<?
require './shared_lib/core.php';
$admin = ($_SERVER['REMOTE_ADDR'] !== '82.19.119.31') ?false:true; //stderr('Error','Access Denied');
init();
$actions = array('/index.php?action=new'=>'New');
if (isset($_REQUEST['id']) && is_valid_id($_REQUEST['id'])) $actions = array_merge($actions, array('/index.php?action=edit&id='.$_REQUEST['id']=>'Edit','/index.php?action=delete&id='.$_REQUEST['id']=>'Delete'));
$action = isset($_REQUEST['action']) && in_array(ucfirst($_REQUEST['action']),$actions) ? ucfirst($_REQUEST['action']) : '';
$opts = array('js'=>array('jquery.markitup','bbcode'));
$form = array('news','id,userid,added,body,title', 'WHERE class >= ', // for permissions for edit/new ... will be done via permissions system so in php
array('id'=>'primary|int',
'userid'=>'int|validid',
'added'=>'now',
'title'=>'trim|htmlspecialchars|sqlesc',
'body'=>'bbcode'),
array('',array(
8=>array('title','text')))
);
// convert datetime to unixtimestamp
/* comments_torrents, requests etc // parent just id of parent, in php put as subarray when doing query (sort by id desc) and then in displaying
use media object <li> for proper nesting display... done ;)
$form = array('comments_*','id,userid,pid,added,body,editedby,editdat,parent',
array('id'=>'primary','userid'=>'int|validid','pid'=>'int|validid','added'=>'new_now','body'=>'bbcode','editedby'=>'curuser','editdat'=>'now',
'parent'=>'id|validid'),
// look array
....
);
*/
// manage_form($form)
// if we have bbcode parsing
if ($action) {
if ($_SERVER['REQUEST_METHOD'] === 'POST')
require './shared_lib/bb/bbparse.php';
if ($_SERVER['REQUEST_METHOD'] === 'GET' || $action === 'Edit')
require './shared_lib/bb/bbinput.php';
}
$exclude = array('id','userid');
$arr = explode(',',$form[1]);
$table = $form[0];
if ($action === 'New') {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $admin) {
foreach ($arr as $r) {
if (!in_array($r,$exclude)) {
$tmp = isset($_REQUEST[$r]) ? $_REQUEST[$r] : -1;
/*
if (isset($checks[$r])) {
$chk = explode('|', $checks[$r]);
$tmp = validate(array($r,$tmp), $chk);
if (is_array($tmp) && count($tmp['errors']))
$errors[] = $tmp['errors'];
else $q[$r] = $tmp['value'];
}
else*/
switch ($r) { // temp
case 'added': $tmp = 'NOW()';$q[$r] = $tmp; break;
case 'body': $tmp = bb2html($tmp);
default: $q[$r] = sqlesc($tmp);
}
}
}
$f = array_keys($q);
$r = do_mysql_query('INSERT INTO '.$table.' ('.implode(', ',$f).') VALUES ('.implode(', ',$q).')') or sqlerr(__FILE__,__LINE__,$actions);
if (mysql_affected_rows()) stderr('Success','Well done');
else stderr('Error','Failed');
}
stdhead('New Blog Post',$actions, $opts);
start_container('new_blog');
// form functions
// 'horizontal', 'post','action'
// title=>text, bbcode, button=>submit
$content = print_form('new');
grid(array(array('',array(12=>$content))));
end_container();
stdfoot();
}
else if ($action === 'Edit' && $admin) {
$id = isset($_REQUEST['id']) ? (int)$_REQUEST['id'] : 0;
if (!$id) stderr('Error','Invalid ID');
$res = do_mysql_query('SELECT '.$form[1].',UNIX_TIMESTAMP(added) uadded FROM '.$table.' WHERE id='.$id) or sqlerr(__FILE__,__LINE__, $actions);
if (mysql_num_rows($res) == 0) stderr('Error','Not Found!');
$vars = mysql_fetch_array($res);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$q = array();
foreach ($arr as $r) {
if (!in_array($r,$exclude)) {
$tmp = isset($_REQUEST[$r]) ? $_REQUEST[$r] : -1;
/*
if (isset($checks[$r])) {
$chk = explode('|', $checks[$r]);
$tmp = validate(array($r,$tmp), $chk);
if (is_array($tmp) && count($tmp['errors']))
$errors[] = $tmp['errors'];
else $q[$r] = $tmp['value'];
}
else*/
switch ($r) { // temp
case 'added': break; /*$tmp = 'NOW()';$q[$r] = $tmp; break;*/
case 'body': if ($vars['body'] === $tmp) break; $tmp = bb2html($tmp,$table.$id);
default: if ($vars[$r] === $tmp) break; $q[$r] = sqlesc($tmp);
}
}
}
if (sizeof($q) === 0) stderr('Error','No Changes found!');
$f = '';
foreach ($q as $r => $v) $f .= ($f?',':'').$r.'='.$v;
$r = do_mysql_query('UPDATE '.$table.' SET '.$f.' WHERE id='.$id) or sqlerr(__FILE__,__LINE__,$actions);
if (mysql_affected_rows()) stderr('Success','Well done');
else stderr('Error','Failed');
}
$vars['body'] = html2bb($vars['body'],$table.$id);
stdhead('Edit Blog Post',$actions, $opts);
start_container('new_blog');
// form functions
// 'horizontal', 'post','action'
// title=>text, bbcode, button=>submit
$content = print_form('edit',$vars);
grid(array(array('',array(12=>$content))));
end_container();
stdfoot();
}
else if ($action === 'Delete') {
// have to add mkd5 key to prevent replay attacks etc
if (isset($_REQUEST['id']) && is_valid_id($_REQUEST['id'])) {
$r = do_mysql_query('SELECT '.$form[1].' FROM '.$table.' WHERE id='.$_REQUEST['id']) or sqlerr(__FILE__,__LINE__);
if (!mysql_num_rows($r))
stderr('Error','Not Found!',$actions);
else {
$r = mysql_fetch_array($r);
if (isset($_REQUEST['sure']) && $_REQUEST['sure'] == 1) {
do_mysql_query('DELETE FROM '.$table.' WHERE id='.(int)$_REQUEST['id']) or sqlerr(__FILE__,__LINE__);
stderr('Success',$table.' was deleted',$actions);
}
else stderr('Are you sure? ','Click <a href="?q='.$table.'&action=delete&sure=1&id='.(int)$_REQUEST['id'].'">HERE</a> if you are certain you wnat to delete \'<strong>'.$r['title'].'</strong>\'',$actions);
}
}
}
$main = $side = '';
$res = do_mysql_query('SELECT '.$form[1].',UNIX_TIMESTAMP(added) uadded FROM '.$table.' ORDER BY added DESC') or sqlerr(__FILE__,__LINE__, $actions);
if (mysql_num_rows($res) === 0) $main = alert('Error','No News','warning');
else while ($arr= mysql_fetch_array($res)) {
$main .= '<div class="blog-post" id="bpp'.$arr['id'].'">'.
h(
make_links(array('#bpp'.$arr['id']=>array($arr['title'],array('id'=>'bl'.$arr['id'],'data-toggle'=>'collapse','data-target'=>'#bp'.$arr['id']))),' '),
2,array('class'=>'blog-post-title','id'=>'bt'.$arr['id'])
).
'<div class="blog-post-meta">'.$arr['added'].' ('.get_elapsed_time($arr['uadded']).' ago} by '.$arr['userid'].
'<span class="blog-controls">'.
make_links(array('index.php?action=edit&id='.$arr['id']=>array(icon('edit','',array('class'=>'control')),array('class'=>'url','title'=>'Edit Post')),'index.php?action=delete&id='.$arr['id']=>array(icon('remove','',array('class'=>'control')),array('title'=>'Remove Post','class'=>'url'))),' ').
'</span></div><div id="bp'.$arr['id'].'" class="collapse in">'.
$arr['body'].
'</div></div>';
}
$page = array(array('',array(8=>$main),array(4=>$side)));
stdhead('Welcome', $actions);
start_container('blog');
grid($page);
end_container();
/*
start_container('table');
drawtable(do_mysql_query('SELECT * FROM news'));
end_container();
*/
stdfoot();
function print_form($action, $vars = array()) {
$form_id = 'body';
$ex = ($action === 'edit' && ($id = $vars['id'])) ? '<input type="hidden" name="id" value="'.$id.'">' : '';
$content = '<form role="form" class="form-horizontal" action="?" method="post">'.$ex.'<input type="hidden" name="action" value="'.$action.'">
<div class="form-group">
<label for="title" class="col-sm-2 control-label">Title</label>
<div class="col-sm-8">
<input type="text" class="form-control" id="title" name="title" placeholder="Blog Title" value="'.(isset($vars['title'])?$vars['title']:'').'">
</div>
</div>
<div class="form-group">
<label for="bbcode-body" class="col-sm-2 control-label">Body</label>
<div class="col-sm-10">
'.textbbcode('',$form_id,isset($vars['body'])?$vars['body']:'').
'</div></div>
<span id="emoticons" class="col-sm-offset-2 pull-left">'.emoticon_rand(20,1).'</span>
<button id="random_emot" class="btn btn-primary btn-sm"><span class="glyphicon glyphicon-refresh"></span></button>
<button id="more_bb" class="btn btn-primary btn-sm"><span class="glyphicon glyphicon-plus"></span></button>
<div id="controls-'.$form_id.'" class="pull-right"> '.button(($action === 'edit' ? 'Save':'Post'),'i','primary').'</div></form>';
return $content;
}
// textbbcode will handle emoticon printing.. always print control div but button are from form!
?>
Output for 8.0.13
Warning: require(./shared_lib/core.php): Failed to open stream: No such file or directory in /in/9cKpL on line 2
Fatal error: Uncaught Error: Failed opening required './shared_lib/core.php' (include_path='.:') in /in/9cKpL:2
Stack trace:
#0 {main}
thrown in /in/9cKpL on line 2
Process exited with code 255.
Warning: require(./shared_lib/core.php): failed to open stream: No such file or directory in /in/9cKpL on line 2
Fatal error: require(): Failed opening required './shared_lib/core.php' (include_path='.:') in /in/9cKpL on line 2
Process exited with code 255.
Output for 7.1.20, 7.2.6
Warning: require(): open_basedir restriction in effect. File(./shared_lib/core.php) is not within the allowed path(s): (/tmp:/in) in /in/9cKpL on line 2
Warning: require(./shared_lib/core.php): failed to open stream: Operation not permitted in /in/9cKpL on line 2
Fatal error: require(): Failed opening required './shared_lib/core.php' (include_path='.:') in /in/9cKpL on line 2
Process exited with code 255.