260 |
260 |
261 echo '</form>'; |
261 echo '</form>'; |
262 |
262 |
263 break; |
263 break; |
264 case 'Posts': |
264 case 'Posts': |
265 echo 'module Posts'; |
265 if ( $paths->getParam(2) == 'AjaxHandler' ) |
|
266 { |
|
267 ob_end_clean(); |
|
268 |
|
269 if ( !isset($_POST['act']) ) |
|
270 die(); |
|
271 |
|
272 switch($_POST['act']) |
|
273 { |
|
274 case 'delete': |
|
275 header('Content-type: application/json'); |
|
276 |
|
277 if ( !isset($_POST['post_id']) ) |
|
278 die(); |
|
279 |
|
280 if ( strval(intval($_POST['post_id'])) !== $_POST['post_id'] ) |
|
281 die(); |
|
282 |
|
283 // make sure it's ok |
|
284 $post_id =& $_POST['post_id']; |
|
285 $post_id = intval($post_id); |
|
286 $q = $db->sql_query('SELECT post_author FROM ' . table_prefix . 'blog_posts WHERE post_id = ' . $post_id . ';'); |
|
287 if ( !$q ) |
|
288 $db->die_json(); |
|
289 if ( $db->numrows() < 1 ) |
|
290 die('That post doesn\'t exist.'); |
|
291 |
|
292 list($author) = $db->fetchrow_num(); |
|
293 $author = intval($author); |
|
294 if ( $author !== $session->user_id && !$session->get_permissions('nuggie_edit_other') ) |
|
295 die('No permissions'); |
|
296 |
|
297 // try to delete the post... |
|
298 $q = $db->sql_query('DELETE FROM ' . table_prefix . 'blog_posts WHERE post_id = ' . $post_id . ';'); |
|
299 if ( !$q ) |
|
300 $db->die_json(); |
|
301 |
|
302 echo '1'; |
|
303 |
|
304 break; |
|
305 case 'publish': |
|
306 if ( !isset($_POST['post_id']) ) |
|
307 die(); |
|
308 |
|
309 if ( strval(intval($_POST['post_id'])) !== $_POST['post_id'] ) |
|
310 die(); |
|
311 |
|
312 if ( !in_array(@$_POST['state'], array('0', '1')) ) |
|
313 die(); |
|
314 |
|
315 $state = intval($_POST['state']); |
|
316 $post_id =& $_POST['post_id']; |
|
317 $post_id = intval($post_id); |
|
318 |
|
319 // validate permissions |
|
320 $q = $db->sql_query('SELECT post_author FROM ' . table_prefix . 'blog_posts WHERE post_id = ' . $post_id . ';'); |
|
321 if ( !$q ) |
|
322 $db->die_json(); |
|
323 if ( $db->numrows() < 1 ) |
|
324 die('That post doesn\'t exist.'); |
|
325 |
|
326 list($author) = $db->fetchrow_num(); |
|
327 $author = intval($author); |
|
328 if ( $author !== $session->user_id && !$session->get_permissions('nuggie_edit_other') ) |
|
329 die('No permissions'); |
|
330 |
|
331 // try to delete the post... |
|
332 $q = $db->sql_query('UPDATE ' . table_prefix . 'blog_posts SET post_published = ' . $state . ' WHERE post_id = ' . $post_id . ';'); |
|
333 if ( !$q ) |
|
334 $db->die_json(); |
|
335 |
|
336 echo "good;$state"; |
|
337 |
|
338 break; |
|
339 } |
|
340 |
|
341 $db->close(); |
|
342 exit(); |
|
343 } |
|
344 |
|
345 if ( isset($_POST['action']) ) |
|
346 { |
|
347 $action =& $_POST['action']; |
|
348 // Parse parameters |
|
349 if ( strpos($action, ';') ) |
|
350 { |
|
351 // Parameter section |
|
352 $parms = substr($action, strpos($action, ';') + 1); |
|
353 |
|
354 // Action name section |
|
355 $action = substr($action, 0, strpos($action, ';')); |
|
356 |
|
357 // Match all parameters |
|
358 preg_match_all('/([a-z0-9_]+)=(.+?)(;|$)/', $parms, $matches); |
|
359 $parms = array(); |
|
360 |
|
361 // For each full parameter, assign $parms an associative value |
|
362 foreach ( $matches[0] as $i => $_ ) |
|
363 { |
|
364 $parm = $matches[2][$i]; |
|
365 |
|
366 // Is this parameter in the form of an integer? |
|
367 // (designed to ease validation later) |
|
368 if ( preg_match('/^[0-9]+$/', $parm) ) |
|
369 // Yes, run intval(), this enabling is_int()-ish checks |
|
370 $parm = intval($parm); |
|
371 |
|
372 $parms[$matches[1][$i]] = $parm; |
|
373 } |
|
374 } |
|
375 switch ( $action ) |
|
376 { |
|
377 case 'edit': |
|
378 if ( !is_int(@$parms['id']) ) |
|
379 break; |
|
380 // This is hackish. Really, REALLY hackish. |
|
381 $_SERVER['PATH_INFO'] = '.../' . $paths->nslist['Special'] . 'Preferences/Blog/Write/' . $parms['id']; |
|
382 nuggie_user_cp('Blog'); |
|
383 return true; |
|
384 break; |
|
385 case 'delete': |
|
386 |
|
387 if ( !is_int(@$parms['id']) ) |
|
388 break; |
|
389 |
|
390 // make sure it's ok |
|
391 $post_id = $parms['id']; |
|
392 $post_id = intval($post_id); |
|
393 $q = $db->sql_query('SELECT post_author FROM ' . table_prefix . 'blog_posts WHERE post_id = ' . $post_id . ';'); |
|
394 if ( !$q ) |
|
395 $db->_die(); |
|
396 if ( $db->numrows() < 1 ) |
|
397 die('That post doesn\'t exist.'); |
|
398 |
|
399 list($author) = $db->fetchrow_num(); |
|
400 $author = intval($author); |
|
401 if ( $author !== $session->user_id && !$session->get_permissions('nuggie_edit_other') ) |
|
402 die('No permissions'); |
|
403 |
|
404 // try to delete the post... |
|
405 $q = $db->sql_query('DELETE FROM ' . table_prefix . 'blog_posts WHERE post_id = ' . $post_id . ';'); |
|
406 if ( !$q ) |
|
407 $db->_die(); |
|
408 |
|
409 echo '<div class="info-box" style="margin: 0 0 0 0;">Post deleted.</div>'; |
|
410 |
|
411 break; |
|
412 } |
|
413 } |
|
414 |
|
415 // include some javascript for management |
|
416 echo '<script type="text/javascript" src="' . scriptPath . '/plugins/nuggie/client/usercp.js"></script>'; |
|
417 |
|
418 // the form |
|
419 // +------------------+------------+------+-----+---------+----------------+ |
|
420 // | Field | Type | Null | Key | Default | Extra | |
|
421 // +------------------+------------+------+-----+---------+----------------+ |
|
422 // | post_id | int(15) | NO | PRI | NULL | auto_increment | |
|
423 // | post_title | text | NO | | | | |
|
424 // | post_title_clean | text | NO | | | | |
|
425 // | post_author | int(12) | NO | | 1 | | |
|
426 // | post_text | longtext | NO | | | | |
|
427 // | post_timestamp | int(32) | NO | | 0 | | |
|
428 // | post_published | tinyint(1) | NO | | 0 | | |
|
429 // +------------------+------------+------+-----+---------+----------------+ |
|
430 |
|
431 echo '<form action="' . makeUrlNS('Special', 'Preferences/Blog/Posts') . '" method="post">'; |
|
432 |
|
433 $q = $db->sql_query('SELECT post_id, post_title, post_title_clean, post_timestamp, post_published FROM ' . table_prefix . 'blog_posts WHERE post_author = ' . $session->user_id . ' ORDER BY post_timestamp DESC;'); |
|
434 if ( !$q ) |
|
435 $db->_die(); |
|
436 |
|
437 echo '<div class="tblholder"> |
|
438 <table border="0" cellspacing="1" cellpadding="4">'; |
|
439 |
|
440 echo '<tr> |
|
441 <th style="width: 1px;">#</th> |
|
442 <th style="width: 80%;">Post title</th> |
|
443 <th>Published</th> |
|
444 <th>Time</th> |
|
445 <th colspan="2"></th> |
|
446 </tr>'; |
|
447 |
|
448 while ( $row = $db->fetchrow() ) |
|
449 { |
|
450 echo '<tr>'; |
|
451 |
|
452 $uri = makeUrlNS('Blog', $session->username . date('/Y/n/j/', $row['post_timestamp']) . $row['post_title_clean'], false, true); |
|
453 |
|
454 echo '<td class="row2" style="text-align: center;">' . $row['post_id'] . '</td>'; |
|
455 echo '<td class="row1">' . "<a href=\"$uri\">" . htmlspecialchars($row['post_title']) . '</a></td>'; |
|
456 $cls = ( $row['post_published'] == 1 ) ? 'row3_green' : 'row3_red'; |
|
457 echo '<td class="' . $cls . ' nuggie_publishbtn" onclick="ajaxNuggieTogglePublished(' . $row['post_id'] . ', this);" nuggie:published="' . $row['post_published'] . '" style="text-align: center;">' . ( ( $row['post_published'] == 1 ) ? '<b>Yes</b>' : 'No' ) . '</td>'; |
|
458 echo '<td class="row3" style="white-space: nowrap;">' . ( function_exists('enano_date') ? enano_date('Y-m-d', $row['post_timestamp']) : date('Y-m-d h:i', $row['post_timestamp']) ) . '</td>'; |
|
459 echo '<td class="row1" style="white-space: nowrap;"><button class="nuggie_edit" name="action" value="edit;id=' . $row['post_id'] . '">Edit</button> <button class="nuggie_delete" name="action" onclick="return ajaxNuggieDeletePost(' . $row['post_id'] . ', this.parentNode.parentNode);" value="delete;id=' . $row['post_id'] . '">Delete</button></td>'; |
|
460 |
|
461 echo '</tr>'; |
|
462 } |
|
463 |
|
464 echo ' </table> |
|
465 </div>'; |
|
466 |
|
467 echo '</form>'; |
|
468 |
266 break; |
469 break; |
267 case 'Write': |
470 case 'Write': |
268 |
471 |
269 $post_text = ''; |
472 $post_text = ''; |
270 $post_title = 'Post title'; |
473 $post_title = 'Post title'; |