A tumblelog CMS built on AJAX, PHP and MySQL.

index.php 15KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327
  1. <?php
  2. if (!defined('entry')) {
  3. define('entry', true);
  4. }
  5. /* ===========================
  6. gelato CMS - A PHP based tumblelog CMS
  7. development version
  8. http://www.gelatocms.com/
  9. gelato CMS is a free software licensed under the GPL 2.0
  10. Copyright (C) 2007 by Pedro Santana <pecesama at gmail dot com>
  11. =========================== */
  12. ?>
  13. <?php
  14. require('../entry.php');
  15. global $user, $conf, $tumble;
  16. #$template = new plantillas("admin");
  17. $theme = new themes;
  18. $isEdition = (isset($_GET["edit"])) ? true : false;
  19. $postId = ($isEdition) ? $_GET["edit"] : null;
  20. $theme->set('isEdition', $isEdition);
  21. $theme->set('postId', $postId);
  22. $theme->set('pagination', '');
  23. if (get_magic_quotes_gpc()) {
  24. foreach ($_GET as $k=>$get) {
  25. $_GET[$k]=stripslashes($get);
  26. }
  27. }
  28. $util_class = new util();
  29. if ($user->isAuthenticated()) {
  30. if (isset($_GET["delete"])) {
  31. $tumble->deletePost($_GET['delete']);
  32. header("Location: index.php?deleted=true");
  33. die();
  34. }
  35. if (isset($_POST["btnAdd"])) {
  36. unset($_POST["btnAdd"]);
  37. $_POST['type'] = $util_class->type2Number($_POST['type']);
  38. if ($_POST["type"]=="2") { // is Photo type
  39. if (isset($_POST["url"]) && $_POST["url"]!="") {
  40. $photoName = $util_class->getFileName($_POST["url"]);
  41. if (!$tumble->savePhoto($_POST["url"])) {
  42. header("Location: ".$conf->urlGelato."/admin/index.php?photo=false");
  43. die();
  44. }
  45. $_POST["url"] = "../uploads/".$util_class->sanitizeName($photoName);
  46. }
  47. if (move_uploaded_file($_FILES['photo']['tmp_name'], "../uploads/".$util_class->sanitizeName($_FILES['photo']['name']))) {
  48. $_POST["url"] = "../uploads/".$util_class->sanitizeName($_FILES['photo']['name']);
  49. }
  50. unset($_POST["photo"]);
  51. unset($_POST["MAX_FILE_SIZE"]);
  52. }
  53. if ($_POST["type"]=="7") { // is MP3 type
  54. set_time_limit(300);
  55. $mp3Name = $util_class->getFileName($_POST["url"]);
  56. if (!$tumble->saveMP3($_POST["url"])) {
  57. header("Location: ".$conf->urlGelato."/admin/index.php?mp3=false");
  58. die();
  59. }
  60. if ($util_class->isMP3($remoteFileName)) {
  61. $_POST["url"] = $conf->urlGelato."/uploads/".$mp3Name;
  62. }
  63. }
  64. if (!get_magic_quotes_gpc()) {
  65. $_POST["title"] = addslashes($_POST["title"]);
  66. $_POST["description"] = addslashes($_POST["description"]);
  67. }
  68. /*
  69. $textile = new Textile();
  70. $_POST["title"] = $textile->TextileThis(removeBadTags($_POST["title"],true));
  71. $_POST["description"] = $textile->TextileThis(removeBadTags($_POST["description"]));
  72. */
  73. $_POST["title"] = $util_class->removeBadTags($_POST["title"], true);
  74. $_POST["description"] = $util_class->removeBadTags($_POST["description"]);
  75. if (isset($_POST["id_post"]) and is_numeric($_POST["id_post"]) and $_POST["id_post"]>0) {
  76. $tumble->modifyPost($_POST, $_POST["id_post"]);
  77. } else {
  78. if ($tumble->addPost($_POST)) {
  79. header("Location: ".$conf->urlGelato."/admin/index.php?added=true");
  80. die();
  81. } else {
  82. header("Location: ".$conf->urlGelato."/admin/index.php?error=2&des=".$tumble->merror);
  83. die();
  84. }
  85. }
  86. } else {
  87. if ($isEdition) {
  88. $post = $tumble->getPost($postId);
  89. }
  90. $admin_includes = "";
  91. $trigger->call('admin_includes');
  92. $theme->set('admin_includes', $admin_includes);
  93. $theme->set('version', $util_class->version());
  94. $theme->set('conf', array(
  95. 'urlGelato'=>$conf->urlGelato,
  96. 'richText'=>$conf->richText
  97. ));
  98. $theme->set('new', isset($_GET['new'])?$_GET['new']:'');
  99. $theme->set('information', false);
  100. $theme->set('error', false);
  101. if ($conf->check_version) {
  102. $present = $util_class->version();
  103. $lastest = $util_class->_file_get_contents("http://www.gelatocms.com/vgel.txt");
  104. if ($present < $lastest) {
  105. $theme->set('information', __("A new gelato version has been released and is ready <a href=\"http://www.gelatocms.com/\">for download</a>."));
  106. }
  107. }
  108. $actions = array(
  109. 'deleted'=>false,
  110. 'modified'=>false,
  111. 'added'=>false
  112. );
  113. if (isset($_GET['deleted']) and $_GET['deleted']=='true') {
  114. $theme->set('exito', __("The post has been eliminated successfully."));
  115. $actions['deleted'] = true;
  116. }
  117. if (isset($_GET["modified"]) and $_GET["modified"]==true) {
  118. $theme->set('exito', __("The post has been modified successfully."));
  119. $actions['modified']=true;
  120. }
  121. if (isset($_GET["added"]) and $_GET["added"]==true) {
  122. $theme->set('exito', __("The post has been added successfully."));
  123. $actions['added']=true;
  124. }
  125. $theme->set('action', $actions);
  126. if (isset($_GET["error"]) and $_GET["error"]==2) {
  127. $theme->set('error', __("Error on the database server:")." </strong>".$_GET["des"]);
  128. }
  129. if (isset($_GET["mp3"]) and $_GET["mp3"]=='false') {
  130. $theme->set('error', __("Not an MP3 file or an upload problem."));
  131. }
  132. if (isset($_GET["photo"]) and $_GET["photo"]=='false') {
  133. $theme->set('error', __("Not a photo file or an upload problem."));
  134. }
  135. if ($isEdition) {
  136. switch ($post["type"]) {
  137. case "1": $_GET["new"] = "post"; break;
  138. case "2": $_GET["new"] = "photo"; break;
  139. case "3": $_GET["new"] = "quote"; break;
  140. case "4": $_GET["new"] = "url"; break;
  141. case "5": $_GET["new"] = "conversation"; break;
  142. case "6": $_GET["new"] = "video"; break;
  143. case "7": $_GET["new"] = "mp3"; break;
  144. }
  145. }
  146. $date = ($isEdition) ? strtotime($post["date"]) : time();
  147. $title = ($isEdition) ? htmlspecialchars(stripslashes($post["title"])) : "";
  148. $body = ($isEdition) ? stripslashes($post["description"]) : "";
  149. $url = ($isEdition) ? $post["url"] : "";
  150. if (!isset($_GET['new'])) {
  151. $_GET['new'] = 'post';
  152. }
  153. $form = new themes;
  154. $form->set('date', $date);
  155. $form->set('id_user', $_SESSION['user_id']);
  156. $form->set('type', $_GET["new"]);
  157. $form->set('editBody', $body);
  158. switch ($_GET["new"]) {
  159. case "post":
  160. $form->set('editTitle', $title);
  161. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_post.htm'));
  162. break;
  163. case "photo":
  164. $url = str_replace("../", $conf->urlGelato."/", $url);
  165. $form->set('editUrl', $url);
  166. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_photo.htm'));
  167. break;
  168. case "quote":
  169. $form->set('editTitle', $title);
  170. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_quote.htm'));
  171. break;
  172. case "url":
  173. $form->set('editTitle', $title);
  174. $form->set('editUrl', $url);
  175. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_link.htm'));
  176. break;
  177. case "conversation":
  178. $form->set('editTitle', $title);
  179. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_conversation.htm'));
  180. break;
  181. case "video":
  182. $form->set('editUrl', $url);
  183. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_video.htm'));
  184. break;
  185. case "mp3":
  186. $form->set('editUrl', $url);
  187. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_mp3.htm'));
  188. break;
  189. }
  190. if (!$isEdition) {
  191. if (isset($_GET["page"])) {
  192. $page_num = $_GET["page"];
  193. } else {
  194. $page_num = null;
  195. }
  196. $limit=$conf->postLimit;
  197. if (isset($page_num) && is_numeric($page_num) && $page_num>0) {// Is defined the page and is numeric?
  198. $from = (($page_num-1) * $limit);
  199. } else {
  200. $from = 0;
  201. }
  202. $rs = $tumble->getPosts($limit, $from);
  203. $theme->set('Posts_Number', $db->contarRegistros());
  204. $rows = array();
  205. if ($db->contarRegistros()>0) {
  206. while ($register = mysql_fetch_array($rs)) {
  207. $row['postType'] = $util_class->type2Text($tumble->getType($register["id_post"]));
  208. $formatedDate = gmdate("M d", strtotime($register["date"]) + $util_class->transform_offset($conf->offsetTime));
  209. $strEnd=($conf->urlFriendly) ? "/" : "";
  210. $permalink = $conf->urlGelato.($conf->urlFriendly?"/post/":"/index.php?post=").$register["id_post"].$strEnd;
  211. $register["title"] = stripslashes($register["title"]);
  212. $register["description"] = stripslashes($register["description"]);
  213. $row['Id_Post'] = $register["id_post"];
  214. $row['Date_Added'] = $formatedDate;
  215. $row['Permalink'] = $permalink;
  216. switch ($tumble->getType($register["id_post"])) {
  217. case "1":
  218. $row['Title'] = $register["title"];
  219. $row['Body'] = $register["description"];
  220. break;
  221. case "2":
  222. $fileName = "../uploads/".$util_class->getFileName($register["url"]);
  223. $x = @getimagesize($fileName);
  224. if ($x[0] > 100) {
  225. $photoPath = $conf->urlGelato."/classes/imgsize.php?w=100&img=".$register["url"];
  226. } else {
  227. $photoPath = $register["url"];
  228. }
  229. $effect = " href=\"".str_replace("../", $conf->urlGelato."/", $register["url"])."\" rel=\"lightbox\"";
  230. $row['PhotoURL'] = $photoPath;
  231. $row['PhotoAlt'] = strip_tags($register["description"]);
  232. $row['Caption'] = $register["description"];
  233. $row['Effect'] = $effect;
  234. break;
  235. case "3":
  236. $row['Quote'] = $register["description"];
  237. $row['Source'] = $register["title"];
  238. break;
  239. case "4":
  240. if ($conf->shorten_links) {
  241. $register["url"] = $util_class->_file_get_contents("http://api.abbrr.com/api.php?out=link&url=".$register["url"]);
  242. }
  243. $register["title"] = ($register["title"]=="")? $register["url"] : $register["title"];
  244. $row['URL'] = $register["url"];
  245. $row['Name'] = $register["title"];
  246. $row['Description'] = $register["description"];
  247. break;
  248. case "5":
  249. $row['Title'] = $register["title"];
  250. $row['Conversation'] = $tumble->formatConversation($register["description"]);
  251. break;
  252. case "6":
  253. $row['Video'] = $tumble->getVideoPlayer($register["url"]);
  254. $row['Caption'] = $register["description"];
  255. break;
  256. case "7":
  257. $row['Mp3'] = $tumble->getMp3Player($register["url"]);
  258. $row['Caption'] = $register["description"];
  259. break;
  260. }
  261. $rows[] = $row;
  262. }
  263. $p = new pagination;
  264. $p->items($tumble->getPostsNumber());
  265. $p->limit($limit);
  266. $p->currentPage(isset($page_num) ? $page_num : 1);
  267. $theme->set('pagination', $p->getPagination());
  268. $theme->set('rows', $rows);
  269. } else {
  270. $theme->set('error', __("No posts in this tumblelog."));
  271. }
  272. }
  273. $theme->display(Absolute_Path.'admin/themes/admin/index.htm');
  274. }
  275. } else {
  276. header("Location: ".$conf->urlGelato."/login.php");
  277. }
  278. ?>