254 $time_max = $time_min + 86400; |
257 $time_max = $time_min + 86400; |
255 |
258 |
256 $ptc = $db->escape($post_title_clean); |
259 $ptc = $db->escape($post_title_clean); |
257 $uname = $db->escape(dirtify_page_id($poster)); |
260 $uname = $db->escape(dirtify_page_id($poster)); |
258 |
261 |
259 $q = $db->sql_query("SELECT p.post_id, p.post_title, p.post_title_clean, p.post_author, p.post_timestamp, p.post_text, b.blog_name,\n" |
262 $q = $db->sql_query("SELECT p.post_id\n" |
260 . " b.blog_subtitle, b.blog_type, b.allowed_users, u.username, u.user_level, COUNT(c.comment_id) AS num_comments\n" |
|
261 . " FROM " . table_prefix . "blog_posts AS p\n" |
263 . " FROM " . table_prefix . "blog_posts AS p\n" |
262 . " LEFT JOIN " . table_prefix . "blogs AS b\n" |
|
263 . " ON ( b.user_id = p.post_author )\n" |
|
264 . " LEFT JOIN " . table_prefix . "users AS u\n" |
264 . " LEFT JOIN " . table_prefix . "users AS u\n" |
265 . " ON ( u.user_id = p.post_author )\n" |
265 . " ON ( u.user_id = p.post_author )\n" |
266 . " LEFT JOIN " . table_prefix . "comments AS c\n" |
|
267 . " ON ( ( c.page_id = '{$particlecomp}' AND c.namespace = 'Blog' ) OR ( c.page_id IS NULL AND c.namespace IS NULL ) )\n" |
|
268 . " WHERE p.post_timestamp >= $time_min AND p.post_timestamp <= $time_max\n" |
266 . " WHERE p.post_timestamp >= $time_min AND p.post_timestamp <= $time_max\n" |
269 . " AND p.post_title_clean = '$ptc' AND u.username = '$uname'\n" |
267 . " AND p.post_title_clean = '$ptc' AND u.username = '$uname'\n" |
270 . " GROUP BY p.post_id;"); |
268 . " GROUP BY p.post_id;"); |
271 if ( !$q ) |
269 if ( !$q ) |
272 $db->_die('Nuggie post handler selecting main post data'); |
270 $db->_die('Nuggie post handler doing name- and date-based lookup'); |
273 |
271 |
274 if ( $db->numrows() < 1 ) |
272 if ( $db->numrows() < 1 ) |
275 return false; |
273 return false; |
276 |
274 |
277 if ( $db->numrows() > 1 ) |
275 if ( $db->numrows() > 1 ) |
280 not able to distinguish which post you wish to view.</p>'); |
278 not able to distinguish which post you wish to view.</p>'); |
281 } |
279 } |
282 |
280 |
283 $row = $db->fetchrow(); |
281 $row = $db->fetchrow(); |
284 |
282 |
285 // |
283 $realpost = new PageProcessor($row['post_id'], 'BlogPost'); |
286 // Determine permissions |
284 |
287 // |
285 // huge hack |
288 |
286 // the goal here is to fool the page metadata system into thinking that comments are enabled. |
289 // The way we're doing this is first fetching permissions for the blog, and then merging them |
287 $paths->cpage['comments_on'] = 1; |
290 // with permissions specific to the post. This way the admin can set custom permissions for the |
288 if ( !isset($paths->pages[$paths->nslist['BlogPost'] . $row['post_id']]) ) |
291 // entire blog, and they'll be inherited unless individual posts have overriding permissions. |
289 { |
292 $perms_blog = $session->fetch_page_acl($row['username'], 'Blog'); |
290 $paths->pages[$paths->nslist['BlogPost'] . $row['post_id']] = array( |
293 $perms = $session->fetch_page_acl("{$row['post_timestamp']}_{$row['post_id']}", 'Blog'); |
291 'urlname' => $paths->nslist['BlogPost'] . $row['post_id'], |
294 $perms->perms = $session->acl_merge($perms->perms, $perms_blog->perms); |
292 'urlname_nons' => $row['post_id'], |
295 unset($perms_blog); |
293 'name' => 'determined at runtime', |
296 |
294 'comments_on' => 1, |
297 if ( $row['blog_type'] == 'private' ) |
295 'special' => 0, |
298 { |
296 'wiki_mode' => 0, |
299 $allowed_users = unserialize($row['allowed_users']); |
297 'protected' => 1, |
300 if ( !in_array($session->username, $allowed_users) && !$perms->get_permissions('nuggie_see_non_public') && $row['username'] != $session->username ) |
298 'delvotes' => 0 |
301 { |
299 ); |
302 return '_err_access_denied'; |
300 } |
303 } |
301 $realpost->page_exists = true; |
304 } |
302 // end huge hack |
305 |
303 |
306 $acl_type = ( $row['post_author'] == $session->user_id ) ? 'nuggie_edit_own' : 'nuggie_edit_other'; |
304 $template->init_vars($realpost); |
307 |
305 $realpost->send(); |
308 if ( !$perms->get_permissions('read') ) |
|
309 return '_err_access_denied'; |
|
310 |
|
311 // We're validated - display post |
|
312 $postbit = new NuggiePostbit(); |
|
313 $postbit->post_id = intval($row['post_id']); |
|
314 $postbit->post_title = $row['post_title']; |
|
315 $postbit->post_text = $row['post_text']; |
|
316 $postbit->post_author = $row['username']; |
|
317 $postbit->post_timestamp = intval($row['post_timestamp']); |
|
318 $postbit->auth_edit = $perms->get_permissions($acl_type); |
|
319 $postbit->num_comments = intval($row['num_comments']); |
|
320 |
|
321 $page_name = htmlspecialchars($row['post_title']) . ' « ' . htmlspecialchars($row['blog_name']); |
|
322 if ( method_exists($template, 'assign_vars') ) |
|
323 { |
|
324 $template->assign_vars(array( |
|
325 'PAGE_NAME' => $page_name |
|
326 )); |
|
327 } |
|
328 else |
|
329 { |
|
330 $template->tpl_strings['PAGE_NAME'] = $page_name; |
|
331 } |
|
332 |
|
333 $template->header(); |
|
334 echo '< <a href="' . makeUrlNS('Blog', $row['username']) . '">' . htmlspecialchars($row['blog_name']) . '</a>'; |
|
335 echo $postbit->render_post(); |
|
336 display_page_footers(); |
|
337 $template->footer(); |
|
338 |
306 |
339 return true; |
307 return true; |
340 } |
308 } |
341 else |
309 else |
342 { |
310 { |
343 return nuggie_blog_index($uri); |
311 return nuggie_blog_index($uri); |
344 } |
312 } |
|
313 } |
|
314 |
|
315 function nuggie_blogpost_uri_handler($page) |
|
316 { |
|
317 global $db, $session, $paths, $template, $plugins; // Common objects |
|
318 |
|
319 if ( !preg_match('/^[0-9]+$/', $page->page_id) ) |
|
320 { |
|
321 return $page->err_page_not_existent(); |
|
322 } |
|
323 |
|
324 // using page_id is SAFE. It's checked with a regex above. |
|
325 $q = $db->sql_query("SELECT p.post_id, p.post_title, p.post_title_clean, p.post_author, p.post_timestamp, p.post_text, b.blog_name,\n" |
|
326 . " b.blog_subtitle, b.blog_type, b.allowed_users, u.username, u.user_level, COUNT(c.comment_id) AS num_comments\n" |
|
327 . " FROM " . table_prefix . "blog_posts AS p\n" |
|
328 . " LEFT JOIN " . table_prefix . "blogs AS b\n" |
|
329 . " ON ( b.user_id = p.post_author )\n" |
|
330 . " LEFT JOIN " . table_prefix . "users AS u\n" |
|
331 . " ON ( u.user_id = p.post_author )\n" |
|
332 . " LEFT JOIN " . table_prefix . "comments AS c\n" |
|
333 . " ON ( ( c.page_id = '{$page->page_id}' AND c.namespace = 'BlogPost' ) OR ( c.page_id IS NULL AND c.namespace IS NULL ) )\n" |
|
334 . " WHERE p.post_id = {$page->page_id}\n" |
|
335 . " GROUP BY p.post_id;"); |
|
336 if ( !$q ) |
|
337 $db->_die('Nuggie post handler selecting main post data'); |
|
338 |
|
339 if ( $db->numrows() < 1 ) |
|
340 return false; |
|
341 |
|
342 $row = $db->fetchrow(); |
|
343 |
|
344 // |
|
345 // Determine permissions |
|
346 // |
|
347 |
|
348 // The way we're doing this is first fetching permissions for the blog, and then merging them |
|
349 // with permissions specific to the post. This way the admin can set custom permissions for the |
|
350 // entire blog, and they'll be inherited unless individual posts have overriding permissions. |
|
351 $perms_blog = $session->fetch_page_acl($row['username'], 'Blog'); |
|
352 $perms = $session->fetch_page_acl("{$row['post_timestamp']}_{$row['post_id']}", 'Blog'); |
|
353 $perms->perms = $session->acl_merge($perms->perms, $perms_blog->perms); |
|
354 unset($perms_blog); |
|
355 |
|
356 if ( $row['blog_type'] == 'private' ) |
|
357 { |
|
358 $allowed_users = unserialize($row['allowed_users']); |
|
359 if ( !in_array($session->username, $allowed_users) && !$perms->get_permissions('nuggie_see_non_public') && $row['username'] != $session->username ) |
|
360 { |
|
361 return $page->err_access_denied(); |
|
362 } |
|
363 } |
|
364 |
|
365 $acl_type = ( $row['post_author'] == $session->user_id ) ? 'nuggie_edit_own' : 'nuggie_edit_other'; |
|
366 |
|
367 if ( !$perms->get_permissions('read') ) |
|
368 return $page->err_access_denied(); |
|
369 |
|
370 // enable comments |
|
371 $paths->cpage['comments_on'] = 1; |
|
372 // disable editing |
|
373 $session->acl_merge_with_current(array( |
|
374 'edit_page' => AUTH_DENY |
|
375 )); |
|
376 |
|
377 // We're validated - display post |
|
378 $postbit = new NuggiePostbit(); |
|
379 $postbit->post_id = intval($row['post_id']); |
|
380 $postbit->post_title = $row['post_title']; |
|
381 $postbit->post_text = $row['post_text']; |
|
382 $postbit->post_author = $row['username']; |
|
383 $postbit->post_timestamp = intval($row['post_timestamp']); |
|
384 $postbit->auth_edit = $perms->get_permissions($acl_type); |
|
385 $postbit->num_comments = intval($row['num_comments']); |
|
386 |
|
387 $page_name = htmlspecialchars($row['post_title']) . ' « ' . htmlspecialchars($row['blog_name']); |
|
388 if ( method_exists($template, 'assign_vars') ) |
|
389 { |
|
390 $template->assign_vars(array( |
|
391 'PAGE_NAME' => $page_name |
|
392 )); |
|
393 } |
|
394 else |
|
395 { |
|
396 $template->tpl_strings['PAGE_NAME'] = $page_name; |
|
397 } |
|
398 |
|
399 $template->header(); |
|
400 echo '< <a href="' . makeUrlNS('Blog', $row['username']) . '">' . htmlspecialchars($row['blog_name']) . '</a>'; |
|
401 echo $postbit->render_post(); |
|
402 display_page_footers(); |
|
403 $template->footer(); |
345 } |
404 } |
346 |
405 |
347 function nuggie_blog_index($username) |
406 function nuggie_blog_index($username) |
348 { |
407 { |
349 global $db, $session, $paths, $template, $plugins; // Common objects |
408 global $db, $session, $paths, $template, $plugins; // Common objects |