<?php
/****************************************************************************************/
/* ACollab */
/****************************************************************************************/
/* Copyright (c) 2002-2005 Adaptive Technology Resource Centre / University of Toronto */
/* */
/* http://atutor.ca/acollab */
/* */
/* This program is free software. You may redistribute it and/or */
/* modify it under the terms of the GNU General Public License */
/* as published by the Free Software Foundation; either version 2 of the License, */
/* or (at your option) any later version. */
/* */
/* This program is distributed in the hope that it will be useful, but */
/* WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */
/* See the GNU General Public License for more details. */
/* */
/* You may access the GNU General Public License at: */
/* http://www.opensource.org/licenses/gpl-license.php */
/* */
/* You may contact the Adaptive Technology Resource Centre at */
/* Robarts Library, University of Toronto */
/* 130 St. George Street, Toronto, Ontario, Canada M5S 1A5 */
/* Further contact information is available at http://www.utoronto.ca/atrc/ */
/****************************************************************************************/
/* Programmer: */
/* Joel Kronenberg - ATRC */
/****************************************************************************************/
// $Id: comments.php 408 2005-02-18 16:56:14Z shozubq $
define('AC_INCLUDE_PATH', '../include/');
require(AC_INCLUDE_PATH.'vitals.inc.php');
authenticate(USER_CLIENT, USER_GROUP_ADMIN);
$id = intval($_REQUEST['id']);
$fid = intval($_REQUEST['fid']);
$r = intval($_REQUEST['r']);
if (isset($_POST['cancel'])) {
if (!$_REQUEST['pid']) {
$_REQUEST['pid'] = $id;
}
header('Location: revisions.php?id='.$_REQUEST['pid']);
exit;
}
if (isset($_POST['submit'])) {
$_POST['comment'] = trim($_POST['comment']);
if ($_POST['comment'] == '') {
$error[] = E_DRAFT_EMPTY_COMM;
}
if (!isset($error)) {
$_POST['comment'] = $addslashes($_POST['comment']);
$sql = "INSERT INTO ".TABLE_PREFIX."revisions_comments VALUES (0, $id, $_SESSION[member_id], NOW(), '$_POST[comment]')";
if (mysql_query($sql, $db)) {
$sql = "UPDATE ".TABLE_PREFIX."files_revisions SET num_comments=num_comments+1 WHERE revision_id=$id";
$result = mysql_query($sql, $db);
header('Location: revisions.php?id='.$fid.SEP.'f='.F_DRAFT_COMMENT);
exit;
}
}
}
$sql = "SELECT * FROM ".TABLE_PREFIX."files WHERE file_id=$fid AND group_id=$_SESSION[group_id]";
$result = mysql_query($sql, $db);
if (!$row = mysql_fetch_assoc($result)) {
$_SECTION[0][0] = _AC('home');
$_SECTION[0][1] = 'home.php';
$_SECTION[1][0] = _AC('drafting_room');
$_SECTION[1][1] = 'drafting/';
$_SECTION[2][0] = _AC('revisions');
require(AC_INCLUDE_PATH.'header.inc.php');
$error = E_FILE_NOT_FOUND;
print_errors($error);
require(AC_INCLUDE_PATH.'footer.inc.php');
exit;
}
$title = $row['title'];
$description = $row['description'];
$locked = $row['locked'];
$_SECTION[0][0] = _AC('home');
$_SECTION[0][1] = 'home.php';
$_SECTION[1][0] = _AC('drafting_room');
$_SECTION[1][1] = 'drafting/';
$_SECTION[2][0] = _AC('revisions'). ': '.$title;
$_SECTION[2][1] = 'drafting/revisions.php?id='. $fid;
$_SECTION[3][0] = _AC('comments'). ': '._AC('revision') .' #'.$r;
$_SECTION[3][1] = 'drafting/revisions.php';
require(AC_INCLUDE_PATH.'header.inc.php');
if (isset($error)) {
print_errors($error);
}
?>
<table border="0" cellspacing="0" cellpadding="5" class="box" align="center" width="95%">
<tr>
<td valign="top" class="row1 white"><h1><img src="images/file_types/file.gif" height="16" width="13" border="0" alt="*" class="img" /> <?php echo $title;
if (!authenticate(USER_GROUP_ADMIN, USER_RETURN_CHECK) && $locked) {
echo ' - <img src="images/lock.gif" class="img" height="12" width="16" alt="'._AC('locked').'" border="0" />';
}
?></h1></td>
</tr>
<tr>
<td valign="top" class="row1 nobar"><?php echo nl2br($description); ?></td>
</tr>
</table>
<?php
$col = 1;
$sql = "SELECT * FROM ".TABLE_PREFIX."files_revisions WHERE revision_id=$id AND file_id=$fid";
$result = mysql_query($sql, $db);
if (!$file_row = mysql_fetch_assoc($result)) {
$_SECTION[0][0] = _AC('home');
$_SECTION[0][1] = 'home.php';
$_SECTION[1][0] = _AC('drafting_room');
$_SECTION[1][1] = 'drafting/';
$_SECTION[2][0] = _AC('revisions');
require(AC_INCLUDE_PATH.'header.inc.php');
$error = E_FILE_NOT_FOUND;
print_errors($error);
require(AC_INCLUDE_PATH.'footer.inc.php');
exit;
}
echo '<br /><br /><table cellspacing="0" cellpadding="3" border="0" bgcolor="white" width="90%" align="center" summary="" class="box">';
echo '<tr><td class="row'.$col.' white" colspan="2" align="center"><a href="'.$_SERVER['REQUEST_URI'].'#comment" onfocus="this.className=\'highlight\'" onblur="this.className=\'\'">'._AC('add_comment').'</a></td></tr>';
echo '<tr>';
echo '<td class="row2 nobar">#'.$_REQUEST['r'].' '._AC('by') . ' <a href="profile.php?id='.$file_row['member_id'].'">' . get_login($file_row['member_id']).'</a></td>';
echo '<td class="row2 boxed" align="right"><a href="get_file.php?id='.$file_row['file_id'].'"><img src="images/dl.jpg" class="img" height="14" width="14" alt="" border="0" /> '._AC('download_revision', $_REQUEST['r']).'</a> | <img src="images/comments.gif" class="img" height="15" width="15" alt="" border="0" /> <strong>'.$file_row['num_comments'].' '._AC('comments').'</strong> ';
if (authenticate(USER_GROUP_ADMIN, USER_RETURN_CHECK) || !$locked) {
echo '| <a href="drafting/revision_edit_file.php?id='.$file_row['file_id'].SEP.'pid='.$_GET['fid'].'"><img src="images/edit.gif" class="img" height="12" width="16" alt="" border="0" /> '._AC('edit').'</a> | <a href="drafting/revision_delete_file.php?id='.$file_row['revision_id'].SEP.'fid='.$fid.'"><img src="images/delete.gif" class="img" height="14" width="14" alt="" border="0" /> '._AC('delete').'</a>';
}
echo '</td>';
echo '</tr>';
echo '<tr>';
echo '<td class="row2" valign="top"><small>'.$file_row['initial_date'].'<br />'.$file_row['file_size'].' Bytes<br />'.$row['file_name'].'</small></td>';
echo '<td class="row2" valign="top" width="75%">'.$file_row['description'].'</td>';
echo '</tr>';
$sql = "SELECT * FROM ".TABLE_PREFIX."revisions_comments WHERE revision_id=$id ORDER BY date";
$result = mysql_query($sql, $db);
if ($row = mysql_fetch_assoc($result)) {
echo '<tr><td class="row1" colspan="2"><img src="images/clr.gif" height="5" width="5" alt="" /></td></tr>';
$col = 1;
do {
$col = abs($col-1);
echo '<tr>';
echo '<td class="row'.$col.' nobar">'._AC('by').' <a href="profile.php?id='.$row['member_id'].'">' . get_login($row['member_id']).'</a></td>';
echo '<td class="row'.$col.' nobar" align="right">';
if (authenticate(USER_GROUP_ADMIN, USER_RETURN_CHECK) || ($row['member_id']==$_SESSION['member_id'] && !$locked)) {
echo'<a href="drafting/revision_edit_comment.php?id='.$row['comment_id'].SEP.'r='.$r.SEP.'fid='.$id.SEP.'ffid='.$fid.'"><img src="images/edit.gif" class="img" height="12" width="17" alt="" border="0" /> '._AC('edit').'</a> | <a href="drafting/revision_delete_comment.php?id='.$row['comment_id'].SEP.'fid='.$id.SEP.'ffid='.$fid.'"><img src="images/delete.gif" class="img" height="14" width="14" alt="" border="0" /> '._AC('delete').'</a>';
}
echo '</td></tr>';
echo '<tr>';
echo '<td class="row'.$col.'" valign="top"><small>'.$row['date'].'</small></td>';
echo '<td class="row'.$col.'">'.nl2br($row['comment']).'</td>';
echo '</tr>';
} while ($row = mysql_fetch_assoc($result));
} else {
echo '<tr><td class="row1" colspan="2" align="center">'._AC('no_comments_found').'</td></tr>';
}
?>
<tr>
<td class="row<?php echo $col; ?> nobar white" colspan="2" align="center"><a href="<?php echo $_SERVER['REQUEST_URI']; ?>#comment" onfocus="this.className='highlight'" onblur="this.className=''"><?php echo _AC('add_comment'); ?></a></td>
</tr>
</table>
<br />
<?php
if (!$locked) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" name="form" id="form">
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<input type="hidden" name="r" value="<?php echo $_REQUEST['r']; ?>" />
<input type="hidden" name="fid" value="<?php echo $fid; ?>" />
<table border="0" cellspacing="0" cellpadding="2" align="center" class="box2">
<tr>
<th colspan="5" class="box"><h3><?php echo _AC('add_comment'); ?></h3></th>
</tr>
<tr>
<td class="row1"> </td>
<td colspan="3" class="row1"><img src="images/clr.gif" height="1" width="1" alt="" /><br /><?php
echo _AC('denotes_required', '<img src="images/required.gif" height="14" width="14" alt="'._AC('required_field').'" />');
?><br /></td>
<td class="row1"> </td>
</tr>
<tr>
<td class="row1"> </td>
<td class="row1" align="right" valign="top"><label for="comment"><b><?php echo _AC('comment'); ?>:</b></label></td>
<td class="row1" valign="top"><img src="images/required.gif" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" class="img" /></td>
<td class="row1"><textarea name="comment" id="comment" class="input" onfocus="this.className='input highlight'" onblur="this.className='input'" cols="45" rows="8"><?php echo $_POST['comment']; ?></textarea></td>
<td class="row1"> </td>
</tr>
<tr>
<td class="row1"> </td>
<td class="row1" colspan="3" align="right"><br /><input type="submit" name="submit" value="<?php echo _AC('add_comment'); ?>" class="submitY" onfocus="this.className='submitY highlight'" onblur="this.className='submitY'" /> <input type="submit" name="cancel" value="<?php echo _AC('cancel'); ?>" class="submitN" onfocus="this.className='submitN highlight'" onblur="this.className='submitN'" /><br /><br /></td>
<td class="row1"> </td>
</tr>
</table>
</form>
<?php } //endif; ?>
<br />
<?php
require(AC_INCLUDE_PATH.'footer.inc.php');
?>