search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
inital git commit
[phpns.git] / article.php
blob5bfc0b025cbca6c3cb978f6ba841653bd44903e9
1 <?php
2
3 /* Copyright (c) 2007-08 Alec Henriksen
4 * phpns is free software; you can redistribute it and/or modify it under the
5 * terms of the GNU General Public Licence (GPL) as published by the Free
6 * Software Foundation; either version 2 of the Licence, or (at your option) any
7 * later version.
8 * Please see the GPL at http://www.gnu.org/copyleft/gpl.html for a complete
9 * understanding of what this license means and how to abide by it.
10 */
11 include("inc/init.php");
12
13 $globalvars['page_name'] = 'new article'; //set page name
14
15 include("inc/header.php");
16 $do = $_GET['do'];
17 //if we're previewing an article... set do to preview
18 if (isset($_POST['preview'])) { $do = 'preview'; }
19 if (!$do) {
20
21 //quick permission check (redir to error)
22 if ($globalvars['rank'][10] == 0) {
23 header("Location: index.php?do=permissiondenied");
24 die();
25 }
26
27 //The do var is empty; display new article form
28 $content = article_form(); //display form (function in function.php)
29
30 } elseif ($do == "preview") { //preview article
31
32 //quick permission check (redir to error)
33 if ($globalvars['rank'][10] == 0) {
34 header("Location: index.php?do=permissiondenied");
35 die();
36 }
37 $globalvars['page_name'] = 'preview article';
38 $globalvars['page_image'] = 'new article';
39 //define new item array from POST data
40 $data['article_title'] = $_POST['article_title'];
41 $data['article_subtitle'] = $_POST['article_subtitle'];
42 $data['article_cat'] = $_POST['article_cat'];
43 $data['article_text'] = $_POST['article_text'];
44 $data['article_exptext'] = $_POST['article_exptext'];
45 $data['acchecked'] = $_POST['acchecked'];
46 $data['achecked'] = $_POST['achecked'];
47 $data['start_date'] = $_POST['start_date'];
48 $data['end_date'] = $_POST['end_date'];
49
50 //define checked boxes...
51 if ($data['achecked'] == "") { //if no value (not selected)
52 $data['achecked'] = 1;
53 }
54 if ($data['acchecked'] == "") { //if no value (not selected)
55 $data['acchecked'] = 1;
56 }
57
58 if ($data['allow_comments'] == 0) { //if the article DISALLOWS comments, check the box
59 $data['acchecked_check'] = ' checked="checked"';
60 }
61
62 if ($data['active'] == 0) { //if the article is NOT active, check the box
63 $data['achecked_check'] = ' checked="checked"';
64 }
65
66 $content = '
67 <hr />
68 <h1 class="preview_title">'.$data['article_title'].'</h1>
69 <div class="preview_main">
70 '.$data['article_text'].'
71 </div>
72 <div class="preview_full">
73 '.$data['article_exptext'].'
74 </div>
75 <hr />
76 '.article_form().'
77 ';
78
79 } elseif ($do == "p") { //if new form submitted
80
81 //quick permission check (redir to error)
82 if ($globalvars['rank'][10] == 0) {
83 header("Location: index.php?do=permissiondenied");
84 die();
85 }
86
87 //now, if this user needs approval to post, we'll set the approve to 0 (which is 'no', or not approved) ELSE, 1
88 if ($globalvars['rank'][10] == 2) {
89 $data['approved'] = 0;
90 } elseif ($globalvars['rank'][10] == 1) {
91 $data['approved'] = 1;
92 }
93
94 if (isset($_POST)) {
95
96 $proceed = "yes"; //for verification later
97
98 //define new item array from POST data
99 $data['article_title'] = $_POST['article_title'];
100 $data['article_subtitle'] = $_POST['article_subtitle'];
101 $data['article_cat'] = $_POST['article_cat'];
102 $data['article_text'] = $_POST['article_text'];
103 $data['article_exptext'] = $_POST['article_exptext'];
104 $data['acchecked'] = $_POST['acchecked'];
105 $data['achecked'] = $_POST['achecked'];;
106 $data['start_date'] = $_POST['start_date'];
107 $data['end_date'] = $_POST['end_date'];
108
109 // we already have this set, nulled out here for reference
110 // $data['approved'] = "0";
111
112 $error_message = '<ol class="warning">';
113
114 if (!trim($data['article_title'])) {
115 $proceed = "no";
116 $error_message = $error_message.'<li>You must enter a title.</li>
117 ';
118 }
119 if (empty($data['article_text'])) {
120 $proceed = "no";
121 $error_message = $error_message.'<li>You must enter a main article.</li>
122 ';
123
124 }
125 if (empty($data['article_cat'])) {
126 $proceed = "no";
127 $error_message = $error_message.'<li>A category is necessary. You should NOT recieve this message, something is wrong. Make sure you have a category defined.</li>
128 ';
129 }
130
131 //check to see if user is ALLOWED to post to this category
132 if (!strstr($_SESSION['category_list'], $data['article_cat']) && !strstr($_SESSION['category_list'], 'all')) {
133 $proceed = "no";
134 $error_message = $error_message.'<li>Your rank is not allowed to post to this category.</li>';
135 }
136
137 //convert start and end date times | function will do everything, it also returns errors.
138 if ($data['start_date']) {
139 $unixtime['start'] = validate_date($data,'start');
140 }
141 if ($data['end_date']) {
142 $unixtime['end'] = validate_date($data,'end');
143 }
144
145 if ($data['achecked'] == "") { //if no value (not selected)
146 $data['achecked'] = 1;
147 }
148
149 if ($data['acchecked'] == "") { //if no value (not selected)
150 $data['acchecked'] = 1;
151 }
152
153 //new article process (clean data, then submit to database)
154 foreach ($data as $key => $value) {
155 //clean data (SQL injection security)
156 $data[$key] = clean_data($value);
157 }
158
159 if ($proceed == "yes") {
160 if ($_FILES['image']['name']) {
161 if (!$data['image'] = upload_image($_FILES['image'])) {
162 $proceed = "no";
163 $error_message .= '<li>The image upload returned an error, which means the file was not an image, or we had trouble moving the file to (images/uploads). Check the permissions for the directory.</li>';
164 }
165 }
166
167 if ($proceed == "yes") { //if we're STILL ok, even with file upload... we finish up.
168
169 //generate sef_url
170 $data['article_sef_title'] = create_sef($data['article_title']);
171
172 new_item($data,$_SESSION['username']); //submit the data(function in inc/function.php) with username
173 $globalvars['page_name'] = 'article success'; //set page name
174 $globalvars['page_image'] = 'success';
175
176 //send email
177 //send_mail($data['article_title'], "Hello,\nThe user '".$_SESSION['username']."' posted a new article at ".$_SERVER['HTTP_HOST'].".\nTitle: ".$data['article_title']."\nMain Article:\n".$data['article_text']."\n\nTo edit this article, go to: ".$globalvars['path_to_uri']."");
178
179 //set content for page success!
180 $content = "";
181 } else {
182 $globalvars['page_name'] = 'new article'; //set page name
183 $globalvars['page_image'] = 'error'; //error image
184
185 $error_message = $error_message.'</ol>'; //end error message ordered list
186
187 //we have to convert the date back from the UNIX timestamp, IF it's in the correct format. (We already did this above)
188 if ($data['acchecked'] == 0) { //if the article DISALLOWS comments, check the box
189 $data['acchecked_check'] = ' checked="checked"';
190 }
191 if ($data['achecked'] == 0) { //if the article is NOT active, check the box
192 $data['achecked_check'] = ' checked="checked"';
193 }
194 $content = article_form(); //display form (function in function.php)
195 }
196
197 } else { //problem. display form with vars.
198 $globalvars['page_name'] = 'new article'; //set page name
199 $globalvars['page_image'] = 'error'; //error image
200
201 $error_message = $error_message.'</ol>'; //end error message ordered list
202
203 //we have to convert the date back from the UNIX timestamp, IF it's in the correct format. (We already did this above)
204
205 if ($data['acchecked'] == 0) { //if the article DISALLOWS comments, check the box
206 $data['acchecked_check'] = ' checked="checked"';
207 }
208 if ($data['achecked'] == 0) { //if the article is NOT active, check the box
209 $data['achecked_check'] = ' checked="checked"';
210 }
211 $content = article_form(); //display form (function in function.php)
212 }
213 }
214 } elseif ($do == "edit") { //do elseif (edit)
215
216 //quick permission check (redir to error)
217 if ($globalvars['rank'][14] == 0) {
218 header("Location: index.php?do=permissiondenied");
219 die();
220 }
221
222 $globalvars['page_name'] = 'edit article'; //set page name
223 $globalvars['page_image'] = 'article management'; //set image
224 $news_id = clean_data($_GET['id']);
225 //sql and execution, grab update data from IP.
226 $get_res = general_query("SELECT * FROM ".$databaseinfo['prefix']."articles WHERE id='$news_id' LIMIT 1");
227 $data = mysql_fetch_assoc($get_res) or die(mysql_error());
228 if ($data['start_date']) {
229 $data['start_date'] = date('m/d/Y',$data['start_date']);
230 }
231 if ($data['end_date']) {
232 $data['end_date'] = date('m/d/Y',$data['end_date']);
233 }
234 //define checked boxes...
235
236 if ($data['allow_comments'] == 0) { //if the article DISALLOWS comments, check the box
237 $data['acchecked_check'] = ' checked="checked"';
238 }
239
240 if ($data['active'] == 0) { //if the article is NOT active, check the box
241 $data['achecked_check'] = ' checked="checked"';
242 }
243 //display edit form
244 $content = article_form();
245
246 } elseif ($do == "editp") { //do elseif (edit process)
247
248 //quick permission check (redir to error)
249 if ($globalvars['rank'][14] == 0) {
250 header("Location: index.php?do=permissiondenied");
251 die();
252 }
253
254 $globalvars['page_name'] = 'edit article';
255 if (isset($_POST)) {
256 $proceed = "yes"; //for verification later
257
258 //define new item array from POST data
259 $data['article_title'] = $_POST['article_title'];
260 $data['article_subtitle'] = $_POST['article_subtitle'];
261 $data['article_cat'] = $_POST['article_cat'];
262 $data['article_text'] = $_POST['article_text'];
263 $data['article_exptext'] = $_POST['article_exptext'];
264 $data['acchecked'] = $_POST['acchecked'];
265 $data['achecked'] = $_POST['achecked'];
266 $data['start_date'] = $_POST['start_date'];
267 $data['end_date'] = $_POST['end_date'];
268
269 //now we need to check if the article is approved, and set the var accordingly for the form button for activation.
270 $approved_fetch = general_query("SELECT approved FROM ".$databaseinfo['prefix']."articles WHERE id='".$_POST['id']."' LIMIT 1", TRUE);
271 $data['approved'] = $approved_fetch['approved'];
272
273 $error_message = '<ol class="warning">';
274 if (!trim($data['article_title'])) {
275 $proceed = "no";
276 $error_message = $error_message.'<li>You must enter a title.</li>
277 ';
278 }
279 if (empty($data['article_text'])) {
280 $proceed = "no";
281 $error_message = $error_message.'<li>You must enter a main article.</li>
282 ';
283
284 }
285 if (empty($data['article_cat'])) {
286 $proceed = "no";
287 $error_message = $error_message.'<li>A category is necessary. You should NOT recieve this message, something is wrong. Make sure you have a category defined...</li>
288 ';
289 }
290
291 //check to see if user is ALLOWED to post to this category
292 if (!strstr($_SESSION['category_list'], $data['article_cat']) && !strstr($_SESSION['category_list'], 'all')) {
293 $proceed = "no";
294 $error_message = $error_message.'<li>Your rank is not allowed to post or edit articles in this category.</li>';
295 }
296
297 //convert start and end date times | function will do everything, it also returns errors.
298 if ($data['start_date']) {
299 $unixtime['start'] = validate_date($data,'start');
300 }
301 if ($data['end_date']) {
302 $unixtime['end'] = validate_date($data,'end');
303 }
304
305
306 if ($data['achecked'] == "") { //if no value (not selected)
307 $data['achecked'] = 1;
308 }
309 if ($data['acchecked'] == "") { //if no value (not selected)
310 $data['acchecked'] = 1;
311 }
312
313 //new article process (clean data, then submit to database)
314 foreach($data as $key => $value) {
315 //clean data (SQL injection security)
316 $data[$key] = clean_data($value);
317 }
318 if ($proceed == "yes") {
319 if ($_FILES['image']['name']) {
320 if (!$data['image'] = upload_image($_FILES['image'])) {
321 $proceed = "no";
322 $error_message .= '<li>The image upload returned an error, which means the file was not an image, or we had trouble moving the file to (images/uploads). Check the permissions for the directory.</li>';
323
324 }
325 }
326
327 if ($proceed == "yes") {
328 $data['id'] = $_POST['id'];
329
330 //generate sef_url
331 $data['article_sef_title'] = create_sef($data['article_title']);
332
333 edit_item($data,$_SESSION['username']); //submit the data(function in inc/function.php) with user
334
335 header("Location: article.php?do=edit&id=".$data['id']."&success=1");
336
337 } else { //edit error display form and errors
338 $globalvars['page_name'] = 'edit article'; //set page name
339 $globalvars['page_image'] = 'error';
340
341 $news_id = clean_data($_GET['id']);
342
343 $error_message = $error_message.'</ol>'; //end error message ordered list
344 //if the form dates are correct, recreate the human readable for edit page...
345
346 if ($data['acchecked'] == 0) { //if the article DISALLOWS comments, check the box
347 $data['acchecked_check'] = ' checked="checked"';
348 }
349 if ($data['achecked'] == 0) { //if the article is NOT active, check the box
350 $data['achecked_check'] = ' checked="checked"';
351 }
352 $content = article_form(); //display form (function in function.php)
353 }
354 } else {
355 $globalvars['page_name'] = 'edit article'; //set page name
356 $globalvars['page_image'] = 'error'; //error image
357
358 $news_id = clean_data($_GET['id']);
359
360 $error_message = $error_message.'</ol>'; //end error message ordered list
361
362 //we have to convert the date back from the UNIX timestamp, IF it's in the correct format. (We already did this above)
363 if ($data['acchecked'] == 0) { //if the article DISALLOWS comments, check the box
364 $data['acchecked_check'] = ' checked="checked"';
365 }
366 if ($data['achecked'] == 0) { //if the article is NOT active, check the box
367 $data['achecked_check'] = ' checked="checked"';
368 }
369 $content = article_form(); //display form (function in function.php)
370 }
371 }
372 } elseif ($do == "activate") {
373
374 if ($globalvars['rank'][12] == 0) {
375 header("Location: index.php?do=permissiondenied");
376 die();
377 }
378
379 //activating the article, function and then redirect.
380 $id = $_GET['id'];
381 $action = $_GET['action'];
382
383 change_active_status($id, $action); //updates article, sets to active, and updates timestamp.
384 header("Location: article.php?do=edit&id=$id");
385
386 } elseif ($do == "comments") {
387 if ($_GET['action'] == 'delete') {
388 $items = $_POST; //get vars
389 if (!$items) { //if no items, avoid mysql error by just redirecting
390 header("Location: ?do=comments&id=".$_GET['id']."");
391 }
392 //we're going to create list of ids to be deleted from database.
393 foreach($items as $key=>$value) {
394 $items_f = $items_f."'$key',";
395 }
396 //remove last comma in list for SQL
397 $items_f = substr_replace($items_f,"",-1);
398 //delete the items in 'articles'
399 delete('comments',$items_f);
400
401 //we deleted comments; display success
402 $success .= '<div class="success">The selected item(s) have been deleted.</div>';
403
404 //log this
405 log_this('delete_comments','User <i>'.$_SESSION['username'].'</i> has <strong>deleted</strong> the comments: "'.$items_f.'"');
406 }
407 //if the id isn't numeric, kill the script. Injection protection.
408 if (!is_numeric($_GET['id'])) { die("non numeric article id"); }
409 $id = $_GET['id'];
410 $globalvars['page_name'] = 'comment list';
411 $globalvars['page_image'] = 'none';
412
413 //now, we generate comments for this specific article
414 //get the template currently active in the installation
415 $template = fetch_template();
416 $fetch_com_res = general_query("SELECT * FROM ".$databaseinfo['prefix']."comments WHERE article_id='".$id."' AND approved='1'");
417 //for each row (or comment) generated, we translate the item and assign it to $content
418 while ($row = mysql_fetch_assoc($fetch_com_res)) {
419 $comment_list .= ''.translate_comment($row, $template['html_comment'], 'html_comment');
420 }
421 //if empty output (with comments)
422 if (trim($comment_list) == NULL && mysql_num_rows($fetch_com_res) > 0) {
423 $comment_list .= '<div class="warning">This article does have comments posted, however, no output was given. This is usually because your comment_template for your selected template is empty.</div>';
424 }
425
426 //if empty comments
427 if (mysql_num_rows($fetch_com_res) == 0) {
428 $comment_list .= '<div class="warning">There are no comments for this article.</div>';
429 }
430 //assign $comment_list to $content
431 $content .= '
432 <div><button class="activate" OnClick="window.location = \'?do=edit&id='.$id.'\';"><strong>Back to edit article</strong></button></div>
433 '.$success.'
434 <form action="?do=comments&id='.$id.'&action=delete" method="post">
435 <div class="select_all_wrap"><label class="nofloat" for="selectall">Select all</label> <input id="selectall" type="checkbox" onClick="Checkall(this.form);" /></div>
436 '.$comment_list.'
437 <div class="alignr">
438 <input type="submit" id="submit" value="Delete selected comments" />
439 </div>
440 </form>
441 ';
442
443 } //end of main do
444
445
446 include("inc/themecontrol.php"); //include theme script
447 ?>
Phpns is a free and open source PHP news system.