/**
* Delete selected posts
*
* @access private
*/
private function delete()
{
if ((VRequest::action() == 'delete' && VRequest::id() || VPost::delete(false) || VPost::empty_trash(false)) && $this->_user['delete_content']) {
try {
$post = new Post();
if (VGet::action() == 'delete' && VGet::id()) {
$post->_id = VGet::id();
$post->delete();
$this->_db->query('DELETE FROM `' . DB_PREFIX . 'comment` WHERE comment_rel_id = ' . VGet::id() . ' AND comment_rel_type = "post"');
$result = $post->_result_action;
} elseif (VPost::delete(false)) {
foreach (VPost::post_id() as $id) {
$post->_id = $id;
$post->delete();
$this->_db->query('DELETE FROM `' . DB_PREFIX . 'comment` WHERE comment_rel_id = ' . $id . ' AND comment_rel_type = "post"');
}
$result = $post->_result_action;
} elseif (VPost::empty_trash(false)) {
$to_read['table'] = 'post';
$to_read['columns'] = array('POST_ID');
$to_read['condition_columns'][':s'] = 'post_status';
$to_read['condition_select_types'][':s'] = '=';
$to_read['condition_values'][':s'] = 'trash';
$to_read['value_types'][':s'] = 'str';
$posts = $this->_db->read($to_read);
foreach ($posts as $post) {
$this->_db->query('DELETE FROM `' . DB_PREFIX . 'comment` WHERE comment_rel_id = ' . $post['POST_ID'] . ' AND comment_rel_type = "post"');
}
$to_delete['table'] = 'post';
$to_delete['condition_columns'][':status'] = 'post_status';
$to_delete['condition_values'][':status'] = 'trash';
$to_delete['value_types'][':status'] = 'str';
$result = $this->_db->delete($to_delete);
}
Session::monitor_activity('deleted post(s)');
$this->_action_msg = ActionMessages::deleted($result);
} catch (Exception $e) {
$this->_action_msg = ActionMessages::custom_wrong($e->getMessage());
}
} elseif ((VRequest::action() == 'delete' && VRequest::id() || VPost::delete(false) || VPost::empty_trash(false)) && $this->_user['delete_content'] === false) {
$this->_action_msg = ActionMessages::action_no_perm();
}
}
/**
* Retrieve some recent comments pending to be approved
*
* @access private
*/
private function get_recent_comments()
{
if ($this->_user['comments']) {
try {
$to_read['table'] = 'comment';
$to_read['columns'] = array('COMMENT_ID');
$to_read['condition_columns'][':status'] = 'comment_status';
$to_read['condition_select_types'][':status'] = '=';
$to_read['condition_values'][':status'] = 'pending';
$to_read['value_types'][':status'] = 'str';
$to_read['order'] = array('comment_date', 'DESC');
$to_read['limit'] = array(0, 3);
$this->_comments = $this->_db->read($to_read);
if (!empty($this->_comments)) {
foreach ($this->_comments as &$comment) {
$comment = new Comment($comment['COMMENT_ID']);
if ($comment->_rel_type == 'post') {
$post = new Post();
$post->_id = $comment->_rel_id;
$post->read('_title');
$post->read('_permalink');
$comment->_rel_title = $post->_title;
$comment->_rel_permalink = 'ctl=posts&news=' . $post->_permalink;
} elseif ($comment->_rel_type == 'media') {
$media = new Media();
$media->_id = $comment->_rel_id;
$media->read('_name');
$comment->_rel_title = $media->_name;
$comment->_rel_permalink = 'ctl=albums&album=' . $media->_id;
}
}
}
} catch (Exception $e) {
$this->_action_msg = ActionMessages::custom_wrong($e->getMessage());
}
}
}
/**
* Update an existing post
*
* @access private
*/
private function update()
{
if ($this->check_post_data()) {
try {
$old = new Post();
$old->_id = $this->_post->_id;
$old->read('_status');
//if post move from draft to published, creation date is updated
if ($old->_status == 'draft' && $this->_post->_status == 'publish') {
$this->_post->_date = date('Y-m-d H:i:s');
$this->_post->update('_date', 'str');
}
$this->_post->update('_title', 'str');
$this->_post->update('_content', 'str');
$this->_post->update('_allow_comment', 'str');
$this->_post->update('_date', 'str');
$this->_post->update('_status', 'str');
$this->_post->update('_tags', 'str');
$this->_post->update('_category', 'str');
if ($this->_post->_status == 'publish') {
$this->_post->_updated = 'yes';
$this->_post->_update_author = $this->_user['user_id'];
$this->_post->update('_updated', 'str');
$this->_post->update('_update_author', 'int');
}
$this->_action_msg = ActionMessages::post_update(true);
Session::monitor_activity('updated the post "' . $this->_post->_title . '" (status: ' . $this->_post->_status . ')');
} catch (Exception $e) {
$this->_action_msg = ActionMessages::post_update(ucfirst($e->getMessage()));
}
}
$this->_action = 'to_update';
}
/**
* Create post table
*
* @access private
*/
private function create_post()
{
$sql = 'CREATE TABLE `' . $this->_db_prefix . 'post` (
`POST_ID` int(11) unsigned NOT NULL AUTO_INCREMENT,
`post_title` tinytext NOT NULL,
`post_content` text NOT NULL,
`post_allow_comment` varchar(6) NOT NULL DEFAULT \'closed\',
`post_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`post_author` int(11) NOT NULL,
`post_status` varchar(7) NOT NULL DEFAULT \'draft\',
`post_category` varchar(29) NOT NULL,
`post_tags` tinytext NOT NULL,
`post_permalink` tinytext NOT NULL,
`post_updated` varchar(3) NOT NULL DEFAULT \'no\',
`post_update_author` int(11) DEFAULT NULL,
PRIMARY KEY (`POST_ID`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;';
$create = $this->_db->prepare($sql);
$create->execute();
if ($create->errorCode() != '00000') {
throw new Exception('false create');
} else {
$post = new Post();
$post->_title = 'Hello World!';
$post->_content = "Welcome\n";
$post->_content .= "\n";
$post->_content .= "This is your first post on Lynxpress. You can edit or delete this one to start blogging.\n";
$post->_content .= "\n";
$post->_content .= "I hope you'll like this new CMS.";
$post->_allow_comment = 'open';
$post->_author = 1;
$post->_status = 'publish';
$post->_category = 1;
$post->_tags = 'hello, world';
$post->_permalink = 'hello-world';
$post->create();
}
}
/**
* Retrieve wanted posts from the database
*
* @access private
*/
private function get_content()
{
try {
$to_read['table'] = $this->_sql_table;
$to_read['columns'] = array('POST_ID');
if (!empty($this->_search)) {
foreach ($this->_words_to_find as $key => $word) {
$search = '%' . $word . '%';
$to_read['condition_types'][":title{$key}"] = 'OR';
$to_read['condition_columns']['group'][":title{$key}"] = 'post_title';
$to_read['condition_select_types'][":title{$key}"] = 'LIKE';
$to_read['condition_values'][":title{$key}"] = $search;
$to_read['value_types'][":title{$key}"] = 'str';
$to_read['condition_types'][":content{$key}"] = 'OR';
$to_read['condition_columns']['group'][":content{$key}"] = 'post_content';
$to_read['condition_select_types'][":content{$key}"] = 'LIKE';
$to_read['condition_values'][":content{$key}"] = $search;
$to_read['value_types'][":content{$key}"] = 'str';
}
} elseif (!empty($this->_tag)) {
$to_read['condition_columns'][':tag'] = 'post_tags';
$to_read['condition_select_types'][':tag'] = 'LIKE';
$to_read['condition_values'][':tag'] = '%' . $this->_tag . '%';
$to_read['value_types'][':tag'] = 'str';
} elseif (!empty($this->_cat)) {
$to_read['condition_columns'][':cat'] = 'post_category';
$to_read['condition_select_types'][':cat'] = 'LIKE';
$to_read['condition_values'][':cat'] = '%' . $this->_cat . '%';
$to_read['value_types'][':cat'] = 'str';
} elseif (!empty($this->_by_date)) {
$to_read['condition_columns'][':date'] = 'post_date';
$to_read['condition_select_types'][':date'] = 'LIKE';
$to_read['condition_values'][':date'] = $this->_by_date . '%';
$to_read['value_types'][':date'] = 'str';
}
$to_read['condition_types'][':status'] = 'AND';
$to_read['condition_columns'][':status'] = 'post_status';
$to_read['condition_select_types'][':status'] = '=';
$to_read['condition_values'][':status'] = 'publish';
$to_read['value_types'][':status'] = 'str';
$to_read['limit'] = array($this->_limit_start, parent::ITEMS_PAGE);
$to_read['order'] = array('post_date', 'DESC');
$this->_content = $this->_db->read($to_read);
$this->get_nb_pages($to_read);
if (!empty($this->_content)) {
foreach ($this->_content as &$post) {
$post = new Post($post['POST_ID']);
$user = new User();
$user->_id = $post->_author;
$user->read('_publicname');
$post->_author_name = $user->_publicname;
$updated = $post->__get('_updated');
if ($updated == 'yes') {
$user->_id = $post->_update_author;
$user->read('_publicname');
$post->_update_author_name = $user->_publicname;
}
}
}
} catch (Exception $e) {
@error_log($e->getMessage() . ' file: ' . __FILE__ . '; line: ' . __LINE__, 1, WS_EMAIL);
header('Location: 404.php');
}
}
/**
* Retrieve comments from database in function of the status, the type or via a search
*
* @access private
*/
private function get_comments()
{
try {
$to_read['table'] = 'comment';
$to_read['columns'] = array('COMMENT_ID');
if (VGet::action() == 'by_type' && VGet::id() && VGet::type() && VGet::comment_status()) {
$to_read['condition_columns'][':id'] = 'comment_rel_ID';
$to_read['condition_select_types'][':id'] = '=';
$to_read['condition_values'][':id'] = VGet::id();
$to_read['value_types'][':id'] = 'int';
$to_read['condition_types'][':status'] = 'AND';
$to_read['condition_columns'][':status'] = 'comment_status';
$to_read['condition_select_types'][':status'] = '=';
$to_read['condition_values'][':status'] = $this->_status;
$to_read['value_types'][':status'] = 'str';
} elseif (VPost::search_button(false) || VGet::search()) {
$to_read['condition_columns']['group'][':content'] = 'comment_content';
$to_read['condition_select_types'][':content'] = 'LIKE';
$to_read['condition_values'][':content'] = '%' . $this->_search . '%';
$to_read['value_types'][':content'] = 'str';
$to_read['condition_types'][':name'] = 'OR';
$to_read['condition_columns']['group'][':name'] = 'comment_name';
$to_read['condition_select_types'][':name'] = 'LIKE';
$to_read['condition_values'][':name'] = '%' . $this->_search . '%';
$to_read['value_types'][':name'] = 'str';
$to_read['condition_types'][':email'] = 'OR';
$to_read['condition_columns']['group'][':email'] = 'comment_email';
$to_read['condition_select_types'][':email'] = 'LIKE';
$to_read['condition_values'][':email'] = '%' . $this->_search . '%';
$to_read['value_types'][':email'] = 'str';
$to_read['condition_types'][':status'] = 'AND';
$to_read['condition_columns'][':status'] = 'comment_status';
$to_read['condition_select_types'][':status'] = '=';
$to_read['condition_values'][':status'] = $this->_status;
$to_read['value_types'][':status'] = 'str';
} elseif (VGet::action() == 'edit' && VGet::comment_id()) {
$to_read['condition_columns'][':id'] = 'COMMENT_ID';
$to_read['condition_select_types'][':id'] = '=';
$to_read['condition_values'][':id'] = VGet::comment_id();
$to_read['value_types'][':id'] = 'int';
} else {
$to_read['condition_columns'][':status'] = 'comment_status';
$to_read['condition_select_types'][':status'] = '=';
$to_read['condition_values'][':status'] = $this->_status;
$to_read['value_types'][':status'] = 'str';
}
//pass $to_read by parameter to have same conditions
$this->get_pagination($to_read);
$to_read['order'] = array('comment_date', 'desc');
$to_read['limit'] = array($this->_limit_start, parent::ITEMS);
$this->_content = $this->_db->read($to_read);
if (!empty($this->_content)) {
foreach ($this->_content as &$comment) {
$comment = new Comment($comment['COMMENT_ID']);
if ($comment->_rel_type == 'post') {
$post = new Post();
$post->_id = $comment->_rel_id;
$post->read('_title');
$post->read('_permalink');
$comment->_rel_title = $post->_title;
$comment->_rel_permalink = $post->_permalink;
} elseif ($comment->_rel_type == 'media') {
$media = new Media();
$media->_id = $comment->_rel_id;
$media->read('_name');
$comment->_rel_title = $media->_name;
$comment->_rel_permalink = $media->_id;
}
}
} elseif (empty($this->_content) && VGet::action() == 'edit') {
$this->_content[0] = new Comment();
throw new Exception('Invalid comment!');
}
} catch (Exception $e) {
$this->_action_msg = ActionMessages::custom_wrong($e->getMessage());
}
}
