function display()
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/user.inc.php';
$userclass = new user();
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
require_once $config['basepath'] . '/include/blog_functions.inc.php';
$blog_functions = new blog_functions();
// Make Sure we passed the PageID
$display = '';
if (!isset($_GET['ArticleID']) && intval($_GET['ArticleID']) <= 0) {
$display .= "ERROR. PageID not sent";
} else {
$blog_id = intval($_GET['ArticleID']);
//Check if we posted a comment.
if (isset($_SESSION['userID']) && $_SESSION['userID'] > 0 && isset($_POST['comment_text']) && strlen($_POST['comment_text']) > 0) {
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$blog_comment = $misc->make_db_safe(blog_editor::htmlEncodeText($_POST['comment_text']));
if ($config['blog_requires_moderation'] == 1) {
$moderated = 0;
} else {
$moderated = 1;
}
$sql = "INSERT INTO " . $config['table_prefix'] . "blogcomments (userdb_id,blogcomments_timestamp,blogcomments_text,blogmain_id,blogcomments_moderated) VALUES\n\t\t\t\t(" . intval($_SESSION['userID']) . "," . time() . ",{$blog_comment},{$blog_id},{$moderated});";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
//$display .= '<div class="page_display">';
$sql = "SELECT blogmain_full,blogmain_id FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_id=" . $blog_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$full = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogmain_full']), ENT_NOQUOTES, $config['charset']);
//$full = $misc->make_db_unsafe($recordSet->fields['blogmain_full']);
$full = preg_replace('/\\<hr.*?\\>/', '', $full, 1);
$id = $recordSet->fields['blogmain_id'];
if ($config["wysiwyg_execute_php"] == 1) {
ob_start();
$full = str_replace("<!--<?php", "<?php", $full);
$full = str_replace("?>-->", "?>", $full);
eval('?>' . "{$full}" . '<?php ');
$full = ob_get_contents();
ob_end_clean();
}
//Load Template
$page->load_page($config['template_path'] . '/blog_article.html');
//Start Replacing Tags
$blog_title = $blog_functions->get_blog_title($id);
$page->page = $page->parse_template_section($page->page, 'blog_title', $blog_title);
$blog_author = $blog_functions->get_blog_author($id);
$page->page = $page->parse_template_section($page->page, 'blog_author', $blog_author);
$blog_comment_count = $blog_functions->get_blog_comment_count($id);
$page->page = $page->parse_template_section($page->page, 'blog_comment_count', $blog_comment_count);
$blog_date_posted = $blog_functions->get_blog_date($id);
$page->page = $page->parse_template_section($page->page, 'blog_date_posted', $blog_date_posted);
$page->page = $page->parse_template_section($page->page, 'blog_full_article', $full);
// Allow Admin To Edit #
if (isset($_SESSION['editblog']) && $_SESSION['admin_privs'] == 'yes' && $config["wysiwyg_show_edit"] == 1) {
$admin_edit_link .= "{$config['baseurl']}/admin/index.php?action=edit_blog&id={$id}";
$page->page = $page->parse_template_section($page->page, 'admin_edit_link', $admin_edit_link);
$page->page = $page->cleanup_template_block('admin_edit_link', $page->page);
} else {
$page->page = $page->remove_template_block('admin_edit_link', $page->page);
}
//Deal with COmments
$sql = "SELECT blogcomments_id,userdb_id,blogcomments_timestamp,blogcomments_text FROM " . $config['table_prefix'] . "blogcomments WHERE blogmain_id = " . $id . " AND blogcomments_moderated = 1 ORDER BY blogcomments_timestamp ASC;";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$blog_comment_template = '';
while (!$recordSet->EOF) {
//Load DB Values
$comment_author_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']);
$blogcomments_id = $misc->make_db_unsafe($recordSet->fields['blogcomments_id']);
$blogcomments_timestamp = $misc->make_db_unsafe($recordSet->fields['blogcomments_timestamp']);
$blogcomments_text = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogcomments_text']), ENT_NOQUOTES, $config['charset']);
//Load Template Block
$blog_comment_template .= $page->get_template_section('blog_article_comment_item_block');
//Lookup Blog Author..
$author_type = $userclass->get_user_type($comment_author_id);
if ($author_type == 'member') {
$author_display = $userclass->get_user_name($comment_author_id);
} else {
$author_display = $userclass->get_user_last_name($comment_author_id) . ', ' . $userclass->get_user_first_name($comment_author_id);
}
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_author', $author_display);
if ($config['date_format'] == 1) {
$format = "m/d/Y";
} elseif ($config['date_format'] == 2) {
$format = "Y/d/m";
} elseif ($config['date_format'] == 3) {
$format = "d/m/Y";
}
$blog_comment_date_posted = date($format, "{$blogcomments_timestamp}");
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_date_posted', $blog_comment_date_posted);
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_text', $blogcomments_text);
$recordSet->MoveNext();
}
$page->replace_template_section('blog_article_comment_item_block', $blog_comment_template);
//Render Add New Comment
if ($config['url_style'] == '1') {
$article_url = 'index.php?action=blog_view_article&ArticleID=' . $id;
} else {
$url_title = str_replace("/", "", $blog_title);
$url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title));
$article_url = 'article-' . urlencode($url_title) . '-' . $id . '.html';
}
$page->page = $page->parse_template_section($page->page, 'blog_comments_post_url', $article_url);
//Render Page Out
//$page->replace_tags(array('templated_search_form', 'featured_listings_horizontal', 'featured_listings_vertical', 'company_name', 'link_printer_friendly'));
$page->replace_permission_tags();
$display .= $page->return_page();
}
return $display;
}
function add_post()
{
global $conn, $lang, $config;
$security = login::loginCheck('can_access_blog_manager', true);
$display = '';
$blog_saved = FALSE;
$blog_deleted = FALSE;
$blog_user_type = intval($_SESSION['blog_user_type']);
if ($security === true) {
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
//Load the Core Template
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
//Load TEmplate File
$page->load_page($config['admin_template_path'] . '/blog_edit_post.html');
// Do we need to save?
if (isset($_POST['edit'])) {
// Save blog now
$save_full = $_POST['ta'];
$save_title = $misc->make_db_safe($_POST['title']);
$save_full_xhtml = $misc->make_db_safe(blog_editor::htmlEncodeText($save_full), TRUE);
$save_description = $misc->make_db_safe($_POST['description']);
$save_keywords = $misc->make_db_safe($_POST['keywords']);
$save_published = intval($_POST['published']);
if ($blog_user_type == 2 && $save_published == 1) {
//Throw Error
$display .= '<div class="error_message">' . $lang['blog_permission_denied'] . '</div><br />';
unset($_POST['edit']);
$display .= $this->add_post();
return $display;
}
$userdb_id = $misc->make_db_safe($_SESSION['userID']);
$sql = "INSERT INTO " . $config['table_prefix'] . "blogmain (userdb_id,blogmain_full,blogmain_title,blogmain_date,blogmain_published,blogmain_description,blogmain_keywords) VALUES ({$userdb_id},{$save_full_xhtml},{$save_title}," . $conn->DBDate(time()) . ",{$save_published},{$save_description},{$save_keywords})";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$display .= "<center><b>{$lang['blog_saved']}</b></center><br />";
unset($_POST['edit']);
$_POST['blogID'] = $conn->Insert_ID();
$display .= $this->blog_edit();
return $display;
}
// Pull the blog from the database
$page->replace_tag('', $blogID);
$page->replace_tag('blog_html', '');
$page->replace_tag('blog_edit_action', 'index.php?action=add_blog');
$title = $misc->make_db_unsafe($recordSet->fields['blogmain_title']);
$description = $misc->make_db_unsafe($recordSet->fields['blogmain_description']);
$published = intval($recordSet->fields['blogmain_published']);
$keywords = $misc->make_db_unsafe($recordSet->fields['blogmain_keywords']);
$page->replace_tag('blog_title', '');
$page->replace_tag('blog_description', '');
$page->replace_tag('blog_keywords', '');
//Handle Publish Status
$page->replace_tag('blog_published', 0);
switch ($published) {
case 0:
$page->replace_tag('blog_published_lang', $lang['blog_draft']);
break;
case 1:
$page->replace_tag('blog_published_lang', $lang['blog_published']);
break;
case 2:
$page->replace_tag('blog_published_lang', $lang['blog_review']);
break;
}
/*//Blog Permissions
* 1 - Subscriber - A subscriber can read posts, comment on posts.
* 2 - Contributor - A contributor can post and manage their own post but they cannot publish the posts. An administrator must first approve the post before it can be published.
* 3 - Author - The Author role allows someone to publish and manage posts. They can only manage their own posts, no one else’s.
* 4 - Editor - An editor can publish posts. They can also manage and edit other users posts. If you are looking for someone to edit your posts, you would assign the Editor role to that person.
*/
if ($blog_user_type == 2) {
$page->page = $page->remove_template_block('blog_published', $page->page);
}
//$blog_user_type
//blog_published_lang
if ($config['url_style'] == '1') {
$article_url = 'index.php?action=blog_view_article&ArticleID=' . $_POST['blogID'];
} else {
$url_title = str_replace("/", "", $title);
$url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title));
$article_url = 'article-' . urlencode($url_title) . '-' . $_POST['blogID'] . '.html';
}
$page->replace_tag('blog_article_url', '');
//Show Link to Blog Manager
$page->replace_tag('blog_manager_url', 'index.php?action=edit_blog');
//Remove Delete Post option, as it does not yet exist
$page->page = $page->remove_template_block('blog_delete', $page->page);
if ($config["demo_mode"] == 1 && $_SESSION['admin_privs'] != 'yes' || $blog_user_type == 2 && $published == 1) {
$page->page = $page->remove_template_block('blog_save', $page->page);
} else {
$page->page = $page->cleanup_template_block('blog_save', $page->page);
}
$page->replace_permission_tags();
$page->auto_replace_tags('', true);
$display .= $page->return_page();
} else {
$display .= '<div class="error_text">' . $lang['access_denied'] . '</div>';
}
return $display;
}
