*/
if (!defined("COMMUNITY_INCLUDED") || !defined("IN_DISCUSSIONS")) {
exit;
} elseif (!$COMMUNITY_LOAD) {
exit;
}
$HEAD[] = "<link href=\"" . ENTRADA_URL . "/javascript/calendar/css/xc2_default.css?release=" . html_encode(APPLICATION_VERSION) . "\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />";
$HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/config/xc2_default.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>";
$HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/script/xc2_inpage.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>";
$HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/discussions.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>";
echo "<h1>New Discussion Post</h1>\n";
if ($RECORD_ID) {
$query = "SELECT * FROM `community_discussions` WHERE `cdiscussion_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID);
$discussion_record = $db->GetRow($query);
if ($discussion_record) {
if (discussions_module_access($RECORD_ID, "add-post")) {
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-forum&id=" . $discussion_record["cdiscussion_id"], "title" => limit_chars($discussion_record["forum_title"], 32));
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-post&id=" . $RECORD_ID, "title" => "New Discussion Post");
communities_load_rte();
// Error Checking
switch ($STEP) {
case 2:
/**
* Required field "title" / Forum Title.
*/
if (isset($_POST["topic_title"]) && ($title = clean_input($_POST["topic_title"], array("notags", "trim")))) {
$PROCESSED["topic_title"] = $title;
} else {
$ERROR++;
$ERRORSTR[] = "The <strong>Post Title</strong> field is required.";
}
$HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/discussions.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>";
echo "<h1>Reply To Post</h1>\n";
if ($RECORD_ID) {
$query = "\n\t\t\t\t\tSELECT a.*, b.`forum_title`, CONCAT_WS(' ', c.`firstname`, c.`lastname`) AS `poster_fullname`, c.`username` AS `poster_username`, d.`notify_active`\n\t\t\t\t\tFROM `community_discussion_topics` AS a\n\t\t\t\t\tLEFT JOIN `community_discussions` AS b\n\t\t\t\t\tON a.`cdiscussion_id` = b.`cdiscussion_id`\n\t\t\t\t\tLEFT JOIN `" . AUTH_DATABASE . "`.`user_data` AS c\n\t\t\t\t\tON a.`proxy_id` = c.`id`\n\t\t\t\t\tLEFT JOIN `community_notify_members` AS d\n\t\t\t\t\tON a.`cdtopic_id` = d.`record_id`\n\t\t\t\t\tAND d.`community_id` = a.`community_id`\n\t\t\t\t\tAND d.`notify_type` = 'reply'\n\t\t\t\t\tAND d.`proxy_id` = " . $db->qstr($ENTRADA_USER->getID()) . "\n\t\t\t\t\tWHERE a.`proxy_id` = c.`id`\n\t\t\t\t\tAND a.`community_id` = " . $db->qstr($COMMUNITY_ID) . "\n\t\t\t\t\tAND b.`cpage_id` = " . $db->qstr($PAGE_ID) . " \n\t\t\t\t\tAND a.`cdtopic_id` = " . $db->qstr($RECORD_ID) . "\n\t\t\t\t\tAND a.`cdtopic_parent` = '0'\n\t\t\t\t\tAND a.`topic_active` = '1'\n\t\t\t\t\tAND b.`forum_active` = '1'";
$topic_record = $db->GetRow($query);
if ($topic_record) {
if (isset($topic_record["notify_active"])) {
$notifications = $topic_record["notify_active"] ? true : false;
if ($topic_record["notify_active"] != null) {
$notify_record_exists = true;
}
} else {
$notifications = false;
$notify_record_exists = false;
}
if (discussions_module_access($topic_record["cdiscussion_id"], "reply-post")) {
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-forum&id=" . $topic_record["cdiscussion_id"], "title" => limit_chars($topic_record["forum_title"], 16));
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-post&id=" . $RECORD_ID, "title" => limit_chars($topic_record["topic_title"], 16));
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=reply-post&id=" . $RECORD_ID, "title" => "Reply To Post");
communities_load_rte();
// Error Checking
switch ($STEP) {
case 2:
/**
* Non-Required field "description" / Forum Description.
* Security Note: I guess I do not need to html_encode the data in the description because
* the bbcode parser takes care of this. My other option would be to html_encode, then html_decode
* but I think I'm going to trust the bbcode parser right now. Other scaries would be XSS in PHPMyAdmin...
*/
if (isset($_POST["topic_description"]) && ($description = clean_input($_POST["topic_description"], array("trim", "allowedtags")))) {
$PROCESSED["topic_description"] = $description;
/**
* This function handles granular permissions levels (where as communities_module_access handles higer level permissions)
* for the actual discussion forum topics.
*
* @param int $cdiscussion_id
* @param string $section
* @return bool
*/
function discussion_topic_module_access($cdtopic_id = 0, $section = "")
{
global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $ENTRADA_USER;
$allow_to_load = false;
if ((bool) $LOGGED_IN && (bool) $COMMUNITY_MEMBER && (bool) $COMMUNITY_ADMIN) {
$allow_to_load = true;
} else {
if ($cdtopic_id = (int) $cdtopic_id) {
$query = "SELECT * FROM `community_discussion_topics` WHERE `cdtopic_id` = " . $db->qstr($cdtopic_id) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID);
$result = $db->CacheGetRow(CACHE_TIMEOUT, $query);
if ($result) {
if ($allow_to_load = discussions_module_access($result["cdiscussion_id"], $section)) {
switch ($section) {
case "delete-post":
case "edit-post":
if ($ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) {
$allow_to_load = false;
}
break;
default:
continue;
break;
}
}
}
}
if ($allow_to_load) {
if ((int) $result["topic_active"]) {
/**
* Don't worry about checking the release dates if the person viewing
* the post is the post author.
*/
if (!$LOGGED_IN || $ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) {
if (!($release_date = (int) $result["release_date"]) || $release_date <= time()) {
if (!($release_until = (int) $result["release_until"]) || $release_until > time()) {
/**
* You're good to go, no further checks at this time.
* If you need to add more checks, this is there they would go.
*/
} else {
$NOTICE++;
$NOTICESTR[] = "This discussion post was only accessible until <strong>" . date(DEFAULT_DATE_FORMAT, $release_until) . "</strong>.<br /><br />Please contact your community administrators for further assistance.";
$allow_to_load = false;
}
} else {
$NOTICE++;
$NOTICESTR[] = "This discussion post will not be accessible until <strong>" . date(DEFAULT_DATE_FORMAT, $release_date) . "</strong>.<br /><br />Please check back at this time, thank-you.";
$allow_to_load = false;
}
}
} else {
$NOTICE++;
$NOTICESTR[] = "This discussion post was deactivated <strong>" . date(DEFAULT_DATE_FORMAT, $result["updated_date"]) . "</strong> by <strong>" . html_encode(get_account_data("firstlast", $result["updated_by"])) . "</strong>.<br /><br />If there has been a mistake or you have questions relating to this issue please contact the MEdTech Unit directly.";
$allow_to_load = false;
}
} else {
if (!$ERROR) {
$ERROR++;
$ERRORSTR[] = "You do not have access to this discussion post.<br /><br />If you believe there has been a mistake, please contact a community administrator for assistance.";
}
}
}
return $allow_to_load;
}
echo "\t</td>\n";
echo "\t<td>" . (int) $result["total_replies"] . "</td>\n";
echo "\t<td style=\"font-size: 10px; white-space: nowrap; overflow: hidden\">" . $original_display . "</a></td>\n";
echo "\t<td style=\"font-size: 10px; white-space: nowrap; overflow: hidden\">\n";
echo "\t\t" . date(DEFAULT_DATE_FORMAT, $latest_activity) . "<br />\n";
echo "\t\t<strong>By:</strong> " . $latest_poster_display . "\n";
echo "\t</td>\n";
echo "</tr>\n";
}
?>
</tbody>
</table>
<?php
} else {
$NOTICE++;
$NOTICESTR[] = "<strong>No topics in this forum.</strong><br /><br />" . (discussions_module_access($RECORD_ID, "add-post") ? "If you would like to create a new post, <a href=\"" . COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-post&id=" . $RECORD_ID . "\">click here</a>." : "Please check back later.");
echo display_notice();
}
?>
</div>
<?php
} else {
if ($ERROR) {
echo display_error();
}
if ($NOTICE) {
echo display_notice();
}
}
if ($LOGGED_IN) {
add_statistic("community:" . $COMMUNITY_ID . ":discussions", "forum_view", "cdiscussion_id", $RECORD_ID);
