/** * Implementation of module_content() * * Blog content and parameters can be interpreted in several different methods * * - / * No parameters. Should show (paged) all posts in the blog. * * - /tag/xxx * Responds with paged posts relating to that tag. * * - /yyyy/mm/dd/post-name * Retrieve the post based on the url safe-name * * - /id/123 * Used as permalink. Perma-redirect to current /yyyy/mm/dd/post-name url * * - /yyyy * Archival retrieval of posts (no content) in the specified year * * - /atom * Atom style feed for the current blog */ function blog_content() { global $ssc_database, $ssc_site_path; $result = $ssc_database->query("SELECT name, comments, page FROM #__blog WHERE id = %d LIMIT 1", $_GET['path-id']); if ($result && ($data = $ssc_database->fetch_assoc($result))) { // Load display library if (!ssc_load_library('sscText')) { ssc_not_found(); return; } // Get blog settings ssc_set_title($data['name']); $_GET['param'] = explode("/", $_GET['param']); $_GET['blog_comments'] = (bool) $data['comments']; $action = array_shift($_GET['param']); if ($action == '' || $action == 'page') { // Show paged posts array_unshift($_GET['param'], 'page'); if (count($_GET['param']) > 2) { ssc_not_found(); } return _blog_gen_post($data['page'], $_GET['path'] . '/page/', "SELECT p.id, p.title, p.created, p.urltext, u.displayname author, count(c.post_id) count, p.body, p.commentsdisabled FROM\n\t\t\t\t#__blog_post p LEFT JOIN #__user u ON u.id = p.author_id LEFT JOIN #__blog_comment c ON (post_id = p.id AND (status & %d = 0))\n\t\t\t\tWHERE blog_id = %d AND p.is_draft = 0 GROUP BY p.id ORDER BY p.created DESC", SSC_BLOG_COMMENT_SPAM, $_GET['path-id']); } elseif ($action == 'tag') { // Show posts for the tag if (count($_GET['param']) == 2 || count($_GET['param']) > 3) { ssc_not_found(); } $tag = array_shift($_GET['param']); if (empty($tag)) { ssc_not_found(); } // If to parameter for the tag, die gracefully return _blog_gen_post($data['page'], $_GET['path'] . '/tag/' . $tag . '/page/', "SELECT p.id, p.title, p.created, p.urltext, u.displayname author, count(c.post_id) count, p.body, p.commentsdisabled FROM \n\t\t\t\t#__blog_post p LEFT JOIN #__user u ON u.id = p.author_id LEFT JOIN #__blog_comment c ON (post_id = p.id AND (status & %d = 0))\n\t\t\t\tLEFT JOIN #__blog_relation r ON r.post_id = p.id LEFT JOIN #__blog_tag t ON t.id = r.tag_id WHERE blog_id = %d AND p.is_draft = 0 AND t.tag = '%s'\n\t\t\t\tGROUP BY p.id ORDER BY p.created DESC", SSC_BLOG_COMMENT_SPAM, $_GET['path-id'], $tag); } elseif ($action == 'id') { // Redirect as needed if (count($_GET['param']) != 1) { ssc_not_found(); } // Extra parameters $result = $ssc_database->query("SELECT created, urltext FROM #__blog_post WHERE id = %d AND is_draft = 0 LIMIT 1", (int) array_shift($_GET['param'])); if ($data = $ssc_database->fetch_object($result)) { ssc_redirect($_GET['path'] . date("/Y/m/d/", $data->created) . $data->urltext, 301); return; } // Post ID doesn't exist - kill ssc_not_found(); } elseif ($action == 'feed') { // Internal redirect to atom feed $feedPath = $ssc_site_path . '/modules/blog/atom-' . $_GET['path-id'] . '.xml'; // Check if feed exists yet if (!file_exists($feedPath)) { ssc_not_found(); } // Try and read it $rss = file_get_contents($feedPath); // See if read success? if ($rss === FALSE) { ssc_not_found(); } // Guess not - die gracefully // Output rss header("Content-Type: application/xml", true); echo $rss; // And now quit ... ssc_close(); // ... fully exit(0); } elseif ($action == 'atom') { if (count($_GET['param']) > 1) { ssc_not_found(); } header("Content-Type: application/atom+xml", true); include $ssc_site_path . '/modules/blog/rss.inline.php'; ssc_close(); exit(0); } else { // Not those - is int? $action = (int) $action; // Check for bad first param if ($action == 0) { ssc_not_found(); return; } // Check if the post name exists? if (!empty($_GET['param'][2])) { // Retrieve post $result = $ssc_database->query("SELECT p.id, p.title, p.created, p.urltext, p.commentsdisabled, u.displayname author, p.body FROM #__blog_post p \n\t\t\t\t\tLEFT JOIN #__user u ON u.id = p.author_id WHERE blog_id = %d AND p.is_draft = 0 AND p.urltext = '%s' \n\t\t\t\t\tLIMIT 1", $_GET['path-id'], $_GET['param'][2]); if (!($data = $ssc_database->fetch_object($result))) { // No post with name - kill output ssc_not_found(); return; } // Don't allow any further params if (!empty($_GET['param'][3])) { // Unless admin, and the param is 'mark' if (login_check_auth("blog") && $_GET['param'][3] == 'mark') { if ($ssc_database->query("UPDATE #__blog_comment SET status = status | %d WHERE post_id = %d", SSC_BLOG_COMMENT_READ, $data->id)) { ssc_add_message(SSC_MSG_INFO, t('Marked the comments as read')); } } else { ssc_not_found(); return; } } // Comments disabled flag $comments_disabled = $data->commentsdisabled; // Post id number $pid = $data->id; $out = "\n<h3>{$data->title}</h3>\n"; $out .= t("Posted !date at !time by !author\n", array('!date' => date(ssc_var_get('date_med', SSC_DATE_MED), $data->created), '!time' => date(ssc_var_get('time_short', SSC_TIME_SHORT), $data->created), '!author' => $data->author)) . '<br />'; $result = $ssc_database->query("SELECT tag FROM #__blog_relation r, #__blog_tag t WHERE r.tag_id = t.id AND r.post_id = %d ORDER BY tag ASC", $data->id); // Retrieve list of tags for the post if ($ssc_database->number_rows()) { $out .= "Tagged: "; $txt = ''; while ($dat = $ssc_database->fetch_object($result)) { $txt .= ', ' . l($dat->tag, $_GET['path'] . '/tag/' . $dat->tag); } $txt = substr($txt, 2); $out .= $txt . '<br />'; } $out .= sscText::convert($data->body); if ($_GET['blog_comments']) { // Retrieve comments $out .= '<div class="clear"></div><h3 id="comments">Comments</h3>'; // Are we admin? $is_admin = login_check_auth("blog"); if ($is_admin) { $result = $ssc_database->query("SELECT id, author, email, site, created, status, body FROM #__blog_comment \n\t\t\t\t\t\tWHERE post_id = %d ORDER BY created ASC", $data->id, SSC_BLOG_COMMENT_SPAM, SSC_BLOG_COMMENT_SPAM); // Start spam/ham/commentstate form $out .= '<form action="" method="post"><div><input type="hidden" name="form-id" value="blog_spam_ham" />'; // Show (dis-)enable comments button on posts with or without comments if ($comments_disabled == 0) { $sub_disable_comments = array('#value' => 'Disable Comments', '#type' => 'submit', '#name' => "disable_comments[{$pid}]"); } else { $sub_disable_comments = array('#value' => 'Enable Comments', '#type' => 'submit', '#name' => "enable_comments[{$pid}]"); } // Render button $out .= theme_render_input($sub_disable_comments); } else { $result = $ssc_database->query("SELECT author, email, site, created, body FROM #__blog_comment \n\t\t\t\t\t\tWHERE post_id = %d AND status & %d = 0 ORDER BY created ASC", $data->id, SSC_BLOG_COMMENT_SPAM); } if (!$result || $ssc_database->number_rows($result) == 0) { // Bad SQL $out .= t('There are no comments posted yet.'); } else { // Admin user - show spam/ham/commentstate options if ($is_admin) { // For each comment, show it, it's visible state, and possible options while ($data = $ssc_database->fetch_object($result)) { $status = $data->status; $out .= "<div class='" . ($status & SSC_BLOG_COMMENT_SPAM ? "blog-spam-icon" : "blog-notspam-icon") . "'><p>" . nl2br(check_plain($data->body)) . "</p><p>"; $out .= t("Posted !date at !time by !author\n", array('!date' => date(ssc_var_get('date_med', SSC_DATE_MED), $data->created), '!time' => date(ssc_var_get('time_short', SSC_TIME_SHORT), $data->created), '!author' => empty($data->site) ? check_plain($data->author) : l(check_plain($data->author), $data->site))) . '</p>'; $sub_hide = array('#value' => 'Hide comment', '#type' => 'submit'); $sub_show = array('#value' => 'Show comment', '#type' => 'submit'); $sub_spam = array('#value' => 'Mark spam', '#type' => 'submit'); $sub_ham = array('#value' => 'Unmark spam', '#type' => 'submit'); // If tree for actions if ($status & SSC_BLOG_COMMENT_CAN_SPAM) { // Hasn't been re-submitted yet if ($status & SSC_BLOG_COMMENT_SPAM) { // Was marked as spam $sub_ham['#name'] = "ham[{$data->id}]"; $out .= theme_render_input($sub_ham); $sub_show['#name'] = "show[{$data->id}]"; $out .= theme_render_input($sub_show); } else { // Was not marked spam $sub_spam['#name'] = "spam[{$data->id}]"; $out .= theme_render_input($sub_spam); $sub_hide['#name'] = "hide[{$data->id}]"; $out .= theme_render_input($sub_hide); } } else { // Has already been resubmitted if ($status & SSC_BLOG_COMMENT_SPAM) { // Currently spam/hidden $sub_show['#name'] = "show[{$data->id}]"; $out .= theme_render_input($sub_show); } else { // Marked as normal currently $sub_hide['#name'] = "hide[{$data->id}]"; $out .= theme_render_input($sub_hide); } } $out .= '</div><hr />'; } } else { // Just show comments while ($data = $ssc_database->fetch_object($result)) { //$out .= "<div class='gravatar' style='background-image: url(\""._blog_gravatar_get_url($data->email)."\");'>"; $out .= '<p>' . nl2br(check_plain($data->body)) . '</p><p>'; $out .= t("Posted !date at !time by !author\n", array('!date' => date(ssc_var_get('date_med', SSC_DATE_MED), $data->created), '!time' => date(ssc_var_get('time_short', SSC_TIME_SHORT), $data->created), '!author' => empty($data->site) ? $data->author : l($data->author, $data->site))) . '</p><hr />'; //'</p></div><hr />'; } } } // End admin form if ($is_admin) { $out .= '</div></form>'; } if ($comments_disabled == 0 || $is_admin) { $out .= ssc_generate_form('blog_guest_comment', $pid); } else { $out .= '<br />' . t("Sorry, commenting has been closed on this post."); } } return $out; } elseif (isset($_GET['param'][0])) { // First param set not expecting anything - kill page ssc_not_found(); return; } else { // Yearly archive return _blog_gen_post(10000, $_GET['path'] . '/page/', "SELECT p.id, p.title, p.created, p.urltext, u.displayname author, count(c.post_id) count, p.commentsdisabled FROM \n\t\t\t\t\t#__blog_post p LEFT JOIN #__blog_comment c ON (post_id = p.id AND (c.status & %d = 0)) LEFT JOIN #__user u ON u.id = p.author_id \n\t\t\t\t\tWHERE blog_id = %d AND p.created >= %d AND p.created < %d AND p.is_draft = 0 GROUP BY p.id ORDER BY p.created DESC", SSC_BLOG_COMMENT_SPAM, $_GET['path-id'], mktime(0, 0, 0, 1, 1, $action), mktime(0, 0, 0, 1, 0, $action + 1)); } } } // Find content ssc_not_found(); }
*/ define("_SSC_DEBUG", 0); $ssc_execute_time = microtime(true); error_reporting(E_ALL); // App startup include './includes/core.inc.php'; // We don't need the front-end initialized for ajax requests if (isset($_GET['ajax']) && $_GET['ajax'] == 'y') { ssc_init(SSC_INIT_EXTENSION); header("Content-type: application/x-javascript; charset=utf-8", true); // Hook in form validation as a core function if (isset($_GET['core']) && $_GET['core'] == 'val-form') { // Check the form target exists if (!isset($_GET['form'])) { exit; } $target = str_replace("-", "_", $_GET['form']); if (function_exists($target)) { echo json_encode($target()); } } else { echo ssc_execute(); } } else { ssc_init(SSC_INIT_FULL); $page = ssc_execute(); theme_render($page); } // Clean up ssc_close();
/** * Called to redirect the current page */ function ssc_redirect($path = '', $response_code = 302) { global $ssc_site_url; ssc_close(); header("Location: {$ssc_site_url}{$path}", true, $response_code); exit; }