('editid', 0, PARAM_INT)) {
28
29 $blogEntry = get_record('post', 'id', $editid);
30
0468976c 31 if (!blog_user_can_edit_post($blogEntry, $context)) {
bbbf2d40 32 error( get_string('notallowedtoedit', 'blog'), $CFG->wwwroot .'/login/index.php');
4a173181 33 }
6524adcf 34}
35
bbbf2d40 36// Check to see if there is a requested blog to edit
6524adcf 37if (isloggedin() && !isguest()) {
48e79fd1 38 $userid = $USER->id;
4a173181 39} else {
40 error(get_string('noblogspecified', 'blog') .'<a href="'. $CFG->blog_blogurl .'">' .get_string('viewentries', 'blog') .'</a>');
41}
42
bbbf2d40 43// If we are trying to delete an non-existing blog entry
48e79fd1 44if (isset($act) && ($act == 'del') && (empty($blogEntry))) {
45 error ('the entry you are trying to delete does not exist');
46}
47
48
4a173181 49$pageNavigation = 'edit';
4a173181 50include($CFG->dirroot .'/blog/header.php');
51
4a173181 52//////////// SECURITY AND SETUP COMPLETE - NOW PAGE LOGIC ///////////////////
53
eccfc1ca 54if (isset($act) && ($act == 'del') && confirm_sesskey())
4a173181 55{
c2ee4e87 56 $postid = required_param('editid', PARAM_INT);
1a3f39f1 57 if (optional_param('confirm',0,PARAM_INT)) {
d7bf6d17 58 do_delete($postid, $context);
7ffb7e9c 59 } else {
6524adcf 60
7ffb7e9c 61 /// prints blog entry and what confirmation form
1a3f39f1 62 echo '<div align="center"><form method="GET" action="edit.php">';
63 echo '<input type="hidden" name="act" value="del" />';
64 echo '<input type="hidden" name="confirm" value="1" />';
c2ee4e87 65 echo '<input type="hidden" name="editid" value="'.$postid.'" />';
1a3f39f1 66 echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
6524adcf 67
1a3f39f1 68 print_string('blogdeleteconfirm', 'blog');
6524adcf 69 blog_print_entry($blogEntry);
70
1a3f39f1 71 echo '<br />';
72 echo '<input type="submit" value="'.get_string('delete').'" /> ';
73 echo ' <input type="button" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
74 echo '</form></div>';
75 print_footer($course);
48e79fd1 76 exit;
7ffb7e9c 77 }
4a173181 78}
48e79fd1 79
4a173181 80if ($usehtmleditor = can_use_richtext_editor()) {
81 $defaultformat = FORMAT_HTML;
82 $onsubmit = '';
83} else {
84 $defaultformat = FORMAT_MOODLE;
85 $onsubmit = '';
86}
87
9154b440 88if (($post = data_submitted( get_referer() )) && confirm_sesskey()) {
4a173181 89 if (!empty($post->editform)) { //make sure we're processing the edit form here
3a90f389 90 //print_object($post); //debug
4a173181 91
4a173181 92 if (!$post->etitle or !$post->body) {
93 $post->error = get_string('emptymessage', 'forum');
94 }
95 if ($post->act == 'save') {
c2ee4e87 96 do_save($post);
4a173181 97 } else if ($post->act == 'update') {
c2ee4e87 98 do_update($post);
4a173181 99 } else if ($post->act == 'del') {
a488b932 100 $postid = required_param('postid', PARAM_INT);
d7bf6d17 101 do_delete($postid, $context);
4a173181 102 }
103 }
104} else {
105
106 //no post data yet, so load up the post array with default information
107 $post->etitle = '';
108 $post->userid = $USER->id;
109 $post->body = '';
4a173181 110 $post->format = $defaultformat;
4a173181 111 $post->publishstate = 'draft';
4a173181 112}
113
48e79fd1 114if ($editid) { // User is editing a post
4a173181 115 // ensure that editing is allowed first - admin users can edit any posts
1e1ba8c2 116
c2ee4e87 117 $blogEntry = get_record('post','id',$editid);
4a173181 118
119 //using an unformatted entry body here so that extra formatting information is not stored in the db
2f5196e7 120 $post->body = stripslashes_safe($blogEntry->summary);
d1748820 121 $post->etitle = stripslashes_safe($blogEntry->subject);
4a173181 122 $post->postid = $editid;
c2ee4e87 123 $post->userid = $blogEntry->userid;
124 $post->format = $blogEntry->format;
125 $post->publishstate = $blogEntry->publishstate;
4a173181 126}
127
128if (isset($post->postid) && ($post->postid != -1) ) {
9154b440 129 $formHeading = get_string('updateentrywithid', 'blog');
4a173181 130} else {
131 $formHeading = get_string('addnewentry', 'blog');
132}
133
134if (isset($post->error)) {
135 notify($post->error);
136}
137
138print_simple_box_start("center");
139require('edit.html');
140print_simple_box_end();
141
4a173181 142include($CFG->dirroot .'/blog/footer.php');
143
144
145/***************************** edit.php functions ***************************/
146/*
147* do_delete
148* takes $bloginfo_arg argument as reference to a blogInfo object.
149* also takes the postid - the id of the entry to be removed
150*/
d7bf6d17 151function do_delete($postid, $context) {
9ffcd15f 152 global $CFG, $USER, $referrer;
4a173181 153 // make sure this user is authorized to delete this entry.
154 // cannot use $post->pid because it may not have been initialized yet. Also the pid may be in get format rather than post.
c2ee4e87 155 // check ownership
d7bf6d17 156 $blogEntry = get_record('post', 'id', $postid);
c2ee4e87 157
d7bf6d17 158 if (blog_user_can_edit_post($blogEntry, $context)) {
159 if (delete_records('post', 'id', $postid)) {
c2ee4e87 160 //echo "bloginfo_arg:"; //debug
161 //print_object($bloginfo_arg); //debug
162 //echo "pid to delete:".$postid; //debug
163 delete_records('blog_tag_instance', 'entryid', $postid);
164 print '<strong>'. get_string('entrydeleted', 'blog') .'</strong><p>';
165
166 //record a log message of this entry deletion
167 if ($site = get_site()) {
48e79fd1 168 add_to_log($site->id, 'blog', 'delete', 'index.php?userid='. $blogEntry->userid, 'deleted blog entry with entry id# '. $postid);
c2ee4e87 169 }
4a173181 170 }
c2ee4e87 171 }
172 else {
4a173181 173 error(get_string('entryerrornotyours', 'blog'));
174 }
175
176 //comment out this redirect to debug the deletion of entries
9ffcd15f 177
f4c85f46 178 redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
4a173181 179}
180
181/**
182* do_save
183*
184* @param object $post argument is a reference to the post object which is used to store information for the form
185* @param object $bloginfo_arg argument is reference to a blogInfo object.
186*/
c2ee4e87 187function do_save($post) {
9ffcd15f 188 global $USER, $CFG, $referrer;
4a173181 189// echo 'Debug: Post object in do_save function of edit.php<br />'; //debug
190// print_object($post); //debug
191
192 if ($post->body == '') {
193 $post->error = get_string('nomessagebodyerror', 'blog');
194 } else {
195
c2ee4e87 196 /// Write a blog entry into database
197 $blogEntry = new object;
198 $blogEntry->subject = addslashes($post->etitle);
199 $blogEntry->summary = addslashes($post->body);
200 $blogEntry->module = 'blog';
201 $blogEntry->userid = $USER->id;
202 $blogEntry->format = $post->format;
203 $blogEntry->publishstate = $post->publishstate;
204 $blogEntry->lastmodified = time();
205 $blogEntry->created = time();
206
4a173181 207 // Insert the new blog entry.
c2ee4e87 208 $entryID = insert_record('post',$blogEntry);
4a173181 209
210// print 'Debug: created a new entry - entryId = '.$entryID.'<br />'; //debug
211// echo 'Debug: do_save() in edit.php calling blog_do_*back_pings<br />'."\n"; //debug
c2ee4e87 212 if ($entryID) {
213
214 /// Creates a unique hash. I don't know what this is for (Yu)
215 $dataobject = new object;
216 $dataobject->uniquehash = md5($blogEntry->userid.$CFG->wwwroot.$entryID);
217 update_record('post', $dataobject);
218
219 /// Associate tags with entries
e315e16c 220
c2ee4e87 221 $tag = NULL;
222 $tag->entryid = $entryID;
223 $tag->userid = $USER->id;
224 $tag->timemodified = time();
225
226 /// Add tags information
e315e16c 227 if ($otags = optional_param('otags','', PARAM_INT)) {
228 foreach ($otags as $otag) {
229 $tag->tagid = $otag;
230 insert_record('blog_tag_instance',$tag);
231 }
c2ee4e87 232 }
233
e315e16c 234 if ($ptags = optional_param('ptags','', PARAM_INT)) {
235 foreach ($ptags as $ptag) {
236 $tag->tagid = $ptag;
237 insert_record('blog_tag_instance',$tag);
238 }
c2ee4e87 239 }
240
241 print '<strong>'. get_string('entrysaved', 'blog') .'</strong><br />';
4a173181 242 }
4a173181 243 //record a log message of this entry addition
244 if ($site = get_site()) {
14148bc2 245 add_to_log($site->id, 'blog', 'add', 'index.php?userid='. $blogEntry->userid .'&postid='. $entryID, $blogEntry->subject);
4a173181 246 }
9ffcd15f 247
248 redirect($referrer);
249 /*
4a173181 250 //to debug this save function comment out the following redirect code
9154b440 251 if ($courseid == SITEID || $courseid == 0 || $courseid == '') {
c2ee4e87 252 redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
4a173181 253 } else {
254 redirect($CFG->wwwroot .'/course/view.php?id='. $courseid);
9ffcd15f 255 }*/
4a173181 256 }
257}
258
259/**
260 * @param . $post argument is a reference to the post object which is used to store information for the form
261 * @param . $bloginfo_arg argument is reference to a blogInfo object.
262 * @todo complete documenting this function. enable trackback and pingback between entries on the same server
263 */
c2ee4e87 264function do_update($post) {
265 // here post = data_submitted();
9ffcd15f 266 global $CFG, $USER, $referrer;
c2ee4e87 267 $blogEntry = get_record('post','id',$post->postid);
268// echo "id id ".$post->postid;
4a173181 269// print_object($blogentry); //debug
270
c2ee4e87 271 $blogEntry->subject = addslashes($post->etitle);
272 $blogEntry->summary = addslashes($post->body);
273 if ($blogEntry->summary == '<br />') {
274 $blogEntry->summary = '';
275 }
276 $blogEntry->format = $post->format;
277 $blogEntry->publishstate = $post->publishstate; //we don't care about the return value here
4a173181 278
c2ee4e87 279 if ( update_record('post',$blogEntry)) {
280 delete_records('blog_tag_instance', 'entryid', $blogEntry->id);
4a173181 281
2d642a13 282 $tag = NULL;
c2ee4e87 283 $tag->entryid = $blogEntry->id;
2d642a13 284 $tag->userid = $USER->id;
285 $tag->timemodified = time();
976982d3 286
60534cfc 287 /// Add tags information
9fad492e 288 if ($otags = optional_param('otags','', PARAM_INT)) {
289 foreach ($otags as $otag) {
290 $tag->tagid = $otag;
291 insert_record('blog_tag_instance',$tag);
292 }
4a173181 293 }
294
9fad492e 295 if ($ptags = optional_param('ptags','', PARAM_INT)) {
296 foreach ($ptags as $ptag) {
297 $tag->tagid = $ptag;
298 insert_record('blog_tag_instance',$tag);
299 }
4a173181 300 }
976982d3 301
4a173181 302 // only do pings if the entry is published to the world
303 // Daryl Hawes note - eventually should check if it's on the same server
304 // and if so allow pb/tb as well - especially now that moderation is in place
305 print '<strong>'. get_string('entryupdated', 'blog') .'</strong><p>';
306
307 //record a log message of this entry update action
308 if ($site = get_site()) {
14148bc2 309 add_to_log($site->id, 'blog', 'update', 'index.php?userid='. $blogEntry->userid .'&postid='. $post->postid, $blogEntry->subject);
4a173181 310 }
9ffcd15f 311
312 redirect($referrer);
313 //to debug this save function comment out the following redirect code
314/*
315 if ($courseid == SITEID || $courseid == 0 || $courseid == '') {
316 redirect($CFG->wwwroot .'/blog/index.php?userid='. $blogEntry->userid);
317 } else {
318 redirect($CFG->wwwroot .'/course/view.php?id='. $courseid);
319 }*/
4a173181 320 } else {
321// get_string('', 'blog') //Daryl Hawes note: localize this line
fea68f90 322 $post->error = 'There was an error updating this post in the database';
4a173181 323 }
324}
d7bf6d17 325?>