Navigation

← Previous Changeset
Next Changeset →

Changeset 91

Timestamp:

30/05/05 02:30:34 (4 years ago)

Author:

welshbyte

Message:

Fixed and improved the duplicated shortsubject handling with some regex magic and fixed a bunch of dodgy indentation.

Files:

admin.lib.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

admin.lib.php

r89	r91
16	16	//Our Blogs Class
17	17	class admin {
18		var $id; //Blog ID
19		var $userName; //Blogger's User Name
20		var $realName; //Blogger's Real Name
21		var $sessionError; //login or session errors
22		var $shortDateFormat; //Short date format
23		var $longDateFormat; //Long date format
24		var $httpPath; //http Path for files
25		var $adminPath; //path to admin
26		var $blog; //[temporary] holder for instance of blog class
27
28		//Constructor - checks we've been given a valid username, and pulls in generic blog info
29		function admin()
30		{
31		$this->startSession();
32		$this->id = $_SESSION['id'];
33		$this->userName = $_SESSION['userName'];
34		$this->realName = $_SESSION['realName'];
35		$this->sessionError = '';
36		$this->shortDateFormat = "Y-m-d";
37		$this->longDateFormat = "r";
38		$this->httpPath = dirname($_SERVER['SCRIPT_NAME'])."/";
39		$this->adminPath = $this->httpPath."admin.php/";
40		if ($this->userName) {
41		$this->blog = new blogs($this->userName);
42		}
43		}
44
45		//start / check our session
46		function startSession() {
47		//set the session time out in seconds
48		//1 hour
49		$maxSessionAge = 3600;
50
51		//setup the session stuff
52		session_name("BlogSession");
53		session_set_cookie_params($maxSessionAge,$this->httpPath."/");
54		session_start();
55		//get the host
56		if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
57		$host = addslashes($_SERVER['HTTP_X_FORWARDED_FOR']);
58		}
59		else {
60		$host = addslashes($_SERVER['REMOTE_ADDR']);
61		}
62		//if we dont have a session, start one
63		if (!$_SESSION[time]) {
64		$_SESSION[time] = time();
65		$_SESSION[ip] = $host;
66		}
67		//close the session if its too old
68		elseif ((time()-$_SESSION[time]) > $maxSessionAge) {
69		session_unset();
70		$this->sessionError =_("Session Expired");
71		startSession();
72		}
73		/* //close the session if its move IP
74		elseif($_SESSION[ip] != $host) {
75		session_unset();
76		$this->sessionError =_("IP Changed");
77		$this->startSession();
78		} */
79		//else we are happy, and we just update the session time
80		else {
81		$_SESSION[oldTime] = $_SESSION[time];
82		$_SESSION[time] = time();
83		}
84		if ($this->sessionError) {
85		echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
86		}
87		}
88		//logs people in
89		function login() {
90		$username = "";
91		$password = "";
92		if (isset($_POST['username']) && trim($_POST['username']) != "" && safeuname(trim($_POST['username']))) {
93		$username = trim($_POST['username']);
94		}
95		else {
96		$this->sessionError = _("Please check the username field");
97		}
98		if (isset($_POST['password']) && trim($_POST['password']) != "") {
99		$password = trim($_POST['password']);
100		}
101		else {
102		$this->sessionError = _("Please check the password field");
103		}
104		if($this->sessionError) {
105		$this->printLoginForm();
106		}
107		else {
108		$sql = db_query("SELECT id, name from users where enabled = true and username = '".$username."' and password = '".md5($password)."';");
109		$sqlNum = db_num_rows($sql);
110		if ($sqlNum != 1) {
111		$this->sessionError=_("Invalid Username or Password");
112		$this->printLoginForm();
113		}
114		else {
115		$sqlRow = db_getrow($sql);
116		$_SESSION['id'] = $sqlRow['id'];
117		$_SESSION['userName'] = $username;
118		$_SESSION['realName'] = $sqlRow['name'];
119		$this->id = $_SESSION['id'];
120		$this->userName = $_SESSION['userName'];
121		$this->realName = $_SESSION['realName'];
122		}
123		}
124		}
125
126		//admin menu
127		function menu() {
128		echo "<ul class=\"side-menu\">\n";
129		echo "<li><a href=\"".$this->adminPath."newentry"."\">Add a new entry</a></li>\n";
130		echo "<li><a href=\"",$this->adminPath."settings"."\">Edit blog settings</a></li>\n";
131		echo "</ul>\n";
132		}
133
134		//destroys the session and presents you with a login screen
135		function logout ()
136		{
137		session_unset();
138		}
139
140		//prints a login form
141		function printLoginForm()
142		{
143		echo "<div class=\"login\">\n";
144		echo "<h2>"._("Login")."</h2>\n";
145		echo "<div class=\"td\">\n";
146		if ($this->sessionError != "") {
147		echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
148		}
149		echo "<form action=\"".$this->adminPath."login\" method=\"post\" id=\"commentform\">\n";
150		echo "<p>\n";
151		echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->commentError != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
152		echo "<label for=\"username\">"._("Username")."</label>\n";
153		echo "</p>\n";
154		echo "<p>\n";
155		echo "<input type=\"password\" name=\"password\" id=\"password\" size=\"22\" maxlength=\"128\" tabindex=\"2\" />\n";
156		echo "<label for=\"password\">"._("Password")."</label>\n";
157		echo "</p>\n";
158		echo "<p>\n";
159		echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Login\" />\n";
160		echo "</p>\n";
161		echo "</form>\n";
162		echo "</div>\n";
163		echo "</div>\n";
164		}
165
166		// post an entry to the db
167		function postEntry()
168		{
169		$category = '';
170		$subject = '';
171		$body = '';
172
173		//sanitise category (make sure it IS a number!)
174		if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
175		$category = (int)$_POST['category'];
176		} else {
177		$this->inputError = _("Undefined Category!");
178		}
179		//sanitise subject (make sure its not a number!)
180		if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
181		$subject = addslashes(trim(strip_tags($_POST['subject'])));
182		} else {
183		$this->inputError = _("No entry subject!");
184		}
185		//sanitise body
186		if (isset($_POST['body']) && trim($_POST['body']) != "") {
187		$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
188		} else {
189		$this->inputError = _("No entry body!");
190		}
191		//no errors, so continue..
192		if (!$this->inputError) {
193		//first we make our short subject
194		$shortsubject = $this->blog->makeCleanString($subject);
195		// need to check if there are any short titles like this one already
196		$sql = db_query("SELECT shortsubject from entries where user_id = ".$this->id." and (shortsubject = '".$shortsubject."' or shortsubject like '".$shortsubject."\\\_%') order by char_length(shortsubject) desc, shortsubject desc;");
197		$sqlNum = db_num_rows($sql);
198		//if so we grab the last one, and add 1 to it..
199		if ($sqlNum != 0) {
200		$sqlRow = db_getrow($sql);
201		(int)$newNum = array_shift(array_reverse(explode('_',$sqlRow['shortsubject'])));
202		$shortsubject .= '_'.++$newNum; //new non-colliding short subject
203		}
204		//shortsubject is now safe..
205		//insert our new entry
206		$sql = db_query("INSERT INTO entries (category, subject, body, user_id, shortsubject) VALUES ({$category},'{$subject}','{$body}','{$this->id}','{$shortsubject}')");
207		if (!$sql) {
208		error(2,"Database commit failed - ".db_error());
209		}
210		else {
211		$row = db_last($sql, "entries");
212		$this->blog->printEntry($row,false,false);
213		}
214		}
215		//re-display entry form if there are errors
216		else {
217		$this->printEntryForm($_POST,true);
218		}
219		}
220
221		//update an entry in the db, possibly the body or the post will be updated
222		function updateEntry($id)
223		{
224		$category = '';
225		$subject = '';
226		$body = '';
227
228		//sanitise category (make sure it IS a number!)
229		if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
230		$category = (int)$_POST['category'];
231		} else {
232		$this->inputError = _("Undefined Category!");
233		}
234		//sanitise subject (make sure it's not a number!)
235		if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
236		$subject = addslashes(trim(strip_tags($_POST['subject'])));
237		} else {
238		$this->inputError = _("No entry subject!");
239		}
240		//sanitise body
241		if (isset($_POST['body']) && trim($_POST['body']) != "") {
242		$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
243		} else {
244		$this->inputError = _("No entry body!");
245		}
246		//no errors, so continue..
247		if ($this->inputError) {
248		//check to see this post exists
249		$sql = db_query("SELECT id from entries where id = ".$id.";");
250		$sqlNum = db_num_rows($sql);
251		//yes?, we can update it then..
252		if ($sqlNum == 1) {
253		$sql = db_query("UPDATE entries SET (category, subject, body) = ({$category},'{$subject}','{$body}') WHERE id = '{$id}';");
254		if (!$sql) {
255		error(2,_("Database commit failed")." - ".db_error());
256		}
257		else {
258		$row = db_last($sql, "entries");
259		$this->blog->printEntry($row,false,false);
260		}
261		}
262		//cant update non-existant entrys
263		else {
264		error(2,_("Cannot update entry, as it does not exist.")." - ".db_error());
265		}
266		}
267		//redisplay entry form if there are errors
268		else {
269		$this->printEntryForm();
270		}
271		}
272		//update form
273		function updateForm($id)
274		{
275		$id = $this->blog->makeCleanString($id);
276		$sql = db_query("SELECT subject, category, body from entries where shortsubject = '".$id."';");
277		$sqlNum = db_num_rows($sql);
278		//yes? we can update it then..
279		if ($sqlNum == 1) {
280		$row = db_getrow($sql);
281		$this->printEntryForm($row,true,true);
282		}
283		}
284
285		//update settings
286		function updateSettings()
287		{
288		//to be written
289		}
290
291		//print the blog Entry form...
292		function printEntryForm($row='',$show=false,$edit=false)
293		{
294		echo "<div class=\"entry\">\n";
295		if ($this->inputError != "") {
296		echo "<p class=\"invalid\">* " . $this->inputError . " *</p>\n";
297		}
298		echo "<h2>".((!$edit) ?_("Write Entry") : _("Edit Entry"))."</h2>\n";
299		echo "<form action=\"".$this->blogPath.((!$edit) ? "postentry" : "postupdate")."\" method=\"post\" id=\"entryform\">\n";
300		echo "<p>\n";
301		echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($show) ? strip_tags(trim($row['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
302		echo "<label for=\"subject\">"._(Subject)."</label>\n";
303		echo "</p>\n";
304		echo "<p>\n";
305		echo "<select name=\"category\" id=\"category\">";
306		//pull in the list of catogories from the database
307		$sql = db_query("SELECT id, name FROM categories");
308		while ($sqlRow = db_getrow($sql)) {
309		echo "<option value=\"{$sqlRow['id']}\"".(((int)$row['category'] == $sqlRow['id']) ? "selected" : "").">{$sqlRow['name']}</option>";
310		}
311		echo "</select>";
312		echo "<label for=\"category\">"._("Category")."</label>\n";
313		echo "</p>\n";
314		echo "<p>\n";
315		echo "<textarea name=\"body\" id=\"body\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($show) ? strip_tags($row['body'],$entryTags) : "") . "</textarea>\n";
316		echo "</p>\n";
317		echo "<p>\n";
318		echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Submit Entry\" />\n";
319		echo "</p>\n";
320		echo "</form>\n";
321		echo "</div>\n";
322		}
323
324
325		//print the blog settings form...
326		function printSettingsForm()
327		{
328		//pull in user's current settings from the database
329		$sql = db_query("SELECT name, title, description, css FROM users WHERE username='" . $this->userName . "'");
330		$settings = db_getrow($sql);
331		echo "<div class=\"entry\">\n";
332		echo "<h2>"._("Blog Settings")."</h2>\n";
333		echo "<form action=\"".$this->blogPath."postsettings\" method=\"post\" id=\"settingsform\">\n";
334		echo "<p>\n";
335		echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"" . $settings[name] . "\" size=\"30\" maxlength=\"60\" tabindex=\"1\" />\n";
336		echo "<label for=\"name\">"._("Real name")."</label>\n";
337		echo "</p>\n";
338		echo "<p>\n";
339		echo "<input type=\"text\" name=\"title\" id=\"title\" value=\"" . $settings[title] . "\" size=\"30\" maxlength=\"60\" tabindex=\"2\" />\n";
340		echo "<label for=\"title\">"._("Title")."</label>\n";
341		echo "</p>\n";
342		echo "<p>\n";
343		echo "<input type=\"text\" name=\"description\" id=\"description\" value=\"" . $settings[description] . "\" size=\"30\" maxlength=\"60\" tabindex=\"3\" />\n";
344		echo "<label for=\"description\">"._("Description")."</label>\n";
345		echo "</p>\n";
346		echo "<p>\n";
347		echo "<input type=\"text\" name=\"css\" id=\"css\" value=\"" . $settings[css] . "\" size=\"30\" maxlength=\"255\" tabindex=\"4\" />\n";
348		echo "<label for=\"css\">"._("CSS")."</label>\n";
349		echo "</p>\n";
350		echo "<p>\n";
351		echo "<input type=\"password\" name=\"pass1\" id=\"pass1\" value=\"\" size=\"15\" maxlength=\"16\" tabindex=\"5\" />\n";
352		echo "<label for=\"pass1\">"._("Password")."</label>\n";
353		echo "</p>\n";
354		echo "<p>\n";
355		echo "<input type=\"password\" name=\"pass2\" id=\"pass2\" value=\"\" size=\"15\" maxlength=\"16\" tabindex=\"6\" />\n";
356		echo "<label for=\"pass2\">"._("Again")."</label>\n";
357		echo "</p>\n";
358		echo "<p>\n";
359		echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Save Settings\" />\n";
360		echo "</p>\n";
361		echo "</form>\n";
362		echo "</div>\n";
363		}
	18	var $id; //Blog ID
	19	var $userName; //Blogger's User Name
	20	var $realName; //Blogger's Real Name
	21	var $sessionError; //login or session errors
	22	var $shortDateFormat; //Short date format
	23	var $longDateFormat; //Long date format
	24	var $httpPath; //http Path for files
	25	var $adminPath; //path to admin
	26	var $blog; //[temporary] holder for instance of blog class
	27
	28	//Constructor - checks we've been given a valid username, and pulls in generic blog info
	29	function admin()
	30	{
	31	$this->startSession();
	32	$this->id = $_SESSION['id'];
	33	$this->userName = $_SESSION['userName'];
	34	$this->realName = $_SESSION['realName'];
	35	$this->sessionError = '';
	36	$this->shortDateFormat = "Y-m-d";
	37	$this->longDateFormat = "r";
	38	$this->httpPath = dirname($_SERVER['SCRIPT_NAME'])."/";
	39	$this->adminPath = $this->httpPath."admin.php/";
	40	if ($this->userName) {
	41	$this->blog = new blogs($this->userName);
	42	}
	43	}
	44
	45	//start / check our session
	46	function startSession() {
	47	//set the session time out in seconds
	48	//1 hour
	49	$maxSessionAge = 3600;
	50
	51	//setup the session stuff
	52	session_name("BlogSession");
	53	session_set_cookie_params($maxSessionAge,$this->httpPath."/");
	54	session_start();
	55	//get the host
	56	if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	57	$host = addslashes($_SERVER['HTTP_X_FORWARDED_FOR']);
	58	}
	59	else {
	60	$host = addslashes($_SERVER['REMOTE_ADDR']);
	61	}
	62	//if we dont have a session, start one
	63	if (!$_SESSION[time]) {
	64	$_SESSION[time] = time();
	65	$_SESSION[ip] = $host;
	66	}
	67	//close the session if its too old
	68	elseif ((time()-$_SESSION[time]) > $maxSessionAge) {
	69	session_unset();
	70	$this->sessionError =_("Session Expired");
	71	startSession();
	72	}
	73	/* //close the session if its move IP
	74	elseif($_SESSION[ip] != $host) {
	75	session_unset();
	76	$this->sessionError =_("IP Changed");
	77	$this->startSession();
	78	} */
	79	//else we are happy, and we just update the session time
	80	else {
	81	$_SESSION[oldTime] = $_SESSION[time];
	82	$_SESSION[time] = time();
	83	}
	84	if ($this->sessionError) {
	85	echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
	86	}
	87	}
	88	//logs people in
	89	function login() {
	90	$username = "";
	91	$password = "";
	92	if (isset($_POST['username']) && trim($_POST['username']) != "" && safeuname(trim($_POST['username']))) {
	93	$username = trim($_POST['username']);
	94	}
	95	else {
	96	$this->sessionError = _("Please check the username field");
	97	}
	98	if (isset($_POST['password']) && trim($_POST['password']) != "") {
	99	$password = trim($_POST['password']);
	100	}
	101	else {
	102	$this->sessionError = _("Please check the password field");
	103	}
	104	if($this->sessionError) {
	105	$this->printLoginForm();
	106	}
	107	else {
	108	$sql = db_query("SELECT id, name from users where enabled = true and username = '".$username."' and password = '".md5($password)."';");
	109	$sqlNum = db_num_rows($sql);
	110	if ($sqlNum != 1) {
	111	$this->sessionError=_("Invalid Username or Password");
	112	$this->printLoginForm();
	113	}
	114	else {
	115	$sqlRow = db_getrow($sql);
	116	$_SESSION['id'] = $sqlRow['id'];
	117	$_SESSION['userName'] = $username;
	118	$_SESSION['realName'] = $sqlRow['name'];
	119	$this->id = $_SESSION['id'];
	120	$this->userName = $_SESSION['userName'];
	121	$this->realName = $_SESSION['realName'];
	122	}
	123	}
	124	}
	125
	126	//admin menu
	127	function menu() {
	128	echo "<ul class=\"side-menu\">\n";
	129	echo "<li><a href=\"".$this->adminPath."newentry"."\">Add a new entry</a></li>\n";
	130	echo "<li><a href=\"",$this->adminPath."settings"."\">Edit blog settings</a></li>\n";
	131	echo "</ul>\n";
	132	}
	133
	134	//destroys the session and presents you with a login screen
	135	function logout ()
	136	{
	137	session_unset();
	138	}
	139
	140	//prints a login form
	141	function printLoginForm()
	142	{
	143	echo "<div class=\"login\">\n";
	144	echo "<h2>"._("Login")."</h2>\n";
	145	echo "<div class=\"td\">\n";
	146	if ($this->sessionError != "") {
	147	echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
	148	}
	149	echo "<form action=\"".$this->adminPath."login\" method=\"post\" id=\"commentform\">\n";
	150	echo "<p>\n";
	151	echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->commentError != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
	152	echo "<label for=\"username\">"._("Username")."</label>\n";
	153	echo "</p>\n";
	154	echo "<p>\n";
	155	echo "<input type=\"password\" name=\"password\" id=\"password\" size=\"22\" maxlength=\"128\" tabindex=\"2\" />\n";
	156	echo "<label for=\"password\">"._("Password")."</label>\n";
	157	echo "</p>\n";
	158	echo "<p>\n";
	159	echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Login\" />\n";
	160	echo "</p>\n";
	161	echo "</form>\n";
	162	echo "</div>\n";
	163	echo "</div>\n";
	164	}
	165
	166	// post an entry to the db
	167	function postEntry()
	168	{
	169	$category = '';
	170	$subject = '';
	171	$body = '';
	172
	173	//sanitise category (make sure it IS a number!)
	174	if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
	175	$category = (int)$_POST['category'];
	176	} else {
	177	$this->inputError = _("Undefined Category!");
	178	}
	179	//sanitise subject (make sure its not a number!)
	180	if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
	181	$subject = addslashes(trim(strip_tags($_POST['subject'])));
	182	} else {
	183	$this->inputError = _("No entry subject!");
	184	}
	185	//sanitise body
	186	if (isset($_POST['body']) && trim($_POST['body']) != "") {
	187	$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
	188	} else {
	189	$this->inputError = _("No entry body!");
	190	}
	191	//no errors, so continue..
	192	if (!$this->inputError) {
	193	//first we make our short subject
	194	$shortsubject = $this->blog->makeCleanString($subject);
	195
	196	// need to check if there are any short titles like this one already
	197	$sql = db_query("SELECT shortsubject FROM entries WHERE user_id = {$this->id} AND shortsubject ~ '{$shortsubject}(_[0-9]{1,3}$\|$)' ORDER BY char_length(shortsubject) DESC, shortsubject DESC;");
	198	$sqlNum = db_num_rows($sql);
	199
	200	//if so we grab the last one, and add 1 to it..
	201	if ($sqlNum != 0) {
	202	$sqlRow = db_getrow($sql);
	203	// Put the matched _number into $matches[0] if there is one
	204	if (preg_match("/\_[0-9]{1,3}$/",$sqlRow['shortsubject'],$matches)) {
	205	// Remove the _ to get the number, add 1 and append
	206	$shortsubject .= '_' . ((int)substr($matches[0],1) + 1);
	207	} else {
	208	$shortsubject .= '_1';
	209	}
	210	}
	211	//shortsubject is now safe..
	212	//insert our new entry
	213	$sql = db_query("INSERT INTO entries (category, subject, body, user_id, shortsubject) VALUES ({$category},'{$subject}','{$body}','{$this->id}','{$shortsubject}')");
	214	if (!$sql) {
	215	error(2,"Database commit failed - ".db_error());
	216	}
	217	else {
	218	$row = db_last($sql, "entries");
	219	$this->blog->printEntry($row,false,false);
	220	}
	221	}
	222	//re-display entry form if there are errors
	223	else {
	224	$this->printEntryForm($_POST,true);
	225	}
	226	}
	227
	228	//update an entry in the db, possibly the body or the post will be updated
	229	function updateEntry($id)
	230	{
	231	$category = '';
	232	$subject = '';
	233	$body = '';
	234
	235	//sanitise category (make sure it IS a number!)
	236	if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
	237	$category = (int)$_POST['category'];
	238	} else {
	239	$this->inputError = _("Undefined Category!");
	240	}
	241	//sanitise subject (make sure it's not a number!)
	242	if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
	243	$subject = addslashes(trim(strip_tags($_POST['subject'])));
	244	} else {
	245	$this->inputError = _("No entry subject!");
	246	}
	247	//sanitise body
	248	if (isset($_POST['body']) && trim($_POST['body']) != "") {
	249	$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
	250	} else {
	251	$this->inputError = _("No entry body!");
	252	}
	253	//no errors, so continue..
	254	if ($this->inputError) {
	255	//check to see this post exists
	256	$sql = db_query("SELECT id from entries where id = ".$id.";");
	257	$sqlNum = db_num_rows($sql);
	258	//yes?, we can update it then..
	259	if ($sqlNum == 1) {
	260	$sql = db_query("UPDATE entries SET (category, subject, body) = ({$category},'{$subject}','{$body}') WHERE id = '{$id}';");
	261	if (!$sql) {
	262	error(2,_("Database commit failed")." - ".db_error());
	263	}
	264	else {
	265	$row = db_last($sql, "entries");
	266	$this->blog->printEntry($row,false,false);
	267	}
	268	}
	269	//cant update non-existant entrys
	270	else {
	271	error(2,_("Cannot update entry, as it does not exist.")." - ".db_error());
	272	}
	273	}
	274	//redisplay entry form if there are errors
	275	else {
	276	$this->printEntryForm();
	277	}
	278	}
	279	//update form
	280	function updateForm($id)
	281	{
	282	$id = $this->blog->makeCleanString($id);
	283	$sql = db_query("SELECT subject, category, body from entries where shortsubject = '".$id."';");
	284	$sqlNum = db_num_rows($sql);
	285	//yes? we can update it then..
	286	if ($sqlNum == 1) {
	287	$row = db_getrow($sql);
	288	$this->printEntryForm($row,true,true);
	289	}
	290	}
	291
	292	//update settings
	293	function updateSettings()
	294	{
	295	//to be written
	296	}
	297
	298	//print the blog Entry form...
	299	function printEntryForm($row='',$show=false,$edit=false)
	300	{
	301	echo "<div class=\"entry\">\n";
	302	if ($this->inputError != "") {
	303	echo "<p class=\"invalid\">* " . $this->inputError . " *</p>\n";
	304	}
	305	echo "<h2>".((!$edit) ?_("Write Entry") : _("Edit Entry"))."</h2>\n";
	306	echo "<form action=\"".$this->blogPath.((!$edit) ? "postentry" : "postupdate")."\" method=\"post\" id=\"entryform\">\n";
	307	echo "<p>\n";
	308	echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($show) ? strip_tags(trim($row['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
	309	echo "<label for=\"subject\">"._(Subject)."</label>\n";
	310	echo "</p>\n";
	311	echo "<p>\n";
	312	echo "<select name=\"category\" id=\"category\">";
	313	//pull in the list of catogories from the database
	314	$sql = db_query("SELECT id, name FROM categories");
	315	while ($sqlRow = db_getrow($sql)) {
	316	echo "<option value=\"{$sqlRow['id']}\"".(((int)$row['category'] == $sqlRow['id']) ? "selected" : "").">{$sqlRow['name']}</option>";
	317	}
	318	echo "</select>";
	319	echo "<label for=\"category\">"._("Category")."</label>\n";
	320	echo "</p>\n";
	321	echo "<p>\n";
	322	echo "<textarea name=\"body\" id=\"body\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($show) ? strip_tags($row['body'],$entryTags) : "") . "</textarea>\n";
	323	echo "</p>\n";
	324	echo "<p>\n";
	325	echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Submit Entry\" />\n";
	326	echo "</p>\n";
	327	echo "</form>\n";
	328	echo "</div>\n";
	329	}
	330
	331
	332	//print the blog settings form...
	333	function printSettingsForm()
	334	{
	335	//pull in user's current settings from the database
	336	$sql = db_query("SELECT name, title, description, css FROM users WHERE username='" . $this->userName . "'");
	337	$settings = db_getrow($sql);
	338	echo "<div class=\"entry\">\n";
	339	echo "<h2>"._("Blog Settings")."</h2>\n";
	340	echo "<form action=\"".$this->blogPath."postsettings\" method=\"post\" id=\"settingsform\">\n";
	341	echo "<p>\n";
	342	echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"" . $settings[name] . "\" size=\"30\" maxlength=\"60\" tabindex=\"1\" />\n";
	343	echo "<label for=\"name\">"._("Real name")."</label>\n";
	344	echo "</p>\n";
	345	echo "<p>\n";
	346	echo "<input type=\"text\" name=\"title\" id=\"title\" value=\"" . $settings[title] . "\" size=\"30\" maxlength=\"60\" tabindex=\"2\" />\n";
	347	echo "<label for=\"title\">"._("Title")."</label>\n";
	348	echo "</p>\n";
	349	echo "<p>\n";
	350	echo "<input type=\"text\" name=\"description\" id=\"description\" value=\"" . $settings[description] . "\" size=\"30\" maxlength=\"60\" tabindex=\"3\" />\n";
	351	echo "<label for=\"description\">"._("Description")."</label>\n";
	352	echo "</p>\n";
	353	echo "<p>\n";
	354	echo "<input type=\"text\" name=\"css\" id=\"css\" value=\"" . $settings[css] . "\" size=\"30\" maxlength=\"255\" tabindex=\"4\" />\n";
	355	echo "<label for=\"css\">"._("CSS")."</label>\n";
	356	echo "</p>\n";
	357	echo "<p>\n";
	358	echo "<input type=\"password\" name=\"pass1\" id=\"pass1\" value=\"\" size=\"15\" maxlength=\"16\" tabindex=\"5\" />\n";
	359	echo "<label for=\"pass1\">"._("Password")."</label>\n";
	360	echo "</p>\n";
	361	echo "<p>\n";
	362	echo "<input type=\"password\" name=\"pass2\" id=\"pass2\" value=\"\" size=\"15\" maxlength=\"16\" tabindex=\"6\" />\n";
	363	echo "<label for=\"pass2\">"._("Again")."</label>\n";
	364	echo "</p>\n";
	365	echo "<p>\n";
	366	echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Save Settings\" />\n";
	367	echo "</p>\n";
	368	echo "</form>\n";
	369	echo "</div>\n";
	370	}
364	371
365	372	/* Some functions to manage posts, users etc. */
366	373
367		function addUser($user) //user is the user adminning (a staff member?)
368		{
369		$username = '';
370		$password = '';
371		$type = 1;
372		$name = '';
373		$title = '';
374		$description = '';
375		$css = 'blog.css';
376		$enabled = False; // seems sensible..
377
378		//if (check_auth($user)) {}
379		//sanitise username
380		if (isset($_POST['username']) && trim($_POST['username']) != "" && (int)$_POST['username'] == 0) {
381		$username = $_POST['username'];
382		} else {
383		$this->inputError = _("Bad Input - Username");
384		$err = 1;
385		}
386
387		//sanitise password, assume it will be hashed before sending :)
388		if (isset($_POST['password']) && trim($_POST['password']) != "" && (int)$_POST['password'] == 0) {
389		$password = $_POST['password'];
390		} else {
391		$this->inputError = _("Bad Input - Password");
392		$err = 1;
393		}
394
395		//sanitise type
396		if (isset($_POST['type']) && trim($_POST['type']) != "" && (int)$_POST['type'] > 0) {
397		$type = (int)$_POST['type'];
398		} else {
399		$this->inputError = _("Bad Input - Type");
400		$err = 1;
401		}
402
403		//sanitise name
404		if (isset($_POST['name']) && trim($_POST['name']) != "" && (int)$_POST['name'] == 0) {
405		$name = addslashes(urldecode($_POST['name']));
406		} else {
407		$this->inputError = _("Bad Input - Realname");
408		$err = 1;
409		}
410
411		//sanitise title
412		if (isset($_POST['title']) && trim($_POST['title']) != "" && (int)$_POST['title'] == 0) {
413		$title = addslashes(urldecode($_POST['title']));
414		} else {
415		$this->inputError = _("Bad Input - Title");
416		$err = 1;
417		}
418
419		//sanitise description
420		if (isset($_POST['description']) && trim($_POST['description']) != "" && (int)$_POST['description'] == 0) {
421		$description = addslashes(urldecode($_POST['description']));
422		} else {
423		$this->inputError = _("Bad Input - Description");
424		$err = 1;
425		}
426
427		//sanitise css
428		if (isset($_POST['css'])) { // if its not set its defaulted...
429		if (trim($_POST['css']) != "" && (int)$_POST['css'] == 0 && is_file($_POST['css'])) {
430		$css = $_POST['css'];
431		} else {
432		$this->inputError = _("Bad Input - CSS location");
433		$err = 1;
434		}
435		}
436
437		//sanitise enabled -- not really sure about this. i think creation and enabling should be
438		// done seperately... ???
439		/*if (isset($_POST['enabled'])) { // if its not set its defaulted...
440		if (trim($_POST['enabled']) != "" && (int)$_POST['enabled'] == 0)) {
441		~~$css~~ = $_POST['enabled'];
442		} else {
443		$this->inputError = _("Bad Input - Enabled");
444		$err = 1;
445		}
446		}*/
447
448		if ($err == 0) { // and insert...
449
450		$query = "INSERT into USERS (username,password,type,name,title,description,css,enabled) VALUES ('{$username}','{$password}',{$type},'{$name}','{$title}','{$description}','{$css}',{$enabled});";
451		if (!db_query($query)) {
452		error(2,_("Database Insertion failed."));
453		} else {
454		print(_("New user added:")." ".$username); //pleh?
455		}
456		} else {
457		error(4,_("Bad Input."));
458		}
459		}
460
461		// ok this should take all the input and post it to addUser, passing in the current user and stuff... i think...
462		function addUserForm()
463		{
464		echo "<div class=\"adduser\">\n";
465		if ($this->inputError != "") {
466		echo "<p class=\"invalid\">* " . $this->inputError . " *</p>\n";
467		}
468		elseif (isset($_POST['submit'])) {
469		echo "<p>New user added.</p>\n";
470		}
471		echo "<h2>"._("Add User")."</h2>\n";
472		echo "<form action=\"".$this->blogPath."adduser\" method=\"post\" id=\"adduserform\">\n";
473		echo "<p>\n";
474		echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
475		echo "<label for=\"username\">"._("Username")."</label>\n";
476		}
	374	function addUser($user) //user is the user adminning (a staff member?)
	375	{
	376	$username = '';
	377	$password = '';
	378	$type = 1;
	379	$name = '';
	380	$title = '';
	381	$description = '';
	382	$css = 'blog.css';
	383	$enabled = true; // Why would anyone want to create a disabled blog?
	384
	385	//if (check_auth($user)) {}
	386	//sanitise username
	387	if (isset($_POST['username']) && trim($_POST['username']) != "" && (int)$_POST['username'] == 0) {
	388	$username = $_POST['username'];
	389	} else {
	390	$this->inputError = _("Bad Input - Username");
	391	$err = 1;
	392	}
	393
	394	//sanitise password, assume it will be hashed before sending :)
	395	if (isset($_POST['password']) && trim($_POST['password']) != "" && (int)$_POST['password'] == 0) {
	396	$password = $_POST['password'];
	397	} else {
	398	$this->inputError = _("Bad Input - Password");
	399	$err = 1;
	400	}
	401
	402	//sanitise type
	403	if (isset($_POST['type']) && trim($_POST['type']) != "" && (int)$_POST['type'] > 0) {
	404	$type = (int)$_POST['type'];
	405	} else {
	406	$this->inputError = _("Bad Input - Type");
	407	$err = 1;
	408	}
	409
	410	//sanitise name
	411	if (isset($_POST['name']) && trim($_POST['name']) != "" && (int)$_POST['name'] == 0) {
	412	$name = addslashes(urldecode($_POST['name']));
	413	} else {
	414	$this->inputError = _("Bad Input - Realname");
	415	$err = 1;
	416	}
	417
	418	//sanitise title
	419	if (isset($_POST['title']) && trim($_POST['title']) != "" && (int)$_POST['title'] == 0) {
	420	$title = addslashes(urldecode($_POST['title']));
	421	} else {