/** * Add (or edit) a template. This function displays the form and also takes * care of uploading the image and storing the information in the database * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version August 2008 * @since Dokeos 1.8.6 */ function add_edit_template() { // Initialize the object. $id = isset($_GET['id']) ? '&id=' . Security::remove_XSS($_GET['id']) : ''; $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . Security::remove_XSS($_GET['action']) . $id); // Setting the form elements: the header. if ($_GET['action'] == 'add') { $title = get_lang('AddTemplate'); } else { $title = get_lang('EditTemplate'); } $form->addElement('header', '', $title); // Setting the form elements: the title of the template. $form->addText('title', get_lang('Title'), false); // Setting the form elements: the content of the template (wysiwyg editor). $form->addHtmlEditor('template_text', get_lang('Text'), false, false, array('ToolbarSet' => 'AdminTemplates', 'Width' => '100%', 'Height' => '400')); // Setting the form elements: the form to upload an image to be used with the template. $form->addElement('file', 'template_image', get_lang('Image'), ''); // Setting the form elements: a little bit information about the template image. $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70')); // Getting all the information of the template when editing a template. if ($_GET['action'] == 'edit') { // Database table definition. $table_system_template = Database::get_main_table('system_template'); $sql = "SELECT * FROM {$table_system_template} WHERE id = " . intval($_GET['id']) . ""; $result = Database::query($sql); $row = Database::fetch_array($result); $defaults['template_id'] = intval($_GET['id']); $defaults['template_text'] = $row['content']; // Forcing get_lang(). $defaults['title'] = get_lang($row['title']); // Adding an extra field: a hidden field with the id of the template we are editing. $form->addElement('hidden', 'template_id'); // Adding an extra field: a preview of the image that is currently used. if (!empty($row['image'])) { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>'); } else { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>'); } // Setting the information of the template that we are editing. $form->setDefaults($defaults); } // Setting the form elements: the submit button. $form->addButtonSave(get_lang('Ok'), 'submit'); // Setting the rules: the required fields. $form->addRule('template_image', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('template_text', get_lang('ThisFieldIsRequired'), 'required'); // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed) if ($form->validate()) { $check = Security::check_token('post'); if ($check) { // Exporting the values. $values = $form->exportValues(); // Upload the file. if (!empty($_FILES['template_image']['name'])) { $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one. $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // The upload directory. $upload_dir = api_get_path(SYS_APP_PATH) . 'home/default_platform_document/template_thumb/'; // Create the directory if it does not exist. if (!is_dir($upload_dir)) { mkdir($upload_dir, api_get_permissions_for_new_directories()); } // Resize the preview image to max default and upload. $temp = new Image($_FILES['template_image']['tmp_name']); $picture_info = $temp->get_image_info(); $max_width_for_picture = 100; if ($picture_info['width'] > $max_width_for_picture) { $temp->resize($max_width_for_picture); } $temp->send_image($upload_dir . $new_file_name); } } // Store the information in the database (as insert or as update). $table_system_template = Database::get_main_table('system_template'); if ($_GET['action'] == 'add') { $content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY); $params = ['title' => $values['title'], 'content' => $content_template, 'image' => $new_file_name]; Database::insert($table_system_template, $params); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateAdded')); echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>'; } else { $content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>' . Database::escape_string($values['template_text']) . '</body>'; $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "', content = '" . $content_template . "'"; if (!empty($new_file_name)) { $sql .= ", image = '" . Database::escape_string($new_file_name) . "'"; } $sql .= " WHERE id = " . intval($_GET['id']) . ""; Database::query($sql); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateEdited')); } } Security::clear_token(); display_templates(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); // Display the form. $form->display(); } }
/** * Add (or edit) a template. This function displays the form and also takes care of uploading the image and storing the information in the database * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version August 2008 * @since Dokeos 1.8.6 */ function add_edit_template() { // initiate the object $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . $_GET['action'] . '&id=' . $_GET['id']); // settting the form elements: the header if ($_GET['action'] == 'add') { $title = get_lang('AddTemplate'); } else { $title = get_lang('EditTemplate'); } $form->addElement('header', '', $title); // settting the form elements: the title of the template $form->add_textfield('title', get_lang('Title'), false); // settting the form elements: the content of the template (wysiwyg editor) $form->addElement('html_editor', 'template_text', get_lang('Text')); // settting the form elements: the form to upload an image to be used with the template $form->addElement('file', 'template_image', get_lang('Image'), ''); // settting the form elements: a little bit information about the template image $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70')); // getting all the information of the template when editing a template if ($_GET['action'] == 'edit') { // Database table definition $table_system_template = Database::get_main_table('system_template'); $sql = "SELECT * FROM {$table_system_template} WHERE id = '" . Database::escape_string($_GET['id']) . "'"; $result = api_sql_query($sql, __FILE__, __LINE__); $row = Database::fetch_array($result); $defaults['template_id'] = $_GET['id']; $defaults['template_text'] = $row['content']; $defaults['title'] = $row['title']; // adding an extra field: a hidden field with the id of the template we are editing $form->addElement('hidden', 'template_id'); // adding an extrra field: a preview of the image that is currently used if (!empty($row['image'])) { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>'); } else { $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>'); } // setting the information of the template that we are editing $form->setDefaults($defaults); } // settting the form elements: the submit button $form->addElement('style_submit_button', 'submit', get_lang('Ok'), 'class="save"'); // setting the rules: the required fields $form->addRule('title', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('template_text', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required'); // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed) if ($form->validate()) { // exporting the values $values = $form->exportValues(); // upload the file if (!empty($_FILES['template_image']['name'])) { include_once api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php'; $upload_ok = process_uploaded_file($_FILES['template_image']); if ($upload_ok) { // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']); // upload dir $upload_dir = api_get_path(SYS_PATH) . 'home/default_platform_document/'; // create dir if not exists if (!is_dir($upload_dir)) { $perm = api_get_setting('permissions_for_new_directories'); $perm = octdec(!empty($perm) ? $perm : '0770'); $res = @mkdir($upload_dir, $perm); } // resize image to max default and upload require_once api_get_path(LIBRARY_PATH) . 'image.lib.php'; $temp = new image($_FILES['template_image']['tmp_name']); $picture_infos = @getimagesize($_FILES['template_image']['tmp_name']); $max_width_for_picture = 100; if ($picture_infos[0] > $max_width_for_picture) { $thumbwidth = $max_width_for_picture; if (empty($thumbwidth) or $thumbwidth == 0) { $thumbwidth = $max_width_for_picture; } $new_height = round($thumbwidth / $picture_infos[0] * $picture_infos[1]); $temp->resize($thumbwidth, $new_height, 0); } $type = $picture_infos[2]; switch (!empty($type)) { case 2: $temp->send_image('JPG', $upload_dir . $new_file_name); break; case 3: $temp->send_image('PNG', $upload_dir . $new_file_name); break; case 1: $temp->send_image('GIF', $upload_dir . $new_file_name); break; } } } // store the information in the database (as insert or as update) $table_system_template = Database::get_main_table('system_template'); if ($_GET['action'] == 'add') { $sql = "INSERT INTO {$table_system_template} (title, content, image) VALUES ('" . Database::escape_string($values['title']) . "','" . Database::escape_string($values['template_text']) . "','" . Database::escape_string($new_file_name) . "')"; $result = api_sql_query($sql, __FILE__, __LINE__); // display a feedback message Display::display_confirmation_message('TemplateAdded'); echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('add_template.gif', get_lang('AddTemplate')) . get_lang('AddTemplate') . '</a>'; } else { $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "',\n\t\t\t\t\t\t\t\t\t\t\t \t\t content = '" . Database::escape_string($values['template_text']) . "'"; if (!empty($new_file_name)) { $sql .= ", image = '" . Database::escape_string($new_file_name) . "'"; } $sql .= " WHERE id='" . Database::escape_string($_GET['id']) . "'"; $result = api_sql_query($sql, __FILE__, __LINE__); // display a feedback message Display::display_confirmation_message('TemplateEdited'); } display_templates(); } else { // display the form $form->display(); } }