blog.lib.php

完美的在线教育系统

		// Create the post
		$sql = "UPDATE $tbl_blogs_posts SET title = '" . mysql_real_escape_string($title)."', full_text = '" . mysql_real_escape_string($full_text)."' WHERE post_id ='".(int)$post_id."' AND blog_id ='".(int)$blog_id."' LIMIT 1 ;";
		api_sql_query($sql, __FILE__, __LINE__);

		return void;
	}

	/**
	 * Deletes an article and it's comments
	 * @author Toon Keppens
	 *
	 * @param Integer $blog_id
	 * @param Integer $post_id
	 *
	 * @return void
	 */
	function delete_post($blog_id, $post_id)
	{
		// Init
		$tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS);
		$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
		$tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING);

		// Delete ratings on this comment
		$sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$post_id."' AND rating_type = 'post'";
		api_sql_query($sql, __FILE__, __LINE__);

		// Delete the post
		$sql = "DELETE FROM $tbl_blogs_posts WHERE `post_id` = '".(int)$post_id."'";
		api_sql_query($sql, __FILE__, __LINE__);

		// Delete the comments
		$sql = "DELETE FROM $tbl_blogs_comments WHERE `post_id` = '".(int)$post_id."' AND `blog_id` = '".(int)$blog_id."'";
		api_sql_query($sql, __FILE__, __LINE__);
					
		// Delete posts and attachments
		delete_all_blog_attachment($blog_id,$post_id);	

		return void;
	}

	/**
	 * Creates a comment on a post in a given blog
	 * @author Toon Keppens
	 *
	 * @param String $title
	 * @param String $full_text
	 * @param Integer $blog_id
	 * @param Integer $post_id
	 * @param Integer $parent_id
	 *
	 * @return void
	 */
	function create_comment($title, $full_text, $file_comment,$blog_id, $post_id, $parent_id, $task_id = 'NULL')
	{
		global $_user;		
		global $_course;				
		global $blog_table_attachment;
		
		$upload_ok=true;
		$has_attachment=false;

		if(!empty($_FILES['user_upload']['name']))
		{
			require_once('fileUpload.lib.php'); 
			$upload_ok = process_uploaded_file($_FILES['user_upload']);
			$has_attachment=true;
		}
		
		if($upload_ok)
		{	
			// Table Definition
			$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
	
			// Create the comment
			$sql = "INSERT INTO $tbl_blogs_comments (`title`, `comment`, `author_id`, `date_creation`, `blog_id`, `post_id`, `parent_comment_id`, `task_id` )
						VALUES ('".mysql_real_escape_string($title)."', '".mysql_real_escape_string($full_text)."', '".(int)$_user['user_id']."', NOW(), '".(int)$blog_id."', '".(int)$post_id."', '".(int)$parent_id."', '".(int)$task_id."')";
			api_sql_query($sql, __FILE__, __LINE__);
	
			// Empty post values, or they are shown on the page again
			$_POST['comment_title'] = "";
			$_POST['comment_text'] = "";
			
			$last_id=Database::insert_id();
			
			if ($has_attachment)
			{			
				$courseDir   = $_course['path'].'/upload/blog';
				$sys_course_path = api_get_path(SYS_COURSE_PATH);		
				$updir = $sys_course_path.$courseDir;
							
				// Try to add an extension to the file if it hasn't one
				$new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);	
			
				// user's file name 
				$file_name =$_FILES['user_upload']['name'];
							
				if (!filter_extension($new_file_name)) 
				{
					Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));				
				}
				else
				{
					$new_file_name = uniqid('');						
					$new_path=$updir.'/'.$new_file_name;
					$result= @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
					$comment=Database::escape_string($file_comment);				
									
					// Storing the attachments if any
					if ($result)
					{					
						$sql='INSERT INTO '.$blog_table_attachment.'(filename,comment, path, post_id,size,blog_id,comment_id) '.
							 "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$post_id."', '".$_FILES['user_upload']['size']."',  '".$blog_id."', '".$last_id."'  )";						
						$result=api_sql_query($sql, __LINE__, __FILE__);					
						$message.=' / '.get_lang('AttachmentUpload');			
					}			
				}			 
			}
		}
		
		
	
		return void;
	}

	/**
	 * Deletes a comment from a blogpost
	 * @author Toon Keppens
	 *
	 * @param Integer $blog_id
	 * @param Integer $comment_id
	 *
	 * @return void
	 */
	function delete_comment($blog_id, $post_id, $comment_id)
	{
		// Init
		$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
		$tbl_blogs_rating = Database::get_course_table(TABLE_BLOGS_RATING);
		
		delete_all_blog_attachment($blog_id,$post_id,$comment_id);
		
		// Delete ratings on this comment
		$sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$comment_id."' AND rating_type = 'comment'";
		api_sql_query($sql, __FILE__, __LINE__);

		// select comments that have the selected comment as their parent
		$sql = "SELECT comment_id FROM $tbl_blogs_comments WHERE parent_comment_id = '".(int)$comment_id."'";		
		$result = api_sql_query($sql, __FILE__, __LINE__);
			
		// Delete them recursively
		while($comment = mysql_fetch_array($result))
		{					
			Blog::delete_comment($blog_id,$post_id,$comment['comment_id']);					
		}		

		// Finally, delete the selected comment to
		$sql = "DELETE FROM $tbl_blogs_comments WHERE `comment_id` = '".(int)$comment_id."'";				
		api_sql_query($sql, __FILE__, __LINE__);
		return void;
	}

	/**
	 * Creates a new task in a blog
	 * @author Toon Keppens
	 *
	 * @param Integer $blog_id
	 * @param String $title
	 * @param String $description
	 * @param String $color
	 *
	 * @return void
	 */
	function create_task($blog_id, $title, $description, $articleDelete, $articleEdit, $commentsDelete, $color)
	{
		// Init
		$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
		$tbl_tasks_permissions = Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS);

		// Create the task
		$sql = "INSERT INTO $tbl_blogs_tasks (`blog_id`, `title`, `description`, `color`, `system_task` )
					VALUES ('".(int)$blog_id."', '" . mysql_real_escape_string($title)."', '" . mysql_real_escape_string($description)."', '" . mysql_real_escape_string($color)."', '0');";
		api_sql_query($sql, __FILE__, __LINE__);

		$task_id = mysql_insert_id();
		$tool = 'BLOG_' . $blog_id;

		if($articleDelete == 'on')
		{
			$sql = "
				INSERT INTO " . $tbl_tasks_permissions . " (
					`task_id`,
					`tool`,
					`action`
				) VALUES (
					'" . (int)$task_id . "',
					'" . mysql_real_escape_string($tool) . "',
					'article_delete'
				)";

			api_sql_query($sql, __FILE__, __LINE__);
		}

		if($articleEdit == 'on')
		{
			$sql = "
				INSERT INTO " . $tbl_tasks_permissions . " (
					`task_id`,
					`tool`,
					`action`
				) VALUES (
					'" . (int)$task_id . "',
					'" . mysql_real_escape_string($tool) . "',
					'article_edit'
				)";

			api_sql_query($sql, __FILE__, __LINE__);
		}

		if($commentsDelete == 'on')
		{
			$sql = "
				INSERT INTO " . $tbl_tasks_permissions . " (
					`task_id`,
					`tool`,
					`action`
				) VALUES (
					'" . (int)$task_id . "',
					'" . mysql_real_escape_string($tool) . "',
					'article_comments_delete'
				)";

			api_sql_query($sql, __FILE__, __LINE__);
		}

		return void;
	}

	/**
	 * Edit a task in a blog
	 * @author Toon Keppens
	 *
	 * @param Integer $task_id
	 * @param String $title
	 * @param String $description
	 * @param String $color
	 *
	 * @return void
	 */
	function edit_task($blog_id, $task_id, $title, $description, $articleDelete, $articleEdit, $commentsDelete, $color)
	{
		// Init
		$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
		$tbl_tasks_permissions = Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS);

		// Create the task
		$sql = "UPDATE $tbl_blogs_tasks SET
					title = '".mysql_real_escape_string($title)."',
					description = '".mysql_real_escape_string($description)."',
					color = '".mysql_real_escape_string($color)."'
				WHERE task_id ='".(int)$task_id."' LIMIT 1";
		api_sql_query($sql, __FILE__, __LINE__);

		$tool = 'BLOG_' . $blog_id;

		$sql = "
			DELETE FROM " . $tbl_tasks_permissions . "
			WHERE `task_id` = '" . (int)$task_id."'";

		api_sql_query($sql, __FILE__, __LINE__);

		if($articleDelete == 'on')
		{
			$sql = "
				INSERT INTO " . $tbl_tasks_permissions . " (
					`task_id`,
					`tool`,
					`action`
				) VALUES (
					'" . (int)$task_id . "',
					'" . mysql_real_escape_string($tool) . "',
					'article_delete'
				)";

			api_sql_query($sql, __FILE__, __LINE__);
		}

		if($articleEdit == 'on')
		{
			$sql = "
				INSERT INTO " . $tbl_tasks_permissions . " (
					`task_id`,
					`tool`,
					`action`
				) VALUES (
					'" . (int)$task_id . "',
					'" . mysql_real_escape_string($tool) . "',
					'article_edit'
				)";

			api_sql_query($sql, __FILE__, __LINE__);
		}

		if($commentsDelete == 'on')
		{
			$sql = "
				INSERT INTO " . $tbl_tasks_permissions . " (
					`task_id`,
					`tool`,
					`action`
				) VALUES (
					'" . (int)$task_id . "',
					'" . mysql_real_escape_string($tool) . "',
					'article_comments_delete'
				)";

			api_sql_query($sql, __FILE__, __LINE__);
		}

		return void;
	}

	/**
	 * Deletes a task from a blog
	 *
	 * @param Integer $blog_id
	 * @param Integer $task_id
	 */
	function delete_task($blog_id, $task_id)
	{
		// Init
		$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);

		// Delete posts
		$sql = "DELETE FROM $tbl_blogs_tasks WHERE `blog_id` = '".(int)$blog_id."' AND `task_id` = '".(int)$task_id."'";
		api_sql_query($sql, __FILE__, __LINE__);

		return void;
	}