permissions & 128)) {
header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
include_once($COMMONS."/footer.php");
die();
}
/**
* Generate a feed.atom file for use by atom/rss readers.
*/
function generate_atom_feed($conn) {
if (!($fp = fopen('feed.atom', 'w'))) {
return;
}
// Prepare statement for selecting all the blogposts
$stmt = $conn->prepare("SELECT blogpost_id, readable_address, title,
abstract, content, date_posted, date_edited FROM blogposts ORDER BY
date_posted DESC LIMIT 15;");
// Execute the statement
$stmt->execute();
// Prepare new statement for selecting the tags for a given blogpost
$blogposts_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
fprintf($fp, "
Zdenek Borovec blog%sZdenek Borovechttps://www.zenekborovec.cz/blog/
", date("Y-m-d\TH:i:s\Z"));
// Prepare new statement for selecting the tags for a given blogpost
$stmt = $conn->prepare("SELECT name FROM
blogpost_tags INNER JOIN blogpost_has_tag ON
blogpost_tags.tag_id = blogpost_has_tag.tag_id WHERE
blogpost_id = :blogpost_id;");
// Go through all the blogposts, fetch their tags and display them
for($i=0; $i < count($blogposts_arr); $i++) {
// Get info for the current blog
$blog = $blogposts_arr[$i];
// Bind and execute the tag select
$stmt->bindParam(":blogpost_id", $blog["blogpost_id"]);
$stmt->execute();
// Fetch the tags
$tags_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
$categoryStr = "";
for($j=0; $j < count($tags_arr); $j++) {
$tag = $tags_arr[$j];
$categoryStr = $categoryStr."";
}
if(is_null($blog["readable_address"])) {
fprintf($fp, "
%s
%s
urn:uuid:%s%s%s%s
%s
", $blog["title"], $categoryStr, $blog["blogpost_id"],
$blog["blogpost_id"],
date("Y-m-d\TH:i:s\Z", strtotime($blog["date_posted"])),
date("Y-m-d\TH:i:s\Z", strtotime($blog["date_edited"])),
$blog["abstract"], sanitize_input($blog["content"]));
}
else {
fprintf($fp, "
%s
%s
urn:uuid:%s%s%s%s
%s
", $blog["title"], $categoryStr, $blog["readable_address"],
$blog["blogpost_id"],
date("Y-m-d\TH:i:s\Z", strtotime($blog["date_posted"])),
date("Y-m-d\TH:i:s\Z", strtotime($blog["date_edited"])),
$blog["abstract"], sanitize_input($blog["content"]));
}
}
fprintf($fp, "");
}
/**
* Explode the tag string into separate tags, if they exist,
* attach them to the article.
*/
function add_tags_to_blogpost($conn, $blogpost_id, $tagStr) {
// Get array of all the tags.
$tagArr = explode(" ", $tagStr);
// Prepare array for storing tag ids
$tagIdArr = [];
// Prepare statement to select id of a tag with given name
$stmt = $conn->prepare("SELECT tag_id FROM blogpost_tags
WHERE name = :name");
// Go through all the tag names and get their ids
foreach ($tagArr as $tagName) {
// Bind, execute and fetch the command
$stmt->bindParam(":name", $tagName);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
// If we got a result, add it to the found ids.
if($result) {
$tagIdArr[] = $result["tag_id"];
}
}
// Prepare the statement to add tag to blogpost and bind blogpost_id
$stmt = $conn->prepare("INSERT INTO blogpost_has_tag (blogpost_id, tag_id)
VALUES (:blogpost_id, :tag_id)");
$stmt->bindParam(":blogpost_id", $blogpost_id);
// Go through the found ids and insert them
foreach ($tagIdArr as $tagId) {
$stmt->bindParam(":tag_id", $tagId);
$stmt->execute();
}
}
/**
* Delete all blogpost-tag relations involving the given blogpost.
* @param $conn Active Mysql connection.
* @param $blogpost_id GUID of the edited blogpost.
*/
function remove_blogpost_tags($conn, $blogpost_id) {
// Prepare, bind and execute the delete statement
$stmt = $conn->prepare("DELETE FROM blogpost_has_tag
WHERE blogpost_id = :blogpost_id;");
$stmt->bindParam(":blogpost_id", $blogpost_id);
$stmt->execute();
}
/**
* Publish a new blogpost and add the specified tags to it..
* @param $conn Active Mysql connection.
* @param $blogpost_addr Human-readable address of the edited blogpost.
* @param $title Title for the blogpost.
* @param $tagStr String with all the tags for the blogpost
* (space-separated).
* @param $abstract Abstract for the article.
* @param $content Content of the article.
*/
function publish_blogpost($conn, $blogpost_addr, $title, $tagStr, $abstract,
$content) {
// Get an ID for the blogpost
$stmt = $conn->prepare("SELECT UUID()");
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$blogpost_id = $result["UUID()"];
// Prepare, bind and execute the insert statement
$stmt = $conn->prepare("INSERT INTO blogposts (blogpost_id,
readable_address, title, abstract, content) VALUES
(:blogpost_id, :address, :title, :abstract, :content);");
$stmt->bindParam(":blogpost_id", $blogpost_id);
$stmt->bindParam(":address", $blogpost_addr);
$stmt->bindParam(":title", $title);
$stmt->bindParam(":abstract", $abstract);
$stmt->bindParam(":content", $content);
$stmt->execute();
// Add the new tags to the blogpost
add_tags_to_blogpost($conn, $blogpost_id, $tagStr);
}
/**
* Update the blogpost content, title, abstract and date edited.
* Then update the tags.
* @param $conn Active Mysql connection.
* @param $blogpost_id GUID of the edited blogpost.
* @param $blogpost_addr Human-readable address of the edited blogpost.
* @param $title Title for the blogpost.
* @param $tagStr String with all the tags for the blogpost
* (space-separated).
* @param $abstract Abstract for the article.
* @param $content Content of the article.
*/
function update_blogpost($conn, $blogpost_id, $blogpost_addr, $title,
$tagStr, $abstract, $content) {
// Prepare, bind and execute the update statement
$stmt = $conn->prepare("UPDATE blogposts SET readable_address = :address,
title = :title, abstract = :abstract, content = :content,
date_edited = DEFAULT WHERE blogpost_id = :blogpost_id;");
$stmt->bindParam(":address", $blogpost_addr);
$stmt->bindParam(":title", $title);
$stmt->bindParam(":abstract", $abstract);
$stmt->bindParam(":content", $content);
$stmt->bindParam(":blogpost_id", $blogpost_id);
$stmt->execute();
// Remove old tags from this blogpost
remove_blogpost_tags($conn, $blogpost_id);
// Add the new tags to the blogpost
add_tags_to_blogpost($conn, $blogpost_id, $tagStr);
}
// Check DB connection
if($conn == null){
header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
include_once($COMMONS."/footer.php");
die();
}
display_header("Write article.");
if(isset($_POST["submit"])) {
// Input will not be sanitized, as it is desirable to allow full control
// over the content here and only trusted users should have access
// to this section
$title = $_POST["blogpost_title"];
$address = $_POST["blogpost_address"];
$tagsStr = $_POST["blogpost_tags"];
$abstract = $_POST["article_abstract"];
$content = $_POST["article_content"];
// If adress is empty, set it to null
if(strcmp($address, "") == 0) {
$address = null;
}
if($_POST["blogpost_id"]) {
$blogpostId = $_POST["blogpost_id"];
update_blogpost($conn, $blogpostId, $address, $title, $tagsStr,
$abstract, $content);
}
else {
publish_blogpost($conn, $address, $title, $tagsStr, $abstract,
$content);
}
generate_atom_feed($conn);
header("Location: http://www.zdenekborovec-dev.cz/blog");
die();
}
if(isset($_GET["guid"])) {
$blogId = sanitize_input($_GET["guid"]);
// select article title, abstract and content from the database
$stmt = $conn->prepare("SELECT readable_address, title, abstract, content
FROM blogposts WHERE blogpost_id = :blogpost_id");
$stmt->bindParam(":blogpost_id", $blogId);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
// Set prefill values for the form
$blogId_prefill = $blogId;
$title_prefill = $result["title"];
$address_prefill = $result["readable_address"];
$abstract_prefill = $result["abstract"];
$content_prefill = $result["content"];
// select the tags for this article from the database
$stmt = $conn->prepare("SELECT blogpost_tags.name FROM
(blogpost_tags INNER JOIN blogpost_has_tag ON
blogpost_tags.tag_id = blogpost_has_tag.tag_id) WHERE
blogpost_id = :blogpost_id;");
$stmt->bindParam(":blogpost_id", $blogId);
$stmt->execute();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Construct the string of all blogpost tags to prefill.
$tagStr_prefill = "";
foreach($results as $row) {
$tagStr_prefill .= $row["name"]." ";
}
}
printf("
", $blogId_prefill, $title_prefill, $address_prefill, $tagStr_prefill, $abstract_prefill,
$content_prefill);
include_once($COMMONS."/footer.php");
?>