function image_zap($image_id)
{
$filename = db_getOne("SELECT filename FROM image WHERE id=?", $image_id);
db_do("DELETE FROM image WHERE id=?", $image_id);
db_commit();
unlink(image_path($filename));
}
function execute($value)
{
$journo_id = db_getOne("SELECT id FROM journo WHERE ref=?", $value);
if (is_null($journo_id)) {
$params = array();
throw new ValidationError(vsprintf($this->msg, $params), $this->code, $params);
}
}
function FetchArticle($article_id)
{
$q = db_query('SELECT * FROM article WHERE id=?', $article_id);
$art = db_fetch_array($q);
$art['images'] = db_getAll("SELECT * FROM article_image WHERE article_id=?", $article_id);
$art['content'] = db_getOne("SELECT content FROM article_content WHERE article_id=?", $article_id);
return $art;
}
function page_header($title, $params = array())
{
header('Content-Type: text/html; charset=utf-8');
if (arr_get('pingbacks', $params, FALSE)) {
$pingback_url = OPTION_BASE_URL . "/pingback";
header("X-Pingback: {$pingback_url}");
}
if ($title) {
$title .= ' - ' . OPTION_WEB_DOMAIN;
} else {
$title = OPTION_WEB_DOMAIN;
}
$P = person_if_signed_on(true);
/* Don't renew any login cookie. */
$datestring = date('l d.m.Y');
$mnpage = array_key_exists('menupage', $params) ? $params['menupage'] : '';
$rss_feeds = array();
if (array_key_exists('rss', $params)) {
$rss_feeds = $params['rss'];
}
$canonical_url = null;
if (array_key_exists('canonical_url', $params)) {
$canonical_url = $params['canonical_url'];
}
$js_files = array("/jl.js");
if (array_key_exists('js_extra', $params)) {
$js_files = array_merge($js_files, $params['js_extra']);
}
$head_extra = '';
if (array_key_exists('head_extra', $params)) {
$head_extra .= $params['head_extra'];
}
if (array_key_exists('head_extra_fn', $params)) {
ob_start();
call_user_func($params['head_extra_fn']);
$head_extra .= ob_get_contents();
ob_end_clean();
}
$logged_in_user = null;
$can_edit_profile = FALSE;
if ($P) {
if ($P->name_or_blank()) {
$logged_in_user = $P->name;
} else {
$logged_in_user = $P->email;
}
if (db_getOne("SELECT * FROM person_permission WHERE person_id=? AND permission='edit'", $P->id())) {
$can_edit_profile = TRUE;
}
}
$search = array('q' => '', 'type' => 'journo');
if (array_key_exists('search_params', $params)) {
$search = $params['search_params'];
}
include "../templates/header.tpl.php";
}
function admCheckAccess()
{
$P = person_if_signed_on();
if (!is_null($P)) {
// check for admin permission
$perm = db_getOne("SELECT id FROM person_permission WHERE permission='admin' AND person_id=?", $P->id());
if (!is_null($perm)) {
return TRUE;
}
}
return FALSE;
}
function view()
{
$P = person_if_signed_on();
if (is_null($P)) {
// only for logged-in users
header("Location: /");
return;
}
/* they might have multiple profiles, thus option to specify one here */
$ref = strtolower(get_http_var('ref'));
$journo = NULL;
if ($ref) {
$journo = db_getRow("SELECT * FROM journo WHERE ref=?", $ref);
if (!$journo) {
header("HTTP/1.0 404 Not Found");
return;
}
}
if (is_null($journo)) {
// no journo given - if person is logged on, see if they are associated with a journo (or journos)
$editables = db_getAll("SELECT j.* FROM ( journo j INNER JOIN person_permission p ON p.journo_id=j.id) WHERE p.person_id=? AND p.permission='edit'", $P->id());
if (sizeof($editables) == 0) {
header("Location: /");
return;
} elseif (sizeof($editables) > 1) {
/* let user pick which one... */
tmpl_pickjourno($editables);
return;
} else {
// sizeof($editables) == 1
$journo = $editables[0];
// just one journo.
}
}
// is this person allowed to edit this journo?
if (!db_getOne("SELECT id FROM person_permission WHERE person_id=? AND journo_id=? AND permission='edit'", $P->id(), $journo['id'])) {
// nope
$journo = null;
}
if (!is_null($journo)) {
header("Location: /{$journo['ref']}");
} else {
header("Location: /f**k");
}
}
function auth_token_retrieve($scope, $token)
{
$data = db_getOne('
select data
from token
where scope = ? and token = ?', array($scope, $token));
/* Madness. We have to unescape this, because the PEAR DB library isn't
* smart enough to spot BYTEA columns and do it for us. */
$data = pg_unescape_bytea($data);
$pos = 0;
$res = rabx_wire_rd(&$data, &$pos);
if (rabx_is_error($res)) {
$res = unserialize($data);
if (is_null($res)) {
err("Data for scope '{$scope}', token '{$token}' are not valid");
}
}
return $res;
}
function validate($params)
{
$err = array();
if ($params['prettyname'] == '') {
$err['prettyname'] = 'blank Pretty Name';
}
if (!preg_match('/^[a-z]+(-[a-z0-9]+){1,}$/', $params['ref'])) {
$err['ref'] = 'bad ref (needs to be lowercase and contain at least one hyphen)';
} else {
if (db_getOne("SELECT id FROM journo WHERE ref=?", $params['ref'])) {
$err['ref'] = "Already a journo with that ref! <a href=\"/adm/{$params['ref']}\">{$params['ref']}</a>";
}
}
if (!preg_match('/^[a-z]+$/', $params['firstname'])) {
$err['firstname'] = 'bad first name';
}
if (!preg_match('/^[a-z]+$/', $params['lastname'])) {
$err['lastname'] = 'bad last name';
}
return $err;
}
function publication_collect($pub_id)
{
$p = db_getRow("SELECT * FROM organisation WHERE id=?", $pub_id);
if (0) {
/* recent articles */
$arts = db_getAll("SELECT id,title,pubdate,permalink FROM article WHERE srcorg=? ORDER BY pubdate DESC LIMIT 10", $pub_id);
foreach ($arts as &$a) {
article_augment($a);
}
unset($a);
$p['recent_articles'] = $arts;
}
/* principles */
if ($p['sop_url']) {
$p['principles'] = array('name' => $p['sop_name'], 'url' => $p['sop_url']);
} else {
$p['principles'] = null;
}
unset($p['sop_url']);
unset($p['sop_name']);
/* recent journos */
$sql = <<<EOT
SELECT DISTINCT j.ref, j.prettyname, j.lastname FROM
( ( journo j INNER JOIN journo_attr attr ON j.id=attr.journo_id )
INNER JOIN article a ON a.id=attr.article_id)
WHERE a.srcorg=?
AND a.status='a'
AND a.pubdate > NOW() - INTERVAL '1 week'
ORDER BY j.lastname;
EOT;
$journos = db_getAll($sql, $pub_id);
$p['recent_journos'] = $journos;
/* address (vcard adr fields) */
$foo = db_getOne("SELECT adr FROM pub_adr WHERE pub_id=?", $pub_id);
$p['adr'] = $foo ? vcard_parse_adr($foo) : NULL;
/* telephone (assume type='voice' for now) */
$p['tel'] = db_getOne("SELECT phone FROM pub_phone WHERE pub_id=?", $pub_id);
return $p;
}
function random_bytes($num)
{
if (!file_exists('/dev/random')) {
// probably Windows. Use database.
$res = '';
while (strlen($res) < $num) {
$res .= db_getOne('select chr((256*random())::int4)');
}
return $res;
}
global $random_bytes_filehandle;
if ($num < 0) {
err("NUM must be nonnegative in random_bytes");
}
if (!isset($random_bytes_filehandle) && !($random_bytes_filehandle = fopen("/dev/random", "r"))) {
err("Unable to open /dev/random");
}
$res = '';
while (strlen($res) < $num) {
$res .= fread($random_bytes_filehandle, $num - strlen($res));
}
return $res;
}
function view()
{
if (!admCheckAccess()) {
exit;
}
// should return error code?
$j = get_http_var('j');
$j = strtolower($j);
$journo = db_getRow("SELECT id,ref,prettyname,oneliner,status FROM journo WHERE ref=?", $j);
if (is_null($journo)) {
// TODO: 404
return;
}
$sql = <<<EOT
SELECT p.id,p.email,p.name,perm.permission
FROM person p INNER JOIN person_permission perm ON perm.person_id=p.id
WHERE perm.permission='edit' AND perm.journo_id=?
EOT;
$users = db_getAll($sql, $journo['id']);
$journo['arts'] = journo_collectArticles($journo, 5);
$journo['num_arts'] = db_getOne("SELECT COUNT(*) FROM journo_attr WHERE journo_id=?", $journo['id']);
$journo['linked_users'] = $users;
template($journo);
}
function LookupToken($email)
{
$sql = <<<EOT
SELECT token,created,data
FROM token
WHERE scope='login' AND encode( data, 'escape' ) ilike ?
ORDER BY created DESC
EOT;
$q = db_query($sql, '%' . $email . '%');
$cnt = db_num_rows($q);
if ($cnt == 0) {
print "<p>No tokens found for <code>{$email}</code> (maybe they used a different email address?)</p>\n";
} else {
print "<p>Found {$cnt} tokens for <code>{$email}</code> (most recent first)</p>\n";
print "<table border=1>\n";
print "<tr><th>when issued</th><th>email</th><th>confirmation link</th><th>stashed url</th></tr>\n";
while ($r = db_fetch_array($q)) {
$t = strtotime($r['created']);
$issued = strftime('%R %a %e %B %Y', $t);
$token = $r['token'];
$confirmation_url = OPTION_BASE_URL . "/login?t={$token}";
$stashed_url = '????';
$email = '????';
$pos = 0;
$res = rabx_wire_rd(&$r['data'], &$pos);
if (!rabx_is_error($res)) {
$email = $res['email'];
$stashed_url = db_getOne("SELECT url FROM requeststash WHERE key=?", $res['stash']);
if (!$stashed_url) {
$stashed_url = '-none- (which probably means they clicked the link)';
}
}
?>
<tr>
<td><?php
echo $issued;
?>
</td>
<td><code><?php
echo $email;
?>
</code></td>
<td><code><?php
echo $confirmation_url;
?>
</code></td>
<td><code><?php
echo $stashed_url;
?>
</code></td>
</tr>
<?php
}
print "</table>\n";
}
}
function handleSubmit()
{
// rewrite the whole lot... (but only the types the user can edit!)
db_do("DELETE FROM journo_weblink WHERE kind NOT IN ('pingback','twitter') AND journo_id=?", $this->journo['id']);
$rankstep = 10;
$rank = 100 + $rankstep * sizeof($this->submitted);
foreach ($this->submitted as &$w) {
db_do("INSERT INTO journo_weblink (journo_id,kind,url,description,approved,rank) VALUES (?,?,?,?,true,?)", $this->journo['id'], $w['kind'], $w['url'], $w['description'], $rank);
$w['id'] = db_getOne("SELECT lastval()");
$rank = $rank - $rankstep;
}
db_commit();
eventlog_Add('modify-weblinks', $this->journo['id']);
}
function stash_get_extra($key)
{
return db_getOne('select extra from requeststash where key = ?', $key);
}
function DoAddAlert($P, $journo_ref)
{
$journo = db_getRow("SELECT id,prettyname FROM journo WHERE ref=? AND status='a'", $journo_ref);
if (!$journo) {
err("bad journalist ref");
}
$url = "/{$journo_ref}";
$journo_id = $journo['id'];
if (!db_getOne("SELECT id FROM alert WHERE journo_id=? AND person_id=?", $journo_id, $P->id)) {
db_query("INSERT INTO alert (person_id,journo_id) VALUES (?,?)", $P->id, $journo_id);
db_commit();
print "<p class=\"infomessage\"><a href=\"{$url}\">{$journo['prettyname']}</a> was added to your list.</p>\n";
} else {
print "<p class=\"infomessage\"><a href=\"{$url}\">{$journo['prettyname']}</a> is already on your list.</p>\n";
}
}
function check_password($p)
{
$c = db_getOne('select password from person where id = ?', $this->id);
if (is_null($c)) {
return false;
} elseif (crypt($p, $c) != $c) {
return false;
} else {
return true;
}
}
function handle_pingback($method, $params, $extra)
{
list($sourceURI, $targetURI) = $params;
// fetch the source URI to verify that the source does indeed link to the target
$html = file_get_contents($sourceURI);
if ($html === FALSE) {
CRAPLOG("0x10\n");
return 0x10;
// "The source URI does not exist."
}
// cheesy conversion to utf-8
$html = mb_convert_encoding($html, 'UTF-8', mb_detect_encoding($html, 'UTF-8, ISO-8859-1, windows-1252', true));
$html = html_entity_decode($html, ENT_COMPAT, 'UTF-8');
if (strpos($html, $targetURI) === FALSE) {
CRAPLOG("0x11\n");
return 0x11;
// "The source URI does not contain a link to the target URI, and so cannot be used as a source."
}
// check URL, try and extract journo ref
$bits = crack_url($targetURI);
$path = $bits['path'];
$m = array();
$ref = null;
if (preg_match("%([a-zA-Z0-9]+-[-a-zA-Z0-9]+)/?%", $path, $m)) {
$ref = $m[1];
}
if ($ref === null) {
CRAPLOG("0x21\n");
return 0x21;
// "The specified target URI cannot be used as a target."
}
// valid journo?
$journo = db_getRow("SELECT * FROM journo WHERE ref=? AND status='a'", $ref);
if ($journo === null) {
CRAPLOG("0x21 (invalid journo)\n");
return 0x21;
// "The specified target URI cannot be used as a target."
}
// try and extract title to use as description
$desc = $sourceURI;
$m = array();
if (preg_match('!<title>(.*?)</title>!i', $html, $m)) {
$desc = $m[1];
$desc = preg_replace('/\\s+/', ' ', $desc);
}
// already got this pingback?
if (db_getOne("SELECT id FROM journo_weblink WHERE journo_id=? AND url=? AND approved=true", $journo['id'], $sourceURI)) {
CRAPLOG("0x30\n");
return 0x30;
// "The pingback has already been registered."
}
// OK. time to add it!
$sql = <<<EOT
INSERT INTO journo_weblink
(journo_id, url, description, approved, kind, rank)
VALUES ( ?,?,?,true,'pingback',500)
EOT;
db_do($sql, $journo['id'], $sourceURI, $desc);
db_commit();
CRAPLOG("added.\n");
return "Ping registered - thanks";
}
function replacePhoto($p, $is_thumbnail = FALSE)
{
$new_photo = null;
if ($p) {
if (is_resource($p) && get_resource_type($p) == 'gd') {
$new_photo = image_storeGD($p);
} else {
// assume it's an uploaded file
$new_photo = image_storeUploaded($p);
}
if ($new_photo) {
$new_photo['image_id'] = $new_photo['id'];
$new_photo['is_thumbnail'] = $is_thumbnail;
unset($new_photo['id']);
}
}
if ($this->photo) {
// remove existing one from db
db_do("DELETE FROM journo_photo WHERE id=?", $this->photo['id']);
db_do("DELETE FROM image WHERE id=?", $this->photo['image_id']);
}
if ($new_photo) {
// put new one in db
$new_photo['id'] = db_getOne("select nextval('journo_photo_id_seq' )");
db_do("INSERT INTO journo_photo (journo_id,image_id,is_thumbnail) VALUES (?,?,?)", $this->journo['id'], $new_photo['image_id'], $new_photo['is_thumbnail']);
}
db_commit();
if ($this->photo) {
// db synced - can now zap the old file
unlink(image_path($this->photo['filename']));
}
// done.
$this->photo = $new_photo;
}
function perform($params)
{
// profiles created in last 7 days
$sql = <<<EOT
SELECT count(*)
FROM journo j INNER JOIN person_permission perm ON perm.journo_id=j.id
WHERE date(j.created) = date(perm.created)
AND perm.permission='edit'
AND j.created > NOW()-interval '7 days'
EOT;
$profiles_created_last_7_days = intval(db_getOne($sql));
// profiles created overall
$sql = <<<EOT
SELECT count(*)
FROM journo j INNER JOIN person_permission perm ON perm.journo_id=j.id
WHERE date(j.created) = date(perm.created)
AND perm.permission='edit'
EOT;
$profiles_created_all_time = intval(db_getOne($sql));
// profiles claimed in last 7 days
$sql = "SELECT COUNT(*) from person_permission WHERE permission IN ('claimed','edit') AND created>NOW()-interval '7 days'";
$profiles_claimed_last_7_days = intval(db_getOne($sql));
// total profiles edited overall
$sql = "SELECT COUNT( DISTINCT journo_id) FROM event_log";
$profiles_edited_all_time = intval(db_getOne($sql));
// total alert subscribers
$sql = "SELECT COUNT( DISTINCT person_id) FROM alert";
$num_alert_subscribers = intval(db_getOne($sql));
?>
<table border=0>
<tr><th>Profiles created over last 7 days<th><td><?php
echo $profiles_created_last_7_days;
?>
</td><tr>
<tr><th>Profiles created ever<th><td><?php
echo $profiles_created_all_time;
?>
</td><tr>
<tr><th>Profiles claimed over last 7 days<th><td><?php
echo $profiles_claimed_last_7_days;
?>
</td><tr>
<tr><th>Profiles edited ever<th><td><?php
echo $profiles_edited_all_time;
?>
</td><tr>
<tr><th>Number of alert subscribers<th><td><?php
echo $num_alert_subscribers;
?>
</td><tr>
</table>
<?php
}
function journo_countArticles($journo_id)
{
$sql = <<<EOT
SELECT COUNT(*)
FROM journo_other_articles
WHERE status='a' AND journo_id=?
EOT;
$cnt = db_getOne($sql, $journo_id);
$sql = <<<EOT
SELECT COUNT(*)
FROM article a
INNER JOIN journo_attr attr ON a.id=attr.article_id
WHERE a.status='a' AND attr.journo_id=?
EOT;
$cnt += db_getOne($sql, $journo_id);
return $cnt;
}
function canEditJourno($journo_id)
{
$P = person_if_signed_on();
if (is_null($P)) {
return FALSE;
}
if (db_getOne("SELECT id FROM person_permission WHERE person_id=? AND ((journo_id=? AND permission='edit') OR permission='admin')", $P->id(), $journo_id)) {
return TRUE;
} else {
return FALSE;
}
}
require_once 'weblink_widget.php';
//require_once "HTML/QuickForm.php";
function ExtraHead()
{
WeblinkWidget::emit_head_js();
}
$statusnames = array('i' => 'i - Inactive', 'a' => 'a - Active', 'h' => 'h - Hidden');
$ref = strtolower(get_http_var('ref', ''));
$journo_id = get_http_var('journo_id');
if ($ref) {
$journo_id = db_getOne("SELECT id FROM journo WHERE ref=?", $ref);
}
$action = get_http_var('action');
$journo_name = 'Journos';
if ($journo_id) {
$journo_name = db_getOne("SELECT prettyname FROM journo WHERE id=?", $journo_id);
}
admPageHeader($journo_name, "ExtraHead");
switch ($action) {
case 'list':
/* List journos */
print "<h2>Journalists</h2>\n";
EmitJournoFilterForm();
EmitJournoList();
break;
case 'change_status':
ChangeJournoStatus($journo_id, get_http_var('status'));
EmitJourno($journo_id);
break;
case "add_link":
AddWeblink($journo_id, get_http_var('url'), get_http_var('desc'));
db_commit();
}
// just use journo id to index cache... other pages won't clash.
$cacheid = 'json_' . $journo['id'];
$data = null;
if (strtolower(get_http_var('full') == 'yes')) {
/* force a full page rebuild (slow) */
$data = journo_collectData($journo);
$json = json_encode($data);
db_do("DELETE FROM htmlcache WHERE name=?", $cacheid);
db_do("INSERT INTO htmlcache (name,content) VALUES(?,?)", $cacheid, $json);
db_do("UPDATE journo SET modified=false WHERE id=?", $journo['id']);
db_commit();
} else {
/* look for cached data to build the page with */
$cached_json = db_getOne("SELECT content FROM htmlcache WHERE name=?", $cacheid);
if (is_null($cached_json)) {
/* uh-oh... page is missing from the cache... generate a quick n nasty version right now! */
$data = journo_collectData($journo, true);
$json_quick = json_encode($data);
/* mark journo as needing their page sorted out! */
db_do("UPDATE journo SET modified=true WHERE id=?", $journo['id']);
/* save the quick-n-nasty data */
db_do("INSERT INTO htmlcache (name,content) VALUES(?,?)", $cacheid, $json_quick);
db_commit();
} else {
/* there is cached data - yay! */
$data = json_decode($cached_json, true);
if ($can_edit_page && $journo['modified'] == 't') {
/* journo is logged in and the page is out of date...
* update the cached data with some fresh quick-n-nasty data
function find_or_create_publication($domain)
{
$foo = preg_replace("/^www[.]/", "", $domain);
$pub_id = db_getOne("SELECT pub_id FROM pub_domain WHERE domain in (?,?) LIMIT 1", $foo, "www.{$foo}");
if (!is_null($pub_id)) {
return $pub_id;
}
// not found, so create a new publication:
$shortname = $foo;
$prettyname = $foo;
$shortname = $foo;
$sortname = $foo;
$home_url = "http://{$domain}";
$pub_id = db_getOne("INSERT INTO organisation (id,shortname,prettyname,sortname,home_url) VALUES (DEFAULT, ?,?,?,?) RETURNING id", $shortname, $prettyname, $sortname, $home_url);
db_do("INSERT INTO pub_domain (pub_id,domain) VALUES (?,?)", $pub_id, $domain);
db_do("INSERT INTO pub_alias (pub_id,alias) VALUES (?,?)", $pub_id, $prettyname);
return $pub_id;
}
function account_page()
{
$r = array('reason_web' => "Log in", 'reason_email' => "Log in to Journalisted", 'reason_email_subject' => 'Log in to Journalisted');
$P = person_signon($r);
$passwordbox = new PasswordBox();
// linked to a journo for editing (or claim pending)?
$sql = <<<EOT
SELECT j.*, perm.permission
FROM journo j INNER JOIN person_permission perm
ON perm.journo_id=j.id
WHERE perm.permission in ('edit','claimed') AND perm.person_id=?
LIMIT 1
EOT;
$journo = db_getRow($sql, $P->id());
// signed up for newsletters?
$newsletter = db_getOne("SELECT person_id FROM person_receives_newsletter WHERE person_id=?", $P->id()) ? TRUE : FALSE;
// how many alerts set up?
$alert_cnt = db_getOne("SELECT count(*) FROM alert WHERE person_id=?", $P->id());
// what bits of profile have been filled in?
$photo_cnt = 0;
$edu_cnt = 0;
$emp_cnt = 0;
$book_cnt = 0;
$award_cnt = 0;
$admired_cnt = 0;
if (!is_null($journo)) {
$photo_cnt = db_getOne("SELECT count(*) FROM journo_photo WHERE journo_id=?", $journo['id']);
$edu_cnt = db_getOne("SELECT count(*) FROM journo_education WHERE journo_id=?", $journo['id']);
$emp_cnt = db_getOne("SELECT count(*) FROM journo_employment WHERE journo_id=?", $journo['id']);
$book_cnt = db_getOne("SELECT count(*) FROM journo_books WHERE journo_id=?", $journo['id']);
$award_cnt = db_getOne("SELECT count(*) FROM journo_awards WHERE journo_id=?", $journo['id']);
$admired_cnt = db_getOne("SELECT count(*) FROM journo_admired WHERE journo_id=?", $journo['id']);
$weblink_cnt = db_getOne("SELECT count(*) FROM journo_weblink WHERE kind<>'pingback' AND journo_id=?", $journo['id']);
// collect contact details from all around
$sql = <<<EOT
SELECT
( SELECT count(*) FROM journo_address WHERE journo_id=? ) +
( SELECT count(*) FROM journo_phone WHERE journo_id=? ) +
( SELECT count(*) FROM journo_email WHERE approved=true AND journo_id=? ) +
( SELECT count(*) FROM journo_weblink WHERE kind='twitter' AND journo_id=? ) +
( SELECT count(*) FROM journo_address WHERE journo_id=? );
EOT;
$contact_cnt = db_getOne($sql, $journo['id'], $journo['id'], $journo['id'], $journo['id'], $journo['id']);
// combined article count (ugh)
$sql = <<<EOT
SELECT (
SELECT COUNT(*)
FROM (article a INNER JOIN journo_attr attr ON attr.journo_id=a.id)
WHERE a.status='a' AND attr.journo_id=?
) + (
SELECT COUNT(*)
FROM journo_other_articles
WHERE status='a' AND journo_id=?
)
EOT;
$article_cnt = db_getOne($sql, $journo['id'], $journo['id']);
}
$name_or_email = $P->name_or_blank() ? $P->name : $P->email;
$title = "Your account";
page_header($title);
if (!is_null($journo) && $journo['permission'] == 'edit' && $journo['status'] == 'i') {
emit_inactive_note($journo);
}
?>
<div class="main account">
<h2>Welcome to journa<i>listed</i>, <?php
echo $name_or_email;
?>
</h2>
<?php
/* show a bunch of things user could/should do now... */
if (!is_null($journo) && $journo['permission'] == 'claimed') {
emit_claim_pending($journo);
}
if (!is_null($journo) && $journo['permission'] == 'edit') {
?>
Your public profile is at:<br/>
<a class="public-profile-location" href="/<?php
echo $journo['ref'];
?>
"><?php
echo OPTION_BASE_URL . '/' . $journo['ref'];
?>
</a>
<br/>
<?php
}
?>
Things you can do now...
<br/>
<?php
$n = 0;
// track the number of items we're displaying
if (!is_null($journo) && $journo['permission'] == 'edit') {
if ($article_cnt < OPTION_JL_JOURNO_ACTIVATION_THRESHOLD) {
emit_add_articles($journo);
++$n;
}
if ($photo_cnt == 0) {
emit_add_photo($journo);
++$n;
}
if ($emp_cnt == 0) {
emit_add_experience($journo);
++$n;
}
if ($edu_cnt == 0) {
emit_add_education($journo);
++$n;
}
if ($weblink_cnt == 0) {
emit_add_links($journo);
++$n;
}
if ($admired_cnt == 0) {
emit_add_admired($journo);
++$n;
}
if ($contact_cnt == 0) {
emit_add_contact_details($journo);
++$n;
}
}
if ($alert_cnt == 0 && $n < 6 || $n < 2) {
emit_add_alerts($alert_cnt);
++$n;
}
if (!$newsletter && $n < 6 || $n < 2) {
emit_subscribe_to_newsletter($newsletter);
++$n;
}
?>
</div> <!-- end main -->
<div class="sidebar">
<div class="box">
<div class="head">
<h3><?php
echo $passwordbox->title();
?>
</h3>
</div>
<div class="body">
<?php
$passwordbox->emit();
?>
<p>If you need to change your email address, please <?php
echo SafeMailto(OPTION_TEAM_EMAIL, "let us know");
?>
</p>
</div>
<div class="foot"></div>
</div>
</div> <!-- end sidebar -->
<?php
page_footer();
}
function grab_articles($f, $o, $ot, $offset, $limit)
{
global $_time_intervals;
global $_sortable_fields;
list($conds, $params) = build_query($f);
// make sure ordering params are sensible
$o = strtolower($o);
assert(in_array($o, $_sortable_fields));
$ot = strtolower($ot);
assert($ot == 'asc' || $ot == 'desc');
$from_clause = " FROM (article a INNER JOIN organisation o ON o.id=a.srcorg)\n";
$where_clause = '';
if ($conds) {
$where_clause = ' WHERE ' . implode(' AND ', $conds) . "\n";
}
if ($o == 'publication') {
$o = 'lower(o.prettyname)';
}
if ($o == 'byline') {
$o = 'lower(byline)';
}
if ($o == 'title') {
$o = 'lower(title)';
}
$order_clause = sprintf(" ORDER BY %s %s\n", $o, $ot);
$limit_clause = sprintf(" OFFSET %d LIMIT %d\n", $offset, $limit);
$sql = "SELECT a.id,a.title,a.byline,a.description,a.permalink, a.pubdate, a.lastscraped, " . "o.id as pub_id, o.shortname as pub_shortname, o.prettyname as pub_name, o.home_url as pub_home_url\n" . $from_clause . $where_clause . $order_clause . $limit_clause;
$arts = db_getAll($sql, $params);
$sql = "SELECT COUNT(*)\n" . $from_clause . $where_clause;
$total = intval(db_getOne($sql, $params));
return array(&$arts, $total);
}
<?php
// sigh... stupid php include-path trainwreck...
chdir(dirname(dirname(__FILE__)));
require_once '../conf/general';
require_once '../../phplib/db.php';
require_once '../phplib/adm.php';
require_once '../phplib/admmodels.php';
$id = get_http_var("id", null);
$journo_id = get_http_var("journo_id", null);
if (is_null($journo_id)) {
$journo_id = db_getOne("SELECT journo_id FROM journo_awards WHERE id=?", $id);
}
$journo = db_getRow("SELECT * FROM journo WHERE id=?", $journo_id);
admPageHeader($journo['ref'] . " Award Info");
$action = get_http_var('_action');
if ($action == 'update' || $action == 'create') {
// form has been submitted
$obj = new Award();
$obj->fromHTTPVars($_POST);
/*
print"<hr/><pre><code>\n";
print_r( $_POST );
print "--------\n";
print_r( $obj );
print"</code></pre><hr/>\n";
*/
$obj->save();
?>
<div class="info">Saved.</div>
<?php
$action = get_http_var('action');
page_header("Weekly digest");
$info_msg = null;
if ($action == 'subscribe') {
db_do("DELETE FROM person_receives_newsletter WHERE person_id=?", $P->id);
db_do("INSERT INTO person_receives_newsletter (person_id) VALUES (?)", $P->id);
db_commit();
$info_msg = "You have been subscribed to the weekly digest.";
}
if ($action == 'unsubscribe') {
db_do("DELETE FROM person_receives_newsletter WHERE person_id=?", $P->id);
db_commit();
$info_msg = "You have been unsubscribed from the weekly digest.";
}
$subscribed = FALSE;
if (!is_null(db_getOne("SELECT person_id FROM person_receives_newsletter WHERE person_id=?", $P->id))) {
$subscribed = TRUE;
}
?>
<div class="main">
<?php
if ($info_msg) {
?>
<div class="infomessage">
<?php
echo $info_msg;
?>
</div>
<?php
function newsSave(&$post)
{
if (array_key_exists('id', $post)) {
// update existing post
db_do("UPDATE news SET status=?, title=?, author=?, slug=?, content=?, kind=?, date_from=?, date_to=? WHERE id=?", $post['status'], $post['title'], $post['author'], $post['slug'], $post['content'], $post['kind'], $post['date_from'], $post['date_to'], $post['id']);
} else {
db_do("INSERT INTO news (status, title, author, posted, slug, content,kind,date_from,date_to) VALUES (?,?,?,NOW(),?,?,?,?,?)", $post['status'], $post['title'], $post['author'], $post['slug'], $post['content'], $post['kind'], $post['date_from'], $post['date_to']);
$post['id'] = db_getOne("SELECT lastval()");
}
db_commit();
?>
<div class="action_summary">
Saved <a href="/news/<?php
echo $post['slug'];
?>
"><?php
echo $post['title'];
?>
</a>
</div>
<?php
}
function article_find($url)
{
return db_getOne("SELECT article_id FROM article_url WHERE url=?", $url);
}
