MDL-40266 improve emulate_bound_params() for mysqli
[moodle.git] / comment / comment_ajax.php
CommitLineData
1bcb7eb5 1<?php
1bcb7eb5 2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/*
18 * Handling all ajax request for comments API
35453657
DC
19 *
20 * @package core
21 * @copyright 2010 Dongsheng Cai {@link http://dongsheng.org}
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
1bcb7eb5 23 */
2696b976
PS
24define('AJAX_SCRIPT', true);
25
1bcb7eb5 26require_once('../config.php');
36051c9e 27require_once($CFG->dirroot . '/comment/lib.php');
1bcb7eb5 28
1bcb7eb5 29$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
c1951ea9
DC
30$action = optional_param('action', '', PARAM_ALPHA);
31
32if (empty($CFG->usecomments)) {
33 throw new comment_exception('commentsnotenabled', 'moodle');
34}
35
57588523 36list($context, $course, $cm) = get_context_info_array($contextid);
1bcb7eb5 37
467c85d7
DC
38$PAGE->set_url('/comment/comment_ajax.php');
39
c1951ea9
DC
40// Allow anonymous user to view comments providing forcelogin now enabled
41require_course_login($course, true, $cm);
42$PAGE->set_context($context);
43if (!empty($cm)) {
44 $PAGE->set_cm($cm, $course);
45} else if (!empty($course)) {
46 $PAGE->set_course($course);
47}
18fb4d75 48
df796bf0 49if (!confirm_sesskey()) {
c1951ea9 50 $error = array('error'=>get_string('invalidsesskey', 'error'));
df796bf0
DC
51 die(json_encode($error));
52}
53
c1951ea9 54$client_id = required_param('client_id', PARAM_ALPHANUM);
aff24313 55$area = optional_param('area', '', PARAM_AREA);
467c85d7
DC
56$commentid = optional_param('commentid', -1, PARAM_INT);
57$content = optional_param('content', '', PARAM_RAW);
58$itemid = optional_param('itemid', '', PARAM_INT);
59$page = optional_param('page', 0, PARAM_INT);
aff24313 60$component = optional_param('component', '', PARAM_COMPONENT);
1bcb7eb5 61
467c85d7 62// initilising comment object
c1951ea9
DC
63$args = new stdClass;
64$args->context = $context;
65$args->course = $course;
66$args->cm = $cm;
67$args->area = $area;
68$args->itemid = $itemid;
69$args->client_id = $client_id;
70$args->component = $component;
71$manager = new comment($args);
72
73echo $OUTPUT->header(); // send headers
866354a9 74
467c85d7 75// process ajax request
1bcb7eb5 76switch ($action) {
2696b976 77 case 'add':
c1951ea9
DC
78 if ($manager->can_post()) {
79 $result = $manager->add($content);
80 if (!empty($result) && is_object($result)) {
81 $result->count = $manager->count();
82 $result->client_id = $client_id;
83 echo json_encode($result);
84 die();
85 }
15894c65 86 }
2696b976
PS
87 break;
88 case 'delete':
c1951ea9
DC
89 $comment_record = $DB->get_record('comments', array('id'=>$commentid));
90 if ($manager->can_delete($commentid) || $comment_record->userid == $USER->id) {
91 if ($manager->delete($commentid)) {
92 $result = array(
93 'client_id' => $client_id,
94 'commentid' => $commentid
95 );
96 echo json_encode($result);
97 die();
98 }
15894c65 99 }
2696b976
PS
100 break;
101 case 'get':
102 default:
c1951ea9
DC
103 if ($manager->can_view()) {
104 $comments = $manager->get_comments($page);
105 $result = array(
106 'list' => $comments,
107 'count' => $manager->count(),
108 'pagination' => $manager->get_pagination($page),
109 'client_id' => $client_id
110 );
111 echo json_encode($result);
112 die();
113 }
114 break;
115}
116
117if (!isloggedin()) {
118 // tell user to log in to view comments
119 echo json_encode(array('error'=>'require_login'));
1bcb7eb5 120}
c1951ea9
DC
121// ignore request
122die;