summaryrefslogtreecommitdiff
path: root/lib/blog
diff options
context:
space:
mode:
Diffstat (limited to 'lib/blog')
-rw-r--r--lib/blog/comment.php38
-rw-r--r--lib/blog/delcom.php12
-rw-r--r--lib/blog/delete.php3
-rw-r--r--lib/blog/edcom.php35
-rw-r--r--lib/blog/index.php15
-rw-r--r--lib/blog/view.php39
6 files changed, 138 insertions, 4 deletions
diff --git a/lib/blog/comment.php b/lib/blog/comment.php
new file mode 100644
index 0000000..4bda912
--- /dev/null
+++ b/lib/blog/comment.php
@@ -0,0 +1,38 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql(
+ "SELECT blog_posts.id AS id, blog_posts.title AS title,
+ blog_posts.draft AS draft ".
+ "FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ".
+ "WHERE blog_posts.id = $postid"
+));
+
+assert_error($post && $post['draft'] == 0,
+ "This post does not exist.");
+
+$comment = "";
+if (isset($_POST['comment'])) {
+ $comment = esca($_POST['comment']);
+ $comment_html = Markdown($comment);
+
+ if (trim($comment) == "") {
+ $error = "You cannot enter an empty comment.";
+ } else {
+ sql("INSERT INTO blog_comments(owner, post, text, text_html, date) ".
+ "VALUES(" . $user['id'] . ", $postid, '" . escs($comment) . "', '" . escs($comment_html) . "', NOW())");
+ header("Location: view-blog-$postid");
+ die();
+ }
+}
+
+$title = "Comment '" . $post['title'] . "'";
+$fields = array(
+ array("label" => "Comment : ", "name" => "comment", "type" => "textarea", "value" => $comment),
+ );
+$validate = "Comment";
+require("tpl/general/form.php");
diff --git a/lib/blog/delcom.php b/lib/blog/delcom.php
new file mode 100644
index 0000000..eaf93ec
--- /dev/null
+++ b/lib/blog/delcom.php
@@ -0,0 +1,12 @@
+<?php
+
+assert_redir(count($args) >= 3, 'blog');
+$comid = intval($args[2]);
+
+$com = mysql_fetch_assoc(sql("SELECT post FROM blog_comments WHERE id = $comid"));
+assert_error($com,
+ "This comment does not exist.");
+
+token_validate("Do you really want to delete this comment ?", "view-blog-" . $com['post']);
+sql("DELETE FROM blog_comments WHERE id = $comid");
+header("Location: view-blog-" . $com['post']);
diff --git a/lib/blog/delete.php b/lib/blog/delete.php
index a57b5ac..bfc428b 100644
--- a/lib/blog/delete.php
+++ b/lib/blog/delete.php
@@ -5,9 +5,10 @@ $postid = intval($args[2]);
$post = mysql_fetch_assoc(sql("SELECT owner FROM blog_posts WHERE id = $postid"));
assert_error($post && $post['owner'] == $user['id'],
- "This note does not exist, or you are not allowed to delete it.");
+ "This post does not exist, or you are not allowed to delete it.");
token_validate("Do you really want to delete this post ?", "blog");
sql("DELETE FROM blog_posts WHERE id = $postid");
sql("DELETE FROM blog_tags WHERE post = $postid");
+sql("DELETE FROM blog_comments WHERE post = $postid");
header("Location: drafts-blog");
diff --git a/lib/blog/edcom.php b/lib/blog/edcom.php
new file mode 100644
index 0000000..2b96ff9
--- /dev/null
+++ b/lib/blog/edcom.php
@@ -0,0 +1,35 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'blog');
+$comid = intval($args[2]);
+
+$com = mysql_fetch_assoc(sql(
+ "SELECT blog_comments.owner AS owner, blog_comments.text AS text, blog_comments.post AS post ".
+ "FROM blog_comments WHERE id = $comid"
+ ));
+assert_error($com && $com['owner'] == $user['id'],
+ "This comment does not exist, or you are not allowed to edit it.");
+
+$com_text = $com['text'];
+if (isset($_POST['text'])) {
+ $com_text = esca($_POST['text']);
+ $com_text_html = Markdown($com_text);
+ if (trim($com_text) == "") {
+ $error = "You cannot enter an empty comment. If you want your comment to be deleted, please edit your comment so that it says so, and an administrator will delete it.";
+ } else {
+ sql("UPDATE blog_comments SET text = '" . escs($com_text) . "', text_html = '" . escs($com_text_html) . "' ".
+ "WHERE id = $comid");;
+ header("Location: view-blog-" . $com['post']);
+ die();
+ }
+}
+
+$title = "Edit comment";
+$fields = array(
+ array("label" => "Comment : ", "name" => "text", "value" => $com_text, "type" => "textarea"),
+ );
+$validate = "Edit comment";
+
+require("tpl/general/form.php");
diff --git a/lib/blog/index.php b/lib/blog/index.php
index aaeb969..dd353d3 100644
--- a/lib/blog/index.php
+++ b/lib/blog/index.php
@@ -1,6 +1,7 @@
<?php
-$title = "What people write";
+require ("lib/conf/blog.php");
+$title = $blog_title;
$filters = array (
"order" => array (
@@ -39,10 +40,13 @@ function count_in($fat, $v, $d) {
$q =
"SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ".
+ "UNIX_TIMESTAMP(blog_posts.date) AS date_ts, ".
"DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ".
- "blog_posts.text_html AS text_html, GROUP_CONCAT(ba.tag SEPARATOR ', ') AS tags, ".
+ "blog_posts.text_html AS text_html, GROUP_CONCAT(DISTINCT ba.tag SEPARATOR ', ') AS tags, ".
+ "COUNT(DISTINCT blog_comments.id) AS comments, ".
"account.login AS owner, account.id AS owner_id ".
"FROM blog_posts LEFT JOIN account ON blog_posts.owner = account.id ".
+ "LEFT JOIN blog_comments ON blog_comments.post = blog_posts.id ".
"LEFT JOIN blog_tags ba ON ba.post = blog_posts.id ".
(isset($fvalues['tag']) ? "LEFT JOIN blog_tags bb ON bb.post = blog_posts.id AND bb.tag = '" . escs($fvalues['tag'])."' " : "").
"WHERE blog_posts.draft = 0 ".
@@ -69,4 +73,9 @@ $can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0);
$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0);
$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0);
-require("tpl/blog/index.php");
+
+if (isset($fvalues['feed']) && $fvalues['feed'] == "atom") {
+ require("tpl/blog/atom_feed.php");
+} else {
+ require("tpl/blog/index.php");
+}
diff --git a/lib/blog/view.php b/lib/blog/view.php
new file mode 100644
index 0000000..15c4d6e
--- /dev/null
+++ b/lib/blog/view.php
@@ -0,0 +1,39 @@
+<?php
+
+
+assert_redir(count($args) == 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql(
+ "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date,
+ blog_posts.text AS text, blog_posts.text_html AS text_html,
+ blog_posts.draft AS draft,
+ account.login AS owner, blog_posts.owner AS owner_id, ".
+ "GROUP_CONCAT(blog_tags.tag SEPARATOR ', ') AS tags ".
+ "FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ".
+ "LEFT JOIN account ON blog_posts.owner = account.id ".
+ "WHERE blog_posts.id = $postid"
+));
+
+assert_error($post && $post['draft'] == 0,
+ "This post does not exist.");
+
+$comments = array();
+$c = sql(
+ "SELECT blog_comments.id AS id, blog_comments.text_html AS text_html, ".
+ "blog_comments.owner AS author_id, ".
+ "blog_comments.date AS date, account.login AS author ".
+ "FROM blog_comments ".
+ "LEFT JOIN account ON blog_comments.owner = account.id ".
+ "WHERE blog_comments.post = $postid ".
+ "ORDER BY date ASC"
+ );
+while ($o = mysql_fetch_assoc($c)) $comments[] = $o;
+
+$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0);
+$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0);
+$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0);
+$can_comment = ($user['priv'] >= $apps['blog']['comment'] && $user['id'] != 0);
+$can_delcom = ($user['priv'] >= $apps['blog']['delcom'] && $user['id'] != 0);
+
+require("tpl/blog/view.php");