460 lines
13 KiB
PHP
460 lines
13 KiB
PHP
<?php
|
|
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
|
|
|
|
include_once($COMMONS."/header.php");
|
|
|
|
class BlogpostComment
|
|
{
|
|
public $comment_id;
|
|
public $blogpost_id;
|
|
public $poster_id;
|
|
public $poster_name;
|
|
public $parent_id;
|
|
public $timestamp;
|
|
public $content;
|
|
public $children;
|
|
|
|
/**
|
|
* Display the comment, and recursively it's children
|
|
*/
|
|
public function display_comment() {
|
|
printf("
|
|
<div class=\"comment\" id=\"comment-%s\">
|
|
<div class=\"comment-own-wrapper\">
|
|
<span class=\"comment-author\"> By: %s </span>
|
|
<span class=\"comment-date\"> On: %s </span>
|
|
<label for=\"reveal-response-%s\" class=\"checkbox-button\">
|
|
Respond
|
|
</label>
|
|
<input type=\"checkbox\" id=\"reveal-response-%s\" style=\"display: none;\">
|
|
<hr>
|
|
<div class=\"comment-content\">
|
|
%s
|
|
</div>
|
|
<div class=\"comment-response\">
|
|
<form method=\"post\" action=\"%s\">
|
|
<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
|
|
<input type=\"hidden\" name=\"comment_id\" value=\"%s\">
|
|
<label for=\"comment_entry\">Write response:</label>
|
|
<div class=\"centered-container\">
|
|
<textarea name=\"comment_entry\" class=\"comment-box\"> </textarea>
|
|
</div>
|
|
<input name=\"submit\" type=\"submit\" value=\"Send\">
|
|
</form>
|
|
</div>
|
|
</div>
|
|
<div class=\"comment-child-wrapper\">
|
|
",
|
|
$this->comment_id,
|
|
$this->poster_name,
|
|
date("Y-m-d H:i", strtotime($this->timestamp)),
|
|
$this->comment_id,
|
|
$this->comment_id,
|
|
$this->content,
|
|
htmlspecialchars($_SERVER["PHP_SELF"]),
|
|
$this->blogpost_id,
|
|
$this->comment_id);
|
|
|
|
if($this->children != null) {
|
|
for($i = 0; $i < count($this->children); $i++)
|
|
{
|
|
$child = $this->children[$i];
|
|
$child->display_comment();
|
|
}
|
|
}
|
|
printf("</div></div>");
|
|
}
|
|
|
|
/**
|
|
* Load the child comments to this comment, and recursively their children.
|
|
*/
|
|
public function load_children($conn) {
|
|
// Prepare new statement for selecting all the child comments.
|
|
$stmt = $conn->prepare("SELECT comment_id, poster_id, timestamp,
|
|
content FROM blogpost_comments WHERE blogpost_id = :blogpost_id AND
|
|
parent_id = :comment_id ORDER BY timestamp ASC;");
|
|
|
|
// Bind and execute the comment select
|
|
$stmt->bindParam(":blogpost_id", $this->blogpost_id);
|
|
$stmt->bindParam(":comment_id", $this->comment_id);
|
|
$stmt->execute();
|
|
|
|
// Fetch the comments
|
|
$results_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
|
|
$comments_arr = [];
|
|
|
|
// Prepare comment author selection statement
|
|
$stmt = $conn->prepare("SELECT username FROM users WHERE
|
|
user_id = :user_id;");
|
|
|
|
// Recursively fetch all the child comments
|
|
for($i = 0; $i < count($results_arr); $i++) {
|
|
$com = $results_arr[$i];
|
|
|
|
// If comment has a registered author, fetch their name
|
|
if($com["poster_id"]) {
|
|
$stmt->bindParam(":user_id", $com["poster_id"]);
|
|
|
|
$stmt->execute();
|
|
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
// If user was erased from database, set name to [Deleted]
|
|
if(!$result) {
|
|
$username = "[Deleted]";
|
|
}
|
|
else {
|
|
$username = $result["username"];
|
|
}
|
|
}
|
|
else {
|
|
$username = "[Guest]";
|
|
}
|
|
|
|
$commentObj = new BlogpostComment($com["comment_id"],
|
|
$com["poster_id"], $username, $this->blogpost_id,
|
|
$com["timestamp"], $com["content"], $this->comment_id);
|
|
$comments_arr[] = $commentObj;
|
|
$commentObj->load_children($conn);
|
|
}
|
|
|
|
$this->children = $comments_arr;
|
|
}
|
|
|
|
/**
|
|
* Constructor for the BlogpostComment object.
|
|
* $comment_id GUID of the comment.
|
|
* $poster_id GUID of the comment author.
|
|
* $poster_name Name of the comment author.
|
|
* $blogpost_id GUID of the blogpost this comment is under.
|
|
* $timestamp Timestamp at comment creation.
|
|
* $content Content of the comment.
|
|
* $parent_id GUID of the comment this is a reply to (or NULL).
|
|
*/
|
|
public function __construct($comment_id, $poster_id, $poster_name,
|
|
$blogpost_id, $timestamp, $content, $parent_id) {
|
|
$this->comment_id = $comment_id;
|
|
$this->blogpost_id = $blogpost_id;
|
|
$this->poster_id = $poster_id;
|
|
$this->poster_name = $poster_name;
|
|
$this->timestamp = $timestamp;
|
|
$this->content = $content;
|
|
$this->parent_id = $parent_id;
|
|
}
|
|
}
|
|
|
|
|
|
class Blogpost
|
|
{
|
|
public $blogpost_id;
|
|
public $title;
|
|
public $content;
|
|
public $date_posted;
|
|
public $date_edited;
|
|
public $tags;
|
|
public $comments;
|
|
|
|
/**
|
|
* Display the article, or a warning message.
|
|
*/
|
|
public function display_article(){
|
|
// If a blog with given ID was not found display warning message.
|
|
if(!$this->title){
|
|
printf("
|
|
<article>
|
|
<h2> Article not found </h2>
|
|
<hr>
|
|
<p>
|
|
I am sorry, but I couldn't find an article with this ID.
|
|
</p>
|
|
</article>
|
|
");
|
|
return;
|
|
}
|
|
|
|
if (isset($_COOKIE["PHPSESSID"]) && (bool)($_SESSION["current_user"]->permissions & 128)) {
|
|
$topRight = sprintf("<td class=\"blog-publish-date\">
|
|
<a href=\"http://www.zdenekborovec-dev.cz/blog/writearticle/
|
|
?guid=%s\">Edit</a></td>", $this->blogpost_id);
|
|
}
|
|
else {
|
|
$topRight = sprintf("<td class=\"blog-publish-date\">Published on: %s</td>",
|
|
date("Y-m-d", strtotime($this->date_posted)));
|
|
}
|
|
|
|
// Display the blog title and metadata
|
|
printf("<article>");
|
|
print_r("<table class=\"noborder-table\" style=\"width: 100%; margin-top: 16px;\">");
|
|
printf("<tr><td style=\"padding: 0px;\"><h2 style=\"margin-top: 0px;\">%s</h2></td>%s</tr>
|
|
<tr><td class=\"blog-tags\">", $this->title, $topRight);
|
|
|
|
// Display tags
|
|
for($i = 0; $i < count($this->tags); $i++) {
|
|
$tag = $this->tags[$i];
|
|
printf("
|
|
<span class=\"blog-tag\" style=\"background-color: %s\">
|
|
%s
|
|
</span>", $tag["color"], $tag["name"]);
|
|
}
|
|
|
|
// Display publish date and end metadata div
|
|
printf("</td><td class=\"blog-publish-date\">Last edited on: %s</td></tr></table>",
|
|
date("Y-m-d", strtotime($this->date_edited)));
|
|
|
|
// Display hrule, article content and end the article
|
|
printf("</article><hr><article>%s</article>", $this->content);
|
|
}
|
|
|
|
/**
|
|
* Display the comments for this post and their children.
|
|
*/
|
|
public function display_comments(){
|
|
printf("<article>");
|
|
for($i = 0; $i < count($this->comments); $i++){
|
|
$this->comments[$i]->display_comment();
|
|
}
|
|
printf("</article>");
|
|
}
|
|
|
|
/**
|
|
* Constructor for the blogpost.
|
|
* $blogpost_id GUID of the blogpost in the database.
|
|
* $title Title of the blogpost.
|
|
* $content Content of the blogpost article.
|
|
* $date_posted Timestamp at publishing of article.
|
|
* $date_edited Timestamp at whioch the article was last edited.
|
|
* $tags Array of the tags this article has.
|
|
* $comments Array of Blogpostcomment objects,
|
|
* the comments of this article.
|
|
*/
|
|
public function __construct($blogpost_id, $title, $content,
|
|
$date_posted, $date_edited, $tags, $comments){
|
|
$this->blogpost_id = $blogpost_id;
|
|
$this->title = $title;
|
|
$this->content = $content;
|
|
$this->date_posted = $date_posted;
|
|
$this->date_edited = $date_edited;
|
|
$this->tags = $tags;
|
|
$this->comments = $comments;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Send a comment to the database.
|
|
* If the poster is not signed in, send "NULL" (as a string) as the $posterID
|
|
* The same goes for $parentId (that is the parent comment,
|
|
* if this one is a response)
|
|
* Returns: GUID PK of the newly added comment.
|
|
*/
|
|
function send_comment($conn, $blogId, $posterId, $content, $parentId) {
|
|
// If content is empty, do not post
|
|
if(empty($content)) {
|
|
return "";
|
|
}
|
|
|
|
// Get a uuid for the comment
|
|
$stmt = $conn->prepare("SELECT UUID()");
|
|
$stmt->execute();
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
$uuid = $result["UUID()"];
|
|
|
|
// Prepare the statemtnt
|
|
$stmt = $conn->prepare("INSERT INTO blogpost_comments
|
|
( comment_id, parent_id, blogpost_id, poster_id, content) VALUES
|
|
(:comment_id, :parent_id, :blogpost_id, :poster_id, :content);");
|
|
|
|
// Bind all the parameters
|
|
$stmt->bindValue(":comment_id", $uuid, PDO::PARAM_STR);
|
|
$stmt->bindValue(":parent_id", $parentId == "NULL"
|
|
? NULL : $parentId, PDO::PARAM_STR);
|
|
$stmt->bindValue(":blogpost_id", $blogId, PDO::PARAM_STR);
|
|
$stmt->bindValue(":poster_id", $posterId == "NULL"
|
|
? NULL : $posterId, PDO::PARAM_STR);
|
|
$stmt->bindValue(":content", $content, PDO::PARAM_STR);
|
|
|
|
// Execute the statement
|
|
$stmt->execute();
|
|
|
|
return $uuid;
|
|
}
|
|
|
|
/**
|
|
* Load comments under a given blog.
|
|
* Returns array of BlogpostComment objects.
|
|
*/
|
|
function load_comments($conn, $blogId) {
|
|
// Prepare new statement for selecting all the child comments.
|
|
$stmt = $conn->prepare("SELECT comment_id, poster_id, timestamp,
|
|
content FROM blogpost_comments WHERE blogpost_id = :blogpost_id
|
|
AND parent_id IS NULL ORDER BY timestamp ASC;");
|
|
|
|
// Bind and execute the comment select
|
|
$stmt->bindParam(":blogpost_id", $blogId);
|
|
$stmt->execute();
|
|
|
|
// Fetch the comments
|
|
$results_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
|
|
$comments_arr = [];
|
|
|
|
// Prepare comment author selection statement
|
|
$stmt = $conn->prepare("SELECT username FROM users WHERE
|
|
user_id = :user_id;");
|
|
|
|
// Recursively fetch all the child comments
|
|
for($i = 0; $i < count($results_arr); $i++) {
|
|
$com = $results_arr[$i];
|
|
|
|
// If comment has a registered author, fetch their name
|
|
if($com["poster_id"]) {
|
|
$stmt->bindParam(":user_id", $com["poster_id"]);
|
|
|
|
$stmt->execute();
|
|
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
// If user was erased from database, set name to [Deleted]
|
|
if(!$result) {
|
|
$username = "[Deleted]";
|
|
}
|
|
else {
|
|
$username = $result["username"];
|
|
}
|
|
}
|
|
else {
|
|
$username = "[Guest]";
|
|
}
|
|
|
|
$commentObj = new BlogpostComment($com["comment_id"], $com["poster_id"],
|
|
$username, $blogId, $com["timestamp"], $com["content"], NULL);
|
|
$commentObj->load_children($conn);
|
|
$comments_arr[] = $commentObj;
|
|
}
|
|
|
|
return $comments_arr;
|
|
}
|
|
|
|
/**
|
|
* Load info about the blog with a given guid and return corresponding
|
|
* Blogpost object. NULL if blog couldn't be loaded.
|
|
*/
|
|
function load_blog($conn, $blogId){
|
|
// Prepare and bind statement for gathering blogpost info
|
|
$stmt = $conn->prepare("SELECT title, content, date_posted, date_edited
|
|
FROM blogposts WHERE blogpost_id = :blogpost_id;");
|
|
$stmt->bindParam(":blogpost_id", $blogId);
|
|
|
|
// Execute the statement
|
|
$stmt->execute();
|
|
|
|
// Fetch the blogpost
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
// If no post with given guid was found,
|
|
// there is no information to gather, return.
|
|
if(!$result){
|
|
return null;
|
|
}
|
|
|
|
// Prepare new statement for selecting the tags for a given blogpost
|
|
$stmt = $conn->prepare("SELECT name, color FROM
|
|
blogpost_tags INNER JOIN blogpost_has_tag ON
|
|
blogpost_tags.tag_id = blogpost_has_tag.tag_id WHERE
|
|
blogpost_id = :blogpost_id;");
|
|
|
|
// Bind and execute the tag select
|
|
$stmt->bindParam(":blogpost_id", $blogId);
|
|
$stmt->execute();
|
|
|
|
// Fetch the tags
|
|
$tags_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
|
|
|
|
// Set the variables
|
|
$blogTitle = $result["title"];
|
|
$blogContent = $result["content"];
|
|
$datePosted = $result["date_posted"];
|
|
$dateEdited = $result["date_edited"];
|
|
$tags = $tags_arr;
|
|
$comments = load_comments($conn, $blogId);
|
|
|
|
return new Blogpost($blogId, $blogTitle, $blogContent,
|
|
$datePosted, $dateEdited, $tags, $comments);
|
|
}
|
|
|
|
// Check DB connection
|
|
if($conn == null){
|
|
header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
|
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
|
|
include_once($COMMONS."/footer.php");
|
|
die();
|
|
}
|
|
|
|
// If the method is post (user submitted a comment), try to post it,
|
|
// Refill the appropriate comment sumbmission form and display
|
|
// error message on error.
|
|
if(isset($_POST["submit"])) {
|
|
// Sanitise the user-submitted data
|
|
$blogId = sanitize_input($_POST["blogpost_id"]);
|
|
$commentContent = sanitize_input($_POST["comment_entry"]);
|
|
$parentId = isset($_POST["comment_id"]) ? $_POST["comment_id"] : "NULL";
|
|
$posterId = isset($_SESSION["current_user"]) ? $_SESSION["current_user"]->user_id : "NULL";
|
|
|
|
// Try to send the comment
|
|
$commentId = send_comment($conn, $blogId, $posterId,
|
|
$commentContent, $parentId);
|
|
|
|
// Redirect to this page with GET
|
|
header("Location: http://www.zdenekborovec-dev.cz/blog/article?guid=".
|
|
$blogId."#comment-".$commentId);
|
|
}
|
|
|
|
// If no ID was entered, display warning and die.
|
|
if(!isset($_GET["blogpost_id"])) {
|
|
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
|
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
|
|
include_once($COMMONS."/footer.php");
|
|
die();
|
|
}
|
|
|
|
// Get the blog id.
|
|
$blogId = sanitize_input($_GET["blogpost_id"]);
|
|
|
|
$blogPost = load_blog($conn, $blogId);
|
|
|
|
// If no ID was entered, display warning and die.
|
|
if(!$blogPost) {
|
|
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
|
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
|
|
include_once($COMMONS."/footer.php");
|
|
die();
|
|
}
|
|
|
|
// Display the header with title being the blog name
|
|
display_header($blogPost->title);
|
|
|
|
// Display the blog
|
|
$blogPost->display_article();
|
|
printf("<hr style=\"border-style: solid;\">");
|
|
|
|
// Display post comment form.
|
|
printf("
|
|
<article>
|
|
<h2> Comments: </h2>
|
|
<form method=\"post\" action=\"%s\">
|
|
<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
|
|
<label for=\"comment_entry\">Write a comment (%s):</label>
|
|
<div class=\"centered-container\">
|
|
<textarea name=\"comment_entry\" class=\"comment-box\" tabindex=\"1\"> </textarea>
|
|
</div>
|
|
<input name=\"submit\" type=\"submit\" tabindex=\"2\" value=\"Send\">
|
|
</form>
|
|
</article>
|
|
",
|
|
htmlspecialchars($_SERVER["PHP_SELF"]), $blogId,
|
|
isset($_SESSION["current_user"]) ? $_SESSION["current_user"]->user_name :
|
|
"Guest");
|
|
|
|
// Display the blog comments
|
|
$blogPost->display_comments();
|
|
|
|
include_once($COMMONS."/footer.php");
|
|
?>
|