function get_action() { $result = Request::get(self::PARAM_ACTION, self::ACTION_DEFAULT); if ($result != self::ACTION_DEFAULT) { $passed = Security::check_token('get'); Security::clear_token(); $result = $passed ? $result : self::ACTION_SECURITY_FAILED; } return $result; }
function manage_form($default, $select_from_user_list = null, $sent_to = null) { $group_id = isset($_REQUEST['group_id']) ? intval($_REQUEST['group_id']) : null; $message_id = isset($_GET['message_id']) ? intval($_GET['message_id']) : null; $param_f = isset($_GET['f']) && $_GET['f'] == 'social' ? 'social' : null; $form = new FormValidator('compose_message', null, api_get_self() . '?f=' . $param_f, null, array('enctype' => 'multipart/form-data')); if (empty($group_id)) { if (isset($select_from_user_list)) { $form->addText('id_text_name', get_lang('SendMessageTo'), true, array('id' => 'id_text_name', 'onkeyup' => 'send_request_and_search()', 'autocomplete' => 'off')); $form->addRule('id_text_name', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('html', '<div id="id_div_search" style="padding:0px" class="message-select-box" > </div>'); $form->addElement('hidden', 'user_list', 0, array('id' => 'user_list')); } else { if (!empty($sent_to)) { $form->addLabel(get_lang('SendMessageTo'), $sent_to); } if (empty($default['users'])) { //fb select $form->addElement('select_ajax', 'users', get_lang('SendMessageTo'), array(), ['multiple' => 'multiple', 'url' => api_get_path(WEB_AJAX_PATH) . 'message.ajax.php?a=find_users']); } else { $form->addElement('hidden', 'hidden_user', $default['users'][0], array('id' => 'hidden_user')); } } } else { $userGroup = new UserGroup(); $group_info = $userGroup->get($group_id); $form->addElement('label', get_lang('ToGroup'), api_xml_http_response_encode($group_info['name'])); $form->addElement('hidden', 'group_id', $group_id); $form->addElement('hidden', 'parent_id', $message_id); } $form->addText('title', get_lang('Subject'), true); $form->addHtmlEditor('content', get_lang('Message'), false, false, array('ToolbarSet' => 'Messages', 'Width' => '100%', 'Height' => '250')); if (isset($_GET['re_id'])) { $message_reply_info = MessageManager::get_message_by_id($_GET['re_id']); $default['title'] = get_lang('MailSubjectReplyShort') . " " . $message_reply_info['title']; $form->addElement('hidden', 're_id', intval($_GET['re_id'])); $form->addElement('hidden', 'save_form', 'save_form'); //adding reply mail $user_reply_info = api_get_user_info($message_reply_info['user_sender_id']); $default['content'] = '<p><br/></p>' . sprintf(get_lang('XWroteY'), $user_reply_info['complete_name'], Security::filter_terms($message_reply_info['content'])); } if (empty($group_id)) { $form->addElement('label', '', '<div id="filepaths" class="form-group"> <div id="filepath_1"> <label>' . get_lang('FilesAttachment') . '</label> <input type="file" name="attach_1"/> <label>' . get_lang('Description') . '</label> <input id="file-descrtiption" type="text" name="legend[]" class="form-control"/> </div> </div>'); $form->addElement('label', '', '<span id="link-more-attach"><a href="javascript://" onclick="return add_image_form()">' . get_lang('AddOneMoreFile') . '</a></span> (' . sprintf(get_lang('MaximunFileSizeX'), format_file_size(api_get_setting('message.message_max_upload_filesize'))) . ')'); } $form->addButtonSend(get_lang('SendMessage'), 'compose'); $form->setRequiredNote('<span class="form_required">*</span> <small>' . get_lang('ThisFieldIsRequired') . '</small>'); if (!empty($group_id) && !empty($message_id)) { $message_info = MessageManager::get_message_by_id($message_id); $default['title'] = get_lang('MailSubjectReplyShort') . " " . $message_info['title']; } $form->setDefaults($default); $html = ''; if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $user_list = $default['users']; $file_comments = $_POST['legend']; $title = $default['title']; $content = $default['content']; $group_id = isset($default['group_id']) ? $default['group_id'] : null; $parent_id = isset($default['parent_id']) ? $default['parent_id'] : null; if (is_array($user_list) && count($user_list) > 0) { //all is well, send the message foreach ($user_list as $user) { $res = MessageManager::send_message($user, $title, $content, $_FILES, $file_comments, $group_id, $parent_id); if ($res) { $html .= MessageManager::display_success_message($user); } } } else { Display::display_error_message('ErrorSendingMessage'); } } Security::clear_token(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $html .= $form->returnForm(); } return $html; }
break; case 'delete_all_certificates': Category::deleteAllCertificates($cat_id); break; } $course_code = api_get_course_id(); $interbreadcrumb[] = array('url' => Security::remove_XSS($_SESSION['gradebook_dest']) . '?', 'name' => get_lang('Gradebook')); $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('GradebookListOfStudentsCertificates')); $this_section = SECTION_COURSES; Display::display_header(''); if (isset($_GET['action']) && $_GET['action'] == 'delete') { $check = Security::check_token('get'); if ($check) { $certificate = new Certificate($_GET['certificate_id']); $result = $certificate->delete(true); Security::clear_token(); if ($result == true) { Display::display_confirmation_message(get_lang('CertificateRemoved')); } else { Display::display_error_message(get_lang('CertificateNotRemoved')); } } } $token = Security::get_token(); echo Display::page_header(get_lang('GradebookListOfStudentsCertificates')); //@todo replace all this code with something like get_total_weight() $cats = Category::load($cat_id, null, null, null, null, null, false); if (!empty($cats)) { //with this fix the teacher only can view 1 gradebook if (api_is_platform_admin()) { $stud_id = api_is_allowed_to_edit() ? null : api_get_user_id();
/** * form to add a category * @todo move to TestCategory.class.php * @param string $action */ function add_category_form($action) { $action = Security::remove_XSS($action); // initiate the object $form = new FormValidator('note', 'post', api_get_self() . '?action=' . $action); // Setting the form elements $form->addElement('header', get_lang('AddACategory')); $form->addElement('text', 'category_name', get_lang('CategoryName'), array('size' => '95')); $form->addHtmlEditor('category_description', get_lang('CategoryDescription'), false, false, array('ToolbarSet' => 'test_category', 'Height' => '200')); $form->addButtonCreate(get_lang('AddTestCategory'), 'SubmitNote'); // setting the rules $form->addRule('category_name', get_lang('ThisFieldIsRequired'), 'required'); // The validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->exportValues(); $v_name = Security::remove_XSS($values['category_name'], COURSEMANAGER); $v_description = Security::remove_XSS($values['category_description'], COURSEMANAGER); $objcat = new TestCategory(0, $v_name, $v_description); if ($objcat->addCategoryInBDD()) { Display::display_confirmation_message(get_lang('AddCategoryDone')); } else { Display::display_confirmation_message(get_lang('AddCategoryNameAlreadyExists')); } } Security::clear_token(); } else { display_goback(); $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $form->display(); } }
/** * It's used for editing attendace, * render to attendance_edit or attendance_list view * @param int attendance id */ public function attendance_edit($attendance_id) { $attendance = new Attendance(); $data = array(); $attendance_id = intval($attendance_id); if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { if (!empty($_POST['title'])) { $check = Security::check_token(); if ($check) { $attendance->set_name($_POST['title']); $attendance->set_description($_POST['description']); $attendance->set_attendance_qualify_title($_POST['attendance_qualify_title']); $attendance->set_attendance_weight($_POST['attendance_weight']); $attendance->category_id = $_POST['category_id']; $link_to_gradebook = false; if (isset($_POST['attendance_qualify_gradebook']) && $_POST['attendance_qualify_gradebook'] == 1) { $link_to_gradebook = true; } $last_id = $attendance->attendance_edit($attendance_id, $link_to_gradebook); Security::clear_token(); $param_gradebook = ''; if (isset($_SESSION['gradebook'])) { $param_gradebook = '&gradebook=' . Security::remove_XSS($_SESSION['gradebook']); } header('location:index.php?action=attendance_list&' . api_get_cidreq() . $param_gradebook); exit; } } else { $data['attendance_id'] = $_POST['attendance_id']; $data['error'] = true; $this->view->set_data($data); $this->view->set_layout('layout'); $this->view->set_template('attendance_edit'); $this->view->render(); } } else { // default values $attendance_data = $attendance->get_attendance_by_id($attendance_id); $data['attendance_id'] = $attendance_data['id']; $data['title'] = $attendance_data['name']; $data['description'] = $attendance_data['description']; $data['attendance_qualify_title'] = $attendance_data['attendance_qualify_title']; $data['attendance_weight'] = $attendance_data['attendance_weight']; $this->view->set_data($data); $this->view->set_layout('layout'); $this->view->set_template('attendance_edit'); $this->view->render(); } }
function get_action() { /** * todo check token */ $check = Security::check_token('post'); Security::clear_token(); if (!$check) { return 'display'; } return Request::post('action', 'display'); }
function add_category_form($in_action, $type = 'simple') { $in_action = Security::remove_XSS($in_action); // Initiate the object $form = new FormValidator('note', 'post', api_get_self() . '?' . api_get_cidreq() . '&action=' . $in_action . "&type=" . $type); // Setting the form elements $form->addElement('header', get_lang('AddACategory')); $form->addElement('text', 'category_name', get_lang('CategoryName'), array('class' => 'span6')); $form->add_html_editor('category_description', get_lang('CategoryDescription'), false, false, array('ToolbarSet' => 'test_category', 'Width' => '90%', 'Height' => '200')); $form->addElement('select', 'parent_id', get_lang('Parent'), array(), array('id' => 'parent_id')); $form->addElement('style_submit_button', 'SubmitNote', get_lang('AddTestCategory'), 'class="add"'); // Setting the rules $form->addRule('category_name', get_lang('ThisFieldIsRequired'), 'required'); // The validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->getSubmitValues(); $parent_id = isset($values['parent_id']) && isset($values['parent_id'][0]) ? $values['parent_id'][0] : null; $objcat = new Testcategory(0, $values['category_name'], $values['category_description'], $parent_id, $type, api_get_course_int_id()); if ($objcat->addCategoryInBDD()) { Display::display_confirmation_message(get_lang('AddCategoryDone')); } else { Display::display_confirmation_message(get_lang('AddCategoryNameAlreadyExists')); } } Security::clear_token(); display_add_category($type); display_categories($type); } else { display_goback($type); $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $form->display(); } }
/** * This function displays the form that is used to add a post. This can be a new thread or a reply. * @param array $current_forum * @param array $forum_setting * @param string $action is the parameter that determines if we are * 1. newthread: adding a new thread (both empty) => No I-frame * 2. replythread: Replying to a thread ($action = replythread) => I-frame with the complete thread (if enabled) * 3. replymessage: Replying to a message ($action =replymessage) => I-frame with the complete thread (if enabled) (I first thought to put and I-frame with the message only) * 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). The message will be in the reply. (I first thought not to put an I-frame here) * @return void HMTL * @author Patrick Cool <*****@*****.**>, Ghent University * @version february 2006, dokeos 1.8 */ function show_add_post_form($current_forum, $forum_setting, $action = '', $id = '', $form_values = '') { $_user = api_get_user_info(); $action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : null; // Initialize the object. $myThread = isset($_GET['thread']) ? $_GET['thread'] : ''; $my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; $my_post = isset($_GET['post']) ? $_GET['post'] : ''; $my_gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : ''; $form = new FormValidator('thread', 'post', api_get_self() . '?' . http_build_query(['forum' => intval($my_forum), 'gradebook' => $my_gradebook, 'thread' => intval($myThread), 'post' => intval($my_post), 'action' => $action]) . '&' . api_get_cidreq()); $form->setConstants(array('forum' => '5')); // Setting the form elements. $form->addElement('hidden', 'forum_id', intval($my_forum)); $form->addElement('hidden', 'thread_id', intval($myThread)); $form->addElement('hidden', 'gradebook', $my_gradebook); // If anonymous posts are allowed we also display a form to allow the user to put his name or username in. if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addElement('text', 'poster_name', get_lang('Name')); $form->applyFilter('poster_name', 'html_filter'); } $form->addElement('text', 'post_title', get_lang('Title')); $form->addHtmlEditor('post_text', get_lang('Text'), true, null, api_is_allowed_to_edit(null, true) ? array('ToolbarSet' => 'Forum', 'Width' => '100%', 'Height' => '300') : array('ToolbarSet' => 'ForumStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student')); $form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required'); $iframe = null; $myThread = Security::remove_XSS($myThread); if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread' && !empty($myThread)) { $iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?" . api_get_cidreq() . "&forum=" . Security::remove_XSS($my_forum) . "&thread=" . $myThread . "#" . Security::remove_XSS($my_post) . "\" width=\"100%\"></iframe>"; } if (!empty($iframe)) { $form->addElement('label', get_lang('Thread'), $iframe); } $form->addElement('advanced_settings', 'advanced_params', get_lang('AdvancedParameters')); $form->addElement('html', '<div id="advanced_params_options" style="display:none">'); if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !$myThread) { // Thread qualify if (Gradebook::is_active()) { //Loading gradebook select GradebookUtils::load_gradebook_select_in_tool($form); $form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'), 'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"'); } else { $form->addElement('hidden', 'thread_qualify_gradebook', false); } $form->addElement('html', '<div id="options_field" style="display:none">'); $form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric')); $form->applyFilter('numeric_calification', 'html_filter'); $form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook')); $form->applyFilter('calification_notebook_title', 'html_filter'); $form->addElement('text', 'weight_calification', get_lang('QualifyWeight'), array('value' => '0.00', 'onfocus' => "javascript: this.select();")); $form->applyFilter('weight_calification', 'html_filter'); $group = array(); $group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('Yes'), 1); $group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('No'), 0); $form->addGroup($group, '', [get_lang('ForumThreadPeerScoring'), get_lang('ForumThreadPeerScoringComment')], ' '); $form->addElement('html', '</div>'); } if ($forum_setting['allow_post_notification'] && isset($_user['user_id'])) { $form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail') . ' (' . $_user['mail'] . ')'); } if ($forum_setting['allow_sticky'] && api_is_allowed_to_edit(null, true) && $action == 'newthread') { $form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost')); } if ($current_forum['allow_attachments'] == '1' || api_is_allowed_to_edit(null, true)) { $values = $form->exportValues(); } $form->addElement('html', '</div>'); if (in_array($action, ['quote', 'replymessage'])) { $form->addFile('user_upload[]', get_lang('Attachment')); $form->addButton('add_attachment', get_lang('AddAttachment'), 'paperclip', 'default', 'default', null, ['id' => 'reply-add-attachment']); } else { $form->addFile('user_upload', get_lang('Attachment')); } // Setting the class and text of the form title and submit button. if ($action == 'quote') { $form->addButtonCreate(get_lang('QuoteMessage'), 'SubmitPost'); } elseif ($action == 'replythread') { $form->addButtonCreate(get_lang('ReplyToThread'), 'SubmitPost'); } elseif ($action == 'replymessage') { $form->addButtonCreate(get_lang('ReplyToMessage'), 'SubmitPost'); } else { $form->addButtonCreate(get_lang('CreateThread'), 'SubmitPost'); } if (!empty($form_values)) { $defaults['post_title'] = prepare4display($form_values['post_title']); $defaults['post_text'] = prepare4display($form_values['post_text']); $defaults['post_notification'] = strval(intval($form_values['post_notification'])); $defaults['thread_sticky'] = strval(intval($form_values['thread_sticky'])); $defaults['thread_peer_qualify'] = intval($form_values['thread_peer_qualify']); } else { $defaults['thread_peer_qualify'] = 0; } // If we are quoting a message we have to retrieve the information of the post we are quoting so that // we can add this as default to the textarea. if (($action == 'quote' || $action == 'replymessage') && isset($my_post)) { // We also need to put the parent_id of the post in a hidden form when // we are quoting or replying to a message (<> reply to a thread !!!) $form->addElement('hidden', 'post_parent_id', intval($my_post)); // If we are replying or are quoting then we display a default title. $values = get_post_information($my_post); $defaults['post_title'] = get_lang('ReplyShort') . api_html_entity_decode($values['post_title'], ENT_QUOTES); // When we are quoting a message then we have to put that message into the wysiwyg editor. // Note: The style has to be hardcoded here because using class="quote" didn't work. if ($action == 'quote') { $defaults['post_text'] = '<div> </div><div style="margin: 5px;"><div style="font-size: 90%; font-style: italic;">' . get_lang('Quoting') . ' ' . api_get_person_name($values['firstname'], $values['lastname']) . ':</div><div style="color: #006600; font-size: 90%; font-style: italic; background-color: #FAFAFA; border: #D1D7DC 1px solid; padding: 3px;">' . prepare4display($values['post_text']) . '</div></div><div> </div><div> </div>'; } } $form->setDefaults(isset($defaults) ? $defaults : null); // The course admin can make a thread sticky (=appears with special icon and always on top). $form->addRule('post_title', get_lang('ThisFieldIsRequired'), 'required'); if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addRule('poster_name', get_lang('ThisFieldIsRequired'), 'required'); } // Validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->exportValues(); if (isset($values['thread_qualify_gradebook']) && $values['thread_qualify_gradebook'] == '1' && empty($values['weight_calification'])) { Display::display_error_message(get_lang('YouMustAssignWeightOfQualification') . ' <a href="javascript:window.history.go(-1);">' . get_lang('Back') . '</a>', false); return false; } Security::clear_token(); return $values; } } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); // Delete from $_SESSION forum attachment from other posts // and keep only attachments for new post clearAttachedFiles(FORUM_NEW_POST); // Get forum attachment ajax table to add it to form $attachmentAjaxTable = getAttachmentsAjaxTable(0, $current_forum['forum_id']); $ajaxHtml = $attachmentAjaxTable; $form->addElement('html', $ajaxHtml); $form->display(); } }
/** * It's used for adding a course description, * render to listing or add view */ public function add() { $course_description = new CourseDescription(); $session_id = api_get_session_id(); $course_description->set_session_id($session_id); $data = array(); if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) { $check = Security::check_token(); if ($check) { $title = $_POST['title']; $content = $_POST['contentDescription']; $description_type = $_POST['description_type']; if ($description_type >= ADD_BLOCK) { $course_description->set_description_type($description_type); $course_description->set_title($title); $course_description->set_content($content); $course_description->insert(api_get_course_int_id()); } Security::clear_token(); Display::addFlash(Display::return_message(get_lang('CourseDescriptionUpdated'))); } $this->listing(false); } else { $data['error'] = 1; $data['default_description_titles'] = $course_description->get_default_description_title(); $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); $data['default_description_icon'] = $course_description->get_default_description_icon(); $data['question'] = $course_description->get_default_question(); $data['information'] = $course_description->get_default_information(); $data['description_title'] = $_POST['title']; $data['description_content'] = $_POST['contentDescription']; $data['description_type'] = $_POST['description_type']; $this->view->set_data($data); $this->view->set_layout('layout'); $this->view->set_template('add'); $this->view->render(); } } else { $data['default_description_titles'] = $course_description->get_default_description_title(); $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); $data['default_description_icon'] = $course_description->get_default_description_icon(); $data['question'] = $course_description->get_default_question(); $data['information'] = $course_description->get_default_information(); $data['description_type'] = $course_description->get_max_description_type(); // render to the view $this->view->set_data($data); $this->view->set_layout('layout'); $this->view->set_template('add'); $this->view->render(); } }
/** * This method is used for thematic control (update, insert or listing) * @param string Action * render to thematic.php */ public function thematic($action) { $thematic = new Thematic(); $data = array(); $error = false; $msg_add = false; $check = Security::check_token('request'); $thematic_id = isset($_REQUEST['thematic_id']) ? intval($_REQUEST['thematic_id']) : null; $displayHeader = !empty($_REQUEST['display']) && $_REQUEST['display'] === 'no_header' ? false : true; if ($check) { switch ($action) { case 'thematic_add': case 'thematic_edit': // insert or update a thematic if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { if (trim($_POST['title']) !== '') { if (api_is_allowed_to_edit(null, true)) { $id = isset($_POST['thematic_id']) ? $_POST['thematic_id'] : null; $title = trim($_POST['title']); $content = trim($_POST['content']); $session_id = api_get_session_id(); $thematic->set_thematic_attributes($id, $title, $content, $session_id); $last_id = $thematic->thematic_save(); if ($_POST['action'] == 'thematic_add') { $action = 'thematic_details'; $thematic_id = null; if ($last_id) { $data['last_id'] = $last_id; } } else { $action = 'thematic_details'; $thematic_id = null; } } } else { $error = true; $data['error'] = $error; $data['action'] = $_POST['action']; $data['thematic_id'] = $_POST['thematic_id']; // render to the view $this->view->set_data($data); $this->view->set_layout('layout'); $this->view->set_template('thematic'); $this->view->render(); } } break; case 'thematic_copy': //Copy a thematic to a session $thematic->copy($thematic_id); $thematic_id = null; $action = 'thematic_details'; break; case 'thematic_delete_select': //Delete many thematics if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { if (api_is_allowed_to_edit(null, true)) { $thematic_ids = $_POST['id']; $affected_rows = $thematic->thematic_destroy($thematic_ids); } $action = 'thematic_details'; } break; case 'thematic_delete': // Delete a thematic if (isset($thematic_id)) { if (api_is_allowed_to_edit(null, true)) { $thematic->thematic_destroy($thematic_id); } $thematic_id = null; $action = 'thematic_details'; } break; case 'thematic_import_select': break; case 'thematic_import': $csv_import_array = Import::csvToArray($_FILES['file']['tmp_name']); if (isset($_POST['replace']) && $_POST['replace']) { // Remove current thematic. $list = $thematic->get_thematic_list(); foreach ($list as $i) { $thematic->thematic_destroy($i); } } // Import the progress. $current_thematic = null; foreach ($csv_import_array as $item) { $key = $item['type']; switch ($key) { case 'title': $thematic->set_thematic_attributes(null, $item['data1'], $item['data2'], api_get_session_id()); $current_thematic = $thematic->thematic_save(); $description_type = 0; break; case 'plan': $thematic->set_thematic_plan_attributes($current_thematic, $item['data1'], $item['data2'], $description_type); $thematic->thematic_plan_save(); $description_type++; break; case 'progress': $thematic->set_thematic_advance_attributes(null, $current_thematic, 0, $item['data3'], $item['data1'], $item['data2']); $thematic->thematic_advance_save(); break; } } $action = 'thematic_details'; break; case 'thematic_export': $list = $thematic->get_thematic_list(); $csv = array(); $csv[] = array('type', 'data1', 'data2', 'data3'); foreach ($list as $theme) { $csv[] = array('title', $theme['title'], $theme['content']); $data = $thematic->get_thematic_plan_data($theme['id']); if (!empty($data)) { foreach ($data as $plan) { $csv[] = array('plan', $plan['title'], $plan['description']); } } $data = $thematic->get_thematic_advance_by_thematic_id($theme['id']); if (!empty($data)) { foreach ($data as $advance) { $csv[] = array('progress', $advance['start_date'], $advance['duration'], $advance['content']); } } } Export::arrayToCsv($csv); exit; // Don't continue building a normal page. return; case 'thematic_export_pdf': $list = $thematic->get_thematic_list(); $table = array(); $table[] = array(get_lang('Thematic'), get_lang('ThematicPlan'), get_lang('ThematicAdvance')); foreach ($list as $theme) { $data = $thematic->get_thematic_plan_data($theme['id']); $plan_html = null; if (!empty($data)) { foreach ($data as $plan) { $plan_html .= '<strong>' . $plan['title'] . '</strong><br /> ' . $plan['description'] . '<br />'; } } $data = $thematic->get_thematic_advance_by_thematic_id($theme['id']); $advance_html = null; if (!empty($data)) { foreach ($data as $advance) { $advance_html .= api_convert_and_format_date($advance['start_date'], DATE_FORMAT_LONG) . ' (' . $advance['duration'] . ' ' . get_lang('HourShort') . ')<br />' . $advance['content'] . '<br />'; } } $table[] = array($theme['title'], $plan_html, $advance_html); } $params = array('filename' => get_lang('Thematic') . '-' . api_get_local_time(), 'pdf_title' => get_lang('Thematic'), 'add_signatures' => true, 'format' => 'A4-L', 'orientation' => 'L'); Export::export_table_pdf($table, $params); break; case 'moveup': $thematic->move_thematic('up', $thematic_id); $action = 'thematic_details'; $thematic_id = null; break; case 'movedown': $thematic->move_thematic('down', $thematic_id); $action = 'thematic_details'; $thematic_id = null; break; } Security::clear_token(); } else { $action = 'thematic_details'; $thematic_id = null; } if (isset($thematic_id)) { $data['thematic_data'] = $thematic->get_thematic_list($thematic_id); $data['thematic_id'] = $thematic_id; } if ($action == 'thematic_details') { if (isset($thematic_id)) { $thematic_data_result = $thematic->get_thematic_list($thematic_id); if (!empty($thematic_data_result)) { $thematic_data[$thematic_id] = $thematic_data_result; } $data['total_average_of_advances'] = $thematic->get_average_of_advances_by_thematic($thematic_id); } else { $thematic_data = $thematic->get_thematic_list(null, api_get_course_id(), api_get_session_id()); $data['max_thematic_item'] = $thematic->get_max_thematic_item(); $data['last_done_thematic_advance'] = $thematic->get_last_done_thematic_advance(); $data['total_average_of_advances'] = $thematic->get_total_average_of_thematic_advances(); } // Second column $thematic_plan_data = $thematic->get_thematic_plan_data(); // Third column $thematic_advance_data = $thematic->get_thematic_advance_list(null, null, true); $data['thematic_plan_div'] = $thematic->get_thematic_plan_div($thematic_plan_data); $data['thematic_advance_div'] = $thematic->get_thematic_advance_div($thematic_advance_data); $data['thematic_plan_data'] = $thematic_plan_data; $data['thematic_advance_data'] = $thematic_advance_data; $data['thematic_data'] = $thematic_data; } $data['default_thematic_plan_title'] = $thematic->get_default_thematic_plan_title(); $data['action'] = $action; $layoutName = $displayHeader ? 'layout' : 'layout_no_header'; // render to the view $this->view->set_data($data); $this->view->set_layout($layoutName); $this->view->set_template('thematic'); $this->view->render(); }
/** * Add (or edit) a template. This function displays the form and also takes * care of uploading the image and storing the information in the database * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version August 2008 * @since Dokeos 1.8.6 */ function add_edit_template() { // Initialize the object. $id = isset($_GET['id']) ? '&id=' . Security::remove_XSS($_GET['id']) : ''; $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . Security::remove_XSS($_GET['action']) . $id); // Setting the form elements: the header. if ($_GET['action'] == 'add') { $title = get_lang('AddTemplate'); } else { $title = get_lang('EditTemplate'); } $form->addElement('header', '', $title); // Setting the form elements: the title of the template. $form->addText('title', get_lang('Title'), false); // Setting the form elements: the content of the template (wysiwyg editor). $form->addHtmlEditor('template_text', get_lang('Text'), false, false, array('ToolbarSet' => 'AdminTemplates', 'Width' => '100%', 'Height' => '400')); // Setting the form elements: the form to upload an image to be used with the template. $form->addElement('file', 'template_image', get_lang('Image'), ''); // Setting the form elements: a little bit information about the template image. $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70')); // Getting all the information of the template when editing a template. if ($_GET['action'] == 'edit') { // Database table definition. $table_system_template = Database::get_main_table('system_template'); $sql = "SELECT * FROM {$table_system_template} WHERE id = " . intval($_GET['id']) . ""; $result = Database::query($sql); $row = Database::fetch_array($result); $defaults['template_id'] = intval($_GET['id']); $defaults['template_text'] = $row['content']; // Forcing get_lang(). $defaults['title'] = get_lang($row['title']); // Adding an extra field: a hidden field with the id of the template we are editing. $form->addElement('hidden', 'template_id'); // Adding an extra field: a preview of the image that is currently used. if (!empty($row['image'])) { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>'); } else { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>'); } // Setting the information of the template that we are editing. $form->setDefaults($defaults); } // Setting the form elements: the submit button. $form->addButtonSave(get_lang('Ok'), 'submit'); // Setting the rules: the required fields. $form->addRule('template_image', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('template_text', get_lang('ThisFieldIsRequired'), 'required'); // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed) if ($form->validate()) { $check = Security::check_token('post'); if ($check) { // Exporting the values. $values = $form->exportValues(); // Upload the file. if (!empty($_FILES['template_image']['name'])) { $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // The upload directory. $upload_dir = api_get_path(SYS_APP_PATH) . 'home/default_platform_document/template_thumb/'; // Create the directory if it does not exist. if (!is_dir($upload_dir)) { mkdir($upload_dir, api_get_permissions_for_new_directories()); } // Resize the preview image to max default and upload. $temp = new Image($_FILES['template_image']['tmp_name']); $picture_info = $temp->get_image_info(); $max_width_for_picture = 100; if ($picture_info['width'] > $max_width_for_picture) { $temp->resize($max_width_for_picture); } $temp->send_image($upload_dir . $new_file_name); } } // Store the information in the database (as insert or as update). $table_system_template = Database::get_main_table('system_template'); if ($_GET['action'] == 'add') { $content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY); $params = ['title' => $values['title'], 'content' => $content_template, 'image' => $new_file_name]; Database::insert($table_system_template, $params); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateAdded')); echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>'; } else { $content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>' . Database::escape_string($values['template_text']) . '</body>'; $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "', content = '" . $content_template . "'"; if (!empty($new_file_name)) { $sql .= ", image = '" . Database::escape_string($new_file_name) . "'"; } $sql .= " WHERE id = " . intval($_GET['id']) . ""; Database::query($sql); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateEdited')); } } Security::clear_token(); display_templates(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); // Display the form. $form->display(); } }
/** * @return array|null|string */ function store_add_dropbox() { $_course = api_get_course_info(); $_user = api_get_user_info(); $dropbox_cnf = getDropboxConf(); // Validating the form data // there are no recipients selected if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) { return get_lang('YouMustSelectAtLeastOneDestinee'); } else { // Check if all the recipients are valid $thisIsAMailing = false; $thisIsJustUpload = false; foreach ($_POST['recipients'] as $rec) { if ($rec == 'mailing') { $thisIsAMailing = true; } elseif ($rec == 'upload') { $thisIsJustUpload = true; } elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) { return get_lang('InvalideUserDetected'); } elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) { return get_lang('InvalideGroupDetected'); } } } // we are doing a mailing but an additional recipient is selected if ($thisIsAMailing && count($_POST['recipients']) != 1) { return get_lang('MailingSelectNoOther'); } // we are doing a just upload but an additional recipient is selected. // note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails) if ($thisIsJustUpload && count($_POST['recipients']) != 1) { return get_lang('MailingJustUploadSelectNoOther'); } if (empty($_FILES['file']['name'])) { $error = true; return get_lang('NoFileSpecified'); } // are we overwriting a previous file or sending a new one $dropbox_overwrite = false; if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) { $dropbox_overwrite = true; } // doing the upload $dropbox_filename = $_FILES['file']['name']; $dropbox_filesize = $_FILES['file']['size']; $dropbox_filetype = $_FILES['file']['type']; $dropbox_filetmpname = $_FILES['file']['tmp_name']; // check if the filesize does not exceed the allowed size. if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) { return get_lang('DropboxFileTooBig'); // TODO: The "too big" message does not fit in the case of uploading zero-sized file. } // check if the file is actually uploaded if (!is_uploaded_file($dropbox_filetmpname)) { // check user fraud : no clean error msg. return get_lang('TheFileIsNotUploaded'); } $upload_ok = process_uploaded_file($_FILES['file'], true); if (!$upload_ok) { return null; } // Try to add an extension to the file if it hasn't got one $dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype); // Replace dangerous characters $dropbox_filename = replace_dangerous_char($dropbox_filename); // Transform any .php file in .phps fo security $dropbox_filename = php2phps($dropbox_filename); //filter extension if (!filter_extension($dropbox_filename)) { return get_lang('UplUnableToSaveFileFilteredExtension'); } // set title $dropbox_title = $dropbox_filename; // set author if (!isset($_POST['authors'])) { $_POST['authors'] = getUserNameFromId($_user['user_id']); } // note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload if ($dropbox_overwrite) { $dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor()); foreach ($dropbox_person->sentWork as $w) { if ($w->title == $dropbox_filename) { if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) { return get_lang('MailingNonMailingError'); } if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) { return get_lang('MailingJustUploadSelectNoOther'); } $dropbox_filename = $w->filename; $found = true; // note: do we still need this? break; } } } else { // rename file to login_filename_uniqueId format $dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid(''); } // creating the array that contains all the users who will receive the file $new_work_recipients = array(); foreach ($_POST['recipients'] as $rec) { if (strpos($rec, 'user_') === 0) { $new_work_recipients[] = substr($rec, strlen('user_')); } elseif (strpos($rec, 'group_') === 0) { $userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_'))); foreach ($userList as $usr) { if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) { $new_work_recipients[] = $usr['user_id']; } } } } @move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename); $b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox'); if ($b_send_mail) { foreach ($new_work_recipients as $recipient_id) { $recipent_temp = UserManager::get_user_info_by_id($recipient_id); $additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']); api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters); } } new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients); Security::clear_token(); return get_lang('FileUploadSucces'); }
/** * It's used for adding a course description, * render to listing or add view */ public function add() { $course_description = new CourseDescription(); $session_id = api_get_session_id(); $course_description->set_session_id($session_id); $data = array(); if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) { $check = Security::check_token(); if ($check) { $title = $_POST['title']; if (api_get_setting('wcag_anysurfer_public_pages') == 'true') { $content = WCAG_Rendering::prepareXHTML(); } else { $content = $_POST['contentDescription']; } $description_type = $_POST['description_type']; if ($description_type >= ADD_BLOCK) { $course_description->set_description_type($description_type); $course_description->set_title($title); $course_description->set_content($content); $affected_rows = $course_description->insert(api_get_course_int_id()); } Security::clear_token(); } if ($affected_rows) { $message['add'] = true; } $this->listing(false, $message); } else { $data['error'] = 1; $data['default_description_titles'] = $course_description->get_default_description_title(); $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); $data['default_description_icon'] = $course_description->get_default_description_icon(); $data['question'] = $course_description->get_default_question(); $data['information'] = $course_description->get_default_information(); $data['description_title'] = $_POST['title']; $data['description_content'] = $_POST['contentDescription']; $data['description_type'] = $_POST['description_type']; $this->view->set_data($data); $this->view->set_layout('layout'); $this->view->set_template('add'); $this->view->render(); } } else { $data['default_description_titles'] = $course_description->get_default_description_title(); $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); $data['default_description_icon'] = $course_description->get_default_description_icon(); $data['question'] = $course_description->get_default_question(); $data['information'] = $course_description->get_default_information(); $data['description_type'] = $course_description->get_max_description_type(); // render to the view $this->view->set_data($data); $this->view->set_layout('layout'); $this->view->set_template('add'); $this->view->render(); } }
/** * This function displays the form that is used to add a post. This can be a new thread or a reply. * @param $action is the parameter that determines if we are * 1. newthread: adding a new thread (both empty) => No I-frame * 2. replythread: Replying to a thread ($action = replythread) => I-frame with the complete thread (if enabled) * 3. replymessage: Replying to a message ($action =replymessage) => I-frame with the complete thread (if enabled) (I first thought to put and I-frame with the message only) * 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). The message will be in the reply. (I first thought not to put an I-frame here) * @return void HMTL * @author Patrick Cool <*****@*****.**>, Ghent University * @version february 2006, dokeos 1.8 */ function show_add_post_form($action = '', $id = '', $form_values = '') { global $forum_setting; global $current_forum; global $_user; global $origin; $gradebook = Security::remove_XSS($_GET['gradebook']); // Setting the class and text of the form title and submit button. if ($_GET['action'] == 'quote') { $class = 'save'; $text = get_lang('QuoteMessage'); } elseif ($_GET['action'] == 'replythread') { $class = 'save'; $text = get_lang('ReplyToThread'); } elseif ($_GET['action'] == 'replymessage') { $class = 'save'; $text = get_lang('ReplyToMessage'); } else { $class = 'add'; $text = get_lang('CreateThread'); } // Initialize the object. $my_thread = isset($_GET['thread']) ? $_GET['thread'] : ''; $my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; $my_action = isset($_GET['action']) ? $_GET['action'] : ''; $my_post = isset($_GET['post']) ? $_GET['post'] : ''; $my_gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : ''; $form = new FormValidator('thread', 'post', api_get_self() . '?forum=' . Security::remove_XSS($my_forum) . '&gradebook=' . $gradebook . '&thread=' . Security::remove_XSS($my_thread) . '&post=' . Security::remove_XSS($my_post) . '&action=' . Security::remove_XSS($my_action) . '&origin=' . $origin); $form->setConstants(array('forum' => '5')); $form->addElement('header', $text); // Settting the form elements. $form->addElement('hidden', 'forum_id', intval($my_forum)); $form->addElement('hidden', 'thread_id', intval($my_thread)); $form->addElement('hidden', 'gradebook', $my_gradebook); // If anonymous posts are allowed we also display a form to allow the user to put his name or username in. if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addElement('text', 'poster_name', get_lang('Name')); $form->applyFilter('poster_name', 'html_filter'); } $form->addElement('text', 'post_title', get_lang('Title')); $form->addElement('html_editor', 'post_text', get_lang('Text'), true, api_is_allowed_to_edit(null, true) ? array('ToolbarSet' => 'Forum', 'Width' => '100%', 'Height' => '300') : array('ToolbarSet' => 'ForumStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student')); $form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('advanced_settings', '<a href="javascript://" onclick="return advanced_parameters()"> <span id="img_plus_and_minus"> ' . Display::return_icon('div_show.gif', get_lang('Show'), array('style' => 'vertical-align:middle')) . ' ' . get_lang('AdvancedParameters') . '</span></a>'); $form->addElement('html', '<div id="id_qualify" style="display:none">'); if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !$my_thread) { // Thread qualify if (Gradebook::is_active()) { //Loading gradebook select load_gradebook_select_in_tool($form); $form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'), 'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"'); } else { $form->addElement('hidden', 'thread_qualify_gradebook', false); } $form->addElement('html', '<div id="options_field" style="display:none">'); $form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric')); $form->applyFilter('numeric_calification', 'html_filter'); $form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook')); $form->applyFilter('calification_notebook_title', 'html_filter'); $form->addElement('text', 'weight_calification', get_lang('QualifyWeight'), 'value="0.00" Style="width:40px" onfocus="javascript: this.select();"'); $form->applyFilter('weight_calification', 'html_filter'); $form->addElement('html', '</div>'); } if ($forum_setting['allow_post_notification'] && isset($_user['user_id'])) { $form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail') . ' (' . $_user['mail'] . ')'); } if ($forum_setting['allow_sticky'] && api_is_allowed_to_edit(null, true) && $action == 'newthread') { $form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost')); } if ($current_forum['allow_attachments'] == '1' || api_is_allowed_to_edit(null, true)) { $values = $form->exportValues(); } // User upload $form->addElement('static', null, null, get_lang('AddAnAttachment')); $form->addElement('file', 'user_upload', get_lang('FileName'), ''); $form->addElement('textarea', 'file_comment', get_lang('FileComment'), array('rows' => 4, 'cols' => 34)); $form->applyFilter('file_comment', 'html_filter'); $form->addElement('html', '</div>'); $form->addElement('style_submit_button', 'SubmitPost', $text, 'class="' . $class . '"'); $form->add_real_progress_bar('DocumentUpload', 'user_upload'); if (!empty($form_values)) { $defaults['post_title'] = prepare4display($form_values['post_title']); $defaults['post_text'] = prepare4display($form_values['post_text']); $defaults['post_notification'] = strval(intval($form_values['post_notification'])); $defaults['thread_sticky'] = strval(intval($form_values['thread_sticky'])); } // If we are quoting a message we have to retrieve the information of the post we are quoting so that // we can add this as default to the textarea. if (($action == 'quote' || $action == 'replymessage') && isset($my_post)) { // We also need to put the parent_id of the post in a hidden form when we are quoting or replying to a message (<> reply to a thread !!!) $form->addElement('hidden', 'post_parent_id', strval(intval($my_post))); // Note: This has to be cleaned first. // If we are replying or are quoting then we display a default title. $values = get_post_information($my_post); // Note: This has to be cleaned first. $defaults['post_title'] = get_lang('ReplyShort') . api_html_entity_decode($values['post_title'], ENT_QUOTES); // When we are quoting a message then we have to put that message into the wysiwyg editor. // Note: The style has to be hardcoded here because using class="quote" didn't work. if ($action == 'quote') { $defaults['post_text'] = '<div> </div><div style="margin: 5px;"><div style="font-size: 90%; font-style: italic;">' . get_lang('Quoting') . ' ' . api_get_person_name($values['firstname'], $values['lastname']) . ':</div><div style="color: #006600; font-size: 90%; font-style: italic; background-color: #FAFAFA; border: #D1D7DC 1px solid; padding: 3px;">' . prepare4display($values['post_text']) . '</div></div><div> </div><div> </div>'; } } $form->setDefaults(isset($defaults) ? $defaults : null); // The course admin can make a thread sticky (=appears with special icon and always on top). $form->addRule('post_title', get_lang('ThisFieldIsRequired'), 'required'); if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addRule('poster_name', get_lang('ThisFieldIsRequired'), 'required'); } // Validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->exportValues(); if ($values['thread_qualify_gradebook'] == '1' && empty($values['weight_calification'])) { Display::display_error_message(get_lang('YouMustAssignWeightOfQualification') . ' <a href="javascript:window.back()">' . get_lang('Back') . '</a>', false); return false; } Security::clear_token(); return $values; } } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $iframe = null; if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread') { $iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?forum=" . Security::remove_XSS($my_forum) . "&thread=" . Security::remove_XSS($my_thread) . "#" . Security::remove_XSS($my_post) . "\" width=\"100%\"></iframe>"; } if (!empty($iframe)) { $form->addElement('label', get_lang('Thread'), $iframe); } $form->display(); } }