/**
* Request confirmation to perform some action
*
* @param string $message Message to show on request
* @param mixed $vars array of parameters to re-send needed to continue action
* @return bool true if sucessful confirmed
*/
function require_confirm($message, $vars = null)
{
global $CFG;
$form_key = optional_param('form_key');
// check if pass key verification
if (elggform_key_check($form_key, 'confirm')) {
// pass form key verification
return true;
} else {
// build form key and show form
$form_key = elggform_key_get('confirm');
$title = __gettext('Please confirm your action');
$sContinue = __gettext('Continue');
$or = __gettext('or');
$sBack = __gettext('Back');
// add form key
$vars['form_key'] = $form_key;
// add parameters
$inputs = '';
foreach ($vars as $name => $value) {
$value = htmlspecialchars($value, ENT_COMPAT, 'utf-8');
// prevent messing code
$inputs .= "<input type=\"hidden\" id=\"{$name}\" name=\"{$name}\" value=\"{$value}\" />\n";
}
// add buttons
//$inputs .= "<input type=\"button\" value=\"{$sBack}\" onclick=\"history.back()\" />\n";
$inputs .= "<a href=\"#\" onclick=\"history.back(); return false;\">{$sBack}</a> {$or} ";
$inputs .= "<input type=\"submit\" name=\"submit\" value=\"{$sContinue}\" />\n";
$body = "<div id=\"confirm-form\">\n";
$body .= "<form name=\"confirm-form\" action=\"\" method=\"post\">\n";
$body .= templates_draw(array('context' => 'databox', 'name' => $message, 'column1' => $inputs));
$body .= "</form>\n";
$body .= "</div>\n";
// show form
templates_page_output($title, $body);
}
return false;
}
function pages_html_form($name, $body, $attrs = null)
{
if (!isset($attrs)) {
$attrs = array();
}
if (!isset($attrs['id'])) {
$attrs['id'] = $name;
}
if (!isset($attrs['name'])) {
$attrs['name'] = $name;
}
if (!isset($attrs['method'])) {
$attrs['method'] = 'post';
}
if (!isset($attrs['action'])) {
$attrs['action'] = '';
}
if (isset($attrs['buttons'])) {
$buttons = $attrs['buttons'];
} else {
$buttons = pages_html_input('submit', array('value' => __gettext('Submit')));
}
// add form key
$buttons .= pages_html_input('hidden', array('name' => 'form_key', 'value' => elggform_key_get($name)));
$body .= pages_html_wrap('div', $buttons, array('class' => 'form-buttons'));
return pages_html_wrap('form', $body, $attrs);
}
}
$directories = "<li><a href=\"" . $CFG->wwwroot . "mod/file/file_include_wizard.php?owner={$owner}&input_field={$field}\" >" . __gettext("Root") . "</a><ul>\n" . $directories . "</ul>\n</li>";
// Files
$folder_name = is_object($folder_object) ? $folder_object->name : __gettext("Root");
// I don't know why when I pass the owner param the query returns a bad object
// $user_files = get_records('files','folder',$folder_id,"files_owner",$owner);
$user_files = get_records_sql("select * from {$CFG->prefix}files where folder = {$folder_id} and files_owner = {$owner}");
if (!empty($user_files)) {
$files = "<ul>";
foreach ($user_files as $file) {
$file_name = !empty($file->title) ? $file->title : $file->originalname;
$extension = strtolower(substr($file->originalname, strpos($file->originalname, ".") + 1));
$type = array_key_exists($extension, get_mimetype_array()) ? " {$extension}" : "";
if (ALLOW_WIZARD_FILE_DELETE) {
//FIXME: set form key to pass require_confirm
$form_key = elggform_key_get('confirm');
$redirect_url = "{$CFG->wwwroot}mod/file/file_include_wizard.php?owner={$owner}&folder={$folder_id}";
$delete_msg = __gettext("Are you sure you want to permanently delete this file?");
$delete = " ";
$delete .= "<a onclick=\"return confirm('{$delete_msg}')\" href=\"{$CFG->wwwroot}mod/file/action_redirection.php?action=delete_file&delete_file_id={$file->ident}&redirection=" . rawurlencode($redirect_url) . "&form_key={$form_key}\">";
$delete .= "<img src=\"{$CFG->wwwroot}mod/file/fileicons/del.png\" border=\"0\"></a>";
}
$files .= "<li><a class=\"mediafile{$type}\" href=\"#\" onclick=\"{$function_name}('{$field}','{$file->ident}')\">{$file_name}</a>{$delete}</li>";
}
$files .= "</ul>";
} else {
$files = "<p>" . __gettext("Empty directory!") . "</p>";
}
if (ALLOW_WIZARD_UPLOAD) {
$folder = $folder_id;
$files .= run("files:wizard:add:file");
