summaryrefslogtreecommitdiff
path: root/lib/blog
diff options
context:
space:
mode:
Diffstat (limited to 'lib/blog')
-rw-r--r--lib/blog/delete.php13
-rw-r--r--lib/blog/drafts.php19
-rw-r--r--lib/blog/edit.php61
-rw-r--r--lib/blog/index.php72
-rw-r--r--lib/blog/post.php44
-rw-r--r--lib/blog/publish.php13
6 files changed, 222 insertions, 0 deletions
diff --git a/lib/blog/delete.php b/lib/blog/delete.php
new file mode 100644
index 0000000..a57b5ac
--- /dev/null
+++ b/lib/blog/delete.php
@@ -0,0 +1,13 @@
+<?php
+
+assert_redir(count($args) >= 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql("SELECT owner FROM blog_posts WHERE id = $postid"));
+assert_error($post && $post['owner'] == $user['id'],
+ "This note does not exist, or you are not allowed to delete it.");
+
+token_validate("Do you really want to delete this post ?", "blog");
+sql("DELETE FROM blog_posts WHERE id = $postid");
+sql("DELETE FROM blog_tags WHERE post = $postid");
+header("Location: drafts-blog");
diff --git a/lib/blog/drafts.php b/lib/blog/drafts.php
new file mode 100644
index 0000000..735b039
--- /dev/null
+++ b/lib/blog/drafts.php
@@ -0,0 +1,19 @@
+<?php
+
+$title = "My posts";
+
+$drafts = array();
+$pub = array();
+
+$r = sql(
+ "SELECT id, title, text_html, draft FROM blog_posts WHERE owner = " . $user['id'] . " ORDER BY date DESC"
+ );
+while ($pp = mysql_fetch_assoc($r)) {
+ if ($pp['draft']) {
+ $drafts[] = $pp;
+ } else {
+ $pub[] = $pp;
+ }
+}
+
+require("tpl/blog/drafts.php");
diff --git a/lib/blog/edit.php b/lib/blog/edit.php
new file mode 100644
index 0000000..854c94f
--- /dev/null
+++ b/lib/blog/edit.php
@@ -0,0 +1,61 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql(
+ "SELECT blog_posts.title AS title, blog_posts.text AS text, blog_posts.owner AS owner, blog_posts.draft AS draft, ".
+ "GROUP_CONCAT(blog_tags.tag SEPARATOR ' ') AS tags ".
+ "FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ".
+ "WHERE id = $postid"
+));
+assert_error($post && $post['owner'] == $user['id'],
+ "This post does not exist, or you are not allowed to edit it.");
+
+$post_title = $post['title'];
+$post_tags = $post['tags'];
+$post_text = $post['text'];
+if (isset($_POST['title']) && isset($_POST['tags']) && isset($_POST['text'])) {
+ $post_title = esca($_POST['title']);
+ $post_text = esca($_POST['text']);
+ $post_html = Markdown($post_text);
+ $post_tags = esca($_POST['tags']);
+ if ($post_title == "") {
+ $error = "You must give a title to your post.";
+ } else {
+ sql("UPDATE blog_posts SET title = '" . escs($post_title) . "', text = '" . escs($post_text) .
+ "', text_html = '" . escs($post_html) . "'" . ($post['draft'] ? ', date = NOW()' : '') .
+ " WHERE id = $postid");
+ sql("DELETE FROM blog_tags WHERE post = $postid");
+ $tags = explode(' ', $post_tags);
+ if (count($tags) == 1 && $tags[0] == "") {
+ //do nothing lol
+ } else if (count($tags) >= 1) {
+ $v = array();
+ foreach ($tags as $tag) {
+ $v[] = "($postid, '" . escs($tag) . "')";
+ }
+ sql("INSERT INTO blog_tags(post, tag) VALUES " . implode(',', $v));
+ }
+ if ($post['draft']) {
+ header("Location: drafts-blog");
+ } else {
+ header("Location: blog");
+ }
+ die();
+ }
+}
+
+$title = "Edit : " . $post['title'];
+$fields = array(
+ array("label" => "Title : ", "name" => "title", "value" => $post_title),
+ array("label" => "Tags : ", "name" => "tags", "type" => "text", "value" => $post_tags),
+ array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $post_text),
+ );
+$validate = "Edit post";
+
+require("tpl/general/form.php");
+
+
diff --git a/lib/blog/index.php b/lib/blog/index.php
new file mode 100644
index 0000000..aaeb969
--- /dev/null
+++ b/lib/blog/index.php
@@ -0,0 +1,72 @@
+<?php
+
+$title = "What people write";
+
+$filters = array (
+ "order" => array (
+ "title" => "title",
+ "owner" => "author name",
+ "date" => "date published",
+ ),
+ "way" => $ord_ways,
+);
+$fdefaults = array (
+ "order" => "date",
+ "way" => "DESC",
+);
+
+$posts = array();
+
+$fa = array (
+ "author" => array(),
+ "date" => array(),
+ "tag" => array(),
+);
+$fvalues = array();
+for ($i = 2; $i < count($args); $i += 2) {
+ if (isset($args[$i+1])) {
+ $fvalues[$args[$i]] = urldecode($args[$i+1]);
+ }
+}
+function count_in($fat, $v, $d) {
+ global $fa;
+ if (isset($fa[$fat][$v])) {
+ $fa[$fat][$v]['count']++;
+ } else {
+ $fa[$fat][$v] = array('name' => $d, 'count' => 1);
+ }
+}
+
+$q =
+ "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ".
+ "DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ".
+ "blog_posts.text_html AS text_html, GROUP_CONCAT(ba.tag SEPARATOR ', ') AS tags, ".
+ "account.login AS owner, account.id AS owner_id ".
+ "FROM blog_posts LEFT JOIN account ON blog_posts.owner = account.id ".
+ "LEFT JOIN blog_tags ba ON ba.post = blog_posts.id ".
+ (isset($fvalues['tag']) ? "LEFT JOIN blog_tags bb ON bb.post = blog_posts.id AND bb.tag = '" . escs($fvalues['tag'])."' " : "").
+ "WHERE blog_posts.draft = 0 ".
+ (isset($fvalues['author']) ? 'AND blog_posts.owner = ' . intval($fvalues['author']) .' ' : '').
+ (isset($fvalues['date']) ? "AND blog_posts.date >= '" . escs(str_replace('.', '-', $fvalues['date'])) ."-01 00:00:00' " .
+ "AND blog_posts.date <= '" . escs(str_replace('.', '-', $fvalues['date'])) . "-31 23:59:59'" : '').
+ (isset($fvalues['tag']) ? " AND bb.post != 0 " : "").
+ "GROUP BY blog_posts.id ".
+ "ORDER BY " . get_filter('order') . " " . get_filter('way');
+$n = sql($q);
+
+
+while ($pp = mysql_fetch_assoc($n)) {
+ $posts[] = $pp;
+ count_in('author', $pp['owner_id'], $pp['owner']);
+ $tags = explode(', ', $pp['tags']);
+ foreach ($tags as $tag) {
+ count_in('tag', $tag, $tag);
+ }
+ count_in('date', str_replace('-', '.', $pp['month']), $pp['month']);
+}
+
+$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0);
+$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0);
+$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0);
+
+require("tpl/blog/index.php");
diff --git a/lib/blog/post.php b/lib/blog/post.php
new file mode 100644
index 0000000..1f1525a
--- /dev/null
+++ b/lib/blog/post.php
@@ -0,0 +1,44 @@
+<?php
+
+require("lib/markdown.php");
+
+$post_title = "";
+$post_tags = "";
+$post_text = "";
+if (isset($_POST['title']) && isset($_POST['text'])) {
+ $post_title = esca($_POST['title']);
+ $post_text = esca($_POST['text']);
+ $post_tags = esca($_POST['tags']);
+ $post_html = Markdown($post_text);
+
+ if ($post_title == "") {
+ $error = "You must give a title to your post.";
+ } else {
+ sql("INSERT INTO blog_posts(owner, title, text, text_html, date, draft) ".
+ "VALUE(" . $user['id'] . ", '" . escs($post_title) . "', '" . escs($post_text) . "', '" . escs($post_html) .
+ "', NOW(), 1)");
+ $id = mysql_insert_id();
+ $tags = explode(' ', $post_tags);
+ if (count($tags) == 1 && $tags[0] == "") {
+ //do nothing lol
+ } else if (count($tags) >= 1) {
+ $v = array();
+ foreach ($tags as $tag) {
+ $v[] = "($id, '" . escs($tag) . "')";
+ }
+ sql("INSERT INTO blog_tags(post, tag) VALUES " . implode(',', $v));
+ }
+ header("Location: drafts-blog");
+ die();
+ }
+}
+
+$title = "Post to blog";
+$fields = array(
+ array("label" => "Title : ", "name" => "title", "value" => $post_title),
+ array("label" => "Tags ", "name" => "tags", "type" => "text", "value" => $post_tags),
+ array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $post_text),
+ );
+$validate = "Post entry";
+
+require("tpl/general/form.php");
diff --git a/lib/blog/publish.php b/lib/blog/publish.php
new file mode 100644
index 0000000..1674911
--- /dev/null
+++ b/lib/blog/publish.php
@@ -0,0 +1,13 @@
+<?php
+
+assert_redir(count($args) >= 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql("SELECT owner, draft FROM blog_posts WHERE id = $postid"));
+assert_error($post && $post['owner'] == $user['id'],
+ "This note does not exist, or you are not allowed to delete it.");
+assert_error($post['draft'] == 1, "This post is already published.");
+
+token_validate("Are you sure this post is ready to be published ?", "blog");
+sql("UPDATE blog_posts SET draft = 0, date = NOW() WHERE id = $postid");
+header("Location: blog");