From 9bd60ee073ebdf84ee2212756fbfcb79be7907df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zden=C4=9Bk=20Borovec?= <zdenda.borovec@gmail.com>
Date: Sun, 12 May 2024 18:34:33 +0200
Subject: [PATCH] added article writing

---
 database_schema.sql            |   5 +-
 docs/www/blog/writearticle.php | 185 +++++++++++++++++++++++++++++++++
 2 files changed, 188 insertions(+), 2 deletions(-)
 create mode 100644 docs/www/blog/writearticle.php

diff --git a/database_schema.sql b/database_schema.sql
index 1f284d9..a8e6c0f 100644
--- a/database_schema.sql
+++ b/database_schema.sql
@@ -3,7 +3,7 @@
 -- https://www.phpmyadmin.net/
 --
 -- Host: localhost
--- Generation Time: May 06, 2024 at 07:34 PM
+-- Generation Time: May 12, 2024 at 03:59 PM
 -- Server version: 11.3.2-MariaDB
 -- PHP Version: 8.3.6
 
@@ -34,7 +34,8 @@ CREATE TABLE `blogposts` (
   `title` varchar(64) DEFAULT NULL COMMENT 'title of the blogpost',
   `abstract` varchar(512) DEFAULT NULL COMMENT 'short version of the blogpost to be displayed as preview, usually the first paragraph of the real article.',
   `content` text DEFAULT NULL COMMENT 'html for the article',
-  `date_posted` datetime NOT NULL DEFAULT current_timestamp() COMMENT 'Datetimee at which the article was posted.'
+  `date_posted` datetime NOT NULL DEFAULT current_timestamp() COMMENT 'Datetime at which the article was posted.',
+  `date_edited` datetime NOT NULL DEFAULT current_timestamp() COMMENT 'Timestamp at the lasted edit.'
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
 -- --------------------------------------------------------
diff --git a/docs/www/blog/writearticle.php b/docs/www/blog/writearticle.php
new file mode 100644
index 0000000..a72fc35
--- /dev/null
+++ b/docs/www/blog/writearticle.php
@@ -0,0 +1,185 @@
+<?php
+$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
+
+include_once($COMMONS."/header.php");
+
+// If the user does not have the 1000 0000 permission,
+// throw a 403: Forbidden error.
+if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
+	header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
+	include_once($COMMONS."/footer.php");
+	die();
+}
+
+/**
+ * Explode the tag string into separate tags, if they exist,
+ * attach them to the article.
+ */
+function add_tags_to_blogpost($conn, $blogpost_id, $tagStr) {
+	// Get array of all the tags.
+	$tagArr = explode(" ", $tagStr);
+
+	// Prepare array for storing tag ids
+	$tagIdArr = [];
+
+	// Prepare statement to select id of a tag with given name
+	$stmt = $conn->prepare("SELECT tag_id FROM blogpost_tags
+		WHERE name = :name");
+
+	// Go through all the tag names and get their ids
+	foreach ($tagArr as $tagName) {
+		// Bind, execute and fetch the command
+		$stmt->bindParam(":name", $tagName);
+		$stmt->execute();
+		$result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+		// If we got a result, add it to the found ids.
+		if($result) {
+			$tagIdArr[] = $result["tag_id"];
+		}
+	}
+
+	// Prepare the statement to add tag to blogpost and bind blogpost_id
+	$stmt = $conn->prepare("INSERT INTO blogpost_has_tag (blogpost_id, tag_id)
+		VALUES (:blogpost_id, :tag_id)");
+	$stmt->bindParam(":blogpost_id", $blogpost_id);
+
+	// Go through the found ids and insert them
+	foreach ($tagIdArr as $tagId) {
+		$stmt->bindParam(":tag_id", $tagId);
+		$stmt->execute();
+	}
+}
+
+/**
+ * Delete all blogpost-tag relations involving the given blogpost.
+ * @param $conn			Active Mysql connection.
+ * @param $blogpost_id	GUID of the edited blogpost.
+ */
+function remove_blogpost_tags($conn, $blogpost_id) {
+	// Prepare, bind and execute the delete statement
+	$stmt = $conn->prepare("DELETE FROM blogpost_has_tag
+		WHERE blogpost_id = :blogpost_id;");
+	$stmt->bindParam(":blogpost_id", $blogpost_id);
+	$stmt->execute();
+}
+
+/**
+ * Publish a new blogpost and add the specified tags to it..
+ * @param $conn			Active Mysql connection.
+ * @param $title		Title for the blogpost.
+ * @param $tagStr		String with all the tags for the blogpost
+ *						(space-separated).
+ * @param $abstract		Abstract for the article.
+ * @param $content		Content of the article.
+ */
+function publish_blogpost($conn, $title, $tagStr, $abstract, $content) {
+	// Get an ID for the blogpost
+	$stmt = $conn->prepare("SELECT UUID()");
+	$stmt->execute();
+	$result = $stmt->fetch(PDO::FETCH_ASSOC);
+	$blogpost_id = $result["UUID()"];
+
+	// Prepare, bind and execute the insert statement
+	$stmt = $conn->prepare("INSERT INTO blogposts (blogpost_id, title, abstract,
+		content) VALUES (:blogpost_id, :title, :abstract, :content);");
+	$stmt->bindParam(":blogpost_id", $blogpost_id);
+	$stmt->bindParam(":title", $title);
+	$stmt->bindParam(":abstract", $abstract);
+	$stmt->bindParam(":content", $content);
+	$stmt->execute();
+
+	// Add the new tags to the blogpost
+	add_tags_to_blogpost($conn, $blogpost_id, $tagStr);
+}
+
+/**
+ * Update the blogpost content, title, abstract and date edited.
+ * Then update the tags.
+ * @param $conn			Active Mysql connection.
+ * @param $blogpost_id	GUID of the edited blogpost.
+ * @param $title		Title for the blogpost.
+ * @param $tagStr		String with all the tags for the blogpost
+ *						(space-separated).
+ * @param $abstract		Abstract for the article.
+ * @param $content		Content of the article.
+ */
+function update_blogpost($conn, $blogpost_id, $title, $tagStr, $abstract,
+	$content) {
+	// Prepare, bind and execute the update statement
+	$stmt = $conn->prepare("UPDATE blogposts SET title = :title,
+		abstract = :abstract, content = :content, date_edited = DEFAULT
+		WHERE blogpost_id = :blogpost_id;");
+	$stmt->bindParam(":title", $title);
+	$stmt->bindParam(":abstract", $abstract);
+	$stmt->bindParam(":content", $content);
+	$stmt->bindParam(":blogpost_id", $blogpost_id);
+	$stmt->execute();
+
+	// Remove old tags from this blogpost
+	remove_blogpost_tags($conn, $blogpost_id);
+
+	// Add the new tags to the blogpost
+	add_tags_to_blogpost($conn, $blogpost_id, $tagStr);
+}
+
+display_header("Write article.");
+
+if(isset($_POST["submit"])) {
+	// Check DB connection
+	if($conn == null){
+		header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
+		include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+		include_once($COMMONS."/footer.php");
+		die();
+	}
+
+	// Input will not be sanitized, as it is desirable to allow full control
+	// over the content here and only trusted users should have access
+	// to this section
+	$title = $_POST["blogpost_title"];
+	$tagsStr = $_POST["blogpost_tags"];
+	$abstract = $_POST["article_abstract"];
+	$content = $_POST["article_content"];
+
+	if($_POST["blogpost_id"]) {
+		$blogpostId = $_POST["blogpost_id"];
+		update_blogpost($conn, $blogpostId, $title, $tagsStr, $abstract, $content);
+	}
+	else {
+		publish_blogpost($conn, $title, $tagsStr, $abstract, $content);
+	}
+
+	header("Location: "."http://www.zdenekborovec-dev.cz/blog");
+}
+
+?>
+
+<article>
+	<form method="post" action="<?php
+htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
+		<input type="hidden" name="blogpost_id" value="">
+
+		<label for="blogpost_title">Post title:</label>
+		<input type="text" name="blogpost_title"><br>
+
+		<label for="blogpost_tags">Post tags:</label>
+		<input type="text" name="blogpost_tags">
+
+		Tags should be separated by spaces, use dash-case, use the
+		<a>tageditor</a> page to add new tags. <br>
+
+		<div class="centered-container">
+			<textarea name="article_abstract" style="width: 100%; height: 5em;"></textarea>
+		</div>
+		<div class="centered-container">
+			<textarea name="article_content" style="width: 100%; height: 30em;"></textarea>
+		</div>
+		<input name="submit" type="submit" value="Send File">
+	</form>
+</article>
+
+<?php
+	include_once($COMMONS."/footer.php");
+?>