/**
* Adding a group
* @param int the group type specified in the table, social_groups_types
* @param string name of the group
* @param string description of the group
* @param int privacy setting, public is 0, private is 1. Public means everyone can see the message board and users. Private is the opposite
* @return the id of this new group if succeded, false otherwise.
*/
function addGroup($type_id, $name, $description, $privacy)
{
global $addslashes;
$type_id = intval($type_id);
$name = $addslashes($name);
$description = $addslashes($description);
$privacy = intval($privacy);
$member_id = $_SESSION['member_id'];
$sql = "INSERT INTO %ssocial_groups (`member_id`, `type_id`, `name`, `description`, `privacy`, `created_date`, `last_updated`) VALUES (%d, %d, '%s', '%s', %d, NOW(), NOW())";
$result = queryDB($sql, array(TABLE_PREFIX, $member_id, $type_id, $name, $description, $privacy));
$group_id = at_insert_id();
if ($result > 0) {
//add it to the group member table
$sql = "INSERT INTO %ssocial_groups_members (group_id, member_id) VALUES (%d, %d)";
$result = queryDB($sql, array(TABLE_PREFIX, $group_id, $_SESSION['member_id']));
if ($result > 0) {
$act = new Activity();
$str1 = _AT('has_added_group', '<a href="' . url_rewrite(AT_SOCIAL_BASENAME . 'groups/view.php?id=' . $group_id) . '">' . htmlentities_utf8($name)) . '</a>';
$act->addActivity($member_id, $str1);
unset($act);
}
return $group_id;
}
return false;
}
function init_test_result_questions($test_id, $is_random, $num_questions, $mid)
{
$sql = "INSERT INTO %stests_results VALUES (NULL, %d, '%s', NOW(), '', 0, NOW(), 0)";
$result = queryDB($sql, array(TABLE_PREFIX, $test_id, $mid));
$result_id = at_insert_id();
if ($is_random) {
// Retrieve 'num_questions' question_id randomly from those who are related to this test_id
$non_required_questions = array();
$required_questions = array();
$sql = "SELECT question_id, required FROM %stests_questions_assoc WHERE test_id=%d";
$rows_questions = queryDB($sql, array(TABLE_PREFIX, $test_id));
foreach ($rows_questions as $row) {
if ($row['required'] == 1) {
$required_questions[] = $row['question_id'];
} else {
$non_required_questions[] = $row['question_id'];
}
}
$num_required = count($required_questions);
if ($num_required < max(1, $num_questions)) {
shuffle($non_required_questions);
$required_questions = array_merge($required_questions, array_slice($non_required_questions, 0, $num_questions - $num_required));
}
$random_id_string = implode(',', $required_questions);
$sql = "SELECT TQ.*, TQA.* FROM %stests_questions TQ INNER JOIN %stests_questions_assoc TQA USING (question_id) WHERE TQ.course_id=%d AND TQA.test_id=%d AND TQA.question_id IN (%s) ORDER BY TQ.question_id";
$rows_questions = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $_SESSION['course_id'], $test_id, $random_id_string));
} else {
$sql = "SELECT TQ.*, TQA.* FROM %stests_questions TQ INNER JOIN %stests_questions_assoc TQA USING (question_id) WHERE TQ.course_id=%d AND TQA.test_id=%d ORDER BY TQA.ordering, TQA.question_id";
$rows_questions = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $_SESSION['course_id'], $test_id));
}
// $sql either gets a random set of questions (if $test_row['random']) ordered by 'question_id'
// or the set of all questions for this test (sorted by 'ordering').
foreach ($rows_questions as $row) {
$sql = "INSERT INTO %stests_answers VALUES (%d, %d, %d, '', '', '')";
$result = queryDB($sql, array(TABLE_PREFIX, $result_id, $row['question_id'], $_SESSION['member_id']));
}
return $result_id;
}
$_POST['postal'] = $addslashes($_POST['postal']);
$_POST['city'] = $addslashes($_POST['city']);
$_POST['province'] = $addslashes($_POST['province']);
$_POST['country'] = $addslashes($_POST['country']);
$_POST['phone'] = $addslashes($_POST['phone']);
if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
$status = AT_STATUS_UNCONFIRMED;
} else {
$status = AT_STATUS_STUDENT;
}
$now = date('Y-m-d H:i:s');
// we use this later for the email confirmation.
/* insert into the db */
$sql = "INSERT INTO %smembers \n\t\t (login,\n\t\t password,\n\t\t email,\n\t\t website,\n\t\t first_name,\n\t\t second_name,\n\t\t last_name,\n\t\t dob,\n\t\t gender,\n\t\t address,\n\t\t postal,\n\t\t city,\n\t\t province,\n\t\t country,\n\t\t phone,\n\t\t status,\n\t\t preferences,\n\t\t creation_date,\n\t\t language,\n\t\t inbox_notify,\n\t\t private_email,\n\t\t last_login)\n\t\t VALUES ('{$_POST['login']}',\n\t\t '{$_POST['password']}',\n\t\t '{$_POST['email']}',\n\t\t '{$_POST['website']}',\n\t\t '{$_POST['first_name']}',\n\t\t '{$_POST['second_name']}',\n\t\t '{$_POST['last_name']}', \n\t\t '{$dob}', \n\t\t '{$_POST['gender']}', \n\t\t '{$_POST['address']}',\n\t\t '{$_POST['postal']}',\n\t\t '{$_POST['city']}',\n\t\t '{$_POST['province']}',\n\t\t '{$_POST['country']}', \n\t\t '{$_POST['phone']}', \n\t\t {$status}, \n\t\t '{$_config['pref_defaults']}', \n\t\t '{$now}',\n\t\t '{$_SESSION['lang']}', \n\t\t {$_config['pref_inbox_notify']}, \n\t\t {$_POST['private_email']}, \n\t\t '0000-00-00 00:00:00')";
$result = queryDB($sql, array(TABLE_PREFIX)) or die(at_db_error());
$m_id = at_insert_id($db);
if (!$result) {
require AT_INCLUDE_PATH . 'header.inc.php';
$msg->addError('DB_NOT_UPDATED');
$msg->printAll();
require AT_INCLUDE_PATH . 'footer.inc.php';
exit;
}
if (isset($master_list_sql)) {
queryDB($master_list_sql, array(TABLE_PREFIX, $student_id, $student_pin));
}
//reset login attempts
if ($result) {
$sql = "DELETE FROM %smember_login_attempt WHERE login='******'";
queryDB($sql, array(TABLE_PREFIX, $_POST['login']));
}
function importQTI($question)
{
global $msg;
if ($question['question'] == '') {
$msg->addError(array('EMPTY_FIELDS', _AT('question')));
}
//Multiple answer can have 0+ answers, in the QTIImport.class, if size(answer) < 2, answer will be came a scalar.
//The following code will change $question[answer] back to a vector.
$question['answer'] = $question['answers'];
if (!$msg->containsErrors()) {
$choice_new = array();
// stores the non-blank choices
$answer_new = array();
// stores the associated "answer" for the choices
foreach ($question['choice'] as $choiceNum => $choiceOpt) {
$choiceOpt = validate_length($choiceOpt, 255);
$choiceOpt = escapeSQLValue(trim($choiceOpt));
$question['answer'][$choiceNum] = intval($question['answer'][$choiceNum]);
if ($choiceOpt == '') {
/* an empty option can't be correct */
$question['answer'][$choiceNum] = 0;
} else {
/* filter out empty choices/ remove gaps */
$choice_new[] = $choiceOpt;
if (in_array($choiceNum, $question['answer'])) {
$answer_new[] = 1;
} else {
$answer_new[] = 0;
}
if ($question['answer'][$choiceNum] != 0) {
$has_answer = TRUE;
}
}
}
if ($has_answer != TRUE) {
$hidden_vars['required'] = htmlspecialchars($question['required']);
$hidden_vars['feedback'] = htmlspecialchars($question['feedback']);
$hidden_vars['question'] = htmlspecialchars($question['question']);
$hidden_vars['category_id'] = htmlspecialchars($question['category_id']);
for ($i = 0; $i < count($choice_new); $i++) {
$hidden_vars['answer[' . $i . ']'] = htmlspecialchars($answer_new[$i]);
$hidden_vars['choice[' . $i . ']'] = htmlspecialchars($choice_new[$i]);
}
$msg->addConfirm('NO_ANSWER', $hidden_vars);
} else {
//add slahes throughout - does that fix it?
$question['answer'] = $answer_new;
$question['choice'] = $choice_new;
$question['answer'] = array_pad($question['answer'], 10, 0);
$question['choice'] = array_pad($question['choice'], 10, '');
$question['feedback'] = str_replace("'", "\\'", escapeSQLValue($question['feedback']));
$question['question'] = str_replace("'", "\\'", escapeSQLValue($question['question']));
$sql_params = array($question['category_id'], $_SESSION['course_id'], $question['feedback'], $question['question'], $question['choice'][0], $question['choice'][1], $question['choice'][2], $question['choice'][3], $question['choice'][4], $question['choice'][5], $question['choice'][6], $question['choice'][7], $question['choice'][8], $question['choice'][9], $question['answer'][0], $question['answer'][1], $question['answer'][2], $question['answer'][3], $question['answer'][4], $question['answer'][5], $question['answer'][6], $question['answer'][7], $question['answer'][8], $question['answer'][9], 'DEFAULT');
$sql = vsprintf(AT_SQL_QUESTION_MULTIANSWER, $sql_params);
$result = queryDB($sql, array());
if ($result > 0) {
return at_insert_id();
}
}
}
}
/**
* Insert record into table patches_files
* @access private
* @param $patch_files_array Patch information
* @author Cindy Qi Li
*/
function createPatchesFilesRecord($patch_files_array)
{
$sql = "INSERT INTO %spatches_files (patches_id, action, name, location) VALUES (%d, '%s', '%s', '%s' )";
$result = queryDB($sql, array(TABLE_PREFIX, $this->patch_id, $this->patch_id, $patch_files_array['action'], my_add_null_slashes($patch_files_array['name']), my_add_null_slashes($patch_files_array['location'])));
$this->patch_file_id = at_insert_id();
return true;
}
function add_update_course($course_data, $isadmin = FALSE)
{
require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
global $addslashes;
global $db;
global $system_courses;
global $MaxCourseSize;
global $msg;
global $_config;
global $_config_defaults;
global $stripslashes;
$Backup = new Backup($db);
$missing_fields = array();
if ($course_data['title'] == '') {
$missing_fields[] = _AT('title');
}
if (!$course_data['instructor']) {
$missing_fields[] = _AT('instructor');
}
if ($missing_fields) {
$missing_fields = implode(', ', $missing_fields);
$msg->addError(array('EMPTY_FIELDS', $missing_fields));
}
$course_data['access'] = $addslashes($course_data['access']);
$course_data['title'] = $addslashes($course_data['title']);
$course_data['description'] = $addslashes($course_data['description']);
$course_data['hide'] = $addslashes($course_data['hide']);
$course_data['pri_lang'] = $addslashes($course_data['pri_lang']);
$course_data['created_date'] = $addslashes($course_data['created_date']);
$course_data['copyright'] = $addslashes($course_data['copyright']);
$course_data['icon'] = $addslashes($course_data['icon']);
$course_data['banner'] = $addslashes($course_data['banner']);
$course_data['course_dir_name'] = $addslashes($course_data['course_dir_name']);
$course_data['course'] = intval($course_data['course']);
$course_data['notify'] = intval($course_data['notify']);
$course_data['hide'] = intval($course_data['hide']);
$course_data['instructor'] = intval($course_data['instructor']);
$course_data['category_parent'] = intval($course_data['category_parent']);
$course_data['rss'] = intval($course_data['rss']);
// Course directory name (aka course slug)
if ($course_data['course_dir_name'] != '') {
//validate the course_dir_name, allow only alphanumeric, underscore.
if (preg_match('/^[\\w][\\w\\d\\_]+$/', $course_data['course_dir_name']) == 0) {
$msg->addError('COURSE_DIR_NAME_INVALID');
}
//check if the course_dir_name is already being used
$sql = "SELECT COUNT(course_id) as cnt FROM %scourses WHERE course_id!=%d AND course_dir_name='%s'";
$num_of_dir = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['course_dir_name']), TRUE);
if (intval($num_of_dir['cnt']) > 0) {
$msg->addError('COURSE_DIR_NAME_IN_USE');
}
}
// Custom icon
if ($_FILES['customicon']['name'] != '') {
// Use custom icon instead if it exists
$course_data['icon'] = $addslashes($_FILES['customicon']['name']);
}
if ($_FILES['customicon']['error'] == UPLOAD_ERR_FORM_SIZE) {
// Check if filesize is too large for a POST
$msg->addError(array('FILE_MAX_SIZE', $_config['prof_pic_max_file_size'] . ' ' . _AT('bytes')));
}
if ($course_data['release_date']) {
$day_release = intval($course_data['day_release']);
$month_release = intval($course_data['month_release']);
$year_release = intval($course_data['year_release']);
$hour_release = intval($course_data['hour_release']);
$min_release = intval($course_data['min_release']);
if (!checkdate($month_release, $day_release, $year_release)) {
//or date is in the past
$msg->addError('RELEASE_DATE_INVALID');
}
if (strlen($month_release) == 1) {
$month_release = "0{$month_release}";
}
if (strlen($day_release) == 1) {
$day_release = "0{$day_release}";
}
if (strlen($hour_release) == 1) {
$hour_release = "0{$hour_release}";
}
if (strlen($min_release) == 1) {
$min_release = "0{$min_release}";
}
$release_date = "{$year_release}-{$month_release}-{$day_release} {$hour_release}:{$min_release}:00";
} else {
$release_date = "0000-00-00 00:00:00";
}
if ($course_data['end_date']) {
$day_end = intval($course_data['day_end']);
$month_end = intval($course_data['month_end']);
$year_end = intval($course_data['year_end']);
$hour_end = intval($course_data['hour_end']);
$min_end = intval($course_data['min_end']);
if (!checkdate($month_end, $day_end, $year_end)) {
//or date is in the past
$msg->addError('END_DATE_INVALID');
}
if (strlen($month_end) == 1) {
$month_end = "0{$month_end}";
}
if (strlen($day_end) == 1) {
$day_end = "0{$day_end}";
}
if (strlen($hour_end) == 1) {
$hour_end = "0{$hour_end}";
}
if (strlen($min_end) == 1) {
$min_end = "0{$min_end}";
}
$end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
} else {
$end_date = "0000-00-00 00:00:00";
}
$initial_content_info = explode('_', $course_data['initial_content'], 2);
//admin
$course_quotas = '';
if ($isadmin) {
$instructor = $course_data['instructor'];
$quota = intval($course_data['quota']);
$quota_entered = intval($course_data['quota_entered']);
$filesize = intval($course_data['filesize']);
$filesize_entered = intval($course_data['filesize_entered']);
//if they checked 'other', set quota=entered value, if it is empty or negative, set to default (-2)
if ($quota == '2') {
if ($quota_entered == '' || empty($quota_entered) || $quota_entered < 0) {
$quota = AT_COURSESIZE_DEFAULT;
} else {
$quota = floatval($quota_entered);
$quota = megabytes_to_bytes($quota);
}
}
//if they checked 'other', set filesize=entered value, if it is empty or negative, set to default
if ($filesize == '2') {
if ($filesize_entered == '' || empty($filesize_entered) || $filesize_entered < 0) {
$filesize = AT_FILESIZE_DEFAULT;
$msg->addFeedback('COURSE_DEFAULT_FSIZE');
} else {
$filesize = floatval($filesize_entered);
$filesize = megabytes_to_bytes($filesize);
}
}
$course_quotas = "max_quota='{$quota}', max_file_size='{$filesize}',";
} else {
$instructor = $_SESSION['member_id'];
if (!$course_data['course']) {
$course_quotas = "max_quota=" . AT_COURSESIZE_DEFAULT . ", max_file_size=" . AT_FILESIZE_DEFAULT . ",";
$row = $Backup->getRow($initial_content_info[0], $initial_content_info[1]);
if (count($initial_content_info) == 2 && $system_courses[$initial_content_info[1]]['member_id'] == $_SESSION['member_id']) {
if ($MaxCourseSize < $row['contents']['file_manager']) {
$msg->addError('RESTORE_TOO_BIG');
}
} else {
$initial_content_info = intval($course_data['initial_content']);
}
} else {
unset($initial_content_info);
$course_quotas = "max_quota='{$system_courses[$course_data[course]][max_quota]}', max_file_size='{$system_courses[$course_data[course]][max_file_size]}',";
}
}
if ($msg->containsErrors()) {
return FALSE;
}
//display defaults
if (!$course_data['course']) {
$menu_defaults = ",home_links='{$_config['home_defaults']}', main_links='{$_config['main_defaults']}', side_menu='{$_config['side_defaults']}'";
} else {
$menu_defaults = ',home_links=\'' . $system_courses[$course_data['course']]['home_links'] . '\', main_links=\'' . $system_courses[$course_data['course']]['main_links'] . '\', side_menu=\'' . $system_courses[$course_data['course']]['side_menu'] . '\'';
}
$sql = "REPLACE INTO %scourses \n SET \n course_id=%d, \n member_id='%s', \n access='%s', \n title='%s', \n description='%s', \n course_dir_name='%s', \n cat_id=%d, \n content_packaging='%s', \n notify=%d, \n hide=%d, \n {$course_quotas}\n primary_language='%s',\n created_date='%s',\n rss=%d,\n copyright='%s',\n icon='%s',\n banner='%s',\n release_date='%s', \n end_date='%s' \n {$menu_defaults}";
$result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['instructor'], $course_data['access'], $course_data['title'], $course_data['description'], $course_data['course_dir_name'], $course_data['category_parent'], $course_data['content_packaging'], $course_data['notify'], $course_data['hide'], $course_data['pri_lang'], $course_data['created_date'], $course_data['rss'], $course_data['copyright'], $course_data['icon'], $course_data['banner'], $release_date, $end_date));
if (!$result) {
echo at_db_error();
echo 'DB Error';
exit;
}
$new_course_id = $_SESSION['course_id'] = at_insert_id();
if (isset($isadmin)) {
global $sqlout;
write_to_log(AT_ADMIN_LOG_REPLACE, 'courses', $result, $sqlout);
}
if (isset($isadmin)) {
//get current instructor and unenroll from course if different from POST instructor
$old_instructor = $system_courses[$course_data['course']]['member_id'];
if ($old_instructor != $course_data['instructor']) {
//remove old from course enrollment
$sql = "DELETE FROM %scourse_enrollment WHERE course_id=%d AND member_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $old_instructor));
global $sqlout;
write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout);
}
}
//enroll new instructor
$sql = "REPLACE INTO %scourse_enrollment VALUES (%d, %d, 'y', 0, '" . _AT('instructor') . "', 0)";
$result = queryDB($sql, array(TABLE_PREFIX, $course_data['instructor'], $new_course_id));
if (isset($isadmin)) {
global $sqlout;
write_to_log(AT_ADMIN_LOG_REPLACE, 'course_enrollment', $result, $sqlout);
}
// create the course content directory
$path = AT_CONTENT_DIR . $new_course_id . '/';
@mkdir($path, 0700);
@copy(AT_CONTENT_DIR . 'index.html', AT_CONTENT_DIR . $new_course_id . '/index.html');
// create the course backup directory
$path = AT_BACKUP_DIR . $new_course_id . '/';
@mkdir($path, 0700);
@copy(AT_CONTENT_DIR . 'index.html', AT_BACKUP_DIR . $new_course_id . '/index.html');
/* insert some default content: */
if (!$course_data['course_id'] && $course_data['initial_content'] == '1') {
$contentManager = new ContentManager($db, $new_course_id);
$contentManager->initContent();
$cid = $contentManager->addContent($new_course_id, 0, 1, _AT('welcome_to_atutor'), addslashes(_AT('this_is_content')), '', '', 1, date('Y-m-d H:00:00'));
$announcement = _AT('default_announcement');
$sql = "INSERT INTO %snews VALUES (NULL, %d, %d, NOW(), 1, '%s', '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $new_course_id, $instructor, _AT('welcome_to_atutor'), $announcement));
if ($isadmin) {
global $sqlout;
write_to_log(AT_ADMIN_LOG_INSERT, 'news', $result, $sqlout);
}
} else {
if (!$course_data['course'] && count($initial_content_info) == 2) {
$Backup->setCourseID($new_course_id);
$Backup->restore($material = TRUE, 'append', $initial_content_info[0], $initial_content_info[1]);
}
}
// custom icon, have to be after directory is created
if ($_FILES['customicon']['tmp_name'] != '') {
$course_data['comments'] = trim($course_data['comments']);
$owner_id = $_SESSION['course_id'];
$owner_type = "1";
if ($_FILES['customicon']['error'] == UPLOAD_ERR_INI_SIZE) {
$msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1)))));
} else {
if (!isset($_FILES['customicon']['name']) || $_FILES['customicon']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['customicon']['size'] == 0) {
$msg->addError('FILE_NOT_SELECTED');
} else {
if ($_FILES['customicon']['error'] || !is_uploaded_file($_FILES['customicon']['tmp_name'])) {
$msg->addError('FILE_NOT_SAVED');
}
}
}
if (!$msg->containsErrors()) {
$course_data['description'] = $addslashes(trim($course_data['description']));
$_FILES['customicon']['name'] = addslashes($_FILES['customicon']['name']);
if ($course_data['comments']) {
$num_comments = 1;
} else {
$num_comments = 0;
}
$path = AT_CONTENT_DIR . $owner_id . "/custom_icons/";
if (!is_dir($path)) {
@mkdir($path);
}
// if we can upload custom course icon, it means GD is enabled, no need to check extension again.
$gd_info = gd_info();
$supported_images = array();
if ($gd_info['GIF Create Support']) {
$supported_images[] = 'gif';
}
if ($gd_info['JPG Support'] || $gd_info['JPEG Support']) {
$supported_images[] = 'jpg';
}
if ($gd_info['PNG Support']) {
$supported_images[] = 'png';
}
// check if this is a supported file type
$filename = $stripslashes($_FILES['customicon']['name']);
$path_parts = pathinfo($filename);
$extension = strtolower($path_parts['extension']);
$image_attributes = getimagesize($_FILES['customicon']['tmp_name']);
if ($extension == 'jpeg') {
$extension = 'jpg';
}
// resize the original but don't backup a copy.
$width = $image_attributes[0];
$height = $image_attributes[1];
$original_img = $_FILES['customicon']['tmp_name'];
$thumbnail_img = $path . $_FILES['customicon']['name'];
if ($width > $height && $width > 79) {
$thumbnail_height = intval(79 * $height / $width);
$thumbnail_width = 79;
if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
$msg->addError('FILE_NOT_SAVED');
}
} else {
if ($width <= $height && $height > 79) {
$thumbnail_height = 100;
$thumbnail_width = intval(100 * $width / $height);
if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
$msg->addError('FILE_NOT_SAVED');
}
} else {
// no resizing, just copy the image.
// it's too small to resize.
copy($original_img, $thumbnail_img);
}
}
} else {
$msg->addError('FILE_NOT_SAVED');
}
}
//----------------------------------------
/* delete the RSS feeds just in case: */
if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS1.0.xml')) {
@unlink(AT_CONTENT_DIR . 'feeds/' . $course_data['course'] . '/RSS1.0.xml');
}
if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml')) {
@unlink(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml');
}
if ($isadmin) {
$_SESSION['course_id'] = -1;
}
$_SESSION['course_title'] = $stripslashes($course_data['title']);
return $new_course_id;
}
} else {
$auto_enroll_id = 0;
}
if (isset($_POST['save']) || isset($_POST['add'])) {
/* insert or update a category */
$name = trim($_POST['name']);
$name = $addslashes($name);
$name = validate_length($name, 50);
if (isset($_POST['add']) && !$_POST['add_ids']) {
$msg->addError('NO_ITEM_SELECTED');
}
if (!$msg->containsErrors()) {
if ($auto_enroll_id == 0) {
$sql = "INSERT INTO %sauto_enroll(associate_string, name) VALUES ('%s', '%s')";
$rows_inserted = queryDB($sql, array(TABLE_PREFIX, get_random_string(6, 10), $name));
$auto_enroll_id = at_insert_id();
write_to_log(AT_ADMIN_LOG_INSERT, 'auto_enroll', $rows_inserted, $sqlout);
} else {
$sql = "UPDATE %sauto_enroll SET name = '%s' WHERE auto_enroll_id = %d";
$rows_updated = queryDB($sql, array(TABLE_PREFIX, $name, $auto_enroll_id));
write_to_log(AT_ADMIN_LOG_UPDATE, 'auto_enroll', $rows_updated, $sqlout);
}
if (isset($_POST['add'])) {
foreach ($_POST['add_ids'] as $elem) {
// unable to determine the purpose of this query
// which always returns $row['cnt'] == 0, during queryDB() testing.
$sql = "SELECT count(*) cnt FROM %sauto_enroll_courses\n\t\t\t\t WHERE auto_enroll_id = %d\n\t\t\t\t AND course_id = %d";
$row = queryDB($sql, array(TABLE_PREFIX, $auto_enroll_id, $elem), TRUE);
if ($row["cnt"] == 0) {
$sql = "INSERT INTO %sauto_enroll_courses (auto_enroll_id, course_id) VALUES (%d, %d)";
$rows_inserted = queryDB($sql, array(TABLE_PREFIX, $auto_enroll_id, $elem));
$num_replies_add = $num_open_replies - $num_close_replies - 1;
for ($i = 0; $i < $num_replies_add; $i++) {
$_POST['body'] .= '[/reply]';
}
$_POST['body'] .= "\n" . '[op]mods/_standard/forums/forum/view.php?fid=' . $_POST['fid'] . SEP . 'pid=' . $_POST['parent_id'] . SEP . 'page=' . $_POST['page'] . '#' . $_POST['reply'];
$_POST['body'] .= '[/op][/reply]';
}
/* use this value instead of NOW(), because we want the parent post to have the exact */
/* same date. and not a second off if that may happen */
/* this fails however */
$now = date('Y-m-d H:i:s');
$sql_subject = $addslashes($_POST['subject']);
$sql_body = $addslashes($_POST['body']);
$sql = "INSERT INTO %sforums_threads VALUES (NULL, %d, %d, %d, '%s', 0, '%s', '%s', NOW(), 0, 0)";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['parent_id'], $_SESSION['member_id'], $_POST['fid'], $now, $sql_subject, $sql_body, $now));
$this_id = at_insert_id();
/* Increment count for posts in forums table in database */
$sql = "UPDATE %sforums SET num_posts=num_posts+1, last_post='%s' WHERE forum_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $now, $_POST['fid']));
// If there are subscribers to this forum, send them an email notification
$subscriber_email_list = array();
// list of subscribers array('email', 'full_name')
$subscriber_list = '';
$enrolled = array();
// get list of student enrolled in this course
// This needs to be replaced with a tool to clean forum subscriptions when unenrolling
$sql = "SELECT member_id from %scourse_enrollment WHERE course_id = %d AND approved = 'y'";
$rows_enrolled = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id']));
foreach ($rows_enrolled as $row) {
$enrolled[] = $row['member_id'];
}
}
if ($_POST['percentage_from'][0] == '') {
$empty_fields[] = _AT('percentage_from') . ' at line 1';
}
if ($_POST['percentage_to'][0] == '') {
$empty_fields[] = _AT('percentage_to') . ' at line 1';
}
if (!empty($empty_fields)) {
$msg->addError(array('EMPTY_FIELDS', implode(', ', $empty_fields)));
}
if (!$msg->containsErrors()) {
$_POST['scale_name'] = $addslashes($_POST['scale_name']);
if ($action == "add") {
$sql = "INSERT INTO %sgrade_scales (member_id, scale_name, created_date) VALUES ( %d, '%s', now())";
$result = queryDB($sql, array(TABLE_PREFIX, $_SESSION["member_id"], $_POST["scale_name"]));
$grade_scale_id = at_insert_id();
} else {
if ($action == "edit" && isset($_POST["grade_scale_id"])) {
$grade_scale_id = $_POST["grade_scale_id"];
$sql = "UPDATE %sgrade_scales SET scale_name = '%s' WHERE grade_scale_id = %d";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST["scale_name"], $grade_scale_id));
// clean up scale details for new insertions
$sql = "DELETE FROM %sgrade_scales_detail WHERE grade_scale_id = %d";
$result = queryDB($sql, array(TABLE_PREFIX, $grade_scale_id));
}
}
for ($i = 0; $i < 10; $i++) {
if ($_POST['scale_value'][$i] != "") {
$_POST['scale_value'][$i] = $addslashes(trim($_POST['scale_value'][$i]));
$_POST['percentage_from'][$i] = intval($_POST['percentage_from'][$i]);
$_POST['percentage_to'][$i] = intval($_POST['percentage_to'][$i]);
}
$msg->addFeedback('CANCELLED');
header('Location: ' . $_last_visited_page);
exit;
} else {
if (isset($_POST['submit'])) {
$guest_name = $addslashes(trim($_POST["guest_name"]));
$organization = $addslashes(trim($_POST["organization"]));
$location = $addslashes(trim($_POST["location"]));
$role = $addslashes(trim($_POST["role"]));
$focus = $addslashes(trim($_POST["focus"]));
if ($guest_name != "" || $organization != "" || $location != "" || $role != "" || $focus != "") {
$guest_id = get_next_guest_id();
$sql = "INSERT INTO %sguests (guest_id, name, organization, location, role, focus)\n VALUES ('%s', '%s', '%s', '%s', '%s', '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $guest_id, $guest_name, $organization, $location, $role, $focus));
$result_id = at_insert_id();
}
$gid_str = isset($guest_id) ? SEP . "gid=" . $guest_id : "";
if (isset($cid)) {
$gid_str .= SEP . 'cid=' . $cid;
}
global $_base_href;
if ($test_row['display']) {
# header('Location: '.url_rewrite('mods/_standard/tests/take_test_q.php?tid='.$tid.$gid_str, AT_PRETTY_URL_IS_HEADER));
header('Location: ' . $_base_href . 'mods/_standard/tests/take_test_q.php?tid=' . $tid . $gid_str);
} else {
#header('Location: '.url_rewrite('mods/_standard/tests/take_test.php?tid='.$tid.$gid_str, AT_PRETTY_URL_IS_HEADER));
header('Location: ' . $_base_href . 'mods/_standard/tests/take_test.php?tid=' . $tid . $gid_str);
}
exit;
}
$missing_fields = implode(', ', $missing_fields);
$msg->addError(array('EMPTY_FIELDS', $missing_fields));
}
if (!$msg->containsErrors()) {
$_POST['type_title'] = $addslashes($_POST['type_title']);
$_POST['prefix'] = $addslashes($_POST['prefix']);
$_POST['description'] = $addslashes($_POST['description']);
$sql = "INSERT INTO %sgroups_types VALUES (NULL, %d, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $_POST['type_title']));
$group_type_id = at_insert_id();
$start_index = 0;
for ($i = 0; $i < $num_groups; $i++) {
$group_title = $_POST['prefix'] . ' ' . ($i + 1);
$sql = "INSERT INTO %sgroups VALUES (NULL, %d, '%s', '%s', '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $group_type_id, $group_title, $_POST['description'], $modules));
$group_id = at_insert_id();
$_SESSION['groups'][$group_id] = $group_id;
// call module init scripts:
if (isset($_POST['modules'])) {
foreach ($_POST['modules'] as $mod) {
$module =& $moduleFactory->getModule($mod);
$module->createGroup($group_id);
}
}
if (isset($_POST['fill'])) {
// put students in this group
for ($j = $start_index; $j < min($start_index + $num_students_per_group, $total_students); $j++) {
$sql = "INSERT INTO %sgroups_members VALUES (%d, %d)";
queryDB($sql, array(TABLE_PREFIX, $group_id, $students[$j]));
}
$start_index = $j;
function add_users($user_list, $enroll, $course)
{
global $db;
global $msg;
global $_config;
global $addslashes;
require_once AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php';
if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
$status = AT_STATUS_UNCONFIRMED;
} else {
$status = AT_STATUS_STUDENT;
}
foreach ($user_list as $student) {
if (!$student['remove']) {
$student['uname'] = $addslashes($student['uname']);
$student['email'] = $addslashes($student['email']);
$student['fname'] = $addslashes($student['fname']);
$student['lname'] = $addslashes($student['lname']);
if (!$student['exists']) {
$sql = "INSERT INTO %smembers \n\t\t\t\t (login,\n\t\t\t\t password,\n\t\t\t\t email,\n\t\t\t\t first_name,\n\t\t\t\t last_name,\n\t\t\t\t gender,\n\t\t\t\t status,\n\t\t\t\t preferences,\n\t\t\t\t creation_date,\n\t\t\t\t language,\n\t\t\t\t inbox_notify,\n\t\t\t\t private_email)\n\t\t\t\t VALUES \n\t\t\t\t ('{$student['uname']}',\n\t\t\t\t '" . sha1($student[uname]) . "',\n\t\t\t\t '{$student['email']}',\n\t\t\t\t '{$student['fname']}',\n\t\t\t\t '{$student['lname']}',\n\t\t\t\t 'n', \n\t\t\t\t {$status}, \n\t\t\t\t '{$_config['pref_defaults']}', \n\t\t\t\t NOW(),\n\t\t\t\t '{$_config['default_language']}', \n\t\t\t\t {$_config['pref_inbox_notify']}, \n\t\t\t\t 1)";
$result = queryDB($sql, array(TABLE_PREFIX));
if ($result == 1) {
$m_id = at_insert_id();
$student['exists'] = _AT('import_err_email_exists');
$role = "Student";
$sql = "INSERT INTO %scourse_enrollment (member_id, course_id, approved, last_cid, role) VALUES (%d, %d, '%s', 0, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $m_id, $course, $enroll, $role));
if ($result > 0) {
$enrolled_list .= '<li>' . $student['uname'] . '</li>';
if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
$sql = "SELECT email, creation_date FROM %smembers WHERE member_id=%d";
$row = queryDB($sql, array(TABLE_PREFIX, $m_id), TRUE);
$code = substr(md5($row['email'] . $row['creation_date'] . $m_id), 0, 10);
// send email here.
$confirmation_link = AT_BASE_HREF . 'confirm.php?id=' . $m_id . SEP . 'm=' . $code;
$subject = $_config['site_name'] . ': ' . _AT('email_confirmation_subject');
$body = _AT(array('new_account_enroll_confirm', $_SESSION['course_title'], $confirmation_link)) . "\n\n";
} else {
$subject = $_config['site_name'] . ': ' . _AT('account_information');
$body = _AT(array('new_account_enroll', AT_BASE_HREF, $_SESSION['course_title'])) . "\n\n";
}
//$body .= SITE_NAME.': '._AT('account_information')."\n";
$body .= _AT('web_site') . ' : ' . AT_BASE_HREF . "\n";
$body .= _AT('login_name') . ' : ' . $student['uname'] . "\n";
$body .= _AT('password') . ' : ' . $student['uname'] . "\n";
$mail = new ATutorMailer();
$mail->From = $_config['contact_email'];
$mail->AddAddress($student['email']);
$mail->Subject = $subject;
$mail->Body = $body;
$mail->Send();
unset($mail);
} else {
$already_enrolled .= '<li>' . $student['uname'] . '</li>';
}
} else {
//$msg->addError('LIST_IMPORT_FAILED');
}
} else {
if (!$student['err_disabled']) {
$sql = "SELECT member_id FROM %smembers WHERE email='%s'";
$rows_members = queryDB($sql, array(TABLE_PREFIX, $student['email']), TRUE);
$role = "Student";
if (count($rows_members) > 0) {
$row = $rows_members;
$m_id = $row['member_id'];
$sql = "INSERT INTO %scourse_enrollment (member_id, course_id, approved, last_cid, role) VALUES (%d, %d, '%s', 0, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $m_id, $course, $enroll, $role));
if ($result > 0) {
$enrolled_list .= '<li>' . $student['uname'] . '</li>';
} else {
$sql = "REPLACE INTO %scourse_enrollment (member_id, course_id, approved, last_cid, role) VALUES (%d, %s, '%s', 0, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $m_id, $course, $enroll, $role));
$enrolled_list .= '<li>' . $student['uname'] . '</li>';
}
$subject = $_config['site_name'] . ': ' . _AT('email_confirmation_subject');
$body = _AT(array('enrol_message_approved', $_SESSION['course_title'], AT_BASE_HREF)) . "\n\n";
$body .= _AT('web_site') . ' : ' . AT_BASE_HREF . "\n";
$body .= _AT('login_name') . ' : ' . $student['uname'] . "\n";
$mail = new ATutorMailer();
$mail->From = $_config['contact_email'];
$mail->AddAddress($student['email']);
$mail->Subject = $subject;
$mail->Body = $body;
$mail->Send();
unset($mail);
}
} else {
if ($student['err_disabled']) {
$not_enrolled_list .= '<li>' . $student['uname'] . '</li>';
}
}
}
}
}
if ($already_enrolled) {
$feedback = array('ALREADY_ENROLLED', $already_enrolled);
$msg->addFeedback($feedback);
}
if ($enrolled_list) {
$feedback = array('ENROLLED', $enrolled_list);
$msg->addFeedback($feedback);
}
if ($not_enrolled_list) {
$feedback = array('NOT_ENROLLED', $not_enrolled_list);
$msg->addFeedback($feedback);
}
}
}
if ($rtn_pair[0] == 'expire') {
$expire_threshold = $rtn_pair[1];
}
if ($rtn_pair[0] == 'error') {
$error = urldecode($rtn_pair[1]);
}
}
if ($error != '') {
$msg->addError(array('TILE_AUTHENTICATION_FAIL', $error));
header('Location: ' . AT_BASE_HREF . 'mods/_core/imscp/index.php');
exit;
} else {
$sql = "INSERT INTO %soauth_client_servers\n\t\t\t\t\t (oauth_server, consumer_key, consumer_secret, expire_threshold, create_date)\n\t\t\t\t\t VALUES ('%s', '%s',\n\t\t\t\t\t '%s', %d, now())";
$result = queryDB($sql, array(TABLE_PREFIX, $_config['transformable_uri'], $consumer_key, $consumer_secret, $expire_threshold));
$oauth_server_id = at_insert_id();
}
} else {
$oauth_server_id = $row['oauth_server_id'];
$consumer_key = $row['consumer_key'];
$consumer_secret = $row['consumer_secret'];
$expire_threshold = $row['expire_threshold'];
}
$consumer = new OAuthConsumer($consumer_key, $consumer_secret, $client_callback_url);
// 2. get request token
$req_req = OAuthRequest::from_consumer_and_token($consumer, NULL, "GET", AT_TILE_OAUTH_REQUEST_TOKEN_URL);
$req_req->sign_request($sig_method, $consumer, NULL);
$oauth_server_response = file_get_contents($req_req);
// handle OAUTH request token response
foreach (explode('&', $oauth_server_response) as $rtn) {
$rtn_pair = explode('=', $rtn);
/**
* copies a file to another workspace.
* currently only used for submitting assignments.
**/
function fs_copy_file($file_id, $src_owner_type, $src_owner_id, $dest_owner_type, $dest_owner_id, $dest_folder_id)
{
$sql = "SELECT file_name, file_size, description FROM %sfiles WHERE file_id=%d AND owner_type=%d AND owner_id=%d";
$row = queryDB($sql, array(TABLE_PREFIX, $file_id, $src_owner_type, $src_owner_id), TRUE);
if (count($row) == 0) {
return false;
}
$sql = "INSERT INTO %sfiles VALUES (NULL, %d, %d, %d, %d, 0, NOW(), 0, 0, '%s', %d, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $dest_owner_type, $dest_owner_id, $_SESSION['member_id'], $dest_folder_id, $row['file_name'], $row['file_size'], $row['description']));
$id = at_insert_id();
$src_file = fs_get_file_path($file_id) . $file_id;
$dest_file = fs_get_file_path($id) . $id;
copy($src_file, $dest_file);
}
if (empty($_POST['title'])) {
$missing_fields[] = _AT('title');
}
if (empty($_POST['courses'])) {
$missing_fields[] = _AT('courses');
}
if ($missing_fields) {
$missing_fields = implode(', ', $missing_fields);
$msg->addError(array('EMPTY_FIELDS', $missing_fields));
}
$_POST['edit'] = intval($_POST['edit']);
if (!$msg->containsErrors()) {
//add forum
$sql = "INSERT INTO %sforums (title, description, mins_to_edit) VALUES ('%s','%s', %d)";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['title'], $_POST['description'], $_POST['edit']));
$forum_id = at_insert_id();
global $sqlout;
write_to_log(AT_ADMIN_LOG_INSERT, 'forums', $result, $sqlout);
//for each course, add an entry to the forums_courses table
foreach ($_POST['courses'] as $course) {
$sql = "INSERT INTO %sforums_courses VALUES (%d,%d)";
$result = queryDB($sql, array(TABLE_PREFIX, $forum_id, $course));
global $sqlout;
write_to_log(AT_ADMIN_LOG_INSERT, 'forums_courses', $result, $sqlout);
}
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
if ($course == "0") {
$msg->addFeedback('FORUM_POSTING');
}
header('Location: ' . AT_BASE_HREF . 'mods/_standard/forums/admin/forums.php');
exit;
if (strlen($day_end) == 1) {
$day_end = "0{$day_end}";
}
if (strlen($hour_end) == 1) {
$hour_end = "0{$hour_end}";
}
if (strlen($min_end) == 1) {
$min_end = "0{$min_end}";
}
$start_date = "{$year_start}-{$month_start}-{$day_start} {$hour_start}:{$min_start}:00";
$end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
//If title exceeded database defined length, truncate it.
$_POST['title'] = validate_length($_POST['title'], 100);
$sql = "INSERT INTO %stests " . "(test_id,\n course_id,\n title,\n description,\n format,\n start_date,\n end_date,\n randomize_order,\n num_questions,\n instructions,\n content_id,\n passscore,\n passpercent,\n passfeedback,\n failfeedback,\n result_release,\n random,\n difficulty,\n num_takes,\n anonymous,\n out_of,\n guests,\n display,\n show_guest_form,\n remedial_content)" . "VALUES \n (NULL, %d, '%s', '%s', %d, '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', %d, %d, %d, %d, %d, '', %d, %d, %d, %d)";
$result = queryDB($sql, array(TABLE_PREFIX, $_SESSION[course_id], $_POST['title'], $_POST['description'], $_POST['format'], $start_date, $end_date, $_POST['order'], $_POST['num_questions'], $_POST['instructions'], $_POST['content_id'], $_POST['passscore'], $_POST['passpercent'], $_POST['passfeedback'], $_POST['failfeedback'], $_POST['result_release'], $_POST['random'], $_POST['difficulty'], $_POST['num_takes'], $_POST['anonymous'], $_POST['allow_guests'], $_POST['display'], $_POST['show_guest_form'], $_POST['remedial_content']));
$tid = at_insert_id();
if (isset($_POST['groups']) && $tid) {
$sql = "INSERT INTO %stests_groups VALUES ";
foreach ($_POST['groups'] as $group) {
$group = intval($group);
$sql .= "({$tid}, {$group}),";
}
$sql = substr($sql, 0, -1);
$result = queryDB($sql, array(TABLE_PREFIX));
}
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
header('Location: index.php');
exit;
}
}
}
} else {
if (isset($_POST['submit'])) {
$_POST['title'] = $addslashes(trim($_POST['title']));
$_POST['body'] = $addslashes(trim($_POST['body']));
if ($_POST['body'] == '') {
$msg->addError(array('EMPTY_FIELDS', _AT('body')));
}
if (!$msg->containsErrors()) {
$_POST['private'] = abs($_POST['private']);
$sql = "INSERT INTO %sblog_posts VALUES (NULL, %d, %d, %d, %d, NOW(), 0, '%s', '%s')";
queryDB($sql, array(TABLE_PREFIX, $_SESSION['member_id'], BLOGS_GROUP, $_POST['oid'], $_POST['private'], $_POST['title'], $_POST['body']));
if (!isset($sub)) {
require_once AT_INCLUDE_PATH . 'classes/subscribe.class.php';
$sub = new subscription();
}
$sub->send_mail('blog', $_POST['oid'], at_insert_id());
$msg->addFeedback('POST_ADDED_SUCCESSFULLY');
header('Location: ' . url_rewrite('mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_POST['oid'], AT_PRETTY_URL_IS_HEADER));
exit;
}
}
}
// this will also be dynamic as the parent page changes
$_pages['mods/_standard/blogs/add_post.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['title_var'] = 'add';
$_pages['mods/_standard/blogs/add_post.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['parent'] = 'mods/_standard/blogs/view.php';
$_pages['mods/_standard/blogs/add_post.php']['title_var'] = 'add';
$_pages['mods/_standard/blogs/add_post.php']['parent'] = 'mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid'];
$_pages['mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['title'] = blogs_get_blog_name(BLOGS_GROUP, $_REQUEST['oid']);
$_pages['mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['parent'] = 'mods/_standard/blogs/index.php';
$_pages['mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['children'] = array('mods/_standard/blogs/add_post.php');
$onload = 'document.form.title.focus();';
* @var $_POST values:
* pid: primary resource id
* a_type: alternative type, must be one of the values in resource_types.type_id
* alternative: the location and name of the selected alternative
*/
define('AT_INCLUDE_PATH', '../../../include/');
require AT_INCLUDE_PATH . 'vitals.inc.php';
$pid = intval($_POST['pid']);
$type_id = intval($_POST['a_type']);
$secondary_resource = trim($_POST['alternative']);
// check post vars
if ($pid == 0 || $type_id == 0 || $secondary_resource == '') {
exit;
}
global $db;
// delete the existing alternative for this (pid, a_type)
$sql = "SELECT sr.secondary_resource_id \n FROM %ssecondary_resources sr, %ssecondary_resources_types srt\n WHERE sr.secondary_resource_id = srt.secondary_resource_id\n AND sr.primary_resource_id = %d\n AND sr.language_code = '%s'\n AND srt.type_id=%d";
$rows_existing_secondary = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $pid, $_SESSION['lang'], $type_id));
foreach ($rows_existing_secondary as $existing_secondary) {
$sql = "DELETE FROM %ssecondary_resources WHERE secondary_resource_id = %d";
$result = queryDB($sql, array(TABLE_PREFIX, $existing_secondary['secondary_resource_id']));
$sql = "DELETE FROM %ssecondary_resources_types WHERE secondary_resource_id = %d AND type_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $existing_secondary['secondary_resource_id'], $type_id));
}
// insert new alternative
$sql = "INSERT INTO %ssecondary_resources (primary_resource_id, secondary_resource, language_code) VALUES (%d, '%s', '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $pid, $secondary_resource, $_SESSION['lang']));
$secondary_resource_id = at_insert_id();
$sql = "INSERT INTO %ssecondary_resources_types (secondary_resource_id, type_id) VALUES (%d, %d)";
$result = queryDB($sql, array(TABLE_PREFIX, $secondary_resource_id, $type_id));
exit;
if ($missing_fields) {
$missing_fields = implode(', ', $missing_fields);
$msg->addError(array('EMPTY_FIELDS', $missing_fields));
}
if (!$msg->containsErrors()) {
$_POST['title'] = validate_length($_POST['title'], 255);
$_POST['author'] = validate_length($_POST['author'], 150);
$_POST['publisher'] = validate_length($_POST['publisher'], 150);
$_POST['date'] = $_POST['date'];
$_POST['comments'] = validate_length($_POST['comments'], 255);
if ($id == '0') {
// creating a new URL resource
$sql = "INSERT INTO %sexternal_resources VALUES (NULL, %d,\n\t\t\t\t%d, \n\t\t\t\t'%s', \n\t\t\t\t'%s', \n\t\t\t\t'%s', \n\t\t\t\t'%s', \n\t\t\t\t'%s',\n\t\t\t\t'',\n\t\t\t\t'')";
$result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], RL_TYPE_AV, $_POST['title'], $_POST['author'], $_POST['publisher'], $_POST['date'], $_POST['comments']));
// index to new URL resource
$id_new = at_insert_id();
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
} else {
// modifying an existing URL resource
$sql = "UPDATE %sexternal_resources SET title='%s', author='%s', publisher='%s', date='%s', comments='%s', id='%s' WHERE resource_id=%d AND course_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['title'], $_POST['author'], $_POST['publisher'], $_POST['date'], $_POST['comments'], $_POST['isbn'], $id, $_SESSION['course_id']));
// index to URL resource
$id_new = $id;
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
}
if (trim($_POST['page_return']) != '') {
header('Location: ' . $_POST['page_return'] . '?existingbook=' . $id_new);
} else {
header('Location: index_instructor.php');
}
exit;
$sql = "INSERT INTO %sgroups_types VALUES (NULL, %d, '%s')";
$result_group_types = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $_POST['new_type']));
$type_id = at_insert_id();
} else {
$sql = "SELECT type_id FROM %sgroups_types WHERE course_id=%d AND type_id=%d";
$rows_groups_types = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $_POST['type']), TRUE);
if (count($rows_groups_types) > 0) {
$type_id = $rows_groups_types['type_id'];
} else {
$type_id = FALSE;
}
}
if ($type_id) {
$sql = "INSERT INTO %sgroups VALUES (NULL, %d, '%s', '%s', '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $type_id, $_POST['prefix'], $_POST['description'], $modules));
$group_id = at_insert_id($db);
$_SESSION['groups'][$group_id] = $group_id;
// call module init scripts:
if (isset($_POST['modules'])) {
foreach ($_POST['modules'] as $mod) {
$module =& $moduleFactory->getModule($mod);
$module->createGroup($group_id);
}
}
}
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
$return_url = $_SESSION['tool_origin']['url'];
tool_origin('off');
header('Location: ' . $return_url);
} else {
$_POST['new_type'] = $stripslashes($_POST['new_type']);
/**
* Create an album
* @param string name of the album
* @param string location of where this album took place
* @param string descriptive text of this album
* @param int check include/constants.inc.php
* @param int permission, 0 for private, 1 for shared
* @param int album author
* @param int OPTIONAL, Photo cover for this album
* @return int album_id, FALSE if failed.
*/
function createAlbum($name, $location, $description, $type, $permission, $member_id, $photo_id = 0)
{
$type = intval($type);
$type = $type <= 0 ? AT_PA_TYPE_MY_ALBUM : $type;
$sql = "INSERT INTO %spa_albums (name, location, description, type_id, member_id, permission, photo_id, created_date, last_updated) VALUES ('%s', '%s', '%s', %d, %d, %d, %d, NOW(), NOW())";
$result = queryDB($sql, array(TABLE_PREFIX, $name, $location, $description, $type, $member_id, $permission, $photo_id));
$aid = at_insert_id();
//if course album, add a record.
if ($type == AT_PA_TYPE_COURSE_ALBUM) {
$sql = "INSERT INTO %spa_course_album (course_id, album_id) VALUES (%d,%d)";
$result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $aid));
}
if ($result == 0) {
return false;
}
return $aid;
}
/**
* Transverse the tree and update/insert entries based on the updated structure.
* @param array The tree from rebuild(), and the subtree from the recursion.
* @param int the ordering of this subtree respect to its parent.
* @param int parent content id
* @return null (nothing to return, it updates the db only)
*/
private function reconstruct($tree, $order, $content_parent_id, $table_prefix)
{
//a content page.
if (!is_array($tree)) {
$sql = "UPDATE %scontent SET ordering=%d, content_parent_id=%d WHERE content_id=%d";
$result = queryDB($sql, array($table_prefix, $order, $content_parent_id, $tree));
return $result;
}
foreach ($tree as $k => $v) {
if (preg_match('/order\\_([\\d]+)/', $k, $match) == 1) {
//order layer
$this->reconstruct($v, $match[1], $content_parent_id, $table_prefix);
//inherit the previous layer id
} else {
//content folder layer
$sql = "SELECT * FROM %scontent WHERE content_id=%d";
$old_content_row = queryDB($sql, array($table_prefix, $k), TRUE);
$sql = 'INSERT INTO %scontent (course_id, content_parent_id, ordering, last_modified, revision, formatting, release_date, keywords, content_path, title, use_customized_head, allow_test_export, content_type) VALUES (' . $old_content_row['course_id'] . ', ' . $content_parent_id . ', ' . $order . ', ' . '\'' . $old_content_row['last_modified'] . '\', ' . $old_content_row['revision'] . ', ' . $old_content_row['formatting'] . ', ' . '\'' . $old_content_row['release_date'] . '\', ' . '\'' . $old_content_row['keywords'] . '\', ' . '\'' . $old_content_row['content_path'] . '\', ' . '\'' . $old_content_row['title'] . '\', ' . $old_content_row['use_customized_head'] . ', ' . $old_content_row['allow_test_export'] . ', ' . '1)';
$result = queryDB($sql, array($table_prefix));
if ($result > 0) {
$folder_id = at_insert_id();
$this->reconstruct($v, '', $folder_id, $table_prefix);
} else {
//throw error
echo at_db_error();
}
}
}
}
if (isset($_POST['submit']) && $_SESSION['member_id']) {
// post a comment
$_POST['body'] = $addslashes(trim($_POST['body']));
$_POST['private'] = abs($_POST['private']);
if ($_POST['body'] == '') {
$msg->addError(array('EMPTY_FIELDS', _AT('comments')));
}
if (!$msg->containsErrors()) {
$sql = "INSERT INTO %sblog_posts_comments VALUES (NULL, %d, %d, NOW(), %d, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $id, $_SESSION['member_id'], $_POST['private'], $_POST['body']));
$comments_affected_rows = $result;
if (!isset($sub)) {
require_once AT_INCLUDE_PATH . 'classes/subscribe.class.php';
$sub = new subscription();
}
$sub->send_mail('blogcomment', $owner_id, at_insert_id());
if ($comments_affected_rows == 1) {
$sql = "UPDATE %sblog_posts SET num_comments=num_comments+1, date=date WHERE post_id=%d";
queryDB($sql, array(TABLE_PREFIX, $id));
}
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
header('Location: ' . url_rewrite('mods/_standard/blogs/post.php?ot=' . $owner_type . SEP . 'oid=' . $owner_id . SEP . 'id=' . $id, AT_PRETTY_URL_IS_HEADER));
exit;
}
}
if (count($post_row) == 0) {
header('Location: ' . url_rewrite('mods/_standard/blogs/view.php?ot=' . $owner_type . SEP . 'oid=' . $owner_id));
exit;
}
$_pages['mods/_standard/blogs/post.php']['title'] = $post_row['title'] . ($post_row['private'] ? ' - ' . _AT('private') : '');
$_pages['mods/_standard/blogs/post.php']['parent'] = 'mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $owner_id;
use_customized_head,
keywords,
content_path,
title,
text,
test_message,
content_type)
VALUES
(' . $_SESSION['course_id'] . ',' . intval($content_parent_id) . ',' . ($content_info['ordering'] + $my_offset - $lti_offset[$content_info['parent_content_id']] + 1) . ',' . '"' . $last_modified . '",
0,' . $content_formatting . ' ,
NOW(),"' . $head . '",
1,
"",' . '"' . $content_info['new_path'] . '",' . '"' . escapeSQLValue($content_info['title']) . '",' . '"' . escapeSQLValue($content) . '",' . '"' . escapeSQLValue($content_info['test_message']) . '",' . $content_folder_type . ')';
$result = queryDB($sql, array(TABLE_PREFIX));
/* get the content id and update $items */
$items[$item_id]['real_content_id'] = at_insert_id();
/* get the tests associated with this content */
if (!empty($items[$item_id]['tests']) || strpos($items[$item_id]['type'], 'imsqti_xmlv1p2/imscc_xmlv1p0') !== false) {
$qti_import = new QTIImport($import_path);
if (isset($items[$item_id]['tests'])) {
$loop_var = $items[$item_id]['tests'];
} else {
$loop_var = $items[$item_id]['file'];
}
foreach ($loop_var as $array_id => $test_xml_file) {
//check if this item is the qti item object, or it is the content item obj
//switch it to qti obj if it's content item obj
if ($items[$item_id]['type'] == 'webcontent') {
$item_qti = $items[$array_id];
} else {
$item_qti = $items[$item_id];
/**
* Save patch info into database & save uploaded files into content folder
* @access public
* @return xml string
* @author Cindy Qi Li
*/
function saveInfo()
{
global $db;
if ($this->current_patch_id == 0) {
$sql = "INSERT INTO %smyown_patches \n\t\t (atutor_patch_id, \n\t\t applied_version,\n\t\t description,\n\t\t sql_statement,\n\t\t status,\n\t\t last_modified)\n\t\t\t VALUES ('%s', '%s', '%s', '%s', 'Created', now())";
$result = queryDB($sql, array(TABLE_PREFIX, $this->patch_info_array["atutor_patch_id"], $this->patch_info_array["atutor_version_to_apply"], $this->patch_info_array["description"], $this->patch_info_array["sql_statement"]));
} else {
$sql = "UPDATE %smyown_patches \n\t\t\t SET atutor_patch_id = '%s',\n\t\t\t applied_version = '%s',\n\t\t\t description = '%s',\n\t\t\t sql_statement = '%s',\n\t\t\t status = 'Created',\n\t\t\t last_modified = now()\n\t\t\t WHERE myown_patch_id = %d";
$result = queryDB($sql, array(TABLE_PREFIX, $this->patch_info_array["atutor_patch_id"], $this->patch_info_array["atutor_version_to_apply"], $this->patch_info_array["description"], $this->patch_info_array["sql_statement"], $this->current_patch_id));
}
if ($this->current_patch_id == 0) {
$this->current_patch_id = at_insert_id();
} else {
$sql = "DELETE FROM %smyown_patches_dependent WHERE myown_patch_id = %d";
$result = queryDB($sql, array(TABLE_PREFIX, $this->current_patch_id));
$sql = "DELETE FROM %smyown_patches_files WHERE myown_patch_id = %d";
$result = queryDB($sql, array(TABLE_PREFIX, $this->current_patch_id));
}
// insert records into table myown_patches_dependent
if (is_array($this->patch_info_array["dependent_patches"])) {
foreach ($this->patch_info_array["dependent_patches"] as $dependent_patch) {
$sql = "INSERT INTO %smyown_patches_dependent (myown_patch_id, dependent_patch_id) VALUES (%d, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $this->current_patch_id, $dependent_patch));
}
}
// insert records into table myown_patches_files
if (is_array($this->patch_info_array["files"])) {
foreach ($this->patch_info_array["files"] as $file_info) {
if ($file_info["upload_tmp_name"] != "") {
$upload_to = $this->saveFile($file_info);
} else {
$upload_to = "";
}
$sql = "INSERT INTO %smyown_patches_files\n\t\t (myown_patch_id, action, name, location, code_from, code_to, uploaded_file)\n\t\t\t VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, intval($this->current_patch_id), $file_info["action"], my_add_null_slashes($file_info["file_name"]), my_add_null_slashes($file_info["directory"]), my_add_null_slashes($file_info["code_from"]), my_add_null_slashes($file_info["code_to"]), my_add_null_slashes($upload_to)), FALSE, FALSE);
}
}
}
/**
* Writing of the new data in the ATutor database
* @access private
* @param current item pointer, course id, parent id
* @return last inserted row id
* @author Mauro Donadio
*/
private function _storeData($current_item, $course_id, $content_parent_id)
{
$ContentDAO = self::getInstance();
$url = explode('home/course', $current_item->text);
$uri = $GLOBALS['_config']['transformable_uri'] . 'home/course' . $url[1];
$current_item->text = $uri;
$current_item->content_path = $uri;
if ($current_item->content_type == 0) {
$current_item->content_type = 2;
$current_item->formatting = 2;
}
$ContentDAO->Create($course_id, $content_parent_id, $current_item->ordering, $current_item->revision, $current_item->formatting, $current_item->keywords, $current_item->content_path, $current_item->title, $current_item->text, $current_item->head, $current_item->use_customized_head, $current_item->test_message, $current_item->content_type);
return at_insert_id();
}
}
if ($_POST['website'] == 'http://') {
$_POST['website'] = '';
}
$_POST['postal'] = strtoupper(trim($_POST['postal']));
if (isset($_POST['private_email'])) {
$_POST['private_email'] = 1;
} else {
$_POST['private_email'] = 0;
}
$now = date('Y-m-d H:i:s');
// we use this later for the email confirmation.
/* insert into the db. (the last 0 for status) */
$sql = "INSERT INTO %smembers \n\t\t VALUES (NULL,\n\t\t '{$_POST['login']}',\n\t\t '{$_POST['password']}',\n\t\t '{$_POST['email']}',\n\t\t '{$_POST['website']}',\n\t\t '{$_POST['first_name']}', \n\t\t '{$_POST['second_name']}', \n\t\t '{$_POST['last_name']}', \n\t\t '{$dob}', \n\t\t '{$_POST['gender']}', \n\t\t '{$_POST['address']}',\n\t\t '{$_POST['postal']}',\n\t\t '{$_POST['city']}',\n\t\t '{$_POST['province']}',\n\t\t '{$_POST['country']}', \n\t\t '{$_POST['phone']}',\n\t\t {$_POST['status']}, \n\t\t '{$_config['pref_defaults']}', \n\t\t '{$now}',\n\t\t '{$_config['default_language']}', \n\t\t {$_config['pref_inbox_notify']}, \n\t\t {$_POST['private_email']}, \n\t\t '0000-00-00 00:00:00')";
$result = queryDB($sql, array(TABLE_PREFIX));
$m_id = at_insert_id();
if ($result == 0) {
require AT_INCLUDE_PATH . 'header.inc.php';
$msg->addError('DB_NOT_UPDATED');
$msg->printAll();
require AT_INCLUDE_PATH . 'footer.inc.php';
exit;
}
if (defined('AT_MASTER_LIST') && AT_MASTER_LIST) {
$student_id = $addslashes($_POST['student_id']);
$student_pin = md5($addslashes($_POST['student_pin']));
if ($student_id != '') {
$sql = "UPDATE %smaster_list SET member_id=%d WHERE public_field='%s'";
$result = queryDB($sql, array(TABLE_PREFIX, $m_id, $student_id));
if ($result > 0) {
$sql = "REPLACE INTO %smaster_list VALUES ('%s', '%s', %d)";
/**
* This function is to import a test and returns the test id.
* @param string custmom test title
*
* @return int test id
*/
function importTest($title = '')
{
global $msg, $db;
$missing_fields = array();
$test_obj['title'] = $title == '' ? $this->title : $title;
$test_obj['description'] = '';
$test_obj['num_questions'] = 0;
$test_obj['num_takes'] = 0;
$test_obj['content_id'] = 0;
$test_obj['passpercent'] = 0;
$test_obj['passscore'] = 0;
$test_obj['passfeedback'] = 0;
$test_obj['failfeedback'] = 0;
$test_obj['num_takes'] = 0;
$test_obj['anonymous'] = 0;
$test_obj['allow_guests'] = $_POST['allow_guests'] ? 1 : 0;
$test_obj['instructions'] = '';
$test_obj['display'] = 0;
$test_obj['result_release'] = 0;
$test_obj['random'] = 0;
// currently these options are ignored for tests:
$test_obj['format'] = intval($test_obj['format']);
$test_obj['order'] = 1;
//intval($test_obj['order']);
$test_obj['difficulty'] = 0;
//intval($test_obj['difficulty']); /* avman */
//Title of the test is empty, could be from question database export or some other system's export.
//Either prompt for a title, or generate a random title
if ($test_obj['title'] == '') {
if ($this->title != '') {
$test_obj['title'] = $this->title;
} else {
//set marks to 0 if no title?
$this->weights = array();
}
}
$day_start = intval(date('j'));
$month_start = intval(date('n'));
$year_start = intval(date('Y'));
$hour_start = intval(date('G'));
$min_start = intval(date('i'));
$day_end = $day_start;
$month_end = $month_start;
$year_end = $year_start;
//as of Oct 21,09. Check http://www.atutor.ca/atutor/mantis/view.php?id=3961
$hour_end = $hour_start;
$min_end = $min_start;
if (!checkdate($month_start, $day_start, $year_start)) {
$msg->addError('START_DATE_INVALID');
}
if (!checkdate($month_end, $day_end, $year_end)) {
$msg->addError('END_DATE_INVALID');
}
if (mktime($hour_end, $min_end, 0, $month_end, $day_end, $year_end) < mktime($hour_start, $min_start, 0, $month_start, $day_start, $year_start)) {
$msg->addError('END_DATE_INVALID');
}
if (!$msg->containsErrors()) {
if (strlen($month_start) == 1) {
$month_start = "0{$month_start}";
}
if (strlen($day_start) == 1) {
$day_start = "0{$day_start}";
}
if (strlen($hour_start) == 1) {
$hour_start = "0{$hour_start}";
}
if (strlen($min_start) == 1) {
$min_start = "0{$min_start}";
}
if (strlen($month_end) == 1) {
$month_end = "0{$month_end}";
}
if (strlen($day_end) == 1) {
$day_end = "0{$day_end}";
}
if (strlen($hour_end) == 1) {
$hour_end = "0{$hour_end}";
}
if (strlen($min_end) == 1) {
$min_end = "0{$min_end}";
}
$start_date = "{$year_start}-{$month_start}-{$day_start} {$hour_start}:{$min_start}:00";
$end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
//If title exceeded database defined length, truncate it.
$test_obj['title'] = validate_length($test_obj['title'], 100);
$sql_params = array($_SESSION['course_id'], $test_obj['title'], $test_obj['description'], $test_obj['format'], $start_date, $end_date, $test_obj['order'], $test_obj['num_questions'], $test_obj['instructions'], $test_obj['content_id'], $test_obj['passscore'], $test_obj['passpercent'], $test_obj['passfeedback'], $test_obj['failfeedback'], $test_obj['result_release'], $test_obj['random'], $test_obj['difficulty'], $test_obj['num_takes'], $test_obj['anonymous'], '', $test_obj['allow_guests'], $test_obj['display']);
$sql = vsprintf(AT_SQL_TEST, $sql_params);
$sql = str_replace("%", "%%", $sql);
$result = queryDB($sql, array());
$tid = at_insert_id();
}
return $tid;
}
$sql = "UPDATE %sfiles SET file_name='%s', description='%s', num_comments=num_comments+%d, date=date WHERE file_id=%d AND owner_type=%d AND owner_id=%d";
queryDB($sql, array(TABLE_PREFIX, $_POST['name'], $_POST['description'], $num_comments, $_POST['id'], $owner_type, $owner_id));
} else {
// this file is editable, and has changed
$size = strlen($_POST['body']);
if ($_POST['comment']) {
$num_comments = 1;
} else {
$num_comments = 0;
}
$sql = "SELECT * FROM %sfiles WHERE file_id=%d AND owner_type=%d AND owner_id=%d";
$row = queryDB($sql, array(TABLE_PREFIX, $_POST['id'], $owner_type, $owner_id), TRUE);
if ($_config['fs_versioning']) {
$sql = "INSERT INTO %sfiles VALUES (NULL, %d, %d, %d, %d, 0, NOW(), %d, %d+1, '%s', %d, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $row['owner_type'], $row['owner_id'], $_SESSION['member_id'], $row['folder_id'], $num_comments, $row['num_revisions'], $_POST['name'], $size, $_POST['description']));
$file_id = at_insert_id();
$file_path = fs_get_file_path($file_id);
if ($fp = fopen($file_path . $file_id, 'wb')) {
ftruncate($fp, 0);
fwrite($fp, $_POST['body'], $size);
fclose($fp);
$sql = "UPDATE %sfiles SET parent_file_id=%d, date=date WHERE file_id=%d AND owner_type=%d AND owner_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $file_id, $_POST[id], $owner_type, $owner_id));
if ($_POST['comment']) {
$sql = "INSERT INTO %sfiles_comments VALUES (NULL, %d, %d, NOW(), '%s')";
queryDB($sql, array(TABLE_PREFIX, $file_id, $_SESSION['member_id'], $_POST['comment']));
}
}
} else {
$file_path = fs_get_file_path($_POST['id']);
if ($fp = fopen($file_path . $_POST['id'], 'wb')) {
}
if (!$msg->containsErrors()) {
$_POST['description'] = $addslashes(trim($_POST['description']));
$_POST['comment'] = $addslashes(trim($_POST['comment']));
$_POST['name'] = $addslashes($_POST['name']);
$_POST['body'] = $stripslashes($_POST['body']);
// file gets saved to disk not db, so no need to escape.
if ($_POST['comment']) {
$num_comments = 1;
} else {
$num_comments = 0;
}
$size = strlen($_POST['body']);
$sql = "INSERT INTO %sfiles VALUES (NULL, %d, %d, %d, %d, 0, NOW(), %d, 0, '%s',%d, '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $owner_type, $owner_id, $_SESSION['member_id'], $parent_folder_id, $num_comments, $_POST['name'], $size, $_POST['description']));
if ($result > 0 && ($file_id = at_insert_id())) {
$file_path = fs_get_file_path($file_id) . $file_id;
$fp = fopen($file_path, 'wb');
fwrite($fp, $_POST['body'], $size);
fclose($fp);
// check if this file name already exists
$sql = "SELECT file_id, num_revisions FROM %sfiles WHERE owner_type=%d AND owner_id=%d AND folder_id=%d AND file_id<>%d AND file_name='%s' AND parent_file_id=0 ORDER BY file_id DESC LIMIT 1";
$rows_revisions = queryDB($sql, array(TABLE_PREFIX, $owner_type, $owner_id, $parent_folder_id, $file_id, $_POST['name']));
if (count($rows_revisions) > 0) {
if ($_config['fs_versioning']) {
$sql = "UPDATE %sfiles SET parent_file_id=%d, date=date WHERE file_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $file_id, $row['file_id']));
$sql = "UPDATE %sfiles SET num_revisions=%d+1, date=date WHERE file_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $row['num_revisions'], $file_id));
} else {
fs_delete_file($row['file_id'], $owner_type, $owner_id);