|
1 <?php |
|
2 |
|
3 /* |
|
4 * Nuggie |
|
5 * Version 0.1 |
|
6 * Copyright (C) 2007 Dan Fuhry |
|
7 * |
|
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 * |
|
11 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 */ |
|
14 |
|
15 function nuggie_user_cp($section) |
|
16 { |
|
17 global $db, $session, $paths, $template, $plugins; // Common objects |
|
18 if ( $section != 'Blog' ) |
|
19 return false; |
|
20 |
|
21 if ( getConfig('nuggie_installed') != '1' ) |
|
22 { |
|
23 echo '<h3>Nuggie not installed</h3>'; |
|
24 echo '<p>It looks like Nuggie isn\'t installed yet. You\'ll need to <a href="' . makeUrlNS('Special', 'NuggieInstall') . '">install Nuggie</a> before you can do anything more.</p>'; |
|
25 return true; |
|
26 } |
|
27 |
|
28 $subsection = $paths->getParam(1); |
|
29 $initted = true; |
|
30 |
|
31 $q = $db->sql_query('SELECT blog_id, blog_name, blog_subtitle, blog_type, allowed_users FROM ' . table_prefix . "blogs WHERE user_id = {$session->user_id};"); |
|
32 if ( !$q ) |
|
33 $db->_die('Nuggie User CP selecting blog info'); |
|
34 |
|
35 if ( $db->numrows() < 1 ) |
|
36 { |
|
37 $subsection = 'Settings'; |
|
38 $initted = false; |
|
39 } |
|
40 |
|
41 list(, $blog_name, $blog_desc, $blog_type, $allowed_users) = $db->fetchrow_num($q); |
|
42 |
|
43 switch($subsection) |
|
44 { |
|
45 case false: |
|
46 case 'Home': |
|
47 echo 'module Home'; |
|
48 break; |
|
49 case 'Settings': |
|
50 |
|
51 switch ( isset($_POST['do_save']) ) |
|
52 { |
|
53 // We're doing this so we can break out if we need to (if form validation fails) |
|
54 case true: |
|
55 |
|
56 $errors = array(); |
|
57 |
|
58 $blog_name = trim($_POST['blog_name']); |
|
59 $blog_desc = trim($_POST['blog_desc']); |
|
60 $blog_access = trim($_POST['blog_access']); |
|
61 $allowed_users = $_POST['allowed_users']; |
|
62 |
|
63 if ( empty($blog_name) ) |
|
64 $errors[] = 'Please enter a name for your blog.'; |
|
65 |
|
66 if ( !in_array($blog_access, array('public', 'private')) ) |
|
67 $errors[] = 'Hacking attempt on blog_access: must be one of public, private.'; |
|
68 |
|
69 if ( count($allowed_users) > 500 ) |
|
70 $errors[] = 'You\'re asking that an unreasonable number of users have access to this blog. If you really have that many readers, you may want to ask the administrator of this site to make a usergroup with read access to your blog.'; |
|
71 |
|
72 if ( count($allowed_users) < 1 && $blog_access == 'private' ) |
|
73 $errors[] = 'Please enter at least one username that will have access to your blog. Note that your account always has access to your blog.'; |
|
74 |
|
75 if ( $blog_access == 'public' ) |
|
76 { |
|
77 $allowed_users = 'NULL'; |
|
78 } |
|
79 else |
|
80 { |
|
81 if ( is_array($allowed_users) && count($errors) < 1 ) |
|
82 { |
|
83 $allowed_users = array_values(array_unique($allowed_users)); |
|
84 foreach ( $allowed_users as $i => $_ ) |
|
85 { |
|
86 if ( empty( $allowed_users[$i] ) ) |
|
87 { |
|
88 unset($allowed_users[$i]); |
|
89 } |
|
90 else |
|
91 { |
|
92 $allowed_users[$i] = $db->escape($allowed_users[$i]); |
|
93 } |
|
94 } |
|
95 $fragment = "username='" . implode("' OR username='", $allowed_users) . "'"; |
|
96 $e = $db->sql_query('SELECT COUNT(username) AS num_valid FROM ' . table_prefix . "users WHERE $fragment;"); |
|
97 if ( !$e ) |
|
98 $db->_die('Nuggie user CP validating usernames'); |
|
99 |
|
100 $row = $db->fetchrow(); |
|
101 if ( intval($row['num_valid']) != count($allowed_users) ) |
|
102 $errors[] = 'One or more of the usernames you entered does not exist.'; |
|
103 } |
|
104 else |
|
105 { |
|
106 $errors[] = 'Invalid datatype on allowed_users.'; |
|
107 } |
|
108 } |
|
109 |
|
110 if ( count($errors) > 0 ) |
|
111 { |
|
112 $initted = true; |
|
113 echo '<div class="error-box" style="margin: 0 0 10px 0"> |
|
114 <b>The following problems prevented your blog settings from being saved:</b> |
|
115 <ul> |
|
116 <li> |
|
117 ' . implode("</li>\n <li>", $errors) . ' |
|
118 </li> |
|
119 </ul> |
|
120 </div>'; |
|
121 break; |
|
122 } |
|
123 else |
|
124 { |
|
125 // Save changes |
|
126 |
|
127 if ( !is_string($allowed_users) ) |
|
128 $allowed_users = "'" . $db->escape( serialize($allowed_users) ) . "'"; |
|
129 |
|
130 $blog_name = $db->escape($blog_name); |
|
131 $blog_desc = $db->escape($blog_desc); |
|
132 |
|
133 if ( $initted ) |
|
134 { |
|
135 $sql = 'UPDATE ' . table_prefix . "blogs SET blog_name = '$blog_name', blog_subtitle = '$blog_desc', blog_type = '$blog_access', allowed_users = $allowed_users;"; |
|
136 } |
|
137 else |
|
138 { |
|
139 $sql = 'INSERT INTO ' . table_prefix . 'blogs(blog_name, blog_subtitle, blog_type, allowed_users, user_id)' . |
|
140 "\n VALUES ( '$blog_name', '$blog_desc', '$blog_access', $allowed_users, {$session->user_id} );"; |
|
141 } |
|
142 |
|
143 if ( $db->sql_query($sql) ) |
|
144 { |
|
145 echo '<div class="info-box" style="margin: 0 0 10px 0;">' . |
|
146 ( $initted ? 'Your changes have been saved.' : 'Your blog has been created; you can now |
|
147 <a href="' . makeUrlNS('Special', 'Preferences/Blog/Write', false, true) . '">start writing some posts</a> and |
|
148 then <a href="' . makeUrlNS('Blog', $session->username, false, true) . '">view your blog</a>.' ) |
|
149 . '</div>'; |
|
150 } |
|
151 else |
|
152 { |
|
153 $db->_die('Nuggie user CP saving settings'); |
|
154 } |
|
155 |
|
156 // Re-select the blog data |
|
157 $db->free_result($q); |
|
158 |
|
159 $q = $db->sql_query('SELECT blog_id, blog_name, blog_subtitle, blog_type, allowed_users FROM ' . table_prefix . "blogs WHERE user_id = {$session->user_id};"); |
|
160 if ( !$q ) |
|
161 $db->_die('Nuggie User CP selecting blog info'); |
|
162 |
|
163 list(, $blog_name, $blog_desc, $blog_type, $allowed_users) = $db->fetchrow_num($q); |
|
164 } |
|
165 |
|
166 $initted = true; |
|
167 } |
|
168 |
|
169 if ( !$initted ) |
|
170 { |
|
171 echo '<div class="error-box" style="margin: 0 0 10px 0;"> |
|
172 <b>It looks like your blog isn\'t set up yet.</b><br /> |
|
173 You\'ll need to set up your blog by entering some basic information here before you can write any posts. |
|
174 </div>'; |
|
175 $blog_name = htmlspecialchars($session->username) . "'s blog"; |
|
176 $blog_desc = ''; |
|
177 } |
|
178 else |
|
179 { |
|
180 $blog_name = htmlspecialchars(strtr($blog_name, array('"' => '"'))); |
|
181 $blog_desc = htmlspecialchars(strtr($blog_desc, array('"' => '"'))); |
|
182 } |
|
183 |
|
184 if ( !isset($blog_type) ) |
|
185 $blog_type = 'public'; |
|
186 |
|
187 if ( !isset($allowed_users) ) |
|
188 $allowed_users = serialize(array()); |
|
189 |
|
190 $form_action = makeUrlNS('Special', 'Preferences/Blog/Settings', false, true); |
|
191 echo "<form action=\"$form_action\" method=\"post\" enctype=\"multipart/form-data\">"; |
|
192 |
|
193 ?> |
|
194 <div class="tblholder"> |
|
195 <table border="0" cellspacing="1" cellpadding="4"> |
|
196 <tr> |
|
197 <th colspan="2"> |
|
198 <?php echo ( $initted ) ? 'Manage blog settings' : 'Create blog'; ?> |
|
199 </th> |
|
200 </tr> |
|
201 <tr> |
|
202 <td class="row2"> |
|
203 Blog name: |
|
204 </td> |
|
205 <td class="row1"> |
|
206 <input type="text" name="blog_name" size="60" value="<?php echo $blog_name; ?>" tabindex="1" /> |
|
207 </td> |
|
208 </tr> |
|
209 <tr> |
|
210 <td class="row2"> |
|
211 Blog description:<br /> |
|
212 <small>You're best off keeping this short and sweet.</small> |
|
213 </td> |
|
214 <td class="row1"> |
|
215 <input type="text" name="blog_desc" size="60" value="<?php echo $blog_desc; ?>" tabindex="2" /> |
|
216 </td> |
|
217 </tr> |
|
218 <tr> |
|
219 <td class="row2"> |
|
220 Blog access: |
|
221 </td> |
|
222 <td class="row1"> |
|
223 <label><input onclick="$('nuggie_allowed_users').object.style.display='none';" tabindex="3" type="radio" name="blog_access" value="public"<?php echo ( $blog_type == 'public' ) ? ' checked="checked"' : ''; ?> /> Let everyone read my blog</label><br /> |
|
224 <label><input onclick="$('nuggie_allowed_users').object.style.display='block';" tabindex="4" type="radio" name="blog_access" value="private"<?php echo ( $blog_type == 'private' ) ? ' checked="checked"' : ''; ?> /> Only allow the users I list below</label><br /> |
|
225 <small style="margin-left: 33px;">Administrators can always read all blogs, including private ones.</small> |
|
226 <div id="nuggie_allowed_users"<?php echo ( $blog_type == 'public' ) ? ' style="display: none;"' : ''; ?>> |
|
227 <?php |
|
228 if ( $initted ) |
|
229 { |
|
230 $allowed_users = unserialize($allowed_users); |
|
231 foreach ( $allowed_users as $user ) |
|
232 { |
|
233 echo '<input type="text" name="allowed_users[]" tabindex="5" value="' . $user . '" size="25" style="margin-bottom: 5px;" onkeyup="new AutofillUsername(this);" /><br />'; |
|
234 } |
|
235 echo '<input type="text" name="allowed_users[]" tabindex="5" value="" size="25" style="margin-bottom: 5px;" onkeyup="new AutofillUsername(this);" /><br />'; |
|
236 } |
|
237 else |
|
238 { |
|
239 ?> |
|
240 <input type="text" name="allowed_users[]" tabindex="5" value="" size="25" style="margin-bottom: 5px;" onkeyup="new AutofillUsername(this);" /><br /> |
|
241 <input type="text" name="allowed_users[]" tabindex="5" value="" size="25" style="margin-bottom: 5px;" onkeyup="new AutofillUsername(this);" /><br /> |
|
242 <input type="text" name="allowed_users[]" tabindex="5" value="" size="25" style="margin-bottom: 5px;" onkeyup="new AutofillUsername(this);" /><br /> |
|
243 <input type="text" name="allowed_users[]" tabindex="5" value="" size="25" style="margin-bottom: 5px;" onkeyup="new AutofillUsername(this);" /><br /> |
|
244 <input type="text" name="allowed_users[]" tabindex="5" value="" size="25" style="margin-bottom: 5px;" onkeyup="new AutofillUsername(this);" /><br /> |
|
245 <?php |
|
246 } |
|
247 ?> |
|
248 <input type="button" tabindex="6" onclick="var x = document.createElement('input'); x.tabindex = '5'; x.onkeyup = function() { new AutofillUsername(this); }; x.size='25'; x.style.marginBottom='5px'; x.type='text'; x.name='allowed_users[]'; $('nuggie_allowed_users').object.insertBefore(x, this); $('nuggie_allowed_users').object.insertBefore(document.createElement('br'), this); x.focus();" value="+ Add another" /> |
|
249 </div> |
|
250 </td> |
|
251 </tr> |
|
252 <tr> |
|
253 <th class="subhead" colspan="2"> |
|
254 <input tabindex="7" type="submit" name="do_save" value="<?php echo ( $initted ) ? 'Save changes' : 'Create my blog »' ?>" /> |
|
255 </th> |
|
256 </tr> |
|
257 </table> |
|
258 </div> |
|
259 <?php |
|
260 |
|
261 echo '</form>'; |
|
262 |
|
263 break; |
|
264 case 'Posts': |
|
265 echo 'module Posts'; |
|
266 break; |
|
267 case 'Write': |
|
268 |
|
269 $post_text = ''; |
|
270 $post_title = 'Post title'; |
|
271 |
|
272 $post_id = $paths->getParam(2); |
|
273 if ( isset($_POST['post_id']) ) |
|
274 { |
|
275 $post_id = $_POST['post_id']; |
|
276 } |
|
277 if ( $post_id ) |
|
278 { |
|
279 /* |
|
280 * FIXME: Validate blog public/private status before sending text |
|
281 * FIXME: Avoid ambiguous post_title_cleans through appending numbers when needed |
|
282 */ |
|
283 |
|
284 $post_id = intval($post_id); |
|
285 $q = $db->sql_query('SELECT p.post_id, p.post_title, p.post_title_clean, p.post_author, p.post_text, p.post_timestamp, u.username ' |
|
286 . 'FROM ' . table_prefix . 'blog_posts AS p' |
|
287 . ' LEFT JOIN ' . table_prefix . 'users AS u' |
|
288 . ' ON ( p.post_author = u.user_id )' |
|
289 . ' WHERE post_id = ' . $post_id . ';'); |
|
290 |
|
291 if ( !$q ) |
|
292 $db->_die('Nuggie user CP obtaining post info'); |
|
293 |
|
294 if ( $db->numrows() > 0 ) |
|
295 { |
|
296 $row = $db->fetchrow(); |
|
297 if ( $session->user_id != $row['post_author'] ) |
|
298 { |
|
299 // We have a possible security issue on our hands - the user is trying |
|
300 // to edit someone else's post. Verify read and write permissions. |
|
301 $post_page_id = "{$row['post_timestamp']}_{$row['post_id']}"; |
|
302 $perms = $session->fetch_page_acl($post_page_id, 'Blog'); |
|
303 if ( !$perms->get_permissions('read') || !$perms->get_permissions('nuggie_edit_other') ) |
|
304 { |
|
305 echo '<h3>Post editing error</h3>'; |
|
306 echo '<p>You do not have permission to edit this blog post.</p>'; |
|
307 |
|
308 unset($row); |
|
309 unset($row); |
|
310 |
|
311 $db->free_result(); |
|
312 // Break out of this entire user CP module |
|
313 return true; |
|
314 } |
|
315 } |
|
316 else |
|
317 { |
|
318 $post_page_id = "{$row['post_timestamp']}_{$row['post_id']}"; |
|
319 $perms = $session->fetch_page_acl($post_page_id, 'Blog'); |
|
320 if ( !$perms->get_permissions('nuggie_edit_own') || !$perms->get_permissions('read') ) |
|
321 { |
|
322 echo '<h3>Post editing error</h3>'; |
|
323 echo '<p>You do not have permission to edit this blog post.</p>'; |
|
324 |
|
325 unset($row); |
|
326 unset($row); |
|
327 |
|
328 $db->free_result(); |
|
329 // Break out of this entire user CP module |
|
330 return true; |
|
331 } |
|
332 } |
|
333 // We have permission - load post |
|
334 $post_title = $row['post_title']; |
|
335 $post_text = $row['post_text']; |
|
336 } |
|
337 } |
|
338 |
|
339 if ( isset($_POST['submit']) ) |
|
340 { |
|
341 switch($_POST['submit']) |
|
342 { |
|
343 case 'save_publish': |
|
344 $publish = '1'; |
|
345 case 'save_draft': |
|
346 if ( !isset($publish) ) |
|
347 $publish = '0'; |
|
348 |
|
349 $save_post_text = $_POST['post_text']; |
|
350 $save_post_title = $db->escape($_POST['post_title']); |
|
351 $save_post_title_clean = $db->escape(nuggie_sanitize_title($_POST['post_title'])); |
|
352 |
|
353 $save_post_text = RenderMan::preprocess_text($save_post_text, true, true); |
|
354 |
|
355 if ( $post_id ) |
|
356 { |
|
357 $sql = 'UPDATE ' . table_prefix . "blog_posts SET post_title = '$save_post_title', post_title_clean = '$save_post_title_clean', post_text = '$save_post_text', post_published = $publish WHERE post_id = $post_id;"; |
|
358 } |
|
359 else |
|
360 { |
|
361 $time = time(); |
|
362 $sql = 'INSERT INTO ' . table_prefix . 'blog_posts ( post_title, post_title_clean, post_text, post_author, post_timestamp, post_published ) ' |
|
363 . "VALUES ( '$save_post_title', '$save_post_title_clean', '$save_post_text', {$session->user_id}, $time, $publish );"; |
|
364 } |
|
365 |
|
366 if ( $db->sql_query($sql) ) |
|
367 { |
|
368 echo '<div class="info-box" style="margin: 0 0 10px 0;"> |
|
369 ' . ( $publish == '1' ? 'Your post has been published.' : 'Your post has been saved.' ) . ' |
|
370 </div>'; |
|
371 } |
|
372 else |
|
373 { |
|
374 $db->_die('Nuggie user CP running post-save query'); |
|
375 } |
|
376 |
|
377 if ( !$post_id ) |
|
378 { |
|
379 $post_id = $db->insert_id(); |
|
380 } |
|
381 |
|
382 $post_title = $_POST['post_title']; |
|
383 $post_text = $_POST['post_text']; |
|
384 break; |
|
385 case 'preview': |
|
386 $preview_text = $_POST['post_text']; |
|
387 $preview_text = RenderMan::preprocess_text($preview_text, true, false); |
|
388 $preview_text = RenderMan::render($preview_text); |
|
389 |
|
390 /* |
|
391 * FIXME: Use the real post renderer (when it's ready) |
|
392 */ |
|
393 |
|
394 echo '<div style="border: 1px solid #406080; background-color: #F0F0F0; margin: 0 0 10px 0; padding: 10px; |
|
395 overflow: auto; max-height: 500px; clip: rect(0px, auto, auto, 0px);">'; |
|
396 echo '<h2>Post preview</h2>'; |
|
397 echo '<p style="color: red;">FIXME: This does not use the real post-display API, which is not yet implemented. Eventually this should look just like a real post.</p>'; |
|
398 echo '<h3>' . htmlspecialchars($_POST['post_title']) . '</h3>'; |
|
399 echo $preview_text; |
|
400 echo '</div>'; |
|
401 |
|
402 $post_title = $_POST['post_title']; |
|
403 $post_text = $_POST['post_text']; |
|
404 break; |
|
405 } |
|
406 } |
|
407 |
|
408 $q = $db->sql_query('SELECT post_id, post_title FROM ' . table_prefix . "blog_posts WHERE post_published = 0 AND post_author = {$session->user_id};"); |
|
409 if ( !$q ) |
|
410 $db->_die('Nuggie user CP selecting draft posts'); |
|
411 if ( $db->numrows() > 0 ) |
|
412 { |
|
413 echo '<div class="mdg-infobox" style="margin: 0 0 10px 0;"><b>Your drafts:</b> '; |
|
414 $posts = array(); |
|
415 while ( $row = $db->fetchrow() ) |
|
416 { |
|
417 $posts[] = '<a href="' . makeUrlNS('Special', "Preferences/Blog/Write/{$row['post_id']}") . '">' . htmlspecialchars($row['post_title']) . '</a>'; |
|
418 } |
|
419 echo implode(', ', $posts); |
|
420 echo '</div>'; |
|
421 } |
|
422 |
|
423 echo '<form action="' . makeUrlNS('Special', 'Preferences/Blog/Write', false, true) . '" method="post">'; |
|
424 |
|
425 $post_text = htmlspecialchars($post_text); |
|
426 $post_title = strtr(htmlspecialchars($post_title), array('"' => '"')); |
|
427 |
|
428 echo '<input type="text" name="post_title" value="' . $post_title . '" style="font-size: 16pt; margin-bottom: 10px; width: 100%;' . ( $post_title == 'Post title' ? ' color: #808080;' : '' ) . '" onfocus="if ( this.value == \'Post title\' ) { this.value = \'\'; this.style.color = null; }" onblur="if ( this.value == \'\' ) { this.value = \'Post title\'; this.style.color = \'#808080\'; } else { this.style.color = null; }" />'; |
|
429 echo $template->tinymce_textarea('post_text', $post_text); |
|
430 |
|
431 // Buttons! |
|
432 echo '<div style="margin-top: 10px;">'; |
|
433 echo '<button name="submit" value="save_draft">Save draft</button> '; |
|
434 echo '<button name="submit" value="preview">Show preview</button> '; |
|
435 echo '<button name="submit" value="save_publish">Publish to blog</button> '; |
|
436 echo '</div>'; |
|
437 |
|
438 if ( $post_id ) |
|
439 { |
|
440 echo '<input type="hidden" name="post_id" value="' . $post_id . '" />'; |
|
441 } |
|
442 |
|
443 echo '</form>'; |
|
444 |
|
445 break; |
|
446 case 'Planets': |
|
447 echo 'module Planets'; |
|
448 break; |
|
449 default: |
|
450 return false; |
|
451 } |
|
452 return true; |
|
453 } |
|
454 |
|
455 $plugins->attachHook("userprefs_jbox", " |
|
456 userprefs_menu_add('My blog', 'Manage blog settings', makeUrlNS('Special', 'Preferences/Blog/Settings')); |
|
457 userprefs_menu_add('My blog', 'Manage posts', makeUrlNS('Special', 'Preferences/Blog/Posts')); |
|
458 userprefs_menu_add('My blog', 'Write new post', makeUrlNS('Special', 'Preferences/Blog/Write')); |
|
459 userprefs_menu_add('My blog', 'Manage my planets', makeUrlNS('Special', 'Preferences/Blog/Planets')); |
|
460 \$userprefs_menu_links['My blog'] = makeUrlNS('Blog', \$session->username); |
|
461 "); |
|
462 $plugins->attachHook("userprefs_body", "return nuggie_user_cp(\$section);"); |