A tumblelog CMS built on AJAX, PHP and MySQL.

index.php 15KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324
  1. <?php
  2. if (!defined('entry')) {
  3. define('entry', true);
  4. }
  5. /* ===========================
  6. Sorbet CMS - A PHP based tumblelog CMS forked from Gelato CMS
  7. Sorbet CMS is a free software licensed under the GPL 3.0
  8. =========================== */
  9. ?>
  10. <?php
  11. require '../entry.php';
  12. global $user, $conf, $tumble;
  13. #$template = new plantillas("admin");
  14. $theme = new themes;
  15. $isEdition = (isset($_GET["edit"])) ? true : false;
  16. $postId = ($isEdition) ? $_GET["edit"] : null;
  17. $theme->set('isEdition', $isEdition);
  18. $theme->set('postId', $postId);
  19. $theme->set('pagination', '');
  20. if (get_magic_quotes_gpc()) {
  21. foreach ($_GET as $k=>$get) {
  22. $_GET[$k]=stripslashes($get);
  23. }
  24. }
  25. $util_class = new util();
  26. if ($user->isAuthenticated()) {
  27. if (isset($_GET["delete"])) {
  28. $tumble->deletePost($_GET['delete']);
  29. header("Location: index.php?deleted=true");
  30. die();
  31. }
  32. if (isset($_POST["btnAdd"])) {
  33. unset($_POST["btnAdd"]);
  34. $_POST['type'] = $util_class->type2Number($_POST['type']);
  35. if ($_POST["type"]=="2") { // is Photo type
  36. if (isset($_POST["url"]) && $_POST["url"]!="") {
  37. $photoName = $util_class->getFileName($_POST["url"]);
  38. if (!$tumble->savePhoto($_POST["url"])) {
  39. header("Location: ".$conf->urlSorbet."/admin/index.php?photo=false");
  40. die();
  41. }
  42. $_POST["url"] = "../uploads/".$util_class->sanitizeName($photoName);
  43. }
  44. if (move_uploaded_file($_FILES['photo']['tmp_name'], "../uploads/".$util_class->sanitizeName($_FILES['photo']['name']))) {
  45. $_POST["url"] = "../uploads/".$util_class->sanitizeName($_FILES['photo']['name']);
  46. }
  47. unset($_POST["photo"]);
  48. unset($_POST["MAX_FILE_SIZE"]);
  49. }
  50. if ($_POST["type"]=="7") { // is MP3 type
  51. set_time_limit(300);
  52. $mp3Name = $util_class->getFileName($_POST["url"]);
  53. if (!$tumble->saveMP3($_POST["url"])) {
  54. header("Location: ".$conf->urlSorbet."/admin/index.php?mp3=false");
  55. die();
  56. }
  57. if ($util_class->isMP3($remoteFileName)) {
  58. $_POST["url"] = $conf->urlSorbet."/uploads/".$mp3Name;
  59. }
  60. }
  61. if (!get_magic_quotes_gpc()) {
  62. $_POST["title"] = addslashes($_POST["title"]);
  63. $_POST["description"] = addslashes($_POST["description"]);
  64. }
  65. /*
  66. $textile = new Textile();
  67. $_POST["title"] = $textile->TextileThis(removeBadTags($_POST["title"],true));
  68. $_POST["description"] = $textile->TextileThis(removeBadTags($_POST["description"]));
  69. */
  70. $_POST["title"] = $util_class->removeBadTags($_POST["title"], true);
  71. $_POST["description"] = $util_class->removeBadTags($_POST["description"]);
  72. if (isset($_POST["id_post"]) and is_numeric($_POST["id_post"]) and $_POST["id_post"]>0) {
  73. $tumble->modifyPost($_POST, $_POST["id_post"]);
  74. } else {
  75. if ($tumble->addPost($_POST)) {
  76. header("Location: ".$conf->urlSorbet."/admin/index.php?added=true");
  77. die();
  78. } else {
  79. header("Location: ".$conf->urlSorbet."/admin/index.php?error=2&des=".$tumble->merror);
  80. die();
  81. }
  82. }
  83. } else {
  84. if ($isEdition) {
  85. $post = $tumble->getPost($postId);
  86. }
  87. $admin_includes = "";
  88. $trigger->call('admin_includes');
  89. $theme->set('admin_includes', $admin_includes);
  90. $theme->set('version', $util_class->version());
  91. $theme->set('conf', array(
  92. 'urlSorbet'=>$conf->urlSorbet,
  93. 'richText'=>$conf->richText
  94. ));
  95. $theme->set('new', isset($_GET['new'])?$_GET['new']:'');
  96. $theme->set('information', false);
  97. $theme->set('error', false);
  98. if ($conf->check_version) {
  99. $present = $util_class->version();
  100. $lastest = "1.0";//$util_class->_file_get_contents("");
  101. if ($present < $lastest) {
  102. $theme->set('information', __("A new version has been released and is ready for download."));
  103. }
  104. }
  105. $actions = array(
  106. 'deleted'=>false,
  107. 'modified'=>false,
  108. 'added'=>false
  109. );
  110. if (isset($_GET['deleted']) and $_GET['deleted']=='true') {
  111. $theme->set('exito', __("The post has been eliminated successfully."));
  112. $actions['deleted'] = true;
  113. }
  114. if (isset($_GET["modified"]) and $_GET["modified"]==true) {
  115. $theme->set('exito', __("The post has been modified successfully."));
  116. $actions['modified']=true;
  117. }
  118. if (isset($_GET["added"]) and $_GET["added"]==true) {
  119. $theme->set('exito', __("The post has been added successfully."));
  120. $actions['added']=true;
  121. }
  122. $theme->set('action', $actions);
  123. if (isset($_GET["error"]) and $_GET["error"]==2) {
  124. $theme->set('error', __("Error on the database server:")." </strong>".$_GET["des"]);
  125. }
  126. if (isset($_GET["mp3"]) and $_GET["mp3"]=='false') {
  127. $theme->set('error', __("Not an MP3 file or an upload problem."));
  128. }
  129. if (isset($_GET["photo"]) and $_GET["photo"]=='false') {
  130. $theme->set('error', __("Not a photo file or an upload problem."));
  131. }
  132. if ($isEdition) {
  133. switch ($post["type"]) {
  134. case "1": $_GET["new"] = "post"; break;
  135. case "2": $_GET["new"] = "photo"; break;
  136. case "3": $_GET["new"] = "quote"; break;
  137. case "4": $_GET["new"] = "url"; break;
  138. case "5": $_GET["new"] = "conversation"; break;
  139. case "6": $_GET["new"] = "video"; break;
  140. case "7": $_GET["new"] = "mp3"; break;
  141. }
  142. }
  143. $date = ($isEdition) ? strtotime($post["date"]) : time();
  144. $title = ($isEdition) ? htmlspecialchars(stripslashes($post["title"])) : "";
  145. $body = ($isEdition) ? stripslashes($post["description"]) : "";
  146. $url = ($isEdition) ? $post["url"] : "";
  147. if (!isset($_GET['new'])) {
  148. $_GET['new'] = 'post';
  149. }
  150. $form = new themes;
  151. $form->set('date', $date);
  152. $form->set('id_user', $_SESSION['user_id']);
  153. $form->set('type', $_GET["new"]);
  154. $form->set('editBody', $body);
  155. switch ($_GET["new"]) {
  156. case "post":
  157. $form->set('editTitle', $title);
  158. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_post.htm'));
  159. break;
  160. case "photo":
  161. $url = str_replace("../", $conf->urlSorbet."/", $url);
  162. $form->set('editUrl', $url);
  163. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_photo.htm'));
  164. break;
  165. case "quote":
  166. $form->set('editTitle', $title);
  167. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_quote.htm'));
  168. break;
  169. case "url":
  170. $form->set('editTitle', $title);
  171. $form->set('editUrl', $url);
  172. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_link.htm'));
  173. break;
  174. case "conversation":
  175. $form->set('editTitle', $title);
  176. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_conversation.htm'));
  177. break;
  178. case "video":
  179. $form->set('editUrl', $url);
  180. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_video.htm'));
  181. break;
  182. case "mp3":
  183. $form->set('editUrl', $url);
  184. $theme->set('form', $form->fetch(Absolute_Path.'admin/themes/admin/template_add_mp3.htm'));
  185. break;
  186. }
  187. if (!$isEdition) {
  188. if (isset($_GET["page"])) {
  189. $page_num = $_GET["page"];
  190. } else {
  191. $page_num = null;
  192. }
  193. $limit=$conf->postLimit;
  194. if (isset($page_num) && is_numeric($page_num) && $page_num>0) {// Is defined the page and is numeric?
  195. $from = (($page_num-1) * $limit);
  196. } else {
  197. $from = 0;
  198. }
  199. $rs = $tumble->getPosts($limit, $from);
  200. $theme->set('Posts_Number', $db->contarRegistros());
  201. $rows = array();
  202. if ($db->contarRegistros()>0) {
  203. while ($register = $rs->fetch()) {
  204. $row['postType'] = $util_class->type2Text($tumble->getType($register["id_post"]));
  205. $formatedDate = gmdate("M d", strtotime($register["date"]) + $util_class->transform_offset($conf->offsetTime));
  206. $strEnd=($conf->urlFriendly) ? "/" : "";
  207. $permalink = $conf->urlSorbet.($conf->urlFriendly?"/post/":"/index.php?post=").$register["id_post"].$strEnd;
  208. $register["title"] = stripslashes($register["title"]);
  209. $register["description"] = stripslashes($register["description"]);
  210. $row['Id_Post'] = $register["id_post"];
  211. $row['Date_Added'] = $formatedDate;
  212. $row['Permalink'] = $permalink;
  213. switch ($tumble->getType($register["id_post"])) {
  214. case "1":
  215. $row['Title'] = $register["title"];
  216. $row['Body'] = $register["description"];
  217. break;
  218. case "2":
  219. $fileName = "../uploads/".$util_class->getFileName($register["url"]);
  220. $x = @getimagesize($fileName);
  221. if ($x[0] > 100) {
  222. $photoPath = $conf->urlSorbet."/classes/imgsize.php?w=100&img=".$register["url"];
  223. } else {
  224. $photoPath = $register["url"];
  225. }
  226. $effect = " href=\"".str_replace("../", $conf->urlSorbet."/", $register["url"])."\" rel=\"lightbox\"";
  227. $row['PhotoURL'] = $photoPath;
  228. $row['PhotoAlt'] = strip_tags($register["description"]);
  229. $row['Caption'] = $register["description"];
  230. $row['Effect'] = $effect;
  231. break;
  232. case "3":
  233. $row['Quote'] = $register["description"];
  234. $row['Source'] = $register["title"];
  235. break;
  236. case "4":
  237. if ($conf->shorten_links) {
  238. $register["url"] = $util_class->_file_get_contents("http://api.abbrr.com/api.php?out=link&url=".$register["url"]);
  239. }
  240. $register["title"] = ($register["title"]=="")? $register["url"] : $register["title"];
  241. $row['URL'] = $register["url"];
  242. $row['Name'] = $register["title"];
  243. $row['Description'] = $register["description"];
  244. break;
  245. case "5":
  246. $row['Title'] = $register["title"];
  247. $row['Conversation'] = $tumble->formatConversation($register["description"]);
  248. break;
  249. case "6":
  250. $row['Video'] = $tumble->getVideoPlayer($register["url"]);
  251. $row['Caption'] = $register["description"];
  252. break;
  253. case "7":
  254. $row['Mp3'] = $tumble->getMp3Player($register["url"]);
  255. $row['Caption'] = $register["description"];
  256. break;
  257. }
  258. $rows[] = $row;
  259. }
  260. $p = new pagination;
  261. $p->items($tumble->getPostsNumber());
  262. $p->limit($limit);
  263. $p->currentPage(isset($page_num) ? $page_num : 1);
  264. $theme->set('pagination', $p->getPagination());
  265. $theme->set('rows', $rows);
  266. } else {
  267. $theme->set('error', __("No posts in this tumblelog."));
  268. }
  269. }
  270. $theme->display(Absolute_Path.'admin/themes/admin/index.htm');
  271. }
  272. } else {
  273. header("Location: ".$conf->urlSorbet."/login.php");
  274. }
  275. ?>