Location: PHPKode > projects > Blite > blite-0.1-beta6/blite/spambox.php
<?php
/*
 *      Copyright 2012 Douglas Robbins <hide@address.com>
 *      
 *      This file is part of Blite, a blogging application, available at
 *      <http://blite.ca/>.
 * 
 *      Blite is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation; either version 3 of the License, or
 *      (at your option) any later version.
 *      
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *      GNU General Public License for more details.
 *      
 *      You should have received a copy of the GNU General Public License
 *      along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

require('configure.php');

if (!$authuser) {
	echo $lang['permdenied'];
	exit;
}

if (!empty($_POST['update'])) {
	list($nonce, $noncestamp, $nonceerror) = verify_nonce('spambox','The admin page expired.');
	if ( !empty($nonceerror) ) {
		echo $nonceerror;
		exit;
	}
	foreach ($_POST as $key => $val) {
		if (stristr($key,'_')) {
			$parts = explode('_', $key, 2);
			if ( $val == '1' && is_numeric($parts[1]) ) {
				$publications[] = $parts[1];
			}
		}
	}
	if ( !empty($publications) ) {
		foreach ($publications as $id) {
			publish_comment($id);
		}
	}
	if (!empty($_POST['purge'])) {
		$query_params = '';
		db_query("DELETE FROM spam");

	}
	$query_params = array( 'nonce' => 'txt', 'noncestamp' => 'int' );
	db_query("INSERT INTO nonces (nonce, type, stamp) VALUES (?, 'spambox', ?)");
}

function publish_comment($id) {
	global $db;
	global $query_params;
	
	$fields = array('postid', 'stamp', 'ip', 'name', 'email', 'comment', 'web');
	
	$query_params = array( 'id' => 'int' );
	$results = db_query("SELECT * from spam WHERE id=?");
	$row = db_getdata($results);
	
	if ($row['id']) {
		foreach ($fields as $field) {
			global ${$field};
			${$field} = $row[$field];
		}
		$query_params = array(
			'postid'  => 'int',
			'stamp'   => 'int',
			'ip'      => 'txt',
			'name'    => 'txt',
			'email'   => 'txt',
			'comment' => 'txt',
			'web'     => 'txt'
		);
		db_query("INSERT INTO comments (postid, stamp, ip, name, email, comment, web) VALUES (?, ?, ?, ?, ?, ?, ?)");
		$comid = $db->lastInsertRowID();
		$query_params = array( 'postid' => 'int' );
		db_query("UPDATE posts set comcount=comcount+1 WHERE id=?");
		$query_params = array( 'id' => 'int' );
		db_query("DELETE FROM spam WHERE id=?");
	}
}

// Build a nonce .

$noncestamp = time();
$nonce = sha1( $noncestamp . $_SERVER['REMOTE_ADDR'] . $cfg['noncesalt'] );

// Spambox display.

$query_params = '';
$results = db_query("SELECT spam.*, posts.title FROM spam LEFT JOIN posts ON spam.postid=posts.id ORDER BY spam.stamp DESC");

$cnt = 0;
$list = '';

while ($row = db_getdata($results)) {
	$actions = "<div class='act'>\n<label><input type='checkbox' name='id_" . $row['id'] . "' value='1'> " . $lang['pubcomment'] . "</label></div>\n";
	$parts = array(
		'Date'            => date('d M Y, g:i a', $row['stamp']+$timeoffset),
		'Blog Post'       => $row['title'],
		'Comment&nbsp;by' => $row['name'] . ' &lt;' . $row['email'] . '&gt;',
		'Website'         => $row['web'],
		'IP'              => $row['ip'],
		'Comment'         => "<div class='comment'>" . $row['comment'] . "</div>"
	);
	foreach ($parts as $key => $val) {
		$list .= "<tr><td>${key}</td><td>&nbsp;&nbsp;:&nbsp;&nbsp;</td><td>$val</td></tr>\n";
	}
	$list .= "<tr><td>&nbsp;</td><td>&nbsp;</td><td>$actions</td></tr>\n";
	$list .= "<tr><td colspan=3><div class='rule'>&nbsp;</div></td></tr>\n";
	$cnt++;
}

$page['list'] = '';
if ($cnt == 0) {
	$page['list'] .= "<div style='text-align:center'>" . $lang['nospam'] . "</div>";
}
else {
	$buttons = "<div class='purge'><label><input type='checkbox' name='purge' value='1'> " . $lang['purgeunmarked'] . "</label></div>\n";
	$buttons .= "<div class='buttons'><input type='submit' name='update' value='" . $lang['updatespambox'] . "'></div>";
	$page['list'] .= "<form method='post' action='spambox.php'>\n";
	$page['list'] .= "<div class='spamcount'>$cnt comments in the spambox</div>\n";
	$page['list'] .= "<table cellspacing=0 cellpadding=0 border=0 class='spam'>$list</table>\n$buttons\n";
	$page['list'] .= "<input type='hidden' name='nonce' value='${nonce}'>\n";
	$page['list'] .= "<input type='hidden' name='stamp' value='${noncestamp}'>\n";
	$page['list'] .= "</form>\n";
}

$page['pagetitle'] = $lang['adminspambox'];
$page['cssfile'] = 'themes/' . $cfg['theme'] . '/admin.css';
$page['infobar'] = "<div class='infobar'>" . $page['pagetitle'] . "</div>";
$page['contentclass'] = 'spambox';
$page['navbottom'] = "<ul class='adminnav'><li><a href='./'>Home</a></li>\n$adminnav</ul>\n";

$subtemplate = file_get_contents('themes/' . $cfg['theme'] . '/templates/sub_list.tpl');
$template = file_get_contents('themes/' . $cfg['theme'] . '/templates/main.tpl');
$template = str_replace("#maincontent#", $subtemplate, $template);
foreach ($page as $key => $val) {
	$template = str_replace("#${key}#",$val,$template);
}
echo $template;
exit;
?>
Return current item: Blite