permissions & 128)) { header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php"); include_once($COMMONS."/footer.php"); die(); } /** * Explode the tag string into separate tags, if they exist, * attach them to the article. */ function add_tags_to_blogpost($conn, $blogpost_id, $tagStr) { // Get array of all the tags. $tagArr = explode(" ", $tagStr); // Prepare array for storing tag ids $tagIdArr = []; // Prepare statement to select id of a tag with given name $stmt = $conn->prepare("SELECT tag_id FROM blogpost_tags WHERE name = :name"); // Go through all the tag names and get their ids foreach ($tagArr as $tagName) { // Bind, execute and fetch the command $stmt->bindParam(":name", $tagName); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); // If we got a result, add it to the found ids. if($result) { $tagIdArr[] = $result["tag_id"]; } } // Prepare the statement to add tag to blogpost and bind blogpost_id $stmt = $conn->prepare("INSERT INTO blogpost_has_tag (blogpost_id, tag_id) VALUES (:blogpost_id, :tag_id)"); $stmt->bindParam(":blogpost_id", $blogpost_id); // Go through the found ids and insert them foreach ($tagIdArr as $tagId) { $stmt->bindParam(":tag_id", $tagId); $stmt->execute(); } } /** * Delete all blogpost-tag relations involving the given blogpost. * @param $conn Active Mysql connection. * @param $blogpost_id GUID of the edited blogpost. */ function remove_blogpost_tags($conn, $blogpost_id) { // Prepare, bind and execute the delete statement $stmt = $conn->prepare("DELETE FROM blogpost_has_tag WHERE blogpost_id = :blogpost_id;"); $stmt->bindParam(":blogpost_id", $blogpost_id); $stmt->execute(); } /** * Publish a new blogpost and add the specified tags to it.. * @param $conn Active Mysql connection. * @param $title Title for the blogpost. * @param $tagStr String with all the tags for the blogpost * (space-separated). * @param $abstract Abstract for the article. * @param $content Content of the article. */ function publish_blogpost($conn, $title, $tagStr, $abstract, $content) { // Get an ID for the blogpost $stmt = $conn->prepare("SELECT UUID()"); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); $blogpost_id = $result["UUID()"]; // Prepare, bind and execute the insert statement $stmt = $conn->prepare("INSERT INTO blogposts (blogpost_id, title, abstract, content) VALUES (:blogpost_id, :title, :abstract, :content);"); $stmt->bindParam(":blogpost_id", $blogpost_id); $stmt->bindParam(":title", $title); $stmt->bindParam(":abstract", $abstract); $stmt->bindParam(":content", $content); $stmt->execute(); // Add the new tags to the blogpost add_tags_to_blogpost($conn, $blogpost_id, $tagStr); } /** * Update the blogpost content, title, abstract and date edited. * Then update the tags. * @param $conn Active Mysql connection. * @param $blogpost_id GUID of the edited blogpost. * @param $title Title for the blogpost. * @param $tagStr String with all the tags for the blogpost * (space-separated). * @param $abstract Abstract for the article. * @param $content Content of the article. */ function update_blogpost($conn, $blogpost_id, $title, $tagStr, $abstract, $content) { // Prepare, bind and execute the update statement $stmt = $conn->prepare("UPDATE blogposts SET title = :title, abstract = :abstract, content = :content, date_edited = DEFAULT WHERE blogpost_id = :blogpost_id;"); $stmt->bindParam(":title", $title); $stmt->bindParam(":abstract", $abstract); $stmt->bindParam(":content", $content); $stmt->bindParam(":blogpost_id", $blogpost_id); $stmt->execute(); // Remove old tags from this blogpost remove_blogpost_tags($conn, $blogpost_id); // Add the new tags to the blogpost add_tags_to_blogpost($conn, $blogpost_id, $tagStr); } // Check DB connection if($conn == null){ header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php"); include_once($COMMONS."/footer.php"); die(); } display_header("Write article."); if(isset($_POST["submit"])) { // Input will not be sanitized, as it is desirable to allow full control // over the content here and only trusted users should have access // to this section $title = $_POST["blogpost_title"]; $tagsStr = $_POST["blogpost_tags"]; $abstract = $_POST["article_abstract"]; $content = $_POST["article_content"]; if($_POST["blogpost_id"]) { $blogpostId = $_POST["blogpost_id"]; update_blogpost($conn, $blogpostId, $title, $tagsStr, $abstract, $content); } else { publish_blogpost($conn, $title, $tagsStr, $abstract, $content); } header("Location: "."http://www.zdenekborovec-dev.cz/blog"); } if(isset($_GET["guid"])) { $blogId = sanitize_input($_GET["guid"]); // select article title, abstract and content from the database $stmt = $conn->prepare("SELECT title, abstract, content FROM blogposts WHERE blogpost_id = :blogpost_id"); $stmt->bindParam(":blogpost_id", $blogId); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); // Set prefill values for the form $blogId_prefill = $blogId; $title_prefill = $result["title"]; $abstract_prefill = $result["abstract"]; $content_prefill = $result["content"]; // select the tags for this article from the database $stmt = $conn->prepare("SELECT blogpost_tags.name FROM (blogpost_tags INNER JOIN blogpost_has_tag ON blogpost_tags.tag_id = blogpost_has_tag.tag_id) WHERE blogpost_id = :blogpost_id;"); $stmt->bindParam(":blogpost_id", $blogId); $stmt->execute(); $results = $stmt->fetchAll(PDO::FETCH_ASSOC); // Construct the string of all blogpost tags to prefill. $tagStr_prefill = ""; foreach($results as $row) { $tagStr_prefill .= $row["name"]." "; } } printf("

Tags should be separated by spaces, use dash-case, use the tageditor page to add new tags.
", $blogId_prefill, $title_prefill, $tagStr_prefill, $abstract_prefill, $content_prefill); include_once($COMMONS."/footer.php"); ?>