8 files changed, 150 insertions, 4 deletions
diff --git a/lib/blog/comment.php b/lib/blog/comment.php
new file mode 100644
index 0000000..4bda912
--- /dev/null
+++ b/lib/blog/comment.php
@@ -0,0 +1,38 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql(
+	"SELECT blog_posts.id AS id, blog_posts.title AS title,
+		blog_posts.draft AS draft ".
+	"FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ".
+	"WHERE blog_posts.id = $postid"
+));
+
+assert_error($post && $post['draft'] == 0,
+	"This post does not exist.");
+
+$comment = "";
+if (isset($_POST['comment'])) {
+	$comment = esca($_POST['comment']);
+	$comment_html = Markdown($comment);
+
+	if (trim($comment) == "") {
+		$error = "You cannot enter an empty comment.";
+	} else {
+		sql("INSERT INTO blog_comments(owner, post, text, text_html, date) ".
+			"VALUES(" . $user['id'] . ", $postid, '" . escs($comment) . "', '" . escs($comment_html) . "', NOW())");
+		header("Location: view-blog-$postid");
+		die();
+	}
+}
+
+$title = "Comment '" . $post['title'] . "'";
+$fields = array(
+	array("label" => "Comment : ", "name" => "comment", "type" => "textarea", "value" => $comment),
+	);
+$validate = "Comment";
+require("tpl/general/form.php");
diff --git a/lib/blog/delcom.php b/lib/blog/delcom.php
new file mode 100644
index 0000000..eaf93ec
--- /dev/null
+++ b/lib/blog/delcom.php
@@ -0,0 +1,12 @@
+<?php
+
+assert_redir(count($args) >= 3, 'blog');
+$comid = intval($args[2]);
+
+$com = mysql_fetch_assoc(sql("SELECT post FROM blog_comments WHERE id = $comid"));
+assert_error($com,
+	"This comment does not exist.");
+
+token_validate("Do you really want to delete this comment ?", "view-blog-" . $com['post']);
+sql("DELETE FROM blog_comments WHERE id = $comid");
+header("Location: view-blog-" . $com['post']);
diff --git a/lib/blog/delete.php b/lib/blog/delete.php
index a57b5ac..bfc428b 100644
--- a/lib/blog/delete.php
+++ b/lib/blog/delete.php
@@ -5,9 +5,10 @@ $postid = intval($args[2]);
 
 $post = mysql_fetch_assoc(sql("SELECT owner FROM blog_posts WHERE id = $postid"));
 assert_error($post && $post['owner'] == $user['id'],
-	"This note does not exist, or you are not allowed to delete it.");
+	"This post does not exist, or you are not allowed to delete it.");
 
 token_validate("Do you really want to delete this post ?", "blog");
 sql("DELETE FROM blog_posts WHERE id = $postid");
 sql("DELETE FROM blog_tags WHERE post = $postid");
+sql("DELETE FROM blog_comments WHERE post = $postid");
 header("Location: drafts-blog");
diff --git a/lib/blog/edcom.php b/lib/blog/edcom.php
new file mode 100644
index 0000000..2b96ff9
--- /dev/null
+++ b/lib/blog/edcom.php
@@ -0,0 +1,35 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'blog');
+$comid = intval($args[2]);
+
+$com = mysql_fetch_assoc(sql(
+	"SELECT blog_comments.owner AS owner, blog_comments.text AS text, blog_comments.post AS post ".
+	"FROM blog_comments WHERE id = $comid"
+	));
+assert_error($com && $com['owner'] == $user['id'],
+	"This comment does not exist, or you are not allowed to edit it.");
+
+$com_text = $com['text'];
+if (isset($_POST['text'])) {
+	$com_text = esca($_POST['text']);
+	$com_text_html = Markdown($com_text);
+	if (trim($com_text) == "") {
+		$error = "You cannot enter an empty comment. If you want your comment to be deleted, please edit your comment so that it says so, and an administrator will delete it.";
+	} else {
+		sql("UPDATE blog_comments SET text = '" . escs($com_text) . "', text_html = '" . escs($com_text_html) . "' ".
+			"WHERE id = $comid");;
+		header("Location: view-blog-" . $com['post']);
+		die();
+	}
+}
+
+$title = "Edit comment";
+$fields = array(
+	array("label" => "Comment : ", "name" => "text", "value" => $com_text, "type" => "textarea"),
+	);
+$validate = "Edit comment";
+
+require("tpl/general/form.php");
diff --git a/lib/blog/index.php b/lib/blog/index.php
index aaeb969..dd353d3 100644
--- a/lib/blog/index.php
+++ b/lib/blog/index.php
@@ -1,6 +1,7 @@
 <?php
 
-$title = "What people write";
+require ("lib/conf/blog.php");
+$title = $blog_title;
 
 $filters = array (
 	"order" => array (
@@ -39,10 +40,13 @@ function count_in($fat, $v, $d) {
 
 $q =
 	"SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date, ".
+	"UNIX_TIMESTAMP(blog_posts.date) AS date_ts, ".
 	"DATE_FORMAT(blog_posts.date, '%Y-%m') AS month, ".
-	"blog_posts.text_html AS text_html, GROUP_CONCAT(ba.tag SEPARATOR ',  ') AS tags, ".
+	"blog_posts.text_html AS text_html, GROUP_CONCAT(DISTINCT ba.tag SEPARATOR ',  ') AS tags, ".
+	"COUNT(DISTINCT blog_comments.id) AS comments, ".
 	"account.login AS owner, account.id AS owner_id ".
 	"FROM blog_posts LEFT JOIN account ON blog_posts.owner = account.id ".
+	"LEFT JOIN blog_comments ON blog_comments.post = blog_posts.id ".
 	"LEFT JOIN blog_tags ba ON ba.post = blog_posts.id ".
 	(isset($fvalues['tag']) ? "LEFT JOIN blog_tags bb ON bb.post = blog_posts.id AND bb.tag = '" . escs($fvalues['tag'])."' " : "").
 	"WHERE blog_posts.draft = 0 ".
@@ -69,4 +73,9 @@ $can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0);
 $can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0);
 $can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0);
 
-require("tpl/blog/index.php");
+
+if (isset($fvalues['feed']) && $fvalues['feed'] == "atom") {
+	require("tpl/blog/atom_feed.php");
+} else {
+	require("tpl/blog/index.php");
+}
diff --git a/lib/blog/view.php b/lib/blog/view.php
new file mode 100644
index 0000000..15c4d6e
--- /dev/null
+++ b/lib/blog/view.php
@@ -0,0 +1,39 @@
+<?php
+
+
+assert_redir(count($args) == 3, 'blog');
+$postid = intval($args[2]);
+
+$post = mysql_fetch_assoc(sql(
+	"SELECT blog_posts.id AS id, blog_posts.title AS title, blog_posts.date AS date,
+		blog_posts.text AS text, blog_posts.text_html AS text_html,
+		blog_posts.draft AS draft,
+		account.login AS owner, blog_posts.owner AS owner_id, ".
+	"GROUP_CONCAT(blog_tags.tag SEPARATOR ',  ') AS tags ".
+	"FROM blog_posts LEFT JOIN blog_tags ON blog_tags.post = blog_posts.id ".
+	"LEFT JOIN account ON blog_posts.owner = account.id ".
+	"WHERE blog_posts.id = $postid"
+));
+
+assert_error($post && $post['draft'] == 0,
+	"This post does not exist.");
+
+$comments = array();
+$c = sql(
+	"SELECT blog_comments.id AS id, blog_comments.text_html AS text_html, ".
+	"blog_comments.owner AS author_id, ".
+	"blog_comments.date AS date, account.login AS author ".
+	"FROM blog_comments ".
+	"LEFT JOIN account ON blog_comments.owner = account.id ".
+	"WHERE blog_comments.post = $postid ".
+	"ORDER BY date ASC"
+	);
+while ($o = mysql_fetch_assoc($c)) $comments[] = $o;
+
+$can_post = ($user['priv'] >= $apps['blog']['drafts'] && $user['id'] != 0);
+$can_edit = ($user['priv'] >= $apps['blog']['edit'] && $user['id'] != 0);
+$can_delete = ($user['priv'] >= $apps['blog']['delete'] && $user['id'] != 0);
+$can_comment = ($user['priv'] >= $apps['blog']['comment'] && $user['id'] != 0);
+$can_delcom = ($user['priv'] >= $apps['blog']['delcom'] && $user['id'] != 0);
+
+require("tpl/blog/view.php");
diff --git a/lib/conf/apps.php b/lib/conf/apps.php
index b7f3c9d..8afeb2d 100644
--- a/lib/conf/apps.php
+++ b/lib/conf/apps.php
@@ -37,11 +37,15 @@ $apps = array(
 	// Blogging application
 	"blog" => array(
 		"index" => 0,
+		"view" => 0,
 		"drafts" => 1,
 		"publish" => 1,
 		"post" => 1,
 		"edit" => 1,
 		"delete" => 1,
+		"comment" => 1,
+		"edcom" => 1,
+		"delcom" => 2,
 	),
 
 	// Studies application
diff --git a/lib/conf/blog.php b/lib/conf/blog.php
new file mode 100644
index 0000000..bb2ef09
--- /dev/null
+++ b/lib/conf/blog.php
@@ -0,0 +1,8 @@
+<?php
+
+$blog_title = "What people write";
+
+// Used for the ATOM feed generation.
+$blog_base_url = "http://localhost/alex.auvolat/";
+
+