Navigation

← Previous Changeset
Next Changeset →

Changeset 92

Timestamp:

30/05/05 09:02:08 (4 years ago)

Author:

rollercow

Message:

Undid the tab -> space daftness

Also you get a little further towards updates working...

Andy, all your changes have gone.. recomit them without changing the whole file in the process!

Files:

admin.lib.php (modified) (1 diff)
admin.php (modified) (1 diff)
blog.lib.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

admin.lib.php

r91	r92
16	16	//Our Blogs Class
17	17	class admin {
18		var $id; //Blog ID
19		var $userName; //Blogger's User Name
20		var $realName; //Blogger's Real Name
21		var $sessionError; //login or session errors
22		var $shortDateFormat; //Short date format
23		var $longDateFormat; //Long date format
24		var $httpPath; //http Path for files
25		var $adminPath; //path to admin
26		var $blog; //[temporary] holder for instance of blog class
27
28		//Constructor - checks we've been given a valid username, and pulls in generic blog info
29		function admin()
30		{
31		$this->startSession();
32		$this->id = $_SESSION['id'];
33		$this->userName = $_SESSION['userName'];
34		$this->realName = $_SESSION['realName'];
35		$this->sessionError = '';
36		$this->shortDateFormat = "Y-m-d";
37		$this->longDateFormat = "r";
38		$this->httpPath = dirname($_SERVER['SCRIPT_NAME'])."/";
39		$this->adminPath = $this->httpPath."admin.php/";
40		if ($this->userName) {
41		$this->blog = new blogs($this->userName);
42		}
43		}
44
45		//start / check our session
46		function startSession() {
47		//set the session time out in seconds
48		//1 hour
49		$maxSessionAge = 3600;
50
51		//setup the session stuff
52		session_name("BlogSession");
53		session_set_cookie_params($maxSessionAge,$this->httpPath."/");
54		session_start();
55		//get the host
56		if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
57		$host = addslashes($_SERVER['HTTP_X_FORWARDED_FOR']);
58		}
59		else {
60		$host = addslashes($_SERVER['REMOTE_ADDR']);
61		}
62		//if we dont have a session, start one
63		if (!$_SESSION[time]) {
64		$_SESSION[time] = time();
65		$_SESSION[ip] = $host;
66		}
67		//close the session if its too old
68		elseif ((time()-$_SESSION[time]) > $maxSessionAge) {
69		session_unset();
70		$this->sessionError =_("Session Expired");
71		startSession();
72		}
73		/* //close the session if its move IP
74		elseif($_SESSION[ip] != $host) {
75		session_unset();
76		$this->sessionError =_("IP Changed");
77		$this->startSession();
78		} */
79		//else we are happy, and we just update the session time
80		else {
81		$_SESSION[oldTime] = $_SESSION[time];
82		$_SESSION[time] = time();
83		}
84		if ($this->sessionError) {
85		echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
86		}
87		}
88		//logs people in
89		function login() {
90		$username = "";
91		$password = "";
92		if (isset($_POST['username']) && trim($_POST['username']) != "" && safeuname(trim($_POST['username']))) {
93		$username = trim($_POST['username']);
94		}
95		else {
96		$this->sessionError = _("Please check the username field");
97		}
98		if (isset($_POST['password']) && trim($_POST['password']) != "") {
99		$password = trim($_POST['password']);
100		}
101		else {
102		$this->sessionError = _("Please check the password field");
103		}
104		if($this->sessionError) {
105		$this->printLoginForm();
106		}
107		else {
108		$sql = db_query("SELECT id, name from users where enabled = true and username = '".$username."' and password = '".md5($password)."';");
109		$sqlNum = db_num_rows($sql);
110		if ($sqlNum != 1) {
111		$this->sessionError=_("Invalid Username or Password");
112		$this->printLoginForm();
113		}
114		else {
115		$sqlRow = db_getrow($sql);
116		$_SESSION['id'] = $sqlRow['id'];
117		$_SESSION['userName'] = $username;
118		$_SESSION['realName'] = $sqlRow['name'];
119		$this->id = $_SESSION['id'];
120		$this->userName = $_SESSION['userName'];
121		$this->realName = $_SESSION['realName'];
122		}
123		}
124		}
125
126		//admin menu
127		function menu() {
128		echo "<ul class=\"side-menu\">\n";
129		echo "<li><a href=\"".$this->adminPath."newentry"."\">Add a new entry</a></li>\n";
130		echo "<li><a href=\"",$this->adminPath."settings"."\">Edit blog settings</a></li>\n";
131		echo "</ul>\n";
132		}
133
134		//destroys the session and presents you with a login screen
135		function logout ()
136		{
137		session_unset();
138		}
139
140		//prints a login form
141		function printLoginForm()
142		{
143		echo "<div class=\"login\">\n";
144		echo "<h2>"._("Login")."</h2>\n";
145		echo "<div class=\"td\">\n";
146		if ($this->sessionError != "") {
147		echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
148		}
149		echo "<form action=\"".$this->adminPath."login\" method=\"post\" id=\"commentform\">\n";
150		echo "<p>\n";
151		echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->commentError != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
152		echo "<label for=\"username\">"._("Username")."</label>\n";
153		echo "</p>\n";
154		echo "<p>\n";
155		echo "<input type=\"password\" name=\"password\" id=\"password\" size=\"22\" maxlength=\"128\" tabindex=\"2\" />\n";
156		echo "<label for=\"password\">"._("Password")."</label>\n";
157		echo "</p>\n";
158		echo "<p>\n";
159		echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Login\" />\n";
160		echo "</p>\n";
161		echo "</form>\n";
162		echo "</div>\n";
163		echo "</div>\n";
164		}
165
166		// post an entry to the db
167		function postEntry()
168		{
169		$category = '';
170		$subject = '';
171		$body = '';
172
173		//sanitise category (make sure it IS a number!)
174		if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
175		$category = (int)$_POST['category'];
176		} else {
177		$this->inputError = _("Undefined Category!");
178		}
179		//sanitise subject (make sure its not a number!)
180		if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
181		$subject = addslashes(trim(strip_tags($_POST['subject'])));
182		} else {
183		$this->inputError = _("No entry subject!");
184		}
185		//sanitise body
186		if (isset($_POST['body']) && trim($_POST['body']) != "") {
187		$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
188		} else {
189		$this->inputError = _("No entry body!");
190		}
191		//no errors, so continue..
192		if (!$this->inputError) {
193		//first we make our short subject
194		$shortsubject = $this->blog->makeCleanString($subject);
195
196		// need to check if there are any short titles like this one already
197		$sql = db_query("SELECT shortsubject FROM entries WHERE user_id = {$this->id} AND shortsubject ~ '{$shortsubject}(_[0-9]{1,3}$\|$)' ORDER BY char_length(shortsubject) DESC, shortsubject DESC;");
198		$sqlNum = db_num_rows($sql);
199
200		//if so we grab the last one, and add 1 to it..
201		if ($sqlNum != 0) {
202		$sqlRow = db_getrow($sql);
203		// Put the matched _number into $matches[0] if there is one
204		if (preg_match("/\_[0-9]{1,3}$/",$sqlRow['shortsubject'],$matches)) {
205		// Remove the _ to get the number, add 1 and append
206		$shortsubject .= '_' . ((int)substr($matches[0],1) + 1);
207		} else {
208		$shortsubject .= '_1';
209		}
210		}
211		//shortsubject is now safe..
212		//insert our new entry
213		$sql = db_query("INSERT INTO entries (category, subject, body, user_id, shortsubject) VALUES ({$category},'{$subject}','{$body}','{$this->id}','{$shortsubject}')");
214		if (!$sql) {
215		error(2,"Database commit failed - ".db_error());
216		}
217		else {
218		$row = db_last($sql, "entries");
219		$this->blog->printEntry($row,false,false);
220		}
221		}
222		//re-display entry form if there are errors
223		else {
224		$this->printEntryForm($_POST,true);
225		}
226		}
227
228		//update an entry in the db, possibly the body or the post will be updated
229		function updateEntry($id)
230		{
231		$category = '';
232		$subject = '';
233		$body = '';
234
235		//sanitise category (make sure it IS a number!)
236		if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
237		$category = (int)$_POST['category'];
238		} else {
239		$this->inputError = _("Undefined Category!");
240		}
241		//sanitise subject (make sure it's not a number!)
242		if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
243		$subject = addslashes(trim(strip_tags($_POST['subject'])));
244		} else {
245		$this->inputError = _("No entry subject!");
246		}
247		//sanitise body
248		if (isset($_POST['body']) && trim($_POST['body']) != "") {
249		$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
250		} else {
251		$this->inputError = _("No entry body!");
252		}
253		//no errors, so continue..
254		if ($this->inputError) {
255		//check to see this post exists
256		$sql = db_query("SELECT id from entries where id = ".$id.";");
257		$sqlNum = db_num_rows($sql);
258		//yes?, we can update it then..
259		if ($sqlNum == 1) {
260		$sql = db_query("UPDATE entries SET (category, subject, body) = ({$category},'{$subject}','{$body}') WHERE id = '{$id}';");
261		if (!$sql) {
262		error(2,_("Database commit failed")." - ".db_error());
263		}
264		else {
265		$row = db_last($sql, "entries");
266		$this->blog->printEntry($row,false,false);
267		}
268		}
269		//cant update non-existant entrys
270		else {
271		error(2,_("Cannot update entry, as it does not exist.")." - ".db_error());
272		}
273		}
274		//redisplay entry form if there are errors
275		else {
276		$this->printEntryForm();
277		}
278		}
279		//update form
280		function updateForm($id)
281		{
282		$id = $this->blog->makeCleanString($id);
283		$sql = db_query("SELECT subject, category, body from entries where shortsubject = '".$id."';");
284		$sqlNum = db_num_rows($sql);
285		//yes? we can update it then..
286		if ($sqlNum == 1) {
287		$row = db_getrow($sql);
288		$this->printEntryForm($row,true,true);
289		}
290		}
291
292		//update settings
293		function updateSettings()
294		{
295		//to be written
296		}
297
298		//print the blog Entry form...
299		function printEntryForm($row='',$show=false,$edit=false)
300		{
301		echo "<div class=\"entry\">\n";
302		if ($this->inputError != "") {
303		echo "<p class=\"invalid\">* " . $this->inputError . " *</p>\n";
304		}
305		echo "<h2>".((!$edit) ?_("Write Entry") : _("Edit Entry"))."</h2>\n";
306		echo "<form action=\"".$this->blogPath.((!$edit) ? "postentry" : "postupdate")."\" method=\"post\" id=\"entryform\">\n";
307		echo "<p>\n";
308		echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($show) ? strip_tags(trim($row['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
309		echo "<label for=\"subject\">"._(Subject)."</label>\n";
310		echo "</p>\n";
311		echo "<p>\n";
312		echo "<select name=\"category\" id=\"category\">";
313		//pull in the list of catogories from the database
314		$sql = db_query("SELECT id, name FROM categories");
315		while ($sqlRow = db_getrow($sql)) {
316		echo "<option value=\"{$sqlRow['id']}\"".(((int)$row['category'] == $sqlRow['id']) ? "selected" : "").">{$sqlRow['name']}</option>";
317		}
318		echo "</select>";
319		echo "<label for=\"category\">"._("Category")."</label>\n";
320		echo "</p>\n";
321		echo "<p>\n";
322		echo "<textarea name=\"body\" id=\"body\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($show) ? strip_tags($row['body'],$entryTags) : "") . "</textarea>\n";
323		echo "</p>\n";
324		echo "<p>\n";
325		echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Submit Entry\" />\n";
326		echo "</p>\n";
327		echo "</form>\n";
328		echo "</div>\n";
329		}
330
331
332		//print the blog settings form...
333		function printSettingsForm()
334		{
335		//pull in user's current settings from the database
336		$sql = db_query("SELECT name, title, description, css FROM users WHERE username='" . $this->userName . "'");
337		$settings = db_getrow($sql);
338		echo "<div class=\"entry\">\n";
339		echo "<h2>"._("Blog Settings")."</h2>\n";
340		echo "<form action=\"".$this->blogPath."postsettings\" method=\"post\" id=\"settingsform\">\n";
341		echo "<p>\n";
342		echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"" . $settings[name] . "\" size=\"30\" maxlength=\"60\" tabindex=\"1\" />\n";
343		echo "<label for=\"name\">"._("Real name")."</label>\n";
344		echo "</p>\n";
345		echo "<p>\n";
346		echo "<input type=\"text\" name=\"title\" id=\"title\" value=\"" . $settings[title] . "\" size=\"30\" maxlength=\"60\" tabindex=\"2\" />\n";
347		echo "<label for=\"title\">"._("Title")."</label>\n";
348		echo "</p>\n";
349		echo "<p>\n";
350		echo "<input type=\"text\" name=\"description\" id=\"description\" value=\"" . $settings[description] . "\" size=\"30\" maxlength=\"60\" tabindex=\"3\" />\n";
351		echo "<label for=\"description\">"._("Description")."</label>\n";
352		echo "</p>\n";
353		echo "<p>\n";
354		echo "<input type=\"text\" name=\"css\" id=\"css\" value=\"" . $settings[css] . "\" size=\"30\" maxlength=\"255\" tabindex=\"4\" />\n";
355		echo "<label for=\"css\">"._("CSS")."</label>\n";
356		echo "</p>\n";
357		echo "<p>\n";
358		echo "<input type=\"password\" name=\"pass1\" id=\"pass1\" value=\"\" size=\"15\" maxlength=\"16\" tabindex=\"5\" />\n";
359		echo "<label for=\"pass1\">"._("Password")."</label>\n";
360		echo "</p>\n";
361		echo "<p>\n";
362		echo "<input type=\"password\" name=\"pass2\" id=\"pass2\" value=\"\" size=\"15\" maxlength=\"16\" tabindex=\"6\" />\n";
363		echo "<label for=\"pass2\">"._("Again")."</label>\n";
364		echo "</p>\n";
365		echo "<p>\n";
366		echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Save Settings\" />\n";
367		echo "</p>\n";
368		echo "</form>\n";
369		echo "</div>\n";
370		}
	18	var $id; //Blog ID
	19	var $userName; //Blogger's User Name
	20	var $realName; //Blogger's Real Name
	21	var $sessionError; //login or session errors
	22	var $shortDateFormat; //Short date format
	23	var $longDateFormat; //Long date format
	24	var $httpPath; //http Path for files
	25	var $adminPath; //path to admin
	26	var $blog; //[temporary] holder for instance of blog class
	27
	28	//Constructor - checks we've been given a valid username, and pulls in generic blog info
	29	function admin()
	30	{
	31	$this->startSession();
	32	$this->id = $_SESSION['id'];
	33	$this->userName = $_SESSION['userName'];
	34	$this->realName = $_SESSION['realName'];
	35	$this->sessionError = '';
	36	$this->shortDateFormat = "Y-m-d";
	37	$this->longDateFormat = "r";
	38	$this->httpPath = dirname($_SERVER['SCRIPT_NAME'])."/";
	39	$this->adminPath = $this->httpPath."admin.php/";
	40	if ($this->userName) {
	41	$this->blog = new blogs($this->userName);
	42	}
	43	}
	44
	45	//start / check our session
	46	function startSession() {
	47	//set the session time out in seconds
	48	//1 hour
	49	$maxSessionAge = 3600;
	50
	51	//setup the session stuff
	52	session_name("BlogSession");
	53	session_set_cookie_params($maxSessionAge,dirname($_SERVER['SCRIPT_NAME'])."/");
	54	session_start();
	55	//get the host
	56	if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	57	$host = addslashes($_SERVER['HTTP_X_FORWARDED_FOR']);
	58	}
	59	else {
	60	$host = addslashes($_SERVER['REMOTE_ADDR']);
	61	}
	62	//if we dont have a session, start one
	63	if (!$_SESSION[time]) {
	64	$_SESSION[time] = time();
	65	$_SESSION[ip] = $host;
	66	}
	67	//close the session if its too old
	68	elseif ((time()-$_SESSION[time]) > $maxSessionAge) {
	69	session_unset();
	70	$this->sessionError =_("Session Expired");
	71	startSession();
	72	}
	73	/* //close the session if its move IP
	74	elseif($_SESSION[ip] != $host) {
	75	session_unset();
	76	$this->sessionError =_("IP Changed");
	77	$this->startSession();
	78	} */
	79	//else we are happy, and we just update the session time
	80	else {
	81	$_SESSION[oldTime] = $_SESSION[time];
	82	$_SESSION[time] = time();
	83	}
	84	if ($this->sessionError) {
	85	echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
	86	}
	87	}
	88	//logs people in
	89	function login() {
	90	$username = "";
	91	$password = "";
	92	if (isset($_POST['username']) && trim($_POST['username']) != "" && safeuname(trim($_POST['username']))) {
	93	$username = trim($_POST['username']);
	94	}
	95	else {
	96	$this->sessionError = _("Please check the username field");
	97	}
	98	if (isset($_POST['password']) && trim($_POST['password']) != "") {
	99	$password = trim($_POST['password']);
	100	}
	101	else {
	102	$this->sessionError = _("Please check the password field");
	103	}
	104	if($this->sessionError) {
	105	$this->printLoginForm();
	106	}
	107	else {
	108	$sql = db_query("SELECT id, name from users where enabled = true and username = '".$username."' and password = '".md5($password)."';");
	109	$sqlNum = db_num_rows($sql);
	110	if ($sqlNum != 1) {
	111	$this->sessionError=_("Invalid Username or Password");
	112	$this->printLoginForm();
	113	}
	114	else {
	115	$sqlRow = db_getrow($sql);
	116	$_SESSION['id'] = $sqlRow['id'];
	117	$_SESSION['userName'] = $username;
	118	$_SESSION['realName'] = $sqlRow['name'];
	119	$this->id = $_SESSION['id'];
	120	$this->userName = $_SESSION['userName'];
	121	$this->realName = $_SESSION['realName'];
	122	}
	123	}
	124	}
	125
	126	//admin menu
	127	function menu() {
	128	echo "<ul class=\"side-menu\">\n";
	129	echo "<li><a href=\"".$this->adminPath."newentry"."\">Add a new entry</a></li>\n";
	130	echo "<li><a href=\"",$this->adminPath."settings"."\">Edit blog settings</a></li>\n";
	131	echo "</ul>\n";
	132	}
	133
	134	//destroys the session and presents you with a login screen
	135	function logout ()
	136	{
	137	session_unset();
	138	}
	139
	140	//prints a login form
	141	function printLoginForm()
	142	{
	143	echo "<div class=\"login\">\n";
	144	echo "<h2>"._("Login")."</h2>\n";
	145	echo "<div class=\"td\">\n";
	146	if ($this->sessionError != "") {
	147	echo "<p class=\"invalid\">* " . $this->sessionError . " *</p>\n";
	148	}
	149	echo "<form action=\"".$this->adminPath."login\" method=\"post\" id=\"commentform\">\n";
	150	echo "<p>\n";
	151	echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->commentError != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
	152	echo "<label for=\"username\">"._("Username")."</label>\n";
	153	echo "</p>\n";
	154	echo "<p>\n";
	155	echo "<input type=\"password\" name=\"password\" id=\"password\" size=\"22\" maxlength=\"128\" tabindex=\"2\" />\n";
	156	echo "<label for=\"password\">"._("Password")."</label>\n";
	157	echo "</p>\n";
	158	echo "<p>\n";
	159	echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Login\" />\n";
	160	echo "</p>\n";
	161	echo "</form>\n";
	162	echo "</div>\n";
	163	echo "</div>\n";
	164	}
	165
	166	// post an entry to the db
	167	function postEntry()
	168	{
	169	$category = '';
	170	$subject = '';
	171	$body = '';
	172
	173	//sanitise category (make sure it IS a number!)
	174	if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
	175	$category = (int)$_POST['category'];
	176	} else {
	177	$this->inputError = _("Undefined Category!");
	178	}
	179	//sanitise subject (make sure its not a number!)
	180	if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
	181	$subject = addslashes(trim(strip_tags($_POST['subject'])));
	182	} else {
	183	$this->inputError = _("No entry subject!");
	184	}
	185	//sanitise body
	186	if (isset($_POST['body']) && trim($_POST['body']) != "") {
	187	$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
	188	} else {
	189	$this->inputError = _("No entry body!");
	190	}
	191	//no errors, so continue..
	192	if (!$this->inputError) {
	193	//first we make our short subject
	194	$shortsubject = $this->blog->makeCleanString($subject);
	195	// need to check if there are any short titles like this one already
	196	$sql = db_query("SELECT shortsubject from entries where user_id = ".$this->id." and (shortsubject = '".$shortsubject."' or shortsubject like '".$shortsubject."\\\_%') order by char_length(shortsubject) desc, shortsubject desc;");
	197	$sqlNum = db_num_rows($sql);
	198	//if so we grab the last one, and add 1 to it..
	199	if ($sqlNum != 0) {
	200	$sqlRow = db_getrow($sql);
	201	(int)$newNum = array_shift(array_reverse(explode('_',$sqlRow['shortsubject'])));
	202	$shortsubject .= '_'.++$newNum; //new non-colliding short subject
	203	}
	204	//shortsubject is now safe..
	205	//insert our new entry
	206	$sql = db_query("INSERT INTO entries (category, subject, body, user_id, shortsubject) VALUES ({$category},'{$subject}','{$body}','{$this->id}','{$shortsubject}')");
	207	if (!$sql) {
	208	error(2,"Database commit failed - ".db_error());
	209	}
	210	else {
	211	$row = db_last($sql, "entries");
	212	$this->blog->printEntry($row,false,false);
	213	}
	214	}
	215	//re-display entry form if there are errors
	216	else {
	217	$this->printEntryForm($_POST,true);
	218	}
	219	}
	220
	221	//update an entry in the db, possibly the body or the post will be updated
	222	function updateEntry($id)
	223	{
	224	$category = '';
	225	$subject = '';
	226	$body = '';
	227	$id = $this->blog->makeCleanString($subject);
	228	if (!$id) {
	229	error(4,"If you dont give me a post how do you expect me to update it");
	230	}
	231	//sanitise category (make sure it IS a number!)
	232	if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) {
	233	$category = (int)$_POST['category'];
	234	} else {
	235	$this->inputError = _("Undefined Category!");
	236	}
	237	//sanitise subject (make sure it's not a number!)
	238	if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) {
	239	$subject = addslashes(trim(strip_tags($_POST['subject'])));
	240	} else {
	241	$this->inputError = _("No entry subject!");
	242	}
	243	//sanitise body
	244	if (isset($_POST['body']) && trim($_POST['body']) != "") {
	245	$body = addslashes(nl2br(trim(strip_tags($_POST['body']))));
	246	} else {
	247	$this->inputError = _("No entry body!");
	248	}
	249	//no errors, so continue..
	250	if (!$this->inputError) {
	251	//check to see this post exists
	252	$sql = db_query("SELECT id from entries where id = ".$id."';");
	253	$sqlNum = db_num_rows($sql);
	254	//yes?, we can update it then..
	255	if ($sqlNum == 1) {
	256	$sql = db_query("UPDATE entries SET (category, subject, body) = ({$category},'{$subject}','{$body}') WHERE shortsubject = '{$id}';");
	257	echo ("UPDATE entries SET (category, subject, body) = ({$category},'{$subject}','{$body}') WHERE shortsubject = '{$id}';");
	258	if (!$sql) {
	259	error(2,"Database commit failed - ".db_error());
	260	}
	261	else {
	262	$row = db_last($sql, "entries");
	263	$this->blog->printEntry($row,false,false);
	264	}
	265	}
	266	//cant update non-existant entrys
	267	else {
	268	error(2,_("Cannot update entry, as it does not exist.".db_error()));
	269	}
	270	}
	271	//redisplay entry form if there are errors
	272	else {
	273	$this->updateForm($id);
	274	}
	275	}
	276	//update form
	277	function updateForm($id)
	278	{
	279	$id = $this->blog->makeCleanString($id);
	280	$sql = db_query("SELECT subject, category, body from entries where shortsubject = '".$id."';");
	281	$sqlNum = db_num_rows($sql);
	282	//yes? we can update it then..
	283	if ($sqlNum == 1) {
	284	$row = db_getrow($sql);
	285	$this->printEntryForm($row,true,true);
	286	}
	287	}
	288
	289	//update settings
	290	function updateSettings()
	291	{
	292	//to be written
	293	}
	294
	295	//print the blog Entry form...
	296	function printEntryForm($row='',$show=false,$edit=false)
	297	{
	298	echo "<div class=\"entry\">\n";
	299	if ($this->inputError != "") {
	300	echo "<p class=\"invalid\">* " . $this->inputError . " *</p>\n";
	301	}
	302	echo "<h2>".((!$edit) ?_("Write Entry") : _("Edit Entry"))."</h2>\n";
	303	echo "<form action=\"".$this->adminPath.((!$edit) ? "postentry" : "postupdate/{$row['shortsubject']}")."\" method=\"post\" id=\"entryform\">\n";
	304	echo "<p>\n";
	305	echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($show) ? strip_tags(trim($row['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
	306	echo "<label for=\"subject\">"._(Subject)."</label>\n";
	307	echo "</p>\n";
	308	echo "<p>\n";
	309	echo "<select name=\"category\" id=\"category\">";
	310	//pull in the list of catogories from the database
	311	$sql = db_query("SELECT id, name FROM categories");
	312	while ($sqlRow = db_getrow($sql)) {
	313	echo "<option value=\"{$sqlRow['id']}\"".(((int)$row['category'] == $sqlRow['id']) ? "selected" : "").">{$sqlRow['name']}</option>";
	314	}
	315	echo "</select>";
	316	echo "<label for=\"category\">"._("Category")."</label>\n";
	317	echo "</p>\n";
	318	echo "<p>\n";
	319	echo "<textarea name=\"body\" id=\"body\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($show) ? strip_tags($row['body'],$entryTags) : "") . "</textarea>\n";
	320	echo "</p>\n";
	321	echo "<p>\n";
	322	echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Submit Entry\" />\n";
	323	echo "</p>\n";
	324	echo "</form>\n";
	325	echo "</div>\n";
	326	}
	327
	328
	329	//print the blog settings form...
	330	function printSettingsForm()
	331	{
	332	//pull in user's current settings from the database
	333	$sql = db_query("SELECT name, title, description, css FROM users WHERE username='" . $this->userName . "'");
	334	$settings = db_getrow($sql);
	335	echo "<div class=\"entry\">\n";
	336	echo "<h2>"._("Blog Settings")."</h2>\n";
	337	echo "<form action=\"".$this->blogPath."postsettings\" method=\"post\" id=\"settingsform\">\n";
	338	echo "<p>\n";
	339	echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"" . $settings[name] . "\" size=\"30\" maxlength=\"60\" tabindex=\"1\" />\n";
	340	echo "<label for=\"name\">"._("Real name")."</label>\n";
	341	echo "</p>\n";
	342	echo "<p>\n";
	343	echo "<input type=\"text\" name=\"title\" id=\"title\" value=\"" . $settings[title] . "\" size=\"30\" maxlength=\"60\" tabindex=\"2\" />\n";
	344	echo "<label for=\"title\">"._("Title")."</label>\n";
	345	echo "</p>\n";
	346	echo "<p>\n";
	347	echo "<input type=\"text\" name=\"description\" id=\"description\" value=\"" . $settings[description] . "\" size=\"30\" maxlength=\"60\" tabindex=\"3\" />\n";
	348	echo "<label for=\"description\">"._("Description")."</label>\n";
	349	echo "</p>\n";
	350	echo "<p>\n";
	351	echo "<input type=\"text\" name=\"css\" id=\"css\" value=\"" . $settings[css] . "\" size=\"30\" maxlength=\"255\" tabindex=\"4\" />\n";
	352	echo "<label for=\"css\">"._("CSS")."</label>\n";
	353	echo "</p>\n";
	354	echo "<p>\n";
	355	echo "<input type=\"password\" name=\"pass1\" id=\"pass1\" value=\"\" size=\"15\" maxlength=\"16\" tabindex=\"5\" />\n";
	356	echo "<label for=\"pass1\">"._("Password")."</label>\n";
	357	echo "</p>\n";
	358	echo "<p>\n";
	359	echo "<input type=\"password\" name=\"pass2\" id=\"pass2\" value=\"\" size=\"15\" maxlength=\"16\" tabindex=\"6\" />\n";
	360	echo "<label for=\"pass2\">"._("Again")."</label>\n";
	361	echo "</p>\n";
	362	echo "<p>\n";
	363	echo "<input name=\"submit\" type=\"submit\" id=\"submit\" tabindex=\"4\" value=\"Save Settings\" />\n";
	364	echo "</p>\n";
	365	echo "</form>\n";
	366	echo "</div>\n";
	367	}
371	368
372	369	/* Some functions to manage posts, users etc. */
373	370
374		function addUser($user) //user is the user adminning (a staff member?)
375		{
376		$username = '';
377		$password = '';
378		$type = 1;
379		$name = '';
380		$title = '';
381		$description = '';
382		$css = 'blog.css';
383		$enabled = true; // Why would anyone want to create a disabled blog?
384
385		//if (check_auth($user)) {}
386		//sanitise username
387		if (isset($_POST['username']) && trim($_POST['username']) != "" && (int)$_POST['username'] == 0) {
388		$username = $_POST['username'];
389		} else {
390		$this->inputError = _("Bad Input - Username");
391		$err = 1;
392		}
393
394		//sanitise password, assume it will be hashed before sending :)
395		if (isset($_POST['password']) && trim($_POST['password']) != "" && (int)$_POST['password'] == 0) {
396		$password = $_POST['password'];
397		} else {
398		$this->inputError = _("Bad Input - Password");
399		$err = 1;
400		}
401
402		//sanitise type
403		if (isset($_POST['type']) && trim($_POST['type']) != "" && (int)$_POST['type'] > 0) {
404		$type = (int)$_POST['type'];
405		} else {
406		$this->inputError = _("Bad Input - Type");
407		$err = 1;
408		}
409
410		//sanitise name
411		if (isset($_POST['name']) && trim($_POST['name']) != "" && (int)$_POST['name'] == 0) {
412		$name = addslashes(urldecode($_POST['name']));
413		} else {
414		$this->inputError = _("Bad Input - Realname");
415		$err = 1;
416		}
417
418		//sanitise title
419		if (isset($_POST['title']) && trim($_POST['title']) != "" && (int)$_POST['title'] == 0) {
420		$title = addslashes(urldecode($_POST['title']));
421		} else {
422		$this->inputError = _("Bad Input - Title");
423		$err = 1;
424		}
425
426		//sanitise description
427		if (isset($_POST['description']) && trim($_POST['description']) != "" && (int)$_POST['description'] == 0) {
428		$description = addslashes(urldecode($_POST['description']));
429		} else {
430		$this->inputError = _("Bad Input - Description");
431		$err = 1;
432		}
433
434		//sanitise css
435		if (isset($_POST['css'])) { // if its not set its defaulted...
436		if (trim($_POST['css']) != "" && (int)$_POST['css'] == 0 && is_file($_POST['css'])) {
437		$css = $_POST['css'];
438		} else {
439		$this->inputError = _("Bad Input - CSS location");
440		$err = 1;
441		}
442		}
443
444		//sanitise enabled -- not really sure about this. i think creation and enabling should be
445		// done seperately... ???
446		/*if (isset($_POST['enabled'])) { // if its not set its defaulted...
447		if (trim($_POST['enabled']) != "" && (int)$_POST['enabled'] == 0)) {
448		~~$enabled~~ = $_POST['enabled'];
449		} else {
450		$this->inputError = _("Bad Input - Enabled");
451		$err = 1;
452		}
453		}*/
454
455		if ($err == 0) { // and insert...
456
457		$query = "INSERT into USERS (username,password,type,name,title,description,css,enabled) VALUES ('{$username}','{$password}',{$type},'{$name}','{$title}','{$description}','{$css}',{$enabled});";
458		if (!db_query($query)) {
459		error(2,_("Database Insertion failed."));
460		} else {
461		print(_("New user added:")." ".$username); //pleh?
462		}
463		} else {
464		error(4,_("Bad Input."));
465		}
466		}
467
468		// ok this should take all the input and post it to addUser, passing in the current user and stuff... i think...
469		function addUserForm()
470		{
471		echo "<div class=\"adduser\">\n";
472		if ($this->inputError != "") {
473		echo "<p class=\"invalid\">* " . $this->inputError . " *</p>\n";
474		}
475		elseif (isset($_POST['submit'])) {
476		echo "<p>New user added.</p>\n";
477		}
478		echo "<h2>"._("Add User")."</h2>\n";
479		echo "<form action=\"".$this->blogPath."adduser\" method=\"post\" id=\"adduserform\">\n";
480		echo "<p>\n";
481		echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n";
482		echo "<label for=\"username\">"._("Username")."</label>\n";
483		}
	371	function addUser($user) //user is the user adminning (a staff member?)
	372	{
	373	$username = '';
	374	$password = '';
	375	$type = 1;
	376	$name = '';
	377	$title = '';
	378	$description = '';
	379	$css = 'blog.css';
	380	$enabled = False; // seems sensible..
	381
	382	//if (check_auth($user)) {}
	383	//sanitise username
	384	if (isset($_POST['username']) && trim($_POST['username']) != "" && (int)$_POST['username'] == 0) {
	385	$username = $_POST['username'];
	386	} else {
	387	$this->inputError = _("Bad Input - Username");
	388	$err = 1;
	389	}
	390
	391	//sanitise password, assume it will be hashed before sending :)
	392	if (isset($_POST['password']) && trim($_POST['password']) != "" && (int)$_POST['password'] == 0) {
	393	$password = $_POST['password'];
	394	} else {
	395	$this->inputError = _("Bad Input - Password");
	396	$err = 1;
	397	}
	398
	399	//sanitise type
	400	if (isset($_POST['type']) && trim($_POST['type']) != "" && (int)$_POST['type'] > 0) {
	401	$type = (int)$_POST['type'];
	402	} else {
	403	$this->inputError = _("Bad Input - Type");
	404	$err = 1;
	405	}
	406
	407	//sanitise name
	408	if (isset($_POST['name']) && trim($_POST['name']) != "" && (int)$_POST['name'] == 0) {
	409	$name = addslashes(urldecode($_POST['name']));
	410	} else {
	411	$this->inputError = _("Bad Input - Realname");
	412	$err = 1;
	413	}
	414
	415	//sanitise title
	416	if (isset($_POST['title']) && trim($_POST['title']) != "" && (int)$_POST['title'] == 0) {
	417	$title = addslashes(urldecode($_POST['title']));
	418	} else {
	419	$this->inputError = _("Bad Input - Title");
	420	$err = 1;
	421