00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00015 class article implements module, fileuploadable {
00016 private $userId;
00017 private $moduleComponentId;
00018 private $action;
00019
00020 public function getHtml($gotuid, $gotmoduleComponentId, $gotaction) {
00021
00022 $this->userId = $gotuid;
00023 $this->moduleComponentId = $gotmoduleComponentId;
00024 $this->action = $gotaction;
00025
00026 if ($this->action == "view")
00027 return $this->actionView();
00028 if ($this->action == "edit")
00029 return $this->actionEdit();
00030 }
00031
00035 public static function getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName) {
00036 return getPermissions($userId, $pageId, "view");
00037 }
00038
00039 public static function getUploadableFileProperties(&$fileTypesArray,&$maxFileSizeInBytes) {
00040 $fileTypesArray = array('jpg','jpeg','png','doc','pdf','gif','bmp','css','js','html','xml','ods','odt','oft','pps','ppt','tex','tiff','txt','chm','mp3','mp2','wave','wav','mpg','ogg','mpeg','wmv','wma','wmf','rm','avi','gzip','gz','rar','bmp','psd','bz2','tar','zip','swf','fla','flv','eps','xcf','xls','exe','7z');
00041 $maxFileSizeInBytes = 30*1024*1024;
00042 }
00043
00044 function isCommentsEnabled() {
00045 $result = mysql_fetch_array(mysql_query("SELECT `allowComments` FROM `article_content` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'"));
00046 return $result['allowComments'];
00047 }
00048
00049 function setCommentEnable($val) {
00050 mysql_query("UPDATE `article_content` SET `allowComments` = $val WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'");
00051 }
00052
00053 function renderComment($id,$user,$timestamp,$comment,$delete=0) {
00054 global $ICONS;
00055 if($delete==1)
00056 {
00057 global $urlRequestRoot,$cmsFolder,$templateFolder;
00058 $delete = "<a class='commentdelete' href='./+edit&delComment=$id'>{$ICONS['Delete']['large']}</a>";
00059 }
00060 else $delete="";
00061
00062 $ret = <<<RET
00063 <div class="articlecomment">
00064 <span class="articlecomment_info">
00065 Posted By: $user on $timestamp
00066 </span>
00067 <br/><span class="articlecomment_content">
00068 $comment
00069 </span>
00070 $delete
00071 </div>
00072 RET;
00073 return $ret;
00074 }
00075
00076 function commentBox() {
00077 global $sourceFolder;
00078 require_once("$sourceFolder/common.lib.php");
00079 $user = getUserName($this->userId);
00080 $ret = <<<RET
00081 <fieldset><legend>New Comment</legend>
00082 <form method=POST action='./+view&subaction=postcomment'>
00083 <table width=100%>
00084 <tr><td>Posted By:</td><td><input type=text disabled="disabled" value="$user"></td></tr>
00085 <tr><td>Comment:</td><td><textarea name=comment rows=4 cols=50>Enter your comment here...</textarea></td>
00086 </table>
00087 <input type=submit name=btnSubmit value=Post>
00088 </form>
00089 </fieldset>
00090 RET;
00091 return $ret;
00092 }
00093
00094 public function actionView($text="") {
00095
00096 if (isset($_GET['draft']) && isset ($_POST['CKEditor1'])){
00097
00098
00099 $query="SELECT MAX(draft_number) AS MAX FROM `article_draft` WHERE page_modulecomponentid =" . $this->moduleComponentId;
00100 $result = mysql_query($query);
00101 if(!$result) { displayerror(mysql_error() . "article.lib L:44"); return; }
00102 if(mysql_num_rows($result))
00103 {
00104 $drow = mysql_fetch_assoc($result);
00105 $draftId = $drow['MAX'] + 1;
00106 }
00107 else $draftId=1;
00108
00109 $query = "INSERT INTO `article_draft` (`page_modulecomponentid`,`draft_number`,`draft_content`,`draft_lastsaved`,`user_id`) VALUES ('".$this->moduleComponentId."','".$draftId."','".$_POST['CKEditor1']."',now(),'".$this->userId."')";
00110 $result = mysql_query($query) or die(mysql_error());
00111 if(mysql_affected_rows() < 1)
00112 displayerror("Unable to draft the article");
00113
00114 }
00115 if($this->isCommentsEnabled() && isset($_POST['btnSubmit'])) {
00116 $id = mysql_fetch_array(mysql_query("SELECT MAX(`comment_id`) AS MAX FROM `article_comments`"));
00117 $id = $id['MAX'] + 1;
00118 $user = getUserName($this->userId);
00119 $comment = escape(safe_html($_POST['comment']));
00120 mysql_query("INSERT INTO `article_comments`(`comment_id`,`page_modulecomponentid`,`user`,`comment`) VALUES('$id','{$this->moduleComponentId}','$user','$comment')");
00121 if(mysql_affected_rows())
00122 displayinfo("Post successful");
00123 else
00124 displayerror("Error in posting comment");
00125 }
00126 if($text==""){
00127 $query = "SELECT article_content,article_lastupdated FROM article_content WHERE page_modulecomponentid=" . $this->moduleComponentId;
00128 $result = mysql_query($query);
00129 if($row = mysql_fetch_assoc($result)) {
00130 $text = $row['article_content'];
00131 $text = censor_words($text);
00132 global $PAGELASTUPDATED;
00133 $PAGELASTUPDATED = $row['article_lastupdated'];
00134 }
00135 else return "Article not yet created.";
00136 }
00137 global $sourceFolder;
00138 global $moduleFolder;
00139 require_once($sourceFolder."/latexRender.class.php");
00140 if (get_magic_quotes_gpc())
00141 $text = stripslashes($text);
00142 $render = new latexrender();
00143 $ret = $render->transform($text);
00144
00145 require_once($sourceFolder."/googleMaps.class.php");
00146 $maps = new googlemaps();
00147 $ret = $maps->render($ret);
00148
00149
00150 if($this->isCommentsEnabled()) {
00151 $comments = mysql_query("SELECT `comment_id`,`user`,`timestamp`,`comment` FROM `article_comments` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `timestamp`");
00152 if(mysql_num_rows($comments)>0)
00153 $ret .= "<fieldset><legend>Comments</legend>";
00154 while($row = mysql_fetch_array($comments))
00155 $ret .= $this->renderComment($row['comment_id'],$row['user'],$row['timestamp'],$row['comment']);
00156 if(mysql_num_rows($comments)>0)
00157 $ret .= "</fieldset>";
00158 $ret .= $this->commentBox();
00159 }
00160 return $ret;
00161 }
00162
00163
00164 public function actionEdit() {
00165 global $sourceFolder,$ICONS;
00166
00167 require_once($sourceFolder."/upload.lib.php");
00168
00169 if (isset($_GET['deldraft']))
00170 {
00171 $dno = escape($_GET['dno']);
00172 $query = "DELETE FROM `article_draft` WHERE `page_modulecomponentid`=". $this->moduleComponentId." AND `draft_number`=".$dno;
00173 $result = mysql_query($query) or die(mysql_error());
00174 }
00175
00176 global $ICONS;
00177 $header = <<<HEADER
00178 <fieldset><legend><a name='topquicklinks'>Quicklinks</a></legend>
00179 <table class='iconspanel'>
00180 <tr>
00181 <td><a href='#editor'><div>{$ICONS['Edit Page']['large']}<br/>Edit Page</div></a></td>
00182 <td><a href='#files'><div>{$ICONS['Uploaded Files']['large']}<br/>Manage Uploaded Files</div></a></td>
00183 <td><a href='#drafts'><div>{$ICONS['Drafts']['large']}<br/>Saved Drafts</div></a></td>
00184 <td><a href='#revisions'><div>{$ICONS['Page Revisions']['large']}<br/>Page Revisions</div></a></td>
00185 <td><a href='#comments'><div>{$ICONS['Page Comments']['large']}<br/>Page Comments</div></a></td>
00186 </tr>
00187 </table>
00188
00189
00190 </fieldset><br/><br/>
00191 HEADER;
00192
00193 submitFileUploadForm($this->moduleComponentId,"article",$this->userId,UPLOAD_SIZE_LIMIT);
00194 if(isset($_GET['delComment']) && $this->userId == 1) {
00195 mysql_query("DELETE FROM `article_comments` WHERE `comment_id` = '".escape($_GET['delComment'])."'");
00196 if(mysql_affected_rows())
00197 displayinfo("Comment deleted!");
00198 else
00199 displayerror("Error in deleting comment");
00200 }
00201 if (isset($_GET['preview']) && isset ($_POST['CKEditor1'])) {
00202 return "<div id=\"preview\" class=\"warning\"><a name=\"preview\">Preview</a></div>".$this->actionView(stripslashes($_POST[CKEditor1])).$this->getCkBody(stripslashes($_POST[CKEditor1]));
00203 }
00204 if (isset($_GET['version'])) {
00205 $revision = $this->getRevision($_GET['version']);
00206 return "<div id=\"preview\" class=\"warning\"><a name=\"preview\">Previewing Revision Number ".$_GET['version']."</a></div>".$this->actionView($revision).$this->getCkBody($revision);
00207 }
00208 if (isset($_GET['dversion'])) {
00209 $draft = $this->getDraft($_GET['dversion']);
00210 displayinfo("Viewing Draft number ".$_GET['dversion']);
00211 return $header.$this->getCkBody($draft);
00212 }
00213
00214
00215 if (isset ($_POST['CKEditor1'])) {
00216
00217
00218
00219 $query = "SELECT article_content FROM article_content WHERE page_modulecomponentid=" . $this->moduleComponentId;
00220 $result = mysql_query($query);
00221 $row = mysql_fetch_assoc($result);
00222 $diff = mysql_escape_string($this->diff($_POST['CKEditor1'],$row['article_content']));
00223 $query="SELECT MAX(article_revision) AS MAX FROM `article_contentbak` WHERE page_modulecomponentid =" . $this->moduleComponentId;
00224 $result = mysql_query($query);
00225 if(!$result) { displayerror(mysql_error() . "article.lib L:44"); return; }
00226 if(mysql_num_rows($result))
00227 {
00228 $row = mysql_fetch_assoc($result);
00229 $revId = $row['MAX'] + 1;
00230 }
00231 else $revId=1;
00232
00233
00234 $query = "INSERT INTO `article_contentbak` (`page_modulecomponentid` ,`article_revision` ,`article_diff`,`user_id`)
00235 VALUES ('$this->moduleComponentId', '$revId','$diff','$this->userId')";
00236 $result = mysql_query($query);
00237 if(!$result) { displayerror(mysql_error() . "article.lib L:44"); return; }
00238
00239
00240
00241 $query = "UPDATE `article_content` SET `article_content` = '" . $_POST["CKEditor1"] . "' WHERE `page_modulecomponentid` =$this->moduleComponentId ";
00242 $result = mysql_query($query);
00243 if(mysql_affected_rows() < 1)
00244 displayerror("Unable to update the article");
00245 else {
00246
00247
00248 $page = replaceAction(selfURI(),"edit","view");
00249 global $sourceFolder,$moduleFolder;
00250 require_once("$sourceFolder/$moduleFolder/search/admin/spider.php");
00251 index_url($page, 0, 0, '', 0, 0, 1);
00252 }
00253 return $this->actionView();
00254 }
00255 $fulleditpage = $this->getCkBody();
00256
00257 $commentsedit = "<fieldset><legend><a name='comments'>{$ICONS['Page Comments']['small']}Comments</a></legend>";
00258
00259 if($this->isCommentsEnabled()) {
00260 $comments = mysql_query("SELECT `comment_id`,`user`,`timestamp`,`comment` FROM `article_comments` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `timestamp`");
00261 if(mysql_num_rows($comments)==0)
00262 $commentsedit.= "No comments have been posted !";
00263
00264
00265 while($row = mysql_fetch_array($comments))
00266 {
00267 $commentsedit .= $this->renderComment($row['comment_id'],$row['user'],$row['timestamp'],$row['comment'],1);
00268
00269 }
00270
00271 }
00272 else $commentsedit .= "Comments are disabled for this page! You can allow comments from <a href='./+settings'>pagesettings</a>.";
00273 $commentsedit .="</fieldset>";
00274 $top="<a href='#topquicklinks'>Top</a>";
00275 $fulleditpage .= $commentsedit.$top;
00276
00277 return $header.$fulleditpage;
00278
00279 }
00280
00281 public function diff($new,$old)
00282 {
00283
00284
00285
00286
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300
00301
00302
00303
00304
00305
00306
00307
00308
00309
00310
00311
00312
00313
00314
00315
00316
00317 return $old;
00318 }
00319 public function patch($article,$patch) {
00320
00321
00322
00323
00324
00325
00326
00327
00328
00329
00330
00331
00332
00333
00334
00335
00336
00337
00338
00339
00340
00341
00342
00343
00344
00345
00346
00347
00348
00349
00350
00351
00352
00353
00354
00355
00356
00357
00358 return $patch;
00359 }
00360 public function getRevision($revisionNo) {
00361 $currentquery = "SELECT article_content FROM article_content WHERE page_modulecomponentid=" . $this->moduleComponentId;
00362 $currentresult = mysql_query($currentquery);
00363 $currentrow = mysql_fetch_assoc($currentresult);
00364 $revision = $currentrow['article_content'];
00365 $diffquery = "SELECT * FROM `article_contentbak` WHERE `page_modulecomponentid`= $this->moduleComponentId AND article_revision >= '$revisionNo' ORDER BY article_revision DESC";
00366 $diffresult = mysql_query($diffquery);
00367 while($diffrow = mysql_fetch_assoc($diffresult)) {
00368 $revision = $this->patch($revision,$diffrow['article_diff']);
00369 }
00370 return $revision;
00371 }
00372
00373 public function getDraft($draftNo) {
00374 $currentquery = "SELECT draft_content FROM article_draft WHERE page_modulecomponentid=" . $this->moduleComponentId;
00375 $currentresult = mysql_query($currentquery);
00376 $currentrow = mysql_fetch_assoc($currentresult);
00377 $draft = $currentrow['draft_content'];
00378 $diffquery = "SELECT * FROM `article_draft` WHERE `page_modulecomponentid`= $this->moduleComponentId AND draft_number >= '$draftNo' ORDER BY draft_number DESC";
00379 $diffresult = mysql_query($diffquery);
00380 while($diffrow = mysql_fetch_assoc($diffresult)) {
00381 $draft = $this->patch($draft,$diffrow['draft_content']);
00382 }
00383 return $draft;
00384 }
00385
00386 public function getCkBody($content=""){
00387 global $sourceFolder;
00388 global $cmsFolder;
00389 global $moduleFolder;
00390 global $urlRequestRoot;
00391 global $ICONS;
00392 require_once ("$sourceFolder/$moduleFolder/article/ckeditor/ckeditor.php");
00393 if($content=="") {
00394 $query = "SELECT * FROM `article_content` WHERE `page_modulecomponentid`= $this->moduleComponentId";
00395 $result = mysql_query($query);
00396 $temp = mysql_fetch_assoc($result);
00397 $content = $temp['article_content'];
00398 }
00399
00400 $CkForm =<<<Ck
00401 <form action="./+edit" method="post">
00402 <a name="editor"></a>
00403 <input type="button" value="Cancel" onclick="submitarticleformCancel(this);"><input type="submit" value="Save"><input type="button" value="Preview" onclick="submitarticleformPreview(this)"><input type="button" value="Draft" onclick="submitarticleformDraft(this);">
00404 To upload files and images, go to the <a href="#files">files section</a>.
00405 Ck;
00406 $top ="<a href='#topquicklinks'>Top</a>";
00407 $oCKEditor = new CKeditor();
00408 $oCKEditor->basePath = "$urlRequestRoot/$cmsFolder/$moduleFolder/article/ckeditor/";
00409 $oCKEditor->config['width'] = '100%';
00410 $oCKEditor->config['height'] = '300';
00411 $oCKEditor->returnOutput = true;
00412 $Ckbody = $oCKEditor->editor('CKEditor1',$content);
00413
00414 $CkFooter =<<<Ck1
00415 <input type="button" value="Cancel" onclick="submitarticleformCancel(this);"><input type="submit" value="Save"><input type="button" value="Preview" onclick="submitarticleformPreview(this)"><input type="button" value="Draft" onclick="submitarticleformDraft(this);">
00416 </form>
00417 <script language="javascript">
00418 function submitarticleformPreview(butt) {
00419 butt.form.action = "./+edit&preview=yes#preview";
00420 butt.form.submit();
00421 }
00422 function submitarticleformCancel(butt) {
00423 butt.form.action="./+view";
00424 butt.form.submit();
00425 }
00426 function submitarticleformDraft(butt) {
00427 butt.form.action="./+view&draft=yes";
00428 butt.form.submit();
00429 }
00430 </script><br />
00431 $top
00432 <fieldset>
00433 <legend><a name="files">{$ICONS['Uploaded Files']['small']}Uploaded Files</a></legend>
00434
00435 Ck1;
00436 $CkFooter .= getUploadedFilePreviewDeleteForm($this->moduleComponentId,"article",'./+edit');
00437 $CkFooter .= '<br />Upload files : <br />'.getFileUploadForm($this->moduleComponentId,"article",'./+edit',UPLOAD_SIZE_LIMIT,5).'</fieldset>';
00438
00439
00440 $revisionquery = "SELECT MAX(article_revision) AS MAX FROM `article_contentbak` where page_modulecomponentid = $this->moduleComponentId";
00441 $revisionresult = mysql_query($revisionquery);
00442 $revisionrow = mysql_fetch_assoc($revisionresult);
00443 $start = $revisionrow['MAX'] - 10;
00444 if(isset($_GET['revisionno']))
00445 $start = escape($_GET['revisionno']);
00446 if($start>$revisionrow['MAX']-9) $start = $revisionrow['MAX']-10;
00447 if($start<0) $start = 0;
00448 $count = 10;
00449 if(isset($_GET['count']))
00450 $count = escape($_GET['count']);
00451 if($count>($revisionrow['MAX']-$start+1)) $count = $revisionrow['MAX']-$start+1;
00452 $query = "SELECT article_revision,article_updatetime,user_id FROM `article_contentbak` where page_modulecomponentid = $this->moduleComponentId ORDER BY article_revision LIMIT $start,$count";
00453 $result = mysql_query($query);
00454 $revisionTable = "<fieldset>
00455 <legend><a name='revisions'>{$ICONS['Page Revisions']['small']}Page Revisions : </a></legend>" .
00456 "<table border='1'><tr><td>Revision Number</td><td>Date Updated</td><td>User Fullname</td><td>User Email</td></tr>";
00457 while ($row = mysql_fetch_assoc($result)) {
00458 $revisionTable .= "<tr><td><a href=\"./+edit&version=".$row['article_revision']."#preview\">".$row['article_revision']."</a></td><td>".$row['article_updatetime']."</td><td>".getUserFullName($row['user_id'])."</td><td>".getUserEmail($row['user_id'])."</td></tr>";
00459 }
00460 $revisionTable .="</table>" .
00461 "<input type=\"button\" value=\"<<\" onclick=\"window.location='./+edit&revisionno=0'\" /> " .
00462 "<input type=\"button\" value=\"<\" onclick=\"window.location='./+edit&revisionno=".($start - 10)."'\" /> " .
00463 "<input type=\"button\" value=\">\" onclick=\"window.location='./+edit&revisionno=".($start + 10)."'\" /> " .
00464 "<input type=\"button\" value=\">>\" onclick=\"window.location='./+edit&revisionno=".($revisionrow['MAX']-10)."'\" /> " .
00465 "</fieldset>";
00466
00467
00468 $draftquery = "SELECT MAX(draft_number) AS MAX FROM `article_draft` where page_modulecomponentid = $this->moduleComponentId";
00469 $draftresult = mysql_query($draftquery);
00470 $draftrow = mysql_fetch_assoc($draftresult);
00471 $dstart = $draftrow['MAX'] - 10;
00472 if(isset($_GET['draftno']))
00473 $dstart = escape($_GET['draftno']);
00474 if($dstart>$draftrow['MAX']-9) $dstart = $draftrow['MAX']-10;
00475 if($dstart<0) $dstart = 0;
00476 $dcount = 10;
00477 if(isset($_GET['dcount']))
00478 $dcount = escape($_GET['dcount']);
00479 if($dcount>($draftrow['MAX']-$dstart+1)) $dcount = $draftrow['MAX']-$dstart+1;
00480
00481 $query = "SELECT `draft_lastsaved`,`draft_number`,`user_id` FROM `article_draft` where `page_modulecomponentid` = $this->moduleComponentId ORDER BY `draft_lastsaved` LIMIT $dstart,$dcount";
00482 $result = mysql_query($query);
00483 $draftTable = "<fieldset>
00484 <legend><a name='drafts'>{$ICONS['Page Revisions']['small']}Drafts Saved : </a></legend>" .
00485 "<table border='1'><tr><td>Draft Number</td><td>Date Drafted</td><td>User Fullname</td><td>User Email</td><td>Delete</td></tr>";
00486
00487 while ($row = mysql_fetch_assoc($result)) {
00488 $draftTable .= "<tr><td><a href=\"./+edit&dversion=".$row['draft_number']."#preview\">".$row['draft_number']."</a></td><td>".$row['draft_lastsaved']."</td><td>".getUserFullName($row['user_id'])."</td><td>".getUserEmail($row['user_id'])."</td><td><form action='./+edit&deldraft=yes&dno=".$row['draft_number']."' method='post'><input type='button' value='Delete' onclick='submitarticleformDeldraft(this);'></form>
00489 <script language='javascript'>
00490 function submitarticleformDeldraft(butt) {
00491 if(confirm('Are you sure you want to delete this draft ? '))
00492 butt.form.submit();
00493 }
00494 </script></td></tr>";
00495 }
00496 $draftTable .="</table>" .
00497 "<input type=\"button\" value=\"<<\" onclick=\"window.location='./+edit&draftnno=0'\" /> " .
00498 "<input type=\"button\" value=\"<\" onclick=\"window.location='./+edit&draftno=".($dstart - 10)."'\" /> " .
00499 "<input type=\"button\" value=\">\" onclick=\"window.location='./+edit&draftno=".($dstart + 10)."'\" /> " .
00500 "<input type=\"button\" value=\">>\" onclick=\"window.location='./+edit&draftno=".($draftrow['MAX']-10)."'\" /> " .
00501 "</fieldset>";
00502
00503
00504
00505
00506
00507
00508 return $CkForm . $Ckbody . $CkFooter.$draftTable.$top.$revisionTable.$top;
00509 }
00510
00511 public function createModule($compId) {
00512 $query = "INSERT INTO `article_content` (`page_modulecomponentid` ,`article_content`, `allowComments`)VALUES ('$compId', 'Coming up Soon!!!','0')";
00513 $result = mysql_query($query) or die(mysql_error()."article.lib L:76");
00514 }
00515 public function deleteModule($moduleComponentId) {
00516
00517 $pageId=getPageIdFromModuleComponentId("article",$moduleComponentId);
00518 $path=getPagePath($pageId);
00519 global $urlRequestRoot;
00520 $delurl = "http://".$_SERVER['HTTP_HOST'].$urlRequestRoot."/home".$path;
00521 $query="SELECT link_id FROM `links` WHERE url='$delurl'";
00522
00523 $result=mysql_query($query);
00524 if(mysql_num_rows($result)==0) return true;
00525 $delids="";
00526 while($row=mysql_fetch_row($result))
00527 $delids.=$row[0].",";
00528
00529 $delids=rtrim($delids,",");
00530
00531 $query="DELETE FROM `links` WHERE url='$delurl'";
00532
00533 mysql_query($query);
00534 for ($i=0;$i<=15; $i++)
00535 {
00536 $char = dechex($i);
00537 $query="DELETE FROM `link_keyword$char` WHERE link_id IN ($delids)";
00538
00539 mysql_query($query) or die(mysql_error()." article.lib.php L:441");
00540
00541 }
00542 return true;
00543
00544
00545 }
00546 public function copyModule($moduleComponentId, $newId) {
00547 return true;
00548 }
00549
00550 }
00551