File Source for MinimalWeblog.php

<?php
// MinimalWeblog 1.0.2
// Copyright 2006 Jan Pieter Kunst <jpkunst at xs4all dot nl>
//
// Based on Personal Weblog 1.0.0
// http://www.kyne.com.au/~mark/software/weblog.php
// Copyright 2001,2002 Mark Pulford <mark@kyne.com.au>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/**
* @package MinimalWeblog
* @version 1.0.2
*/
/**
* Constant definitions, configuration for MinimalWeblog
*/
require('config.inc.php');
/**
* Class to make a connection to a MySQL database with the mysqli extension
*/
require('DB_MySQLi.class.php');
/**
* Class to handle weblog functionality; for embedding in existing web page
*
* MinimalWeblog 1.0.2 by Jan Pieter Kunst,
* based on {@link http://www.kyne.com.au/~mark/software/weblog.php Personal Weblog 1.0.0} by Mark Pulford
* @copyright MinimalWeblog (c) 2006 Jan Pieter Kunst <jan.pieter.kunst at xs4all dot nl>
* @copyright Personal Weblog (c) 2001,2002 Mark Pulford <mark at kyne dot com dot au>
* @license http://www.gnu.org/licenses/gpl.txt GNU General Public License
* @package MinimalWeblog
*/
class MinimalWeblog {
/**
* @var bool gets set to TRUE if logged in with admin privileges
*/
private $_admin = FALSE;
/**
* @var obj object of class DBMySQLi which handles the database stuff
*/
private $_db;
/**
* @var string prefix for table names (useful if no separate db for weblog)
*/
private $_prefix;
/**
* @var array options loaded from the database
*/
private $_dbvars = array();
/**
* @var bool gets set to TRUE if the script cannot run
*/
private $_broken = FALSE;
/**
* @var string name of the script. Basically $_SERVER['PHP_SELF']
*/
private $_self;
/**
* @var array strings denoting encountered errors
*/
private $_errors = array();
/**
* @var array acceptable numeric cgi variables (when prefixed with "wl_")
*/
private $_numeric_cgi = array('topic', 'delopt', 'tid', 'eid', 'offset');
/**
* @var array acceptable string cgi variables (when prefixed with "wl_")
*/
private $_string_cgi = array('mode', 'name', 'icon', 'value', 'title', 'body', 'more', 'password', 'update', 'search');
/**
* @var array combination of valid numeric and string variables
*/
private $_valid_cgi = array();
/**
* @var int ordinal number of entry to start the current page with, used when paging through entries
*/
private $_offset = 0;
/**
* @var int id of current topic (when browsing)
*/
private $_topic;
/**
* @var int id of topic where entries belonging to another, to-be-deleted topic will be moved into
*/
private $_delopt;
/**
* @var int id of current entry
*/
private $_eid;
/**
* @var int id of current topic (when editing)
*/
private $_tid;
/**
* @var string current weblog mode
*/
private $_mode;
/**
* @var string md5 hash of admin password
*/
private $_password;
/**
* @var string name of current topic
*/
private $_name;
/**
* @var string path to icon of current topic
*/
private $_icon;
/**
* @var array configuration variables
*/
private $_value;
/**
* @var string title of current weblog entry
*/
private $_title;
/**
* @var string first part of current weblog entry
*/
private $_body;
/**
* @var string second part of current weblog entry (optional)
*/
private $_more;
/**
* @var string whether or not editing an existing entry should update its date
*/
private $_update;
/**
* @var string text to search for in weblog entries
*/
private $_search;
/**
* Weblog constructor
*
* The Weblog class must be instantiated at the top of the page
* before any data is sent. This way it can modify the HTTP headers.
* Checks for a valid new or current login;
* Sets the class variable $_admin to true on a successful login.
*/
public function __construct() {
set_error_handler(array($this, 'handle_error'));
if (version_compare(PHP_VERSION, '5.1.0RC1', '>=')) {
date_default_timezone_set(MINIMALWEBLOG_TIMEZONE);
}
$this->_self = $_SERVER['PHP_SELF'];
$this->_valid_cgi = array_merge($this->_numeric_cgi, $this->_string_cgi);
if (headers_sent()) {
trigger_error('The Weblog constructor must be called before the headers have been sent', E_USER_ERROR);
$this->_broken = TRUE;
return;
}
// Constants are defined in minimalweblog_defs.inc.php
$this->_prefix = MINIMALWEBLOG_TABLE_PREFIX;
$this->_db = new DB_MySQLi(MINIMALWEBLOG_DB, MINIMALWEBLOG_HOST, MINIMALWEBLOG_USER, MINIMALWEBLOG_PASS);
if (!$this->_db->connected()) {
trigger_error('Unable to connect to the database. Check Weblog() arguments.', E_USER_ERROR);
$this->_broken = TRUE;
return;
}
// get data from GET/POST and clean up
$this->load_cgi_vars(array_merge($_GET, $_POST));
$this->sanitize_input();
// load options from the database
$this->load_db_vars();
if ($this->_mode == 'rss') {
$this->rss_print();
exit;
}
// Check for login status or log out
// Only used for admin user
if ($this->_mode == 'logout') {
$this->logout();
} elseif ($this->current_login()) {
$this->_admin = TRUE;
} elseif ($this->_password == $this->getvar('password')) {
// $this->_password only set after wl_mode=login called
// (from login form)
session_start();
$_SESSION['logged_in'] = TRUE;
$this->_admin = TRUE;
}
}
/**
* Return weblog HTML
*
* @return string HTML for chosen weblog mode
*/
public function insert() {
if ($this->_broken) {
trigger_error('Cannot insert weblog HTML, Weblog is not initialised', E_USER_ERROR);
return '<p>' . join('<br />', $this->_errors) . '</p>';
}
$retval = $this->getvar('header') . "\n";
/**
* Keys of this array are possible values of the
* request variable 'wl_mode'. wl_mode sets $this->_mode.
* Values are names of private methods to be invoked
* depending on the value of $this->_mode.
*/
$controller = array(
'more' => 'entry_display',
'archive' => 'entry_archive',
'edit setup' => 'setup_edit',
'save setup' => 'setup_save',
'edit entry' => 'entry_edit',
'preview entry' => 'entry_preview',
'save entry' => 'entry_save',
'delete entry' => 'entry_delete',
'delete topic' => 'topic_delete',
'change topic' => '_topic_update',
'add topic' => 'topic_add',
'edit topics' => 'topic_edit',
'login' => 'login',
'logout' => 'entry_search', // actual logout has happened earlier
);
// The configurable buttons have varying mode names
$controller[$this->getvar('search_text')] = 'entry_search';
$controller[$this->getvar('reset_text')] = 'entry_reset';
if (!isset($this->_mode)) {
$retval .= $this->entry_search();
} else if (isset($controller[$this->_mode])) {
$retval .= call_user_func(array($this, $controller[$this->_mode]));
} else {
trigger_error('Unknown weblog mode', E_USER_ERROR);
}
$retval .= $this->getvar('footer') . "\n";
if (! empty($this->_errors)) {
$retval .= '<p>' . join('<br />', $this->_errors) . '</p>';
}
return $retval;
}
/**
* Return HRTML form to log in as admin
*
* @return string HTML with form or error message
*/
private function _login_form() {
$retval = "<h2>Login</h2>\n";
if (isset($this->_password)) {
trigger_error('Incorrect password', E_USER_WARNING);
return $retval;
}
$retval .= "<p><form action=\"{$this->_self}\" method=\"post\">\n";
$retval .= $this->print_form_vars(array_diff($this->_valid_cgi,
array('password')));
$retval .= "<input type=\"password\" name=\"wl_password\">\n";
$retval .= "<input type=\"submit\" value=\"Login\">\n";
$retval .= "</form></p>\n";
$retval .= $this->_back_link();
return $retval;
}
/**
* Returns an URL query string
*
* @param array array of variables to put in query string
* @return string query string with same
*/
private function _query_string($array) {
$vars = array();
foreach ($array as $k => $v) {
if (! is_null($v)) {
array_push($vars, "wl_$k=" . urlencode($v));
}
}
return join('&', $vars);
}
/**
* Returns an <a> element
*
* @param array array of variables to put in query string
* @param string text for link
* @return string HTML with <a> element
*/
private function _href_link($array, $text) {
$query_string = htmlspecialchars($this->_self . '?' . $this->_query_string($array));
return "<a href=\"$query_string\">$text</a>";
}
/**
* Return a link back to the main page while maintaining current search parameters
*
* @return string HTML with link
*/
private function _back_link() {
$query_string = $this->_query_string(array('offset' => $this->_offset,
'topic' => $this->_topic,
'search' => $this->_search));
if ($query_string) {
$query_string = '?' . $query_string;
}
$query_string = htmlspecialchars($this->_self . $query_string);
$bl = $this->getvar('backlink');
return str_replace('@URL@', $query_string, $bl);
}
/**
* Change name or icon of topic. wl_mode=change+topic
*
* Uses properties: tid, name, icon
* @return string HTML with success or failure message
*/
private function _topic_update() {
$retval = "<h2>Updating topic</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
if (!$this->_tid) {
trigger_error('No topic selected', E_USER_WARNING);
$retval .= $this->_back_link();
return $retval;
}
$terms = '';
if ($this->_name) {
$terms = 'name=?';
$params = array('name' => $this->_name);
}
if ($this->_icon) {
if ($terms != '') {
$terms .= ', ';
}
$terms .= 'icon=?';
$params['icon'] = $this->_icon;
}
if ($terms == '') {
trigger_error('At least one of icon or name must be set', E_USER_WARNING);
$retval .= $this->_back_link();
return $retval;
}
$params['tid'] = $this->_tid;
$numrows = $this->_db->change("UPDATE {$this->_prefix}topics SET $terms WHERE tid=?", $params);
if ($numrows == 1) {
$retval .= "<p><b>Topic changed</b></p>\n";
} else {
$retval .= "<p><b>Topic not changed</b></p>\n";
}
$retval .= $this->_back_link();
return $retval;
}
/**
* Add a topic. wl_mode=add+topic
*
* Uses properties: name, icon
* @return string HTML with success or failure message
*/
private function topic_add() {
$retval = "<h2>Adding topic</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
if (!$this->_name || !$this->_icon) {
trigger_error('Both name and icon must be set', E_USER_WARNING);
$retval .= $this->_back_link();
return $retval;
}
$query = "INSERT INTO {$this->_prefix}topics (name, icon) VALUES (?,?)";
$params = array('name' => $this->_name, 'icon' => $this->_icon);
$numrows = $this->_db->change($query, $params);
if ($numrows == 1)
$retval .= "<p><b>Topic added</b></p>\n";
else
trigger_error('Failed to add topic', E_USER_ERROR);
$retval .= $this->_back_link();
return $retval;
}
/**
* Delete a topic, possibly moving entries to another topic. wl_mode=delete+topic
*
* Uses properties: tid, delopt
* @return string HTML with success or failure message
*/
private function topic_delete() {
$retval = "<h2>Deleting topic</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
if (!$this->_tid) {
trigger_error('No topic selected', E_USER_WARNING);
$retval .= $this->_back_link();
return $retval;
}
if ($this->_tid == $this->_delopt) {
trigger_error('Cannot move entries into the topic about to be deleted!', E_USER_WARNING);
$retval .= $this->_back_link();
return $retval;
}
// Verify "delopt" exists unless it is zero
// 0 => use "tid" for a dummy lookup.
$v = $this->_delopt;
if (!$v) {
$v = $this->_tid;
}
$tname = $this->topic_verify($v);
if ($tname === FALSE) {
$retval .= $this->_back_link();
return $retval;
}
if ($this->_delopt) {
$query = "UPDATE {$this->_prefix}entries SET tid=? WHERE tid=?";
$params = array('delopt' => $this->_delopt, 'tid' => $this->_tid);
$retval .= "<p>Moving entries to $tname</p>\n";
} else {
$query = "DELETE FROM {$this->_prefix}entries WHERE tid=?";
$params = array('tid' => $this->_tid);
$retval .= "<p>Deleting any existing entries for $tname</p>\n";
}
$numrows = $this->_db->change($query, $params);
if ($numrows == -1) {
trigger_error('No topic found to delete', E_USER_WARNING);
$retval .= $this->_back_link();
return $retval;
}
$numrows = $this->_db->change("DELETE FROM {$this->_prefix}topics WHERE tid=?", array('tid' => $this->_tid));
if ($numrows == 1) {
$retval .= "<p><b>Topic deleted</b></p>\n";
} else {
trigger_error('No topic found to delete', E_USER_WARNING);
}
$retval .= $this->_back_link();
return $retval;
}
/**
* Return HTML for hidden fields to maintain current cgi variable values through html form
*
* @param array field names
* @return string HTML with hidden fields (<input type="hidden">)
*/
private function print_form_vars($cgi_names) {
$retval = '';
foreach ($cgi_names as $varname) {
$private_varname = '_' . $varname;
if (isset($this->$private_varname)) {
if (is_array($this->$private_varname)) {
foreach ($this->$private_varname as $key => $value)
$retval .= "<input type=\"hidden\" name=\"wl_{$varname}[$key]\" value=\"" . htmlspecialchars($value) . "\" />\n";
} else {
$retval .= "<input type=\"hidden\" name=\"wl_{$varname}\" value=\"" . htmlspecialchars($this->$private_varname) . "\" />\n";
}
}
}
return $retval;
}
/**
* Edit topics. wl_mode=edit+topics
*
* @return string HTML form for editing topics
*/
private function topic_edit() {
$retval = "<h2>Edit topics</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
$tsel = $this->topic_selectbox('delopt', -1, 'Delete');
if (!$tsel)
return $retval;
$resultset = $this->_db->fetch("SELECT * FROM {$this->_prefix}topics");
if (empty($resultset))
return $retval;
$retval .= "<p><form action=\"{$this->_self}\" method=\"post\">\n";
$retval .= $this->print_form_vars(array('offset', 'topic', 'search'));
$retval .= "<table border=\"1\" cellpadding=\"3\">\n";
$retval .= '<tr><th>Id</th><th>Name</th>';
$retval .= "<th>Icon</th><th> </th></tr>\n";
foreach ($resultset as $array) {
$retval .= '<tr>';
$retval .= "<td>{$array['tid']}</td>\n";
$retval .= "<td>{$array['name']}</td>\n";
$retval .= "<td><img src=\"{$array['icon']}\"> <a href=\"{$array['icon']}\" />{$array['icon']}</a></td>\n";
$retval .= "<td><input type=\"radio\" name=\"wl_tid\" value=\"{$array['tid']}\" /></td>";
$retval .= "</tr>\n";
}
$retval .= "<td colspan=\"3\" align=\"right\">Select none</td>\n";
$retval .= "<td><input type=\"radio\" name=\"wl_tid\" value=\"\" checked /></td>";
$retval .= "</table>\n";
$retval .= "<table><tr>\n";
$retval .= "<td>Name:</td><td><input type=\"text\" name=\"wl_name\" maxlength=\"80\" /></td>\n";
$retval .= "</tr><tr>\n";
$retval .= "<td>Icon:</td><td><input type=\"text\" name=\"wl_icon\" maxlength=\"128\" /></td>\n";
$retval .= "</tr></table>\n";
$retval .= "<input type=\"submit\" name=\"wl_mode\" value=\"change topic\" />\n";
$retval .= "<input type=\"submit\" name=\"wl_mode\" value=\"add topic\" /><br />\n";
$retval .= 'Move or delete entries currently in topic: ';
$retval .= $tsel;
$retval .= "<input type=\"submit\" name=\"wl_mode\" value=\"delete topic\" />\n";
$retval .= "</form></p>\n";
$retval .= $this->_back_link();
return $retval;
}
/**
* Save weblog options (data from 'vars' table). wl_mode=save+setup
*
* @return string HTML with success or failure message
*/
private function setup_save() {
$retval = "<h2>Updating configuration</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
foreach ($this->_value as $k => $v) {
$this->setvar($k, $v);
}
$retval .= "<p><b>Configuration saved</b></p>\n";
$retval .= $this->_back_link();
return $retval;
}
/**
* Edit weblog options (data from 'vars' table). wl_mode=edit+setup
*
* @return string HTML form for editing weblog options
*/
private function setup_edit() {
$retval = "<h2>Edit weblog setup</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
$resultset = $this->_db->fetch("SELECT * FROM {$this->_prefix}vars WHERE editable <> ? ORDER BY name ASC", array('editable' => 'no'));
if (empty($resultset))
return $retval;
$retval .= "<p><form action=\"{$this->_self}\" method=\"post\">\n";
$retval .= $this->print_form_vars(array('offset', 'topic', 'search'));
foreach ($resultset as $array) {
if ($array['name'] == 'password') {
$retval .= "<h2>new {$array['name']} (leave empty for unchanged)</h2>\n";
$retval .= '<p>';
$retval .= "<input type=\"text\" name=\"wl_value[{$array['name']}]\" value=\"\" size=\"60\" />\n";
$retval .= '</p>';
continue;
}
$retval .= "<h2>{$array['name']}</h2>\n";
if ($array['help'])
$retval .= "<p>{$array['help']}</p>\n";
$retval .= '<p>';
if ($array['editable'] == 'single') {
$retval .= "<input type=\"text\" name=\"wl_value[{$array['name']}]\" value=\"" . htmlspecialchars($array['value']) . "\" size=\"60\" />\n";
} else {
$retval .= "<textarea name=\"wl_value[{$array['name']}]\" rows=\"5\" cols=\"60\" wrap=\"virtual\">" . htmlspecialchars($array['value']) . "</textarea>\n";
}
$retval .= '</p>';
}
$retval .= "<p><input type=\"submit\" name=\"wl_mode\" value=\"save setup\" /></p>\n";
$retval .= "</form></p>\n";
$retval .= $this->_back_link();
return $retval;
}
/**
* Load a weblog entry overriding current title, tid, body, more values
*
* @param int entry id
* @return bool TRUE if entry found, FALSE otherwise
* @access private
*/
private function entry_load($eid) {
$resultset = $this->_db->fetch("SELECT * FROM {$this->_prefix}entries WHERE eid=?", array('eid' => $eid));
if (empty($resultset)) {
trigger_error('The entry was not found', E_USER_ERROR);
return FALSE;
}
$entry = $resultset[0];
foreach (array('title', 'tid', 'body', 'more') as $key) {
$private_varname = '_' . $key;
// if value is already loaded from a form,
// don't overwrite with value from the database
// otherwise edit -> preview -> edit does not work
if (! isset($this->$private_varname)) {
$this->$private_varname = $entry[$key];
}
}
return TRUE;
}
/**
* Edit an entry. wl_mode=edit+entry
*
* Uses properties: eid, tid, title, body, more, update
* The entry can be given from CGI variables, start blank, or be loaded from the DB.
* @return string HTML with form for editing entry
*/
private function entry_edit() {
$retval = "<h2>Edit entry</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
if (isset($this->_eid)) {
if (!$this->entry_load($this->_eid)) {
$retval .= $this->_back_link();
return $retval;
}
}
$tsel = $this->topic_selectbox('tid', $this->_tid);
if (!$tsel) {
return $retval;
}
$retval .= "<p><form action=\"{$this->_self}\" method=\"post\">\n";
$retval .= $this->print_form_vars(array('offset', 'topic', 'search'));
if (isset($this->_eid)) {
$retval .= "<input type=\"hidden\" name=\"wl_eid\" value=\"{$this->_eid}\" />\n";
}
$retval .= "Title: <input type=\"text\" name=\"wl_title\" value=\"" . htmlspecialchars($this->_title) . "\" maxlength=\"200\" size=\"60\" /><br />\n";
$retval .= "Topic: ";
$retval .= $tsel;
$retval .= "<br />\n";
$retval .= "Body:<br />\n";
$retval .= "<textarea name=\"wl_body\" rows=\"10\" cols=\"60\" wrap=\"virtual\">" . htmlspecialchars($this->_body) . "</textarea><br />\n";
$retval .= "More:<br />\n";
$retval .= "<textarea name=\"wl_more\" rows=\"10\" cols=\"60\" wrap=\"virtual\">" . htmlspecialchars($this->_more) . "</textarea><br />\n";
// Only offer "update" when editing an existing entry
if (isset($this->_eid)) {
$retval .= "<input type=\"checkbox\" name=\"wl_update\" value=\"yes\"";
if ($this->_update == 'yes') {
$retval .= ' checked';
}
$retval .= " /> Update timestamp<br />\n";
}
$retval .= "<input type=\"submit\" name=\"wl_mode\" value=\"preview entry\" />\n";
$retval .= "<input type=\"submit\" name=\"wl_mode\" value=\"save entry\" /><br />\n";
$retval .= "</form></p>\n";
$retval .= $this->_back_link();
return $retval;
}
/**
* Preview an entry. wl_mode=preview+entry
*
* Uses properties: eid, tid, title, body, more, update
* @return string HTML with preview of entry
*/
private function entry_preview() {
$retval = "<h2>Preview entry</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
if ($this->_eid) {
// existing entry
$resultset = $this->_db->fetch("SELECT created,updated,name,icon FROM {$this->_prefix}entries,{$this->_prefix}topics WHERE eid=? AND {$this->_prefix}topics.tid=?", array('eid' => $this->_eid, 'topics_tid' => $this->_tid));
} else {
// new entry
$resultset = $this->_db->fetch("SELECT name,icon FROM {$this->_prefix}topics WHERE tid=?", array('tid' => $this->_tid));
}
if (empty($resultset)) {
return $retval;
}
$array = $resultset[0];
// New entry? Set times. Otherwise check for update.
$tm = time();
if (! array_key_exists('created', $array)) {
$array['created'] = $tm;
$array['updated'] = $tm;
} else if ($this->_update == 'yes') {
$array['updated'] = $tm;
}
// Set remaining vars
foreach (array('eid', 'tid', 'title', 'body', 'more') as $varname) {
$private_varname = '_' . $varname;
$array[$varname] = $this->$private_varname;
}
$retval .= $this->subst_tokens($this->getvar('more'), $array, false) . "\n";
$retval .= "<p><form action=\"{$this->_self}\" method=\"post\">\n";
$retval .= $this->print_form_vars(array('offset', 'topic', 'search'));
foreach (array('eid', 'tid', 'title', 'body', 'more', 'update') as $varname) {
$private_varname = '_' . $varname;
if (isset($this->$private_varname)) {
$retval .= "<input type=\"hidden\" name=\"wl_{$varname}\" value=\"" . htmlspecialchars($this->$private_varname) . "\" />\n";
}
}
$retval .= "<input type=\"submit\" name=\"wl_mode\" value=\"edit entry\" />\n";
$retval .= "<input type=\"submit\" name=\"wl_mode\" value=\"save entry\" />\n";
$retval .= "</form></p>\n";
$retval .= $this->_back_link();
return $retval;
}
/**
* Save an entry. wl_mode=save+entry
*
* Uses properties: eid, tid, title, body, more, update
* @return string HTML with success or failure message
*/
private function entry_save() {
$retval = "<h2>Saving entry</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
if ($this->topic_verify($this->_tid) === FALSE) {
$retval .= $this->_back_link();
return $retval;
}
$tm = time();
if ($this->_eid) {
$query = "UPDATE {$this->_prefix}entries SET title=?, tid=?, body=?, more=?";
$params = array('title' => $this->_title, 'tid' => $this->_tid, 'body' => $this->_body, 'more' => $this->_more);
if ($this->_update == 'yes') {
$query .= ', updated=?';
$params['updated'] = $tm;
}
$query .= ' WHERE eid=?';
$params['eid'] = $this->_eid;
} else {
$query = "INSERT INTO {$this->_prefix}entries (title, tid, created, updated, body, more) VALUES (?,?,?,?,?,?)";
$params = array('title' => $this->_title, 'tid' => $this->_tid, 'created' => $tm, 'updated' => $tm, 'body' => $this->_body, 'more' => $this->_more);
}
$numrows = $this->_db->change($query, $params);
if ($this->_eid && $numrows == 0) {
$retval .= "<p><b>Entry not changed</b></p>\n";
} else {
$retval .= "<p><b>Entry saved</b></p>\n";
}
$retval .= $this->_back_link();
return $retval;
}
/**
* Delete one entry. wl_mode=delete+entry
*
* Uses properties: eid
* @return string HTML with success or failure message
*/
private function entry_delete() {
$retval = "<h2>Deleting entry</h2>\n";
if (! $this->_admin) {
trigger_error('Not logged in', E_USER_WARNING);
return $retval;
}
$numrows = $this->_db->change("DELETE FROM {$this->_prefix}entries WHERE eid=?", array('eid' => $this->_eid));
if ($numrows == 1) {
$retval .= "<p><b>Entry deleted</b></p>\n";
} else {
trigger_error('No entry found to delete', E_USER_ERROR);
}
$retval .= $this->_back_link();
return $retval;
}
/**
* Empty search conditions and return all entries. wl_mode=$this->getvar('reset_text')
*
* @return string HTML with entries
*/
private function entry_reset() {
$this->_topic = NULL;
$this->_search = NULL;
$this->_offset = 0;
return $this->entry_search();
}
/**
* Returns query and array of parameters for selecting entries
*
* Returns a select query limiting entries based on CGI variables
* and topic restriction. Further conditions can be appended.
* @param int columns to select
* @return array item 1: query with placeholders item 2: array with parameters
*/
private function select_query($colspec = '*') {
$query = "SELECT $colspec FROM {$this->_prefix}entries, {$this->_prefix}topics WHERE {$this->_prefix}entries.tid={$this->_prefix}topics.tid";
$params = array();
if (0 < $this->_topic) {
$query .= " AND {$this->_prefix}topics.tid=?";
$params['topics_tid'] = intval($this->_topic);
}
if (! empty($this->_search)) {
$keywords = preg_split('/\s+/', $this->_search);
$index = 0;
foreach ($keywords as $k) {
$query .= " AND ({$this->_prefix}entries.title LIKE ? OR {$this->_prefix}entries.body LIKE ? OR {$this->_prefix}entries.more LIKE ?)";
$params += array("entries_title_$index" => "%$k%", "entries_body_$index" => "%$k%", "entries_more_$index" => "%$k%");
$index++;
}
}
return array($query, $params);
}
/**
* Add ORDER BY and LIMIT to query for selecting entries
*
* @return array item 1: query with placeholders item 2: array with parameters
*/
private function generate_search() {
list($query, $params) = $this->select_query();
$query .= ' ORDER BY updated DESC';
$off = $this->_offset;
$max = $this->getvar('max_articles');
if (0 < $max) {
if (!$off) {
$off = 0;
}
// Search for an extra entry. Do not display the extra
// entry, it is used to determine whether a next icon
// is needed.
$query .= " LIMIT $off, " . ($max+1);
}
return array($query, $params);
}
/**
* Generates a (partial) list of entries, possibly restricted by topic or searched text. wl_mode=$this->getvar('search_text')
*
* Uses properties: topic, offset, search
* @return string HTML with entries
*/
private function entry_search() {
$retval = '';
$sep = $this->getvar('separator');
$max = $this->getvar('max_articles');
list($query, $params) = $this->generate_search();
$array = $this->_db->fetch($query, $params);
$rows = count($array);
$next = '';
if ($max > 0 && $rows > $max) {
$next = $this->button_offset('next_html', $this->_offset + $max);
$rows = $max;
}
$prev = '';
if ($this->_offset > 0) {
$prev = $this->button_offset('prev_html', $this->_offset - $max);
}
if ($rows == 0) {
$retval .= "<b>{$this->_dbvars['no_result_string']}</b>\n";
$retval .= "$sep\n";
} else {
$retval .= $this->print_entries('article', $array, "$sep\n");
}
$retval .= $this->print_control($prev, $next);
return $retval;
}
/**
* Compact list of all entries (wl_mode=archive)
*
* @return string HTML with list of entries
*/
private function entry_archive() {
$retval = '';
$sep = $this->getvar('separator');
// Temporarily disable limiting articles
$this->_dbvars['max_articles'] = 0;
list($query, $params) = $this->generate_search();
$array = $this->_db->fetch($query, $params);
$rows = count($array);
if ($rows == 0) {
$retval .= "<b>{$this->_dbvars['no_result_string']}</b>\n";
$retval .= "$sep\n";
} else {
$retval .= $this->print_entries('archive', $array, "\n");
}
$retval .= "$sep\n";
// no 'previous' or 'next' links needed
$retval .= $this->print_control('', '');
return $retval;
}
/**
* Used to create a link to the previous or next entry
*
* @param int last updated time of the current entry
* @param int -1 or 1 for next or previous entry
* @return int entry id of previous or next entry
*/
private function entry_relative($time, $offset) {
if ($offset < 0) {
$cmp = '>';
$dir = 'ASC';
$offset = abs($offset);
} else if ($offset > 0) {
$cmp = '<';
$dir = 'DESC';
} else {
return $id;
}
$offset--;
list($query, $params) = $this->select_query('eid');
$query .= " AND updated $cmp ? ORDER BY updated $dir LIMIT $offset,1";
$params['updated'] = $time;
$resultset = $this->_db->fetch($query, $params);
if (empty($resultset))
return;
$array = $resultset[0];
return $array['eid'];
}
/**
* Display one complete entry (wl_mode=more).
*
* Uses property: eid (current entry id number)
* @return string HTML for entry display
*/
private function entry_display() {
$retval = '';
$prev = '';
$next = '';
if (is_null($this->_eid)) {
trigger_error('Missing entry ID', E_USER_WARNING);
$retval .= $this->print_control(false, false);
return $retval;
}
list($query, $params) = $this->select_query();
$query .= ' AND eid=?';
$params['eid'] = $this->_eid;
$resultset = $this->_db->fetch($query, $params);
if (empty($resultset)) {
$retval .= "<b>No entry found.</b>\n";
} else {
$mf = $this->getvar('more');
$array = $resultset[0];
$retval .= $this->subst_tokens($mf, $array) . "\n";
$id = $this->entry_relative($array['updated'], -1);
if ($id) {
$prev .= $this->button_cycle('prev_html', $id);
}
$id = $this->entry_relative($array['updated'], 1);
if ($id) {
$next .= $this->button_cycle('next_html', $id);
}
}
$retval .= $this->getvar('separator') . "\n";
$retval .= $this->print_control($prev, $next);
return $retval;
}
/**
* Print per entry admin menu maintaining search parameters
*
* @param int entry id
* @return string HTML with admin menu (edit/delete links)
*/
private function entry_print_admin($eid) {
$query_string = $this->_query_string(array('offset' => $this->_offset,
'topic' => $this->_topic,
'search' => $this->_search));
if ($query_string) {
$query_string = '&' . $query_string;
}
$query_string = htmlspecialchars($query_string);
$adm = '<p>';
$adm .= "<a href=\"{$this->_self}?wl_mode=edit+entry&wl_eid=$eid$query_string\">[edit]</a>\n";
$adm .= "<a href=\"{$this->_self}?wl_mode=delete+entry&wl_eid=$eid$query_string\">[delete]</a></p>\n";
return $adm;
}
/**
* Clean up GET/POST contents
*
* Ensure all non string CGI variables are clean
* Strings are always escaped for db use by using prepared statements
* name, icon, title, body, more, value: used in db searches
* mode, password, update: not used in db searches
*/
private function sanitize_input() {
// First strip slashes if necessary, escaping is
// handled by using prepared statements
if (get_magic_quotes_gpc()) {
foreach ($this->_string_cgi as $varname) {
$private_varname = '_' . $varname;
if (isset($this->$private_varname)) {
$this->$private_varname = stripslashes($this->$private_varname);
}
}
}
// Ensure numeric CGI vars are valid.
foreach ($this->_numeric_cgi as $varname) {
$private_varname = '_' . $varname;
if (isset($this->$private_varname)) {
$this->$private_varname = intval($this->$private_varname);
}
}
// Sanitize. shrink spaces, remove prefix/suffix spaces.
if (isset($this->_search)) {
$this->_search = preg_replace('/ +/', ' ', $this->_search);
$this->_search = trim($this->_search);
// Only keep first 3 keywords
// Do this here so the search box contains the updated search string.
if (preg_match('/([^ ]+ [^ ]+ [^ ]+) .*/', $this->_search, $reg)) {
$this->_search = $reg[1];
}
}
// md5 hash of password is saved in database
if (isset($this->_password)) {
$this->_password = md5($this->_password);
}
}
/**
* Format found entries
*
* @param string template in which to replace tokens
* @param array found entries
* @param string HTML to separate entries
* @return string HTML with formatted entries
*/
private function print_entries($format, $array, $separator) {
$retval = '';
$template = $this->getvar($format);
for ($i = 0, $rows = count($array); $i < $rows; $i++) {
$entry = $array[$i];
$retval .= $this->subst_tokens($template, $entry) . "\n";
$retval .= $separator;
}
return $retval;
}
/**
* Substitute an entry into a template via tokens
*
* @param string template in which to replace tokens
* @param array content and metadata of the entry
* @param bool whether to print edit/delete links or not
* @return array string HTML to be displayed
*/
private function subst_tokens($format, $entry, $allow_admin = TRUE) {
// Create morelink for @MORE@
if ($entry['more']) {
$ml = $this->getvar('morelink');
$query_string = $this->_query_string(array('offset' => $this->_offset,
'topic' => $this->_topic,
'search' => $this->_search));
if ($query_string) {
$query_string = '&' . $query_string;
}
$query_string = htmlspecialchars("{$this->_self}?wl_mode=more&wl_eid={$entry['eid']}$query_string");
$ml = str_replace('@URL@', $query_string, $ml);
} else {
$ml = '';
}
if ($entry['created'] != $entry['updated']) {
$upd = $this->getvar('update_text');
$upd = str_replace('@DATE@', date($this->getvar('updated_date'), $entry['updated']), $upd);
} else {
$upd = '';
}
// Add edit/delete links or not (not if no admin or when previewing)
if ($this->_admin && $allow_admin) {
$al = $this->entry_print_admin($entry['eid']);
} else {
$al = '';
}
$trans = array(
'@TITLE@' => $entry['title'],
'@CREATED@' => date($this->getvar('created_date'), $entry['created']),
'@UPDATED@' => $upd,
'@ICON@' => "<a href=\"{$this->_self}?wl_topic={$entry['tid']}\"><img src=\"{$entry['icon']}\" alt=\"Topic: {$entry['name']}\" " . $this->getvar('topic_icon_attrs') . " /></a>",
'@TOPIC@' => $entry['name'],
'@BODY@' => $entry['body'],
'@ID@' => $entry['eid'],
'@TOPICID@' => $entry['tid'],
'@MORELINK@' => $ml,
'@BACKLINK@' => $this->_back_link(),
'@SELF@' => $this->_self,
'@MORE@' => $entry['more'],
'@ADMIN@' => $al);
// Substitute entry
return strtr($format, $trans);
}
/**
* Next/previous links for paged list of entries
*
* @param string 'next_html' or 'prev_html' configuration variable name
* @param int offset in the list of entries
* @return string HTML for the next/previous link
*/
private function button_offset($var, $off) {
if ($off < 0) {
$off = 0;
}
$cgi_vars = array('search' => $this->_search,
'topic' => $this->_topic,
'offset' => $off);
$text = $this->getvar($var);
return $this->_href_link($cgi_vars, $text);
}
/**
* Next/previous links for complete entries (wl_mode=more)
*
* @param string 'next_html' or 'prev_html' configuration variable name
* @param int id number of previous/next weblog entry
* @return string HTML for the next/previous link
*/
private function button_cycle($var, $id) {
$cgi_vars = array( 'mode' => 'more',
'eid' => $id,
'search' => $this->_search,
'topic' => $this->_topic,
'offset' => $this->_offset);
$text = $this->getvar($var);
return $this->_href_link($cgi_vars, $text);
}
/**
* Show search box, topic select, ...
*
* @param array int string bool obj omschrijving
* @param array int string bool obj omschrijving
* @return string omschrijving
*/
private function print_control($prev, $next) {
if ($prev == '')
$prev = $this->getvar('blank_html');
if ($next == '')
$next = $this->getvar('blank_html');
$ts = $this->topic_selectbox('topic', $this->_topic, 'all');
if (!$ts)
return;
$admin = '';
if ($this->_admin) {
$query_string = $this->_query_string(array('offset' => $this->_offset,
'topic' => $this->_topic,
'search' => $this->_search));
if ($query_string)
$query_string = '&' . $query_string;
$query_string = htmlspecialchars($query_string);
$admin .= '<p>';
$admin .= "<a href=\"{$this->_self}?wl_mode=edit+entry$query_string\">[add entry]</a>\n";
$admin .= "<a href=\"{$this->_self}?wl_mode=edit+topics$query_string\">[edit topics]</a>\n";
$admin .= "<a href=\"{$this->_self}?wl_mode=edit+setup$query_string\">[edit setup]</a>\n";
$admin .= "<a href=\"{$this->_self}?wl_mode=logout$query_string\">[log out]</a></p>\n";
}
$trans = array( '@PREV_HTML@' => $prev,
'@SELF@' => $this->_self,
'@TOPIC_BOX@' => $ts,
'@KEYWORDS@' => htmlspecialchars($this->_search),
'@SEARCH_TEXT@' => $this->getvar('search_text'),
'@RESET_TEXT@' => $this->getvar('reset_text'),
'@NEXT_HTML@' => $next,
'@ADMIN@' => $admin);
return strtr($this->getvar('control'), $trans);
}
/**
* Error handling
*
* Does not work if not defined as public, never called explicitly though
* @param int error code
* @param string error string
* @param string filename where error occured
* @param int line number where error occured
*/
public function handle_error($errno, $err, $file, $line) {
$file = basename($file);
switch ($errno) {
case E_USER_ERROR:
$errorstring = '<b style="color:red;">ERROR</b> ' . $err;
if (MINIMALWEBLOG_DEBUG > 0) {
$errorstring .= " ($file, line $line)";
if (MINIMALWEBLOG_DEBUG > 1) {
$errorstring .= $this->_get_backtrace();
}
}
$this->_errors[] = $errorstring;
break;
case E_USER_WARNING:
$errorstring = "<b>WARNING</b> $err";
if (MINIMALWEBLOG_DEBUG > 0) {
$errorstring .= " ($file, line $line)";
if (MINIMALWEBLOG_DEBUG > 1) {
$errorstring .= $this->_get_backtrace();
}
}
$this->_errors[] = $errorstring;
break;
case E_WARNING:
if (MINIMALWEBLOG_DEBUG > 0) {
$errorstring = '<b>WARNING</b> ' . $err . " ($file, line $line)";
if (MINIMALWEBLOG_DEBUG > 1) {
$errorstring .= $this->_get_backtrace();
}
$this->_errors[] = $errorstring;
}
break;
case E_NOTICE:
if (MINIMALWEBLOG_DEBUG > 0) {
$this->_errors[] = '<b>NOTICE</b> ' . $err . " ($file, line $line)";
}
break;
default:
return;
}
}
/**
* Provides backtrace when MINIMALWEBLOG_DEBUG == 2
*
* @return string backtrace
*/
private function _get_backtrace() {
ob_start();
debug_print_backtrace();
$backtrace = '<pre>' . ob_get_contents() . '</pre>';
ob_end_clean();
return $backtrace;
}
/**
* Verify the topic exists
*
* @param int topic id
* @return mixed name of the topic or FALSE if not exists
*/
private function topic_verify($tid) {
if (!$tid) {
return FALSE;
}
$query = "SELECT tid, name FROM {$this->_prefix}topics WHERE tid=?";
$params = array('tid' => $tid);
$resultset = $this->_db->fetch($query, $params);
if (empty($resultset)) {
trigger_error('Topic not found', E_USER_WARNING);
return FALSE;
} else {
return $resultset[0]['name'];
}
}
/**
* Configuraton variables are assumed to exist and are required to run
*
* @param string variable name
*/
private function getvar($name) {
if (array_key_exists($name, $this->_dbvars)) {
return $this->_dbvars[$name];
} else {
trigger_error("The configuration variable $name was not found. You may need to insert this variable into the 'vars' table by using the data found in 'weblog.sql'.", E_USER_WARNING);
}
}
/**
* Update a weblog (configuration) variable (in class and database)
*
* @param string variable name
* @param string value
*/
private function setvar($name, $value) {
if ($name == 'password') {
if ($value == '') {
return;
} else {
$value = md5($value);
}
}
// No update needed
if ($this->getvar($name) == $value)
return TRUE;
$this->_dbvars[$name] = $value;
$query = "UPDATE {$this->_prefix}vars SET value=? WHERE name=?";
$params = array('value' => $value, 'name' => $name);
$numrows = $this->_db->change($query, $params);
if ($numrows != 1) {
trigger_error("Cannot set $name/$value", E_USER_ERROR);
}
}
/**
* Returns the form HTML necessary to select between topics
*
* @param string desired variable name to be returned (prefixed with "wl_")
* @param int selected topic id or -1 if none
* @param string extra (first) option, if any
* @return string HTML for the select menu
*/
private function topic_selectbox($cgi, $topic_id, $field = '') {
$resultset = $this->_db->fetch("SELECT tid,name FROM {$this->_prefix}topics ORDER BY name");
if (empty($resultset))
return '';
$html = "<select name=\"wl_$cgi\">\n";
if ($field)
$html .= "<option value=\"0\">$field</option>\n";
foreach ($resultset as $array) {
$html .= "<option value=\"{$array['tid']}\"";
if ($topic_id == $array['tid'])
$html .= " selected=\"selected\"";
$html .= ">{$array['name']}</option>\n";
}
$html .= '</select>';
return $html;
}
/**
* Generate RSS file with the current search parameters
*
* CGI mode: "rss" (wl_mode=rss)
* Uses: topic, offset, search
*/
private function rss_print() {
// Ignore RSS if it is not configured
if (!$this->getvar('rss_title'))
return;
// If $_SERVER['SERVER_NAME'] does not yield the correct external
// hostname in your setup, define MINIMALWEBLOG_EXTERNAL_HOSTNAME with
// the correct value. See config.inc.php.
if (MINIMALWEBLOG_EXTERNAL_HOSTNAME != '') {
$self = 'http://' . MINIMALWEBLOG_EXTERNAL_HOSTNAME . $this->_self;
} else {
$self = 'http://' . $_SERVER['SERVER_NAME'] . $this->_self;
}
list($query, $params) = $this->generate_search();
$resultset = $this->_db->fetch($query, $params);
header('Content-type: text/xml');
echo "<?xml version=\"1.0\"?>\n";
echo "<!DOCTYPE rss PUBLIC \"-//Netscape Communications//DTD RSS 0.91//EN\" \"http://my.netscape.com/publish/formats/rss-0.91.dtd\">\n";
echo "<rss version=\"0.91\">\n";
echo "<channel>\n";
echo '<title>' . htmlspecialchars($this->getvar('rss_title')) .
"</title>\n";
echo '<link>' . htmlspecialchars($self) . "</link>\n";
echo '<description>' . $this->getvar('rss_description') .
"</description>\n";
echo "<language>nl</language>\n";
foreach($resultset as $array) {
echo '<item><title>' . htmlspecialchars(strip_tags($array['title'])) . "</title>\n";
echo '<link>' . htmlspecialchars("$self?wl_mode=more&wl_eid={$array['eid']}") . "</link>\n";
echo '<description>' . htmlspecialchars($array['body']) . "</description></item>\n";
}
echo "</channel></rss>\n";
}
/**
* Cache DB vars to prevent many queries
*
*/
private function load_db_vars() {
$resultset = $this->_db->fetch("SELECT name,value FROM {$this->_prefix}vars");
if (empty($resultset)) {
trigger_error("No configuration data found. Ensure the 'vars' table and been created and filled with data from the 'weblog.sql' data file.", E_USER_ERROR);
return;
}
foreach($resultset as $array) {
$this->_dbvars[$array['name']] = $array['value'];
}
}
/**
* Store any GET/POST variables in the class. POST has precedence over GET
*
* @param array array_merge($_GET, $_POST)
*/
private function load_cgi_vars($array) {
foreach ($array as $key => $value) {
if (preg_match('/^wl_(.+)/', $key, $matches) && in_array($matches[1], $this->_valid_cgi)) {
$private_varname = '_' . $matches[1];
$this->$private_varname = $value;
}
}
// Makes for cleaner URLs
if ($this->_topic == '0') {
$this->_topic = NULL;
}
if ($this->_search == '') {
$this->_search = NULL;
}
}
/**
* Login; if already logged in show the main page
*
* CGI mode: "login" (wl_mode=login)
* Trigger error if editing is not allowed from remote host.
* See MINIMALWEBLOG_HOSTS_EDITING_ALLOWED constant in config.inc.php
*/
private function login() {
if (defined('MINIMALWEBLOG_HOSTS_EDITING_ALLOWED')) {
$allowed_hosts = @ unserialize(MINIMALWEBLOG_HOSTS_EDITING_ALLOWED);
if (is_array($allowed_hosts)) {
if ((! in_array($_SERVER['REMOTE_HOST'], $allowed_hosts)) && (! in_array($_SERVER['REMOTE_ADDR'], $allowed_hosts))) {
trigger_error('Editing is not allowed from your location. Check the MINIMALWEBLOG_HOSTS_EDITING_ALLOWED constant definition in config.inc.php', E_USER_ERROR);
return;
}
} else {
trigger_error('Configuration error, check the MINIMALWEBLOG_HOSTS_EDITING_ALLOWED constant definition in config.inc.php', E_USER_ERROR);
return;
}
}
if (! $this->_admin) {
echo $this->_login_form();
} else {
return $this->entry_search();
}
}
/**
* Logout
*
* Empty and destroy session, set admin property to false
* CGI mode: "logout" (wl_mode=logout)
*/
private function logout() {
session_start();
$_SESSION = array();
// empty session cookie if it exists
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
session_destroy();
$this->_admin = FALSE;
// lose the PHPSESSID request variable if it exists
if (isset($_GET[session_name()]) || isset($_POST[session_name()])) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . $this->_self);
}
}
/**
* Check login status
*
* @return boolean logged in or not
*/
private function current_login() {
// don't start a session for normal users
// so those don't get unnecessary cookies set
if (! isset($_REQUEST[session_name()])) {
return FALSE;
}
session_start();
if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === TRUE) {
return TRUE;
} else {
return FALSE;
}
}
}

Documentation generated on Sun, 17 Jun 2007 19:20:45 +0200 by phpDocumentor 1.3.2

Source for file MinimalWeblog.php