Lucy Code

Build a collaborative software development site (software forge).

Status: Planning
Brought to you by: ryanhowdy
[r63]: / trunk / blog.php Maximize Restore History
194 lines (177 with data), 8.0 kB

<?php
session_start();

include_once('inc/config.php');
mysql_connect($db_server, $db_username, $db_password);
mysql_select_db($db_database);
include_once('inc/util.inc');
include_once('inc/blog_class.php');

// Setup Theme
$modules = getModules();
$pageTitle = 'Blog';
$curPage = 'blog';
$theme = getTheme();
include_once($theme.'header.php');

$blog = new Blog();
$show_posts = true;
$message = '';

$blog->displayMenu();


//-------------------------------------------------------------------------------------------------
// Show Add Forms
//-------------------------------------------------------------------------------------------------
if (isset($_GET['add'])) {
    // Must be admin
    if (isLoggedInAdmin()) {
        // Post
        if ($_GET['add'] == 'post') {
            $show_posts = false;
            $blog->displayAddPostForm();
        }
        // Category
        if ($_GET['add'] == 'category') {
            $show_posts = false;
            $blog->displayAddCategoryForm();
        }
    }
}

//-------------------------------------------------------------------------------------------------
// Show Edit Post Form
//-------------------------------------------------------------------------------------------------
if (isset($_GET['edit'])) {
    // Must be admin
    if (isLoggedInAdmin()) {
        $show_posts = false;
        $id = (int)$_GET['edit'];
        $blog->displayEditPostForm($id);
    }
}

//-------------------------------------------------------------------------------------------------
// Edit post
//-------------------------------------------------------------------------------------------------
if (isset($_POST['submit-edit'])) {
    // Must be admin
    if (isLoggedInAdmin()) {
        $_POST['title'] = trim($_POST['title']);
        if (strlen($_POST['title']) > 0 || strlen($_POST['post']) > 0) {
            $title = stripMagicQuotes($_POST['title']);
            $title = escape_string($title);
            $post = stripMagicQuotes($_POST['post']);
            $post = escape_string($post);
            $sql = "UPDATE `sam_blog` 
                    SET `title` = '$title', 
                        `post` = '$post', 
                        `category` = '".escape_string($_POST['category'])."'
                    WHERE `id` = '".escape_string($_POST['id'])."'";
            mysql_query($sql) or die('ERROR ' . __FILE__ . ' [' . __LINE__ . ']<br/><br/>' . mysql_error() . "<br/><br/>$sql");
            $message = array('ok', _('Post Updated'));
        } else {
            $message = array('error', _('Title and Post are required.'));
            $show_posts = false;
            $blog->displayAddPostForm($message);
        }
    }
}

//-------------------------------------------------------------------------------------------------
// Delete post
//-------------------------------------------------------------------------------------------------
if (isset($_GET['delete'])) {
    // Must be admin
    if (isLoggedInAdmin() && ctype_digit($_GET['delete'])) {
        $sql = "DELETE FROM `sam_blog` WHERE `id` = ".$_GET['delete']." LIMIT 1";
        mysql_query($sql) or die('ERROR ' . __FILE__ . ' [' . __LINE__ . ']<br/><br/>' . mysql_error() . "<br/><br/>$sql");
        $message = array('ok', _('Post Deleted'));
    }
}

//-------------------------------------------------------------------------------------------------
// Add new category
//-------------------------------------------------------------------------------------------------
if (isset($_POST['submit-category'])) {
    // Must be admin
    if (isLoggedInAdmin()) {
        $_POST['name'] = trim($_POST['name']);
        if (strlen($_POST['name']) > 0) {
            $name = stripMagicQuotes($_POST['name']);
            $name = escape_string($name);
            $date = gmdate('Y-m-d H:i:s');
            $sql = "INSERT INTO `sam_category` (
                        `name`, `type`, `date`
                    ) VALUES (
                        '$name', 'blog', '$date'
                    )";
            mysql_query($sql) or die('ERROR ' . __FILE__ . ' [' . __LINE__ . ']<br/><br/>' . mysql_error() . "<br/><br/>$sql");
            $message = array('ok', _('Category Added'));
        } else {
            $message = array('error', _('Name is required.'));
            $show_posts = false;
            $blog->displayAddCategoryForm($message);
        }
    }
}

//-------------------------------------------------------------------------------------------------
// Add new post
//-------------------------------------------------------------------------------------------------
if (isset($_POST['submit-post'])) {
    // Must be admin
    if (isLoggedInAdmin()) {
        $_POST['title'] = trim($_POST['title']);
        if (strlen($_POST['title']) > 0 || strlen($_POST['post']) > 0) {
            $title = stripMagicQuotes($_POST['title']);
            $title = escape_string($title);
            $post = stripMagicQuotes($_POST['post']);
            $post = escape_string($post);
            $date = gmdate('Y-m-d H:i:s');
            $sql = "INSERT INTO `sam_blog` (
                        `title`, `post`, `category`, `user`, `date`
                    ) VALUES (
                        '$title', '$post', '".escape_string($_POST['category'])."', '".escape_string($_SESSION['login_id'])."', '$date'
                    )";
            mysql_query($sql) or die('ERROR ' . __FILE__ . ' [' . __LINE__ . ']<br/><br/>' . mysql_error() . "<br/><br/>$sql");
            $message = array('ok', _('Post Added'));
        } else {
            $message = array('error', _('Title and Post are required.'));
            $show_posts = false;
            $blog->displayAddPostForm($message);
        }
    }
}

//-------------------------------------------------------------------------------------------------
// Add Comment
//-------------------------------------------------------------------------------------------------
if (isset($_POST['submit-comment'])) {
    $comment = stripMagicQuotes($_POST['comment']);
    $comment = escape_string($comment);
    $date = gmdate('Y-m-d H:i:s');
    $sql = "INSERT INTO `sam_comment` (
                `type`, `type_id`, `user`, `comment`, `date`
            ) VALUES (
                'blog', '".escape_string($_POST['id'])."', '".escape_string($_POST['user'])."', '$comment', '$date'
            )";
    mysql_query($sql) or die('ERROR ' . __FILE__ . ' [' . __LINE__ . ']<br/><br/>' . mysql_error() . "<br/><br/>$sql");
}

//-------------------------------------------------------------------------------------------------
// Show Category List
//-------------------------------------------------------------------------------------------------
if (isset($_GET['category'])) {
    $show_posts = false;
    $category = escape_string($_GET['category']);
    $page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
    $blog->displaySideMenu();
    $blog->displayPostsByCategory($page, $category, $message);
}

//-------------------------------------------------------------------------------------------------
// Show single post
//-------------------------------------------------------------------------------------------------
if (isset($_GET['id'])) {
    $show_posts = false;
    $id = (int)$_GET['id'];
    $blog->displaySideMenu();
    $blog->displayPost($id);
}

//-------------------------------------------------------------------------------------------------
// Show latest posts
//-------------------------------------------------------------------------------------------------
if ($show_posts) {
    $page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
    $blog->displaySideMenu();
    $blog->displayLatestBlogPosts($page, $message);
}

include($theme.'footer.php');