From acb38afcd4780191569ee809f3e8bdb550a634bc Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Wed, 5 Sep 2012 18:34:48 +0000 Subject: blogsum --- admin.cgi | 252 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 252 insertions(+) create mode 100755 admin.cgi (limited to 'admin.cgi') diff --git a/admin.cgi b/admin.cgi new file mode 100755 index 0000000..21de7c0 --- /dev/null +++ b/admin.cgi @@ -0,0 +1,252 @@ + +# Blogsum +# +# Copyright (c) 2010 DixonGroup Consulting +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# - Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +########################### +# pragmas and vars # +########################### +use strict; +use Blogsum::Config; +my $database = $Blogsum::Config::database; +my $blog_theme = $Blogsum::Config::blog_theme; +my $blog_title = $Blogsum::Config::blog_title; + + +########################### +# main execution # +########################### +my $cgi = CGI->new; +my $dbh = DBI->connect("DBI:SQLite:dbname=$database", '', '', { RaiseError => 1 }) || die $DBI::errstr; +my $template = HTML::Template->new(filename => "themes/${blog_theme}/admin.tmpl", die_on_bad_params => 0); +$template->param( theme => $blog_theme ); +my $view; + +if ($cgi->param('view')) { + if ($cgi->param('view') eq 'moderate') { + $view = 'moderate'; + manage_comments(); + } elsif ($cgi->param('view') eq 'edit') { + $view = 'create'; + edit_article(); + } else { + $view = 'administrate'; + manage_articles(); + } +} else { + $view = 'administrate'; + manage_articles(); +} + +$dbh->disconnect; + + +########################### +# subfunctions # +########################### + +sub manage_articles { + + my $article_id; + my $status=2; + + if ($cgi->param('delete') =~ /\d+/) { + $article_id = $cgi->param('delete'); + $status=-1; + } + if ($cgi->param('draft') =~ /\d+/) { + $article_id = $cgi->param('draft'); + $status=0; + } + if ($cgi->param('publish') =~ /\d+/) { + $article_id = $cgi->param('publish'); + $status=1; + } + if ($status < 2) { + my $stmt = "UPDATE articles SET enabled=? WHERE id=?"; + my $sth = $dbh->prepare($stmt); + $sth->execute($status, $article_id) || die $dbh->errstr; + } + if ($status == 1) { + my $stmt = "UPDATE articles SET date = datetime('now', 'localtime') WHERE id=?"; + my $sth = $dbh->prepare($stmt); + $sth->execute($article_id) || die $dbh->errstr; + } + + if (@{get_comments()} > 0) { + $template->param( comments_to_moderate => 1); + } + $template->param( view => $view, blog_title => $blog_title, articles => get_articles() ); + print $cgi->header(), $template->output; +} + +sub manage_comments { + + my $comment_id; + my $status=2; + + if ($cgi->param('delete') =~ /\d+/) { + $comment_id = $cgi->param('delete'); + $status=-1; + } + if ($cgi->param('publish') =~ /\d+/) { + $comment_id = $cgi->param('publish'); + $status=1; + } + if ($status < 2) { + my $stmt = "UPDATE comments SET enabled=? WHERE id=?"; + my $sth = $dbh->prepare($stmt); + $sth->execute($status, $comment_id) || die $dbh->errstr; + } + + $template->param( view => $view, blog_title => $blog_title, comments => get_comments() ); + print $cgi->header(), $template->output; +} + +sub edit_article { + + # preview, pass through all input + if ($cgi->param('preview')) { + my $uri = $cgi->param('uri') || $cgi->param('title') || undef; + $uri =~ s/\ /\-/g if ($uri); + $template->param( view => $view, blog_title => $blog_title, preview => 1, edit => 1 ); + $template->param( id => $cgi->param('id') ) if ($cgi->param('id')); + $template->param( title => $cgi->param('title') ) if ($cgi->param('title')); + $template->param( uri => $uri ) if ($uri); + $template->param( preview => $cgi->param('body') ) if ($cgi->param('body')); + $template->param( body => HTML::Entities::encode($cgi->param('body')) ) if ($cgi->param('body')); + $template->param( tags => $cgi->param('tags') ) if ($cgi->param('tags')); + print $cgi->header(), $template->output; + + # save edits, with id (update) + } elsif ($cgi->param('save') && $cgi->param('id')) { + if ($cgi->param('title') && $cgi->param('uri') && $cgi->param('body')) { + my $uri = $cgi->param('uri'); + $uri =~ s/\ /\-/g; + my $stmt = "UPDATE articles SET title=?, uri=?, body=?, tags=? WHERE id=?"; + my $sth = $dbh->prepare($stmt); + $sth->execute($cgi->param('title'), $uri, $cgi->param('body'), $cgi->param('tags'), $cgi->param('id')) || die $dbh->errstr; + manage_articles(); + # if missing data, push back to preview + } else { + $template->param( error => 'required fields: title, uri, body' ); + $template->param( view => $view, blog_title => $blog_title, edit => 1 ); + $template->param( id => $cgi->param('id') ) if ($cgi->param('id')); + $template->param( title => $cgi->param('title') ) if ($cgi->param('title')); + $template->param( uri => $cgi->param('uri') ) if ($cgi->param('uri')); + $template->param( preview => $cgi->param('body') ) if ($cgi->param('body')); + $template->param( body => HTML::Entities::encode($cgi->param('body')) ) if ($cgi->param('body')); + $template->param( tags => $cgi->param('tags') ) if ($cgi->param('tags')); + print $cgi->header(), $template->output; + } + + # save new, no id (insert) + } elsif ($cgi->param('save')) { + if ($cgi->param('title') && $cgi->param('body')) { + my $uri = $cgi->param('uri') || $cgi->param('title'); + $uri =~ s/\ /\-/g; + my $author = $ENV{'REMOTE_USER'} || 'author'; + my $stmt = "INSERT INTO articles VALUES (NULL, datetime('now', 'localtime'), ?, ?, ?, ?, 0, ?)"; + my $sth = $dbh->prepare($stmt); + $sth->execute($cgi->param('title'), $uri, $cgi->param('body'), $cgi->param('tags'), $author) || die $dbh->errstr; + manage_articles(); + # if missing data, push back to preview + } else { + $template->param( error => 'required fields: title, body' ); + $template->param( view => $view, blog_title => $blog_title, edit => 1 ); + $template->param( id => $cgi->param('id') ) if ($cgi->param('id')); + $template->param( title => $cgi->param('title') ) if ($cgi->param('title')); + $template->param( uri => $cgi->param('uri') ) if ($cgi->param('uri')); + $template->param( preview => $cgi->param('body') ) if ($cgi->param('body')); + $template->param( body => HTML::Entities::encode($cgi->param('body')) ) if ($cgi->param('body')); + $template->param( tags => $cgi->param('tags') ) if ($cgi->param('tags')); + print $cgi->header(), $template->output; + } + + # edit an existing + } elsif ($cgi->param('id')) { + my $query = "SELECT * FROM articles WHERE id=?"; + my $sth = $dbh->prepare($query); + $sth->execute($cgi->param('id')) || die $dbh->errstr; + my $result = $sth->fetchrow_hashref; + if ($result) { + $template->param( view => $view, blog_title => $blog_title, edit => 1 ); + $template->param( preview => $result->{'body'} ); + $result->{'body'} = HTML::Entities::encode($result->{'body'}); + $template->param( $result ); + print $cgi->header(), $template->output; + } else { + $template->param( error => 'no results found' ); + manage_articles(); + } + + # brand new, show form + } else { + $template->param( view => $view, blog_title => $blog_title, edit => 1 ); + print $cgi->header(), $template->output; + } +} + +sub get_articles { + + my $query = 'SELECT * FROM articles WHERE enabled !=-1 ORDER BY date DESC'; + my $sth = $dbh->prepare($query); + $sth->execute() || die $dbh->errstr; + + my @articles; + while (my $result = $sth->fetchrow_hashref) { + $result->{'date'} =~ /(\d{4})\-(\d{2})\-\d{2} \d{2}\:\d{2}\:\d{2}/; + ($result->{'year'}, $result->{'month'}) = ($1, $2); + $result->{'date'} =~ s/(\d{4}\-\d{2}\-\d{2}) \d{2}\:\d{2}\:\d{2}/$1/; + delete $result->{'enabled'} if ($result->{'enabled'} == 0); + $result->{'theme'} = $blog_theme; + push(@articles, $result); + } + + return \@articles; +} + +sub get_comments { + + my $query = 'SELECT a.title AS article_title, a.uri AS article_uri, a.date AS article_date, c.* FROM articles a, comments c WHERE a.id=c.article_id AND c.enabled=0 ORDER BY c.date DESC'; + my $sth = $dbh->prepare($query); + $sth->execute() || die $dbh->errstr; + + my @comments; + while (my $result = $sth->fetchrow_hashref) { + $result->{'article_date'} =~ /(\d{4})\-(\d{2})\-\d{2} \d{2}\:\d{2}\:\d{2}/; + ($result->{'article_year'}, $result->{'article_month'}) = ($1, $2); + $result->{'theme'} = $blog_theme; + push(@comments, $result); + } + + return \@comments; +} + + -- cgit v1.2.3