Changeset 59
- Timestamp:
- 27/05/05 22:50:39 (4 years ago)
- Files:
-
- admin.lib.php (modified) (1 diff)
- blog.lib.php (modified) (17 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
admin.lib.php
r54 r59 162 162 echo "</div>\n"; 163 163 } 164 165 // post an entry to the db 166 function postEntry() 167 { 168 $category = ''; 169 $subject = ''; 170 $body = ''; 171 $err = 0; 172 173 //sanitise category (make sure it IS a number!) 174 if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] == 0) { 175 $category = (int)$_POST['category']; 176 } else { 177 $this->entryError = _("Undefined Category!"); 178 //error(4,_("Undefined Category.")); 179 $err = 1; 180 } 181 182 //sanitise subject (make sure its not a number!) 183 if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) { 184 $subject = $_POST['subject']; 185 } else { 186 $this->entryError = _("No Subject!"); 187 //error(4,_("No Subject!")); 188 $err = 1; 189 } 190 191 //sanitise body 192 if (isset($_POST['body']) && trim($_POST['body']) != "") { 193 $body = $_POST['body']; 194 } else { 195 $this->entryError = _("No Entry!"); 196 //error(4,_("No Entry!")); 197 $err = 1; 198 } 199 200 if ($err == 0) { 201 $shortsubject = makeCleanString($subject); 202 203 // need to check title existence and do the nescessary. 204 $sql = db_query("SELECT shortsubject from entries where user_id = ".$this->id." and (shortsubject = '".$shortsubject."' or shortsubject like '%".$shortsubject."%!_%'escape'!';"); //we're matching == anything-like-this*_ 205 $sqlNum = db_num_rows($sql); 206 if ($sqlNum != 0) { 207 $shortsubject .= $sqlNum; // format this-is-a-title1_ (the _ is so we can LIKE match it.) 208 } 209 210 if (!db_query("INSERT INTO entries (category, subject, shortsubject, body) VALUES ({$category},'{add_slashes($subject)}','{$shortsubject}','{add_slashes($body)}')")) { 211 error(2,"Database commit failed - ".db_error()); 212 } else { 213 // we want to display the post? maybe we just want to return to the page, but this will display it for now :) 214 $sql = db_getrow(db_query("SELECT id from entries where user_id = ".$this->id." and shortsubject = '".$shortsubject."';")); 215 216 $this->printEntry(shortSubjectToID($shortsubject)); 217 } 218 } 219 } 220 221 //update an entry in the db, possibly the body or the post will be updated 222 function updateEntry($id) 223 { 224 $category = ''; 225 $subject = ''; 226 $body = ''; 227 $err = 0; 228 229 //sanitise category (make sure it IS a number!) 230 if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] == 0) { 231 $category = (int)$_POST['category']; 232 } else { 233 error(4,_("Undefined Category.")); 234 $err = 1; 235 } 236 237 //sanitise subject (make sure its not a number!) 238 if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['subject'] != 0) { 239 $subject = $_POST['subject']; 240 } else { 241 error(4,_("No Subject!")); 242 $err = 1; 243 } 244 245 //sanitise body 246 if (isset($_POST['body']) && trim($_POST['body']) != "") { 247 $body = $_POST['body']; 248 } else { 249 error(4,_("No Entry!")); 250 $err = 1; 251 } 252 253 if ($err == 0) { 254 $sql = db_query("SELECT id from entries where id = ".$id."';"); 255 $sqlNum = db_num_rows($sql); 256 if ($sqlNum != 0) { //existio? 257 $sql = db_query("UPDATE entries SET (category, subject, body) = ({$category},'{add_slashes($subject)}','{add_slashes($body)}') WHERE id = '{$id}';"); 258 259 $this->printEntry($id); //printenate it 260 261 } else { 262 error(2,_("Cannot update entry - It never existed!".db_error())); 263 } 264 } else { 265 error(4,_("You can't change it to be blank :)")); 266 } 267 268 269 } 270 271 // this will... uh ... print the blog Entry form... 272 function printEntryForm() 273 { 274 echo "<div class=\"entry\">\n"; 275 echo "<h2>Write Entry</h2>\n"; 276 echo "<form action=\"".$this->blogPath."postentry\" method=\"post\" id=\"entryform\">\n"; 277 echo "<p>\n"; 278 echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($this->entryError != "") ? strip_tags(trim($_POST['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n"; 279 echo "<label for=\"subject\">Subject</label>\n"; 280 echo "</p>\n"; 281 echo "<p>\n"; 282 // lookup... category...? 283 echo "<select name=\"category\" id=\"category\">"; 284 $sql = db_query("SELECT name FROM categories"); 285 while ($sqlRow = db_getrow($sql)) { 286 echo "<option value=\"{$sqlRow['name']}\">{$sqlRow['name']}</option>"; 287 } 288 echo "</select>"; 289 //echo "<input type=\"text\" name=\"category\" id=\"category\" value=\"" . (($this->entryError != "") ? strip_tags(trim($_POST['category'])) : "") . "\" size=\"22\" maxlength=\"70\" tabindex=\"2\" />\n"; 290 echo "<label for=\"category\">Category</label>\n"; 291 echo "</p>\n"; 292 echo "<p>\n"; 293 echo "<textarea name=\"entry\" id=\"entry\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($this->entryError != "") ? strip_tags($_POST['comment'],$entryTags) : "") . "</textarea>\n"; 294 echo "</p>\n"; 295 echo "<p>\n"; 296 echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Submit Entry\" />\n"; 297 echo "</p>\n"; 298 echo "</form>\n"; 299 echo "</div>\n"; 300 echo "</div>\n"; 301 } 164 302 } blog.lib.php
r58 r59 8 8 $db_type = "pgsql"; 9 9 require_once("database.lib.php"); 10 10 11 // Some useful validation functions 11 12 require_once("validation.lib.php"); … … 23 24 echo("Level ".$level." error - ".$error); 24 25 } 26 25 27 //Our Blogs Class 26 28 class blogs { 27 var $id; 28 var $userName; 29 var $realName; 30 var $title; 31 var $description; 32 var $cssFile; 33 var $shortDateFormat; 34 var $longDateFormat; 35 var $httpPath; 36 var $blogPath; 37 var $commentError; 29 var $id;//Blog ID 30 var $userName; //Blogger's User Name 31 var $realName; //Blogger's Real Name 32 var $title; //Blog Title 33 var $description; //Blog Blurb 34 var $cssFile; //Blog CSS 35 var $shortDateFormat; //Short date format 36 var $longDateFormat; //Long date format 37 var $httpPath; //http Path for files 38 var $blogPath; //path to blog 39 var $commentError; //new comment errors 38 40 var $entryError; //new entry errors 39 41 var $entryTags; //what we allow in the entry … … 48 50 $sql = db_query("SELECT id, name, title, description, css from users where username = '".$user."' and enabled = true;"); 49 51 $sqlNum = db_num_rows($sql); 50 if ($sqlNum != 1) 51 { 52 if ($sqlNum != 1) { 52 53 error(1,"No such user"); 53 54 } 54 else 55 { 55 else { 56 56 $sqlRow = db_getrow($sql); 57 57 $this->id = $sqlRow['id']; … … 75 75 { 76 76 echo "<div class=\"entry\">\n"; 77 if ($titleLink) 78 { 77 if ($titleLink) { 79 78 echo "<h2><a href=\"{$this->blogPath}entry/{$row['shortsubject']}\">{$row['subject']}</a></h2>\n"; 80 79 } 81 else 82 { 80 else { 83 81 echo "<h2>{$row['subject']}</h2>\n"; 84 82 } … … 87 85 echo "</div>\n"; 88 86 echo "<p class=\"entryfoot\">[ Entry posted at: ".strftime($this->longDateFormat,strtotime($row['timestamp'])); 89 if ($commentLink) 90 { 87 if ($commentLink) { 91 88 echo " | <a href=\"".$this->blogPath."entry/{$row['shortsubject']}\">Comments</a>: ".$this->commentCount($row['id']); 92 89 } … … 104 101 $sql = db_query("SELECT id, category, subject, body, timestamp, shortsubject from entries where user_id = '".$this->id."' ".$constraint." order by timestamp desc limit ".$limit." offset ".$offset.";"); 105 102 $sqlNum = db_num_rows($sql); 106 if ($sqlNum < 1) 107 { 103 if ($sqlNum < 1) { 108 104 error(5,"No relevant posts"); 109 105 } 110 else 111 { 106 else { 112 107 while ($sqlRow = db_getrow($sql)) { 113 108 $this->printEntry($sqlRow); … … 119 114 function printEntryAndComments($id) 120 115 { 121 $id = $this->makeCleanString($id);116 $id = $this->makeCleanString($id); 122 117 $sql = db_query("SELECT id, category, subject, body, timestamp from entries where shortsubject='".$id."' and user_id = ".$this->id." LIMIT 1;"); 123 118 $sqlNum = db_num_rows($sql); 124 if ($sqlNum != 1) 125 { 119 if ($sqlNum != 1) { 126 120 error(5,"No relevant posts"); 127 121 } 128 else 129 { 122 else { 130 123 $sqlRow = db_getrow($sql); 131 124 $this->printEntry($sqlRow, false, false); … … 133 126 $this->printCommentForm($id); 134 127 } 135 136 128 } 137 129 … … 141 133 $sql = db_query("SELECT timestamp, name, email, body, host FROM comments WHERE post = ".$postid." ORDER BY timestamp ASC limit ".$limit." OFFSET ".$offset.";"); 142 134 $sqlNum = db_num_rows($sql); 143 if ($sqlNum < 1) 144 { 135 if ($sqlNum < 1) { 145 136 error(5,"No relevent comments"); 146 137 } 147 else 148 { 138 else { 149 139 while ($sqlRow = db_getrow($sql)) { 150 140 $this->printComment($sqlRow); … … 156 146 function printComment($row) 157 147 { 158 148 echo "<div class=\"blogcomment\">\n"; 159 149 echo "<h3>" . $row['name'] . " writes:</h3>"; 160 150 echo "<p>" . $row['body'] . "</p>\n"; 161 151 echo "<p class=\"entryfoot\">[ " .strftime($this->longDateFormat,strtotime($row['timestamp'])). " ]</p>\n"; 162 152 echo "</div>\n"; 163 153 } 164 154 … … 184 174 echo "<h2>Add Comment<a id=\"cmt\"></a></h2>\n"; 185 175 echo "<div class=\"td\">\n"; 186 if ($this->commentError != "") 187 { 176 if ($this->commentError != "") { 188 177 echo "<p class=\"invalid\">*** " . $this->commentError . " ***</p>\n"; 189 178 } 190 elseif (isset($_POST['submit'])) 191 { 179 elseif (isset($_POST['submit'])) { 192 180 echo "<p>Thank you for your comment</p>\n"; 193 181 } … … 226 214 function newComment($id) 227 215 { 228 216 $id = $this->makeCleanString($id); 229 217 230 218 $author = ""; … … 242 230 $comment = addslashes(nl2br(trim(strip_tags($_POST['comment'])))); 243 231 } 244 else 232 else { 245 233 $this->commentError = "Please check the comment field"; 246 234 } … … 249 237 $email = addslashes(trim($_POST['email'])); 250 238 } 251 else 239 else { 252 240 $this->commentError = "Check email address"; 253 241 } … … 256 244 $author = addslashes(nl2br(trim(strip_tags($_POST['author'])))); 257 245 } 258 else 246 else { 259 247 $this->commentError = "Check your name."; 260 248 } … … 263 251 $sqlNum = db_num_rows($sql); 264 252 $row = db_getrow($sql); 265 $entry_id = $row['id']; 266 if ($sqlNum != 1 || $entry_id<=0) 267 { 253 $entry_id = $row['id']; 254 if ($sqlNum != 1 || $entry_id<=0) { //wtf? 268 255 $this->commenterror = "Invalid blog entry, This entry may have been removed..?"; 269 256 } 270 257 //if no errors have been raised so far commit to the db 271 258 if ($this->commentError == "") { 272 259 $query = "INSERT INTO comments (post, name, email, body, host) VALUES ('{$entry_id}','{$author}','{$email}','{$comment}','{$host}')"; 273 260 if(!db_query($query)) { 274 261 error(2,"Database commit failed -".db_error()); … … 276 263 } 277 264 $this->printEntryAndComments($id); 278 }279 280 // post an entry to the db281 function postEntry()282 {283 $category = '';284 $subject = '';285 $body = '';286 $err = 0;287 288 //sanitise category (make sure it IS a number!)289 if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] == 0) {290 $category = (int)$_POST['category'];291 } else {292 $this->entryError = _("Undefined Category!");293 //error(4,_("Undefined Category."));294 $err = 1;295 }296 297 //sanitise subject (make sure its not a number!)298 if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {299 $subject = $_POST['subject'];300 } else {301 $this->entryError = _("No Subject!");302 //error(4,_("No Subject!"));303 $err = 1;304 }305 306 //sanitise body307 if (isset($_POST['body']) && trim($_POST['body']) != "") {308 $body = $_POST['body'];309 } else {310 $this->entryError = _("No Entry!");311 //error(4,_("No Entry!"));312 $err = 1;313 }314 315 if ($err == 0) {316 $shortsubject = makeCleanString($subject);317 318 // need to check title existence and do the nescessary.319 $sql = db_query("SELECT shortsubject from entries where user_id = ".$this->id." and (shortsubject = '".$shortsubject."' or shortsubject like '%".$shortsubject."%!_%'escape'!';"); //we're matching == anything-like-this*_320 $sqlNum = db_num_rows($sql);321 if ($sqlNum != 0) {322 $shortsubject .= $sqlNum; // format this-is-a-title1_ (the _ is so we can LIKE match it.)323 }324 325 if (!db_query("INSERT INTO entries (category, subject, shortsubject, body) VALUES ({$category},'{add_slashes($subject)}','{$shortsubject}','{add_slashes($body)}')")) {326 error(2,"Database commit failed - ".db_error());327 } else {328 // we want to display the post? maybe we just want to return to the page, but this will display it for now :)329 $sql = db_getrow(db_query("SELECT id from entries where user_id = ".$this->id." and shortsubject = '".$shortsubject."';"));330 331 $this->printEntry(shortSubjectToID($shortsubject));332 }333 }334 }335 336 //update an entry in the db, possibly the body or the post will be updated337 function updateEntry($id)338 {339 $category = '';340 $subject = '';341 $body = '';342 $err = 0;343 344 //sanitise category (make sure it IS a number!)345 if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] == 0) {346 $category = (int)$_POST['category'];347 } else {348 error(4,_("Undefined Category."));349 $err = 1;350 }351 352 //sanitise subject (make sure its not a number!)353 if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['subject'] != 0) {354 $subject = $_POST['subject'];355 } else {356 error(4,_("No Subject!"));357 $err = 1;358 }359 360 //sanitise body361 if (isset($_POST['body']) && trim($_POST['body']) != "") {362 $body = $_POST['body'];363 } else {364 error(4,_("No Entry!"));365 $err = 1;366 }367 368 if ($err == 0) {369 $sql = db_query("SELECT id from entries where id = ".$id."';");370 $sqlNum = db_num_rows($sql);371 if ($sqlNum != 0) { //existio?372 $sql = db_query("UPDATE entries SET (category, subject, body) = ({$category},'{add_slashes($subject)}','{add_slashes($body)}') WHERE id = '{$id}';");373 374 $this->printEntry($id); //printenate it375 376 } else {377 error(2,_("Cannot update entry - It never existed!".db_error()));378 }379 } else {380 error(4,_("You can't change it to be blank :)"));381 }382 383 384 }385 386 // this will... uh ... print the blog Entry form...387 function printEntryForm()388 {389 echo "<div class=\"entry\">\n";390 echo "<h2>Write Entry</h2>\n";391 echo "<form action=\"".$this->blogPath."postentry\" method=\"post\" id=\"entryform\">\n";392 echo "<p>\n";393 echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($this->entryError != "") ? strip_tags(trim($_POST['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";394 echo "<label for=\"subject\">Subject</label>\n";395 echo "</p>\n";396 echo "<p>\n";397 // lookup... category...?398 echo "<select name=\"category\" id=\"category\">";399 $sql = db_query("SELECT name FROM categories");400 while ($sqlRow = db_getrow($sql)) {401 echo "<option value=\"{$sqlRow['name']}\">{$sqlRow['name']}</option>";402 }403 echo "</select>";404 //echo "<input type=\"text\" name=\"category\" id=\"category\" value=\"" . (($this->entryError != "") ? strip_tags(trim($_POST['category'])) : "") . "\" size=\"22\" maxlength=\"70\" tabindex=\"2\" />\n";405 echo "<label for=\"category\">Category</label>\n";406 echo "</p>\n";407 echo "<p>\n";408 echo "<textarea name=\"entry\" id=\"entry\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($this->entryError != "") ? strip_tags($_POST['comment'],$entryTags) : "") . "</textarea>\n";409 echo "</p>\n";410 echo "<p>\n";411 echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Submit Entry\" />\n";412 echo "</p>\n";413 echo "</form>\n";414 echo "</div>\n";415 echo "</div>\n";416 265 } 417 266
