search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix a possible race condition in the PaintWeb DML code.
[moodle/mihaisucan.git] / mod / data / edit.php
blob215f9a3508b3f6f54d1a33cc78eea84ea5546982
1 <?php // $Id$
2 ///////////////////////////////////////////////////////////////////////////
3 // //
4 // NOTICE OF COPYRIGHT //
5 // //
6 // Moodle - Modular Object-Oriented Dynamic Learning Environment //
7 // http://moodle.org //
8 // //
9 // Copyright (C) 2005 Martin Dougiamas http://dougiamas.com //
10 // //
11 // This program is free software; you can redistribute it and/or modify //
12 // it under the terms of the GNU General Public License as published by //
13 // the Free Software Foundation; either version 2 of the License, or //
14 // (at your option) any later version. //
15 // //
16 // This program is distributed in the hope that it will be useful, //
17 // but WITHOUT ANY WARRANTY; without even the implied warranty of //
18 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
19 // GNU General Public License for more details: //
20 // //
21 // http://www.gnu.org/copyleft/gpl.html //
22 // //
23 ///////////////////////////////////////////////////////////////////////////
24
25 require_once('../../config.php');
26 require_once('lib.php');
27 require_once("$CFG->libdir/rsslib.php");
28
29 $id = optional_param('id', 0, PARAM_INT); // course module id
30 $d = optional_param('d', 0, PARAM_INT); // database id
31 $rid = optional_param('rid', 0, PARAM_INT); //record id
32 $import = optional_param('import', 0, PARAM_INT); // show import form
33 $cancel = optional_param('cancel', ''); // cancel an add
34 $mode ='addtemplate'; //define the mode for this page, only 1 mode available
35
36 if ($id) {
37 if (! $cm = get_coursemodule_from_id('data', $id)) {
38 error('Course Module ID was incorrect');
39 }
40 if (! $course = get_record('course', 'id', $cm->course)) {
41 error('Course is misconfigured');
42 }
43 if (! $data = get_record('data', 'id', $cm->instance)) {
44 error('Course module is incorrect');
45 }
46
47 } else {
48 if (! $data = get_record('data', 'id', $d)) {
49 error('Data ID is incorrect');
50 }
51 if (! $course = get_record('course', 'id', $data->course)) {
52 error('Course is misconfigured');
53 }
54 if (! $cm = get_coursemodule_from_instance('data', $data->id, $course->id)) {
55 error('Course Module ID was incorrect');
56 }
57 }
58
59 require_login($course->id, false, $cm);
60
61 if (!isloggedin() or isguest()) {
62 redirect('view.php?d='.$data->id);
63 }
64
65 $context = get_context_instance(CONTEXT_MODULE, $cm->id);
66
67 /// If it's hidden then it doesn't show anything. :)
68 if (empty($cm->visible) and !has_capability('moodle/course:viewhiddenactivities', $context)) {
69 $strdatabases = get_string("modulenameplural", "data");
70
71 $navigation = build_navigation('', $cm);
72 print_header_simple(format_string($data->name), "", $navigation, "", "", true, '', navmenu($course, $cm));
73 notice(get_string("activityiscurrentlyhidden"));
74 }
75
76 /// Can't use this if there are no fields
77 if (has_capability('mod/data:managetemplates', $context)) {
78 if (!record_exists('data_fields','dataid',$data->id)) { // Brand new database!
79 redirect($CFG->wwwroot.'/mod/data/field.php?d='.$data->id); // Redirect to field entry
80 }
81 }
82
83 if ($rid) { // So do you have access?
84 if (!(has_capability('mod/data:manageentries', $context) or data_isowner($rid)) or !confirm_sesskey() ) {
85 print_error('noaccess','data');
86 }
87 }
88
89 if ($cancel) {
90 redirect('view.php?d='.$data->id);
91 }
92
93
94 /// RSS and CSS and JS meta
95 $meta = '';
96 if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
97 $rsspath = rss_get_url($course->id, $USER->id, 'data', $data->id);
98 $meta .= '<link rel="alternate" type="application/rss+xml" ';
99 $meta .= 'title ="'. format_string($course->shortname) .': %fullname%" href="'.$rsspath.'" />';
100 }
101 if ($data->csstemplate) {
102 $meta .= '<link rel="stylesheet" type="text/css" href="'.$CFG->wwwroot.'/mod/data/css.php?d='.$data->id.'" /> ';
103 }
104 if ($data->jstemplate) {
105 $meta .= '<script type="text/javascript" src="'.$CFG->wwwroot.'/mod/data/js.php?d='.$data->id.'"></script>';
106 }
107
108
109 /// Print the page header
110 $strdata = get_string('modulenameplural','data');
111
112 $navigation = build_navigation('', $cm);
113 print_header_simple($data->name, '', $navigation,
114 '', $meta, true, update_module_button($cm->id, $course->id, get_string('modulename', 'data')),
115 navmenu($course, $cm), '', '');
116
117 /// Check to see if groups are being used here
118 groups_print_activity_menu($cm, 'edit.php?d='.$data->id);
119 $currentgroup = groups_get_activity_group($cm);
120 $groupmode = groups_get_activity_groupmode($cm);
121
122 print_heading(format_string($data->name));
123
124 if ($currentgroup) {
125 $groupselect = " AND groupid = '$currentgroup'";
126 $groupparam = "&amp;groupid=$currentgroup";
127 } else {
128 $groupselect = "";
129 $groupparam = "";
130 $currentgroup = 0;
131 }
132
133 /// Print the tabs
134
135 $currenttab = 'add';
136 if ($rid) {
137 $editentry = true; //used in tabs
138 }
139 include('tabs.php');
140
141
142 /// Process incoming data for adding/updating records
143
144 if ($datarecord = data_submitted($CFG->wwwroot.'/mod/data/edit.php') and confirm_sesskey()) {
145
146 $ignorenames = array('MAX_FILE_SIZE','sesskey','d','rid','saveandview','cancel'); // strings to be ignored in input data
147
148 if ($rid) { /// Update some records
149
150 /// All student edits are marked unapproved by default
151 $record = get_record('data_records','id',$rid);
152
153 /// reset approved flag after student edit
154 if (!has_capability('mod/data:approve', $context)) {
155 $record->approved = 0;
156 }
157
158 $record->groupid = $currentgroup;
159 $record->timemodified = time();
160 update_record('data_records',$record);
161
162 /// Update all content
163 $field = NULL;
164 foreach ($datarecord as $name => $value) {
165 if (!in_array($name, $ignorenames)) {
166 $namearr = explode('_',$name); // Second one is the field id
167 if (empty($field->field) || ($namearr[1] != $field->field->id)) { // Try to reuse classes
168 $field = data_get_field_from_id($namearr[1], $data);
169 }
170 if ($field) {
171 $field->update_content($rid, $value, $name);
172 }
173 }
174 }
175
176 add_to_log($course->id, 'data', 'update', "view.php?d=$data->id&amp;rid=$rid", $data->id, $cm->id);
177
178 redirect($CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&amp;rid='.$rid);
179
180 } else { /// Add some new records
181
182 if (!data_user_can_add_entry($data, $currentgroup, $groupmode)) {
183 error('Can not add entries!');
184 }
185
186 /// Check if maximum number of entry as specified by this database is reached
187 /// Of course, you can't be stopped if you are an editting teacher! =)
188
189 if (data_atmaxentries($data) and !has_capability('mod/data:manageentries',$context)){
190 notify (get_string('atmaxentry','data'));
191 print_footer($course);
192 exit;
193 }
194
195 ///Empty form checking - you can't submit an empty form!
196
197 $emptyform = true; // assume the worst
198
199 foreach ($datarecord as $name => $value) {
200 if (!in_array($name, $ignorenames)) {
201 $namearr = explode('_', $name); // Second one is the field id
202 if (empty($field->field) || ($namearr[1] != $field->field->id)) { // Try to reuse classes
203 $field = data_get_field_from_id($namearr[1], $data);
204 }
205 if ($field->notemptyfield($value, $name)) {
206 $emptyform = false;
207 break; // if anything has content, this form is not empty, so stop now!
208 }
209 }
210 }
211
212 if ($emptyform){ //nothing gets written to database
213 notify(get_string('emptyaddform','data'));
214 }
215
216 if (!$emptyform && $recordid = data_add_record($data, $currentgroup)) { //add instance to data_record
217
218 /// Insert a whole lot of empty records to make sure we have them
219 $fields = get_records('data_fields','dataid',$data->id);
220 foreach ($fields as $field) {
221 $content->recordid = $recordid;
222 $content->fieldid = $field->id;
223 insert_record('data_content',$content);
224 }
225
226 //for each field in the add form, add it to the data_content.
227 foreach ($datarecord as $name => $value){
228 if (!in_array($name, $ignorenames)) {
229 $namearr = explode('_', $name); // Second one is the field id
230 if (empty($field->field) || ($namearr[1] != $field->field->id)) { // Try to reuse classes
231 $field = data_get_field_from_id($namearr[1], $data);
232 }
233 if ($field) {
234 $field->update_content($recordid, $value, $name);
235 }
236 }
237 }
238
239 add_to_log($course->id, 'data', 'add', "view.php?d=$data->id&amp;rid=$recordid", $data->id, $cm->id);
240
241 notify(get_string('entrysaved','data'));
242
243 if (!empty($datarecord->saveandview)) {
244 redirect($CFG->wwwroot.'/mod/data/view.php?d='.$data->id.'&amp;rid='.$recordid);
245 }
246 }
247 }
248 } // End of form processing
249
250 /// Print the browsing interface
251
252 $patterns = array(); //tags to replace
253 $replacement = array(); //html to replace those yucky tags
254
255 //form goes here first in case add template is empty
256 echo '<form enctype="multipart/form-data" action="edit.php" method="post">';
257 echo '<div>';
258 echo '<input name="d" value="'.$data->id.'" type="hidden" />';
259 echo '<input name="rid" value="'.$rid.'" type="hidden" />';
260 echo '<input name="sesskey" value="'.sesskey().'" type="hidden" />';
261 print_simple_box_start('center','80%');
262
263 if (!$rid){
264 print_heading(get_string('newentry','data'), '', 2);
265 }
266
267 /******************************************
268 * Regular expression replacement section *
269 ******************************************/
270 if ($data->addtemplate){
271 $possiblefields = get_records('data_fields','dataid',$data->id,'id');
272
273 ///then we generate strings to replace
274 foreach ($possiblefields as $eachfield){
275 $field = data_get_field($eachfield, $data);
276 $patterns[]="[[".$field->field->name."]]";
277 $replacements[] = $field->display_add_field($rid);
278 $patterns[]="[[".$field->field->name."#id]]";
279 $replacements[] = 'field_'.$field->field->id;
280 }
281 $newtext = str_ireplace($patterns, $replacements, $data->{$mode});
282
283 } else { //if the add template is not yet defined, print the default form!
284 echo data_generate_default_template($data, 'addtemplate', $rid, true, false);
285 $newtext = '';
286 }
287
288 echo $newtext;
289 echo '<div style="text-align:center"><input type="submit" name="saveandview" value="'.get_string('saveandview','data').'" />';
290 if ($rid) {
291 echo '&nbsp;<input type="submit" name="cancel" value="'.get_string('cancel').'" onclick="javascript:history.go(-1)" />';
292 } else {
293 echo '<input type="submit" value="'.get_string('saveandadd','data').'" />';
294 }
295 echo '</div>';
296 print_simple_box_end();
297 echo '</div></form>';
298
299
300 /// Upload records section. Only for teachers and the admin.
301
302 if (has_capability('mod/data:manageentries',$context)) {
303 if ($import) {
304 print_simple_box_start('center','80%');
305 print_heading(get_string('uploadrecords', 'data'), '', 3);
306
307 $maxuploadsize = get_max_upload_file_size();
308 echo '<div style="text-align:center">';
309 echo '<form enctype="multipart/form-data" action="import.php" method="post">';
310 echo '<input type="hidden" name="MAX_FILE_SIZE" value="'.$maxuploadsize.'" />';
311 echo '<input name="d" value="'.$data->id.'" type="hidden" />';
312 echo '<input name="sesskey" value="'.sesskey().'" type="hidden" />';
313 echo '<table align="center" cellspacing="0" cellpadding="2" border="0">';
314 echo '<tr>';
315 echo '<td align="right">'.get_string('csvfile', 'data').':</td>';
316 echo '<td><input type="file" name="recordsfile" size="30" />';
317 helpbutton('importcsv', get_string('csvimport', 'data'), 'data', true, false);
318 echo '</td><tr>';
319 echo '<td align="right">'.get_string('fielddelimiter', 'data').':</td>';
320 echo '<td><input type="text" name="fielddelimiter" size="6" />';
321 echo get_string('defaultfielddelimiter', 'data').'</td>';
322 echo '</tr>';
323 echo '<td align="right">'.get_string('fieldenclosure', 'data').':</td>';
324 echo '<td><input type="text" name="fieldenclosure" size="6" />';
325 echo get_string('defaultfieldenclosure', 'data').'</td>';
326 echo '</tr>';
327 echo '</table>';
328 echo '<input type="submit" value="'.get_string('uploadfile', 'data').'" />';
329 echo '</form>';
330 echo '</div>';
331 print_simple_box_end();
332 } else {
333 echo '<div style="text-align:center">';
334 echo '<a href="edit.php?d='.$data->id.'&amp;import=1">'.get_string('uploadrecords', 'data').'</a>';
335 echo '</div>';
336 }
337 }
338
339
340 /// Finish the page
341
342 // Print the stuff that need to come after the form fields.
343 if (!$fields = get_records('data_fields', 'dataid', $data->id)) {
344 print_error('nofieldindatabase', 'data');
345 }
346 foreach ($fields as $eachfield) {
347 $field = data_get_field($eachfield, $data);
348 $field->print_after_form();
349 }
350
351 print_footer($course);
352 ?>
Mihai Sucan's work on Moodle