From 716e408c79969fc9c0ee601b50b48884250a6f0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zden=C4=9Bk=20Borovec?= <zdenda.borovec@gmail.com>
Date: Mon, 13 May 2024 18:41:27 +0200
Subject: [PATCH] add article editing

---
 docs/www/blog/article.php      | 36 +++++++++------
 docs/www/blog/writearticle.php | 83 ++++++++++++++++++++++++----------
 2 files changed, 82 insertions(+), 37 deletions(-)

diff --git a/docs/www/blog/article.php b/docs/www/blog/article.php
index 25805f2..2d9e1b3 100644
--- a/docs/www/blog/article.php
+++ b/docs/www/blog/article.php
@@ -150,6 +150,7 @@ class Blogpost
 	public $title;
 	public $content;
 	public $date_posted;
+	public $date_edited;
 	public $tags;
 	public $comments;
 
@@ -171,15 +172,21 @@ class Blogpost
 			return;
 		}
 
-		// Begin the article
+		if ((bool)($_SESSION["current_user"]->permissions & 128)) {
+			$topRight = sprintf("<td class=\"blog-publish-date\">
+				<a href=\"http://www.zdenekborovec-dev.cz/blog/writearticle/
+				?guid=%s\">Edit</a></td>", $this->blogpost_id);
+		}
+		else {
+			$topRight = sprintf("<td class=\"blog-publish-date\">Published on: %s</td>",
+				date("Y-m-d", strtotime($this->date_posted)));
+		}
+
+		// Display the blog title and metadata
 		printf("<article>");
-
-		// Display the blogpost name
-		printf("<h2>%s</h2>", $this->title);
-
-		// Display the blog metadata
-		print_r("<table class=\"noborder-table\" style=\"width: 100%;\">
-			<tr><td class=\"blog-tags\">");
+		print_r("<table class=\"noborder-table\" style=\"width: 100%; margin-top: 16px;\">");
+		printf("<tr><td style=\"padding: 0px;\"><h2 style=\"margin-top: 0px;\">%s</h2></td>%s</tr>
+			<tr><td class=\"blog-tags\">", $this->title, $topRight);
 
 		// Display tags
 		for($i = 0; $i < count($this->tags); $i++) {
@@ -191,8 +198,8 @@ class Blogpost
 		}
 
 		// Display publish date and end metadata div
-		printf("</td><td class=\"blog-publish-date\">Published on: %s</td></tr></table>",
-			date("Y-m-d", strtotime($this->date_posted)));
+		printf("</td><td class=\"blog-publish-date\">Last edited on: %s</td></tr></table>",
+			date("Y-m-d", strtotime($this->date_edited)));
 
 		// Display hrule, article content and end the article
 		printf("</article><hr><article>%s</article>", $this->content);
@@ -215,16 +222,18 @@ class Blogpost
 	 * $title			Title of the blogpost.
 	 * $content			Content of the blogpost article.
 	 * $date_posted		Timestamp at publishing of article.
+	 * $date_edited		Timestamp at whioch the article was last edited.
 	 * $tags			Array of the tags this article has.
 	 * $comments		Array of Blogpostcomment objects,
 	 *						the comments of this article.
 	 */
 	public function __construct($blogpost_id, $title, $content,
-								$date_posted, $tags, $comments){
+								$date_posted, $date_edited, $tags, $comments){
 		$this->blogpost_id = $blogpost_id;
 		$this->title       = $title;
 		$this->content     = $content;
 		$this->date_posted = $date_posted;
+		$this->date_edited = $date_edited;
 		$this->tags        = $tags;
 		$this->comments    = $comments;
 	}
@@ -330,7 +339,7 @@ function load_comments($conn, $blogId) {
  */
 function load_blog($conn, $blogId){
 	// Prepare and bind statement for gathering blogpost info
-	$stmt = $conn->prepare("SELECT title, content, date_posted
+	$stmt = $conn->prepare("SELECT title, content, date_posted, date_edited
 		FROM blogposts WHERE blogpost_id = :blogpost_id;");
 	$stmt->bindParam(":blogpost_id", $blogId);
 
@@ -363,11 +372,12 @@ function load_blog($conn, $blogId){
 	$blogTitle = $result["title"];
 	$blogContent = $result["content"];
 	$datePosted = $result["date_posted"];
+	$dateEdited = $result["date_edited"];
 	$tags = $tags_arr;
 	$comments = load_comments($conn, $blogId);
 
 	return new Blogpost($blogId, $blogTitle, $blogContent,
-						$datePosted, $tags, $comments);
+						$datePosted, $dateEdited, $tags, $comments);
 }
 
 // Check DB connection
diff --git a/docs/www/blog/writearticle.php b/docs/www/blog/writearticle.php
index 0b267d4..518194a 100644
--- a/docs/www/blog/writearticle.php
+++ b/docs/www/blog/writearticle.php
@@ -124,17 +124,17 @@ function update_blogpost($conn, $blogpost_id, $title, $tagStr, $abstract,
 	add_tags_to_blogpost($conn, $blogpost_id, $tagStr);
 }
 
+// Check DB connection
+if($conn == null){
+	header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+	include_once($COMMONS."/footer.php");
+	die();
+}
+
 display_header("Write article.");
 
 if(isset($_POST["submit"])) {
-	// Check DB connection
-	if($conn == null){
-		header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
-		include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
-		include_once($COMMONS."/footer.php");
-		die();
-	}
-
 	// Input will not be sanitized, as it is desirable to allow full control
 	// over the content here and only trusted users should have access
 	// to this section
@@ -154,32 +154,67 @@ if(isset($_POST["submit"])) {
 	header("Location: "."http://www.zdenekborovec-dev.cz/blog");
 }
 
-?>
+if(isset($_GET["guid"])) {
+	$blogId = sanitize_input($_GET["guid"]);
 
+	// select article title, abstract and content from the database
+	$stmt = $conn->prepare("SELECT title, abstract, content
+		FROM blogposts WHERE blogpost_id = :blogpost_id");
+	$stmt->bindParam(":blogpost_id", $blogId);
+	$stmt->execute();
+
+	$result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+	// Set prefill values for the form
+	$blogId_prefill = $blogId;
+	$title_prefill = $result["title"];
+	$abstract_prefill = $result["abstract"];
+	$content_prefill = $result["content"];
+
+	// select the tags for this article from the database
+	$stmt = $conn->prepare("SELECT blogpost_tags.name FROM
+		(blogpost_tags INNER JOIN blogpost_has_tag ON
+		blogpost_tags.tag_id = blogpost_has_tag.tag_id) WHERE
+		blogpost_id = :blogpost_id;");
+	$stmt->bindParam(":blogpost_id", $blogId);
+	$stmt->execute();
+
+	$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+	// Construct the string of all blogpost tags to prefill.
+	$tagStr_prefill = "";
+	foreach($results as $row) {
+		$tagStr_prefill .= $row["name"]." ";
+	}
+}
+
+printf("
 <article>
-	<form method="post" action="<?php
-htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
-		<input type="hidden" name="blogpost_id" value="">
+	<form method=\"post\" action=\"\">
+		<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
 
-		<label for="blogpost_title">Post title:</label>
-		<input type="text" name="blogpost_title"><br>
+		<label for=\"blogpost_title\">Post title:</label>
+		<input type=\"text\" name=\"blogpost_title\" value=\"%s\"><br>
 
-		<label for="blogpost_tags">Post tags:</label>
-		<input type="text" name="blogpost_tags">
+		<label for=\"blogpost_tags\">Post tags:</label>
+		<input type=\"text\" name=\"blogpost_tags\" value=\"%s\">
 
 		Tags should be separated by spaces, use dash-case, use the
-		<a href="http://www.zdenekborovec-dev.cz/blog/tageditor">tageditor</a> page to add new tags. <br>
+		<a href=\"http://www.zdenekborovec-dev.cz/blog/tageditor\">
+		tageditor</a> page to add new tags. <br>
 
-		<div class="centered-container">
-			<textarea name="article_abstract" style="width: 100%; height: 5em;"></textarea>
+		<div class=\"centered-container\">
+			<textarea name=\"article_abstract\" style=\"width: 100%%;
+			height: 5em;\">%s</textarea>
 		</div>
-		<div class="centered-container">
-			<textarea name="article_content" style="width: 100%; height: 30em;"></textarea>
+		<div class=\"centered-container\">
+			<textarea name=\"article_content\" style=\"width: 100%%;
+			height: 30em;\">%s</textarea>
 		</div>
-		<input name="submit" type="submit" value="Send File">
+		<input name=\"submit\" type=\"submit\" value=\"Send File\">
 	</form>
 </article>
-
-<?php
+", $blogId_prefill, $title_prefill, $tagStr_prefill, $abstract_prefill,
+	$content_prefill);
 	include_once($COMMONS."/footer.php");
 ?>