Context Navigation

← Previous Change
Next Change →

admin.php

Timestamp:

07/10/06 00:40:55 (3 years ago)

Author:

michiel

Message:

more work on porting the admin stuff to oop
I'm at 50% roughly, but more work will have to wait because my girl is getting naked and I wont be focused ;-)

Sweet dreams

Files:

: 1 modified

branches/class-rewrite/common/admin.php (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/class-rewrite/common/admin.php

r189	r190
17	17	*/
18	18	Class MvBlog_admin extends MvBlog {
19		//{{{ check if we are logged in
20		//-----------------------------
21		check_admin_logged_in();
22
23		//}}}--------------------------------------------
24		//{{{ show_index: default txt we show after login
25		//-----------------------------------------------
26		function show_index() {
27		?>
28		<p class="first">Welcome to MvBlog <?=$_SESSION["author_fullname"]?>.</p>
29		<p class="first">You can administer your blog with the menu items right above this useless text.</p>
30		<p class="first">Enjoy keeping your blog up-to-date</p>
31		<p class="first">
32		If you want to thank/support me, or complain about bugs, or tell me this tool sux, or whatever:<br />
33		Michiel van Baak<br />
34		michiel@vanbaak.info
35		</p>
36		<?
37		}
38
39		//}}}----------------------------------------------------
40		//{{{ show_posts: show a list of all posts with some info
41		//-------------------------------------------------------
42		function show_posts($options = array()) {
43		global $db;
44		if (!is_object($db)) {
45		echo "db should be an object, something went wrong";
	19
	20	/* constants */
	21
	22	/* variables */
	23
	24	/* methods */
	25
	26	/* __construct {{{ */
	27	/**
	28	* Class constructor. Check some defaults etc
	29	*/
	30	public function __construct() {
	31	/* start session and output buffering */
	32	session_start();
	33	ob_start();
	34
	35	/* handle magic quotes */
	36	$this->_handle_magic_quotes();
	37
	38	/* init database connection */
	39	$this->_init_db();
	40
	41	/* check if we are logged in */
	42	if (!$_SESSION["author_id"] && $_POST["action"] != "check_login") {
	43	$this->show_login();
	44	}
	45	}
	46	/* }}} */
	47	/* show_login {{{ */
	48	/**
	49	* Show admin login screen
	50	*/
	51	public function show_login() {
	52	$this->html_header("Admin login");
	53	?>
	54	<form name="loginform" method="post" action="index.php">
	55	<input type="hidden" name="action" value="check_login" />
	56	<div id="if_container">
	57	<div id="if_title"></div>
	58	<div id="if_bar1"></div>
	59	<div id="if_page_header">
	60	<h1 class="page_title">login</h1>
	61	</div>
	62	<div id="if_page">
	63	<div class="log_post">
	64	<table border="0" cellspacing="3" cellpadding="0" align="center"><tr>
	65	<td align="right">username:</td><td><input type="text" id="loginname" name="login[name]" /></td>
	66	</tr><tr>
	67	<td align="right">password:</td><td><input type="password" name="login[password]" /></td>
	68	</tr><tr>
	69	<td colspan="2" align="center"><input type="submit" value="login" /></td>
	70	</tr></table>
	71	</div>
	72	</form>
	73	<script language="Javascript" type="text/javascript">
	74	document.loginform.loginname.focus();
	75	</script>
	76	<?php
	77	$this->html_footer();
46	78	exit;
47	79	}
48		if (!$options["top"]) { $options["top"] = 0; } else { $options["top"] = (int)$options["top"]; }
49		if (!$options["limit"]) { $options["limit"] = 15; } else { $options["limit"] = (int)$options["limit"]; }
50		//put all categories in array
51		$res =& $db->query("SELECT * FROM categories");
52		if (PEAR::isError($res)) {
53		die($res->getMessage());
54		}
55		while ($res->fetchInto($row, DB_FETCHMODE_ASSOC)) {
56		$cats[$row["id"]] = $row["name"];
57		}
58		$cats[-1] = "asides";
59		if ((array_key_exists("month", $options) && $options["month"] > 0) && (array_key_exists("year", $options) && $options["year"] > 0)) {
60		$timestamp_start = mktime(0,0,0,$options["month"],1,$options["year"]);
61		$timestamp_stop = mktime(0,0,0,$options["month"]+1,1,$options["year"]);
62		$q1 = sprintf("WHERE %s BETWEEN %d AND %d", db_quote("date"), $timestamp_start, $timestamp_stop);
63		} else {
64		$options["month"] = 0;
65		$options["year"] = 0;
66		}
67
68		$res_count =& $db->query("SELECT COUNT(*) FROM articles $q1");
69		$res_count->fetchInto($counter_r, DB_FETCHMODE_NUM);
70		$counter = $counter_r[0];
71		$res =& $db->limitQuery(sprintf("SELECT * FROM articles $q1 ORDER BY %s DESC", db_quote("date")), (int)$options["top"], $options["limit"]);
72		if (PEAR::isError($res)) {
73		die($res->getDebugInfo());
74		}
75		?>
76		<a href="./index.php?action=edit_post&id=0">create new</a>
77		<form id="filter" method="post" action="index.php?action=show_posts">
78		<div id="post_select">
79		View month:
80		<select name="options[month]">
81		<option value="0">---</option>
82		<?
83		for ($i=1;$i<=12;$i++) {
84		if ($options["month"] == $i) { $selected = " SELECTED"; } else { $selected = ""; }
85		?><option value="<?=$i?>"<?=$selected?>><?=date("M", mktime(0,0,0,$i,1,0))?></option><?
86		}
	80	/* }}} */
	81	/* check_login {{{ */
	82	/**
	83	* Check user supplied data against admin database
	84	*
	85	* @param array name and password to check
	86	*/
	87	public function check_login($login) {
	88	$query = sprintf("SELECT * FROM authors WHERE login = '%s' AND password = '%s' AND active = 1",
	89	preg_quote($login["name"], "'"),
	90	preg_quote($login["password"], "'")
	91	);
	92	$res =& $this->db->query($query);
	93	if (PEAR::isError($res)) {
	94	die($res->getUserInfo());
	95	}
	96	if ($res->numRows()) {
	97	$res->fetchInto($row, DB_FETCHMODE_ASSOC);
	98	$_SESSION["author_id"] = $row["id"];
	99	$_SESSION["author_name"] = $row["login"];
	100	$_SESSION["author_fullname"] = $row["fullname"];
	101	$_SESSION["author_email"] = $row["email"];
	102	$_SESSION["author_website"] = $row["website"];
	103	$_SESSION["blog_user"] = 1;
	104	header("Location: index.php");
	105	} else {
	106	$this->show_login();
	107	}
	108	}
	109	/* }}} */
	110	/* logout {{{ */
	111	/**
	112	* Logout user
	113	*/
	114	public function logout() {
	115	session_destroy();
	116	header("Location: index.php");
	117	}
	118	/* }}} */
	119	/* db_quote {{{ */
	120	/**
	121	* Quote a fieldname with the database specific quote style
	122	*
	123	* @param string fieldname to quote
	124	* @return string the quoted version
	125	*/
	126	public function db_quote($field) {
	127	/* get the db type */
	128	$dbtype = $this->db->dbsyntax;
	129	switch ($dbtype) {
	130	case "mysql" :
	131	$return = "`".$field."`";
	132	break;
	133	case "pgsql" :
	134	$return = "\"".$field."\"";
	135	break;
	136	default :
	137	$return = $field;
	138	break;
	139	}
	140	return $return;
	141	}
	142	/* }}} */
	143	/* show_index {{{ */
	144	/**
	145	* Show nice welcome screen for admin
	146	*/
	147	public function show_index() {
	148	?>
	149	<p class="first">Welcome to MvBlog "<?=$_SESSION["author_fullname"]?>".</p>
	150	<p class="first">You can administer your blog with the menu items right above this useless text.</p>
	151	<p class="first">Enjoy keeping your blog up-to-date</p>
	152	<p class="first">
	153	If you want to thank/support me, or complain about bugs, or tell me this tool sux, or whatever:<br />
	154	Michiel van Baak<br />
	155	michiel@vanbaak.info
	156	</p>
	157	<?php
	158	}
	159	/* }}} */
	160	/* show_cats {{{ */
	161	/**
	162	* Show overview of available categories
	163	*/
	164	public function show_cats() {
	165	$res =& $this->db->query("SELECT * FROM categories ORDER BY name");
	166	if (PEAR::isError($res)) {
	167	die($res->getMessage());
	168	}
	169
	170	?><a href="./index.php?action=edit_cat&id=0">create new</a><?php
	171	while ($res->fetchInto($row, DB_FETCHMODE_ASSOC)) {
87	172	?>
88		</select>
89		<select name="options[year]">
90		<option value="0">---</option>
91		<?
92		/* find the first post we made so we know the start year */
93		$sql1 = sprintf("SELECT %s FROM articles ORDER BY date ASC", db_quote("date"));
94		$res1 =& $db->limitQuery($sql1, 0, 1);
95		$res1->fetchInto($row1);
96		for ($i=date("Y", $row1[0]);$i<=date("Y");$i++) {
97		if ($options["year"] == $i) { $selected1 = " SELECTED"; } else { $selected1 = ""; }
98		?><option value="<?=$i?>"<?=$selected1?>><?=$i?></option><?
99		}
100		?>
101		</select>
102		<a href="javascript:document.getElementById('filter').submit();">go</a>
103		<br /><br />
104		</div>
105		</form>
106		<?
107
108		while ($res->fetchInto($row, DB_FETCHMODE_ASSOC)) {
109		if (!trim($row["title"])) {
110		$row["title"] = "[no title]";
111		}
112		if ($row["aside"] == 1) {
113		$row["categories_id"] = -1;
	173	<div class="log_post">
	174	<div class="log_post_head">
	175	<h1 class="log_post_h1"><a href="?action=edit_cat&id=<?php echo $row["id"]; ?>"><?php echo stripslashes($row["name"]); ?></a></h1>
	176	<?php
	177	$r =& $this->db->query(sprintf("SELECT COUNT(*) AS count FROM articles WHERE categories_id = %d", $row["id"]));
	178	if (PEAR::isError($r)) {
	179	die($r->getMessage());
	180	}
	181	$r->fetchInto($count, DB_FETCHMODE_ASSOC);
	182	?>
	183	<h2 class="log_post_h2">articles in this categorie: <?php echo $count["count"]; ?></h2>
	184	</div>
	185	<div class="log_post_body">
	186	<div class="log_post_normal">
	187	<?php echo nl2br(stripslashes($row["desc"])); ?>
	188	</div>
	189	</div>
	190	<div class="log_post_foot">
	191	<span class="log_post_date">active: <?php echo $row["active"]; ?></span>
	192	<span class="log_post_author">public: <?php echo $row["public"]; ?></span>
	193	</div>
	194	</div>
	195	<?php
	196	}
	197	}
	198	/* }}} */
	199	/* edit_cat {{{ */
	200	/**
	201	* Show form to edit a category.
	202	*
	203	* @param int The category id or 0 to create a new one
	204	*/
	205	function edit_cat($id) {
	206	if ($id==0) {
	207	$cat["id"] = 0;
	208	$cat["name"] = "category name";
	209	$cat["desc"] = "Category description";
	210	$cat["active"] = "1";
	211	$cat["public"] = "1";
	212	} else {
	213	$res =& $this->db->query(sprintf("SELECT * FROM categories WHERE id = %d", $id));
	214	if (PEAR::isError($res)) {
	215	die($res->getMessage());
	216	}
	217	$res->fetchInto($cat, DB_FETCHMODE_ASSOC);
114	218	}
115	219	?>
	220	<form name="category" method="post" action="index.php">
	221	<input type="hidden" name="action" value="save_cat" />
	222	<input type="hidden" name="cat[id]" value="<?php echo $cat["id"]; ?>" />
116	223	<div class="log_post">
117	224	<div class="log_post_head">
118		<h1 class="log_post_h1"><~~a href="?action=edit_post&id=<?=$row["id"]?>"><?=stripslashes($row["title"])?></a~~></h1>
119		<?
120		$r =& $~~db->query(sprintf("SELECT COUNT(*) FROM articles WHERE categories_id = %d", $row~~["id"]));
	225	<h1 class="log_post_h1"><input type="text" name="cat[name]" value="<?php echo stripslashes($cat["name"]); ?>" /></h1>
	226	<?php
	227	$r =& $this->db->query(sprintf("SELECT COUNT(*) AS count FROM articles WHERE categories_id = %d", $cat["id"]));
121	228	if (PEAR::isError($r)) {
122	229	die($r->getMessage());
123	230	}
124		$r->fetchInto($count);
	231	$r->fetchInto($count, DB_FETCHMODE_ASSOC);
125	232	?>
126		<h2 class="log_post_h2">category: <?=$cats[$row["categories_id"]]?></h2>
	233	<h2 class="log_post_h2">articles in this categorie: <?php echo $count["count"]; ?></h2>
	234	</div>
	235	<div class="log_post_body">
	236	<textarea name="cat[description]" style="width: 200px; height: 100px;"><?php echo stripslashes($cat["desc"]); ?></textarea><br />
	237	<input type="submit" value="save" />
	238	<input type="button" value="cancel" onClick="document.forms.category.action.value='show_cats';document.forms.category.submit();" />
	239	<?php if ($id) { ?>
	240	<input type="button" value="delete" onClick="document.forms.category.action.value='delete_cat';document.forms.category.submit();" />
	241	<?php } ?>
	242	</div>
	243	<div class="log_post_foot">
	244	<span class="log_post_date">active: <input type="checkbox" value="1" name="cat[active]" <?php if ($cat["active"]) { echo "checked=\"checked\""; } ?> /></span>
	245	<span class="log_post_author">public: <input type="checkbox" value="1" name="cat[public]" <?php if ($cat["public"]) { echo "checked=\"checked\""; } ?> /></span>
	246	</div>
	247	</div>
	248	</form>
	249	<?php
	250	}
	251	/* }}} */
	252	/* save_cat {{{ */
	253	/**
	254	* Store altered/new category in the database
	255	*
	256	* @param array The category info
	257	*/
	258	function save_cat($cat) {
	259	if ($cat["id"]) {
	260	$query = sprintf("UPDATE categories SET %s = '%s', %s = '%s', %s = %d, %s = %d WHERE id = %d",
	261	$this->db_quote("name"), preg_quote(strip_tags($cat["name"]), "'"),
	262	$this->db_quote("desc"), preg_quote(strip_tags($cat["description"]), "'"),
	263	$this->db_quote("active"), $cat["active"],
	264	$this->db_quote("public"), $cat["public"],
	265	$cat["id"]
	266	);
	267	} else {
	268	$query = sprintf("INSERT INTO categories (%s, %s, %s, %s) VALUES ('%s', '%s', %d, %d)",
	269	$this->db_quote("name"), $this->db_quote("desc"), $this->db_quote("active"), $this->db_quote("public"),
	270	preg_quote(strip_tags($cat["name"]), "'"),
	271	preg_quote(strip_tags($cat["description"]), "'"),
	272	$cat["active"],
	273	$cat["public"]
	274	);
	275	}
	276	$res =& $this->db->query($query);
	277	if (PEAR::isError($res)) {
	278	die($res->getUserInfo());
	279	}
	280	header("Location: index.php?action=show_cats");
	281	}
	282	/* }}} */
	283	/* delete_cat {{{ */
	284	/**
	285	* Delete category from database
	286	*
	287	* @param int The category id to delete
	288	*/
	289	function delete_cat($id) {
	290	$query = sprintf("DELETE FROM categories WHERE id=%d", $id);
	291	$res =& $this->db->query($query);
	292	if (PEAR::isError($res)) {
	293	die($res->getUserInfo());
	294	}
	295	header("Location: index.php?action=show_cats");
	296	}
	297	/* }}} */
	298	/* show_authors {{{ */
	299	/**
	300	* show all authors
	301	*/
	302	public function show_authors() {
	303	$res =& $this->db->query("SELECT * FROM authors ORDER BY fullname");
	304	if (PEAR::isError($res)) {
	305	die($res->getMessage());
	306	}
	307
	308	?><a href="./index.php?action=edit_author&id=0">create new</a><?php
	309	while ($res->fetchInto($row, DB_FETCHMODE_ASSOC)) {
	310	?>
	311	<div class="log_post">
	312	<div class="log_post_head">
	313	<h1 class="log_post_h1">
	314	<a href="?action=edit_author&id=<?php echo $row["id"]; ?>">
	315	<?php
	316	echo stripslashes($row["fullname"]);
	317	if ($row["active"])
	318	echo "(active)";
	319	else
	320	echo "(inactive)";
	321	?>
	322	</a>
	323	</h1>
	324	<h2 class="log_post_h2">loginname: <?php echo stripslashes($row["login"]); ?></h2>
	325	<br />
	326	</div>
	327	<div class="log_post_foot">
	328	</div>
	329	</div>
	330	<?php
	331	}
	332	}
	333	/* }}} */
	334	/* edit_author {{{ */
	335	/**
	336	* show form to manipulate author
	337	*
	338	* @param int The author id to edit, or 0 to create a new one.
	339	*/
	340	public function edit_author($authorid) {
	341	if ($authorid == 0) {
	342	$author["id"] = 0;
	343	$author["login"] = "login";
	344	$author["password"] = "";
	345	$author["email"] = "";
	346	$author["fullname"] = "";
	347	$author["active"] = 1;
	348	} else {
	349	$res =& $this->db->query(sprintf("SELECT * FROM authors WHERE id = %d", $authorid));
	350	if (PEAR::isError($res)) {
	351	die($res->getMessage());
	352	}
	353	$res->fetchInto($author, DB_FETCHMODE_ASSOC);
	354	}
	355	if ($_REQUEST["error"]) {
	356	echo "<font color=\"red\">".stripslashes($_REQUEST["error"])."</font>";
	357	}
	358	?>
	359	<form name="author" method="post" action="index.php">
	360	<input type="hidden" name="action" value="save_author" />
	361	<input type="hidden" name="author[id]" value="<?php echo $author["id"]; ?>" />
	362	<input type="hidden" id="active" name="author[active]" value="<?php echo $author["active"]; ?>" />
	363	<div class="log_post">
	364	<div class="log_post_head">
	365	<h1 class="log_post_h1">
	366	<?php
	367	if ($authorid)
	368	echo stripslashes($author["login"]);
	369	else
	370	echo "login: <input type=\"text\" name=\"author[login]\" value=\"".stripslashes($author["login"])."\" />";
	371	?>
	372	</h1>
	373	<br />
127	374	</div>
128	375	<div class="log_post_body">
129	376	<div class="log_post_normal">
130		<?=stripslashes($row["body"])?>
	377	<table border="0" cellspacing="0" cellpadding="0"><tr>
	378	<td align="right">password:</td>
	379	<td><input type="password" name="author[password]" /></td>
	380	</tr><tr>
	381	<td align="right">password(repeat):</td>
	382	<td><input type="password" name="author[password1]" /></td>
	383	</tr><tr>
	384	<td align="right">email:</td>
	385	<td><input type="text" name="author[email]" value="<?php echo stripslashes($author["email"]); ?>" /></td>
	386	</tr><tr>
	387	<td align="right">website:</td>
	388	<td><input type="text" name="author[website]" value="<?php echo stripslashes($author["website"]); ?>" /></td>
	389	</tr><tr>
	390	<td align="right">full name: </td>
	391	<td><input type="text" name="author[fullname]" value="<?php echo stripslashes($author["fullname"]); ?>" /></td>
	392	</tr></table>
131	393	</div>
	394	<input type="submit" value="save" />
	395	<?php if ($authorid) { ?>
	396	<?php if ($author["active"]) { ?>
	397	<input type="button" value="disable" onClick="document.forms.author.active.value=0;document.forms.author.action.value='save_author';document.forms.author.submit();" />
	398	<?php } else { ?>
	399	<input type="button" value="enable" onClick="document.forms.author.active.value=1;document.forms.author.action.value='save_author';document.forms.author.submit();" />
	400	<?php } ?>
	401	<?php } ?>
132	402	</div>
133	403	<div class="log_post_foot">
134		~~<span class="log_post_author">active: <?=(int)$row["active"]?></span>~~
135		~~<span class="log_post_author">public: <?=(int)$row["public"]?></span>~~
136		~~<span class="log_post_author">aside: <?=(int)$row["aside"]?></span>~~
137	404	</div>
138	405	</div>
139		<?
140		}
141		if ($options["top"]) {
142		echo "<a class=\"link_prev\" href=\"index.php?action=show_posts&options[month]=".(int)$options["month"]."&options[year]=".(int)$options["year"]."&options[top]=".($options["top"]-$options["limit"])."\">previous</a> ";
143		}
144		if (($options["top"] + $options["limit"]) > $counter) {
145		$end = $counter;
146		} else {
147		$end = ($options["top"]+$options["limit"]);
148		}
149		if ($counter == 0) {
150		echo "<span class=\"log_cat\">no posts";
151		} else {
152		echo "<span class=\"log_cat\">showing ".($options["top"]+1)." to ".$end." of ".$counter." total posts";
153		}
154		if (($options["top"]+$options["limit"]) < $counter) {
155		echo " <a class=\"link_next\" href=\"index.php?action=show_posts&options[month]=".(int)$options["month"]."&options[year]=".(int)$options["year"]."&options[top]=".($options["top"]+$options["limit"])."\">next</a>";
156		}
157		echo "</span>";
158		}
159
160		//}}}--------------------------------------------------
161		//{{{ edit_post($id): show user a form to edit the post
162		//-----------------------------------------------------
163		function edit_post($id) {
164		global $db;
165		if ($id==0) {
166		$post["id"] = 0;
167		$post["title"] = "post title";
168		$post["body"] = "post body";
169		$post["date"] = mktime();
170		$post["categories_id"] = 0;
171		$post["active"] = 1;
172		$post["public"] = 1;
173		$post["mail_comments"] = 1;
174		$post["allowanoncomments"] = 0;
175		} else {
176		$res =& $db->query(sprintf("SELECT * FROM articles WHERE id = %d", $id));
	406	</form>
	407	<?php
	408	}
	409	/* }}} */
	410	/* save_author($author): {{{ */
	411	/**
	412	* store new/altered author in database
	413	*
	414	* @param array The author info
	415	*/
	416	public function save_author($author) {
	417	if ($author["password"] && $author["password1"]) {
	418	if ($author["password"] != $author["password1"]) {
	419	$error = "Passwords don't match. Please correct this error and try again.";
	420	}
	421	}
	422	//make sure we are not inserting double loginnames
	423	if (!$author["id"]) {
	424	$res =& $this->db->query("SELECT COUNT(*) FROM authors WHERE login='".$author["login"]."'");
	425	$res->fetchInto($count);
	426	if ($count[0]) {
	427	$error = "Login already excists. Please correct this error and try again.";
	428	}
	429	}
	430	if (!$error) {
	431	&nbs