update readme

.gitignore

@@ -2,3 +2,4 @@
 /docs/common/config.php
 /assets/upload/**
 /docs/www/blog/feed.atom
+/docs/www/blog/article/**

README.md

@@ -37,6 +37,8 @@ Anyways, let's get to the *how*.
  - Also make sure that the directory /assets/uploads/ exists and php has write
 	permissions there - if you are going to use that file upload
 	functionality, that is.
+ - The directory /docs/www/blog/article should also be created with
+	the above permissions.
  - Php should also have write permissions in the docs/www/blog directory,
 	so it can update the atom feed.
  - If you have problems connecting to the database, you can try

assets/.htaccess

@@ -1,5 +1,6 @@
 # Custom error pages
 ErrorDocument 403 /errors/403.php
 ErrorDocument 404 /errors/404.php
+ErrorDocument 405 /errors/405.php
 ErrorDocument 500 /errors/500.php
 ErrorDocument 504 /errors/504.php

assets/errors/405.php

@@ -0,0 +1,18 @@
+<?php
+$COMMONS = "./../../docs/common";
+
+include_once($COMMONS."/header.php");
+
+display_header("405: Method not allowed");
+?>
+
+<article>
+<h2>405: Method Not Allowed</h2>
+<div class="centered-container">
+<img src="https://assets.zdenekborovec.cz/upload/39486004aa605167cdda6623a4a3fa6d/7da36b469b34cc1008639612f0c17e21/d077e6ed1bd1a560a718590ae609422c.gif" alt="GIF of a cat shaking its head.">
+</div>
+</article>
+
+<?php
+include_once($COMMONS."/footer.php");
+?>

database_schema.sql

@@ -3,9 +3,9 @@
 -- https://www.phpmyadmin.net/
 --
 -- Host: localhost
--- Generation Time: Jul 20, 2024 at 02:33 PM
+-- Generation Time: Aug 21, 2024 at 11:22 PM
 -- Server version: 11.4.2-MariaDB
--- PHP Version: 8.3.9
+-- PHP Version: 8.3.10
 
 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
 START TRANSACTION;
@@ -29,7 +29,7 @@ SET time_zone = "+00:00";
 
 CREATE TABLE IF NOT EXISTS `blogposts` (
   `blogpost_id` uuid NOT NULL DEFAULT uuid() COMMENT 'uuid of the blogpost',
-  `readable_address` varchar(64) DEFAULT NULL COMMENT 'Human-readable addressing alternative for an article. For example, blogpost with readable_address = "example" can be accessed by article.php?address=example.',
+  `readable_address` varchar(64) NOT NULL COMMENT 'Human-readable addressing alternative for an article. For example, blogpost with readable_address = "example" can be accessed by blog/article/example.',
   `title` varchar(64) DEFAULT NULL COMMENT 'title of the blogpost',
   `abstract` varchar(512) DEFAULT NULL COMMENT 'short version of the blogpost to be displayed as preview, usually the first paragraph of the real article.',
   `content` text DEFAULT NULL COMMENT 'html for the article',

docs/common/blog_utils.php

@@ -1,7 +1,82 @@
 <?php
-$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
+class Blogpost
+{
+	public $blogpost_id;
+	public $address;
+	public $title;
+	public $content;
+	public $date_posted;
+	public $date_edited;
+	public $tags;
+	public $comments;
 
-include_once($COMMONS."/header.php");
+	/**
+	 * Display the article, or a warning message.
+	 */
+	public function display_article(){
+		// Display the blog title and metadata
+		$body = "<article><table class=\"noborder-table\" style=\"width: 100%;
+			margin-top: 16px;\">";
+		$body .= sprintf("<tr><td style=\"padding: 0px;\">
+			<h2 style=\"margin-top: 0px;\">%s</h2></td>
+			<td class=\"blog-publish-date\">Published on: %s</td></tr><tr>
+			<td class=\"blog-tags\">", $this->title,
+			date("Y-m-d", strtotime($this->date_posted)));
+
+		// Display tags
+		for($i = 0; $i < count($this->tags); $i++) {
+			$tag = $this->tags[$i];
+			$body .= sprintf("
+			<span class=\"blog-tag\" style=\"background-color: %s\">
+				%s
+			</span>", $tag["color"], $tag["name"]);
+		}
+
+		// Display publish date and end metadata div
+		$body .= sprintf("</td><td class=\"blog-publish-date\">
+			Last edited on: %s</td></tr></table>",
+			date("Y-m-d", strtotime($this->date_edited)));
+
+		// Display hrule, article content and end the article
+		$body .= sprintf("</article><hr><article>%s</article>", $this->content);
+		return $body;
+	}
+
+	/**
+	 * Display the comments for this post and their children.
+	 */
+	public function display_comments(){
+		$body = "<article>";
+		for($i = 0; $i < count($this->comments); $i++){
+			$body .= $this->comments[$i]->display_comment();
+		}
+		return $body."</article>";
+	}
+
+	/**
+	 * Constructor for the blogpost.
+	 * $blogpost_id		GUID of the blogpost in the database.
+	 * $address			Readable address of the blogpost.
+	 * $title			Title of the blogpost.
+	 * $content			Content of the blogpost article.
+	 * $date_posted		Timestamp at publishing of article.
+	 * $date_edited		Timestamp at whioch the article was last edited.
+	 * $tags			Array of the tags this article has.
+	 * $comments		Array of Blogpostcomment objects,
+	 *						the comments of this article.
+	 */
+	public function __construct($blogpost_id, $address, $title,
+			$content, $date_posted, $date_edited, $tags, $comments){
+		$this->blogpost_id	= $blogpost_id;
+		$this->address		= $address;
+		$this->title		= $title;
+		$this->content		= $content;
+		$this->date_posted	= $date_posted;
+		$this->date_edited	= $date_edited;
+		$this->tags			= $tags;
+		$this->comments		= $comments;
+	}
+}
 
 class BlogpostComment
 {
@@ -19,8 +94,7 @@ class BlogpostComment
 	 * Display the comment, and recursively it's children
 	 */
 	public function display_comment() {
-		if(is_null($this->blogpost_addr)) {
-			printf("
+		$body = sprintf("
 <div class=\"comment\" id=\"comment-%s\">
 	<div class=\"comment-own-wrapper\">
 		<span class=\"comment-author\"> By: %s </span>
@@ -35,12 +109,15 @@ class BlogpostComment
 			%s
 		</div>
 		<div class=\"comment-response\">
-			<form method=\"post\" action=\"%s\">
+			<form method=\"post\"
+				action=\"http://www.zdenekborovec-dev.cz/blog/post_comment/\">
 				<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
-				<input type=\"hidden\" name=\"comment_id\" value=\"%s\">
+				<input type=\"hidden\" name=\"referer\"
+				value=\"http://www.zdenekborovec-dev.cz/blog/article/%s\">
+				<input type=\"hidden\" name=\"parent_id\" value=\"%s\">
 				<label for=\"comment_entry\">Write response:</label>
 				<div class=\"centered-container\">
-					<textarea name=\"comment_entry\"
+					<textarea name=\"content\"
 					class=\"comment-box\"></textarea>
 				</div>
 				<input name=\"submit\" type=\"submit\" value=\"Send\">
@@ -55,61 +132,18 @@ class BlogpostComment
 				$this->comment_id,
 				$this->comment_id,
 				$this->content,
-				htmlspecialchars($_SERVER["PHP_SELF"]),
-				$this->blogpost_id,
-				$this->comment_id);
-		}
-		else {
-			printf("
-<div class=\"comment\" id=\"comment-%s\">
-	<div class=\"comment-own-wrapper\">
-		<span class=\"comment-author\"> By: %s </span>
-		<span class=\"comment-date\"> On: %s </span>
-		<label for=\"reveal-response-%s\" class=\"checkbox-button\">
-			Respond
-		</label>
-		<input type=\"checkbox\" id=\"reveal-response-%s\"
-			style=\"display: none;\">
-		<hr>
-		<div class=\"comment-content\">
-			%s
-		</div>
-		<div class=\"comment-response\">
-			<form method=\"post\" action=\"%s\">
-				<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
-				<input type=\"hidden\" name=\"address\" value=\"%s\">
-				<input type=\"hidden\" name=\"comment_id\" value=\"%s\">
-				<label for=\"comment_entry\">Write response:</label>
-				<div class=\"centered-container\">
-					<textarea name=\"comment_entry\"
-					class=\"comment-box\"></textarea>
-				</div>
-				<input name=\"submit\" type=\"submit\" value=\"Send\">
-			</form>
-		</div>
-	</div>
-	<div class=\"comment-child-wrapper\">
-				",
-				$this->comment_id,
-				$this->poster_name,
-				date("Y-m-d H:i", strtotime($this->timestamp)),
-				$this->comment_id,
-				$this->comment_id,
-				$this->content,
-				htmlspecialchars($_SERVER["PHP_SELF"]),
 				$this->blogpost_id,
 				$this->blogpost_addr,
 				$this->comment_id);
-		}
 
 		if($this->children != null) {
 			for($i = 0; $i < count($this->children); $i++)
 			{
 				$child = $this->children[$i];
-		 		$child->display_comment();
+		 		$body .= $child->display_comment();
 			}
 		}
-		printf("</div></div>");
+		return $body."</div></div>";
 	}
 
 	/**
@@ -193,149 +227,6 @@ class BlogpostComment
 		$this->parent_id		= $parent_id;
 	}
 }
-
-
-class Blogpost
-{
-	public $blogpost_id;
-	public $address;
-	public $title;
-	public $content;
-	public $date_posted;
-	public $date_edited;
-	public $tags;
-	public $comments;
-
-	/**
-	 * Display the article, or a warning message.
-	 */
-	public function display_article(){
-		// If a blog with given ID was not found display warning message.
-		if(!$this->title){
-			printf("
-			<article>
-				<h2> Article not found </h2>
-				<hr>
-				<p>
-					I am sorry, but I couldn't find an article with this ID.
-				</p>
-			</article>
-			");
-			return;
-		}
-
-		if (isset($_COOKIE["PHPSESSID"]) &&
-			(bool)($_SESSION["current_user"]->permissions & 128)) {
-			$topRight = sprintf("<td class=\"blog-publish-date\">
-				<a href=\"http://www.zdenekborovec-dev.cz/blog/writearticle/
-				?guid=%s\">Edit</a></td>", $this->blogpost_id);
-		}
-		else {
-			$topRight = sprintf("<td class=\"blog-publish-date\">
-				Published on: %s</td>",
-				date("Y-m-d", strtotime($this->date_posted)));
-		}
-
-		// Display the blog title and metadata
-		printf("<article>");
-		print_r("<table class=\"noborder-table\" style=\"width: 100%;
-			margin-top: 16px;\">");
-		printf("<tr><td style=\"padding: 0px;\"><h2 style=\"margin-top: 0px;\">
-				%s</h2></td>%s</tr><tr><td class=\"blog-tags\">",
-				$this->title, $topRight);
-
-		// Display tags
-		for($i = 0; $i < count($this->tags); $i++) {
-			$tag = $this->tags[$i];
-			printf("
-			<span class=\"blog-tag\" style=\"background-color: %s\">
-				%s
-			</span>", $tag["color"], $tag["name"]);
-		}
-
-		// Display publish date and end metadata div
-		printf("</td><td class=\"blog-publish-date\">Last edited on: %s</td>
-			</tr></table>", date("Y-m-d", strtotime($this->date_edited)));
-
-		// Display hrule, article content and end the article
-		printf("</article><hr><article>%s</article>", $this->content);
-	}
-
-	/**
-	 * Display the comments for this post and their children.
-	 */
-	public function display_comments(){
-		printf("<article>");
-		for($i = 0; $i < count($this->comments); $i++){
-			$this->comments[$i]->display_comment();
-		}
-		printf("</article>");
-	}
-
-	/**
-	 * Constructor for the blogpost.
-	 * $blogpost_id		GUID of the blogpost in the database.
-	 * $address			Readable address of the blogpost.
-	 * $title			Title of the blogpost.
-	 * $content			Content of the blogpost article.
-	 * $date_posted		Timestamp at publishing of article.
-	 * $date_edited		Timestamp at whioch the article was last edited.
-	 * $tags			Array of the tags this article has.
-	 * $comments		Array of Blogpostcomment objects,
-	 *						the comments of this article.
-	 */
-	public function __construct($blogpost_id, $address, $title,
-			$content, $date_posted, $date_edited, $tags, $comments){
-		$this->blogpost_id	= $blogpost_id;
-		$this->address		= $address;
-		$this->title		= $title;
-		$this->content		= $content;
-		$this->date_posted	= $date_posted;
-		$this->date_edited	= $date_edited;
-		$this->tags			= $tags;
-		$this->comments		= $comments;
-	}
-}
-
-/**
- * Send a comment to the database.
- * If the poster is not signed in, send "NULL" (as a string) as the $posterID
- * The same goes for $parentId (that is the parent comment,
- * if this one is a response)
- * Returns: GUID PK of the newly added comment.
- */
-function send_comment($conn, $blogId, $posterId, $content, $parentId) {
-	// If content is empty, do not post
-	if(empty($content)) {
-		return "";
-	}
-
-	// Get a uuid for the comment
-	$stmt = $conn->prepare("SELECT UUID()");
-	$stmt->execute();
-	$result = $stmt->fetch(PDO::FETCH_ASSOC);
-	$uuid = $result["UUID()"];
-
-	// Prepare the statemtnt
-	$stmt = $conn->prepare("INSERT INTO blogpost_comments
-		( comment_id,  parent_id,  blogpost_id,  poster_id,  content) VALUES
-		(:comment_id, :parent_id, :blogpost_id, :poster_id, :content);");
-
-	// Bind all the parameters
-	$stmt->bindValue(":comment_id", $uuid, PDO::PARAM_STR);
-	$stmt->bindValue(":parent_id", $parentId == "NULL"
-		? NULL : $parentId, PDO::PARAM_STR);
-	$stmt->bindValue(":blogpost_id", $blogId, PDO::PARAM_STR);
-	$stmt->bindValue(":poster_id", $posterId == "NULL"
-		? NULL : $posterId, PDO::PARAM_STR);
-	$stmt->bindValue(":content", $content, PDO::PARAM_STR);
-
-	// Execute the statement
-	$stmt->execute();
-
-	return $uuid;
-}
-
 /**
  * Load comments under a given blog.
  * Returns array of BlogpostComment objects.
@@ -392,6 +283,27 @@ function load_comments($conn, $blogId, $blogAddress) {
 	return $comments_arr;
 }
 
+function get_blogpost_address($conn, $blogId) {
+	// Prepare and bind the statement for selecting address
+	$stmt = $conn->prepare("SELECT readable_address FROM
+		blogposts WHERE blogpost_id = :blogpost_id");
+	$stmt->bindParam(":blogpost_id", $blogId);
+
+	// Execute the statement
+	$stmt->execute();
+
+	// Fetch the blogpost address
+	$result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+	// If no blogpost with the given GUID was found, return null.
+	if(!$result) {
+		return null;
+	}
+
+	// Return the blogpost address.
+	return $result["readable_address"];
+}
+
 /**
  * Load info about the blog with a given guid and return corresponding
  * Blogpost object. NULL if blog couldn't be loaded.
@@ -441,132 +353,57 @@ function load_blog($conn, $blogId){
 						$datePosted, $dateEdited, $tags, $comments);
 }
 
-// Check DB connection
-if($conn == null){
-	header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
-	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
-	include_once($COMMONS."/footer.php");
-	die();
-}
-
-// If the method is post (user submitted a comment), try to post it,
-// Refill the appropriate comment sumbmission form and display
-// error message on error.
-if(isset($_POST["submit"])) {
-	// Sanitise the user-submitted data
-	$blogId = sanitize_input($_POST["blogpost_id"]);
-	$commentContent = sanitize_input($_POST["comment_entry"]);
-	$parentId = isset($_POST["comment_id"]) ? $_POST["comment_id"] : "NULL";
-	$posterId = isset($_SESSION["current_user"]) ?
-		$_SESSION["current_user"]->user_id : "NULL";
-	$address = isset($_POST["address"]) ?
-		sanitize_input($_POST["address"]) : NULL;
-
-	// Try to send the comment
-	$commentId = send_comment($conn, $blogId, $posterId,
-		$commentContent, $parentId);
-
-	// Redirect to this page with GET
-	if(is_null($address)) {
-		header("Location: http://www.zdenekborovec-dev.cz/blog/".
-			"article?blogpost_id=".$blogId."#comment-".$commentId);
-	}
-	else {
-		header("Location: http://www.zdenekborovec-dev.cz/blog/".
-			"article?address=".$address."#comment-".$commentId);
-	}
-	die();
-}
-
-// If a human-readable address was provided, extract appropriate id.
-if(isset($_GET["address"])) {
-	$blogAddr = sanitize_input($_GET["address"]);
-
-	// Prepare and bind statement for gathering blogpost address
-	$stmt = $conn->prepare("SELECT blogpost_id
-		FROM blogposts WHERE readable_address = :readable_address;");
-	$stmt->bindParam(":readable_address", $blogAddr);
-
-	// Execute the statement
-	$stmt->execute();
-
-	// Fetch the blogpost
-	$result = $stmt->fetch(PDO::FETCH_ASSOC);
-
-	// If post with given address was found, set the $blogId var.
-	if($result){
-		$blogId = sanitize_input($result["blogpost_id"]);
-	}
-}
-// If a blogpost id was provided, get it.
-else if(isset($_GET["blogpost_id"])) {
-	$blogId = sanitize_input($_GET["blogpost_id"]);
-}
-
+function generate_article($conn, $fp, $blogId) {
 	// Attempt to load the blogpost
 	$blogPost = load_blog($conn, $blogId);
 
-// If blogpost could not be retieved, display warning and die.
 	if(!$blogPost) {
-	header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
-	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
-	include_once($COMMONS."/footer.php");
-	die();
+		return false;
 	}
 
-// Display the header with title being the blog name
-display_header($blogPost->title);
+	fprintf($fp,
+	"<?php
+	\$COMMONS = \$_SERVER['DOCUMENT_ROOT'] . \"/../common\";
 
-// Display the blog
-$blogPost->display_article();
-printf("<hr style=\"border-style: solid;\">");
+	include_once(\$COMMONS.\"/header.php\");
+
+	display_header(\"%s\");
+	echo \"%s\";
+	?>
+	<hr style=\"border-style: solid;\">
+	<article>
+		<h2> Comments: </h2>
+		<form method=\"post\"
+			action=\"http://www.zdenekborovec-dev.cz/blog/post_comment/\">
+			<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
+			<input type=\"hidden\" name=\"referer\"
+			value=\"http://www.zdenekborovec-dev.cz/blog/article/%s\">
+			<label for=\"comment_entry\">Write a comment (<?php
+	echo isset(\$_SESSION[\"current_user\"]) ?
+		\$_SESSION[\"current_user\"]->user_name:
+		\"Guest\";
+	?>
+	):</label>
+			<div class=\"centered-container\">
+				<textarea name=\"content\" class=\"comment-box\"
+					tabindex=\"1\"></textarea>
+			</div>
+			<input name=\"submit\" type=\"submit\" tabindex=\"2\"
+			value=\"Send\">
+		</form>
+	</article>
+	<?php
+	echo \"%s\";
+	include_once(\$COMMONS.\"/footer.php\");
+	?>
+	",
+	$blogPost->title,
+	addslashes($blogPost->display_article()),
+	$blogPost->blogpost_id,
+	$blogPost->address,
+	addslashes($blogPost->display_comments()));
+
+	return true;
+}
 
-// Display post comment form.
-if(is_null($blogPost->address))
-{
-	printf("
-	<article>
-		<h2> Comments: </h2>
-		<form method=\"post\" action=\"%s\">
-			<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
-			<label for=\"comment_entry\">Write a comment (%s):</label>
-			<div class=\"centered-container\">
-				<textarea name=\"comment_entry\" class=\"comment-box\"
-					tabindex=\"1\"></textarea>
-			</div>
-			<input name=\"submit\" type=\"submit\" tabindex=\"2\"
-			value=\"Send\">
-		</form>
-	</article>
-	",
-		htmlspecialchars($_SERVER["PHP_SELF"]), $blogId,
-		isset($_SESSION["current_user"]) ?
-		$_SESSION["current_user"]->user_name : "Guest");
-}
-else
-{
-	printf("
-	<article>
-		<h2> Comments: </h2>
-		<form method=\"post\" action=\"%s\">
-			<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
-			<input type=\"hidden\" name=\"address\" value=\"%s\">
-			<label for=\"comment_entry\">Write a comment (%s):</label>
-			<div class=\"centered-container\">
-				<textarea name=\"comment_entry\" class=\"comment-box\"
-					tabindex=\"1\"></textarea>
-			</div>
-			<input name=\"submit\" type=\"submit\" tabindex=\"2\"
-			value=\"Send\">
-		</form>
-	</article>
-	",
-		htmlspecialchars($_SERVER["PHP_SELF"]), $blogId, $blogPost->address,
-		isset($_SESSION["current_user"]) ?
-		$_SESSION["current_user"]->user_name : "Guest");
-}
-// Display the blog comments
-$blogPost->display_comments();
-
-include_once($COMMONS."/footer.php");
 ?>

docs/www/.htaccess

@@ -15,5 +15,6 @@ RewriteRule ^([^\.]+)/$ $1.php
 # Custom error pages
 ErrorDocument 403 /errors/403.php
 ErrorDocument 404 /errors/404.php
+ErrorDocument 405 /errors/405.php
 ErrorDocument 500 /errors/500.php
 ErrorDocument 503 /errors/503.php

docs/www/blog/generatearticle.php

@@ -0,0 +1,102 @@
+<?php
+$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
+
+include_once($COMMONS."/header.php");
+include_once($COMMONS."/blog_utils.php");
+
+// If request is GET, show request info.
+if(strcmp($_SERVER["REQUEST_METHOD"], "GET") == 0)
+{
+	display_header("Generate Article");
+
+	printf("
+<article>
+	<h2>Generate Article</h2>
+	<p>
+		Request this page with POST supplying following arguments:
+	</p>
+	<table>
+		<tr>
+			<td>
+				<b>Argument</b>
+			</td>
+			<td>
+				<b>Comment</b>
+			</td>
+		</tr>
+		<tr>
+			<td>
+				blogpost_id
+			</td>
+			<td>
+				GUID of the blogpost in the database.
+			</td>
+		</tr>
+		<tr>
+			<td>
+				referer
+			</td>
+			<td>
+				URL, from which this page was requested, after generating
+				the article, the page will redirect back to the referer.
+			</td>
+		</tr>
+	</table>
+</article>
+	");
+
+	include_once($COMMONS."/footer.php");
+	die();
+}
+
+// If request is not GET or POST, throw method not allowed
+if(strcmp($_SERVER["REQUEST_METHOD"], "POST") != 0)
+{
+	header($_SERVER["SERVER_PROTOCOL"]." 405 Method Not Allowed", true, 405);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/405.php");
+	die();
+}
+
+// Check DB connection
+if($conn == null){
+	header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+	die();
+}
+
+// If one of the needed parameters isn't set, show 400
+if(!(isset($_POST["blogpost_id"]) && isset($_POST["referer"])))
+{
+	header($_SERVER["SERVER_PROTOCOL"]." 400: Bad Request", true, 400);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/400.php");
+	die;
+}
+
+// Get the blogpost id and referer
+$blogId = sanitize_input($_POST["blogpost_id"]);
+$referer = sanitize_input($_POST["referer"]);
+
+// Get the address of the blogpost
+$blogAddress = get_blogpost_address($conn, $blogId);
+
+// Try to open the file to which to render the blogpost.
+if (!($fp = fopen("article/".$blogAddress.".php", 'w'))) {
+	header($_SERVER["SERVER_PROTOCOL"]." 500 Could not open file for writing",
+		true, 505);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/500.php");
+	die();
+}
+
+// Attempt to generate the blogpost
+$blogRendered = generate_article($conn, $fp, $blogId);
+
+// If blogpost could not be loaded, display warning and die.
+if(!$blogRendered) {
+	header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
+	die();
+}
+
+// Redirect back to the referrer.
+header("Location: ".$referer);
+?>

docs/www/blog/index.php

@@ -8,26 +8,27 @@ include_once($COMMONS."/header.php");
  */
 function display_blog_preview($blogpost_id, $blogpost_addr, $title, $abstract,
 	$date_posted, $tags){
-	if(is_null($blogpost_addr)) {
-	printf("
+	print_r("
 <div class=\"blog-preview\">
-	<a href=\"http://www.zdenekborovec-dev.cz/blog/article?blogpost_id=%s\">
+	<table class=\"noborder-table\" style=\"width: 100%;\">
+	<tr><td>");
+	printf("
+	<a href=\"http://www.zdenekborovec-dev.cz/blog/article/%s\">
 		<h3>
 			%s
 		</h3>
-	</a>
-", $blogpost_id, $title);
-	}
-	else {
-	printf("
-<div class=\"blog-preview\">
-	<a href=\"http://www.zdenekborovec-dev.cz/blog/article?address=%s\">
-		<h3>
-			%s
-		</h3>
-	</a>
+	</a></td>
 ", $blogpost_addr, $title);
+
+	if (isset($_COOKIE["PHPSESSID"]) &&
+		(bool)($_SESSION["current_user"]->permissions & 128)) {
+		print_r("<td style=\"display: inline-block; text-align: right;
+			width: 100%;\">");
+		printf("<a
+			href=\"http://www.zdenekborovec-dev.cz/blog/writearticle?guid=%s\"
+			style=\"border: dotted black;\">edit</a></td>", $blogpost_id);
 	}
+	print_r("</tr></table>");
 
 	print_r("<table class=\"noborder-table\" style=\"width: 100%;\">
 		<tr><td class=\"blog-tags\">");

docs/www/blog/post_comment.php

@@ -0,0 +1,157 @@
+<?php
+$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
+
+include_once($COMMONS."/header.php");
+include_once($COMMONS."/blog_utils.php");
+
+/**
+ * Send a comment to the database.
+ * If the poster is not signed in, send "NULL" (as a string) as the $posterID
+ * The same goes for $parentId (that is the parent comment,
+ * if this one is a response)
+ * Returns: GUID PK of the newly added comment.
+ */
+function send_comment($conn, $blogId, $posterId, $content, $parentId) {
+	// If content is empty, do not post
+	if(empty($content)) {
+		return "";
+	}
+
+	// Get a uuid for the comment
+	$stmt = $conn->prepare("SELECT UUID()");
+	$stmt->execute();
+	$result = $stmt->fetch(PDO::FETCH_ASSOC);
+	$uuid = $result["UUID()"];
+
+	// Prepare the statemtnt
+	$stmt = $conn->prepare("INSERT INTO blogpost_comments
+		( comment_id,  parent_id,  blogpost_id,  poster_id,  content) VALUES
+		(:comment_id, :parent_id, :blogpost_id, :poster_id, :content);");
+
+	// Bind all the parameters
+	$stmt->bindValue(":comment_id", $uuid, PDO::PARAM_STR);
+	$stmt->bindValue(":parent_id", $parentId == "NULL"
+		? NULL : $parentId, PDO::PARAM_STR);
+	$stmt->bindValue(":blogpost_id", $blogId, PDO::PARAM_STR);
+	$stmt->bindValue(":poster_id", $posterId == "NULL"
+		? NULL : $posterId, PDO::PARAM_STR);
+	$stmt->bindValue(":content", $content, PDO::PARAM_STR);
+
+	// Execute the statement
+	$stmt->execute();
+
+	return $uuid;
+}
+
+// If request is not POST, show request info.
+if(strcmp($_SERVER["REQUEST_METHOD"], "POST") != 0)
+{
+	display_header("Post Comment");
+
+	printf("
+<article>
+	<h2>Post Comment</h2>
+	<p>
+		Request this page with POST supplying following arguments:
+	</p>
+	<table>
+		<tr>
+			<td>
+				<b>Argument</b>
+			</td>
+			<td>
+				<b>Comment</b>
+			</td>
+		</tr>
+		<tr>
+			<td>
+				referer
+			</td>
+			<td>
+				URL, from which this page was requested,
+				after adding the comment into the database,
+				the page will redirect back to the referer.
+			</td>
+		</tr>
+		<tr>
+			<td>
+				blogpost_id
+			</td>
+			<td>
+				GUID of the blogpost, under which the comment was posted.
+			</td>
+		</tr>
+		<tr>
+			<td>
+				content
+			</td>
+			<td>
+				Content of the comment.
+			</td>
+		</tr>
+		<tr>
+			<td>
+				parent_id (optional)
+			</td>
+			<td>
+				GUID of the parent comment of the comment to be posted.
+			</td>
+		</tr>
+	</table>
+	<p>
+		Note: takes the SESSION variable \"current_user\" into account, if set.
+	</p>
+</article>
+	");
+
+	include_once($COMMONS."/footer.php");
+	die();
+}
+
+// Check DB connection
+if($conn == null){
+	header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+	die();
+}
+
+// If one of the needed parameters isn't set, show 400
+if(!
+	(isset($_POST["referer"]) && isset($_POST["blogpost_id"]) &&
+	isset($_POST["content"])))
+{
+	header($_SERVER["SERVER_PROTOCOL"]." 400: Bad Request", true, 400);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/400.php");
+	die;
+}
+
+// Get the input arguments
+$referer = sanitize_input($_POST["referer"]);
+$blogpost_id = sanitize_input($_POST["blogpost_id"]);
+$content = sanitize_input($_POST["content"]);
+$parent_id = isset($_POST["parent_id"]) ?
+	sanitize_input($_POST["parent_id"]) : "NULL";
+$poster_id = isset($_SESSION["current_user"]) ?
+	sanitize_input($_SESSION["current_user"]->user_id) : "NULL";
+
+// Send the comment to the database
+$commentId = send_comment($conn, $blogpost_id, $poster_id, $content,
+	$parent_id);
+
+// Get the address of the blogpost
+$blogAddress = get_blogpost_address($conn, $blogpost_id);
+
+// Try to open the file to which to render the blogpost.
+if (!($fp = fopen("article/".$blogAddress.".php", 'w'))) {
+	header($_SERVER["SERVER_PROTOCOL"]." 500 Could not open file for writing",
+		true, 505);
+	include_once($_SERVER["DOCUMENT_ROOT"]."/errors/500.php");
+	die();
+}
+
+// Attempt to regenerate the blogpost
+$blogRendered = generate_article($conn, $fp, $blogpost_id);
+
+// Redirect back to the referrer.
+header("Location: ".$referer."#comment-".$commentId);
+?>

docs/www/blog/writearticle.php

@@ -175,6 +175,7 @@ function remove_blogpost_tags($conn, $blogpost_id) {
  *							(space-separated).
  * @param $abstract			Abstract for the article.
  * @param $content			Content of the article.
+ * @returns	The guid of the newly generated blogpost.
  */
 function publish_blogpost($conn, $blogpost_addr, $title, $tagStr, $abstract,
 	$content) {
@@ -197,6 +198,9 @@ function publish_blogpost($conn, $blogpost_addr, $title, $tagStr, $abstract,
 
 	// Add the new tags to the blogpost
 	add_tags_to_blogpost($conn, $blogpost_id, $tagStr);
+
+	// Return the newly generated blogposts id.
+	return $blogpost_id;
 }
 
 /**
@@ -251,28 +255,50 @@ if(isset($_POST["submit"])) {
 	$abstract = $_POST["article_abstract"];
 	$content = $_POST["article_content"];
 
-	// If adress is empty, set it to null
+	// If adress is empty, repopulate the prefills and show error
 	if(strcmp($address, "") == 0) {
-		$address = null;
+		// Set prefill values for the form
+		$blogId_prefill = isset($_POST["blogpost_id"]) ?
+			sanitize_input($_POST["blogpost_id"]) : "";
+		$title_prefill = $title;
+		$address_prefill = $address;
+		$abstract_prefill = $abstract;
+		$content_prefill = $content;
+		$tagStr_prefill = $tagsStr;
+		$addrErr = "Cannot be empty!";
 	}
-
+	// Otherwise update/create the blogpost
+	else {
 		if($_POST["blogpost_id"]) {
-		$blogpostId = $_POST["blogpost_id"];
+			$blogpostId = sanitize_input($_POST["blogpost_id"]);
 			update_blogpost($conn, $blogpostId, $address, $title, $tagsStr,
 				$abstract, $content);
 		}
 		else {
-		publish_blogpost($conn, $address, $title, $tagsStr, $abstract,
-			$content);
+			$blogpostId = publish_blogpost($conn, $address, $title, $tagsStr,
+				$abstract, $content);
 		}
 
 		generate_atom_feed($conn);
 
-	header("Location: http://www.zdenekborovec-dev.cz/blog");
-	die();
+		// Show button to generate the article
+		printf("
+<article>
+	<form method=\"post\"
+	action=\"http://www.zdenekborovec-dev.cz/blog/generatearticle/\">
+		<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
+		<input type=\"hidden\" name=\"referer\"
+		value=\"http://www.zdenekborovec-dev.cz/blog/article/%s\">
+		<input name=\"submit\" type=\"submit\" value=\"Generate article\">
+	</form>
+</article>
+		", $blogpostId, $address);
+		include_once($COMMONS."/footer.php");
+		die;
+	}
 }
 
-if(isset($_GET["guid"])) {
+else if(isset($_GET["guid"])) {
 	$blogId = sanitize_input($_GET["guid"]);
 
 	// select article title, abstract and content from the database
@@ -324,7 +350,7 @@ printf("
 			</td><td style=\"padding: 0px 4px;\">
 				<input type=\"text\" name=\"blogpost_address\" value=\"%s\">
 			</td><td style=\"padding: 0px 4px;\">
-				Leave empty to use GUID addressing
+				%s
 			</td></tr>
 			<tr><td style=\"padding: 0px 4px;\">
 				<label for=\"blogpost_tags\">Post tags:</label>
@@ -348,7 +374,7 @@ printf("
 		<input name=\"submit\" type=\"submit\" value=\"Send File\">
 	</form>
 </article>
-", $blogId_prefill, $title_prefill, $address_prefill, $tagStr_prefill, $abstract_prefill,
-	$content_prefill);
+", $blogId_prefill, $title_prefill, $address_prefill, $addrErr,
+	$tagStr_prefill, $abstract_prefill, $content_prefill);
 	include_once($COMMONS."/footer.php");
 ?>

docs/www/errors/400.php

@@ -0,0 +1,18 @@
+<?php
+$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
+
+include_once($COMMONS."/header.php");
+
+display_header("400: Bad Request");
+?>
+
+<article>
+<h2>400: Bad Request</h2>
+<div class="centered-container">
+<img src="https://assets.zdenekborovec.cz/upload/e1463bdfe24101b467cb8587980f14b6/9916594a95e8de21e0d41f90fe15d2a7/72dfbcf9e4809a28d8fdcf4940850164.gif" alt="Cat smacking another cat.">
+</div>
+</article>
+
+<?php
+include_once($COMMONS."/footer.php");
+?>

docs/www/errors/405.php

@@ -0,0 +1,18 @@
+<?php
+$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
+
+include_once($COMMONS."/header.php");
+
+display_header("405: Method not allowed");
+?>
+
+<article>
+<h2>405: Method Not Allowed</h2>
+<div class="centered-container">
+<img src="https://assets.zdenekborovec.cz/upload/39486004aa605167cdda6623a4a3fa6d/7da36b469b34cc1008639612f0c17e21/d077e6ed1bd1a560a718590ae609422c.gif" alt="GIF of a cat shaking its head.">
+</div>
+</article>
+
+<?php
+include_once($COMMONS."/footer.php");
+?>

docs/www/errors/500.php

@@ -3,7 +3,7 @@ $COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
 
 include_once($COMMONS."/header.php");
 
-display_header("403: Forbidden");
+display_header("500: Internal Server Error");
 ?>
 
 <article>

docs/www/errors/503.php

@@ -4,7 +4,7 @@ $COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
 
 include_once($COMMONS."/header.php");
 
-display_header("403: Forbidden");
+display_header("503: Service Unavailable");
 ?>
 
 <article>