A tumblelog CMS built on AJAX, PHP and MySQL.

index.php 16KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312
  1. <?php
  2. if(!defined('entry'))define('entry', true);
  3. /* ===========================
  4. gelato CMS - A PHP based tumblelog CMS
  5. development version
  6. http://www.gelatocms.com/
  7. gelato CMS is a free software licensed under the GPL 2.0
  8. Copyright (C) 2007 by Pedro Santana <pecesama at gmail dot com>
  9. =========================== */
  10. ?>
  11. <?php
  12. require('../entry.php');
  13. global $user, $conf, $tumble;
  14. #$template = new plantillas("admin");
  15. $theme = new themes;
  16. $isEdition = (isset($_GET["edit"])) ? true : false;
  17. $postId = ($isEdition) ? $_GET["edit"] : NULL;
  18. $theme->set('isEdition',$isEdition);
  19. $theme->set('postId',$postId);
  20. $theme->set('pagination','');
  21. if (get_magic_quotes_gpc()) {
  22. foreach($_GET as $k=>$get){
  23. $_GET[$k]=stripslashes($get);
  24. }
  25. }
  26. if ($user->isAuthenticated()) {
  27. if (isset($_GET["delete"])) {
  28. $tumble->deletePost($_GET['delete']);
  29. header("Location: index.php?deleted=true");
  30. die();
  31. }
  32. if(isset($_POST["btnAdd"])){
  33. unset($_POST["btnAdd"]);
  34. $_POST['type'] = type2Number($_POST['type']);
  35. if ($_POST["type"]=="2") { // is Photo type
  36. if (isset($_POST["url"]) && $_POST["url"]!="") {
  37. $photoName = getFileName($_POST["url"]);
  38. if (!$tumble->savePhoto($_POST["url"])) {
  39. header("Location: ".$conf->urlGelato."/admin/index.php?photo=false");
  40. die();
  41. }
  42. $_POST["url"] = "../uploads/".sanitizeName($photoName);
  43. }
  44. if ( move_uploaded_file( $_FILES['photo']['tmp_name'], "../uploads/".sanitizeName($_FILES['photo']['name']) ) ) {
  45. $_POST["url"] = "../uploads/".sanitizeName($_FILES['photo']['name']);
  46. }
  47. unset($_POST["photo"]);
  48. unset($_POST["MAX_FILE_SIZE"]);
  49. }
  50. if ($_POST["type"]=="7") { // is MP3 type
  51. set_time_limit(300);
  52. $mp3Name = getFileName($_POST["url"]);
  53. if (!$tumble->saveMP3($_POST["url"])) {
  54. header("Location: ".$conf->urlGelato."/admin/index.php?mp3=false");
  55. die();
  56. }
  57. if (isMP3($remoteFileName)) {
  58. $_POST["url"] = $conf->urlGelato."/uploads/".$mp3Name;
  59. }
  60. }
  61. if (!get_magic_quotes_gpc()) {
  62. $_POST["title"] = addslashes($_POST["title"]);
  63. $_POST["description"] = addslashes($_POST["description"]);
  64. }
  65. /*
  66. $textile = new Textile();
  67. $_POST["title"] = $textile->TextileThis(removeBadTags($_POST["title"],true));
  68. $_POST["description"] = $textile->TextileThis(removeBadTags($_POST["description"]));
  69. */
  70. $_POST["title"] = removeBadTags($_POST["title"],true);
  71. $_POST["description"] = removeBadTags($_POST["description"]);
  72. if (isset($_POST["id_post"]) and is_numeric($_POST["id_post"]) and $_POST["id_post"]>0) {
  73. $tumble->modifyPost($_POST, $_POST["id_post"]);
  74. } else {
  75. if ($tumble->addPost($_POST)) {
  76. header("Location: ".$conf->urlGelato."/admin/index.php?added=true");
  77. die();
  78. } else {
  79. header("Location: ".$conf->urlGelato."/admin/index.php?error=2&des=".$tumble->merror);
  80. die();
  81. }
  82. }
  83. } else {
  84. if ($isEdition) {
  85. $post = $tumble->getPost($postId);
  86. }
  87. $theme->set('version',version());
  88. $theme->set('conf', array(
  89. 'urlGelato'=>$conf->urlGelato,
  90. 'richText'=>$conf->richText
  91. ));
  92. $theme->set('new',isset($_GET['new'])?$_GET['new']:'');
  93. $theme->set('information',false);
  94. $theme->set('error',false);
  95. if($conf->check_version){
  96. $present = version();
  97. $lastest = _file_get_contents("http://www.gelatocms.com/vgel.txt");
  98. if ($present < $lastest)
  99. $theme->set('information',__("A new gelato version has been released and is ready <a href=\"http://www.gelatocms.com/\">for download</a>."));
  100. }
  101. $actions = array(
  102. 'deleted'=>false,
  103. 'modified'=>false,
  104. 'added'=>false
  105. );
  106. if(isset($_GET['deleted']) and $_GET['deleted']=='true'){
  107. $theme->set('exito',__("The post has been eliminated successfully."));
  108. $actions['deleted'] = true;
  109. }
  110. if(isset($_GET["modified"]) and $_GET["modified"]==true){
  111. $theme->set('exito',__("The post has been modified successfully."));
  112. $actions['modified']=true;
  113. }
  114. if(isset($_GET["added"]) and $_GET["added"]==true) {
  115. $theme->set('exito',__("The post has been added successfully."));
  116. $actions['added']=true;
  117. }
  118. $theme->set('action',$actions);
  119. if (isset($_GET["error"]) and $_GET["error"]==2)
  120. $theme->set('error',__("Error on the database server:")." </strong>".$_GET["des"]);
  121. if (isset($_GET["mp3"]) and $_GET["mp3"]=='false')
  122. $theme->set('error',__("Not an MP3 file or an upload problem."));
  123. if (isset($_GET["photo"]) and $_GET["photo"]=='false')
  124. $theme->set('error',__("Not a photo file or an upload problem."));
  125. if ($isEdition) {
  126. switch ($post["type"]) {
  127. case "1": $_GET["new"] = "post"; break;
  128. case "2": $_GET["new"] = "photo"; break;
  129. case "3": $_GET["new"] = "quote"; break;
  130. case "4": $_GET["new"] = "url"; break;
  131. case "5": $_GET["new"] = "conversation"; break;
  132. case "6": $_GET["new"] = "video"; break;
  133. case "7": $_GET["new"] = "mp3"; break;
  134. }
  135. }
  136. $date = ($isEdition) ? strtotime($post["date"]) : gmmktime();
  137. $title = ($isEdition) ? htmlspecialchars(stripslashes($post["title"])) : "";
  138. $body = ($isEdition) ? stripslashes($post["description"]) : "";
  139. $url = ($isEdition) ? $post["url"] : "";
  140. if (!isset($_GET['new'])) $_GET['new'] = 'post';
  141. $form = new themes;
  142. $form->set('date',$date);
  143. $form->set('id_user',$_SESSION['user_id']);
  144. $form->set('type',$_GET["new"]);
  145. $form->set('editBody',$body);
  146. switch ($_GET["new"]) {
  147. case "post":
  148. $form->set('editTitle',$title);
  149. $theme->set('form',$form->fetch(Absolute_Path.'admin/themes/admin/template_add_post.htm'));
  150. break;
  151. case "photo":
  152. $url = str_replace("../", $conf->urlGelato."/", $url);
  153. $form->set('editUrl',$url);
  154. $theme->set('form',$form->fetch(Absolute_Path.'admin/themes/admin/template_add_photo.htm'));
  155. break;
  156. case "quote":
  157. $form->set('editTitle',$title);
  158. $theme->set('form',$form->fetch(Absolute_Path.'admin/themes/admin/template_add_quote.htm'));
  159. break;
  160. case "url":
  161. $form->set('editTitle',$title);
  162. $form->set('editUrl',$url);
  163. $theme->set('form',$form->fetch(Absolute_Path.'admin/themes/admin/template_add_link.htm'));
  164. break;
  165. case "conversation":
  166. $form->set('editTitle',$title);
  167. $theme->set('form',$form->fetch(Absolute_Path.'admin/themes/admin/template_add_conversation.htm'));
  168. break;
  169. case "video":
  170. $form->set('editUrl',$url);
  171. $theme->set('form',$form->fetch(Absolute_Path.'admin/themes/admin/template_add_video.htm'));
  172. break;
  173. case "mp3":
  174. $form->set('editUrl',$url);
  175. $theme->set('form',$form->fetch(Absolute_Path.'admin/themes/admin/template_add_mp3.htm'));
  176. break;
  177. }
  178. if (!$isEdition){
  179. if (isset($_GET["page"]))
  180. $page_num = $_GET["page"];
  181. else
  182. $page_num = NULL;
  183. $limit=$conf->postLimit;
  184. if(isset($page_num) && is_numeric($page_num) && $page_num>0)// Is defined the page and is numeric?
  185. $from = (($page_num-1) * $limit);
  186. else
  187. $from = 0;
  188. $rs = $tumble->getPosts($limit, $from);
  189. $theme->set('Posts_Number',$tumble->contarRegistros());
  190. $rows = array();
  191. if ($tumble->contarRegistros()>0) {
  192. while($register = mysql_fetch_array($rs)) {
  193. $row['postType'] = type2Text($tumble->getType($register["id_post"]));
  194. $formatedDate = gmdate("M d", strtotime($register["date"])+transform_offset($conf->offsetTime));
  195. $strEnd=($conf->urlFriendly) ? "/" : "";
  196. $permalink = $conf->urlGelato.($conf->urlFriendly?"/post/":"/index.php?post=").$register["id_post"].$strEnd;
  197. $register["title"] = stripslashes($register["title"]);
  198. $register["description"] = stripslashes($register["description"]);
  199. $row['Id_Post'] = $register["id_post"];
  200. $row['Date_Added'] = $formatedDate;
  201. $row['Permalink'] = $permalink;
  202. switch ($tumble->getType($register["id_post"])) {
  203. case "1":
  204. $row['Title'] = $register["title"];
  205. $row['Body'] = $register["description"];
  206. break;
  207. case "2":
  208. $fileName = "../uploads/".getFileName($register["url"]);
  209. $x = @getimagesize($fileName);
  210. if ($x[0] > 100)
  211. $photoPath = $conf->urlGelato."/classes/imgsize.php?w=100&img=".$register["url"];
  212. else
  213. $photoPath = $register["url"];
  214. $effect = " href=\"".str_replace("../", $conf->urlGelato."/", $register["url"])."\" rel=\"lightbox\"";
  215. $row['PhotoURL'] = $photoPath;
  216. $row['PhotoAlt'] = strip_tags($register["description"]);
  217. $row['Caption'] = $register["description"];
  218. $row['Effect'] = $effect;
  219. break;
  220. case "3":
  221. $row['Quote'] = $register["description"];
  222. $row['Source'] = $register["title"];
  223. break;
  224. case "4":
  225. if($conf->shorten_links)
  226. $register["url"] = _file_get_contents("http://api.abbrr.com/api.php?out=link&url=".$register["url"]);
  227. $register["title"] = ($register["title"]=="")? $register["url"] : $register["title"];
  228. $row['URL'] = $register["url"];
  229. $row['Name'] = $register["title"];
  230. $row['Description'] = $register["description"];
  231. break;
  232. case "5":
  233. $row['Title'] = $register["title"];
  234. $row['Conversation'] = $tumble->formatConversation($register["description"]);
  235. break;
  236. case "6":
  237. $row['Video'] = $tumble->getVideoPlayer($register["url"]);
  238. $row['Caption'] = $register["description"];
  239. break;
  240. case "7":
  241. $row['Mp3'] = $tumble->getMp3Player($register["url"]);
  242. $row['Caption'] = $register["description"];
  243. break;
  244. }
  245. $rows[] = $row;
  246. }
  247. $p = new pagination;
  248. $p->items($tumble->getPostsNumber());
  249. $p->limit($limit);
  250. $p->currentPage(isset($page_num) ? $page_num : 1);
  251. $theme->set('pagination',$p->getPagination());
  252. $theme->set('rows',$rows);
  253. }else{
  254. $theme->set('error',__("No posts in this tumblelog."));
  255. }
  256. }
  257. $theme->display(Absolute_Path.'admin/themes/admin/index.htm');
  258. }
  259. } else {
  260. header("Location: ".$conf->urlGelato."/login.php");
  261. }
  262. ?>