Changeset 121
- Timestamp:
- 15/06/05 20:08:33 (4 years ago)
- Files:
-
- admin.lib.php (modified) (5 diffs)
- admin.php (modified) (1 diff)
- blog.css (modified) (1 diff)
- blog.lib.php (modified) (9 diffs)
- blog.sql (modified) (1 diff)
- img/spinner.gif (added)
- index.php (modified) (2 diffs)
- postcomment.php (modified) (2 diffs)
- xmlhttp.js (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
admin.lib.php
r120 r121 403 403 error(2,_("Database Insertion failed.")); 404 404 } else { 405 print(_("User updated")); 405 echo "<div class=\"updateinfo\">"._("Blog settings updated.")."</div>\n"; 406 $this->printSettingsForm(); 406 407 } 407 408 } else { … … 491 492 $result = db_query("SELECT comments.*,entries.subject,entries.shortsubject FROM comments,entries WHERE post IN (SELECT id FROM entries WHERE user_id=".$this->id.") AND moderated=false AND comments.post = entries.id ORDER BY entries.subject ASC;"); 492 493 if(db_num_rows($result)==0) { 493 error(5, _("No comments need approval."));494 494 return; 495 495 } 496 echo "<div class=\"entry\">\n"; 497 echo "<h2>Comments Pending Approval</h2>\n"; 496 498 echo "<form action=\"{$this->adminPath}updatecomments/\" method=\"post\">\n"; 497 499 echo "<table class=\"td\">\n"; … … 516 518 echo "\t<tr>\n\t\t<td></td>\n\t\t<td></td>\n\t\t<td></td>\n\t\t<td colspan=\"2\"><input type=\"submit\" value=\"Commit\" name=\"submit\" /></td>\n\t</tr>\n"; 517 519 echo "</table>\n"; 520 echo "</form>\n"; 521 echo "</div>\n"; 518 522 } 519 523 … … 550 554 db_query("UPDATE comments SET moderated=true WHERE id IN ($approved);"); 551 555 } 552 echo "Approved $acount comments, deleted $dcount.<br />"; 553 $this->mainPage(); 554 } 555 556 echo "<div class=\"updateinfo\">$acount "._("comments approved").", $dcount "._("comments deleted").".</div>\n"; 557 $this->printComments(); 558 $this->printAuthorisedUsers(); 559 } 560 561 // prints a form populated with email addresses that can avoid moderation on comments 562 function printAuthorisedUsers() { 563 echo "<div class=\"entry\">\n"; 564 echo "<a name=\"emails\"></a>\n"; 565 echo "<h2>"._("Known Users")."</h2>\n"; 566 if(!$this->blog->comment_moderation) { 567 echo "<p>"._("Comment moderation is turned off on your blog - anyone can post comments. To turn comment moderation on, visit the")." <a href=\"".$this->adminPath."settings\">"._("settings page")."</a>.</p>\n"; 568 echo "</div"; 569 return; 570 } 571 echo "<p>"._("Comments posted to your blog with an e-mail address that appears in the list below avoid the moderation queue and appear on your blog immediately.")."</p>\n"; 572 echo "<p>"._("To turn off comment moderation, visit the")." <a href=\"{$this->adminPath}settings\">"._("settings page")."</a>.</p>\n"; 573 574 echo "<form name=\"emailform\" id=\"emailform\" action=\"".$this->adminPath."updateauthusers\" method=\"post\">\n"; 575 echo "<select multiple=\"multiple\" name=\"emaillist[]\" size=\"10\">\n"; 576 577 $result = db_query("SELECT name,email FROM authorised_emails WHERE user_id=".$this->id." ORDER BY email ASC"); 578 while($r = db_getrow($result)) { 579 echo "\t<option value=\"{$r['email']}\">{$r['email']} ({$r['name']})</option>\n"; 580 } 581 echo "</select><br />\n"; 582 echo "<input type=\"submit\" name=\"delete\" value=\"Delete selected\" />\n"; 583 echo "<h3>"._("Add Address")."</h3>\n"; 584 echo "<input type=\"text\" name=\"name\" id=\"name\" />\n"; 585 echo "<label for=\"name\"> "._("Name (not displayed anywhere but here)")."</label><br />\n"; 586 echo "<input type=\"text\" name=\"email\" id=\"email\" />\n"; 587 echo "<label for=\"email\"> "._("E-mail address")."<label><br />\n"; 588 echo "<input type=\"submit\" name=\"addnew\" value=\"Add address\" />\n"; 589 echo "</form>\n"; 590 echo "</div>\n"; 591 } 592 593 function updateAuthorisedUsers($quiet=FALSE) { 594 if(isset($_POST['delete'])) { 595 if (count($_POST['emaillist'])==0) { 596 error(5,_("No addresses selected for deletion.")); 597 } else { 598 $del = "("; 599 foreach($_POST['emaillist'] as $addr) { 600 $del .= "email='$addr' OR "; 601 } 602 $del = substr($del, 0, -4).")"; 603 $sql = "DELETE FROM authorised_emails WHERE $del AND user_id={$this->id}"; 604 $ret = db_query($sql); 605 if(db_error($ret)) { 606 error(2, _("Database commit error: ").db_error($ret)); 607 } else { 608 echo "<div class=\"updateinfo\">"._("Address(es) deleted")."</div>\n"; 609 } 610 } 611 } elseif(isset($_POST['addnew'])) { 612 if(trim($_POST['name'])=="") { 613 $error = _("Check name"); 614 } 615 if(!validEmail($_POST['email'])) { 616 $error = _("Check e-mail address"); 617 } 618 if($error==""){ 619 $name = addslashes(trim($_POST['name'])); 620 $email = addslashes(trim($_POST['email'])); 621 $ret = db_query("INSERT INTO authorised_emails (user_id, name, email) VALUES ('{$this->id}', '{$name}', '{$email}');"); 622 if(db_error($ret)){ 623 error(2, db_error($ret)); 624 } else { 625 echo "<div class=\"updateinfo\">"._("Address added")."</div>\n"; 626 } 627 } 628 629 } 630 if(!$quiet){ 631 $this->printComments(); 632 $this->printAuthorisedUsers(); 633 } 634 } 635 556 636 function printEntries($amount=0, $title=TRUE) 557 637 { … … 569 649 while($row = db_getrow($result)){ 570 650 echo "\t<tr>\n"; 571 echo "\t\t<td>".strftime( '%c', strtotime($row['timestamp']))."</td>\n";651 echo "\t\t<td>".strftime($this->blog->longDateFormat, strtotime($row['timestamp']))."</td>\n"; 572 652 echo "\t\t<td><a href=\"".$this->adminPath."update/".$row['shortsubject']."\">".$row['subject']."</a></td>\n"; 573 653 echo "\t\t<td><input type=\"checkbox\" name=\"entry[".$rownum++."]\" value=\"{$row['shortsubject']}\" /></td>\n"; admin.php
r120 r121 68 68 case "moderatecomments": 69 69 $admin->printComments(); 70 $admin->printAuthorisedUsers(); 70 71 break; 71 72 case "updatecomments": 72 73 $admin->updateComments(); 73 74 break; 75 case "updateauthusers": 76 $admin->updateAuthorisedUsers(); 77 break; 74 78 default: 75 //Should display blog entries here 76 echo "<div class=\"entry\">\n"; 77 echo "<h2>"._("Blog Management")."</h2>\n"; 78 echo "<div class=\"td\">\n"; 79 echo "<p>"._("Use the links on the left to manage your blog, or choose a recent entry to edit:")."</p>\n"; 80 $admin->printEntries(5, FALSE); 81 echo "<a href=\"".$admin->adminPath."showentries\">show all entries...</a></div>\n"; 82 echo "<p> </p><p> </p>\n"; // To allow the menu to display properly 83 echo "</div>\n"; 79 $admin->mainPage(); 84 80 } 85 81 } blog.css
r120 r121 267 267 } 268 268 269 label.invalid { 270 margin-left: 1em; 271 } 269 #spinner { 270 visibility: hidden; 271 margin-left: 4px; 272 margin-right: 4px; 273 } 274 275 .updateinfo { 276 border: solid 1px #FF7E73; 277 background-color: #FFD1CD; 278 padding: 3px; 279 font-size: 12px; 280 } blog.lib.php
r120 r121 99 99 if($this->checkSessionOwner()){ 100 100 echo "| <a href=\"".$this->httpPath."admin.php/update/{$row['shortsubject']}\">"._("Edit")."</a> "; 101 echo "| <a href=\"".$this->httpPath."admin.php/deleteentry/{$row['shortsubject']}\">"._("Delete")."</a>";101 //echo "| <a href=\"".$this->httpPath."admin.php/deleteentry/{$row['shortsubject']}\">"._("Delete")."</a>"; 102 102 } 103 103 echo " ]</p>\n"; … … 144 144 } 145 145 146 $sql = "SELECT shortsubject,subject,timestamp FROM entries WHERE ".(($allentries)? "" : "timestamp >= $year$month$day AND timestamp < $enddate AND ")."user_id = '".$this->id."' ORDER BY timestamp ASC";146 $sql = "SELECT shortsubject,subject,timestamp FROM entries WHERE ".(($allentries)? "" : "timestamp >= $year$month$day AND timestamp < $enddate AND ")."user_id = '".$this->id."' ORDER BY timestamp DESC"; 147 147 $result = db_query($sql); 148 148 … … 236 236 echo "<p>Thank you for your comment</p>\n"; 237 237 } 238 239 // try to work out the viewer's name + email 240 if(isset($_SESSION['realName'])) { 241 $name = $_SESSION['realName']; 242 } elseif(isset($_COOKIE['Blog_CommentRealName'])) { 243 $name = $_COOKIE['Blog_CommentRealName']; 244 } else { 245 $name = ""; 246 } 247 if(isset($_SESSION['userName'])) { 248 $email = $_SESSION['userName']."@sucs.org"; 249 } elseif(isset($_COOKIE['Blog_CommentEmailAddress'])) { 250 $email = $_COOKIE['Blog_CommentEmailAddress']; 251 } else { 252 $email = ""; 253 } 238 254 echo "<form onsubmit=\"return postcomment('".$this->httpPath."', '".$this->userName."', '".$id."')\" action=\"".$this->blogPath."postcomment/".$id."\" method=\"post\" id=\"commentform\">\n"; 239 255 echo "<p>\n"; 240 echo "<input type=\"text\" name=\"author\" id=\"author\" value=\" " . (($this->commentError != "") ? strip_tags(trim($_POST['author'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";256 echo "<input type=\"text\" name=\"author\" id=\"author\" value=\"$name\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n"; 241 257 echo "<label for=\"author\">Name (required)</label>\n"; 242 258 echo "</p>\n"; 243 259 echo "<p>\n"; 244 echo "<input type=\"text\" name=\"email\" id=\"email\" value=\" " . (($this->commentError != "") ? strip_tags(trim($_POST['email'])) : "") . "\" size=\"22\" maxlength=\"70\" tabindex=\"2\" />\n";260 echo "<input type=\"text\" name=\"email\" id=\"email\" value=\"$email\" size=\"22\" maxlength=\"70\" tabindex=\"2\" />\n"; 245 261 echo "<label for=\"email\">E-mail (required, not displayed)</label>\n"; 246 262 echo "</p>\n"; … … 250 266 echo "<p>\n"; 251 267 echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Submit Comment\" />"; 268 echo "<img src=\"".$this->httpPath."img/spinner.gif\" alt=\"\" id=\"spinner\"/>\n"; 252 269 echo "<label class=\"invalid\" for=\"submit\" id=\"errors\"></label>\n"; 253 270 echo "</p>\n"; … … 288 305 else { 289 306 $this->commentError = _("Please check the comment field"); 307 $element = "comment"; 290 308 } 291 309 //sanitise email … … 295 313 else { 296 314 $this->commentError = _("Check email address"); 315 $element = "email"; 297 316 } 298 317 //sanitse author … … 302 321 else { 303 322 $this->commentError = _("Check your name."); 323 $element = "author"; 304 324 } 305 325 //check the post exists, and is part of this blog … … 312 332 //if no errors have been raised so far commit to the db 313 333 if ($this->commentError == "") { 314 $query = "INSERT INTO comments (post, name, email, body, host, moderated) VALUES ('{$postid}','{$author}','{$email}','{$comment}','{$host}', ".(($this->comment_moderation) ? "false" : "true").")"; 334 // do we need to set the moderated flag on this comment? 335 if(!$this->comment_moderation) { 336 $moderated = TRUE; 337 } else { 338 if(db_num_rows(db_query("SELECT name FROM authorised_emails WHERE user_id={$this->id} AND email='{$email}'"))>0) { 339 $moderated = TRUE; 340 } else { 341 $moderated = FALSE; 342 } 343 } 344 $query = "INSERT INTO comments (post, name, email, body, host, moderated) VALUES ('{$postid}','{$author}','{$email}','{$comment}','{$host}', ".(($moderated) ? "true" : "false").")"; 315 345 if(!db_query($query)) { 316 346 error(2,_("Database commit failed -").db_error()); 317 347 } 318 348 else { 319 if( $this->comment_moderation) {320 echo "<p class=\" invalid\">*** "._("Your comment has been added, but before it appears here it must be accepted by the blog owner.")." ***</p>";349 if(!$moderated) { 350 echo "<p class=\"updateinfo\">*** "._("Your comment has been added, but before it appears here it must be accepted by the blog owner.")." ***</p>"; 321 351 } elseif(!$printentry) { 322 352 echo "<div class=\"blogcomment\">\n"; … … 329 359 $this->printEntryAndComments($id); 330 360 } 331 return TRUE; 361 setcookie("Blog_CommentRealName", $author, time()+604800); 362 setcookie("Blog_CommentEmailAddress", $email, time()+604800); 363 ob_end_flush(); 364 return array(TRUE); 332 365 } 333 366 } else { 334 367 echo $this->commentError; 335 return FALSE;368 return array(FALSE, $element); 336 369 } 337 370 } blog.sql
r120 r121 41 41 moderated bool NOT NULL DEFAULT false; 42 42 ); 43 44 CREATE TABLE authorised_emails ( 45 user_id integer REFERENCES users ON DELETE CASCADE NOT NULL, 46 email text NOT NULL, 47 name text 48 ); index.php
r120 r121 8 8 $request = array("list"); 9 9 } 10 10 ob_start(); 11 11 ?> 12 12 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> … … 64 64 </div> 65 65 <div id="botbot"></div> 66 <pre><?php print_r($_SESSION); print_r($_COOKIE); ?></pre> 66 67 </body> 67 68 </html> postcomment.php
r120 r121 1 1 <?php 2 ob_start(); 2 3 include "blog.lib.php"; 3 4 … … 6 7 $blog = new blogs($blogid); 7 8 8 if($blog->newComment($postid, FALSE)) { 9 $ret = $blog->newComment($postid, FALSE); 10 if($ret[0]) { 9 11 echo "<split>OK"; 10 12 } else { 11 echo "<split>ERROR ";13 echo "<split>ERROR<split>".$ret[1]; 12 14 } 13 15 ?> xmlhttp.js
r120 r121 11 11 } 12 12 13 document.getElementById("spinner").style.visibility = "visible"; 14 document.getElementById("errors").innerHTML = ""; 13 15 frm = document.forms['commentform']; 14 16 url = "blog=" + strBlog + "&post=" + strPost + "&author=" + escape(frm.elements['author'].value) + "&email=" + escape(frm.elements['email'].value) + "&comment=" + escape(frm.elements['comment'].value); … … 18 20 xmlhttp.onreadystatechange = function() { 19 21 if (xmlhttp.readyState == 4) { 22 //alert(xmlhttp.responseText); 23 //alert(xmlhttp.getAllResponseHeaders()); 24 document.getElementById("spinner").style.visibility = "hidden"; 25 frm.elements['author'].style.backgroundColor = "#FFF"; 26 frm.elements['email'].style.backgroundColor = "#FFF"; 27 frm.elements['comment'].style.backgroundColor = "#FFF"; 20 28 responseArray = xmlhttp.responseText.split("<split>"); 21 29 if(responseArray[1] == "OK"){ 22 30 document.getElementById("comments").innerHTML += responseArray[0]; 23 31 document.getElementById("errors").innerHTML = ""; 24 frm.elements['author'].value = ""25 frm.elements['email'].value = "";32 //frm.elements['author'].value = "" 33 //frm.elements['email'].value = ""; 26 34 frm.elements['comment'].value = ""; 27 35 } else { 28 document.getElementById("errors").innerHTML = responseArray[0]; 36 if(responseArray[2]!="") { 37 frm.elements[responseArray[2]].style.backgroundColor = "#FFD1CD"; 38 document.getElementById("errors").innerHTML = responseArray[0]; 39 } else { 40 document.getElementById("comments").innerHTML += responseArray[0]; 41 } 29 42 } 30 43 }
