diff options
Diffstat (limited to 'lib/blog')
-rw-r--r-- | lib/blog/comment.php | 38 | ||||
-rw-r--r-- | lib/blog/delcom.php | 12 | ||||
-rw-r--r-- | lib/blog/delete.php | 3 | ||||
-rw-r--r-- | lib/blog/edcom.php | 35 | ||||
-rw-r--r-- | lib/blog/index.php | 15 | ||||
-rw-r--r-- | lib/blog/view.php | 39 |
6 files changed, 138 insertions, 4 deletions
diff --git a/lib/blog/comment.php b/lib/blog/comment.php new file mode 100644 index 0000000..4bda912 --- /dev/null +++ b/lib/blog/comment.php @@ -0,0 +1,38 @@ +<?php + +require("lib/markdown.php"); + +assert_redir(count($args) == 3, 'blog'); +$postid = intval($args[2]); + +$post = mysql_fetch_assoc(sql( + "SELECT blog_posts.id AS id, blog_posts.title AS title, + blog_posts.draft AS draft ". + "FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ". + "WHERE blog_posts.id = $postid" +)); + +assert_error($post && $post['draft'] == 0, + "This post does not exist."); + +$comment = ""; +if (isset($_POST['comment'])) { + $comment = esca($_POST['comment']); + $comment_html = Markdown($comment); + + if (trim($comment) == "") { + $error = "You cannot enter an empty comment."; + } else { + sql("INSERT INTO blog_comments(owner, post, text, text_html, date) ". + "VALUES(" . $user['id'] . ", $postid, '" . escs($comment) . "', '" . escs($comment_html) . "', NOW())"); + header("Location: view-blog-$postid"); + die(); + } +} + +$title = "Comment '" . $post['title'] . "'"; +$fields = array( + array("label" => "Comment : ", "name" => "comment", "type" => "textarea", "value" => $comment), + ); +$validate = "Comment"; +require("tpl/general/form.php"); diff --git a/lib/blog/delcom.php b/lib/blog/delcom.php new file mode 100644 index 0000000..eaf93ec --- /dev/null +++ b/lib/blog/delcom.php @@ -0,0 +1,12 @@ +<?php + +assert_redir(count($args) >= 3, 'blog'); +$comid = intval($args[2]); + +$com = mysql_fetch_assoc(sql("SELECT post FROM blog_comments WHERE id = $comid")); +assert_error($com, + "This comment does not exist."); + +token_validate("Do you really want to delete this comment ?", "view-blog-" . $com['post']); +sql("DELETE FROM blog_comments WHERE id = $comid"); +header("Location: view-blog-" . $com['post']); diff --git a/lib/blog/delete.php b/lib/blog/delete.php index a57b5ac..bfc428b 100644 --- a/lib/blog/delete.php +++ b/lib/blog/delete.php @@ -5,9 +5,10 @@ $postid = intval($args[2]); $post = mysql_fetch_assoc(sql("SELECT owner FROM blog_posts WHERE id = $postid")); assert_error($post && $post['owner'] == $user['id'], - "This note does not exist, or you are not allowed to delete it."); + "This post does not exist, or you are not allowed to delete it."); token_validate("Do you really want to delete this post ?", "blog"); sql("DELETE FROM blog_posts WHERE id = $postid"); sql("DELETE FROM blog_tags WHERE post = $postid"); +sql("DELETE FROM blog_comments WHERE post = $postid"); header("Location: drafts-blog"); diff --git a/lib/blog/edcom.php b/lib/blog/edcom.php new file mode 100644 index 0000000..2b96ff9 --- /dev/null +++ b/lib/blog/edcom.php @@ -0,0 +1,35 @@ +<?php + +require("lib/markdown.php"); + +assert_redir(count($args) == 3, 'blog'); +$comid = intval($args[2]); + +$com = mysql_fetch_assoc(sql( + "SELECT blog_comments.owner AS owner, blog_comments.text AS text, blog_comments.post AS post ". + "FROM blog_comments WHERE id = $comid" + )); +assert_error($com && $com['owner'] == $user['id'], + "This comment does not exist, or you are not allowed to edit it."); + +$com_text = $com['text']; +if (isset($_POST['text'])) { + $com_text = esca($_POST['text']); + $com_text_html = Markdown($com_text); + if (trim($com_text) == "") { + $error = "You cannot enter an empty comment. If you want your comment to be deleted, please edit your comment so that it says so, and an administrator will delete it."; + } else { + sql("UPDATE blog_comments SET text = '" . escs($com_text) . "', text_html = '" . escs($com_text_html) . "' ". + "WHERE id = $comid");; + header("Location: view-blog-" . $com['post']); + die(); + } +} + +$title = "Edit comment"; +$fields = array( + array("label" => "Comment : ", "name" => "text", "value" => $com_text, "type" => "textarea"), + ); +$validate = "Edit comment"; + +require("tpl/general/form.php"); diff --git a/lib/blog/index.php b/lib/blog/index.php index aaeb969..dd353d3 100644 --- a/lib/blog/index.php +++ b/lib/blog/index.php @@ -1,6 +1,7 @@ <?php -$title = "What people write"; +require ("lib/conf/blog.php"); +$title = $blog_title; $filters = array ( "order" => array ( @@ -39,10 +40,13 @@ function count_in($fat, $v, $d) { $q = "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ". + "UNIX_TIMESTAMP(blog_posts.date) AS date_ts, ". "DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ". - "blog_posts.text_html AS text_html, GROUP_CONCAT(ba.tag SEPARATOR ', ') AS tags, ". + "blog_posts.text_html AS text_html, GROUP_CONCAT(DISTINCT ba.tag SEPARATOR ', ') AS tags, ". + "COUNT(DISTINCT blog_comments.id) AS comments, ". "account.login AS owner, account.id AS owner_id ". "FROM blog_posts LEFT JOIN account ON blog_posts.owner = account.id ". + "LEFT JOIN blog_comments ON blog_comments.post = blog_posts.id ". "LEFT JOIN blog_tags ba ON ba.post = blog_posts.id ". (isset($fvalues['tag']) ? "LEFT JOIN blog_tags bb ON bb.post = blog_posts.id AND bb.tag = '" . escs($fvalues['tag'])."' " : ""). "WHERE blog_posts.draft = 0 ". @@ -69,4 +73,9 @@ $can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0); $can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0); $can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0); -require("tpl/blog/index.php"); + +if (isset($fvalues['feed']) && $fvalues['feed'] == "atom") { + require("tpl/blog/atom_feed.php"); +} else { + require("tpl/blog/index.php"); +} diff --git a/lib/blog/view.php b/lib/blog/view.php new file mode 100644 index 0000000..15c4d6e --- /dev/null +++ b/lib/blog/view.php @@ -0,0 +1,39 @@ +<?php + + +assert_redir(count($args) == 3, 'blog'); +$postid = intval($args[2]); + +$post = mysql_fetch_assoc(sql( + "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, + blog_posts.text AS text, blog_posts.text_html AS text_html, + blog_posts.draft AS draft, + account.login AS owner, blog_posts.owner AS owner_id, ". + "GROUP_CONCAT(blog_tags.tag SEPARATOR ', ') AS tags ". + "FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ". + "LEFT JOIN account ON blog_posts.owner = account.id ". + "WHERE blog_posts.id = $postid" +)); + +assert_error($post && $post['draft'] == 0, + "This post does not exist."); + +$comments = array(); +$c = sql( + "SELECT blog_comments.id AS id, blog_comments.text_html AS text_html, ". + "blog_comments.owner AS author_id, ". + "blog_comments.date AS date, account.login AS author ". + "FROM blog_comments ". + "LEFT JOIN account ON blog_comments.owner = account.id ". + "WHERE blog_comments.post = $postid ". + "ORDER BY date ASC" + ); +while ($o = mysql_fetch_assoc($c)) $comments[] = $o; + +$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0); +$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0); +$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0); +$can_comment = ($user['priv'] >= $apps['blog']['comment'] && $user['id'] != 0); +$can_delcom = ($user['priv'] >= $apps['blog']['delcom'] && $user['id'] != 0); + +require("tpl/blog/view.php"); |