config = $config; $this->load_database($config["file"]); $this->http_touch_database(); $this->post_instantiate(); } function check_database() { // Check if the database is loaded if (is_resource($this->db)) { return TRUE; } else { return FALSE; } } function http_touch_database() { // Try to fech the database file via HTTP if (! function_exists('http_head')) { return; } elseif (isset($this->config["http"]) && $this->config["http"] != "1") { return; } $http_response = http_head('http://' . $this->config["site"] . "/" . $this->config["file"], array("timeout" => 1), $http_info); if ($http_response != FALSE) { if ($http_info["response_code"] == "404") { $this->config["warn"]('File ' . $this->config["file"] . ' not found. Is your application working?.'); } elseif ($http_info["response_code"] != "403") { $this->config["warn"]('File ' . $this->config["file"] . ' available from HTTP. Please secure your installation.'); } } } function set_db_permission($database_file) { // Fix database permission chmod($database_file, 0600); } function load_database($database_file) { if ($this->check_database()) { return; } // Try to open or create the database if (! file_exists($database_file)) { $result = $this->create_database($database_file); if (is_resource($result)) { return $result; } else { die ($result); } } else if ($this->db = sqlite_open($database_file, 0600, $sqliteerror)) { $this->set_db_permission($database_file); return $this->db; } else { die ($sqliteerror); } } function close_database() { // Close an opened database sqlite_close($this->db); } function create_database($database_file) { /* Create a standard sqlite database * * Class variables: * * - table_scheme: array containing the database table scheme * - first_queries: array containing the first database queries * */ if ($this->check_database()) { return; } if ($this->db = sqlite_open($database_file, 0600, $sqliteerror)) { $this->set_db_permission($database_file); // Build the database structure if (isset($this->table_scheme) && ! empty($this->table_scheme)) { foreach ($this->table_scheme as $table) { $this->create_table($table); } } // Perform the initial database queries if (isset($this->first_queries) && ! empty($this->first_queries)) { foreach ($this->first_queries as $request) { sqlite_query($this->db, $request); } } // Database post-install function $this->db_post_install($database_file); return $this->db; } else { die ($sqliteerror); } } function create_table($table) { // Create a table sqlite_query($this->db, 'CREATE TABLE ' . $table); } function db_insert($table, $values) { // Insert values into a table $query = "INSERT into " . $table . " values (" . $values . ")"; return sqlite_query($this->db, $query); } function db_delete($table, $clause) { // Delete rows from a table $query = "DELETE from " . $table . " WHERE " . $clause; return sqlite_query($this->db, $query); } function db_select($table, $cols, $clause, $order, $limit, $offset) { // Select rows from a table $query = "SELECT " . $cols . " FROM " . $table; $query = empty($clause) ? $query : $query . " WHERE " . $clause; $query = empty($order) ? $query : $query . " ORDER BY " . $order; $query = empty($limit) ? $query : $query . " LIMIT " . $limit; $query = empty($offset) ? $query : $query . " OFFSET " . $offset; return sqlite_fetch_all(sqlite_query($this->db, $query)); } function db_rows($table, $cols, $clause, $order, $limit, $offset) { // Count db rows for a given query $query = "SELECT " . $cols . " FROM " . $table; $query = empty($clause) ? $query : $query . " WHERE " . $clause; $query = empty($order) ? $query : $query . " ORDER BY " . $order; $query = empty($limit) ? $query : $query . " LIMIT " . $limit; $query = empty($offset) ? $query : $query . " OFFSET " . $offset; return sqlite_num_rows(sqlite_query($this->db, $query)); } function db_post_install($database_file) { // Database post installation function return; } function post_instantiate() { // Last stuff to do in the class instantiation return; } } class sqlite_blog extends sqlite_database { /* A sqlite weblog class * * This class just implement an interface between the application * and a blog stored in a sqlite database; there's no session handling, * which which should be implement outside this class. * */ /* * * Database methods * */ var $table_scheme = array("users" => "users (uid integer primary key, user text, email text, password text, admin integer)", "posts" => "posts (id integer, title text, uid integer, date integer, body text, published integer)", "options" => "options (option text, value text, description text)", "comments" => "comments (cid integer primary key, id integer, title text, uid integer, date integer, body text, published integer)", "internal" => "internal (option text, value text, description text)"); function db_post_install($database_file) { // Modulog post-install dabatase function // Database scheme version $this->db_insert("internal", "'scheme', '" . DB_VERSION . "', 'Table version'"); // Default admin user $this->db_insert("users", "1, 'admin', 'admin@localhost', '" . sha1("admin") . "', 1"); $this->db_insert("internal", "'uid', '1', 'Current max uid'"); // As its a fresh new database, add the default content $welcome_string = 'Welcome to your new blog!
'; $welcome_string .= 'If you just installed this blog, please login and go to the admin section.
'; $welcome_string .= 'This first post is an automatic message and can be deleted through the admin interface.'; $this->db_insert("posts", "1, 'Welcome to Modulog!', 1, " . time() . ", '" . $welcome_string . "', 1"); $this->db_insert("internal", "'id', '1', 'Current max id'"); $this->db_insert("internal", "'cid', '0', 'Current max id'"); // Options $blog_options = $this->list_all_options(); foreach (array_keys($blog_options) as $item) { $this->set_option($item, $blog_options[$item]["default"], $blog_options[$item]["description"]); } } /* * * Content and display methods * */ function content_count($type, $filter) { // Return the number of content in the blog return $this->db_rows($type, "title", $filter, "date DESC", "", ""); } function posts_per_page($type) { // Get the number of posts per page $options = $this->get_site_options(); $option = $type . "perpage"; if (is_numeric($options[$option])) { return $options[$option]; } else { // Fix it $descriptions = $this->get_option_descriptions(); $this->set_option($option, "10", $descriptions[$option]); return $this->posts_per_page($type); } } function add_extra_info($result, $type) { // Add extra information in a post result query $n = 0; if (empty($result)) { return; } foreach ($result as $entry) { $posts[$n] = $entry; if ($type == "posts") { $posts[$n]["comments"] = $this->content_count("comments", "published = 1 AND id = " . $entry["id"]); } $posts[$n]["author"] = $this->get_username($entry["uid"]); $posts[$n]["date"] = date("D, j M Y G:i O", $entry["date"]); $posts[$n]["body"] = nl2br($entry["body"]); $posts[$n++]["teaser"] = $this->truncate($entry["body"], 50) . "..."; } return $posts; } function check_hidden_post($result, $uid) { // Check if a post or comment is hidden foreach ($result as $entry) { if ($entry["uid"] != $uid && $entry["published"] == 0) { return FALSE; } else { return TRUE; } } } function search_content($keywords, $callback) { // Search content in the database $clause = 'published = 1 AND body LIKE "%' . $keywords . '%" OR title like "%' . $keywords . '%"'; $result = $this->db_select("posts", "id, title, uid, date, body", $clause, "date DESC", "", ""); $data["posts"] = $this->add_extra_info($result, "posts"); $result = $this->db_select("comments", "cid, id, title, uid, date, body", $clause, "date DESC", "", ""); $data["comments"] = $this->add_extra_info($result, "comments"); $data["keywords"] = $keywords; $data["blog"] = $this; $this->display($data, $callback); } function show_posts($callback, $limit, $offset, $hidden) { // Display posts $clause = ($hidden != 1) ? 'published = 1' : ""; $result = $this->db_select("posts", "id, title, uid, date, body, published", $clause, "date DESC", $limit, $offset); $data["query"] = $this->add_extra_info($result, "posts"); $data["total"] = $this->content_count("posts", $clause); $this->display($data, $callback); } function show_user_posts($uid, $callback, $limit, $offset) { // Display posts from a given user $result = $this->db_select("posts", "id, title, uid, date, body, published", "uid = " . $uid, "date DESC", $limit, $offset); $data["query"] = $this->add_extra_info($result, "posts"); $data["total"] = $this->content_count("posts", ""); $this->display($data, $callback); } function show_comments($id, $callback, $limit, $offset, $hidden) { // Display comments $clause = (! empty($id)) ? "id = " . $id : ""; if ($hidden != 1) { if (! empty($clause)) { $clause .= ' AND '; } $clause .= 'published = 1'; } $result = $this->db_select("comments", "cid, id, title, uid, date, body, published", $clause, "date DESC", $limit, $offset); $data["query"] = $this->add_extra_info($result, "comments"); $data["total"] = $this->content_count("comments", $clause); $this->display($data, $callback); } function show_user_comments($uid, $id, $callback, $limit, $offset) { // Display comments $clause = "uid = " . $uid; if (! empty($id)) { $clause .= " AND id = " . $id; } $result = $this->db_select("comments", "cid, id, title, uid, date, body, published", $clause, "date DESC", $limit, $offset); $data["query"] = $this->add_extra_info($result, "comments"); $data["total"] = $this->content_count("comments", $clause); $this->display($data, $callback); } function show_post($id, $callback, $check_hidden, $uid) { // Display a specific post $result = $this->db_select("posts", "title, uid, date, body, published", "id = " . $id, "", "", ""); $data["query"] = $this->add_extra_info($result, "post"); $data["id"] = $id; if ($check_hidden == 1 && $this->check_hidden_post($result, $uid) == FALSE) { $this->config["warn"]("This post is not available."); return FALSE; } else { $this->display($data, $callback); } } function show_comment($cid, $callback, $check_hidden, $uid) { // Display a specific comment $result = $this->db_select("comments", "cid, id, title, uid, date, body, published", "cid = " . $cid, "", "", ""); $data["query"] = $this->add_extra_info($result, "comment"); $data["id"] = $this->get_id($cid); $data["cid"] = $cid; if ($check_hidden == 1 && check_hidden_post($result, $uid) == FALSE) { $this->config["warn"]("This post is not available."); return FALSE; } else { $this->display($data, $callback); } } function get_author_uid($id, $type) { // Get user id from a given post $table = ($type == "id") ? "posts" : "comments"; $result = $this->db_select($table, "id, uid", $type . " ='" . $id . "'", "", "", ""); foreach ($result as $entry) { return $entry["uid"]; } } function next_id($type) { // Increase id or cid $query = $this->db_select("internal", "option, value", "option = '" . $type . "'", "", "", ""); foreach ($query as $result) { $id = (int) $result["value"] + 1; } $this->db_delete("internal", "option = '" . $type . "'"); $this->db_insert("internal", "'" . $type . "', '" . $id . "', 'Current max " . $type . "'"); return $id; } function insert_content($data) { // Add or edit posts and comments $data["date"] = strtotime($data["date"]); $content = $data["id"] . ", '" . $data["title"] . "', " . $data["uid"] . ", " . $data["date"] . ", '" . $data["body"] . "', " . $data["published"]; if (isset($data["cid"])) { $table = "comments"; $key = "cid"; $content = $data["cid"] . ", " . $content; } else { $table = "posts"; $key = "id"; } $this->db_insert($table, $content); return $data[$key]; } function add_post($data) { // Add a new post $data["id"] = $this->next_id("id"); return $this->insert_content($data); } function add_comment($data) { // Add a new comment $data["cid"] = $this->next_id("cid"); return $this->insert_content($data); } function delete_post($id) { // Delete a post $this->db_delete("posts", "id = " . $id); } function delete_comment($cid) { // Delete a post $this->db_delete("comments", "cid = " . $cid); } function update_post($data) { // Update an existing post $this->delete_post($data["id"]); $this->insert_content($data); return $data["id"]; } function update_comment($data) { // Update an existing comment $this->delete_comment($data["cid"]); $this->insert_content($data); return $data["cid"]; } function check_post($id, $type) { // Check if a post exist $table = ($type == "id") ? "posts" : "comments"; $posts = $this->db_select($table, $type . ", uid", $type . " = '" . $id . "'", "", "", ""); foreach ($posts as $post) { if ($post[$type] != $id) { return FALSE; } else { return TRUE; } } } function get_id($cid) { // Get a comment id $posts = $this->db_select("comments", "cid, id", "cid = '" . $cid . "'", "", "", ""); foreach ($posts as $post) { return $post["id"]; } } /* * * Blog option methods * */ function list_text_options() { // Return the text options for the blog return array("sitename" => array("description" => 'Your website name', "default" => 'Modulog'), "sitedesc" => array("description" => 'Site description', "default" => 'A Modulog Blog site'), "siteemail" => array("description" => 'The website email', "default" => 'admin@localhost'), "postsperpage" => array("description" => 'Maximum posts per page', "default" => '10'), "commentsperpage" => array("description" => 'Maximum comments per page', "default" => '10')); } function list_boolean_options() { // Return the boolean options for the blog return array("autoregister" => array("description" => 'Whether users can automatically register themselves', "default" => '0'), "openpost" => array("description" => 'Whether non-admin users can post storiers', "default" => '0'), "opencomment" => array("description" => 'Whether non-admin users can post comments', "default" => '0'), "http_check" => array("description" => 'Whether to check if the database is available via HTTP', "default" => '1')); } function list_all_options() { // Return all blog options return $this->list_text_options() + $this->list_boolean_options(); } function set_option($option, $value, $comment) { // Set a blog option // First remove the old value $this->db_delete("options", "option = '" . $option . "'"); // Then add the option $this->db_insert("options", "'" . $option . "', '" . $value . "', '" . $comment . "'"); } function get_site_options() { // Get all blog options $result = $this->db_select("options", "option, value", "", "", "", ""); foreach ($result as $entry) { $site_options[$entry["option"]] = $entry["value"]; } return $site_options; } function get_option_descriptions() { // Get option descriptions $result = $this->db_select("options", "option, description", "", "", "", ""); foreach ($result as $entry) { $options_descriptions[$entry["option"]] = $entry["description"]; } return $options_descriptions; } /* * * User and auth methods * */ function show_users($callback) { // Show blog users $data["query"] = $this->db_select("users", "uid, user, email, admin", "", "", "", ""); $this->display($data, $callback); } function login($user, $password, $passwd_type) { /* Do login or check if a user is logged * * $passwd_type can be either: * * sha1: $password given as a sha1 hash * plain: $password given as plain text * */ if ($passwd_type == "sha1") { $hash_function = "plain"; } elseif ($passwd_type == "plain") { $hash_function = "sha1sum"; } else { $this->config["warn"]("Login function requires passw_type to be either 'sha1' or 'plain'."); return FALSE; } $result = $this->db_select("users", "uid, password", "user = '" . $user . "'", "", "", ""); foreach ($result as $entry) { if ($entry["password"] == $this->$hash_function($password)) { // Logged return TRUE; } else { // Not logged return FALSE; } } } function user_data($uid) { // Fetches the user data $result = $this->db_select("users", "uid, user, email, admin", "uid = '" . $uid . "'", "", "", ""); foreach ($result as $entry) { return $entry; } } function check_valid_email($email) { // Check if a given email is valid $valid_email="^[a-z0-9]+[a-z0-9\?\.\+-_]*@[a-z0-9_-]+(\.[a-z0-9_-]+)*\.[a-z]+$"; return (empty($email) || ! eregi($valid_email, $email)) ? FALSE : TRUE; } function insert_user($data) { // Insert a user into the users table $this->db_insert("users", $data["uid"] . ", '" . $data["user"] . "', '" . $data["email"] . "', '" . $data["password"] . "', " . $data["admin"]); } function update_max_uid($uid) { // Update uid internal value $this->db_delete("internal", "option = 'uid'"); $this->db_insert("internal", "'uid', '" . $uid . "', 'Current max uid'"); } function adduser($data) { // Add a new user in the database if (! $this->check_valid_email($data["email"])) { $this->config["warn"]("Invalid email address."); return FALSE; } elseif ($data["admin"] != "1" && $data["admin"] != "0") { $this->config["warn"]("Invalid admin flag value."); return FALSE; } $result = $this->db_select("users", "*", "", "", "", ""); foreach ($result as $entry) { if ($entry["user"] == $data["user"]) { $this->config["warn"]("User " . $data["user"] . " already exists."); return FALSE; } elseif ($entry["email"] == $data["email"]) { $this->config["warn"]("Email " . $data["email"] . " already in use."); return FALSE; } } $uid = $this->db_select("internal", "option, value", "option = 'uid'", "", "", ""); foreach ($uid as $result) { $data["uid"] = (int) $result["value"] + 1; break; } $data["password"] = sha1($data["password"]); $this->insert_user($data); $this->update_max_uid($data["uid"]); return TRUE; } function remove_user($uid, $action) { // Remove an user and everything he/she published if ($action != "update") { $this->db_delete("comments", "uid = '" . $uid . "'"); $this->db_delete("posts", "uid = '" . $uid . "'"); } $this->db_delete("users", "uid = '" . $uid . "'"); } function update_user($data) { // Updates an user information $result = $this->db_select("users", "uid, user, email, password", "", "", "", ""); if (! empty($data["password"])) { $data["password"] = sha1($data["password"]); } foreach ($result as $entry) { if ($data["uid"] == $entry["uid"]) { $uid = $entry["uid"]; if (empty($data["password"])) { $data["password"] = $entry["password"]; } } elseif ($data["user"] == $entry["user"]) { $this->config["warn"]("Username " . $data["user"] . " already in use."); return FALSE; } elseif ($data["email"] == $entry["email"]) { $this->config["warn"]("Email " . $data["email"] . " already in use."); return FALSE; } } if (empty($uid)) { $this->config["warn"]("User uid " . $data["uid"] . " does not exist."); return FALSE; } $this->remove_user($data["uid"], "update"); $this->insert_user($data); return TRUE; } function get_username($uid) { // Return an username for a given user id $data = $this->user_data($uid); return $data["user"]; } function get_uid($user) { // Return the uid for a given user $result = $this->db_select("users", "uid, user", "user = '" . $user . "'", "", "", ""); foreach ($result as $entry) { return $entry["uid"]; } } function gen_passwd() { // Generates a random password $string = "abcdefghijklmnopqrstuvwxyz0123456789"; $string = ereg_replace('([a-z0-9])', '\\0 ', $string); $array = explode(" ", $string); $passwd = ""; $passwd_size = 20; $upper = FALSE; for ($n = 1; $n <= $passwd_size; $n++) { $rnd = rand(1, 36); $char = $array[$rnd]; if ($upper == TRUE) { $char = strtoupper($char); $upper = FALSE; } else { $upper = TRUE; } $passwd .= $char; } return $passwd; } function set_passwd($user, $passwd) { // Set a password for a user $uid = $this->get_uid($user); $user_data = $this->user_data($uid); $user_data["password"] = $password; $this->update_user($user_data); } /* * * Misc methods * */ function get_date() { // Return the date in the blog format return date("D, j M Y G:i O", time()); } function plain($string) { return $string; } function sha1sum($string) { return sha1($string); } function truncate($string, $size) { // Truncate a string $pieces = explode(" ", $string); $pieces = array_slice($pieces, 0, $size); $string = implode(" ", $pieces); return $string; } function display($data, $type) { // Display function multiplexer / dispatcher // Array data can contain the following keys: // // ["blog"] -> reference to the blog class // ["query"] -> result of the sqlite query // ["total"] -> total number of the content type // ["string"] -> string content // ["user"] -> user data // ["action"] -> desired action // ["acl"] -> current user role // ["id"] -> user id if (! empty($type) && ! empty($this->config["disp"])) { $callback = $this->config["disp"] . "_" . $type; } else { $callback = $this->config["disp"]; } if (function_exists($callback)) { $data["blog"] = $this; $callback($data); return; } else if (is_resource($data)) { // We don't print resources return; } echo "Display " . $type; foreach (array_keys($data) as $key) { if (is_array($data[$key])) { echo "[" . $key . "] => Array {"; echo "
"; $this->display($data[$key], $type); echo "
}

"; } else if (! is_object($data[$key])) { echo "[" . $key . "] => " . $data[$key] . "
"; } } } } class modulog extends sqlite_blog { /* Modulog class * * This class implements sessions, access control, * user and content management methods, but does * not implement any display function. * */ function post_instantiate() { // Start the session if (! isset($_SESSION)) { session_start(); } $options = $this->get_site_options(); if ($options["http_check"] == "1") { $this->config["http"] = 1; $this->http_touch_database(); } } /* * * Session methods * */ function do_login() { // Log in an user session $option = $this->strip($_POST["option"]); if ($option == "Log in") { if (isset($_POST["user"]) && isset($_POST["password"])) { $user = $this->strip($_POST["user"]); $password = $this->strip($_POST["password"]); if ($this->login($user, $password, "plain") == TRUE) { $uid = $this->get_uid($user); $_SESSION["uid"] = $uid; } else { $data["string"] = 'Invalid login'; $this->display($data, "warning"); } } else { $data["string"] = 'Either user or password missing.'; $this->display($data, "warning"); } $this->show_posts('posts', $this->posts_per_page("posts"), 0, 0); } else if ($option == "Reminder") { if (isset($_POST["user"])) { $user = $this->strip($_POST["user"]); $user_data = $this->user_data($this->get_uid($user)); if (empty($user_data)) { $msg["string"] = "No such user " . $user; $this->display($msg, "warning"); } if (function_exists('mail')) { $passwd = $this->gen_passwd(); $this->set_passwd($user, $passwd); $this->send_passwd($user, $passwd); $msg["string"] = "New passowrd sent to user " . $user; $this->display($msg, ""); } else { $msg["string"] = "Email function not supported. Contact the site administrator."; $this->display($msg, "warning"); } } else { $msg["string"] = "No username informed"; $this->display($msg, "warning"); } } } function send_passwd($user, $passwd) { // Send a password for a user $uid = $this->get_uid($user); $user_data = $this->user_data($uid); $message = "Someone requested a new password for your user " . $user . " "; $message .= 'at http://' . $this->config["site"] . "/\n\n"; $message .= "Your new password is " . $passwd . "\n"; $message .= "Please login and chance it."; mail($user_data["email"], "New password for user " . $user, $message); } function session_check_login() { // Check if the user is logged in if (isset($_GET["query"]) && $this->strip($_GET["query"] == "register" && ! (isset($_SESSION["uid"])))) { return; } if (isset($_SESSION["uid"])) { $this->display(array(), "user_info"); } else { $this->display(array(), "login_box"); } } function do_logout() { // Log out an user session if (isset($_SESSION["uid"])) { unset($_SESSION["uid"]); } else { $data["string"] = "You're not logged in."; $this->display($data, "warning"); } session_destroy(); $this->show_posts('posts', $this->posts_per_page("posts"), 0, 0); } /* * * User methods * */ function user_acl_check() { // Check the user permission if (isset($_SESSION["uid"])) { $user_options = $this->user_data($_SESSION["uid"]); return ($user_options["admin"] == "1") ? "admin" : "user"; } else { return "anon"; } } function user_is_admin() { // Check if its the admin that's logged return ($this->user_acl_check() == "admin") ? TRUE : FALSE; } function user_form_check($action, $acl) { // Check if the register/edituser form was correctly filled $user_params = array("user" => "", "email" => "", "option" => ""); if ($action == "edituser") { $user_params += array("uid" => "", "admin" => ""); } else { if ($acl == "admin") { $user_params += array("admin" => "", "password" => "", "pass-confirm" => ""); } else { $user_params += array("password" => "", "pass-confirm" => ""); } } $data["action"] = $action; $data["acl"] = $acl; $data["user"] = array(); foreach (array_keys($user_params) as $item) { if (! isset($_POST[$item])) { $this->display($data, "edit_user_form"); return FALSE; } elseif (strlen($_POST[$item]) == 0) { $msg["string"] = "You should fill all the form."; $this->display($msg, "warning"); $this->display($data, "edit_user_form"); return FALSE; } else { $user_params[$item] = $this->strip($_POST[$item]); } } if ($acl != "admin") { $user_params["admin"] = "0"; } return $user_params; } function do_register() { // Register a user $acl = $this->user_acl_check(); $options = $this->get_site_options(); if ($acl == "anon") { if ($options["autoregister"] == "0") { $msg["string"] = "Register account: permission denied."; $this->display($msg, "warning"); $this->show_posts('posts', $this->posts_per_page("posts"), 0, 0); return; } } elseif ($acl == "user") { $msg["string"] = "Register: You're already registered as user " . $this->get_username($_SESSION["uid"]) . "."; $this->display($msg, "warning"); $this->show_posts('posts', $this->posts_per_page("posts"), 0, 0); return; } if (($user_params = $this->user_form_check("register", $acl)) == FALSE) { return; } if ($user_params["password"] != $user_params["pass-confirm"]) { $msg["string"] = "Password doesn't match."; $this->display($msg, "warning"); $this->show_posts('posts', $this->posts_per_page("posts"), 0, 0); return; } if ($this->adduser($user_params) == TRUE) { if (isset($_SESSION["uid"])) { $msg["string"] = "User successfully created.
"; $this->display($msg, ""); } else { $msg["string"] = "User successfully created. Please login now.
"; $this->display($msg, ""); $this->display(array(), "login_box"); } } } function user_edit($acl, $uid) { // Edit an existing user $data["action"] = "edituser"; $data["acl"] = $acl; $data["user"] = $this->user_data($uid); if (isset($_GET["uid"])) { $this->display($data, "edit_user_form"); } elseif (isset($_POST["uid"])) { if (($params = $this->user_form_check("edituser", $acl)) == FALSE) { return; } $current_user = $this->user_data($_SESSION["uid"]); $options = $this->get_site_options(); // Security checks if ($acl != "admin") { if ($params["uid"] != $current_user["uid"]) { $msg["string"] = "You're not an admin to perform this action."; $this->display($msg, "warning"); return; } $params["admin"] = "0"; } if (! isset($_POST["password"]) && ! isset($_POST["pass-confirm"])) { $msg = "You should fill all the form."; $this->display($msg, "warning"); return; } if (! empty($_POST["password"])) { if ($_POST["password"] != $_POST["pass-confirm"]) { $msg = "Password doesn't match."; $this->display($msg, "warning"); $data = $this->user_data($uid); $this->display($data, "edit_user_form"); return; } else { $params["password"] = $this->strip($_POST["password"]); } } if ($params["option"] == "Update") { if ($this->update_user($params) == TRUE) { $msg["string"] = "Options for user " . $params["user"] . " successfully set"; $this->display($msg, ""); } } elseif ($params["option"] == "Delete") { $this->remove_user($params["uid"], "delete"); $msg["string"] = "User removed: " . $params["user"]; $this->display($msg, ""); if ($params["uid"] == $current_user["uid"]) { $this->do_logout(); } } else { $msg = "Invalid action: " . $params["option"]; $this->display($msg, "warning"); } } else { $msg = "You should specify an uid."; $this->display($msg, "warning"); } } function do_edituser() { // Process user editing requests $acl = $this->user_acl_check(); if (isset($_GET["uid"])) { $uid = $this->strip($_GET["uid"]); } elseif (isset($_POST["uid"])) { $uid = $this->strip($_POST["uid"]); } else { $msg["string"] = "You should specify an user name."; $this->display($msg, "warning"); return; } if ($acl == "admin") { $this->user_edit($acl, $uid); } elseif ($acl == "user") { if ($uid == $_SESSION["uid"]) { $this->user_edit($acl, $uid); } else { $msg["string"] = "You're not and admin to perform this action."; $this->display($msg, "warning"); } } else { $msg["string"] = "You're not logged to try this action."; $this->display($msg, "warning"); } } /* * * Admin methods * */ function do_admin() { // Admin interface $acl = $this->user_acl_check(); $posts_per_page = $this->posts_per_page("posts"); $comments_per_page = $this->posts_per_page("comments"); if ($acl == "admin") { if (isset($_GET["updateoptions"])) { $descriptions = $this->get_option_descriptions(); foreach (array_keys($this->list_all_options()) as $item) { if (! isset($_POST[$item])) { $msg["string"] = "Missing POST parameter " . $item; $this->display($msg, "warning"); return; } else { $this->set_option($item, $this->strip($_POST[$item]), $descriptions[$item]); } } $msg["string"] = "Options successfully set."; $this->display($msg, ""); $this->show_posts('posts_admin', $posts_per_page, $posts_per_page*$this->content_set_page("poffset"), 1); $this->show_comments("", 'comments_admin', $comments_per_page, $comments_per_page*$this->content_set_page("coffset"), 1); $this->show_users('users'); $this->display(array(), "options"); } else { $this->show_posts('posts_admin', $posts_per_page, $posts_per_page*$this->content_set_page("poffset"), 1); $this->show_comments("", 'comments_admin', $comments_per_page, $comments_per_page*$this->content_set_page("coffset"), 1); $this->show_users('users'); $this->display(array(), "options"); } } elseif ($acl == "user") { $msg = "You're not an admin."; $this->display($msg, "warning"); } else { $msg = "You're not logged in."; $this->display($msg, "warning"); } } /* * * Content methods * */ function content_perform_edition($type) { // Process content edition $data = array("title" => "", "author" => "", "date" => "", "body" => "", "published" => ""); $identifier = ($type == "post") ? "id" : "cid"; $error = FALSE; foreach(array_keys($data) as $key) { if (isset($_POST[$key]) && strlen($_POST[$key]) > 0) { $data[$key] = $_POST[$key]; } else { $msg["string"] = "Unfilled required field: " . $key; $this->display($msg, "warning"); $error = TRUE; } } if ($type == "comment") { $data["id"] = $this->strip($_GET["id"]); } if (! empty($_POST[$identifier])) { $data[$identifier] = $this->strip($_POST[$identifier]); $edit_function = "update_" . $type; } else { $edit_function = "add_" . $type; } $data["uid"] = $this->get_uid($data["author"]); if (empty($data["uid"])) { $msg["string"] = "User " . $data["author"] . " does not exist"; $this->display($msg, "warning"); $this->display(array("query" => array("0" => $data)), $type . "_editing_form"); return; } // Strip unwanted tags $data["body"] = strip_tags($data["body"], '

'); // Check the date if (strtotime($data["date"]) == -1) { $msg["string"] = "User " . $data["author"] . " Invalid date"; $this->display($msg, "warning"); $this->display(array("query" => array("0" => $data)), $type . "_editing_form"); return; } if ($error == FALSE) { $id = $this->$edit_function($data); $msg["string"] = "Post successfully saved"; $this->display($msg, ""); $show_function = "show_" . $type; $this->$show_function($id, $type, 0, $_SESSION["uid"]); } else { $this->display(array("query" => array("0" => $data)), $type . "_editing_form"); } } function content_edit($type) { // Edit content $acl = $this->user_acl_check(); $options = $this->get_site_options(); $identifier = ($type == "post") ? "id" : "cid"; if (! isset($_GET[$identifier])) { // New post if ($type == "comment" && ! isset($_GET["id"])) { $msg["string"] = "Post id not set"; $this->display($msg, "warning"); return; } else if ($type == "comment") { $data["id"] = $this->strip($_GET["id"]); } if ($acl == "anon") { $msg["string"] = "You're not allowed to post or edit content type " . $type; $this->display($msg, "warning"); } else if ($acl != "admin" && $options["open" . $type] = "0") { $msg["string"] = "You're not allowed to post or edit content type " . $type; $this->display($msg, "warning"); } else if (! isset($_POST["title"])) { $data["query"] = array("0" => array("title" => "", "author" => $this->get_username($_SESSION["uid"]), "date" => $this->get_date(), "body" => "", "published" => "1")); $this->display($data, $type . "_editing_form"); } else { $this->content_perform_edition($type); } } else { // Existing post $id = $this->strip($_GET[$identifier]); // Security checks if ($acl == "anon") { $msg["string"] = "You're not logged in."; $this->display($msg, "warning"); return; } elseif ($acl == "user") { if ($this->get_author_uid($id, $identifier) != $_SESSION["uid"]) { $msg["string"] = "You're not the author of this post."; $this->display($msg, "warning"); return; } } if ($this->check_post($id, $identifier) == FALSE) { $msg["string"] = "Post " . $identifier . " " . $id . " does not exist."; $this->display($msg, "warning"); return; } if ($type == "comment" && $this->get_id($id) != $_GET["id"]) { $msg["string"] = "Invalid id " . $this->strip($_GET["id"]) . " for comment " . $cid . "."; $this->display($msg, "warning"); return; } if (! isset($_POST[$identifier])) { $show_function = "show_" . $type; $this->$show_function($id, $type . '_editing_form', 0, $_SESSION["uid"]); } else { if ($_POST[$identifier] != $_GET[$identifier]) { $msg["string"] = "GET and POST " . $identifier . " doesn't match"; $this->display($msg, "warning"); } else if ($type == "comment" && $_POST["id"] != $_GET["id"]) { $msg["string"] = "GET and POST id's doesn't match"; $this->display($msg, "warning"); } if ($_POST["option"] == "Save") { $this->content_perform_edition($type); } else if ($_POST["option"] == "Delete") { $delete_function = "delete_" . $type; $this->$delete_function($this->strip($_GET["id"])); $msg["string"] = "Content removed"; $this->display($msg, ""); } } } } function do_edit() { // Edit content $this->content_edit("post"); } function do_comment() { // Edit or create comments $this->content_edit("comment"); } function content_set_page($page) { // Set the page number for content exhibition if (isset($_GET[$page])) { $page = (int) $this->strip($_GET[$page]); } else { $page = 0; } return $page; } function do_read() { // Read content if (! isset($_GET["id"])) { $posts_per_page = $this->posts_per_page("posts"); $this->show_posts('posts', $posts_per_page, $posts_per_page*$this->content_set_page("poffset"), 0); } else { $comments_per_page = $this->posts_per_page("comments"); $id = $this->strip($_GET["id"]); $uid = (isset($_SESSION["uid"])) ? $_SESSION["uid"] : ""; $this->show_post($id, 'post', 1, $uid); $this->show_comments($id, 'comments', $comments_per_page, $comments_per_page*$this->content_set_page("coffset"), 0); } } function do_rss() { // RSS Feed if (isset($_GET["type"])) { $type = $this->strip($_GET["type"]); if ($type == "posts") { $this->show_posts('rss', $this->posts_per_page("posts"), 0, 0); } else if ($type == "comments") { $this->show_comments("", 'rss', $this->posts_per_page("comments"), 0, 0); } else { $msg["string"] = "Invalid action"; $this->display($msg, 'warning'); } } } function do_search() { // Search content if (! isset($_POST["keywords"])) { $this->display(array(), "search"); } else { $keywords = $this->strip($_POST["keywords"]); $this->search_content($keywords, 'search'); } } function do_mine() { // Show posts and comments from the current user if (isset($_SESSION["uid"])) { $msg["string"] = "Your publications"; $this->display($msg, ''); $uid = $_SESSION["uid"]; $posts_per_page = $this->posts_per_page("posts"); $comments_per_page = $this->posts_per_page("comments"); $this->show_user_posts($uid, "posts", $posts_per_page, $posts_per_page*$this->content_set_page("poffset")); $this->show_user_comments($uid, "", "comments", $comments_per_page, $comments_per_page*$this->content_set_page("coffset")); } else { $msg["string"] = "You're not logged in"; $this->display($msg, 'warning'); } } /* * * Misc methods * */ function close() { // Close the blog $this->close_database(); } function strip($string) { // Strip a string from codes and special chars return strip_tags($string); } } ?>