$_POST['allowsetting'] = intval($_POST['allowsetting']);
$_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
$_POST['customparameters'] = str_replace('\\r\\n', "\r\n", $addslashes($_POST['customparameters']));
$_POST['organizationid'] = $addslashes($_POST['organizationid']);
$_POST['organizationurl'] = $addslashes($_POST['organizationurl']);
// $_POST['organizationdescr'] = $addslashes($_POST['organizationdescr']);
$_POST['submit'] = $addslashes($_POST['submit']);
}
$tool = intval($_REQUEST['id']);
if (isset($_POST['cancel'])) {
$msg->addFeedback('CANCELLED');
header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
exit;
} else {
if (isset($_POST['form_basiclti'], $tool)) {
if (at_form_validate($blti_admin_form, $msg)) {
$sql = "SELECT count(*) cnt FROM " . TABLE_PREFIX . "basiclti_tools WHERE toolid = '" . mysql_real_escape_string($_POST['toolid']) . "' AND id != {$tool};";
$result = mysql_query($sql, $db) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row["cnt"] != 0) {
$msg->addFeedback('NEED_UNIQUE_TOOLID');
} else {
$sql = at_form_update($_POST, $blti_admin_form);
$sql = 'UPDATE ' . TABLE_PREFIX . "basiclti_tools SET " . $sql . " WHERE id = {$tool};";
$result = mysql_query($sql, $db) or die(mysql_error());
write_to_log(AT_ADMIN_LOG_INSERT, 'basiclti_create', mysql_affected_rows($db), $sql);
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
exit;
}
}
$_POST['toolid'] = $addslashes($_POST['toolid']);
$_POST['cid'] = intval($_POST['cid']);
$_POST['preferheight'] = intval($_POST['preferheight']);
$_POST['launchinpopup'] = intval($_POST['launchinpopup']);
$_POST['debuglaunch'] = intval($_POST['debuglaunch']);
$_POST['sendname'] = intval($_POST['sendname']);
$_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
$_POST['allowroster'] = intval($_POST['allowroster']);
$_POST['allowsetting'] = intval($_POST['allowsetting']);
$_POST['customparameters'] = $addslashes($_POST['customparameters']);
if (!is_int($_SESSION['course_id']) || $_SESSION['course_id'] < 1) {
$msg->addFeedback('NEED_COURSE_ID');
exit;
}
// Add/Update The Tool
if (isset($_POST['toolid']) && at_form_validate($blti_content_edit_form, $msg)) {
$toolid = $_POST['toolid'];
// Escaping is done in the at_form_util code
$sql = "SELECT * FROM %sbasiclti_content WHERE content_id=%d AND course_id=%d";
$row_content = queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], $_SESSION['course_id']), TRUE);
if ($toolid == '--none--') {
$sql = "DELETE FROM %sbasiclti_content WHERE content_id=%d AND course_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], $_SESSION['course_id']));
if ($result === false) {
$msg->addError('MYSQL_FAILED');
} else {
$msg->addFeedback('BASICLTI_DELETED');
}
} else {
if (count($row_content) == 0) {
$sql = "INSERT INTO %sbasiclti_content SET toolid='%s', content_id=%d, course_id=%d";
$_POST['acceptgrades'] = intval($_POST['acceptgrades']);
$_POST['allowroster'] = intval($_POST['allowroster']);
$_POST['allowsetting'] = intval($_POST['allowsetting']);
$_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
// this param won't take $addslashes. Some other form of filter is needed here before V1.0 goes out.
//$_POST['customparameters'] = $addslashes($_POST['customparameters']);
$_POST['submit'] = $addslashes($_POST['submit']);
}
$tool = intval($_REQUEST['id']);
if (isset($_POST['cancel'])) {
$msg->addFeedback('CANCELLED');
header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_instructor.php');
exit;
} else {
if (isset($_POST['form_basiclti'], $tool)) {
if (at_form_validate($blti_instructor_form, $msg)) {
$sql = "SELECT count(*) cnt FROM " . TABLE_PREFIX . "basiclti_tools WHERE toolid = '" . mysql_real_escape_string($_POST['toolid']) . "' AND id != {$tool}" . " AND course_id = " . $_SESSION['course_id'];
$result = mysql_query($sql, $db) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row["cnt"] != 0) {
$msg->addFeedback('NEED_UNIQUE_TOOLID');
} else {
$fields = array('course_id' => $_SESSION['course_id']);
$sql = at_form_update($_POST, $blti_instructor_form, $fields);
$sql = 'UPDATE ' . TABLE_PREFIX . "basiclti_tools SET " . $sql . " WHERE id = {$tool}" . " AND course_id = " . $_SESSION['course_id'];
$result = mysql_query($sql, $db) or die(mysql_error());
write_to_log(AT_ADMIN_LOG_INSERT, 'basiclti_create', mysql_affected_rows($db), $sql);
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_instructor.php');
exit;
}
