function display()
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/user.inc.php';
$userclass = new user();
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
require_once $config['basepath'] . '/include/blog_functions.inc.php';
$blog_functions = new blog_functions();
// Make Sure we passed the PageID
$display = '';
if (!isset($_GET['ArticleID']) && intval($_GET['ArticleID']) <= 0) {
$display .= "ERROR. PageID not sent";
} else {
$blog_id = intval($_GET['ArticleID']);
//Check if we posted a comment.
if (isset($_SESSION['userID']) && $_SESSION['userID'] > 0 && isset($_POST['comment_text']) && strlen($_POST['comment_text']) > 0) {
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$blog_comment = $misc->make_db_safe(blog_editor::htmlEncodeText($_POST['comment_text']));
if ($config['blog_requires_moderation'] == 1) {
$moderated = 0;
} else {
$moderated = 1;
}
$sql = "INSERT INTO " . $config['table_prefix'] . "blogcomments (userdb_id,blogcomments_timestamp,blogcomments_text,blogmain_id,blogcomments_moderated) VALUES\n\t\t\t\t(" . intval($_SESSION['userID']) . "," . time() . ",{$blog_comment},{$blog_id},{$moderated});";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
//$display .= '<div class="page_display">';
$sql = "SELECT blogmain_full,blogmain_id FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_id=" . $blog_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$full = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogmain_full']), ENT_NOQUOTES, $config['charset']);
//$full = $misc->make_db_unsafe($recordSet->fields['blogmain_full']);
$full = preg_replace('/\\<hr.*?\\>/', '', $full, 1);
$id = $recordSet->fields['blogmain_id'];
if ($config["wysiwyg_execute_php"] == 1) {
ob_start();
$full = str_replace("<!--<?php", "<?php", $full);
$full = str_replace("?>-->", "?>", $full);
eval('?>' . "{$full}" . '<?php ');
$full = ob_get_contents();
ob_end_clean();
}
//Load Template
$page->load_page($config['template_path'] . '/blog_article.html');
//Start Replacing Tags
$blog_title = $blog_functions->get_blog_title($id);
$page->page = $page->parse_template_section($page->page, 'blog_title', $blog_title);
$blog_author = $blog_functions->get_blog_author($id);
$page->page = $page->parse_template_section($page->page, 'blog_author', $blog_author);
$blog_comment_count = $blog_functions->get_blog_comment_count($id);
$page->page = $page->parse_template_section($page->page, 'blog_comment_count', $blog_comment_count);
$blog_date_posted = $blog_functions->get_blog_date($id);
$page->page = $page->parse_template_section($page->page, 'blog_date_posted', $blog_date_posted);
$page->page = $page->parse_template_section($page->page, 'blog_full_article', $full);
// Allow Admin To Edit #
if (isset($_SESSION['editblog']) && $_SESSION['admin_privs'] == 'yes' && $config["wysiwyg_show_edit"] == 1) {
$admin_edit_link .= "{$config['baseurl']}/admin/index.php?action=edit_blog&id={$id}";
$page->page = $page->parse_template_section($page->page, 'admin_edit_link', $admin_edit_link);
$page->page = $page->cleanup_template_block('admin_edit_link', $page->page);
} else {
$page->page = $page->remove_template_block('admin_edit_link', $page->page);
}
//Deal with COmments
$sql = "SELECT blogcomments_id,userdb_id,blogcomments_timestamp,blogcomments_text FROM " . $config['table_prefix'] . "blogcomments WHERE blogmain_id = " . $id . " AND blogcomments_moderated = 1 ORDER BY blogcomments_timestamp ASC;";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$blog_comment_template = '';
while (!$recordSet->EOF) {
//Load DB Values
$comment_author_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']);
$blogcomments_id = $misc->make_db_unsafe($recordSet->fields['blogcomments_id']);
$blogcomments_timestamp = $misc->make_db_unsafe($recordSet->fields['blogcomments_timestamp']);
$blogcomments_text = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogcomments_text']), ENT_NOQUOTES, $config['charset']);
//Load Template Block
$blog_comment_template .= $page->get_template_section('blog_article_comment_item_block');
//Lookup Blog Author..
$author_type = $userclass->get_user_type($comment_author_id);
if ($author_type == 'member') {
$author_display = $userclass->get_user_name($comment_author_id);
} else {
$author_display = $userclass->get_user_last_name($comment_author_id) . ', ' . $userclass->get_user_first_name($comment_author_id);
}
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_author', $author_display);
if ($config['date_format'] == 1) {
$format = "m/d/Y";
} elseif ($config['date_format'] == 2) {
$format = "Y/d/m";
} elseif ($config['date_format'] == 3) {
$format = "d/m/Y";
}
$blog_comment_date_posted = date($format, "{$blogcomments_timestamp}");
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_date_posted', $blog_comment_date_posted);
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_text', $blogcomments_text);
$recordSet->MoveNext();
}
$page->replace_template_section('blog_article_comment_item_block', $blog_comment_template);
//Render Add New Comment
if ($config['url_style'] == '1') {
$article_url = 'index.php?action=blog_view_article&ArticleID=' . $id;
} else {
$url_title = str_replace("/", "", $blog_title);
$url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title));
$article_url = 'article-' . urlencode($url_title) . '-' . $id . '.html';
}
$page->page = $page->parse_template_section($page->page, 'blog_comments_post_url', $article_url);
//Render Page Out
//$page->replace_tags(array('templated_search_form', 'featured_listings_horizontal', 'featured_listings_vertical', 'company_name', 'link_printer_friendly'));
$page->replace_permission_tags();
$display .= $page->return_page();
}
return $display;
}
function blog_edit_index()
{
$security = login::loginCheck('can_access_blog_manager', true);
$display = '';
if ($security === true) {
// include global variables
global $conn, $lang, $config;
// Include the misc Class
require_once $config['basepath'] . '/include/misc.inc.php';
//Load the Core Template
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$misc = new misc();
$page = new page_user();
require_once $config['basepath'] . '/include/blog_functions.inc.php';
$blog_functions = new blog_functions();
//Load TEmplate File
$page->load_page($config['admin_template_path'] . '/blog_edit_index.html');
//What Access Rights does user have to blogs? Access Blog Manager means they are at least a contributor.
/*//Blog Permissions
* 1 - Subscriber - A subscriber can read posts, comment on posts.
* 2 - Contributor - A contributor can post and manage their own post but they cannot publish the posts. An administrator must first approve the post before it can be published.
* 3 - Author - The Author role allows someone to publish and manage posts. They can only manage their own posts, no one else’s.
* 4 - Editor - An editor can publish posts. They can also manage and edit other users posts. If you are looking for someone to edit your posts, you would assign the Editor role to that person.
*/
$blog_user_type = intval($_SESSION['blog_user_type']);
$blog_user_id = intval($_SESSION['userID']);
if ($config["demo_mode"] == 1 && $_SESSION['admin_privs'] != 'yes' || $blog_user_type == 2 && $published == 1) {
$display .= '<div class="error_text">' . $lang['access_denied'] . '</div>';
} else {
if (isset($_POST['delete'])) {
if (isset($_POST['blogID']) && $_POST['blogID'] != 0) {
// Delete blog
$blogID = intval($_POST['blogID']);
$sql = "DELETE FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_id = " . $blogID;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$blog_deleted = TRUE;
$_POST['blogID'] = '';
}
}
}
//Replace Status Counts
//{blog_edit_status_all_count}
if ($blog_user_type == 4 || $_SESSION['admin_privs'] == 1) {
$sql = "SELECT count(blogmain_id) as blogcount FROM " . $config['table_prefix'] . "blogmain";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$count_all = $recordSet->fields['blogcount'];
$sql = "SELECT count(blogmain_id) as blogcount FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_published = 1";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$count_published = $recordSet->fields['blogcount'];
$sql = "SELECT count(blogmain_id) as blogcount FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_published = 0";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$count_draft = $recordSet->fields['blogcount'];
$sql = "SELECT count(blogmain_id) as blogcount FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_published = 2";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$count_review = $recordSet->fields['blogcount'];
} else {
$sql = "SELECT count(blogmain_id) as blogcount FROM " . $config['table_prefix'] . "blogmain WHERE userdb_id = " . $blog_user_id;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$count_all = $recordSet->fields['blogcount'];
$sql = "SELECT count(blogmain_id) as blogcount FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_published = 1 AND userdb_id = " . $blog_user_id;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$count_published = $recordSet->fields['blogcount'];
$sql = "SELECT count(blogmain_id) as blogcount FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_published = 0 AND userdb_id = " . $blog_user_id;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$count_draft = $recordSet->fields['blogcount'];
$sql = "SELECT count(blogmain_id) as blogcount FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_published = 2 AND userdb_id = " . $blog_user_id;
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$count_review = $recordSet->fields['blogcount'];
}
$page->replace_tag('blog_edit_status_all_count', $count_all);
$page->replace_tag('blog_edit_status_published_count', $count_published);
$page->replace_tag('blog_edit_status_draft_count', $count_draft);
$page->replace_tag('blog_edit_status_review_count', $count_review);
//Get Status
//http://localhost/open-realty/admin/index.php?action=edit_blog&status=Published
$statusSQL = '';
if (isset($_GET['status']) && $_GET['status'] == 'Published') {
$statusSQL = 'blogmain_published = 1';
} elseif (isset($_GET['status']) && $_GET['status'] == 'Draft') {
$statusSQL = 'blogmain_published = 0';
} elseif (isset($_GET['status']) && $_GET['status'] == 'Review') {
$statusSQL = 'blogmain_published = 2';
}
//Show Blog List
if ($blog_user_type == 4 || $_SESSION['admin_privs'] == 1) {
if (!empty($statusSQL)) {
$sql = "SELECT blogmain_title, blogmain_id, userdb_id, blogmain_date, blogmain_published, blogmain_keywords FROM " . $config['table_prefix'] . "blogmain WHERE " . $statusSQL;
} else {
$sql = "SELECT blogmain_title, blogmain_id, userdb_id, blogmain_date, blogmain_published, blogmain_keywords FROM " . $config['table_prefix'] . "blogmain";
}
} else {
if (!empty($statusSQL)) {
$sql = "SELECT blogmain_title, blogmain_id, userdb_id, blogmain_date, blogmain_published, blogmain_keywords FROM " . $config['table_prefix'] . "blogmain WHERE userdb_id = " . $blog_user_id . " AND " . $statusSQL;
} else {
$sql = "SELECT blogmain_title, blogmain_id, userdb_id, blogmain_date, blogmain_published, blogmain_keywords FROM " . $config['table_prefix'] . "blogmain WHERE userdb_id = " . $blog_user_id;
}
}
//Load Record Set
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
//Handle Next prev
$num_rows = $recordSet->RecordCount();
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
$limit_str = $_GET['cur_page'] * $config['listings_per_page'];
$recordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str);
if ($recordSet === false) {
$misc->log_error($sql);
}
$blog_edit_template = '';
while (!$recordSet->EOF()) {
$blog_edit_template .= $page->get_template_section('blog_edit_item_block');
//echo $blog_edit_template;
$title = $recordSet->fields['blogmain_title'];
$blogmain_id = $recordSet->fields['blogmain_id'];
$author_id = $recordSet->fields['userdb_id'];
$keywords = $recordSet->fields['blogmain_keywords'];
$blog_date = $recordSet->fields['blogmain_date'];
$blog_published = $recordSet->fields['blogmain_published'];
$comment_count = $blog_functions->get_blog_comment_count($blogmain_id);
//Get Author
require_once $config['basepath'] . '/include/user.inc.php';
$user = new user();
$author_name = $user->get_user_last_name($author_id) . ', ' . $user->get_user_first_name($author_id);
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_title', $title);
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_id', $blogmain_id);
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_commentcount', $comment_count);
/*<td>{blog_edit_item_author}</td>
<td>{blog_edit_item_keywords}</td>
<td>{blog_edit_item_commentcount}</td>
<td>{blog_edit_item_date}</td>
*/
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_author', $author_name);
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_date', $blog_date);
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_keywords', $keywords);
switch ($blog_published) {
case 0:
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_published', $lang['blog_draft']);
break;
case 1:
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_published', $lang['blog_published']);
break;
case 2:
$blog_edit_template = $page->parse_template_section($blog_edit_template, 'blog_edit_item_published', $lang['blog_review']);
break;
}
$recordSet->MoveNext();
}
/*
* td>{blog_edit_item_title}</td>
<td>{blog_edit_item_author}</td>
<td>{blog_edit_item_keywords}</td>
<td>{blog_edit_item_commentcount}</td>
<td>{blog_edit_item_date}</td>
*/
}
$page->replace_template_section('blog_edit_item_block', $blog_edit_template);
//Next Prev
$next_prev = $misc->next_prev($num_rows, $_GET['cur_page'], "", 'blog', TRUE);
$page->replace_tag('next_prev', $next_prev);
$page->replace_permission_tags();
$page->auto_replace_tags('', true);
$display .= $page->return_page();
return $display;
}
