Navigation

← Previous Changeset
Next Changeset →

Changeset 66

Timestamp:

28/05/05 14:39:47 (4 years ago)

Author:

rollercow

Message:

Well lots has changed, but the big thing is that posting new entrys now works! Yay! :)

Files:

admin.lib.php (modified) (16 diffs)
admin.php (modified) (3 diffs)
database.lib.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

admin.lib.php

r60	r66
11	11	require_once("validation.lib.php");
12	12
13		/* a stub of an error handler
14
15		scale of 1-5, 5 being warnings, 1 being fatal errors?
16		1 : fatal
17		2 : dberror
18		3
19		4 : bad input
20		5 : not found/doesnt exist etc
21		*/
22		function error($level, $error) {
23		echo("Level ".$level." error - ".$error);
24		}
	13	//stuff from blog.lib will be usefull
	14	require_once("blog.lib.php");
	15
25	16	//Our Blogs Class
26	17	class admin {
…	…
33	24	var $httpPath; //http Path for files
34	25	var $adminPath; //path to admin
	26	var $blog;
35	27
36	28	//Constructor, checks we've been given a valid username, and pulls in generic blog info
…	…
46	38	$this->httpPath = dirname($_SERVER['SCRIPT_NAME'])."/";
47	39	$this->adminPath = $this->httpPath."admin.php/";
48		}
49
50		//start a session
	40	if ($this->userName) {
	41	$this->blog = new blogs($this->userName);
	42	}
	43	}
	44
	45	//start / check our session
51	46	function startSession() {
52	47	//set the session time out in seconds
53		//15
	48	//15min
54	49	$maxSessionAge = 900;
55
	50
56	51	//setup the session stuff
57	52	session_name("BlogSession");
58		session_set_cookie_params($maxSessionAge,~~dirname($_SERVER["PHP_SELF"])~~."/");
	53	session_set_cookie_params($maxSessionAge,$this->httpPath."/");
59	54	session_start();
60	55	//get the host
…	…
65	60	$host = addslashes($_SERVER['REMOTE_ADDR']);
66	61	}
67
68	62	//if we dont have a session, start one
69	63	if (!$_SESSION[time]) {
…	…
74	68	elseif ((time()-$_SESSION[time]) > $maxSessionAge) {
75	69	session_unset();
76		$this->sessionError =~~"Session Expired"~~;
	70	$this->sessionError =_("Session Expired");
77	71	startSession();
78	72	}
…	…
80	74	elseif($_SESSION[ip] != $host) {
81	75	session_unset();
82		$this->sessionError =~~"IP Changed"~~;
	76	$this->sessionError =_("IP Changed");
83	77	startSession();
84	78	}
…	…
99	93	$username = trim($_POST['username']);
100	94	}
101		else {
102		$this->sessionError = ~~"Please check the username field"~~;
	95	else {
	96	$this->sessionError = _("Please check the username field");
103	97	}
104	98	if (isset($_POST['password']) && trim($_POST['password']) != "") {
105	99	$password = trim($_POST['password']);
106	100	}
107		else {
108		$this->sessionError = ~~"Please check the password field"~~;
	101	else {
	102	$this->sessionError = _("Please check the password field");
109	103	}
110	104	if($this->sessionError) {
…	…
115	109	$sqlNum = db_num_rows($sql);
116	110	if ($sqlNum != 1) {
117		$this->sessionError=~~"Invalid Username or Password"~~;
	111	$this->sessionError=_("Invalid Username or Password");
118	112	$this->printLoginForm();
119	113	}
…	…
126	120	$this->userName = $_SESSION['userName'];
127	121	$this->realName = $_SESSION['realName'];
128		echo "home goes here... try refreshing and stuff... and woo i stay loged in ;)";
129		}
130		}
131		}
132		//distroys the session and presents you with a logout screen
	122	$this->menu();
	123	}
	124	}
	125	}
	126
	127	//admin menu
	128	function menu() {
	129	echo "<p><a href=\"".$this->adminPath."newentry"."\">Add a new entry</a></p>";
	130	}
	131
	132	//distroys the session and presents you with a login screen
133	133	function logout ()
134	134	{
…	…
136	136	$this->printLoginForm();
137	137	}
	138
138	139	//prints a login form
139	140	function printLoginForm()
…	…
142	143	echo "<h2>Login<a id=\"cmt\"></a></h2>\n";
143	144	echo "<div class=\"td\">\n";
144		if ($this->sessionError != "")
145		{
	145	if ($this->sessionError != "") {
146	146	echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
147	147	}
…	…
162	162	echo "</div>\n";
163	163	}
164
	164
165	165	// post an entry to the db
166	166	function postEntry()
…	…
169	169	$subject = '';
170	170	$body = '';
171		$err = 0;
172
	171
173	172	//sanitise category (make sure it IS a number!)
174		if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] == 0) {
	173	if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
175	174	$category = (int)$_POST['category'];
176	175	} else {
177		$this->entryError = _("Undefined Category!");
178		//error(4,_("Undefined Category."));
179		$err = 1;
180		}
181
	176	$this->inputError = _("Undefined Category!");
	177	}
182	178	//sanitise subject (make sure its not a number!)
183	179	if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
184		$subject = $_POST['subject'];
185		} else {
186		$this->entryError = _("No Subject!");
187		//error(4,_("No Subject!"));
188		$err = 1;
189		}
190
	180	$subject = addslashes(trim(strip_tags($_POST['subject'])));
	181	} else {
	182	$this->inputError = _("No entry subject!");
	183	}
191	184	//sanitise body
192	185	if (isset($_POST['body']) && trim($_POST['body']) != "") {
193		$body = $_POST['body'];
194		} else {
195		$this->entryError = _("No Entry!");
196		//error(4,_("No Entry!"));
197		$err = 1;
198		}
199
200		if ($err == 0) {
201		$shortsubject = makeCleanString($subject);
202
203		// need to check title existence and do the nescessary.
204		$sql = db_query("SELECT shortsubject from entries where user_id = ".$this->id." and (shortsubject = '".$shortsubject."' or shortsubject like '%".$shortsubject."%!_%'escape'!';"); //we're matching == anything-like-this*_
	186	$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
	187	} else {
	188	$this->inputError = _("No entry body!");
	189	}
	190	//no errors, so continue..
	191	if (!$this->inputError) {
	192	//first we make our short subject
	193	$shortsubject = $this->blog->makeCleanString($subject);
	194	// need to check if there are any short titles like this one already
	195	$sql = db_query("SELECT shortsubject from entries where user_id = ".$this->id." and (shortsubject = '".$shortsubject."' or shortsubject like '".$shortsubject."\\\_%') order by char_length(shortsubject) desc, shortsubject desc;");
205	196	$sqlNum = db_num_rows($sql);
	197	//if so we grab the last one, and add 1 to it..
206	198	if ($sqlNum != 0) {
207		$shortsubject .= $sqlNum; // format this-is-a-title1_ (the _ is so we can LIKE match it.)
208		}
209
210		if (!db_query("INSERT INTO entries (category, subject, shortsubject, body) VALUES ({$category},'{add_slashes($subject)}','{$shortsubject}','{add_slashes($body)}')")) {
	199	$sqlRow = db_getrow($sql);
	200	(int)$newNum = array_shift(array_reverse(explode('_',$sqlRow['shortsubject'])));
	201	$shortsubject .= '_'.++$newNum; //new non-colideing short subject
	202	}
	203	//shortsubject is now safe..
	204	//insert our new entry
	205	$sql = db_query("INSERT INTO entries (category, subject, body, user_id, shortsubject)VALUES ({$category},'{$subject}','{$body}','{$this->id}','{$shortsubject}')");
	206	if (!$sql) {
211	207	error(2,"Database commit failed - ".db_error());
212		} else {
213		// we want to display the post? maybe we just want to return to the page, but this will display it for now :)
214		$sql = db_getrow(db_query("SELECT id from entries where user_id = ".$this->id." and shortsubject = '".$shortsubject."';"));
215
216		$this->printEntry(shortSubjectToID($shortsubject));
217		}
218		}
	208	}
	209	else {
	210	$row = db_last($sql, "entries");
	211	$this->blog->printEntry($row,false,false);
	212	}
	213	}
	214	//redisplay entry form if there are errors
	215	else {
	216	$this->printEntryForm();
	217	}
219	218	}
220	219
…	…
265	264	error(4,_("You can't change it to be blank :)"));
266	265	}
267
268
269	266	}
270	267
…	…
273	270	{
274	271	echo "<div class=\"entry\">\n";
275		echo "<h2>Write Entry</h2>\n";
	272	if ($this->inputError != "") {
	273	echo "<p class=\"invalid\">* " . $this->inputError . " *</p>\n";
	274	}
	275	elseif (isset($_POST['submit'])) {
	276	echo "<p>Thank you for your comment</p>\n";
	277	}
	278
	279	echo "<h2>"._("Write Entry")."</h2>\n";
276	280	echo "<form action=\"".$this->blogPath."postentry\" method=\"post\" id=\"entryform\">\n";
277	281	echo "<p>\n";
278		echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($this->entryError != "") ? strip_tags(trim($_POST['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
279		echo "<label for=\"subject\">Subject</label>\n";
280		echo "</p>\n";
281		echo "<p>\n";
282		// lookup... category...?
	282	echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
	283	echo "<label for=\"subject\">"._(Subject)."</label>\n";
	284	echo "</p>\n";
	285	echo "<p>\n";
283	286	echo "<select name=\"category\" id=\"category\">";
284		$sql = db_query("SELECT name FROM categories");
	287	$sql = db_query("SELECT id, name FROM categories");
285	288	while ($sqlRow = db_getrow($sql)) {
286		echo "<option value=\"{$sqlRow['~~name']}\~~">{$sqlRow['name']}</option>";
	289	echo "<option value=\"{$sqlRow['id']}\"".(((int)$_POST['category'] == $sqlRow['id']) ? "selected" : "").">{$sqlRow['name']}</option>";
287	290	}
288	291	echo "</select>";
289		//echo "<input type=\"text\" name=\"category\" id=\"category\" value=\"" . (($this->entryError != "") ? strip_tags(trim($_POST['category'])) : "") . "\" size=\"22\" maxlength=\"70\" tabindex=\"2\" />\n";
290		echo "<label for=\"category\">Category</label>\n";
291		echo "</p>\n";
292		echo "<p>\n";
293		echo "<textarea name=\"entry\" id=\"entry\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($this->entryError != "") ? strip_tags($_POST['comment'],$entryTags) : "") . "</textarea>\n";
	292	echo "<label for=\"category\">"._("Category")."</label>\n";
	293	echo "</p>\n";
	294	echo "<p>\n";
	295	echo "<textarea name=\"body\" id=\"body\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($this->inputError != "") ? strip_tags($_POST['comment'],$entryTags) : "") . "</textarea>\n";
294	296	echo "</p>\n";
295	297	echo "<p>\n";
…	…
298	300	echo "</form>\n";
299	301	echo "</div>\n";
300		echo "</div>\n";
301		}
302		//counts the number of comments
303		function commentCount($entry) {
304		$sql = db_query("SELECT count(id) from comments where post = ".$entry.";");
305		$sqlRow = db_getrow($sql);
306		return $sqlRow['count'];
307		}
308
	302	}
309	303	}

admin.php

r56	r66
27	27	<div id="maincontent"><?
28	28	if($_SESSION['userName'] or $_POST['submit']) {
	29	if ($_SESSION['userName']) echo "<p>"._("Hello")." {$admin->realName} (<a href=\"{$admin->adminPath}/logout\">"._("Logout")."</a>)</p>";
29	30	switch (array_shift($request)) {
30	31	case "login":
…	…
34	35	$admin->logout();
35	36	break;
	37	case "newentry":
	38	$admin->printEntryForm() ;
	39	break;
	40	case "postentry":
	41	$admin->postEntry() ;
	42	break;
36	43	default:
37		echo "<p>Hello ".$admin->realName;
38		if ($_SESSION['userName']) echo " (<a href=\"{$admin->adminPath}/logout\">Logout</a>)";
39		echo "</p>\n";
	44	$admin->menu();
40	45	break;
41	46	}
…	…
52	57	</div>
53	58	<div id="botbot"></div>
	59	<pre>
	60	<?print_r($_SESSION); print_r($_POST);?>
	61	</pre>
54	62	</body>
55	63	</html>

database.lib.php

r6	r66
67	67	return @pg_affected_rows($result);
68	68	}
69		function db_last($lastres)
	69	function db_last($lastres, $table)
70	70	{
71	71	$oid = pg_last_oid($lastres);
72		$res = db_query("select * from ~~bbs~~ where oid=$oid");
	72	$res = db_query("select * from {$table} where oid=$oid");
73	73	return @db_getrow($res);
74	74	}

Download in other formats: