summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNicolas BERNSTEIN <alexis211@gmail.com>2012-02-12 19:50:55 +0100
committerNicolas BERNSTEIN <alexis211@gmail.com>2012-02-12 19:50:55 +0100
commit24547ccec6526fcef3cccb34bc35fb81f31236b3 (patch)
treefc908fb06a6b8b4d4131c7303c4fb3b7d348f9bf /lib
parentcd76af42463bd80539db8c9671a427a9f0fe5d69 (diff)
downloadBits-24547ccec6526fcef3cccb34bc35fb81f31236b3.tar.gz
Bits-24547ccec6526fcef3cccb34bc35fb81f31236b3.zip
A lot of changes : blogging system essentially.
Diffstat (limited to 'lib')
-rw-r--r--lib/account/list.php23
-rw-r--r--lib/account/new.php10
-rw-r--r--lib/blog/delete.php13
-rw-r--r--lib/blog/drafts.php19
-rw-r--r--lib/blog/edit.php61
-rw-r--r--lib/blog/index.php72
-rw-r--r--lib/blog/post.php44
-rw-r--r--lib/blog/publish.php13
-rw-r--r--lib/conf/apps.php18
-rw-r--r--lib/conf/image.php4
-rw-r--r--lib/image/index.php22
-rw-r--r--lib/image/rename.php32
-rw-r--r--lib/image/upload.php8
-rw-r--r--lib/notes/index.php21
-rw-r--r--lib/study/index.php4
15 files changed, 331 insertions, 33 deletions
diff --git a/lib/account/list.php b/lib/account/list.php
new file mode 100644
index 0000000..dcb6575
--- /dev/null
+++ b/lib/account/list.php
@@ -0,0 +1,23 @@
+<?php
+
+$filters = array (
+ "order" => array (
+ "name" => "username",
+ "reg_date" => "date registered",
+ "nbNotes" => "number of notes",
+ ),
+ "way" => $ord_ways,
+);
+$fdefaults = array (
+ "order" => "name",
+ "way" => "ASC",
+);
+
+$users = array();
+$n = sql("SELECT account.id AS id, login AS name, nc.count AS nbNotes, pc.count AS nbPosts ".
+ "FROM account ".
+ "LEFT JOIN (SELECT notes.owner AS owner, COUNT(notes.id) AS count FROM notes WHERE notes.public != 0 GROUP BY notes.owner) nc ON nc.owner = account.id ".
+ "LEFT JOIN (SELECT blog_posts.owner AS owner, COUNT(blog_posts.id) AS count FROM blog_posts GROUP BY blog_posts.owner) pc ON pc.owner = account.id ".
+ "ORDER BY " . get_filter("order") . " " . get_filter("way"));
+while ($nn = mysql_fetch_assoc($n)) $users[] = $nn;
+require("tpl/account/list.php");
diff --git a/lib/account/new.php b/lib/account/new.php
index c06083e..2366fbb 100644
--- a/lib/account/new.php
+++ b/lib/account/new.php
@@ -3,18 +3,23 @@
$title = "Register";
$login = "";
+$email = "";
if (isset($_POST['login']) && isset($_POST['pw1']) && isset($_POST['pw2'])) {
$login = esca($_POST["login"]);
+ $email = esca($_POST["email"]);
$pw1 = esc($_POST["pw1"]);
$pw2 = esc($_POST["pw2"]);
if ($login == "") {
$error = "You must enter a username.";
+ } else if (!preg_match('#^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$#', $email)) {
+ $error = "You must enter a valid email address.";
} else if ($pw1 != $pw2) {
$error = "You must enter twice the same password.";
} else if ($pw1 == "") {
$error = "You must enter a password";
} else {
- sql("INSERT INTO account(login, password) VALUES('" . escs($login) . "', PASSWORD('$pw1'))");
+ sql("INSERT INTO account(login, password, email, reg_date) ".
+ "VALUES('" . escs($login) . "', PASSWORD('$pw1'), '" . escs($email) . "', NOW())");
$message = "Your account has been created. Please log in now.";
$url = $homepage;
require("tpl/account/login.php");
@@ -25,7 +30,8 @@ $form_message = "Please fill in the following form to create an account :";
$fields = array(
array("label" => "Username : ", "name" => "login", "value" => $login),
array("label" => "Password : ", "name" => "pw1", "type" => "password"),
- array("label" => "Confirm password : ", "name" => "pw2", "type" => "password")
+ array("label" => "Confirm password : ", "name" => "pw2", "type" => "password"),
+ array("label" => "Email address : ", "name" => "email", "value" => $email)
);
$validate = "Create an account";
diff --git a/lib/blog/delete.php b/lib/blog/delete.php
new file mode 100644
index 0000000..a57b5ac
--- /dev/null
+++ b/lib/blog/delete.php
@@ -0,0 +1,13 @@
+<?php
+
+assert_redir(count($args) >= 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql("SELECT owner FROM blog_posts WHERE id = $postid"));
+assert_error($post && $post['owner'] == $user['id'],
+ "This note does not exist, or you are not allowed to delete it.");
+
+token_validate("Do you really want to delete this post ?", "blog");
+sql("DELETE FROM blog_posts WHERE id = $postid");
+sql("DELETE FROM blog_tags WHERE post = $postid");
+header("Location: drafts-blog");
diff --git a/lib/blog/drafts.php b/lib/blog/drafts.php
new file mode 100644
index 0000000..735b039
--- /dev/null
+++ b/lib/blog/drafts.php
@@ -0,0 +1,19 @@
+<?php
+
+$title = "My posts";
+
+$drafts = array();
+$pub = array();
+
+$r = sql(
+ "SELECT id, title, text_html, draft FROM blog_posts WHERE owner = " . $user['id'] . " ORDER BY date DESC"
+ );
+while ($pp = mysql_fetch_assoc($r)) {
+ if ($pp['draft']) {
+ $drafts[] = $pp;
+ } else {
+ $pub[] = $pp;
+ }
+}
+
+require("tpl/blog/drafts.php");
diff --git a/lib/blog/edit.php b/lib/blog/edit.php
new file mode 100644
index 0000000..854c94f
--- /dev/null
+++ b/lib/blog/edit.php
@@ -0,0 +1,61 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql(
+ "SELECT blog_posts.title AS title, blog_posts.text AS text, blog_posts.owner AS owner, blog_posts.draft AS draft, ".
+ "GROUP_CONCAT(blog_tags.tag SEPARATOR ' ') AS tags ".
+ "FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ".
+ "WHERE id = $postid"
+));
+assert_error($post && $post['owner'] == $user['id'],
+ "This post does not exist, or you are not allowed to edit it.");
+
+$post_title = $post['title'];
+$post_tags = $post['tags'];
+$post_text = $post['text'];
+if (isset($_POST['title']) && isset($_POST['tags']) && isset($_POST['text'])) {
+ $post_title = esca($_POST['title']);
+ $post_text = esca($_POST['text']);
+ $post_html = Markdown($post_text);
+ $post_tags = esca($_POST['tags']);
+ if ($post_title == "") {
+ $error = "You must give a title to your post.";
+ } else {
+ sql("UPDATE blog_posts SET title = '" . escs($post_title) . "', text = '" . escs($post_text) .
+ "', text_html = '" . escs($post_html) . "'" . ($post['draft'] ? ', date = NOW()' : '') .
+ " WHERE id = $postid");
+ sql("DELETE FROM blog_tags WHERE post = $postid");
+ $tags = explode(' ', $post_tags);
+ if (count($tags) == 1 && $tags[0] == "") {
+ //do nothing lol
+ } else if (count($tags) >= 1) {
+ $v = array();
+ foreach ($tags as $tag) {
+ $v[] = "($postid, '" . escs($tag) . "')";
+ }
+ sql("INSERT INTO blog_tags(post, tag) VALUES " . implode(',', $v));
+ }
+ if ($post['draft']) {
+ header("Location: drafts-blog");
+ } else {
+ header("Location: blog");
+ }
+ die();
+ }
+}
+
+$title = "Edit : " . $post['title'];
+$fields = array(
+ array("label" => "Title : ", "name" => "title", "value" => $post_title),
+ array("label" => "Tags : ", "name" => "tags", "type" => "text", "value" => $post_tags),
+ array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $post_text),
+ );
+$validate = "Edit post";
+
+require("tpl/general/form.php");
+
+
diff --git a/lib/blog/index.php b/lib/blog/index.php
new file mode 100644
index 0000000..aaeb969
--- /dev/null
+++ b/lib/blog/index.php
@@ -0,0 +1,72 @@
+<?php
+
+$title = "What people write";
+
+$filters = array (
+ "order" => array (
+ "title" => "title",
+ "owner" => "author name",
+ "date" => "date published",
+ ),
+ "way" => $ord_ways,
+);
+$fdefaults = array (
+ "order" => "date",
+ "way" => "DESC",
+);
+
+$posts = array();
+
+$fa = array (
+ "author" => array(),
+ "date" => array(),
+ "tag" => array(),
+);
+$fvalues = array();
+for ($i = 2; $i < count($args); $i += 2) {
+ if (isset($args[$i+1])) {
+ $fvalues[$args[$i]] = urldecode($args[$i+1]);
+ }
+}
+function count_in($fat, $v, $d) {
+ global $fa;
+ if (isset($fa[$fat][$v])) {
+ $fa[$fat][$v]['count']++;
+ } else {
+ $fa[$fat][$v] = array('name' => $d, 'count' => 1);
+ }
+}
+
+$q =
+ "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ".
+ "DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ".
+ "blog_posts.text_html AS text_html, GROUP_CONCAT(ba.tag SEPARATOR ', ') AS tags, ".
+ "account.login AS owner, account.id AS owner_id ".
+ "FROM blog_posts LEFT JOIN account ON blog_posts.owner = account.id ".
+ "LEFT JOIN blog_tags ba ON ba.post = blog_posts.id ".
+ (isset($fvalues['tag']) ? "LEFT JOIN blog_tags bb ON bb.post = blog_posts.id AND bb.tag = '" . escs($fvalues['tag'])."' " : "").
+ "WHERE blog_posts.draft = 0 ".
+ (isset($fvalues['author']) ? 'AND blog_posts.owner = ' . intval($fvalues['author']) .' ' : '').
+ (isset($fvalues['date']) ? "AND blog_posts.date >= '" . escs(str_replace('.', '-', $fvalues['date'])) ."-01 00:00:00' " .
+ "AND blog_posts.date <= '" . escs(str_replace('.', '-', $fvalues['date'])) . "-31 23:59:59'" : '').
+ (isset($fvalues['tag']) ? " AND bb.post != 0 " : "").
+ "GROUP BY blog_posts.id ".
+ "ORDER BY " . get_filter('order') . " " . get_filter('way');
+$n = sql($q);
+
+
+while ($pp = mysql_fetch_assoc($n)) {
+ $posts[] = $pp;
+ count_in('author', $pp['owner_id'], $pp['owner']);
+ $tags = explode(', ', $pp['tags']);
+ foreach ($tags as $tag) {
+ count_in('tag', $tag, $tag);
+ }
+ count_in('date', str_replace('-', '.', $pp['month']), $pp['month']);
+}
+
+$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0);
+$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0);
+$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0);
+
+require("tpl/blog/index.php");
diff --git a/lib/blog/post.php b/lib/blog/post.php
new file mode 100644
index 0000000..1f1525a
--- /dev/null
+++ b/lib/blog/post.php
@@ -0,0 +1,44 @@
+<?php
+
+require("lib/markdown.php");
+
+$post_title = "";
+$post_tags = "";
+$post_text = "";
+if (isset($_POST['title']) && isset($_POST['text'])) {
+ $post_title = esca($_POST['title']);
+ $post_text = esca($_POST['text']);
+ $post_tags = esca($_POST['tags']);
+ $post_html = Markdown($post_text);
+
+ if ($post_title == "") {
+ $error = "You must give a title to your post.";
+ } else {
+ sql("INSERT INTO blog_posts(owner, title, text, text_html, date, draft) ".
+ "VALUE(" . $user['id'] . ", '" . escs($post_title) . "', '" . escs($post_text) . "', '" . escs($post_html) .
+ "', NOW(), 1)");
+ $id = mysql_insert_id();
+ $tags = explode(' ', $post_tags);
+ if (count($tags) == 1 && $tags[0] == "") {
+ //do nothing lol
+ } else if (count($tags) >= 1) {
+ $v = array();
+ foreach ($tags as $tag) {
+ $v[] = "($id, '" . escs($tag) . "')";
+ }
+ sql("INSERT INTO blog_tags(post, tag) VALUES " . implode(',', $v));
+ }
+ header("Location: drafts-blog");
+ die();
+ }
+}
+
+$title = "Post to blog";
+$fields = array(
+ array("label" => "Title : ", "name" => "title", "value" => $post_title),
+ array("label" => "Tags ", "name" => "tags", "type" => "text", "value" => $post_tags),
+ array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $post_text),
+ );
+$validate = "Post entry";
+
+require("tpl/general/form.php");
diff --git a/lib/blog/publish.php b/lib/blog/publish.php
new file mode 100644
index 0000000..1674911
--- /dev/null
+++ b/lib/blog/publish.php
@@ -0,0 +1,13 @@
+<?php
+
+assert_redir(count($args) >= 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql("SELECT owner, draft FROM blog_posts WHERE id = $postid"));
+assert_error($post && $post['owner'] == $user['id'],
+ "This note does not exist, or you are not allowed to delete it.");
+assert_error($post['draft'] == 1, "This post is already published.");
+
+token_validate("Are you sure this post is ready to be published ?", "blog");
+sql("UPDATE blog_posts SET draft = 0, date = NOW() WHERE id = $postid");
+header("Location: blog");
diff --git a/lib/conf/apps.php b/lib/conf/apps.php
index d8cb1c2..26de50c 100644
--- a/lib/conf/apps.php
+++ b/lib/conf/apps.php
@@ -1,6 +1,6 @@
<?php
-$homepage = "notes";
+$homepage = "blog";
$apps = array(
@@ -8,17 +8,19 @@ $apps = array(
"image" => array(
"index" => 1,
"delete" => 1,
+ "rename" => 1,
"upload" => 0,
),
// Account application
"account" => array(
"new" => 0,
+ "list" => 0,
),
// Notebook application
"notes" => array(
- "index" => 0,
+ //"index" => 0,
"user" => 0,
"view" => 0,
"new" => 1,
@@ -28,6 +30,16 @@ $apps = array(
"source" => 0,
),
+ // Blogging application
+ "blog" => array(
+ "index" => 0,
+ "drafts" => 1,
+ "publish" => 1,
+ "post" => 1,
+ "edit" => 1,
+ "delete" => 1,
+ ),
+
// Studies application
"deck" => array(
"index" => 0,
@@ -52,7 +64,7 @@ $apps = array(
),
"study" => array (
- "index" => 1,
+ "index" => 0,
"deckadd" => 1,
"deck" => 1,
"deckrm" => 1,
diff --git a/lib/conf/image.php b/lib/conf/image.php
index 8fd48ec..462300e 100644
--- a/lib/conf/image.php
+++ b/lib/conf/image.php
@@ -3,5 +3,5 @@
$baseurl = "http://localhost/alex.auvolat/images/";
$savedir = getcwd() . "/images/";
$miniature_width = 127;
-$quota = ceil((time() - 1220000000) / (3600 * 24 * 20));
-$min_priv_for_no_quota = 2;
+//$quota = 128;; //ceil((time() - 1220000000) / (3600 * 24 * 20));
+//$min_priv_for_no_quota = 2;
diff --git a/lib/image/index.php b/lib/image/index.php
index 01c0928..59a304d 100644
--- a/lib/image/index.php
+++ b/lib/image/index.php
@@ -2,16 +2,31 @@
require("lib/conf/image.php");
+$filters = array (
+ "order" => array (
+ "name" => "title",
+ "upl_date" => "date uploaded",
+ ),
+ "way" => $ord_ways,
+);
+$fdefaults = array (
+ "order" => "name",
+ "way" => "ASC",
+);
+
$title = "Image upload";
$images = array();
-$files = sql("SELECT * FROM images WHERE owner = " . $user['id']);
+$files = sql("SELECT * FROM images WHERE owner = " . $user['id'] .
+ " ORDER BY " . get_filter('order') . " " . get_filter('way'));
while ($img = mysql_fetch_assoc($files)) $images[] = $img;
-if (count($images) >= $quota && $user['priv'] < $min_priv_for_no_quota) {
+/*if (count($images) >= $quota && $user['priv'] < $min_priv_for_no_quota) {
$error = "You have already exceeded your quota of $quota uploadable images.";
$can_upload = false;
-} else if ($user['priv'] < $apps['image']['upload']) {
+} else */
+
+if ($user['priv'] < $apps['image']['upload']) {
$error = "You don't have the rights to upload images.";
$can_upload = false;
} else {
@@ -19,5 +34,6 @@ if (count($images) >= $quota && $user['priv'] < $min_priv_for_no_quota) {
}
$can_delete = ($user['priv'] >= $apps['image']['delete'] && $user['id'] != 0);
+$can_rename = ($user['priv'] >= $apps['image']['rename'] && $user['id'] != 0);
require("tpl/image/index.php");
diff --git a/lib/image/rename.php b/lib/image/rename.php
new file mode 100644
index 0000000..0fbc442
--- /dev/null
+++ b/lib/image/rename.php
@@ -0,0 +1,32 @@
+<?php
+
+require("lib/conf/image.php");
+
+$title = "Rename an image";
+
+if (count($args) < 3) header("location: index.php");
+$id = intval($args[2]);
+
+$info = mysql_fetch_assoc(sql("SELECT * FROM images WHERE id = $id"));
+
+assert_error($info["owner"] == $user["id"], "You cannot rename this image.");
+
+$name = $info['name'];
+if (isset($_POST['name'])) {
+ $name = esca($_POST['name']);
+ if ($name == "") {
+ $error = "You must give a non-empty name to this image. Please.";
+ } else {
+ sql("UPDATE images SET name = '" . escs($name) . "' WHERE id = $id");
+ header("Location: image");
+ die();
+ }
+}
+
+$title = "Rename : " . $info['name'];
+$fields = array(
+ array("label" => "New name : ", "name" => "name", "value" => $name),
+);
+$validate = "Rename";
+
+require("tpl/general/form.php");
diff --git a/lib/image/upload.php b/lib/image/upload.php
index 812295f..5176a3a 100644
--- a/lib/image/upload.php
+++ b/lib/image/upload.php
@@ -4,11 +4,15 @@ $title = "Upload an image";
require("lib/conf/image.php");
+/*
$number = mysql_fetch_assoc(sql("SELECT count(*) AS count FROM images WHERE owner = " . $user['id']));
assert_error($number['count'] < $quota || $user['priv'] >= $min_priv_for_no_quota || $user['id'] == 0,
"You have already exceeded your upload quota.");
+*/
-if (isset($_FILES['image'])) {
+if (isset($_FILES['image']) && isset($_POST['name'])) {
+ $name = esca($_POST['name']);
+ if ($name == "") $name = $_FILES['image']['name'];
if ($_FILES['image']['error'] != 0) {
$error = "Sorry, an error occurred while uploading your file. Try with a smaller one.";
require("tpl/image/upload.php");
@@ -24,7 +28,7 @@ if (isset($_FILES['image'])) {
$error = "Sorry, we only accept GIF, PNG and JPEG images.";
require("tpl/image/upload.php");
}
- sql("INSERT INTO images(owner, extension) VALUES(" . $user['id'] . ", '$type')");
+ sql("INSERT INTO images(owner, extension, name, upl_date) VALUES(" . $user['id'] . ", '$type', '" . escs($name) . "', NOW())");
$id = mysql_insert_id();
$filen = $savedir . $id . "." . $type;
$minin = $savedir . $id . "-min." . $type;
diff --git a/lib/notes/index.php b/lib/notes/index.php
deleted file mode 100644
index 3089605..0000000
--- a/lib/notes/index.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-
-$filters = array (
- "order" => array (
- "nbNotes" => "number of notes",
- "name" => "username",
- ),
- "way" => $ord_ways,
-);
-$fdefaults = array (
- "order" => "nbNotes",
- "way" => "DESC",
-);
-
-$users = array();
-$n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FROM account ".
- "LEFT JOIN notes ON notes.owner = account.id ".
- "WHERE notes.public != 0 AND notes.id != 0 ".
- "GROUP BY account.id ORDER BY " . get_filter("order") . " " . get_filter("way"));
-while ($nn = mysql_fetch_assoc($n)) $users[] = $nn;
-require("tpl/notes/index.php");
diff --git a/lib/study/index.php b/lib/study/index.php
index e6cec20..6b43d53 100644
--- a/lib/study/index.php
+++ b/lib/study/index.php
@@ -1,3 +1,7 @@
<?php
+if ($user['id'] == 0) {
+ $message = "You must create an account to use this study program.";
+}
+
require("tpl/study/index.php");