2024-05-12 18:34:33 +02:00
|
|
|
<?php
|
|
|
|
|
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
|
|
|
|
|
|
|
|
|
|
include_once($COMMONS."/header.php");
|
|
|
|
|
|
|
|
|
|
// If the user does not have the 1000 0000 permission,
|
|
|
|
|
// throw a 403: Forbidden error.
|
2024-05-13 18:56:31 +02:00
|
|
|
if (!isset($_COOKIE["PHPSESSID"]) ||
|
|
|
|
|
!(bool)($_SESSION["current_user"]->permissions & 128)) {
|
2024-05-12 18:34:33 +02:00
|
|
|
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
|
|
|
|
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
|
|
|
|
|
include_once($COMMONS."/footer.php");
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-21 00:04:51 +02:00
|
|
|
/**
|
|
|
|
|
* Generate a feed.atom file for use by atom/rss readers.
|
|
|
|
|
*/
|
|
|
|
|
function generate_atom_feed($conn) {
|
|
|
|
|
if (!($fp = fopen('feed.atom', 'w'))) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Prepare statement for selecting all the blogposts
|
|
|
|
|
$stmt = $conn->prepare("SELECT blogpost_id, readable_address, title,
|
|
|
|
|
abstract, content, date_posted, date_edited FROM blogposts ORDER BY
|
|
|
|
|
date_posted DESC LIMIT 15;");
|
|
|
|
|
|
|
|
|
|
// Execute the statement
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
|
|
|
|
|
// Prepare new statement for selecting the tags for a given blogpost
|
|
|
|
|
$blogposts_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
fprintf($fp, "<?xml version=\"1.0\" encoding=\"utf-8\"?>
|
|
|
|
|
<feed xmlns=\"http://www.w3.org/2005/Atom\">
|
|
|
|
|
<title>Zdenek Borovec blog</title>
|
|
|
|
|
<link href=\"https://www.zdenekborovec.cz/blog/\"/>
|
|
|
|
|
<updated>%s</updated>
|
|
|
|
|
<author>
|
|
|
|
|
<name>Zdenek Borovec</name>
|
|
|
|
|
</author>
|
|
|
|
|
<id>https://www.zenekborovec.cz/blog/</id>
|
|
|
|
|
", date("Y-m-d\TH:i:s\Z"));
|
|
|
|
|
|
|
|
|
|
// Prepare new statement for selecting the tags for a given blogpost
|
|
|
|
|
$stmt = $conn->prepare("SELECT name FROM
|
|
|
|
|
blogpost_tags INNER JOIN blogpost_has_tag ON
|
|
|
|
|
blogpost_tags.tag_id = blogpost_has_tag.tag_id WHERE
|
|
|
|
|
blogpost_id = :blogpost_id;");
|
|
|
|
|
|
|
|
|
|
// Go through all the blogposts, fetch their tags and display them
|
|
|
|
|
for($i=0; $i < count($blogposts_arr); $i++) {
|
|
|
|
|
// Get info for the current blog
|
|
|
|
|
$blog = $blogposts_arr[$i];
|
|
|
|
|
|
|
|
|
|
// Bind and execute the tag select
|
|
|
|
|
$stmt->bindParam(":blogpost_id", $blog["blogpost_id"]);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
|
|
|
|
|
// Fetch the tags
|
|
|
|
|
$tags_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
$categoryStr = "";
|
|
|
|
|
|
|
|
|
|
for($j=0; $j < count($tags_arr); $j++) {
|
|
|
|
|
$tag = $tags_arr[$j];
|
|
|
|
|
$categoryStr = $categoryStr."<category term=\"".
|
|
|
|
|
$tag["name"]."\"/>";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(is_null($blog["readable_address"])) {
|
|
|
|
|
fprintf($fp, "
|
|
|
|
|
<entry>
|
|
|
|
|
<title>%s</title>
|
|
|
|
|
%s
|
|
|
|
|
<link href=
|
|
|
|
|
\"https://www.zdenekborovec.cz/blog/article/?blogpost_id=%s\"/>
|
|
|
|
|
<id>urn:uuid:%s</id>
|
|
|
|
|
<published>%s</published>
|
|
|
|
|
<updated>%s</updated>
|
|
|
|
|
<summary>%s</summary>
|
|
|
|
|
<content type=\"html\">
|
|
|
|
|
%s
|
|
|
|
|
</content>
|
|
|
|
|
</entry>", $blog["title"], $categoryStr, $blog["blogpost_id"],
|
|
|
|
|
$blog["blogpost_id"],
|
|
|
|
|
date("Y-m-d\TH:i:s\Z", strtotime($blog["date_posted"])),
|
|
|
|
|
date("Y-m-d\TH:i:s\Z", strtotime($blog["date_edited"])),
|
|
|
|
|
$blog["abstract"], sanitize_input($blog["content"]));
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
fprintf($fp, "
|
|
|
|
|
<entry>
|
|
|
|
|
<title>%s</title>
|
|
|
|
|
%s
|
|
|
|
|
<link href=
|
|
|
|
|
\"https://www.zdenekborovec.cz/blog/article/?address=%s\"/>
|
|
|
|
|
<id>urn:uuid:%s</id>
|
|
|
|
|
<published>%s</published>
|
|
|
|
|
<updated>%s</updated>
|
|
|
|
|
<summary>%s</summary>
|
|
|
|
|
<content type=\"html\">
|
|
|
|
|
%s
|
|
|
|
|
</content>
|
|
|
|
|
</entry>", $blog["title"], $categoryStr, $blog["readable_address"],
|
|
|
|
|
$blog["blogpost_id"],
|
|
|
|
|
date("Y-m-d\TH:i:s\Z", strtotime($blog["date_posted"])),
|
|
|
|
|
date("Y-m-d\TH:i:s\Z", strtotime($blog["date_edited"])),
|
|
|
|
|
$blog["abstract"], sanitize_input($blog["content"]));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
fprintf($fp, "</feed>");
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-12 18:34:33 +02:00
|
|
|
/**
|
|
|
|
|
* Explode the tag string into separate tags, if they exist,
|
|
|
|
|
* attach them to the article.
|
|
|
|
|
*/
|
|
|
|
|
function add_tags_to_blogpost($conn, $blogpost_id, $tagStr) {
|
|
|
|
|
// Get array of all the tags.
|
|
|
|
|
$tagArr = explode(" ", $tagStr);
|
|
|
|
|
|
|
|
|
|
// Prepare array for storing tag ids
|
|
|
|
|
$tagIdArr = [];
|
|
|
|
|
|
|
|
|
|
// Prepare statement to select id of a tag with given name
|
|
|
|
|
$stmt = $conn->prepare("SELECT tag_id FROM blogpost_tags
|
|
|
|
|
WHERE name = :name");
|
|
|
|
|
|
|
|
|
|
// Go through all the tag names and get their ids
|
|
|
|
|
foreach ($tagArr as $tagName) {
|
|
|
|
|
// Bind, execute and fetch the command
|
|
|
|
|
$stmt->bindParam(":name", $tagName);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
// If we got a result, add it to the found ids.
|
|
|
|
|
if($result) {
|
|
|
|
|
$tagIdArr[] = $result["tag_id"];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Prepare the statement to add tag to blogpost and bind blogpost_id
|
|
|
|
|
$stmt = $conn->prepare("INSERT INTO blogpost_has_tag (blogpost_id, tag_id)
|
|
|
|
|
VALUES (:blogpost_id, :tag_id)");
|
|
|
|
|
$stmt->bindParam(":blogpost_id", $blogpost_id);
|
|
|
|
|
|
|
|
|
|
// Go through the found ids and insert them
|
|
|
|
|
foreach ($tagIdArr as $tagId) {
|
|
|
|
|
$stmt->bindParam(":tag_id", $tagId);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Delete all blogpost-tag relations involving the given blogpost.
|
|
|
|
|
* @param $conn Active Mysql connection.
|
|
|
|
|
* @param $blogpost_id GUID of the edited blogpost.
|
|
|
|
|
*/
|
|
|
|
|
function remove_blogpost_tags($conn, $blogpost_id) {
|
|
|
|
|
// Prepare, bind and execute the delete statement
|
|
|
|
|
$stmt = $conn->prepare("DELETE FROM blogpost_has_tag
|
|
|
|
|
WHERE blogpost_id = :blogpost_id;");
|
|
|
|
|
$stmt->bindParam(":blogpost_id", $blogpost_id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Publish a new blogpost and add the specified tags to it..
|
2024-07-20 16:28:02 +02:00
|
|
|
* @param $conn Active Mysql connection.
|
|
|
|
|
* @param $blogpost_addr Human-readable address of the edited blogpost.
|
|
|
|
|
* @param $title Title for the blogpost.
|
|
|
|
|
* @param $tagStr String with all the tags for the blogpost
|
|
|
|
|
* (space-separated).
|
|
|
|
|
* @param $abstract Abstract for the article.
|
|
|
|
|
* @param $content Content of the article.
|
2024-05-12 18:34:33 +02:00
|
|
|
*/
|
2024-07-20 16:28:02 +02:00
|
|
|
function publish_blogpost($conn, $blogpost_addr, $title, $tagStr, $abstract,
|
|
|
|
|
$content) {
|
2024-05-12 18:34:33 +02:00
|
|
|
// Get an ID for the blogpost
|
|
|
|
|
$stmt = $conn->prepare("SELECT UUID()");
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
|
$blogpost_id = $result["UUID()"];
|
|
|
|
|
|
|
|
|
|
// Prepare, bind and execute the insert statement
|
2024-07-20 16:28:02 +02:00
|
|
|
$stmt = $conn->prepare("INSERT INTO blogposts (blogpost_id,
|
|
|
|
|
readable_address, title, abstract, content) VALUES
|
|
|
|
|
(:blogpost_id, :address, :title, :abstract, :content);");
|
2024-05-12 18:34:33 +02:00
|
|
|
$stmt->bindParam(":blogpost_id", $blogpost_id);
|
2024-07-20 16:28:02 +02:00
|
|
|
$stmt->bindParam(":address", $blogpost_addr);
|
2024-05-12 18:34:33 +02:00
|
|
|
$stmt->bindParam(":title", $title);
|
|
|
|
|
$stmt->bindParam(":abstract", $abstract);
|
|
|
|
|
$stmt->bindParam(":content", $content);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
|
|
|
|
|
// Add the new tags to the blogpost
|
|
|
|
|
add_tags_to_blogpost($conn, $blogpost_id, $tagStr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Update the blogpost content, title, abstract and date edited.
|
|
|
|
|
* Then update the tags.
|
2024-07-20 16:28:02 +02:00
|
|
|
* @param $conn Active Mysql connection.
|
|
|
|
|
* @param $blogpost_id GUID of the edited blogpost.
|
|
|
|
|
* @param $blogpost_addr Human-readable address of the edited blogpost.
|
|
|
|
|
* @param $title Title for the blogpost.
|
|
|
|
|
* @param $tagStr String with all the tags for the blogpost
|
|
|
|
|
* (space-separated).
|
|
|
|
|
* @param $abstract Abstract for the article.
|
|
|
|
|
* @param $content Content of the article.
|
2024-05-12 18:34:33 +02:00
|
|
|
*/
|
2024-07-20 16:28:02 +02:00
|
|
|
function update_blogpost($conn, $blogpost_id, $blogpost_addr, $title,
|
|
|
|
|
$tagStr, $abstract, $content) {
|
2024-05-12 18:34:33 +02:00
|
|
|
// Prepare, bind and execute the update statement
|
2024-07-20 16:28:02 +02:00
|
|
|
$stmt = $conn->prepare("UPDATE blogposts SET readable_address = :address,
|
|
|
|
|
title = :title, abstract = :abstract, content = :content,
|
|
|
|
|
date_edited = DEFAULT WHERE blogpost_id = :blogpost_id;");
|
|
|
|
|
$stmt->bindParam(":address", $blogpost_addr);
|
2024-05-12 18:34:33 +02:00
|
|
|
$stmt->bindParam(":title", $title);
|
|
|
|
|
$stmt->bindParam(":abstract", $abstract);
|
|
|
|
|
$stmt->bindParam(":content", $content);
|
|
|
|
|
$stmt->bindParam(":blogpost_id", $blogpost_id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
|
|
|
|
|
// Remove old tags from this blogpost
|
|
|
|
|
remove_blogpost_tags($conn, $blogpost_id);
|
|
|
|
|
|
|
|
|
|
// Add the new tags to the blogpost
|
|
|
|
|
add_tags_to_blogpost($conn, $blogpost_id, $tagStr);
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-13 18:41:27 +02:00
|
|
|
// Check DB connection
|
|
|
|
|
if($conn == null){
|
|
|
|
|
header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
|
|
|
|
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
|
|
|
|
|
include_once($COMMONS."/footer.php");
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-12 18:34:33 +02:00
|
|
|
display_header("Write article.");
|
|
|
|
|
|
|
|
|
|
if(isset($_POST["submit"])) {
|
|
|
|
|
// Input will not be sanitized, as it is desirable to allow full control
|
|
|
|
|
// over the content here and only trusted users should have access
|
|
|
|
|
// to this section
|
|
|
|
|
$title = $_POST["blogpost_title"];
|
2024-07-20 16:28:02 +02:00
|
|
|
$address = $_POST["blogpost_address"];
|
2024-05-12 18:34:33 +02:00
|
|
|
$tagsStr = $_POST["blogpost_tags"];
|
|
|
|
|
$abstract = $_POST["article_abstract"];
|
|
|
|
|
$content = $_POST["article_content"];
|
|
|
|
|
|
2024-07-20 16:28:02 +02:00
|
|
|
// If adress is empty, set it to null
|
|
|
|
|
if(strcmp($address, "") == 0) {
|
|
|
|
|
$address = null;
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-12 18:34:33 +02:00
|
|
|
if($_POST["blogpost_id"]) {
|
|
|
|
|
$blogpostId = $_POST["blogpost_id"];
|
2024-07-20 16:28:02 +02:00
|
|
|
update_blogpost($conn, $blogpostId, $address, $title, $tagsStr,
|
|
|
|
|
$abstract, $content);
|
2024-05-12 18:34:33 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2024-07-20 16:28:02 +02:00
|
|
|
publish_blogpost($conn, $address, $title, $tagsStr, $abstract,
|
|
|
|
|
$content);
|
2024-05-12 18:34:33 +02:00
|
|
|
}
|
|
|
|
|
|
2024-07-21 00:04:51 +02:00
|
|
|
generate_atom_feed($conn);
|
|
|
|
|
|
|
|
|
|
header("Location: http://www.zdenekborovec-dev.cz/blog");
|
|
|
|
|
die();
|
2024-05-12 18:34:33 +02:00
|
|
|
}
|
|
|
|
|
|
2024-05-13 18:41:27 +02:00
|
|
|
if(isset($_GET["guid"])) {
|
|
|
|
|
$blogId = sanitize_input($_GET["guid"]);
|
2024-05-12 18:34:33 +02:00
|
|
|
|
2024-05-13 18:41:27 +02:00
|
|
|
// select article title, abstract and content from the database
|
2024-07-20 16:28:02 +02:00
|
|
|
$stmt = $conn->prepare("SELECT readable_address, title, abstract, content
|
2024-05-13 18:41:27 +02:00
|
|
|
FROM blogposts WHERE blogpost_id = :blogpost_id");
|
|
|
|
|
$stmt->bindParam(":blogpost_id", $blogId);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
|
|
|
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
// Set prefill values for the form
|
|
|
|
|
$blogId_prefill = $blogId;
|
|
|
|
|
$title_prefill = $result["title"];
|
2024-07-20 16:28:02 +02:00
|
|
|
$address_prefill = $result["readable_address"];
|
2024-05-13 18:41:27 +02:00
|
|
|
$abstract_prefill = $result["abstract"];
|
2024-07-21 00:38:51 +02:00
|
|
|
$content_prefill = sanitize_input($result["content"]);
|
2024-05-13 18:41:27 +02:00
|
|
|
|
|
|
|
|
// select the tags for this article from the database
|
|
|
|
|
$stmt = $conn->prepare("SELECT blogpost_tags.name FROM
|
|
|
|
|
(blogpost_tags INNER JOIN blogpost_has_tag ON
|
|
|
|
|
blogpost_tags.tag_id = blogpost_has_tag.tag_id) WHERE
|
|
|
|
|
blogpost_id = :blogpost_id;");
|
|
|
|
|
$stmt->bindParam(":blogpost_id", $blogId);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
|
|
|
|
|
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
// Construct the string of all blogpost tags to prefill.
|
|
|
|
|
$tagStr_prefill = "";
|
|
|
|
|
foreach($results as $row) {
|
|
|
|
|
$tagStr_prefill .= $row["name"]." ";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
printf("
|
2024-05-12 18:34:33 +02:00
|
|
|
<article>
|
2024-05-13 18:41:27 +02:00
|
|
|
<form method=\"post\" action=\"\">
|
|
|
|
|
<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
|
2024-05-12 18:34:33 +02:00
|
|
|
|
2024-07-20 16:28:02 +02:00
|
|
|
<table class=\"noborder-table\">
|
|
|
|
|
<tr><td style=\"padding: 0px 4px;\">
|
|
|
|
|
<label for=\"blogpost_title\">Post title:</label>
|
|
|
|
|
</td><td style=\"padding: 0px 4px;\">
|
|
|
|
|
<input type=\"text\" name=\"blogpost_title\" value=\"%s\">
|
|
|
|
|
</td><td style=\"padding: 0px 4px;\">
|
|
|
|
|
</td></tr>
|
|
|
|
|
<tr><td style=\"padding: 0px 4px;\">
|
|
|
|
|
<label for=\"blogpost_address\">Address:</label>
|
|
|
|
|
</td><td style=\"padding: 0px 4px;\">
|
|
|
|
|
<input type=\"text\" name=\"blogpost_address\" value=\"%s\">
|
|
|
|
|
</td><td style=\"padding: 0px 4px;\">
|
|
|
|
|
Leave empty to use GUID addressing
|
|
|
|
|
</td></tr>
|
|
|
|
|
<tr><td style=\"padding: 0px 4px;\">
|
|
|
|
|
<label for=\"blogpost_tags\">Post tags:</label>
|
|
|
|
|
</td><td style=\"padding: 0px 4px;\">
|
|
|
|
|
<input type=\"text\" name=\"blogpost_tags\" value=\"%s\">
|
|
|
|
|
</td><td style=\"padding: 0px 4px;\">
|
|
|
|
|
Tags should be separated by spaces, use dash-case, use the
|
|
|
|
|
<a href=\"http://www.zdenekborovec-dev.cz/blog/tageditor\">
|
|
|
|
|
tageditor</a> page to add new tags.
|
|
|
|
|
</td></tr>
|
|
|
|
|
</table>
|
2024-05-12 18:34:33 +02:00
|
|
|
|
2024-05-13 18:41:27 +02:00
|
|
|
<div class=\"centered-container\">
|
|
|
|
|
<textarea name=\"article_abstract\" style=\"width: 100%%;
|
|
|
|
|
height: 5em;\">%s</textarea>
|
2024-05-12 18:34:33 +02:00
|
|
|
</div>
|
2024-05-13 18:41:27 +02:00
|
|
|
<div class=\"centered-container\">
|
|
|
|
|
<textarea name=\"article_content\" style=\"width: 100%%;
|
|
|
|
|
height: 30em;\">%s</textarea>
|
2024-05-12 18:34:33 +02:00
|
|
|
</div>
|
2024-05-13 18:41:27 +02:00
|
|
|
<input name=\"submit\" type=\"submit\" value=\"Send File\">
|
2024-05-12 18:34:33 +02:00
|
|
|
</form>
|
|
|
|
|
</article>
|
2024-07-20 16:28:02 +02:00
|
|
|
", $blogId_prefill, $title_prefill, $address_prefill, $tagStr_prefill, $abstract_prefill,
|
2024-05-13 18:41:27 +02:00
|
|
|
$content_prefill);
|
2024-05-12 18:34:33 +02:00
|
|
|
include_once($COMMONS."/footer.php");
|
|
|
|
|
?>
|
