File Source for mvblog

<?php
/**
* MvBlog -- An open source no-nosense blogtool
*
* Copyright (C) 2005-2007, Michiel van Baak
* Michiel van Baak <mvanbaak@users.sourceforge.net>
*
* See http://dev.mvblog.org for more information on MvBlog.
* That page also provides Bugtrackers, Filereleases etc.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*
* @package MvBlog
* @author Michiel van Baak
* @version %%VERSION%%
* @copyright 2005-2007 Michiel van Baak
*/
/**
* Class that holds methods to create admin site.
* @package MvBlog
*/
Class MvBlog_admin extends MvBlog_common {
/* constants */
/* variables */
public $lang = "en_US";
public $languages = array(
"en_US" => "english",
"nl_NL" => "dutch",
"sv_SE" => "swedish",
);
private $_selected_menuitem;
private $_selected_submenuitem;
/* methods */
/* __construct {{{ */
/**
* Class constructor. Check some defaults etc
*/
public function __construct($basedir="") {
/* first do the common construct tasks */
parent::__construct($basedir."plugins/", 1);
$this->webroot = $this->webroot."admin/";
if (array_key_exists("action", $_POST))
$action = $_POST["action"];
else
$action = "";
/* check if we are logged in */
if (!array_key_exists("author_id", $_SESSION) && $action != "check_login")
$this->show_login();
if (array_key_exists("action", $_REQUEST)) {
switch($_REQUEST["action"]) {
case "show_cats" :
case "edit_cat" :
$this->_selected_menuitem = "manage";
$this->_selected_submenuitem = "categories";
break;
case "show_dossiers" :
case "edit_dossier" :
$this->_selected_menuitem = "manage";
$this->_selected_submenuitem = "dossiers";
break;
case "show_authors" :
case "edit_author" :
$this->_selected_menuitem = "users";
if (array_key_exists("id", $_REQUEST) && $_REQUEST["id"] == $_SESSION["author_id"])
$this->_selected_submenuitem = "my";
else
$this->_selected_submenuitem = "authors";
break;
case "show_users" :
case "edit_user" :
$this->_selected_menuitem = "users";
$this->_selected_submenuitem = "users";
break;
case "show_posts" :
case "edit_post" :
$this->_selected_menuitem = "manage";
$this->_selected_submenuitem = "posts";
break;
case "show_comments" :
case "edit_comment" :
$this->_selected_menuitem = "manage";
$this->_selected_submenuitem = "comments";
break;
case "show_plugins" :
case "config_plugin" :
case "edit_plugin_setting" :
case "save_plugin_setting" :
$this->_selected_menuitem = "plugins";
break;
case "show_settings" :
case "save_settings" :
$this->_selected_menuitem = "settings";
$this->_selected_submenuitem = "settings";
break;
case "show_menuitems" :
$this->_selected_menuitem = "settings";
$this->_selected_submenuitem = "menuitems";
break;
case "show_about" :
$this->_selected_menuitem = "index";
$this->_selected_submenuitem = "about";
break;
default :
$this->_selected_menuitem = "index";
$this->_selected_submenuitem = "index";
break;
}
} else {
$this->_selected_menuitem = "index";
$this->_selected_submenuitem = "index";
}
}
/* }}} */
/* _strip_tags {{{ */
/**
* strip all html tags cept for some tags we like.
* The tags we leave will be stripped from attributes we dont like.
*
* @param string The text to process
* @return string The text with only allowed tags.
*/
private function _strip_tags($text) {
$allowed_tags = "<a><abbr><acronym><address><area><b><bdo><big><blockquote><br><caption><center><cite>";
$allowed_tags .= "<code><col><dd><del><dir><div><dfn><dl><dt><fieldset><font><h1><h2><h3><h4><h5><h6>";
$allowed_tags .= "<hr><i><img><ins><kbd><li><link><menu><ol><p><pre><q><s><samp><small><span><strike>";
$allowed_tags .= "<strong><style><sub><sup><table><tbody><td><tfoot><th><thead><tr><tt><u><ul><var><em>";
$text = strip_tags($text, $allowed_tags);
return @preg_replace('/<(.*?)>/ie', "'<'.$this->_strip_attributes('\\1').'>'", $text);
}
/* }}} */
/* _strip_attributes {{{ */
/**
* strip evil attributes from tags
*
* @param string The text to process
* @return string The processed text
*/
private function _strip_attributes($text) {
$attr_to_strip = array(
"javascript:",
"onclick",
"ondblclick",
"onmousedown",
"onmouseup",
"onmouseover"
);
foreach ($attr_to_strip as $attribute) {
$text = stripslashes(preg_replace("/$attribute/i", "forbidden", $text));
}
return $text;
}
/* }}} */
/* show_login {{{ */
/**
* Show admin login screen
*/
public function show_login() {
$this->html_header("Admin login");
?>
<form name="loginform" method="post" action="index.php">
<input type="hidden" name="action" value="check_login" />
<div id="if_container">
<div id="if_title"></div>
<div id="if_bar1"></div>
<div id="if_page_header">
<h1 class="page_title">login</h1>
</div>
<div id="if_page">
<div class="log_post">
<table border="0" cellspacing="3" cellpadding="0" align="center"><tr>
<td align="right">username:</td><td><input type="text" id="loginname" name="login[name]" /></td>
</tr><tr>
<td align="right">password:</td><td><input type="password" name="login[password]" /></td>
</tr><tr>
<td colspan="2" align="center"><input type="submit" value="login" /></td>
</tr></table>
</div>
</form>
<script language="Javascript" type="text/javascript">
document.loginform.loginname.focus();
</script>
<?php
$this->html_footer();
exit;
}
/* }}} */
/* check_login {{{ */
/**
* Check user supplied data against admin database
*
* @param array name and password to check
*/
public function check_login($login) {
$query = sprintf("SELECT * FROM authors WHERE login = '%s' AND password = '%s' AND active = 1",
preg_quote($login["name"], "'"),
preg_quote($login["password"], "'")
);
$res =& $this->db->query($query);
if (PEAR::isError($res)) {
die($res->getUserInfo());
}
if ($res->numRows()) {
$row = $res->fetchRow(MDB2_FETCHMODE_ASSOC);
$_SESSION["author_id"] = $row["id"];
$_SESSION["author_name"] = $row["login"];
$_SESSION["author_fullname"] = $row["fullname"];
$_SESSION["author_email"] = $row["email"];
$_SESSION["author_website"] = $row["website"];
$_SESSION["blog_user"] = 1;
header("Location: index.php");
} else {
$this->show_login();
}
}
/* }}} */
/* logout {{{ */
/**
* Logout user
*/
public function logout() {
session_destroy();
header("Location: index.php");
}
/* }}} */
/* show_index {{{ */
/**
* Show nice welcome screen for admin
*/
public function show_index() {
?>
<script language="Javascript1.2" type="text/javascript">
var reloadinterval = setInterval("document.location.href='index.php';", 60000);
</script>
<p class="first"><?php echo gettext("Welcome to MvBlog"); ?> "<?php echo $_SESSION["author_fullname"]; ?>".</p>
<p class="first">
<h3><?php echo gettext("Use these links to get started"); ?>:</h3>
<ul>
<li><a href="index.php?action=edit_post&id=0"><?php echo gettext("write post"); ?></a></li>
<li><a href="index.php?action=edit_author&id=<?php echo $_SESSION["author_id"];?>"><?php echo gettext("update your account settings"); ?></a></li>
</ul>
</p>
<p class="first">
<h3><?php echo gettext("5 latest posts"); ?></h3>
<ul>
<?php
$sql = "SELECT id, title, last_modified, modified_by, date, authors_id FROM articles ORDER BY date DESC LIMIT 5";
$res =& $this->db->query($sql);
while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) {
if (!$row["last_modified"])
$row["last_modified"] = $row["date"];
if (!$row["modified_by"])
$row["modified_by"] = $row["authors_id"];
echo "<li><a href=\"index.php?action=edit_post&id=".$row["id"]."\">".$row["title"]."</a> (modified ".date("d-m-Y H:i", $row["last_modified"])." by ".$this->authors[$row["modified_by"]]["fullname"].")</li>\n";
}
?>
</ul>
</p>
<p class="first">
<h3><?php echo gettext("5 latest comments"); ?></h3>
<ul>
<?php
$sql = "SELECT id, title, date, name, articles_id FROM comments ORDER BY date DESC LIMIT 5";
$res =& $this->db->query($sql);
while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) {
if (!$row["title"])
$row["title"] = "[".gettext("no title")."]";
$q = sprintf("SELECT title FROM articles WHERE id = %d", $row["articles_id"]);
$r =& $this->db->query($q);
$art = $r->fetchRow(MDB2_FETCHMODE_ASSOC);
echo "<li><a href=\"../index.php?action=view&id=".$row["articles_id"]."#comment".$row["id"]."\">".$row["title"]."</a> - ".$art["title"]." (".date("d-m-Y H:i", $row["date"])." by ".$row["name"].")</li>\n";
}
?>
</ul>
</p>
<p class="first">
<h3><?php echo gettext("latest mvblog news"); ?></h3>
<?php
$oldtimeout = ini_set("default_socket_timeout", 5);
if (!($rss = file_get_contents("http://www.mvblog.org/blog/common/rdf.php"))) {
echo "Your php setup does not allow opening remote files.<br />For the latest news and updates visit <a href=\"http://www.mvblog.org\">http://www.mvblog.org</a>";
} else {
echo "<ul>";
require("rssparser.php");
$rssparser = new RSSParser($rss);
$rsscount = 0;
foreach ($rssparser->rssItems as $rssItem) {
if (strstr($rssItem["dc:subject"], "updates")) {
$rsscount++;
if ($rsscount > 5)
break;
echo "<li><a href=\"".$rssItem["link"]."\" target=\"_new\">".$rssItem["title"]."</a> (".date("d-m-Y H:i", $rssItem["dc:date"])." by ".$rssItem["dc:creator"].")</li>";
}
}
echo "</ul>";
}
ini_set("default_socket_timeout", $oldtimeout);
?>
</p>
<?php
}
/* }}} */
/* show_about {{{ */
/**
* Show information about the current version etc.
*/
public function show_about() {
/* gather some info we want to show */
$mvblogversion = $this->version;
if (array_key_exists("dbversion", $this->settings))
$dbversion = $this->settings["dbversion"];
else
$dbversion = gettext("Unknown");
if (array_key_exists("webroot", $this->settings))
$webroot = $this->settings["webroot"];
else
$webroot = gettext("Unknown");
if (is_array($this->active_plugins))
$active_plugins = implode(", ", $this->active_plugins);
else
$active_plugins = gettext("None");
?>
<p class="first">
<h2>Information about this MvBlog instance</h2>
MvBlog version: <?php echo $mvblogversion; ?><br />
Database version: <?php echo $dbversion; ?><br />
Active plugins: <?php echo $active_plugins; ?> <br />
</p>
<p class="first">
MvBlog is created by Michiel van Baak <michiel@mvblog.org><br />
With the help of Leonieke Aalders, Sofie van Tendeloo en Ferry Boender.<br />
Besides those 3 contributers others have helped as well, but those 3 were there from the beginning<br />
and without them this project would never be this far.<br /><br />
For more information please visit <a href="http://www.mvblog.org">www.mvblog.org</a><br />
For documentation please go to the <a href="http://dev.mvblog.org/wiki/EndUserDocumentation">wiki</a><br />
If you found a bug or need a new feature please report it on <a href="http://dev.mvblog.org">the developement website</a>.
</p>
<?php
}
/* }}} */
/* show_admin_menu {{{ */
/**
* If user is logged in, show menu
*/
public function show_admin_menu() {
if (array_key_exists("author_id", $_SESSION)) {
?>
<div id="if_menu">
<a class="if_menu_item" href="../index.php">Site</a> 
<a class="if_menu_item<?php if ($this->_selected_menuitem == "index") { echo "_act"; } ?>" href="./index.php"><?php echo gettext("Main"); ?></a> 
<a class="if_menu_item<?php if ($this->_selected_menuitem == "manage") { echo "_act"; } ?>" href="./index.php?action=show_posts"><?php echo gettext("Manage"); ?></a> 
<a class="if_menu_item<?php if ($this->_selected_menuitem == "users") { echo "_act"; } ?>" href="./index.php?action=show_authors"><?php echo gettext("Users"); ?></a> 
<a class="if_menu_item<?php if ($this->_selected_menuitem == "settings") { echo "_act"; } ?>" href="./index.php?action=show_settings"><?php echo gettext("Settings"); ?></a> 
<a class="if_menu_item<?php if ($this->_selected_menuitem == "plugins") { echo "_act"; } ?>" href="./index.php?action=show_plugins"><?php echo gettext("Plugins"); ?></a> 
<a class="if_menu_item<?php if ($this->_selected_menuitem == "import") { echo "_act"; } ?>" href="./index.php?action=show_import"><?php echo gettext("Import"); ?></a> 
<a class="if_menu_item" href="./index.php?action=logout"><?php echo gettext("Logout"); ?></a> 
</div>
<div id="if_submenu">
<?php
switch ($this->_selected_menuitem) {
case "manage" :
?>
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "posts") { echo "_act"; } ?>" href="./index.php?action=show_posts"><?php echo gettext("Posts"); ?></a> 
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "dossiers") { echo "_act"; } ?>" href="./index.php?action=show_dossiers"><?php echo gettext("Dossiers"); ?></a> 
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "categories") { echo "_act"; } ?>" href="./index.php?action=show_cats"><?php echo gettext("Categories"); ?></a> 
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "comments") { echo "_act"; } ?>" href="./index.php?action=show_comments"><?php echo gettext("Comments"); ?></a> 
<?php
break;
case "users" :
?>
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "authors") { echo "_act"; } ?>" href="./index.php?action=show_authors"><?php echo gettext("Authors"); ?></a> 
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "users") { echo "_act"; } ?>" href="./index.php?action=show_users"><?php echo gettext("Users"); ?></a> 
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "my") { echo "_act"; } ?>" href="./index.php?action=edit_author&id=<?php echo $_SESSION["author_id"];?>"><?php echo gettext("Your profile"); ?></a> 
<?php
break;
case "settings" :
?>
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "settings") { echo "_act"; } ?>" href="./index.php?action=show_settings"><?php echo gettext("Settings"); ?></a> 
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "menuitems") { echo "_act"; } ?>" href="./index.php?action=show_menuitems"><?php echo gettext("Menu items"); ?></a> 
<?php
break;
case "index" :
?>
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "index") { echo "_act"; } ?>" href="./index.php"><?php echo gettext("Main"); ?></a> 
<a class="if_submenu_item<?php if ($this->_selected_submenuitem == "about") { echo "_act"; } ?>" href="./index.php?action=show_about"><?php echo gettext("About"); ?></a> 
<?php
break;
default:
break;
}
?>
</div>
<?php
}
}
/* }}} */
/* show_cats {{{ */
/**
* Show overview of available categories
*/
public function show_cats() {
$count = 0;
?><h1 class="log_post_new"><a href="./index.php?action=edit_cat&id=0"><?php echo gettext("create new"); ?></a></h1><br /><?php
foreach ($this->categories as $id => $cat) {
if ($id == 0) continue;
?>
<div class="log_post">
<div class="log_post_head">
<h1 class="log_post_h1"><a href="?action=edit_cat&id=<?php echo $id; ?>"><?php echo stripslashes($cat["name"]); ?></a></h1>
<?php
$r =& $this->db->query(sprintf("SELECT COUNT(*) AS count FROM articles WHERE (categories_ids LIKE '%%,%1\$d' OR categories_ids LIKE '%1\$d,%%' OR categories_ids = '%d' OR categories_ids LIKE '%%,%1\$d,%%')", $id));
if (PEAR::isError($r)) {
die($r->getMessage

Source for file mvblog_admin.php