Location: PHPKode > projects > Particle Blogger > particle-blogger/includes/blog.php
<?php
// initilise self
$blog = new Blog;

// create the class
class Blog{
	
	function NewPost($title, $msg, $act, $day, $month, $year, $hour, $minute, $tags){
		
		// add a new post to the blog
		global $db, $months, $dbprefix, $usr;
		
		// authorise users
		$usr->Auth(1);
		
		// validate the information
		if ($title == ""){ return "You did not enter a title"; }
		if ($msg == ""){ return "You did not enter a message"; }
		
		// work out the status
		if ($act == "Save"){
			$status = 0;
		} else {
			$status = 1;
		}
		
		// convert the timestamp
		$tstring = $day . " " . $months[intval($month)] . " " . $year . " " . $hour . ":" . $minute;
		$tstring = strtotime($tstring);
		if ($tstring == FALSE || $tstring == -1){ return "You entered an invalid date"; }
		
		// ok, everything seems fine
		$sql  = "INSERT INTO " . $dbprefix . "posts (title, body, author, postdate";
		$sql .= ", status, ipaddress) VALUES (";
		$sql .= "'" . dbSecure($title) . "', ";
		$sql .= "'" . dbSecure($msg) . "', ";
		$sql .= dbSecure($_SESSION["userid"]) . ", " . $tstring . ", " . $status . ", ";
		$sql .= "'" . $_SERVER["REMOTE_ADDR"] . "')";
		$db->execute($sql);
		
		// now insert tags too
		$postid = $db->insertid;
		if (is_array($tags)){
			foreach($tags as $x){
				$sql  = "INSERT INTO " . $dbprefix ."posttags (postid, tagid) VALUES (";
				$sql .= $postid . ", " . intval($x) . ")";
				$db->execute($sql);
			}
		}
		
		// ok, the post has been done (ref: admin.php)
		if ($status == 0){
			return "The entry has been saved";
		} else {
			return "The entry has been posted!";
		}
	}
	
	// allow users to delete a post
	function DeletePost($postid){
		global $db, $usr, $dbprefix;
		
		// authorise user
		$usr->Auth(1);
		
		// standard validation
		if ($postid == ""){ return "No post ID supplied to delete"; }
		
		// ok, delete the post
		$db->execute("DELETE FROM " . $dbprefix . "posts WHERE ID = " . intval($postid));
		
		// confirm to user
		return "The post has been deleted";
	}
	
	// allow users to edit a post
	function EditPost($postid, $title, $body, $day, $month, $year, $hour, $minute, $status, $tags){
		global $db, $dbprefix, $usr, $months;
		
		// authorise user
		$usr->Auth(1);
		
		// standard validation
		if ($postid == ""){ return "No post ID supplied to edit post"; }
		if ($title == ""){ return "You did not enter a title"; }
		if ($body == ""){ return "You did not enter a post body"; }
		$postid = intval($postid);
		
		// work out status
		$status = intval($status);
		if ($status < 0 || $status > 1){ $status = 0; }
		
		// convert the timestamp
		$tstring = $day . " " . $months[intval($month)] . " " . $year . " " . $hour . ":" . $minute;
		$tstring = strtotime($tstring);
		if ($tstring == FALSE || $tstring == -1){ return "You entered an invalid date"; }
		
		// ok, update the post
		$sql  = "UPDATE " . $dbprefix . "posts SET ";
		$sql .= "title = '" . dbSecure($title) . "', ";
		$sql .= "body = '" . dbSecure($body) . "', ";
		$sql .= "status = " . $status . ", ";
		$sql .= "postdate = " . intval($tstring) . " ";
		$sql .= "WHERE ID = " . $postid;
		$db->execute($sql);
		
		// deal with tags
		$sql = "DELETE FROM " . $dbprefix . "posttags WHERE postid = " . $postid;
		$db->execute($sql);
		
		if (is_array($tags)){
			foreach($tags as $x){
				$sql  = "INSERT INTO " . $dbprefix ."posttags (postid, tagid) VALUES (";
				$sql .= $postid . ", " . intval($x) . ")";
				$db->execute($sql);
			}
		}
		
		// confirm to user
		return "The post has been edited successfully";
	}
	
	// published or draft toggle
	function TogglePost($postid){
		global $db, $dbprefix;
		
		// standard validation
		$postid = intval($postid);
		
		// find the post
		$sql = "SELECT * FROM " . $dbprefix . "posts WHERE ID = " . $postid;
		$rec = $db->execute($sql);
		if ($rec->rows < 1){ return "Unable to locate the post"; }
		
		// inverse the value
		$newstatus = ($rec->fields["status"] == 1) ? 0 : 1;
		
		// and updat it
		$sql = "UPDATE " . $dbprefix . "posts SET status = " . $newstatus . " WHERE ID = " . $postid;
		$db->execute($sql);
		
		// and return
		return "Post status changed successfully!";
	}
	
	function addtag($tag, $bydefault){
		global $db, $dbprefix;
		
		// standard validation
		if ($tag == ""){ return "You did not enter a tag name"; }
		$bydefault = intval($bydefault);
		if ($bydefault < 0 || $bydefault > 1){ return "Invalid by default option"; }
		
		// check for identical name
		$sql = "SELECT * FROM " . $dbprefix . "tags WHERE tag = '" . dbSecure($tag) . "'";
		$rec = $db->execute($sql);
		if ($rec->rows > 0){ return "This tag already exists"; }
		
		// check the slug is unique
		$slug = purify($tag);
		$sql = "SELECT * FROM " . $dbprefix . "tags WHERE slug = '" . dbSecure($slug) . "'";
		$slu = $db->execute($sql);
		if ($slu->rows > 0){ return "This tag name is too similar to an existing tag"; }
		
		// insert the tag
		$sql  = "INSERT INTO " . $dbprefix . "tags (tag, slug, bydefault) VALUES (";
		$sql .= "'" . dbSecure($tag) . "', ";
		$sql .= "'" . dbSecure($slug) . "', ";
		$sql .= $bydefault . ")";
		$db->execute($sql);
		
		// and return
		return "Tag added successfully!";
	}
	
	function deletetag($tagid){
		global $db, $dbprefix;
		
		// standard validation
		$tagid = intval($tagid);
		
		// delete post tag connections
		$sql = "DELETE FROM " . $dbprefix . "posttags WHERE tagid = " . $tagid;
		$db->execute($sql);
		
		// delete the actual tag
		$sql = "DELETE FROM " . $dbprefix . "tags WHERE tagid = " . $tagid;
		$db->execute($sql);
		
		// and return
		return "Tag deleted successfully!";
	}
	
	function edittag($tagid, $tag, $bydefault){
		global $db, $dbprefix;
		
		// standard validation
		$tagid = intval($tagid);
		if ($tag == ""){ return "You did not enter a tag name"; }
		$bydefault = intval($bydefault);
		if ($bydefault < 0 || $bydefault > 1){ return "Invalid by default option"; }
		
		// check for identical name
		$sql = "SELECT * FROM " . $dbprefix . "tags WHERE tag = '" . dbSecure($tag) . "' AND tagid <> " . $tagid;
		$rec = $db->execute($sql);
		if ($rec->rows > 0){ return "This tag already exists"; }
		
		// check the slug is unique
		$slug = purify($tag);
		$sql = "SELECT * FROM " . $dbprefix . "tags WHERE slug = '" . dbSecure($slug) . "' AND tagid <> " . $tagid;
		$slu = $db->execute($sql);
		if ($slu->rows > 0){ return "This tag name is too similar to an existing tag"; }
		
		// make the update
		$sql  = "UPDATE " . $dbprefix . "tags SET ";
		$sql .= "tag = '" . dbSecure($tag) . "', ";
		$sql .= "slug = '" . dbSecure($slug) . "', ";
		$sql .= "bydefault = " . $bydefault . " ";
		$sql .= "WHERE tagid = " . $tagid;
		$db->execute($sql);
		
		// and return
		return "Tag edited successfully!";
	}
	
	function toggletag($tagid){
		global $db, $dbprefix;
		
		// standard validation
		$tagid = intval($tagid);
		
		// get recordset
		$sql = "SELECT * FROM " . $dbprefix . "tags WHERE tagid = " . $tagid;
		$rec = $db->execute($sql);
		if ($rec->rows < 1){ return "The tag could not be found"; }
		
		// work out new value
		if ($rec->fields["bydefault"] == 1){
			$bydefault = 0;
		} else {
			$bydefault = 1;
		}
		
		// make the change
		$sql  = "UPDATE " . $dbprefix . "tags SET bydefault = " . $bydefault . " ";
		$sql .= "WHERE tagid = " . $tagid;
		$db->execute($sql);
	}
}
?>
Return current item: Particle Blogger