/**
* This function saves a new wiki page.
* @author Patrick Cool <*****@*****.**>, Ghent University
* @todo consider merging this with the function save_wiki into one single function.
* @return string Message of success
**/
function save_new_wiki()
{
global $charset;
global $tbl_wiki;
global $assig_user_id;
//need for assignments mode
global $tbl_wiki_conf;
global $page;
// cleaning the variables
$_clean['assignment'] = Database::escape_string($_POST['assignment']);
// session_id
$session_id = api_get_session_id();
if ($_clean['assignment'] == 2 || $_clean['assignment'] == 1) {
// Unlike ordinary pages of pages of assignments. Allow create a ordinary page although there is a assignment with the same name
$page = str_replace(' ', '_', $_POST['title'] . "_uass" . $assig_user_id);
} else {
$page = str_replace(' ', '_', $_POST['title']);
}
$_clean['reflink'] = Database::escape_string(strip_tags(api_htmlentities($page)));
$_clean['title'] = Database::escape_string(strip_tags(trim($_POST['title'])));
$_clean['content'] = Database::escape_string($_POST['content']);
if (api_get_setting('htmlpurifier_wiki') == 'true') {
$purifier = new HTMLPurifier();
$_clean['content'] = $purifier->purify($_clean['content']);
}
//re-check after strip_tags if the title is empty
if (empty($_clean['title']) || empty($_clean['reflink'])) {
return false;
}
if ($_clean['assignment'] == 2) {
//config by default for individual assignment (students)
$_clean['user_id'] = (int) Database::escape_string($assig_user_id);
//Identifies the user as a creator, not the teacher who created
$_clean['visibility'] = 0;
$_clean['visibility_disc'] = 0;
$_clean['ratinglock_disc'] = 0;
} else {
$_clean['user_id'] = api_get_user_id();
$_clean['visibility'] = 1;
$_clean['visibility_disc'] = 1;
$_clean['ratinglock_disc'] = 1;
}
$_clean['comment'] = Database::escape_string($_POST['comment']);
$_clean['progress'] = Database::escape_string($_POST['progress']);
$_clean['version'] = 1;
if (isset($_SESSION['_gid'])) {
$_clean['group_id'] = (int) $_SESSION['_gid'];
}
if (isset($_GET['group_id'])) {
$_clean['group_id'] = (int) Database::escape_string($_GET['group_id']);
}
$_clean['linksto'] = links_to($_clean['content']);
//check wikilinks
//cleaning config variables
$_clean['task'] = Database::escape_string($_POST['task']);
$_clean['feedback1'] = Database::escape_string($_POST['feedback1']);
$_clean['feedback2'] = Database::escape_string($_POST['feedback2']);
$_clean['feedback3'] = Database::escape_string($_POST['feedback3']);
$_clean['fprogress1'] = Database::escape_string($_POST['fprogress1']);
$_clean['fprogress2'] = Database::escape_string($_POST['fprogress2']);
$_clean['fprogress3'] = Database::escape_string($_POST['fprogress3']);
if ($_POST['initstartdate'] == 1) {
$_clean['startdate_assig'] = Database::escape_string(get_date_from_select('startdate_assig'));
} else {
$_clean['startdate_assig'] = Database::escape_string($_POST['startdate_assig']);
}
if ($_POST['initenddate'] == 1) {
$_clean['enddate_assig'] = Database::escape_string(get_date_from_select('enddate_assig'));
} else {
$_clean['enddate_assig'] = Database::escape_string($_POST['enddate_assig']);
}
$_clean['delayedsubmit'] = Database::escape_string($_POST['delayedsubmit']);
$_clean['max_text'] = Database::escape_string($_POST['max_text']);
$_clean['max_version'] = Database::escape_string($_POST['max_version']);
$course_id = api_get_course_int_id();
//filter no _uass
if (api_eregi('_uass', $_POST['title']) || (api_strtoupper(trim($_POST['title'])) == 'INDEX' || api_strtoupper(trim(api_htmlentities($_POST['title'], ENT_QUOTES, $charset))) == api_strtoupper(api_htmlentities(get_lang('DefaultTitle'), ENT_QUOTES, $charset)))) {
$message = get_lang('GoAndEditMainPage');
Display::display_warning_message($message, false);
} else {
$var = $_clean['reflink'];
$group_id = Security::remove_XSS($_GET['group_id']);
if (!checktitle($var)) {
return get_lang('WikiPageTitleExist') . '<a href="index.php?action=edit&title=' . $var . '&group_id=' . $group_id . '">' . $_POST['title'] . '</a>';
} else {
$dtime = date("Y-m-d H:i:s");
$sql = "INSERT INTO " . $tbl_wiki . " (c_id, reflink, title, content, user_id, group_id, dtime, visibility, visibility_disc, ratinglock_disc, assignment, comment, progress, version, linksto, user_ip, session_id) VALUES\n \t\t({$course_id}, '" . $_clean['reflink'] . "','" . $_clean['title'] . "','" . $_clean['content'] . "','" . $_clean['user_id'] . "','" . $_clean['group_id'] . "','" . $dtime . "','" . $_clean['visibility'] . "','" . $_clean['visibility_disc'] . "','" . $_clean['ratinglock_disc'] . "','" . $_clean['assignment'] . "','" . $_clean['comment'] . "','" . $_clean['progress'] . "','" . $_clean['version'] . "','" . $_clean['linksto'] . "','" . Database::escape_string($_SERVER['REMOTE_ADDR']) . "', '" . Database::escape_string($session_id) . "')";
$result = Database::query($sql);
$Id = Database::insert_id();
if ($Id > 0) {
//insert into item_property
api_item_property_update(api_get_course_info(), TOOL_WIKI, $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']);
}
$sql = 'UPDATE ' . $tbl_wiki . ' SET page_id="' . $Id . '" WHERE c_id = ' . $course_id . ' AND id="' . $Id . '"';
Database::query($sql);
//insert wiki config
$sql = "INSERT INTO " . $tbl_wiki_conf . " (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit) VALUES\n \t\t({$course_id}, '" . $Id . "','" . $_clean['task'] . "','" . $_clean['feedback1'] . "','" . $_clean['feedback2'] . "','" . $_clean['feedback3'] . "','" . $_clean['fprogress1'] . "','" . $_clean['fprogress2'] . "','" . $_clean['fprogress3'] . "','" . $_clean['max_text'] . "','" . $_clean['max_version'] . "','" . $_clean['startdate_assig'] . "','" . $_clean['enddate_assig'] . "','" . $_clean['delayedsubmit'] . "')";
Database::query($sql);
check_emailcue(0, 'A');
return get_lang('NewWikiSaved');
}
}
//end filter no _uass
}
<td> </td>
<td> <?php
echo '<button class="save" type="submit" name="Submit"> ' . get_lang('Send') . '</button>';
?>
</td>
</tr>
</table>
</form>
<?php
if (isset($_POST['Submit']) && double_post($_POST['wpost_id'])) {
$dtime = date("Y-m-d H:i:s");
$message_author = api_get_user_id();
$sql = "INSERT INTO {$tbl_wiki_discuss} (c_id, publication_id, userc_id, comment, p_score, dtime) VALUES\n \t({$course_id}, '" . $id . "','" . $message_author . "','" . Database::escape_string($_POST['comment']) . "','" . Database::escape_string($_POST['rating']) . "','" . $dtime . "')";
$result = Database::query($sql) or die(Database::error());
check_emailcue($id, 'D', $dtime, $message_author);
}
}
//end discuss lock
echo '<hr noshade size="1">';
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT * FROM {$tbl_wiki_discuss} reviews, {$user_table} user\n WHERE reviews.c_id = {$course_id} AND reviews.publication_id='" . $id . "' AND user.user_id='" . $firstuserid . "' ORDER BY id DESC";
$result = Database::query($sql) or die(Database::error());
$countWPost = Database::num_rows($result);
echo get_lang('NumComments') . ": " . $countWPost;
//comment's numbers
$sql = "SELECT SUM(p_score) as sumWPost FROM {$tbl_wiki_discuss} WHERE c_id = {$course_id} AND publication_id = '" . $id . "' AND NOT p_score='-' ORDER BY id DESC";
$result2 = Database::query($sql) or die(Database::error());
$row2 = Database::fetch_array($result2);
$sql = "SELECT * FROM {$tbl_wiki_discuss} WHERE c_id = {$course_id} AND publication_id='" . $id . "' AND NOT p_score='-'";
$result3 = Database::query($sql) or die(Database::error());