function display()
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/user.inc.php';
$userclass = new user();
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
require_once $config['basepath'] . '/include/blog_functions.inc.php';
$blog_functions = new blog_functions();
// Make Sure we passed the PageID
$display = '';
if (!isset($_GET['ArticleID']) && intval($_GET['ArticleID']) <= 0) {
$display .= "ERROR. PageID not sent";
} else {
$blog_id = intval($_GET['ArticleID']);
//Check if we posted a comment.
if (isset($_SESSION['userID']) && $_SESSION['userID'] > 0 && isset($_POST['comment_text']) && strlen($_POST['comment_text']) > 0) {
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$blog_comment = $misc->make_db_safe(blog_editor::htmlEncodeText($_POST['comment_text']));
if ($config['blog_requires_moderation'] == 1) {
$moderated = 0;
} else {
$moderated = 1;
}
$sql = "INSERT INTO " . $config['table_prefix'] . "blogcomments (userdb_id,blogcomments_timestamp,blogcomments_text,blogmain_id,blogcomments_moderated) VALUES\n\t\t\t\t(" . intval($_SESSION['userID']) . "," . time() . ",{$blog_comment},{$blog_id},{$moderated});";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
//$display .= '<div class="page_display">';
$sql = "SELECT blogmain_full,blogmain_id FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_id=" . $blog_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$full = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogmain_full']), ENT_NOQUOTES, $config['charset']);
//$full = $misc->make_db_unsafe($recordSet->fields['blogmain_full']);
$full = preg_replace('/\\<hr.*?\\>/', '', $full, 1);
$id = $recordSet->fields['blogmain_id'];
if ($config["wysiwyg_execute_php"] == 1) {
ob_start();
$full = str_replace("<!--<?php", "<?php", $full);
$full = str_replace("?>-->", "?>", $full);
eval('?>' . "{$full}" . '<?php ');
$full = ob_get_contents();
ob_end_clean();
}
//Load Template
$page->load_page($config['template_path'] . '/blog_article.html');
//Start Replacing Tags
$blog_title = $blog_functions->get_blog_title($id);
$page->page = $page->parse_template_section($page->page, 'blog_title', $blog_title);
$blog_author = $blog_functions->get_blog_author($id);
$page->page = $page->parse_template_section($page->page, 'blog_author', $blog_author);
$blog_comment_count = $blog_functions->get_blog_comment_count($id);
$page->page = $page->parse_template_section($page->page, 'blog_comment_count', $blog_comment_count);
$blog_date_posted = $blog_functions->get_blog_date($id);
$page->page = $page->parse_template_section($page->page, 'blog_date_posted', $blog_date_posted);
$page->page = $page->parse_template_section($page->page, 'blog_full_article', $full);
// Allow Admin To Edit #
if (isset($_SESSION['editblog']) && $_SESSION['admin_privs'] == 'yes' && $config["wysiwyg_show_edit"] == 1) {
$admin_edit_link .= "{$config['baseurl']}/admin/index.php?action=edit_blog&id={$id}";
$page->page = $page->parse_template_section($page->page, 'admin_edit_link', $admin_edit_link);
$page->page = $page->cleanup_template_block('admin_edit_link', $page->page);
} else {
$page->page = $page->remove_template_block('admin_edit_link', $page->page);
}
//Deal with COmments
$sql = "SELECT blogcomments_id,userdb_id,blogcomments_timestamp,blogcomments_text FROM " . $config['table_prefix'] . "blogcomments WHERE blogmain_id = " . $id . " AND blogcomments_moderated = 1 ORDER BY blogcomments_timestamp ASC;";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$blog_comment_template = '';
while (!$recordSet->EOF) {
//Load DB Values
$comment_author_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']);
$blogcomments_id = $misc->make_db_unsafe($recordSet->fields['blogcomments_id']);
$blogcomments_timestamp = $misc->make_db_unsafe($recordSet->fields['blogcomments_timestamp']);
$blogcomments_text = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogcomments_text']), ENT_NOQUOTES, $config['charset']);
//Load Template Block
$blog_comment_template .= $page->get_template_section('blog_article_comment_item_block');
//Lookup Blog Author..
$author_type = $userclass->get_user_type($comment_author_id);
if ($author_type == 'member') {
$author_display = $userclass->get_user_name($comment_author_id);
} else {
$author_display = $userclass->get_user_last_name($comment_author_id) . ', ' . $userclass->get_user_first_name($comment_author_id);
}
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_author', $author_display);
if ($config['date_format'] == 1) {
$format = "m/d/Y";
} elseif ($config['date_format'] == 2) {
$format = "Y/d/m";
} elseif ($config['date_format'] == 3) {
$format = "d/m/Y";
}
$blog_comment_date_posted = date($format, "{$blogcomments_timestamp}");
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_date_posted', $blog_comment_date_posted);
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_text', $blogcomments_text);
$recordSet->MoveNext();
}
$page->replace_template_section('blog_article_comment_item_block', $blog_comment_template);
//Render Add New Comment
if ($config['url_style'] == '1') {
$article_url = 'index.php?action=blog_view_article&ArticleID=' . $id;
} else {
$url_title = str_replace("/", "", $blog_title);
$url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title));
$article_url = 'article-' . urlencode($url_title) . '-' . $id . '.html';
}
$page->page = $page->parse_template_section($page->page, 'blog_comments_post_url', $article_url);
//Render Page Out
//$page->replace_tags(array('templated_search_form', 'featured_listings_horizontal', 'featured_listings_vertical', 'company_name', 'link_printer_friendly'));
$page->replace_permission_tags();
$display .= $page->return_page();
}
return $display;
}
function edit_post_comments()
{
global $conn, $lang, $config;
$security = login::loginCheck('can_access_blog_manager', true);
$display = '';
$blog_user_type = intval($_SESSION['blog_user_type']);
if ($security === true) {
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
//Load the Core Template
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
require_once $config['basepath'] . '/include/user.inc.php';
$userclass = new user();
require_once $config['basepath'] . '/include/blog_functions.inc.php';
$blog_functions = new blog_functions();
//Load TEmplate File
$page->load_page($config['admin_template_path'] . '/blog_edit_comments.html');
// Do we need to save?
if (isset($_GET['id'])) {
$post_id = intval($_GET['id']);
//Get Blog Post Information
$blog_title = $blog_functions->get_blog_title($post_id);
$page->page = $page->parse_template_section($page->page, 'blog_title', $blog_title);
$blog_author = $blog_functions->get_blog_author($post_id);
$page->page = $page->parse_template_section($page->page, 'blog_author', $blog_author);
$blog_date_posted = $blog_functions->get_blog_date($post_id);
$page->page = $page->parse_template_section($page->page, 'blog_date_posted', $blog_date_posted);
//Handle any deletions and comment approvals before we load the comments
if (isset($_GET['caction']) && $_GET['caction'] == 'delete') {
if (isset($_GET['cid'])) {
$cid = intval($_GET['cid']);
//Do permission checks.
if ($blog_user_type < 4) {
//Throw Error
$display .= '<div class="error_message">' . $lang['blog_permission_denied'] . '</div><br />';
unset($_GET['caction']);
$display .= $this->edit_post_comments();
return $display;
}
//Delete
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'blogcomments WHERE blogcomments_id = ' . $cid . ' AND blogmain_id = ' . $post_id;
//Load Record Set
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
}
}
if (isset($_GET['caction']) && $_GET['caction'] == 'approve') {
if (isset($_GET['cid'])) {
$cid = intval($_GET['cid']);
//Do permission checks.
if ($blog_user_type < 4) {
//Throw Error
$display .= '<div class="error_message">' . $lang['blog_permission_denied'] . '</div><br />';
unset($_GET['caction']);
$display .= $this->edit_post_comments();
return $display;
}
//Delete
$sql = 'UPDATE ' . $config['table_prefix'] . 'blogcomments SET blogcomments_moderated = 1 WHERE blogcomments_id = ' . $cid . ' AND blogmain_id = ' . $post_id;
//Load Record Set
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
}
}
//Ok Load the comments.
$sql = 'SELECT * FROM ' . $config['table_prefix'] . 'blogcomments WHERE blogmain_id = ' . $post_id . ' ORDER BY blogcomments_timestamp ASC';
//Load Record Set
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
//Handle Next prev
$num_rows = $recordSet->RecordCount();
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
$limit_str = $_GET['cur_page'] * $config['listings_per_page'];
$recordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str);
if ($recordSet === false) {
$misc->log_error($sql);
}
$blog_comment_template = '';
while (!$recordSet->EOF) {
//Load DB Values
$comment_author_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']);
$blogcomments_id = $misc->make_db_unsafe($recordSet->fields['blogcomments_id']);
$blogcomments_moderated = $misc->make_db_unsafe($recordSet->fields['blogcomments_moderated']);
$blogcomments_timestamp = $misc->make_db_unsafe($recordSet->fields['blogcomments_timestamp']);
$blogcomments_text = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogcomments_text']), ENT_NOQUOTES, $config['charset']);
//Load Template Block
$blog_comment_template .= $page->get_template_section('blog_article_comment_item_block');
//Lookup Blog Author..
$author_type = $userclass->get_user_type($comment_author_id);
if ($author_type == 'member') {
$author_display = $userclass->get_user_name($comment_author_id);
} else {
$author_display = $userclass->get_user_last_name($comment_author_id) . ', ' . $userclass->get_user_first_name($comment_author_id);
}
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_author', $author_display);
if ($config['date_format'] == 1) {
$format = "m/d/Y";
} elseif ($config['date_format'] == 2) {
$format = "Y/d/m";
} elseif ($config['date_format'] == 3) {
$format = "d/m/Y";
}
$blog_comment_date_posted = date($format, "{$blogcomments_timestamp}");
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_date_posted', $blog_comment_date_posted);
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_text', $blogcomments_text);
//Add Delete COmment Link
//{blog_comment_delete_url}
$blog_comment_delete_url = 'index.php?action=edit_blog_post_comments&id=' . $post_id . '&caction=delete&cid=' . $blogcomments_id;
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_delete_url', $blog_comment_delete_url);
$blog_comment_approve_url = 'index.php?action=edit_blog_post_comments&id=' . $post_id . '&caction=approve&cid=' . $blogcomments_id;
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_approve_url', $blog_comment_approve_url);
//Do Security Checks
if ($blog_user_type < 4) {
$blog_comment_template = $page->remove_template_block('blog_article_comment_approve', $blog_comment_template);
$blog_comment_template = $page->remove_template_block('blog_article_comment_delete', $blog_comment_template);
}
//Handle Moderation
if ($blogcomments_moderated == 1) {
$blog_comment_template = $page->remove_template_block('blog_article_comment_approve', $blog_comment_template);
} else {
$blog_comment_template = $page->cleanup_template_block('blog_article_comment_approve', $blog_comment_template);
}
$recordSet->MoveNext();
}
$page->replace_template_section('blog_article_comment_item_block', $blog_comment_template);
$next_prev = $misc->next_prev($num_rows, $_GET['cur_page'], "", 'blog', TRUE);
$page->replace_tag('next_prev', $next_prev);
$page->replace_permission_tags();
$page->auto_replace_tags('', true);
$display .= $page->return_page();
}
}
return $display;
}