/** * Helper function to create the URL for an admin page. * * @param mixed string or array containing query string contents * @param boolean automatically add existing GET parameters again * @return string complete url */ public static function url($params = NULL, $preserve_get = TRUE) { $url = ThumbsUp::config('url') . 'admin/'; // Convert to params to an array if (!is_array($params)) { parse_str((string) $params, $params); } // Add existing GET params to the query string if ($preserve_get) { $params += $_GET; } // Only prepend "?" if the query string is not empty $query = rtrim('?' . http_build_query($params, '', '&'), '?'); return $url . $query; }
<link rel="stylesheet" href="<?php echo ThumbsUp::config('url') . 'admin/css/admin.css'; ?> " /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script> <script> $(document).ready(function() { // Total items found count var $total_items = $('#total_items'); // Spinner image var spinner = '<img class="spinner" alt="" src="<?php echo ThumbsUp::config('url') . 'images/spinner_small.gif'; ?> " />'; // Auto-submit pagination forms $('#page, #items_per_page').change(function() { $(this).closest('form').submit(); }); // Delete an item $('a.delete').click(function() { var $this = $(this), $row = $this.closest('tr'); // Show a spinner $this.html(spinner);
/** * Generates and executes the query. * * @return array array of items */ public function get() { // Start building the query $sql = 'SELECT id, name, closed, date, votes_up, votes_down, '; $sql .= 'votes_up - votes_down AS votes_balance, '; $sql .= 'votes_up + votes_down AS votes_total, '; $sql .= 'votes_up / (votes_up + votes_down) * 100 AS votes_pct_up, '; $sql .= 'votes_down / (votes_up + votes_down) * 100 AS votes_pct_down '; $sql .= 'FROM ' . ThumbsUp::config('database_table_prefix') . 'items '; // Select only either open or closed items if ($this->closed !== NULL) { $where[] = 'closed = ' . (int) $this->closed; } // Select only either open or closed items if ($this->name !== NULL) { // Note: substr() is used to chop off the wrapping quotes $where[] = 'name LIKE "%' . substr(ThumbsUp::db()->quote($this->name), 1, -1) . '%"'; } // Append all query conditions if any if (!empty($where)) { $sql .= ' WHERE ' . implode(' AND ', $where); } // We need to order the results if ($this->orderby) { $sql .= ' ORDER BY ' . $this->orderby; } else { // Default order $sql .= ' ORDER BY name '; } // A limit has been set if ($this->limit) { $sql .= ' LIMIT ' . (int) $this->limit; } // Wrap this in an try/catch block just in case something goes wrong try { // Execute the query $sth = ThumbsUp::db()->prepare($sql); $sth->execute(array($this->name)); } catch (PDOException $e) { // Rethrow the exception in debug mode if (ThumbsUp::config('debug')) { throw $e; } // Otherwise, fail silently and just return an empty item array return array(); } // Initialize the items array that will be returned $items = array(); // Fetch all results while ($row = $sth->fetch(PDO::FETCH_OBJ)) { // Return an item_id => item_name array $items[] = array('id' => (int) $row->id, 'name' => $row->name, 'closed' => (bool) $row->closed, 'date' => (int) $row->date, 'votes_up' => (int) $row->votes_up, 'votes_down' => (int) $row->votes_down, 'votes_pct_up' => (double) $row->votes_pct_up, 'votes_pct_down' => (double) $row->votes_pct_down, 'votes_balance' => (int) $row->votes_balance, 'votes_total' => (int) $row->votes_total); } return $items; }
/** * Deletes the item and all votes for it. * * @return void */ public function delete() { // Delete all registered votes for this item $sth = ThumbsUp::db()->prepare('DELETE FROM ' . ThumbsUp::config('database_table_prefix') . 'votes WHERE item_id = ?'); $sth->execute(array($this->id)); // Delete the item itself $sth = ThumbsUp::db()->prepare('DELETE FROM ' . ThumbsUp::config('database_table_prefix') . 'items WHERE id = ?'); $sth->execute(array($this->id)); }
* * @author Geert De Deckere <*****@*****.**> * @link http://geertdedeckere.be/shop/thumbsup/ * @copyright Copyright 2009-2010 */ ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <title>ThumbsUp Admin</title> <link rel="stylesheet" href="<?php echo ThumbsUp::config('url') . 'admin/css/admin.css'; ?> " /> </head> <body class="login"> <noscript> <p class="center"><strong>The ThumbsUp admin area requires JavaScript to be enabled.</strong></p> </noscript> <form id="login" method="post"> <h1>ThumbsUp Admin</h1> <?php
<?php /** * ThumbsUp * * @author Geert De Deckere <*****@*****.**> * @link http://geertdedeckere.be/shop/thumbsup/ * @copyright Copyright 2009-2010 */ sleep(1); // The path pointing to the thumbsup directory. // We chop off the "admin" part here. define('THUMBSUP_DOCROOT', substr(realpath(dirname(__FILE__)), 0, -5)); // Load the required ThumbsUp classes require THUMBSUP_DOCROOT . 'classes/thumbsup.php'; require THUMBSUP_DOCROOT . 'classes/thumbsup_cookie.php'; require THUMBSUP_DOCROOT . 'classes/thumbsup_admin.php'; require THUMBSUP_DOCROOT . 'classes/thumbsup_item.php'; require THUMBSUP_DOCROOT . 'classes/thumbsup_template.php'; // Debug mode is enabled if (ThumbsUp::config('debug')) { // Enable all error reporting ThumbsUp::debug_mode(); } // Enable support for json functions ThumbsUp::json_support(); // Power to the admin class! new ThumbsUp_Admin(empty($_GET['action']) ? NULL : (string) $_GET['action']);
/** * Looks at the POST data to catch a possible new vote. If one, the vote is * completely validated first before being registered. * * @return boolean TRUE if a new vote was cast; FALSE otherwise */ public static function catch_vote() { // Immediately get out of here if no valid vote was cast. // All required POST keys must be present. if (!isset($_POST['thumbsup_id']) or !isset($_POST['thumbsup_vote']) or !isset($_POST['thumbsup_format'])) { return FALSE; } // Has somebody been messing with the form? // Well, we won't let them mess with us! if (!preg_match('/^[0-9]++$/D', (string) $_POST['thumbsup_id']) or !is_string($format = $_POST['thumbsup_format'])) { return FALSE; } // Clean form input $id = (int) $_POST['thumbsup_id']; $vote = (int) $_POST['thumbsup_vote']; // Attempt to load the relevant ThumbsUp item. // If the item doesn't exist, the id is invalid. if (!($item = ThumbsUp_Item::load($id))) { $error = 'invalid_id'; } elseif ($item->closed) { $error = 'closed'; } elseif ($item->user_voted) { $error = 'already_voted'; } elseif (ThumbsUp::config('user_login_required') and !self::get_user_id()) { $error = 'login_required'; } // All checks passed, yay! if (empty($error)) { // Update the vote count in the items table, and recalculate the vote results $item->cast_vote($vote); } // Send an ajax response if (self::is_ajax()) { // Send the item back in JSON format header('Content-Type: application/json; charset=utf-8'); if (!empty($error)) { // Send back the error echo json_encode(array('error' => $error)); } else { // Format the result using the same format the item was created with $item->format($format); // Send back the updated item. // Note: all the public properties of $item will be included. echo json_encode(array('item' => $item)); } } // A new vote has been cast successfully return empty($error); }
/** * Deletes the cookie completely. * * @return boolean was setcookie() successful or not? */ public static function delete() { // Delete cookie contents self::$cookie = ''; unset($_COOKIE[ThumbsUp::config('cookie_name')]); // If any output has been sent, setcookie() will fail. // If we're not in debug mode, we'll fail silently. if (headers_sent() and !ThumbsUp::config('debug')) { return FALSE; } // Setting a cookie with a value of FALSE will try to delete it return setcookie(ThumbsUp::config('cookie_name'), FALSE, time() - 86400, ThumbsUp::config('cookie_path'), ThumbsUp::config('cookie_domain')); }