*/ if (!defined("COMMUNITY_INCLUDED") || !defined("IN_DISCUSSIONS")) { exit; } elseif (!$COMMUNITY_LOAD) { exit; } $HEAD[] = "<link href=\"" . ENTRADA_URL . "/javascript/calendar/css/xc2_default.css?release=" . html_encode(APPLICATION_VERSION) . "\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/config/xc2_default.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/script/xc2_inpage.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/discussions.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; echo "<h1>New Discussion Post</h1>\n"; if ($RECORD_ID) { $query = "SELECT * FROM `community_discussions` WHERE `cdiscussion_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID); $discussion_record = $db->GetRow($query); if ($discussion_record) { if (discussions_module_access($RECORD_ID, "add-post")) { $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-forum&id=" . $discussion_record["cdiscussion_id"], "title" => limit_chars($discussion_record["forum_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-post&id=" . $RECORD_ID, "title" => "New Discussion Post"); communities_load_rte(); // Error Checking switch ($STEP) { case 2: /** * Required field "title" / Forum Title. */ if (isset($_POST["topic_title"]) && ($title = clean_input($_POST["topic_title"], array("notags", "trim")))) { $PROCESSED["topic_title"] = $title; } else { $ERROR++; $ERRORSTR[] = "The <strong>Post Title</strong> field is required."; }
$HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/discussions.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; echo "<h1>Reply To Post</h1>\n"; if ($RECORD_ID) { $query = "\n\t\t\t\t\tSELECT a.*, b.`forum_title`, CONCAT_WS(' ', c.`firstname`, c.`lastname`) AS `poster_fullname`, c.`username` AS `poster_username`, d.`notify_active`\n\t\t\t\t\tFROM `community_discussion_topics` AS a\n\t\t\t\t\tLEFT JOIN `community_discussions` AS b\n\t\t\t\t\tON a.`cdiscussion_id` = b.`cdiscussion_id`\n\t\t\t\t\tLEFT JOIN `" . AUTH_DATABASE . "`.`user_data` AS c\n\t\t\t\t\tON a.`proxy_id` = c.`id`\n\t\t\t\t\tLEFT JOIN `community_notify_members` AS d\n\t\t\t\t\tON a.`cdtopic_id` = d.`record_id`\n\t\t\t\t\tAND d.`community_id` = a.`community_id`\n\t\t\t\t\tAND d.`notify_type` = 'reply'\n\t\t\t\t\tAND d.`proxy_id` = " . $db->qstr($ENTRADA_USER->getID()) . "\n\t\t\t\t\tWHERE a.`proxy_id` = c.`id`\n\t\t\t\t\tAND a.`community_id` = " . $db->qstr($COMMUNITY_ID) . "\n\t\t\t\t\tAND b.`cpage_id` = " . $db->qstr($PAGE_ID) . " \n\t\t\t\t\tAND a.`cdtopic_id` = " . $db->qstr($RECORD_ID) . "\n\t\t\t\t\tAND a.`cdtopic_parent` = '0'\n\t\t\t\t\tAND a.`topic_active` = '1'\n\t\t\t\t\tAND b.`forum_active` = '1'"; $topic_record = $db->GetRow($query); if ($topic_record) { if (isset($topic_record["notify_active"])) { $notifications = $topic_record["notify_active"] ? true : false; if ($topic_record["notify_active"] != null) { $notify_record_exists = true; } } else { $notifications = false; $notify_record_exists = false; } if (discussions_module_access($topic_record["cdiscussion_id"], "reply-post")) { $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-forum&id=" . $topic_record["cdiscussion_id"], "title" => limit_chars($topic_record["forum_title"], 16)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-post&id=" . $RECORD_ID, "title" => limit_chars($topic_record["topic_title"], 16)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=reply-post&id=" . $RECORD_ID, "title" => "Reply To Post"); communities_load_rte(); // Error Checking switch ($STEP) { case 2: /** * Non-Required field "description" / Forum Description. * Security Note: I guess I do not need to html_encode the data in the description because * the bbcode parser takes care of this. My other option would be to html_encode, then html_decode * but I think I'm going to trust the bbcode parser right now. Other scaries would be XSS in PHPMyAdmin... */ if (isset($_POST["topic_description"]) && ($description = clean_input($_POST["topic_description"], array("trim", "allowedtags")))) { $PROCESSED["topic_description"] = $description;
/** * This function handles granular permissions levels (where as communities_module_access handles higer level permissions) * for the actual discussion forum topics. * * @param int $cdiscussion_id * @param string $section * @return bool */ function discussion_topic_module_access($cdtopic_id = 0, $section = "") { global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $ENTRADA_USER; $allow_to_load = false; if ((bool) $LOGGED_IN && (bool) $COMMUNITY_MEMBER && (bool) $COMMUNITY_ADMIN) { $allow_to_load = true; } else { if ($cdtopic_id = (int) $cdtopic_id) { $query = "SELECT * FROM `community_discussion_topics` WHERE `cdtopic_id` = " . $db->qstr($cdtopic_id) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID); $result = $db->CacheGetRow(CACHE_TIMEOUT, $query); if ($result) { if ($allow_to_load = discussions_module_access($result["cdiscussion_id"], $section)) { switch ($section) { case "delete-post": case "edit-post": if ($ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) { $allow_to_load = false; } break; default: continue; break; } } } } if ($allow_to_load) { if ((int) $result["topic_active"]) { /** * Don't worry about checking the release dates if the person viewing * the post is the post author. */ if (!$LOGGED_IN || $ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) { if (!($release_date = (int) $result["release_date"]) || $release_date <= time()) { if (!($release_until = (int) $result["release_until"]) || $release_until > time()) { /** * You're good to go, no further checks at this time. * If you need to add more checks, this is there they would go. */ } else { $NOTICE++; $NOTICESTR[] = "This discussion post was only accessible until <strong>" . date(DEFAULT_DATE_FORMAT, $release_until) . "</strong>.<br /><br />Please contact your community administrators for further assistance."; $allow_to_load = false; } } else { $NOTICE++; $NOTICESTR[] = "This discussion post will not be accessible until <strong>" . date(DEFAULT_DATE_FORMAT, $release_date) . "</strong>.<br /><br />Please check back at this time, thank-you."; $allow_to_load = false; } } } else { $NOTICE++; $NOTICESTR[] = "This discussion post was deactivated <strong>" . date(DEFAULT_DATE_FORMAT, $result["updated_date"]) . "</strong> by <strong>" . html_encode(get_account_data("firstlast", $result["updated_by"])) . "</strong>.<br /><br />If there has been a mistake or you have questions relating to this issue please contact the MEdTech Unit directly."; $allow_to_load = false; } } else { if (!$ERROR) { $ERROR++; $ERRORSTR[] = "You do not have access to this discussion post.<br /><br />If you believe there has been a mistake, please contact a community administrator for assistance."; } } } return $allow_to_load; }
echo "\t</td>\n"; echo "\t<td>" . (int) $result["total_replies"] . "</td>\n"; echo "\t<td style=\"font-size: 10px; white-space: nowrap; overflow: hidden\">" . $original_display . "</a></td>\n"; echo "\t<td style=\"font-size: 10px; white-space: nowrap; overflow: hidden\">\n"; echo "\t\t" . date(DEFAULT_DATE_FORMAT, $latest_activity) . "<br />\n"; echo "\t\t<strong>By:</strong> " . $latest_poster_display . "\n"; echo "\t</td>\n"; echo "</tr>\n"; } ?> </tbody> </table> <?php } else { $NOTICE++; $NOTICESTR[] = "<strong>No topics in this forum.</strong><br /><br />" . (discussions_module_access($RECORD_ID, "add-post") ? "If you would like to create a new post, <a href=\"" . COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-post&id=" . $RECORD_ID . "\">click here</a>." : "Please check back later."); echo display_notice(); } ?> </div> <?php } else { if ($ERROR) { echo display_error(); } if ($NOTICE) { echo display_notice(); } } if ($LOGGED_IN) { add_statistic("community:" . $COMMUNITY_ID . ":discussions", "forum_view", "cdiscussion_id", $RECORD_ID);