diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/account/list.php | 23 | ||||
| -rw-r--r-- | lib/account/new.php | 10 | ||||
| -rw-r--r-- | lib/blog/delete.php | 13 | ||||
| -rw-r--r-- | lib/blog/drafts.php | 19 | ||||
| -rw-r--r-- | lib/blog/edit.php | 61 | ||||
| -rw-r--r-- | lib/blog/index.php | 72 | ||||
| -rw-r--r-- | lib/blog/post.php | 44 | ||||
| -rw-r--r-- | lib/blog/publish.php | 13 | ||||
| -rw-r--r-- | lib/conf/apps.php | 18 | ||||
| -rw-r--r-- | lib/conf/image.php | 4 | ||||
| -rw-r--r-- | lib/image/index.php | 22 | ||||
| -rw-r--r-- | lib/image/rename.php | 32 | ||||
| -rw-r--r-- | lib/image/upload.php | 8 | ||||
| -rw-r--r-- | lib/notes/index.php | 21 | ||||
| -rw-r--r-- | lib/study/index.php | 4 |
15 files changed, 331 insertions, 33 deletions
diff --git a/lib/account/list.php b/lib/account/list.php new file mode 100644 index 0000000..dcb6575 --- /dev/null +++ b/lib/account/list.php @@ -0,0 +1,23 @@ +<?php + +$filters = array ( + "order" => array ( + "name" => "username", + "reg_date" => "date registered", + "nbNotes" => "number of notes", + ), + "way" => $ord_ways, +); +$fdefaults = array ( + "order" => "name", + "way" => "ASC", +); + +$users = array(); +$n = sql("SELECT account.id AS id, login AS name, nc.count AS nbNotes, pc.count AS nbPosts ". + "FROM account ". + "LEFT JOIN (SELECT notes.owner AS owner, COUNT(notes.id) AS count FROM notes WHERE notes.public != 0 GROUP BY notes.owner) nc ON nc.owner = account.id ". + "LEFT JOIN (SELECT blog_posts.owner AS owner, COUNT(blog_posts.id) AS count FROM blog_posts GROUP BY blog_posts.owner) pc ON pc.owner = account.id ". + "ORDER BY " . get_filter("order") . " " . get_filter("way")); +while ($nn = mysql_fetch_assoc($n)) $users[] = $nn; +require("tpl/account/list.php"); diff --git a/lib/account/new.php b/lib/account/new.php index c06083e..2366fbb 100644 --- a/lib/account/new.php +++ b/lib/account/new.php @@ -3,18 +3,23 @@ $title = "Register"; $login = ""; +$email = ""; if (isset($_POST['login']) && isset($_POST['pw1']) && isset($_POST['pw2'])) { $login = esca($_POST["login"]); + $email = esca($_POST["email"]); $pw1 = esc($_POST["pw1"]); $pw2 = esc($_POST["pw2"]); if ($login == "") { $error = "You must enter a username."; + } else if (!preg_match('#^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$#', $email)) { + $error = "You must enter a valid email address."; } else if ($pw1 != $pw2) { $error = "You must enter twice the same password."; } else if ($pw1 == "") { $error = "You must enter a password"; } else { - sql("INSERT INTO account(login, password) VALUES('" . escs($login) . "', PASSWORD('$pw1'))"); + sql("INSERT INTO account(login, password, email, reg_date) ". + "VALUES('" . escs($login) . "', PASSWORD('$pw1'), '" . escs($email) . "', NOW())"); $message = "Your account has been created. Please log in now."; $url = $homepage; require("tpl/account/login.php"); @@ -25,7 +30,8 @@ $form_message = "Please fill in the following form to create an account :"; $fields = array( array("label" => "Username : ", "name" => "login", "value" => $login), array("label" => "Password : ", "name" => "pw1", "type" => "password"), - array("label" => "Confirm password : ", "name" => "pw2", "type" => "password") + array("label" => "Confirm password : ", "name" => "pw2", "type" => "password"), + array("label" => "Email address : ", "name" => "email", "value" => $email) ); $validate = "Create an account"; diff --git a/lib/blog/delete.php b/lib/blog/delete.php new file mode 100644 index 0000000..a57b5ac --- /dev/null +++ b/lib/blog/delete.php @@ -0,0 +1,13 @@ +<?php + +assert_redir(count($args) >= 3, 'blog'); +$postid = intval($args[2]); + +$post = mysql_fetch_assoc(sql("SELECT owner FROM blog_posts WHERE id = $postid")); +assert_error($post && $post['owner'] == $user['id'], + "This note does not exist, or you are not allowed to delete it."); + +token_validate("Do you really want to delete this post ?", "blog"); +sql("DELETE FROM blog_posts WHERE id = $postid"); +sql("DELETE FROM blog_tags WHERE post = $postid"); +header("Location: drafts-blog"); diff --git a/lib/blog/drafts.php b/lib/blog/drafts.php new file mode 100644 index 0000000..735b039 --- /dev/null +++ b/lib/blog/drafts.php @@ -0,0 +1,19 @@ +<?php + +$title = "My posts"; + +$drafts = array(); +$pub = array(); + +$r = sql( + "SELECT id, title, text_html, draft FROM blog_posts WHERE owner = " . $user['id'] . " ORDER BY date DESC" + ); +while ($pp = mysql_fetch_assoc($r)) { + if ($pp['draft']) { + $drafts[] = $pp; + } else { + $pub[] = $pp; + } +} + +require("tpl/blog/drafts.php"); diff --git a/lib/blog/edit.php b/lib/blog/edit.php new file mode 100644 index 0000000..854c94f --- /dev/null +++ b/lib/blog/edit.php @@ -0,0 +1,61 @@ +<?php + +require("lib/markdown.php"); + +assert_redir(count($args) == 3, 'blog'); +$postid = intval($args[2]); + +$post = mysql_fetch_assoc(sql( + "SELECT blog_posts.title AS title, blog_posts.text AS text, blog_posts.owner AS owner, blog_posts.draft AS draft, ". + "GROUP_CONCAT(blog_tags.tag SEPARATOR ' ') AS tags ". + "FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ". + "WHERE id = $postid" +)); +assert_error($post && $post['owner'] == $user['id'], + "This post does not exist, or you are not allowed to edit it."); + +$post_title = $post['title']; +$post_tags = $post['tags']; +$post_text = $post['text']; +if (isset($_POST['title']) && isset($_POST['tags']) && isset($_POST['text'])) { + $post_title = esca($_POST['title']); + $post_text = esca($_POST['text']); + $post_html = Markdown($post_text); + $post_tags = esca($_POST['tags']); + if ($post_title == "") { + $error = "You must give a title to your post."; + } else { + sql("UPDATE blog_posts SET title = '" . escs($post_title) . "', text = '" . escs($post_text) . + "', text_html = '" . escs($post_html) . "'" . ($post['draft'] ? ', date = NOW()' : '') . + " WHERE id = $postid"); + sql("DELETE FROM blog_tags WHERE post = $postid"); + $tags = explode(' ', $post_tags); + if (count($tags) == 1 && $tags[0] == "") { + //do nothing lol + } else if (count($tags) >= 1) { + $v = array(); + foreach ($tags as $tag) { + $v[] = "($postid, '" . escs($tag) . "')"; + } + sql("INSERT INTO blog_tags(post, tag) VALUES " . implode(',', $v)); + } + if ($post['draft']) { + header("Location: drafts-blog"); + } else { + header("Location: blog"); + } + die(); + } +} + +$title = "Edit : " . $post['title']; +$fields = array( + array("label" => "Title : ", "name" => "title", "value" => $post_title), + array("label" => "Tags : ", "name" => "tags", "type" => "text", "value" => $post_tags), + array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $post_text), + ); +$validate = "Edit post"; + +require("tpl/general/form.php"); + + diff --git a/lib/blog/index.php b/lib/blog/index.php new file mode 100644 index 0000000..aaeb969 --- /dev/null +++ b/lib/blog/index.php @@ -0,0 +1,72 @@ +<?php + +$title = "What people write"; + +$filters = array ( + "order" => array ( + "title" => "title", + "owner" => "author name", + "date" => "date published", + ), + "way" => $ord_ways, +); +$fdefaults = array ( + "order" => "date", + "way" => "DESC", +); + +$posts = array(); + +$fa = array ( + "author" => array(), + "date" => array(), + "tag" => array(), +); +$fvalues = array(); +for ($i = 2; $i < count($args); $i += 2) { + if (isset($args[$i+1])) { + $fvalues[$args[$i]] = urldecode($args[$i+1]); + } +} +function count_in($fat, $v, $d) { + global $fa; + if (isset($fa[$fat][$v])) { + $fa[$fat][$v]['count']++; + } else { + $fa[$fat][$v] = array('name' => $d, 'count' => 1); + } +} + +$q = + "SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ". + "DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ". + "blog_posts.text_html AS text_html, GROUP_CONCAT(ba.tag SEPARATOR ', ') AS tags, ". + "account.login AS owner, account.id AS owner_id ". + "FROM blog_posts LEFT JOIN account ON blog_posts.owner = account.id ". + "LEFT JOIN blog_tags ba ON ba.post = blog_posts.id ". + (isset($fvalues['tag']) ? "LEFT JOIN blog_tags bb ON bb.post = blog_posts.id AND bb.tag = '" . escs($fvalues['tag'])."' " : ""). + "WHERE blog_posts.draft = 0 ". + (isset($fvalues['author']) ? 'AND blog_posts.owner = ' . intval($fvalues['author']) .' ' : ''). + (isset($fvalues['date']) ? "AND blog_posts.date >= '" . escs(str_replace('.', '-', $fvalues['date'])) ."-01 00:00:00' " . + "AND blog_posts.date <= '" . escs(str_replace('.', '-', $fvalues['date'])) . "-31 23:59:59'" : ''). + (isset($fvalues['tag']) ? " AND bb.post != 0 " : ""). + "GROUP BY blog_posts.id ". + "ORDER BY " . get_filter('order') . " " . get_filter('way'); +$n = sql($q); + + +while ($pp = mysql_fetch_assoc($n)) { + $posts[] = $pp; + count_in('author', $pp['owner_id'], $pp['owner']); + $tags = explode(', ', $pp['tags']); + foreach ($tags as $tag) { + count_in('tag', $tag, $tag); + } + count_in('date', str_replace('-', '.', $pp['month']), $pp['month']); +} + +$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0); +$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0); +$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0); + +require("tpl/blog/index.php"); diff --git a/lib/blog/post.php b/lib/blog/post.php new file mode 100644 index 0000000..1f1525a --- /dev/null +++ b/lib/blog/post.php @@ -0,0 +1,44 @@ +<?php + +require("lib/markdown.php"); + +$post_title = ""; +$post_tags = ""; +$post_text = ""; +if (isset($_POST['title']) && isset($_POST['text'])) { + $post_title = esca($_POST['title']); + $post_text = esca($_POST['text']); + $post_tags = esca($_POST['tags']); + $post_html = Markdown($post_text); + + if ($post_title == "") { + $error = "You must give a title to your post."; + } else { + sql("INSERT INTO blog_posts(owner, title, text, text_html, date, draft) ". + "VALUE(" . $user['id'] . ", '" . escs($post_title) . "', '" . escs($post_text) . "', '" . escs($post_html) . + "', NOW(), 1)"); + $id = mysql_insert_id(); + $tags = explode(' ', $post_tags); + if (count($tags) == 1 && $tags[0] == "") { + //do nothing lol + } else if (count($tags) >= 1) { + $v = array(); + foreach ($tags as $tag) { + $v[] = "($id, '" . escs($tag) . "')"; + } + sql("INSERT INTO blog_tags(post, tag) VALUES " . implode(',', $v)); + } + header("Location: drafts-blog"); + die(); + } +} + +$title = "Post to blog"; +$fields = array( + array("label" => "Title : ", "name" => "title", "value" => $post_title), + array("label" => "Tags ", "name" => "tags", "type" => "text", "value" => $post_tags), + array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $post_text), + ); +$validate = "Post entry"; + +require("tpl/general/form.php"); diff --git a/lib/blog/publish.php b/lib/blog/publish.php new file mode 100644 index 0000000..1674911 --- /dev/null +++ b/lib/blog/publish.php @@ -0,0 +1,13 @@ +<?php + +assert_redir(count($args) >= 3, 'blog'); +$postid = intval($args[2]); + +$post = mysql_fetch_assoc(sql("SELECT owner, draft FROM blog_posts WHERE id = $postid")); +assert_error($post && $post['owner'] == $user['id'], + "This note does not exist, or you are not allowed to delete it."); +assert_error($post['draft'] == 1, "This post is already published."); + +token_validate("Are you sure this post is ready to be published ?", "blog"); +sql("UPDATE blog_posts SET draft = 0, date = NOW() WHERE id = $postid"); +header("Location: blog"); diff --git a/lib/conf/apps.php b/lib/conf/apps.php index d8cb1c2..26de50c 100644 --- a/lib/conf/apps.php +++ b/lib/conf/apps.php @@ -1,6 +1,6 @@ <?php -$homepage = "notes"; +$homepage = "blog"; $apps = array( @@ -8,17 +8,19 @@ $apps = array( "image" => array( "index" => 1, "delete" => 1, + "rename" => 1, "upload" => 0, ), // Account application "account" => array( "new" => 0, + "list" => 0, ), // Notebook application "notes" => array( - "index" => 0, + //"index" => 0, "user" => 0, "view" => 0, "new" => 1, @@ -28,6 +30,16 @@ $apps = array( "source" => 0, ), + // Blogging application + "blog" => array( + "index" => 0, + "drafts" => 1, + "publish" => 1, + "post" => 1, + "edit" => 1, + "delete" => 1, + ), + // Studies application "deck" => array( "index" => 0, @@ -52,7 +64,7 @@ $apps = array( ), "study" => array ( - "index" => 1, + "index" => 0, "deckadd" => 1, "deck" => 1, "deckrm" => 1, diff --git a/lib/conf/image.php b/lib/conf/image.php index 8fd48ec..462300e 100644 --- a/lib/conf/image.php +++ b/lib/conf/image.php @@ -3,5 +3,5 @@ $baseurl = "http://localhost/alex.auvolat/images/"; $savedir = getcwd() . "/images/"; $miniature_width = 127; -$quota = ceil((time() - 1220000000) / (3600 * 24 * 20)); -$min_priv_for_no_quota = 2; +//$quota = 128;; //ceil((time() - 1220000000) / (3600 * 24 * 20)); +//$min_priv_for_no_quota = 2; diff --git a/lib/image/index.php b/lib/image/index.php index 01c0928..59a304d 100644 --- a/lib/image/index.php +++ b/lib/image/index.php @@ -2,16 +2,31 @@ require("lib/conf/image.php"); +$filters = array ( + "order" => array ( + "name" => "title", + "upl_date" => "date uploaded", + ), + "way" => $ord_ways, +); +$fdefaults = array ( + "order" => "name", + "way" => "ASC", +); + $title = "Image upload"; $images = array(); -$files = sql("SELECT * FROM images WHERE owner = " . $user['id']); +$files = sql("SELECT * FROM images WHERE owner = " . $user['id'] . + " ORDER BY " . get_filter('order') . " " . get_filter('way')); while ($img = mysql_fetch_assoc($files)) $images[] = $img; -if (count($images) >= $quota && $user['priv'] < $min_priv_for_no_quota) { +/*if (count($images) >= $quota && $user['priv'] < $min_priv_for_no_quota) { $error = "You have already exceeded your quota of $quota uploadable images."; $can_upload = false; -} else if ($user['priv'] < $apps['image']['upload']) { +} else */ + +if ($user['priv'] < $apps['image']['upload']) { $error = "You don't have the rights to upload images."; $can_upload = false; } else { @@ -19,5 +34,6 @@ if (count($images) >= $quota && $user['priv'] < $min_priv_for_no_quota) { } $can_delete = ($user['priv'] >= $apps['image']['delete'] && $user['id'] != 0); +$can_rename = ($user['priv'] >= $apps['image']['rename'] && $user['id'] != 0); require("tpl/image/index.php"); diff --git a/lib/image/rename.php b/lib/image/rename.php new file mode 100644 index 0000000..0fbc442 --- /dev/null +++ b/lib/image/rename.php @@ -0,0 +1,32 @@ +<?php + +require("lib/conf/image.php"); + +$title = "Rename an image"; + +if (count($args) < 3) header("location: index.php"); +$id = intval($args[2]); + +$info = mysql_fetch_assoc(sql("SELECT * FROM images WHERE id = $id")); + +assert_error($info["owner"] == $user["id"], "You cannot rename this image."); + +$name = $info['name']; +if (isset($_POST['name'])) { + $name = esca($_POST['name']); + if ($name == "") { + $error = "You must give a non-empty name to this image. Please."; + } else { + sql("UPDATE images SET name = '" . escs($name) . "' WHERE id = $id"); + header("Location: image"); + die(); + } +} + +$title = "Rename : " . $info['name']; +$fields = array( + array("label" => "New name : ", "name" => "name", "value" => $name), +); +$validate = "Rename"; + +require("tpl/general/form.php"); diff --git a/lib/image/upload.php b/lib/image/upload.php index 812295f..5176a3a 100644 --- a/lib/image/upload.php +++ b/lib/image/upload.php @@ -4,11 +4,15 @@ $title = "Upload an image"; require("lib/conf/image.php"); +/* $number = mysql_fetch_assoc(sql("SELECT count(*) AS count FROM images WHERE owner = " . $user['id'])); assert_error($number['count'] < $quota || $user['priv'] >= $min_priv_for_no_quota || $user['id'] == 0, "You have already exceeded your upload quota."); +*/ -if (isset($_FILES['image'])) { +if (isset($_FILES['image']) && isset($_POST['name'])) { + $name = esca($_POST['name']); + if ($name == "") $name = $_FILES['image']['name']; if ($_FILES['image']['error'] != 0) { $error = "Sorry, an error occurred while uploading your file. Try with a smaller one."; require("tpl/image/upload.php"); @@ -24,7 +28,7 @@ if (isset($_FILES['image'])) { $error = "Sorry, we only accept GIF, PNG and JPEG images."; require("tpl/image/upload.php"); } - sql("INSERT INTO images(owner, extension) VALUES(" . $user['id'] . ", '$type')"); + sql("INSERT INTO images(owner, extension, name, upl_date) VALUES(" . $user['id'] . ", '$type', '" . escs($name) . "', NOW())"); $id = mysql_insert_id(); $filen = $savedir . $id . "." . $type; $minin = $savedir . $id . "-min." . $type; diff --git a/lib/notes/index.php b/lib/notes/index.php deleted file mode 100644 index 3089605..0000000 --- a/lib/notes/index.php +++ /dev/null @@ -1,21 +0,0 @@ -<?php - -$filters = array ( - "order" => array ( - "nbNotes" => "number of notes", - "name" => "username", - ), - "way" => $ord_ways, -); -$fdefaults = array ( - "order" => "nbNotes", - "way" => "DESC", -); - -$users = array(); -$n = sql("SELECT account.id AS id, login AS name, COUNT(notes.id) AS nbNotes FROM account ". - "LEFT JOIN notes ON notes.owner = account.id ". - "WHERE notes.public != 0 AND notes.id != 0 ". - "GROUP BY account.id ORDER BY " . get_filter("order") . " " . get_filter("way")); -while ($nn = mysql_fetch_assoc($n)) $users[] = $nn; -require("tpl/notes/index.php"); diff --git a/lib/study/index.php b/lib/study/index.php index e6cec20..6b43d53 100644 --- a/lib/study/index.php +++ b/lib/study/index.php @@ -1,3 +1,7 @@ <?php +if ($user['id'] == 0) { + $message = "You must create an account to use this study program."; +} + require("tpl/study/index.php"); |