diff options
Diffstat (limited to 'lib/blog')
-rw-r--r-- | lib/blog/delete.php | 13 | ||||
-rw-r--r-- | lib/blog/drafts.php | 19 | ||||
-rw-r--r-- | lib/blog/edit.php | 61 | ||||
-rw-r--r-- | lib/blog/index.php | 72 | ||||
-rw-r--r-- | lib/blog/post.php | 44 | ||||
-rw-r--r-- | lib/blog/publish.php | 13 |
6 files changed, 222 insertions, 0 deletions
diff --git a/lib/blog/delete.php b/lib/blog/delete.php new file mode 100644 index 0000000..a57b5ac --- /dev/null +++ b/lib/blog/delete.php @@ -0,0 +1,13 @@ +<?php + +assert_redir(count($args) >= 3, 'blog'); +$postid = intval($args[2]); + +$post = mysql_fetch_assoc(sql("SELECT owner FROM blog_posts WHERE id = $postid")); +assert_error($post && $post['owner'] == $user['id'], + "This note does not exist, or you are not allowed to delete it."); + +token_validate("Do you really want to delete this post ?", "blog"); +sql("DELETE FROM blog_posts WHERE id = $postid"); +sql("DELETE FROM blog_tags WHERE post = $postid"); +header("Location: drafts-blog"); diff --git a/lib/blog/drafts.php b/lib/blog/drafts.php new file mode 100644 index 0000000..735b039 --- /dev/null +++ b/lib/blog/drafts.php @@ -0,0 +1,19 @@ +<?php + +$title = "My posts"; + +$drafts = array(); +$pub = array(); + +$r = sql( + "SELECT id, title, text_html, draft FROM blog_posts WHERE owner = " . $user['id'] . " ORDER BY date DESC" + ); +while ($pp = mysql_fetch_assoc($r)) { + if ($pp['draft']) { + $drafts[] = $pp; + } else { + $pub[] = $pp; + } +} + +require("tpl/blog/drafts.php"); diff --git a/lib/blog/edit.php b/lib/blog/edit.php new file mode 100644 index 0000000..854c94f --- /dev/null +++ b/lib/blog/edit.php @@ -0,0 +1,61 @@ +<?php + +require("lib/markdown.php"); + +assert_redir(count($args) == 3, 'blog'); +$postid = intval($args[2]); + +$post = mysql_fetch_assoc(sql( + "SELECT blog_posts.title AS title, blog_posts.text AS text, blog_posts.owner AS owner, blog_posts.draft AS draft, ". + "GROUP_CONCAT(blog_tags.tag SEPARATOR ' ') AS tags ". + "FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ". + "WHERE id = $postid" +)); +assert_error($post && $post['owner'] == $user['id'], + "This post does not exist, or you are not allowed to edit it."); + +$post_title = $post['title']; +$post_tags = $post['tags']; +$post_text = $post['text']; +if (isset($_POST['title']) && isset($_POST['tags']) && isset($_POST['text'])) { + $post_title = esca($_POST['title']); + $post_text = esca($_POST['text']); + $post_html = Markdown($post_text); + $post_tags = esca($_POST['tags']); + if ($post_title == "") { + $error = "You must give a title to your post."; + } else { + sql("UPDATE blog_posts SET title = '" . escs($post_title) . "', text = '" . escs($post_text) . + "', text_html = '" . escs($post_html) . "'" . ($post['draft'] ? ', date = NOW()' : '') . + " WHERE id = $postid"); + sql("DELETE FROM blog_tags WHERE post = $postid"); + $tags = explode(' ', $post_tags); + if (count($tags) == 1 && $tags[0] == "") { + //do nothing lol + } else if (count($tags) >= 1) { + $v = array(); + foreach ($tags as $tag) { + $v[] = "($postid, '" . escs($tag) . "')"; + } + sql("INSERT INTO blog_tags(post, tag) VALUES " . implode(',', $v)); + } + if ($post['draft']) { + header("Location: drafts-blog"); + } else { + header("Location: blog"); + } + die(); + } +} + +$title = "Edit : " . $post['title']; +$fields = array( + array("label" => "Title : ", "name" => "title", "value" => $post_title), + array("label" => "Tags : ", "name" => "tags", "type" => "text", "value" => $post_tags), + array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $post_text), + ); +$validate = "Edit post"; + +require("tpl/general/form.php"); + + diff --git a/lib/blog/index.php b/lib/blog/index.php new file mode 100644 index 0000000..aaeb969 --- /dev/null +++ b/lib/blog/index.php @@ -0,0 +1,72 @@ +<?php + +$title = "What people write"; + +$filters = array ( + "order" => array ( + "title" => "title", + "owner" => "author name", + "date" => "date published", + ), + "way" => $ord_ways, +); +$fdefaults = array ( + "order" => "date", + "way" => "DESC", +); + +$posts = array(); + +$fa = array ( + "author" => array(), + "date" => array(), + "tag" => array(), +); +$fvalues = array(); +for ($i = 2; $i < count($args); $i += 2) { + if (isset($args[$i+1])) { + $fvalues[$args[$i]] = urldecode($args[$i+1]); + } +} +function count_in($fat, $v, $d) { + global $fa; + if (isset($fa[$fat][$v])) { + $fa[$fat][$v]['count']++; + } else { + $fa[$fat][$v] = array('name' => $d, 'count' => 1); + } +} + +$q = + "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ". + "DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ". + "blog_posts.text_html AS text_html, GROUP_CONCAT(ba.tag SEPARATOR ', ') AS tags, ". + "account.login AS owner, account.id AS owner_id ". + "FROM blog_posts LEFT JOIN account ON blog_posts.owner = account.id ". + "LEFT JOIN blog_tags ba ON ba.post = blog_posts.id ". + (isset($fvalues['tag']) ? "LEFT JOIN blog_tags bb ON bb.post = blog_posts.id AND bb.tag = '" . escs($fvalues['tag'])."' " : ""). + "WHERE blog_posts.draft = 0 ". + (isset($fvalues['author']) ? 'AND blog_posts.owner = ' . intval($fvalues['author']) .' ' : ''). + (isset($fvalues['date']) ? "AND blog_posts.date >= '" . escs(str_replace('.', '-', $fvalues['date'])) ."-01 00:00:00' " . + "AND blog_posts.date <= '" . escs(str_replace('.', '-', $fvalues['date'])) . "-31 23:59:59'" : ''). + (isset($fvalues['tag']) ? " AND bb.post != 0 " : ""). + "GROUP BY blog_posts.id ". + "ORDER BY " . get_filter('order') . " " . get_filter('way'); +$n = sql($q); + + +while ($pp = mysql_fetch_assoc($n)) { + $posts[] = $pp; + count_in('author', $pp['owner_id'], $pp['owner']); + $tags = explode(', ', $pp['tags']); + foreach ($tags as $tag) { + count_in('tag', $tag, $tag); + } + count_in('date', str_replace('-', '.', $pp['month']), $pp['month']); +} + +$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0); +$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0); +$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0); + +require("tpl/blog/index.php"); diff --git a/lib/blog/post.php b/lib/blog/post.php new file mode 100644 index 0000000..1f1525a --- /dev/null +++ b/lib/blog/post.php @@ -0,0 +1,44 @@ +<?php + +require("lib/markdown.php"); + +$post_title = ""; +$post_tags = ""; +$post_text = ""; +if (isset($_POST['title']) && isset($_POST['text'])) { + $post_title = esca($_POST['title']); + $post_text = esca($_POST['text']); + $post_tags = esca($_POST['tags']); + $post_html = Markdown($post_text); + + if ($post_title == "") { + $error = "You must give a title to your post."; + } else { + sql("INSERT INTO blog_posts(owner, title, text, text_html, date, draft) ". + "VALUE(" . $user['id'] . ", '" . escs($post_title) . "', '" . escs($post_text) . "', '" . escs($post_html) . + "', NOW(), 1)"); + $id = mysql_insert_id(); + $tags = explode(' ', $post_tags); + if (count($tags) == 1 && $tags[0] == "") { + //do nothing lol + } else if (count($tags) >= 1) { + $v = array(); + foreach ($tags as $tag) { + $v[] = "($id, '" . escs($tag) . "')"; + } + sql("INSERT INTO blog_tags(post, tag) VALUES " . implode(',', $v)); + } + header("Location: drafts-blog"); + die(); + } +} + +$title = "Post to blog"; +$fields = array( + array("label" => "Title : ", "name" => "title", "value" => $post_title), + array("label" => "Tags ", "name" => "tags", "type" => "text", "value" => $post_tags), + array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $post_text), + ); +$validate = "Post entry"; + +require("tpl/general/form.php"); diff --git a/lib/blog/publish.php b/lib/blog/publish.php new file mode 100644 index 0000000..1674911 --- /dev/null +++ b/lib/blog/publish.php @@ -0,0 +1,13 @@ +<?php + +assert_redir(count($args) >= 3, 'blog'); +$postid = intval($args[2]); + +$post = mysql_fetch_assoc(sql("SELECT owner, draft FROM blog_posts WHERE id = $postid")); +assert_error($post && $post['owner'] == $user['id'], + "This note does not exist, or you are not allowed to delete it."); +assert_error($post['draft'] == 1, "This post is already published."); + +token_validate("Are you sure this post is ready to be published ?", "blog"); +sql("UPDATE blog_posts SET draft = 0, date = NOW() WHERE id = $postid"); +header("Location: blog"); |