Navigation

← Previous Changeset
Next Changeset →

Changeset 203

Timestamp:

07/02/07 21:34:32 (2 years ago)

Author:

dez

Message:

Moves the blog over to ADOdb - the same database library as the main SUCS site uses

Files:

admin.lib.php (modified) (41 diffs)
blog.lib.php (modified) (29 diffs)
database.lib.php (deleted)
feed.php (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

admin.lib.php

r199	r203
4	4	*/
5	5
6		~~// RC's nasty horrible database library, really needs replacing with something more sane..~~
7		~~$db_name = "blogs";~~
8		~~$db_type = "pgsql";~~
9		~~require_once("database.lib.php");~~
10	6	// Some useful validation functions
11	7	require_once("validation.lib.php");
12	8	// random other functions that aren't validation or db related
13	9	require_once("miscfunctions.lib.php");
14		//stuff from blog.lib will be usefull
	10	//stuff from blog.lib will be useful
15	11	require_once("blog.lib.php");
16	12
…	…
93	89	function login()
94	90	{
	91	global $BlogDB;
95	92	$username = "";
96	93	$password = "";
…	…
113	110	{
114	111	//try to pull in the users details
115		$sql ~~= db_query~~("SELECT id, name, password from users where enabled = true and username = '".$username."' limit 1;");
116		//check we returned just one user
117		~~$sqlNum = db_num_rows($sql);~~
118		if (~~$sqlNum != 1~~) {
	112	$sqlRow = $BlogDB->GetRow("SELECT id, name, password from users where enabled = true and username = '".$username."' limit 1;");
	113
	114	//check we returned a user
	115	if (!$sqlRow) {
119	116	$this->error =_("Invalid Username or Password");
120	117	}
121	118	else {
122		~~//fetch the user details~~
123		~~$sqlRow = db_getrow($sql);~~
124	119	//check the password the user gave us agaisnt the one in the database
125	120	if ($sqlRow['password']!=crypt($password, $sqlRow['password'])) {
…	…
148	143	//admin menu
149	144	function menu() {
	145	global $BlogDB;
150	146	echo "<ul class=\"side-menu\">\n";
151	147	echo "<li><a href=\"".$this->adminPath."newentry\">"._("Write new entry")."</a></li>\n";
…	…
154	150	echo "<li><a href=\"".$this->adminPath."moderatecomments\">"._("Comments");
155	151	//count how many unmoderated comments there are
156		$result = ~~db_getrow(db_query("SELECT count(comments.id) from comments join entries on comments.post = entries.id where moderated = false and entries.user_id = ".$this->id.";")~~);
157		if($result~~['count']>0~~){
158		echo "<span style=\"font-size: 0.8em; color: red\"> (".$result[~~'count'~~].")</span>";
	152	$result = $BlogDB->GetOne("SELECT count(comments.id) from comments join entries on comments.post = entries.id where moderated = false and entries.user_id = ".$this->id.";");
	153	if($result){
	154	echo "<span style=\"font-size: 0.8em; color: red\"> (".$result[0].")</span>";
159	155	}
160	156	echo "</a></li>\n";
…	…
198	194	function postEntry()
199	195	{
	196	global $BlogDB;
200	197	$category = '';
201	198	$subject = '';
…	…
235	232	$shortsubject = $this->blog->makeCleanString($subject,true);
236	233	//need to check if there are any short titles like this one already
237		$sql = db_query("SELECT shortsubject FROM entries WHERE user_id = {$this->id} AND shortsubject ~ '{$shortsubject}(_[0-9]{1,3}$\|$)' ORDER BY char_length(shortsubject) DESC, shortsubject DESC LIMIT 1;");
238		$sqlNum = db_num_rows($sql);
	234	$sql = $BlogDB->GetAll("SELECT shortsubject FROM entries WHERE user_id = {$this->id} AND shortsubject ~ '{$shortsubject}(_[0-9]{1,3}$\|$)' ORDER BY char_length(shortsubject) DESC, shortsubject DESC LIMIT 1;");
239	235	//if so we grab the last one, and add 1 to it..
240		if (~~$sqlNum~~ != 0) {
241		$sqlRow = ~~db_getrow~~($sql);
	236	if (count($sql) != 0) {
	237	$sqlRow = array_shift($sql);
242	238	// Put the matched _number into $matches[0] if there is one
243	239	if (preg_match("/\_[0-9]{1,3}$/",$sqlRow['shortsubject'],$matches)) {
…	…
250	246	//shortsubject is now safe..
251	247	//insert our new entry
252		$sql = ~~db_query~~("INSERT INTO entries (category, subject, body, user_id, shortsubject) VALUES ({$category},'{$subject}','{$body}','{$this->id}','{$shortsubject}')");
	248	$sql = $BlogDB->Execute("INSERT INTO entries (category, subject, body, user_id, shortsubject) VALUES ({$category},'{$subject}','{$body}','{$this->id}','{$shortsubject}')");
253	249	if (!$sql) {
254		error(2,_("Database commit failed")." - ".~~db_error~~());
	250	error(2,_("Database commit failed")." - ".$BlogDB->ErrorMsg());
255	251	}
256	252	else {
257	253	// $row = db_last($sql, "entries");
258		$result = db_query("SELECT * FROM entries WHERE shortsubject='".$shortsubject."'");
259		$row = db_getrow($result, 0);
	254	$row = $BlogDB->GetRow("SELECT * FROM entries WHERE user_id = {$this->id} AND shortsubject='".$shortsubject."'");
260	255	$this->blog->printEntry($row,false,false);
261	256	}
…	…
270	265	function updateEntry($shortSubject)
271	266	{
	267	global $BlogDB;
272	268	$category = '';
273	269	$subject = '';
…	…
311	307	if (!$this->error) {
312	308	//check to see this post exists
313		$sql = db_query("SELECT id from entries where shortsubject = '".$shortSubject."' AND user_id='".$this->id."';");
314		$sqlNum = db_num_rows($sql);
	309	$sql = $BlogDB->GetRow("SELECT id from entries where shortsubject = '".$shortSubject."' AND user_id='".$this->id."';");
315	310	//yes?, we can update it then..
316		if ($sql~~Num == 1~~) {
317		$sql = ~~db_query("UPDATE entries SET category = {$category}, subject = '{$subject}', body = '{$body}' WHERE shortsubject = '{$shortSubject}' AND user_id = '".$this->id."';");~~
	311	if ($sql) {
	312	$sql = $BlogDB->Execute("UPDATE entries SET category = {$category}, subject = '{$subject}', body = '{$body}' WHERE shortsubject = '{$shortSubject}' AND user_id = '".$this->id."';");
318	313	if (!$sql) {
319		error(2,_("Database commit failed - ").~~db_error~~());
	314	error(2,_("Database commit failed - ").$BlogDB->ErrorMsg());
320	315	}
321	316	else {
…	…
326	321	//cant update non-existant entrys
327	322	else {
328		error(2,_("Cannot update entry, as it does not exist.".~~db_error~~()));
	323	error(2,_("Cannot update entry, as it does not exist.".$BlogDB->ErrorMsg()));
329	324	}
330	325	}
…	…
338	333	function updateForm($shortSubject)
339	334	{
	335	global $BlogDB;
340	336	//sanitise and check the short subject
341	337	$shortSubject = $this->blog->makeCleanString($shortSubject);
…	…
344	340	}
345	341	//try to grab the post
346		$sql = db_query("SELECT subject, category, body, shortsubject from entries where shortsubject = '".$shortSubject."' AND user_id = '".$this->id."';");
347		$sqlNum = db_num_rows($sql);
	342	$row = $BlogDB->GetRow("SELECT subject, category, body, shortsubject from entries where shortsubject = '".$shortSubject."' AND user_id = '".$this->id."';");
348	343	//if it exists we can do stuff with it
349		if ($sqlNum == 1) {
350		$row = db_getrow($sql);
	344	if ($row) {
351	345	$this->printEntryForm($row,true,true);
352	346	}
…	…
383	377	function updateSettings()
384	378	{
	379	global $BlogDB;
385	380	$name = '';
386	381	$title = '';
…	…
463	458	$query .= " WHERE username='{$this->userName}';";
464	459	//execute query
465		if (!~~db_query~~($query)) {
	460	if (!$BlogDB->Execute($query)) {
466	461	error(2,_("Database Insertion failed."));
467	462	}
…	…
479	474	function printEntryForm($row='',$show=false,$edit=false)
480	475	{
	476	global $BlogDB;
481	477	echo "<div class=\"entry\">\n";
482	478	if ($this->error) {
…	…
492	488	echo "<select name=\"category\" id=\"category\" tabindex=\"2\">";
493	489	//pull in the list of catogories from the database
494		$sql = ~~db_query~~("SELECT id, name FROM categories ORDER BY name ASC;");
495		while ($sqlRow = ~~db_getrow~~($sql)) {
	490	$sql = $BlogDB->GetAll("SELECT id, name FROM categories ORDER BY name ASC;");
	491	while ($sqlRow = array_shift($sql)) {
496	492	echo "<option value=\"{$sqlRow['id']}\"".(((int)$row['category'] == $sqlRow['id']) ? " selected=\"selected\"" : "").">{$sqlRow['name']}</option>\n";
497	493	}
…	…
522	518	function printSettingsForm()
523	519	{
	520	global $BlogDB;
524	521	//pull in user's current settings from the database
525		$sql = db_query("SELECT name, title, description, css, moderate, editor FROM users WHERE username='" . $this->userName . "'");
526		$settings = db_getrow($sql);
	522	$settings = $BlogDB->GetRow("SELECT name, title, description, css, moderate, editor FROM users WHERE username='" . $this->userName . "'");
527	523	echo "<div class=\"entry\">\n";
528	524	if ($this->error) {
…	…
571	567	//shows unmoderated comments
572	568	function printComments() {
	569	global $BlogDB;
573	570	//grab all unmoderated comments
574		$result = ~~db_query~~("SELECT comments.*, entries.shortsubject from comments join entries on comments.post = entries.id where moderated = false and entries.user_id = ".$this->id." ORDER BY entries.subject ASC;");
575		if(~~db_num_rows~~($result)==0) {
	571	$result = $BlogDB->GetAll("SELECT comments.*, entries.shortsubject from comments join entries on comments.post = entries.id where moderated = false and entries.user_id = ".$this->id." ORDER BY entries.subject ASC;");
	572	if(count($result)==0) {
576	573	return;
577	574	}
…	…
584	581	$count = 0;
585	582	//for each comment
586		while($r = ~~db_getrow~~($result)) {
	583	while($r = array_shift($result)) {
587	584	//if the post has changed
588	585	if ($post != $r['shortsubject']) {
589	586	//grab the post, display it and the subject then some headers
590		$internalResult = db_query("SELECT subject, body from entries where shortsubject = '".$r['shortsubject']."' and user_id = ".$this->id." limit 1;");
591		$internalR = db_getrow($internalResult);
	587	$internalR = $BlogDB->GetRow("SELECT subject, body from entries where shortsubject = '".$r['shortsubject']."' and user_id = ".$this->id." limit 1;");
592	588	echo "\t<tr>\n";
593	589	echo "\t\t<th colspan=\"4\"><a href=\"{$this->blogPath}entry/{$r['shortsubject']}\">{$internalR['subject']}</a></td>\n";
…	…
627	623	// approve or delete comments
628	624	function updateComments() {
	625	global $BlogDB;
629	626	if (count($_POST['group'])==0) {
630	627	error(2, _("No comments selected for approval/deletion."));
…	…
659	656	}
660	657	//check the comments exist and blong to the user
661		$result = ~~db_getrow(db_query("SELECT count(comments.id) from comments join entries on comments.post = entries.id where entries.user_id = ".$this->id." and comments.id IN($check);")~~);
	658	$result = $BlogDB->GetRow("SELECT count(comments.id) from comments join entries on comments.post = entries.id where entries.user_id = ".$this->id." and comments.id IN($check);");
662	659	if($result[count] != ($acount + $dcount)) {
663	660	error(1,_("Cant find the requested comments, maybe they have already been deleted."));
…	…
666	663	//delete comments
667	664	if($deleted!="") {
668		~~db_query~~("DELETE FROM comments WHERE id IN ($deleted);");
	665	$BlogDB->Execute("DELETE FROM comments WHERE id IN ($deleted);");
669	666	}
670	667	//set moderated flag on comments
671	668	if($approved!="") {
672		~~db_query~~("UPDATE comments SET moderated=true WHERE id IN ($approved);");
	669	$BlogDB->Execute("UPDATE comments SET moderated=true WHERE id IN ($approved);");
673	670	}
674	671	//reprint the form
…	…
677	674	$this->printAuthorisedUsers();
678	675	}
	676
679	677	//Delete moderated comments from (a single post)
680	678	function deleteComments($entry) {
	679	global $BlogDB;
681	680	if(isset($_POST['submit'])) {
682	681	if(count($_POST['comment'])==0){
…	…
690	689	$del = substr($del, 0, -4).")";
691	690	//check the comments exist and blong to the user
692		$result = ~~db_getrow(db_query("SELECT count(comments.id) from comments join entries on comments.post = entries.id where entries.user_id = ".$this->id." and $del;")~~);
693		if($result[~~count~~] != count($_POST['comment'])) {
	691	$result = $BlogDB->GetOne("SELECT count(comments.id) from comments join entries on comments.post = entries.id where entries.user_id = ".$this->id." and $del;");
	692	if($result[0] != count($_POST['comment'])) {
694	693	error(1,_("Cant find the requested comments, maybe they have already been deleted."));
695	694	return;
…	…
697	696	//delete the comments
698	697	$sql = "DELETE FROM comments WHERE $del";
699		if(!~~db_query~~($sql)) {
	698	if(!$BlogDB->Execute($sql)) {
700	699	error(2, _("Database commit error."));
701	700	} else {
…	…
708	707	//prints a form populated with email addresses that can avoid moderation on comments
709	708	function printAuthorisedUsers() {
	709	global $BlogDB;
710	710	echo "<div class=\"entry\">\n";
711	711	echo "<a name=\"emails\"></a>\n";
…	…
721	721	echo "<form name=\"emailform\" id=\"emailform\" action=\"".$this->adminPath."updateauthusers\" method=\"post\">\n";
722	722	echo "<select multiple=\"multiple\" name=\"emaillist[]\" size=\"10\">\n";
723		$result = ~~db_query~~("SELECT name,email FROM authorised_emails WHERE user_id=".$this->id." ORDER BY email ASC");
724		while($r = ~~db_getrow~~($result)) {
	723	$result = $BlogDB->GetAll("SELECT name,email FROM authorised_emails WHERE user_id=".$this->id." ORDER BY email ASC");
	724	while($r = array_shift($result)) {
725	725	echo "\t<option value=\"{$r['email']}\">{$r['email']} ({$r['name']})</option>\n";
726	726	}
…	…
741	741	//udates the list of authorised users.
742	742	function updateAuthorisedUsers($quiet=FALSE) {
	743	global $BlogDB;
743	744	//hack so we get error returned from validEmail
744	745	global $error;
…	…
759	760	$del = substr($del, 0, -4).")";
760	761	$sql = "DELETE FROM authorised_emails WHERE $del AND user_id={$this->id}";
761		$ret = ~~db_query~~($sql);
762		if(~~db_error($ret)~~) {
763		error(2, _("Database commit error: ").~~db_error($ret~~));
	762	$ret = $BlogDB->Execute($sql);
	763	if(!$ret) {
	764	error(2, _("Database commit error: ").$BlogDB->ErrorMsg());
764	765	} else {
765	766	echo "<div class=\"updateinfo\">"._("Address(es) deleted")."</div>\n";
…	…
767	768	}
768	769	}
769		//if we have a add action
	770	//if we have an add action
770	771	elseif(isset($_POST['addnew'])) {
771	772	if(trim($_POST['name'])=="" or !eregi("^([a-z0-9]+([:space:][a-z0-9]*))$",trim($_POST['name']))) {
…	…
778	779	$name = addslashes(trim($_POST['name']));
779	780	$email = addslashes(trim($_POST['email']));
780		$ret = ~~db_query~~("INSERT INTO authorised_emails (user_id, name, email) VALUES ('{$this->id}', '{$name}', '{$email}');");
781		if(~~db_error($ret)~~){
782		error(2, ~~db_error($ret~~));
	781	$ret = $BlogDB->Execute("INSERT INTO authorised_emails (user_id, name, email) VALUES ('{$this->id}', '{$name}', '{$email}');");
	782	if(!$ret){
	783	error(2, $BlogDB->ErrorMsg());
783	784	} else {
784	785	echo "<div class=\"updateinfo\">"._("Address added")."</div>\n";
…	…
796	797	//prints a list of entries for the admin front page.
797	798	function printEntries($amount=0, $title=TRUE) {
	799	global $BlogDB;
798	800	$limit = ($amount > 0) ? " LIMIT $amount" : "";
799		$result = ~~db_query~~("SELECT shortsubject,timestamp,subject FROM entries WHERE user_id = '".$this->id."' ORDER BY timestamp DESC $limit;");
800		if(~~db_num_rows~~($result)==0){
	801	$result = $BlogDB->GetAll("SELECT shortsubject,timestamp,subject FROM entries WHERE user_id = '".$this->id."' ORDER BY timestamp DESC $limit;");
	802	if(count($result)==0){
801	803	error(5, _("No entries found."));
802	804	} else {
…	…
804	806	echo "<div class=\"entry\"><h2>"._("Edit Entries")."</h2>\n";
805	807	}
806		echo "<form action=\"{$this->adminPath}confirmdeleteentries/\" method=\"post\">\n<table class=\"td\">\n\t<tr>\n\t\t<th~~>Date</th>\n\t\t<th>Title</th>\n\t\t<th~~>Delete</th>\n\t</tr>\n";
	808	echo "<form action=\"{$this->adminPath}confirmdeleteentries/\" method=\"post\">\n<table class=\"td\">\n\t<tr>\n\t\t<th width=\"38%\">Date</th>\n\t\t<th>Title</th>\n\t\t<th width=\"5%\">Delete</th>\n\t</tr>\n";
807	809	$rownum = 0;
808		while($row = ~~db_getrow~~($result)){
	810	while($row = array_shift($result)){
809	811	echo "\t<tr>\n";
810	812	echo "\t\t<td>".strftime($this->blog->longDateFormat, strtotime($row['timestamp']))."</td>\n";
…	…
814	816	}
815	817	echo "\t<tr>\n";
816		echo "\t\t<td~~></td><td></td><td~~><input type=\"submit\" name=\"submit\" value=\""._("Delete Selected")."\" /></td>\n";
	818	echo "\t\t<td colspan=\"3\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\""._("Delete Selected")."\" /></td>\n";
817	819	echo "\t</tr>\n";
818	820	echo "</table>\n";
…	…
839	841	//deletes entries
840	842	function deleteEntries() {
	843	global $BlogDB;
841	844	if (count($_POST['entry'])==0) {
842	845	error(4, _("No entries marked for deletion."));
…	…
849	852	$sql = substr($sql, 0, -4);
850	853	$sql .= ") AND user_id = {$this->id};";
851		~~db_query~~($sql);
852		echo ~~db_affected_rows($sql~~)._(" post(s) deleted");
	854	$BlogDB->Execute($sql);
	855	echo $BlogDB->AffectedRows()._(" post(s) deleted");
853	856	} else {
854	857	error(4, _("Entries not deleted."));
…	…
869	872	//adds a user
870	873	function addUser() {
	874	global $BlogDB;
871	875	$username = '';
872	876	$password = makePassword();
…	…
908	912	}
909	913	//check the user doesn't already exist
910		$sql = db_query("SELECT username from users where username = '".$username."';");
911		$sqlNum = db_num_rows($sql);
912		if ($sqlNum != 0) {
	914	$sql = $BlogDB->GetAll("SELECT username from users where username = '".$username."';");
	915	if (count($sql) != 0) {
913	916	$this->error = _("Username already in use!");
914	917	}
…	…
917	920	$this->error = _("You need to be a SUCS member to sign up for a blog here!");
918	921	} else {
919		//check the user is a member of the users, staff or socieys groups
	922	//check the user is a member of the users, staff or societies groups
920	923	$posixInfo = posix_getpwnam($username);
921	924	if ($posixInfo[gid] != 100 && $posixInfo[gid] != 106 && $posixInfo[gid] != 113) {
…	…
930	933	$sql = ("INSERT into USERS (username,password,name,title,description) VALUES ('{$username}','{$cryptPassword}','{$name}','{$title}','{$description}');");
931	934	//error if that failed
932		if (!~~db_query~~($sql)) {
933		error(2,_("Database Insertion failed - ").~~db_error(db_query($sql)~~));
	935	if (!$BlogDB->Execute($sql)) {
	936	error(2,_("Database Insertion failed - ").$BlogDB->ErrorMsg());
934	937	} else {
935	938	//else mail the password to the user and report sucsess

blog.lib.php

r202	r203
5	5	*/
6	6
7		// RC's nasty horrible database library, really needs replacing with something more sane..
8		$db_name = "blogs";
9		$db_type = "pgsql";
10		require_once("database.lib.php");
	7	// Initialise the database
	8	require_once("/usr/share/adodb/adodb.inc.php");
	9	$BlogDB = NewADOConnection('postgres8');
	10	$BlogDB->Connect('dbname=blogs');
	11	$BlogDB->SetFetchMode(ADODB_FETCH_ASSOC);
11	12
12	13	// Some useful validation functions
…	…
68	69	//Constructor - checks we've been given a valid username, and pulls in generic blog info
69	70	function blogs($user) {
	71	global $BlogDB;
70	72	//set the error string first, so we dont wipe out any errors
71	73	$this->error = null;
…	…
80	82	} else {
81	83	//check to see if the user has a blog
82		$sql = db_query("SELECT id, name, title, description, css, moderate, editor from users where username = '".$user."' and enabled = true;");
83		$sqlNum = db_num_rows($sql);
84		if ($sqlNum != 1) {
	84	$sql = $BlogDB->GetAll("SELECT id, name, title, description, css, moderate, editor from users where username = '".$user."' and enabled = true;");
	85	if (count($sql) != 1) {
85	86	$this->error = 1;
86	87	$this->errormsg = "No such user";
…	…
88	89	} else {
89	90	//pull in the blog details
90		$sqlRow = db_getrow($sql);
91		$this->id = $sqlRow['id'];
	91	$this->id = $sql[0]['id'];
92	92	$this->userName = $user;
93		$this->realName = $sql~~Row~~['name'];
94		$this->title = $sql~~Row~~['title'];
95		$this->description = $sql~~Row~~['description'];
96		$this->cssFile = $sql~~Row~~['css'];
	93	$this->realName = $sql[0]['name'];
	94	$this->title = $sql[0]['title'];
	95	$this->description = $sql[0]['description'];
	96	$this->cssFile = $sql[0]['css'];
97	97	$this->shortDateFormat = "%x %X";
98	98	$this->longDateFormat = "%c";
…	…
109	109	//path to the admin bits
110	110	$this->adminPath = $this->httpPath."admin.php/";
111		$this->comment_moderation = ($sql~~Row~~['moderate']=='t') ? TRUE : FALSE;
112		$this->editor = ($sql~~Row~~['editor']=='t') ? TRUE : FALSE;
	111	$this->comment_moderation = ($sql[0]['moderate']=='t') ? TRUE : FALSE;
	112	$this->editor = ($sql[0]['editor']=='t') ? TRUE : FALSE;
113	113	$this->currentEntry = "";
114	114	$this->svnRevision = getSVNRevision();
…	…
149	149	// print lots of blog entries
150	150	function printEntries($offset=0, $limit=15, $constraint='') {
	151	global $BlogDB;
151	152	//get the entries from the database
152		$sql = db_query("SELECT id, category, subject, body, timestamp, shortsubject from entries where user_id = '".$this->id."' ".$constraint." order by timestamp desc limit ".$limit." offset ".$offset.";");
153		$sqlNum = db_num_rows($sql);
	153	$sql = $BlogDB->GetAll("SELECT id, category, subject, body, timestamp, shortsubject from entries where user_id = '".$this->id."' ".$constraint." order by timestamp desc limit ".$limit." offset ".$offset.";");
154	154	//return an error if we cant find any
155		if (~~$sqlNum~~ < 1) {
	155	if (count($sql) < 1) {
156	156	error(5,"No relevant posts");
157	157	} else {
158	158	//print each entry
159		while ($sqlRow = ~~db_getrow~~($sql)) {
	159	while ($sqlRow = array_shift($sql)) {
160	160	$this->printEntry($sqlRow);
161	161	}
…	…
188	188	function printArchiveByDate($request)
189	189	{
	190	global $BlogDB;
190	191	$request = preg_grep('/.+/', $request); // Remove any additional silly extra elements due to additional /'s
191	192	//get the refinements if set
…	…
221	222	$sql = "SELECT shortsubject,subject,timestamp FROM entries WHERE ".((!$year)? "" : "timestamp >= $year$month$day AND timestamp < $enddate AND ") .
222	223	"user_id = '".$this->id."' ORDER BY timestamp " . $order;
223		$result = ~~db_query~~($sql);
	224	$result = $BlogDB->GetAll($sql);
224	225
225	226	$requestPath = (count($request) > 0)?implode ( $request, '/' ) . '/':'';
…	…
232	233	"</a> \|\| Sort By <a href=\"" . $this->blogPath . "archive/category\">Category</a> \| <a href=\"" .
233	234	$this->blogPath . "archive/subject\"> Subject </a><br />";
234		if ( ~~db_num_rows~~($result) >= 1 ) {
235		while($row = ~~db_getrow~~($result)){
	235	if ( count($result) >= 1 ) {
	236	while($row = array_shift($result)){
236	237	if($curyear!=date("Y", strtotime($row['timestamp']))) {
237	238	$curyear = date("Y", strtotime($row['timestamp']));
…	…
249	250	}
250	251	} else {
251		error(5,"No Entries Available" . ($allentries~~?'':" for $year" . ($month != ''?"/$month":'') . ($day != ''?~~"/$day":'')));
	252	error(5,"No Entries Available" . ($allentries ? '' : " for $year" . ($month != '' ? "/$month":'') . ($day != '' ? "/$day":'')));
252	253	}
253	254	echo "</div>";
…	…
257	258	function printArchiveByCategory($request)
258	259	{
	260	global $BlogDB;
259	261	// Check for a category id
260	262	// There must be a better way to check that it isn't $order
…	…
292	294	($allentries ? "" : " lower(c.name) = '" . $category . "' AND ") .
293	295	"e.user_id = '".$this->id."' AND e.category = c.id ORDER BY " . ($allentries? "name " . $order . " ,timestamp ASC" : "timestamp " . $order );
294		$result = ~~db_query~~($sql);
	296	$result = $BlogDB->GetAll($sql);
295	297
296	298	$requestPath = (count($request) > 0)?implode ( $request, '/' ) . '/':'';
…	…
301	303	$this->blogPath . "archive/subject\"> Subject </a><br />";
302	304
303		if ( ~~db_num_rows~~($result) >= 1 ) {
304		while($row = ~~db_getrow~~($result)){
	305	if ( count($result) >= 1 ) {
	306	while($row = array_shift($result)){
305	307	if($dbCategory != $row['name']) {
306	308	$dbCategory = $row['name'];
…	…
311	313	echo "</div>";
312	314	} else {
313		error(5,"No Entries Available" . (isset($category)?" in $category":''));
	315	error(5,"No Entries Available" . (isset($category) ? " in $category":''));
314	316	}
315	317	}
…	…
318	320	function printArchiveBySubject ($request)
319	321	{
	322	global $BlogDB;
320	323	// Look for a single character to show subjects by
321	324	$request = preg_grep('/.+/', $request); // Remove any additional silly extra elements due to additional /'s
…	…
353	356	$sql = "SELECT shortsubject,subject,timestamp FROM entries WHERE ".(($allentries)? "" : "lower(subject) LIKE '" . $letter . "%' AND ") .
354	357	"user_id = '".$this->id."' ORDER BY subject " . $order;
355		$result = ~~db_query~~($sql);
	358	$result = $BlogDB->GetAll($sql);
356	359
357	360	echo "<div class=\"td\"><h2>Sorted By <a href=\"" . $this->blogPath . "archive/subject/\">Subject</a> (" . $strOrder . ")</h2><a href=\"" . $this->blogPath .
…	…
385	388	"archive/subject/y/$order\">y</a> \| <a href=\"" . $this->blogPath .
386	389	"archive/subject/z/$order\">z</a><br />";
387		if ( ~~db_num_rows~~($result) >= 1 ) {
388		while($row = ~~db_getrow~~($result)){
	390	if ( count($result) >= 1 ) {
	391	while($row = array_shift($result)){
389	392	echo date("d/m/Y", strtotime($row['timestamp'])) . " - <a href=\"{$this->blogPath}entry/{$row['shortsubject']}\">{$row['subject']}</a><br />\n";
390	393	}
391	394	} else {
392		error(5,~~"No Entries Available" . ($allentries?'':~~" beginning with '$letter'"));
	395	error(5, "No Entries Available" . ($allentries ? '' : " beginning with '$letter'"));
393	396	}
394	397	echo "</div>";
…	…
397	400	//print Prev/Next nav bar
398	401	function printNavigationBar($id) {
399		~~$res = db_query("SELECT timestamp from entries WHERE id='".$id."'")~~;
400		$sql = ~~db_getrow($res~~);
401		$prev = ~~db_query~~("SELECT id, shortsubject, subject FROM entries WHERE timestamp < '".$sql['timestamp']."' AND user_id = '".$this->id."' ORDER BY timestamp DESC LIMIT 1");
402		$next = ~~db_query~~("SELECT id, shortsubject, subject FROM entries WHERE timestamp > '".$sql['timestamp']."' AND user_id = '".$this->id."' ORDER BY timestamp ASC LIMIT 1;");
403		if (~~db_num_rows($prev)>0) $prevRow=db_getrow~~($prev);
404		if (~~db_num_rows($next)>0) $nextRow=db_getrow~~($next);
	402	global $BlogDB;
	403	$sql = $BlogDB->GetRow("SELECT timestamp from entries WHERE id='".$id."'");
	404	$prev = $BlogDB->GetAll("SELECT id, shortsubject, subject FROM entries WHERE timestamp < '".$sql['timestamp']."' AND user_id = '".$this->id."' ORDER BY timestamp DESC LIMIT 1");
	405	$next = $BlogDB->GetAll("SELECT id, shortsubject, subject FROM entries WHERE timestamp > '".$sql['timestamp']."' AND user_id = '".$this->id."' ORDER BY timestamp ASC LIMIT 1;");
	406	if (count($prev)>0) $prevRow=array_shift($prev);
	407	if (count($next)>0) $nextRow=array_shift($next);
405	408
406	409	echo "<ul class=\"entryfoot\">";
…	…
413	416	function printEntryAndComments($shortsubject)
414	417	{
	418	global $BlogDB;
415	419	$shortsubject = $this->makeCleanString($shortsubject);
416		$sql = db_query("SELECT id, category, subject, body, timestamp, shortsubject from entries where shortsubject='".$shortsubject."' and user_id = ".$this->id." LIMIT 1;");
417		$sqlNum = db_num_rows($sql);
418		if ($sqlNum != 1) {
	420	$sql = $BlogDB->GetRow("SELECT id, category, subject, body, timestamp, shortsubject from entries where shortsubject='".$shortsubject."' and user_id = ".$this->id." LIMIT 1;");
	421	if (!$sql) {
419	422	error(5,"No relevant posts");
420	423	}
421	424	else {
422		$sqlRow = db_getrow($sql);
423		$this->currentEntry = $sqlRow['shortsubject'];
424		$this->printNavigationBar($sqlRow['id']);
425		$this->printEntry($sqlRow, false, false);
426		$this->printComments($sqlRow['id']);
427		$this->printCommentForm($sqlRow['id']);
	425	$this->currentEntry = $sql['shortsubject'];
	426	$this->printNavigationBar($sql['id']);
	427	$this->printEntry($sql, false, false);
	428	$this->printComments($sql['id']);
	429	$this->printCommentForm($sql['id']);
428	430	}
429	431	}
…	…
432	434	function printComments($postid, $offset=0, $limit=15)
433	435	{
434		~~$sql = db_query("SELECT timestamp, name, email, body, host, id FROM comments WHERE post = ".$postid." and moderated = true ORDER BY timestamp ASC limit ".$limit." OFFSET ".$offset.";")~~;
435		$sql~~Num = db_num_rows($sql~~);
	436	global $BlogDB;
	437	$sql = $BlogDB->GetAll("SELECT timestamp, name, email, body, host, id FROM comments WHERE post = ".$postid." and moderated = true ORDER BY timestamp ASC limit ".$limit." OFFSET ".$offset.";");
436	438	echo "<div id=\"comments\">\n";
437		if (~~$sqlNum~~ > 0) {
	439	if (count($sql) > 0) {
438	440	$blogOwner = $this->checkSessionOwner();
439	441	if($blogOwner) {
…	…
442	444
443	445	$count=0;
444		while ($sqlRow = ~~db_getrow~~($sql)) {
	446	while ($sqlRow = array_shift($sql)) {
445	447	$this->printComment($sqlRow, $blogOwner, $count++);
446	448	}
…	…
474	476	//counts the number of comments
475	477	function commentCount($entry) {
476		~~$sql = db_query("SELECT count(id) from comments where post = ".$entry." and moderated = true;");~~
477		$sql~~Row = db_getrow($sql);~~
478		return $sql~~Row['count'~~];
	478	global $BlogDB;
	479	$sql = $BlogDB->GetCol("SELECT count(id) from comments where post = ".$entry." and moderated = true;");
	480	return $sql[0];
479	481	}
480	482
481	483	//returns a category name
482		function categoryName($category)
483		{
484		$sql = db_query("SELECT name from categories where id = ".$category.";");
485		$sqlRow = db_getrow($sql);
486		return $sqlRow['name'];
	484	function categoryName($category) {
	485	global $BlogDB;
	486	$sql = $BlogDB->GetCol("SELECT name from categories where id = ".$category.";");
	487	return $sql[0];
487	488	}
488	489
…	…
556	557	function newComment($id, $printentry=TRUE)
557	558	{
	559	global $BlogDB;
558	560	$author = "";
559	561	$email = "";
560	562	$comment = "";
561	563	//check the post exists, and is part of this blog
562		$sql = db_query("SELECT subject, id from entries where user_id = ".$this->id." and id = '".$id."';");
563		$sqlNum = db_num_rows($sql);
564		if ($sqlNum != 1) {
	564	$row = $BlogDB->GetRow("SELECT subject, id from entries where user_id = ".$this->id." and id = '".$id."';");
	565	if (!$row) {
565	566	error(1,_("Invalid blog entry, This entry may have been removed..?"));
566	567	return;
567	568	}
568	569	//pull in the unadulterated subject for later on
569		~~$row = db_getrow($sql);~~
570	570	$subject = $row['subject'];
571	571	$postid = $row['id'];
…	…
624	624	} else {
625	625	//check the list of 'authorised' commentors
626		if(~~db_num_rows(db_query~~("SELECT name FROM authorised_emails WHERE user_id={$this->id} AND email='{$email}'"))>0) {
	626	if(count($BlogDB->GetAll("SELECT name FROM authorised_emails WHERE user_id={$this->id} AND email='{$email}'"))>0) {
627	627	$moderated = TRUE;
628	628	} else {
…	…
632	632	//actualy insert the new comment and check it worked
633	633	$query = "INSERT INTO comments (post, name, email, body, host, moderated, spam) VALUES ('{$postid}','{$author}','{$email}','{$comment}','{$host}', ".(($moderated) ? "true" : "false").", ".(($spam) ? "true" : "false").")";
634		if(!~~db_query~~($query)) {
635		error(2,_("Database commit failed -").~~db_error~~());
636		}
637		//send out an notificaiton email if we have susceeded unless we think its spam or moderation has been bypassed
	634	if(!$BlogDB->Execute($query)) {
	635	error(2,_("Database commit failed -").$BlogDB->