forked from Kak2X/jul
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnews.php
199 lines (177 loc) · 6.06 KB
/
news.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
<?php
/*
News Engine v0.4 -- 06/05/18
DESCRIPTION:
A news engine (read: alternate announcements page) that everybody can read, but only privileged or up can write.
Any logged in user can create comments.
The permission settings are stored in config.php
(this is a test for forum integration)
*/
require "lib/function.php";
require "lib/news_function.php";
$_GET['id'] = filter_int($_GET['id']);
$_GET['user'] = filter_int($_GET['user']);
$_GET['pin'] = filter_int($_GET['pin']); // Peek post ID
$_GET['edit'] = filter_int($_GET['edit']); // Edit comment ID
// Tag filter
$_GET['tag'] = filter_int($_GET['tag']);
// Search results
$_POST['ord'] = filter_int($_POST['ord']);
$_POST['search'] = filter_string($_POST['search']);
$_POST['page'] = filter_int($_POST['page']);
news_header("Main page");
$tagfilter = $joins = $q_where = "";
if ($_GET['id']) {
// If only one post is selected, ignore all other filters
$q_where = "WHERE n.id = ?";
$vals = array($_GET['id']);
if (!$canwrite)
$q_where .= " AND n.deleted = 0";
} else {
$where = $vals = array();
// Initial option for text search
if ($_POST['search']) {
$where[] = "n.text LIKE ?";
$vals[] = "%".escape_like_wildcards($_POST['search'])."%";
}
// Do not display deleted news to guests
if (!$canwrite)
$where[] = "n.deleted = 0";
// Filter by user
if ($_GET['user'])
$where[] = "n.user = {$_GET['user']}";
if ($where)
$q_where = "WHERE ".implode(' AND ', $where);
// Special filter since it should not be used on the $tags query
if ($_GET['tag']) {
$joins .= "INNER JOIN news_tags_assoc a ON n.id = a.post";
$tagfilter .= ($where ? " AND" : " WHERE")." a.tag = {$_GET['tag']}";
}
}
// Get the total right away to possibly fix bad page numbers
$total = $sql->resultp("SELECT COUNT(*) FROM news n {$joins}{$q_where}{$tagfilter}", $vals);
$ppp = get_ppp();
$pagelist = page_select($total, $ppp);
$min = $_POST['page'] * $ppp;
// Get the posts we need
$news = $sql->queryp("
SELECT n.id, n.user, n.date, n.title, n.text, n.lastedituser, n.lasteditdate, n.deleted, n.nosmilies, n.nohtml,
".set_userfields('u1')." uid, ".set_userfields('u2')." uid, COUNT(c.id) comments
FROM news n
LEFT JOIN users u1 ON n.user = u1.id
LEFT JOIN users u2 ON n.lastedituser = u2.id
LEFT JOIN news_comments c ON n.id = c.pid AND c.deleted = 0
{$joins}
{$q_where}{$tagfilter}
GROUP BY n.id
ORDER BY n.date ".($_POST['ord'] ? "ASC" : "DESC")."
LIMIT {$min}, {$ppp}
", $vals);
// Tags have to be loaded separately
$tagsq = $sql->queryp("
SELECT a.post, t.id, t.title
FROM news n
INNER JOIN news_tags_assoc a ON n.id = a.post
INNER JOIN news_tags t ON a.tag = t.id
{$q_where}
", $vals);
//$tags = $sql->fetchAll($tagsq, PDO::FETCH_GROUP);
$tags = array();
while ($x = $sql->fetch($tagsq))
$tags[$x['post']][$x['id']] = $x;
/*
Number of posts (on this page)
*/
$foundres = "";
if (!$_GET['id']){
$foundres = "<div class='fonts w center'>".
"Showing {$total} post".($total == 1 ? "" : "s")." in total".
($total > $ppp ? ", from ".($min + 1)." to ".min($total, $min + $ppp)." on this page" : "").".<br>".
"Sorting from ".($_POST['ord'] ? "oldest to newest" : "newest to oldest").".".
"</div>";
}
$url = "?tag={$_GET['tag']}&user={$_GET['user']}";
?>
<br>
<table>
<tr>
<td class='w' style='vertical-align: top; padding: 10px 40px 0px 40px'>
<?php
if (!$sql->num_rows($news)) {
?>
<table class='table news-container'>
<tr><td class="tdbg2 center">It looks like nothing was found. Do you want to try again?</td></tr>
</table>
<?php
} else while ($post = $sql->fetch($news, PDO::FETCH_NAMED)) {
$post['tags'] = $tags[$post['id']];
$post['userdata'] = array_column_by_key($post, 0);
$post['edituserdata'] = array_column_by_key($post, 1);
print news_format($post, !$_GET['id'], $_GET['pin'])."<br>";
if ($_GET['id'])
print news_comments($_GET['id'], $post['user'], $_GET['edit']);
}
?>
<br>
<br>
</td>
<!-- sorting options and search box -->
<td style='vertical-align: top'>
<?php if ($canwrite) { ?>
<table class='table fonts small-shadow'>
<tr><td class='tdbgh center'>Options</td></tr>
<tr><td><a href='news-editpost.php?new'>New post</a></td>
</tr>
</table>
<br>
<?php } ?>
<form method='POST' action="<?= $url ?>">
<table class='table fonts small-shadow'>
<tr><td class="tdbgh center" colspan=2>Search</td></tr>
<tr>
<td class="tdbg1 center b">Text:</td>
<td class="tdbg2">
<input type='text' name='search' size=40 value="<?= htmlspecialchars($_POST['search']) ?>">
</td>
</td>
<tr>
<td class="tdbg1 center b">Sorting:</td>
<td class="tdbg2">
<label><input type="radio" name="ord" value=0<?= ($_POST['ord'] == 0 ? " checked" : "")?>> Newest to oldest</label>
</td>
</td>
<tr>
<td class="tdbg1 center b"></td>
<td class="tdbg2">
<label><input type="radio" name="ord" value=1<?= ($_POST['ord'] == 1 ? " checked" : "")?>> Oldest to newest</label>
</td>
</td>
<tr>
<td class="tdbg1 center b">Page:</td>
<td class="tdbg2"><?= $pagelist ?></td>
</tr>
<tr>
<td class="tdbg1"></td>
<td class="tdbg2"><input type='submit' name='dosearch' value='Search'></td>
</tr>
<tr><td class="tdbgh center b" colspan=2></td></tr>
<tr><td class='tdbg1' colspan=2><?= $foundres ?></td></tr>
</table>
</form>
<br>
<table class='table fonts small-shadow'>
<tr><td class='tdbgh center'>Tags</td></tr>
<tr><td style='padding: 4px'><?= main_news_tags(15) ?></td>
</tr>
</table>
<br>
<table class='table fonts small-shadow'>
<tr><td class='tdbgh center'>Latest comments</td></tr>
<tr><td class='fonts' style='padding: 4px'><?= recentcomments(5) ?></td>
</tr>
</table>
</td>
</tr>
</table>
<?php
news_footer();