236 lines
6.5 KiB
PHP
236 lines
6.5 KiB
PHP
<?php
|
|
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
|
|
|
|
include_once($COMMONS."/header.php");
|
|
include_once("blogpost.php");
|
|
include_once("blogpostcomment.php");
|
|
|
|
/**
|
|
* Send a comment to the database.
|
|
* If the poster is not signed in, send "NULL" (as a string) as the $posterID
|
|
* The same goes for $parentId (that is the parent comment,
|
|
* if this one is a response)
|
|
* Returns: GUID PK of the newly added comment.
|
|
*/
|
|
function send_comment($conn, $blogId, $posterId, $content, $parentId) {
|
|
// If content is empty, do not post
|
|
if(empty($content)) {
|
|
return "";
|
|
}
|
|
|
|
// Get a uuid for the comment
|
|
$stmt = $conn->prepare("SELECT UUID()");
|
|
$stmt->execute();
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
$uuid = $result["UUID()"];
|
|
|
|
// Prepare the statemtnt
|
|
$stmt = $conn->prepare("INSERT INTO blogpost_comments
|
|
( comment_id, parent_id, blogpost_id, poster_id, content) VALUES
|
|
(:comment_id, :parent_id, :blogpost_id, :poster_id, :content);");
|
|
|
|
// Bind all the parameters
|
|
$stmt->bindValue(":comment_id", $uuid, PDO::PARAM_STR);
|
|
$stmt->bindValue(":parent_id", $parentId == "NULL"
|
|
? NULL : $parentId, PDO::PARAM_STR);
|
|
$stmt->bindValue(":blogpost_id", $blogId, PDO::PARAM_STR);
|
|
$stmt->bindValue(":poster_id", $posterId == "NULL"
|
|
? NULL : $posterId, PDO::PARAM_STR);
|
|
$stmt->bindValue(":content", $content, PDO::PARAM_STR);
|
|
|
|
// Execute the statement
|
|
$stmt->execute();
|
|
|
|
return $uuid;
|
|
}
|
|
|
|
/**
|
|
* Load comments under a given blog.
|
|
* Returns array of BlogpostComment objects.
|
|
*/
|
|
function load_comments($conn, $blogId, $blogAddress) {
|
|
// Prepare new statement for selecting all the child comments.
|
|
$stmt = $conn->prepare("SELECT comment_id, poster_id, timestamp,
|
|
content FROM blogpost_comments WHERE blogpost_id = :blogpost_id
|
|
AND parent_id IS NULL ORDER BY timestamp ASC;");
|
|
|
|
// Bind and execute the comment select
|
|
$stmt->bindParam(":blogpost_id", $blogId);
|
|
$stmt->execute();
|
|
|
|
// Fetch the comments
|
|
$results_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
|
|
$comments_arr = [];
|
|
|
|
// Prepare comment author selection statement
|
|
$stmt = $conn->prepare("SELECT username FROM users WHERE
|
|
user_id = :user_id;");
|
|
|
|
// Recursively fetch all the child comments
|
|
for($i = 0; $i < count($results_arr); $i++) {
|
|
$com = $results_arr[$i];
|
|
|
|
// If comment has a registered author, fetch their name
|
|
if($com["poster_id"]) {
|
|
$stmt->bindParam(":user_id", $com["poster_id"]);
|
|
|
|
$stmt->execute();
|
|
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
// If user was erased from database, set name to [Deleted]
|
|
if(!$result) {
|
|
$username = "[Deleted]";
|
|
}
|
|
else {
|
|
$username = $result["username"];
|
|
}
|
|
}
|
|
else {
|
|
$username = "[Guest]";
|
|
}
|
|
|
|
$commentObj = new BlogpostComment($com["comment_id"], $com["poster_id"],
|
|
$username, $blogId, $blogAddress, $com["timestamp"],
|
|
$com["content"], NULL);
|
|
$commentObj->load_children($conn);
|
|
$comments_arr[] = $commentObj;
|
|
}
|
|
|
|
return $comments_arr;
|
|
}
|
|
|
|
/**
|
|
* Load info about the blog with a given guid and return corresponding
|
|
* Blogpost object. NULL if blog couldn't be loaded.
|
|
*/
|
|
function load_blog($conn, $blogId){
|
|
// Prepare and bind statement for gathering blogpost info
|
|
$stmt = $conn->prepare("SELECT readable_address, title, content,
|
|
date_posted, date_edited FROM blogposts WHERE
|
|
blogpost_id = :blogpost_id;");
|
|
$stmt->bindParam(":blogpost_id", $blogId);
|
|
|
|
// Execute the statement
|
|
$stmt->execute();
|
|
|
|
// Fetch the blogpost
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
// If no post with given guid was found,
|
|
// there is no information to gather, return.
|
|
if(!$result){
|
|
return null;
|
|
}
|
|
|
|
// Prepare new statement for selecting the tags for a given blogpost
|
|
$stmt = $conn->prepare("SELECT name, color FROM
|
|
blogpost_tags INNER JOIN blogpost_has_tag ON
|
|
blogpost_tags.tag_id = blogpost_has_tag.tag_id WHERE
|
|
blogpost_id = :blogpost_id;");
|
|
|
|
// Bind and execute the tag select
|
|
$stmt->bindParam(":blogpost_id", $blogId);
|
|
$stmt->execute();
|
|
|
|
// Fetch the tags
|
|
$tags_arr = $stmt->fetchall(PDO::FETCH_ASSOC);
|
|
|
|
// Set the variables
|
|
$blogTitle = $result["title"];
|
|
$blogAddress = $result["readable_address"];
|
|
$blogContent = $result["content"];
|
|
$datePosted = $result["date_posted"];
|
|
$dateEdited = $result["date_edited"];
|
|
$tags = $tags_arr;
|
|
$comments = load_comments($conn, $blogId, $blogAddress);
|
|
|
|
return new Blogpost($blogId, $blogAddress, $blogTitle, $blogContent,
|
|
$datePosted, $dateEdited, $tags, $comments);
|
|
}
|
|
|
|
// Check DB connection
|
|
if($conn == null){
|
|
header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
|
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
|
|
die();
|
|
}
|
|
|
|
// If a human-readable address was provided, extract appropriate id.
|
|
if(isset($_POST["address"])) {
|
|
$blogAddr = sanitize_input($_POST["address"]);
|
|
|
|
// Prepare and bind statement for gathering blogpost address
|
|
$stmt = $conn->prepare("SELECT blogpost_id
|
|
FROM blogposts WHERE readable_address = :readable_address;");
|
|
$stmt->bindParam(":readable_address", $blogAddr);
|
|
|
|
// Execute the statement
|
|
$stmt->execute();
|
|
|
|
// Fetch the blogpost
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
// If post with given address was found, set the $blogId var.
|
|
if($result){
|
|
$blogId = sanitize_input($result["blogpost_id"]);
|
|
}
|
|
}
|
|
|
|
// Attempt to load the blogpost
|
|
$blogPost = load_blog($conn, $blogId);
|
|
|
|
// If blogpost could not be retieved, display warning and die.
|
|
if(!$blogPost) {
|
|
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Foud", true, 404);
|
|
die();
|
|
}
|
|
|
|
// Try to open the file to which to render the blogpost.
|
|
if (!($fp = fopen("article/".$blogPost->address.".php", 'w'))) {
|
|
header($_SERVER["SERVER_PROTOCOL"]." 500 Could not open file for writing",
|
|
true, 505);
|
|
echo "fail";
|
|
die();
|
|
}
|
|
|
|
fprintf($fp,
|
|
"<?php
|
|
include_once(\"%s\");
|
|
display_header(\"%s\");
|
|
echo \"%s\";
|
|
?>
|
|
<hr style=\"border-style: solid;\">
|
|
<article>
|
|
<h2> Comments: </h2>
|
|
<form method=\"post\" action=\"%s\">
|
|
<input type=\"hidden\" name=\"blogpost_id\" value=\"%s\">
|
|
<input type=\"hidden\" name=\"address\" value=\"%s\">
|
|
<label for=\"comment_entry\">Write a comment (<?php
|
|
echo isset(\$_SESSION[\"current_user\"]) ?
|
|
\$_SESSION[\"current_user\"]->user_name:
|
|
\"Guest\";
|
|
?>
|
|
):</label>
|
|
<div class=\"centered-container\">
|
|
<textarea name=\"comment_entry\" class=\"comment-box\"
|
|
tabindex=\"1\"></textarea>
|
|
</div>
|
|
<input name=\"submit\" type=\"submit\" tabindex=\"2\"
|
|
value=\"Send\">
|
|
</form>
|
|
</article>
|
|
<?php
|
|
echo \"%s\";
|
|
include_once(\"%s\");
|
|
?>
|
|
",
|
|
$COMMONS."/header.php",
|
|
$blogPost->title,
|
|
addslashes($blogPost->display_article()),
|
|
"SEND_COMMAND_ACTION",
|
|
$blogPost->blogId,
|
|
$blogPost->address,
|
|
addslashes($blogPost->display_comments()),
|
|
$COMMONS."/footer.php");
|
|
?>
|