Location: PHPKode > projects > Originator - RPG Rapid Prototyper > originator/includes/origin/story.php
<?php

/*
	Story Object: used for Creating NEW, UPDATING, EDITING and DISPLAYING current stories.
	It is NOT used for PLAYING. See ORIGIN_PLAY_DIR / story.php
*/

require 'sql.php'; // get the sql "stored procs" 

class page extends pageParent {
	public $template = 'story.html'; // default page
	public $story = array(); // data storage, eventually copied into this->data


	/*
		based on $op(erator)
		new -> add -> display
		edit -> update -> display
		delete
		display
	*/
	
	public function execute(){
		switch ($this->op) {
			case 'new': // display the form for a new story
				//echo "displaying the form for a new story";
				// Does the user have the right permissions (e.g. did they hack the url)
				if (!$this->isLoggedIn() && !session::get('isContributor')){
					$this->setError('User needs to be logged in and have permission to create new stories.', __LINE__, __FILE__);
					$this->data["action"]= "Errors!";
				}
				return; 

			case 'create':
				//echo "creation of the form for a new story";
				// Does the user have the right permissions (e.g. did they hack the url)
				$mandatory = array ('storytitle','unidesc','overview','tags');
				foreach ($mandatory as $key) {
					if (!isset($_REQUEST[$key]) || $_REQUEST[$key] == '') {
						$this->setError('Input Error: '. $key .' is mandatory field.', __LINE__, __FILE__);
					}
				}
				if (!$this->isLoggedIn() || !session::get('isContributor')){
					$this->setError('User needs to be logged in and have permission to create new stories.', __LINE__, __FILE__);
				}
				
				if (!sql::isUniqueStoryDesc($_REQUEST['unidesc']) ){
					$this->setError('Unique description name is taken. Please try another.', __LINE__, __FILE__);
				}
				if (!ctype_alnum($_REQUEST['unidesc'])){
					$this->setError('Unique description name must be alphanumeric [a-z0-9].', __LINE__, __FILE__);
				}
				
				if (story_UNIDESCLENGTH < strlen($_REQUEST['unidesc'])){
					$this->setError('Unique description name must be alphanumeric [a-z0-9].', __LINE__, __FILE__);
				}
				if ($this->hasErrors()){
					$this->data = $this->data + $_REQUEST;
					$this->op = 'new';
					$this->data['op'] = 'new';
					return;
				}
				
				$this->story['storytitle'] = addslashes($_REQUEST['storytitle']);
				$this->story['subtitle'] = addslashes($_REQUEST['subtitle']);
				$this->story['unidesc'] = strtolower($_REQUEST['unidesc']);
				$this->story['overview'] = addslashes($_REQUEST['overview']);
				$this->story['attributes'] = 0; // nothing about this story is a 1/true
				$this->story['owner'] = session::get('uid');
				$this->story['tags'] = addslashes($_REQUEST['tags']);
				// TODO upload and name graphic 'undesc_' . graphic id
				$this->story['graphic'] = '';
				$success = sql::insertStory($this->story);
				$this->data['isEditor'] = true; 
				$this->data = $this->data + $_REQUEST;
				return; 

			case 'add': // update all values
				// do we have a storyid?
				if (!isset($_REQUEST["storyid"])){
					$this->setError("Unique Story Id (storyid) is not set. Nothing doing.");
					return;
				}
				// Does the user have the right permissions (e.g. did they hack the url)
				if (!$this->isLoggedIn() || !sql::isEditor(session::get("userid"), $_REQUEST["storyid"])){
					$this->setError("User needs to be logged in and be a contributor to this story.");
					return;
				}

			case 'delete':
				$this->story = sql::getStory($_REQUEST["storyid"]);
				$this->data = $this->data + $this->story; 
				
				if (!$this->isPublic() && !$this->isEditor()){
					$this->setError("To delete a story, it must first be private and you must have editor priviledges.");
					return;
				}
				
				if (!isset($_REQUEST['confirm']) && $_REQUEST['confirm'] != 'confirmed'){
					$this->op = 'confirm';
					return;
				}
				
				$delete = sql::deletestory($_REQUEST['storyid'], story_SOFTDELETE + $this->story['attributes']);



			case 'edit':
			 	// echo "Get the details and print a form for editing"
				if (!isset($_REQUEST["storyid"])){
					$this->setError("Unique Story Id (storyid) is not set. Nothing doing.");
					return;
				}
				// Does the user have the right permissions (e.g. did they hack the url)
				if (!$this->isLoggedIn() || !sql::isEditor(session::get("userid"), $_REQUEST["storyid"])){
					$this->setError("User needs to be logged in and be a contributor to this story.");
					return;
				}
				$this->story = sql::getStory($_REQUEST["storyid"]);
				
				/*
					If the story is Blocked, then stop. 
					If the story is not PUBLIC AND the user is NOT an editor, then stop
				*/
				if  ($this->isBlocked()) {
					$this->setError("Story: ". $this->story['storytitle'] ." has been blocked by the Admins. Go'way! Shoo!");
					return;
				}
				if (!$this->isPublic() && !$this->isEditor()){
					$this->setError("You do not have permission to view Story: ". $this->story['storytitle']. ". Quit it!");
					return;
				}
				$this->story['isEditor'] = true;

				$this->data = $this->data + $this->story;
				return;
			
			case "change":

				// do we have a storyid?
				
				if (!isset($_REQUEST['storyid'])){
					$this->setError("Unique Story Id (storyid) is not set. Nothing doing.");
				}
				
				// Does the user have the right permissions (e.g. did they hack the url)
				if (!$this->isLoggedIn() || !$this->isEditor()){
					$this->setError("User needs to be logged in and be a contributor to this story.");
					return;
				}
				
				
				$changeFields = array ('overview');
				$update['storyid'] = $_REQUEST['storyid'];
				foreach ($changeFields as $key) {
					if (isset($_REQUEST[$key])){
						$update[$key] = addslashes($_REQUEST[$key]);
					}
				}
				sql::updateStory($update);
				//TODO make the change respect success/fail on return
				$this->template = 'ajax_change.html';
				return;

			
			case 'display': // default
				if (!isset($_REQUEST["storyid"])){
					$this->setError("Unique Story Id (storyid) is not set. Nothing doing.");
					return;
				}
				
				$this->story = sql::getStory($_REQUEST["storyid"]);

				/*
					If the story is Blocked, then stop. 
					If the story is not PUBLIC AND the user is NOT an editor, then stop
				*/
				if  ($this->isBlocked()) {
					$this->setError("Story: ". $this->story['storytitle'] ." has been blocked by the Admins. Go'way! Shoo!");
					return;
				}

				if (!$this->isPublic() && !$this->isEditor()){
					$this->setError("You do not have permission to view Story: ". $this->story['storytitle']. ". Quit it!");
					return;
				}
				$this->story['isEditor'] = true;
				$this->story['isPublic'] =  $this->isPublic();
				$this->story['isAdult'] =  $this->isAdult();
				$this->story['isBlocked'] =  $this->isBlocked();
				
				
				// Check out the chapters now
				$chapters = sql::getChapters($_REQUEST["storyid"]);
				if (0 != count($chapters) && !isset($chapters['error'])) {
					$this->data["chapters"] = $chapters;
				}
				
				$locations = sql::getLocations($_REQUEST['storyid']);
				if (0 != count($locations) && !isset($locations['error'])) {
					$this->data['locations'] = $locations;
				}

				$characters = sql::getCharacters($_REQUEST['storyid']);
				if (0 != count($characters) && !isset($characters['error'])) {
					$this->data['characters'] = $characters;
				}

				// OK, the user can view! Add the ->story to the ->data 
				// TOTUNE A better nerd than I should tell me if this is better that $this->data = array_merge($this->data, $this->story), but this works, so
				$this->data = $this->data + $this->story; 
			}
		
	}



/*
	attribute checks.  TODO: Deprecate these crappy solutions and move bitmask logic to SQL 
*/

	public function isPublic() {
		return $this->story['isPublic'];
	}

	public function isAdult() {
		return $this->story['isAdult'];
	}
	
	public function isBlocked() {
		return $this->story['isBlocked'];
	}
	
	public function isDeleted() {
		return $this->story['isDeleted'];
	}

}


?>
PHP Helpdesk script - 100% PHP source code. Try it now!
Return current item: Originator - RPG Rapid Prototyper