require_once('lib.php');
//param needed to go back to view.php
- $d = optional_param('d', 0, PARAM_INT); // database id
- $search = optional_param('search','',PARAM_NOTAGS); //search string
- $page = optional_param('page', 0, PARAM_INT); //offset of the current record
- $rid = optional_param('rid', 0, PARAM_INT); //record id
- $sort = optional_param('sort',0,PARAM_INT); //sort by field
- $order = optional_param('order','ASC',PARAM_ALPHA); //sort order
- $group = optional_param('group','0',PARAM_INT); //groupid
+ $rid = required_param('rid', PARAM_INT); // Record ID
+ $page = optional_param('page', 0, PARAM_INT); // Page ID
//param needed for comment operations
$mode = optional_param('mode','',PARAM_ALPHA);
- $rid = optional_param('rid','',PARAM_INT);
$commentid = optional_param('commentid','',PARAM_INT);
$confirm = optional_param('confirm','',PARAM_INT);
$commentcontent = optional_param('commentcontent','',PARAM_NOTAGS);
$template = optional_param('template','',PARAM_ALPHA);
- if ((!$record = get_record('data_records','id',$rid))) {
- if (!$comment = get_record('data_comments','id',$commentid)) {
- error ('this record does not exist');
- } else {
- $record = get_record('data_records','id',$comment->recordid);
- }
+ if (! $record = get_record('data_records', 'id', $rid)) {
+ error('Record ID is incorrect');
+ }
+ if (! $data = get_record('data', 'id', $record->dataid)) {
+ error('Data ID is incorrect');
}
-
- if (!$data = get_record('data','id',$record->dataid)) {
- error ('this database does not exist');
+ if (! $course = get_record('course', 'id', $data->course)) {
+ error('Course is misconfigured');
+ }
+
+ require_login($course->id);
+
+ if ($commentid) {
+ if (! $comment = get_record('data_comments', 'id', $commentid)) {
+ error('Comment ID is misconfigured');
+ }
+ if ($comment->recordid != $record->id) {
+ error('Comment ID is misconfigured');
+ }
+ if (!isteacher($course->id) && $comment->userid != $USER->id) {
+ error('Comment is not yours to edit!');
+ }
}
-
+
switch ($mode) {
case 'add':
$newcomment = new object;
$newcomment->userid = $USER->id;
$newcomment->created = time();
$newcomment->modified = time();
- if (($newcomment->content = $commentcontent) && ($newcomment->recordid = $rid)) {
+ if (($newcomment->content = $commentcontent) && ($newcomment->recordid = $record->id)) {
insert_record('data_comments',$newcomment);
}
- redirect('view.php?d='.s($d).'&search='.s($search).'&sort='.s($sort).'&order='.s($order).'&group='.s($group).'&page='.s($page).'&rid='.s($rid), get_string("commentsaved", "data"));
+ redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentsaved', 'data'));
break;
case 'edit': //print edit form
print_header();
- $comment = get_record('data_comments','id',$commentid);
- print_heading('Edit');
+ print_heading(get_string('edit'));
echo '<div align="center">';
echo '<form action="comment.php" method="post">';
- echo '<input type="hidden" name="commentid" value="'.$commentid.'" />';
-
- echo '<input type="hidden" name="d" value="'.$d.'" />';
- echo '<input type="hidden" name="search" value="'.$search.'" />';
- echo '<input type="hidden" name="rid" value="'.$rid.'" />';
- echo '<input type="hidden" name="sort" value="'.$sort.'" />';
- echo '<input type="hidden" name="order" value="'.$order.'" />';
- echo '<input type="hidden" name="group" value="'.$group.'" />';
+ echo '<input type="hidden" name="commentid" value="'.$comment->id.'" />';
+ echo '<input type="hidden" name="rid" value="'.$record->id.'" />';
echo '<input type="hidden" name="page" value="'.$page.'" />';
echo '<textarea name="commentcontent">'.s($comment->content).'</textarea>';
break;
case 'editcommit': //update db
- $newcomment = new object;
- $newcomment->id = $commentid;
- $newcomment->content = $commentcontent;
- $newcomment->modified = time();
- update_record('data_comments',$newcomment);
- redirect('view.php?d='.s($d).'&search='.s($search).'&sort='.s($sort).'&order='.s($order).'&group='.s($group).'&page='.s($page).'&rid='.s($rid), get_string("commentsaved", "data"));
+ if ($comment) {
+ $newcomment = new object;
+ $newcomment->id = $comment->id;
+ $newcomment->content = $commentcontent;
+ $newcomment->modified = time();
+ update_record('data_comments',$newcomment);
+ }
+ redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentsaved', 'data'));
break;
case 'delete': //deletes single comment from db
- if ($confirm and confirm_sesskey()) {
- delete_records('data_comments','id',$commentid);
- redirect('view.php?d='.s($d).'&search='.s($search).'&sort='.s($sort).'&order='.s($order).'&group='.s($group).'&page='.s($page).'&rid='.s($rid), get_string("commentsaved", "data"));
+ if ($confirm and confirm_sesskey() and $comment) {
+ delete_records('data_comments','id',$comment->id);
+ redirect('view.php?rid='.$record->id.'&page='.$page, get_string('commentdeleted', 'data'));
+
} else { //print confirm delete form
print_header();
- print_heading('Delete Confirm');
- data_print_comment($d, $commentid);
- echo '<div align="center">';
- echo '<form action="comment.php" method="post">';
- echo '<input type="hidden" name="commentid" value="'.$commentid.'" />';
- echo '<input type="hidden" name="d" value="'.$d.'" />';
- echo '<input type="hidden" name="search" value="'.$search.'" />';
- echo '<input type="hidden" name="rid" value="'.$rid.'" />';
- echo '<input type="hidden" name="sort" value="'.$sort.'" />';
- echo '<input type="hidden" name="order" value="'.$order.'" />';
- echo '<input type="hidden" name="group" value="'.$group.'" />';
- echo '<input type="hidden" name="page" value="'.$page.'" />';
- echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
- echo '<input type="hidden" name="mode" value="delete" />';
- echo '<input type="hidden" name="confirm" value="1" />';
- echo '<br /><input type="submit" value="'.get_string('ok').'" />';
- echo '<input type="button" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
- echo '</form></div>';
+ data_print_comment($data, $comment, $page);
+
+ notice_yesno(get_string('deletecomment','data'),
+ 'comment.php?rid='.$record->id.'&commentid='.$comment->id.'&page='.$page.
+ '&sesskey='.sesskey().'&mode=delete&confirm=1',
+ 'view.php?rid='.$record->id.'&page='.$page);
print_footer();
}
* @param string $template *
* output null *
************************************************************************/
-function data_print_template($template, $records, $data, $search='', $return=false){
+function data_print_template($template, $records, $data, $search='',$page=0, $return=false){
global $CFG;
static $fields = NULL;
$patterns[]='/\#\#Comment\#\#/i';
if (($template == 'listtemplate') && ($data->comments)) {
$comments = count_records('data_comments','recordid',$record->id);
- $replacement[] = '<a href="comment.php?d='.$data->id.'&rid='.$record->id.'">'.$comments.' '.get_string('comment','data').'</a>';
+ $replacement[] = '<a href="comment.php?rid='.$record->id.'&page='.$page.'">'.$comments.' '.get_string('comment','data').'</a>';
} else {
$replacement[] = '';
}
* Printing Ratings Form *
*********************************/
if (($template == 'singletemplate') && ($data->comments)) { //prints ratings options
- data_print_comments($data, $record);
+ data_print_comments($data, $record, $page);
}
}
//prints all comments + a text box for adding additional comment
-function data_print_comments($data, $record) {
- //foreach comment, print it!
- //(with links to edit, remove etc, but no reply!!!!!)
+function data_print_comments($data, $record, $page=0) {
+
if ($comments = get_records('data_comments','recordid',$record->id)) {
foreach ($comments as $comment) {
- data_print_comment($data, $comment->id);
+ data_print_comment($data, $comment, $page);
}
}
- echo '<p /><div align="center"><form method="post" action="comment.php">';
+ echo '<div class="newcomment" align="center"><form method="post" action="comment.php">';
echo '<input type="hidden" name="mode" value="add" />';
+ echo '<input type="hidden" name="page" value="'.$page.'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="rid" value="'.$record->id.'" />';
}
//prints a single comment entry
-function data_print_comment($data, $commentid) {
+function data_print_comment($data, $comment, $page=0) {
global $USER, $CFG;
$stredit = get_string('edit');
$strdelete = get_string('delete');
- $comment = get_record('data_comments','id',$commentid);
$user = get_record('user','id',$comment->userid);
echo '<div align="center"><table cellspacing="0" width ="50%" class="forumpost">';
echo '<div class="commands">';
if (data_isowner($comment->recordid) or isteacher($data->course)) {
- echo '<a href="'.$CFG->wwwroot.'/mod/data/comment.php?d='.$data->id.'&mode=edit&commentid='.$comment->id.'">'.$stredit.'</a>';
- echo '| <a href="'.$CFG->wwwroot.'/mod/data/comment.php?d='.$data->id.'&mode=delete&commentid='.$comment->id.'">'.$strdelete.'</a>';
+ echo '<a href="'.$CFG->wwwroot.'/mod/data/comment.php?rid='.$comment->recordid.'&mode=edit&commentid='.$comment->id.'&page='.$page.'">'.$stredit.'</a>';
+ echo '| <a href="'.$CFG->wwwroot.'/mod/data/comment.php?rid='.$comment->recordid.'&mode=delete&commentid='.$comment->id.'&page='.$page.'">'.$strdelete.'</a>';
}
echo '</div>';
projects / moodle.git / commitdiff