source view: current.php


<?php



  $PROTECTED_VALUES['admin-cookie'] = '28AM9aUhybwtZJvUrXAd';



  session_start();
  $post_url_url     = '';
  $directory_prefix = '';
  if ( preg_match( '/(^https?:\/\/[^\/]+)?(\/(?:current\/))?([\w\-]+)\//', $_SERVER['REQUEST_URI'], $matches ) )
  {
    $directory_prefix = '../' . ( strlen( $matches[2] ) > 1 ? '../' : '' );
    $post_url_url     = $matches[3];
  }



  function kstripslashes ( $s )
  {
    if ( get_magic_quotes_gpc() )
    {
      return stripslashes( $s );
    }

    return $s;
  }



  function utf8ord ( $c )
  {
    $s = strlen( $c );
    $o = ord( $c[0] ) & ( 0xff >> $s );

    for ( $i = 1; $i < $s; ++$i )
    {
      $o = $o << 6 | ( ord( $c[$i] ) & 127 );
    }

    return $o;
  }



  // character codes from http://www.localizingjapan.com/blog/2012/01/20/regular-expressions-for-japanese-text/
  function getKaCount ( $c )
  {
    $k = 0;
    $s = 0;
    for ( $i = 0; $i < strlen( $c ); )
    {
      $o = ord( $c[$i] );
      $L = $o < 192 ? 1 : ( $o < 224 ? 2 : ( $o < 240 ? 3 : ( $o < 248 ? 4 : ( $o < 252 ? 5 : ( $o < 254 ? 6 : 1 ) ) ) ) );
      $o = utf8ord( substr( $c, $i, $L ) );

      $k += ( ( $o >= 0x3041 && $o <= 0x3096 )
           || ( $o >= 0x30a0 && $o <= 0x30ff )
           || ( $o >= 0x3400 && $o <= 0x4db5 )
           || ( $o >= 0x4e00 && $o <= 0x9fcb )
           || ( $o >= 0xf900 && $o <= 0xfa6a )
           || ( $o >= 0x2e80 && $o <= 0x2fd5 )
           || ( $o >= 0x3000 && $o <= 0x303f ) ) ? 1 : 0;
      $i += $L;
      $s += ( ( $o >= 9 && $o <= 13 ) || $o == 32 || $o == 160 ) ? 0 : 1;
    }

    return array( $k, $s );
  }



  function looksLikeSpam ( $c )
  {
    $disallowed_nocase = array(
      'canada goose', 'ebook', '\\.ru', 'url=', '^\\s*$', '\\buggs?\\b',
      'cheap jersey', 'nike jersey', 'laboutin', 'louis vuitton', 'pandora jewelry', 'pas cher',
      'provigil', 'xanax', 'tramadol', 'klonopin', 'ambien', 'valium', 'flomax', 'oxycontin', 'cialis',
      'kyle woodward ::', '\\bair\\s*max\\b', '\\blongchamps?\\b'
    );
    $disallowed_case   = array(
      '^\\s*[A-Z][a-z]{3}[A-Z]{4}'
    );
    $disallowed_nocase = join( '|', $disallowed_nocase );
    $disallowed_case   = join( '|', $disallowed_case );
    $ka_thresh         = 0.7;
    $ka_count          = getKaCount( $c );
    $strlen            = strlen( $c ) / 2;
    
    return preg_match( "/$disallowed_nocase/i", $c )
        || preg_match( "/$disallowed_case/", $c )
        || ( $strlen % 2 == 0 && substr( $c, 0, $strlen ) == substr( $c, $strlen ) )
        || ( $ka_count[0] / $ka_count[1] > $ka_thresh );
  }
  
  

  //
  // Work through redirects if we must
  //
  if ( !isset( $_as_include ) )
  {
    require $directory_prefix . 'headers.php';
  }
  
  require $directory_prefix . 'db.connect.php';
  require $directory_prefix . 'blog.functions.php';
  require $directory_prefix . '_pagewrapper.php';

  $post_id          = -1;
  $replacement_name = '';
  $override         = ' AND isVisible = 1';
  if ( isset( $_GET['p'] ) )
  {
    $post_id = intval( $_GET['p'] );
    
    if ( isset( $_SESSION[$PROTECTED_VALUES['admin-cookie']] ) )
    {
      $override = '';
    }
    
    $post_exists_query = mysql_query( 'SELECT blogPostTitle FROM tblBlogPosts WHERE blogPostID = ' . $post_id . $override . ';' );

    if ( mysql_num_rows( $post_exists_query) < 1 )
    {
      $post_id = -1;
    }
    else
    {
      $post_exists_row  = mysql_fetch_row($post_exists_query);
      $replacement_name = $post_exists_row[0];
    }
  }

  if ( strlen( $post_url_url ) > 0 )
  {
    if ( isset( $_SESSION[$PROTECTED_VALUES['admin-cookie']] ) )
    {
      $override = '';
    }

    $post_exists_query = mysql_query( 'SELECT blogPostID, blogPostTitle FROM tblBlogPosts WHERE postURL = \'' . $post_url_url . '\'' . $override );

    if ( $post_exists_row = mysql_fetch_row( $post_exists_query ) )
    {
      $post_id          = $post_exists_row[0];
      $replacement_name = $post_exists_row[1];
    }
    else
    {
      // $post_id = -1;
      // at this point, it *looks* like they've tried to access an old blog post. so let's pipe them to a current blog post.
      header( 'Location: /current.php' );
      exit;
    }
  }

  $comment_array = array(
    'name'         => '',
    'email'        => '',
    'site'         => '',
    'comments'     => '',
    'captcha_error' => ''
  );

  $action    = isset($_POST['action']) ? strtolower($_POST['action']) : '';
  $commented = false;
  if ( $action == 'comment' )
  {
    $name      = $_POST['name'];
    $email     = $_POST['email'];
    $site      = $_POST['site'];
    $post_id   = intval($_POST['p']);
    $comments  = kstripslashes( $_POST['comments'] );
    $commented = true;

    $captcha_id       = mysql_real_escape_string( isset( $_POST['captcha_id'] ) ? $_POST['captcha_id'] : '' );
    $captcha_solution = floatval( isset( $_POST['captcha'] ) ? $_POST['captcha'] : -1 );

    $captcha_query = mysql_query('SELECT capchaSolution FROM tblCapchas WHERE capchaURLID = \''.$captcha_id.'\' AND NOW() < DATE_ADD(startTime,INTERVAL 12 HOUR)');
    if ( !$captcha_query || mysql_num_rows($captcha_query) < 1 )
    {
      $comment_array['captcha_error'] = 'You took too long to comment; try the new CAPTCHA.';
    }
    else
    {
      $captcha_row = mysql_fetch_row($captcha_query);
      if ( abs($captcha_solution-floatval($captcha_row[0])) > 0.001 ) {
        $comment_array['captcha_error'] = 'Sorry, your CAPTCHA response wasn\'t accurate enough; try the new CAPTCHA.';
      }
    }
    
    $spam_error = 'Your post looks spammy; <a href="about.php">contact me</a> if you feel wronged or would like more information.';
    if ( looksLikeSpam( $comments ) )
    {
      $comment_array['captcha_error'] = $spam_error;
    }

    //
    // input verification
    //
    
    //
    // strip tags from name, ensure length (63), escape for mysql
    //
    $name = strip_tags($name);
    if ( strlen($name) > 63 ) {
      $name = substr($name,0,63);
    }
    $name = mysql_real_escape_string($name);

    //
    // strip tags from email, ensure length (127), trim spaces, escape for mysql
    //
    $email = preg_replace('/[\s]/','',$email);
    $email = strip_tags($email);
    if ( strlen($email) > 127 ) {
      $email = substr($email,0,127);
    }
    $email = mysql_real_escape_string($email);

    //
    // strip tags from site, ensure length (255), add http://, escape for mysql
    //
    $site = strip_tags($site);
    if ( !preg_match('/(^ftp:\/\/)|(^https?:\/\/)/',$site) )
    {
      $site = 'http://'.$site;
    }
    if ( strlen($site) > 255 )
    {
      $site = substr($site,0,255);
    }
    $site = mysql_real_escape_string($site);

    //
    // strip tags from comments
    //
    $comments = mysql_real_escape_string( kstripslashes( strip_tags( $comments ) ) );

    //
    // end input verification
    //

    if ( strlen( $comment_array['captcha_error'] ) > 0 )
    {
      $comment_array['name']     = kstripslashes($name);
      $comment_array['email']    = $email;
      $comment_array['site']     = $site;
      $comment_array['comments'] = $comments;
    }
    else
    {
      //
      // form and run the query
      //
      $comment_insert_query = <<<EOQ
INSERT INTO tblBlogPostComments (
  blogPostID,
  commentDateTime,
  commentorName,
  commentorGravatar,
  commentorSite,
  comment
)
VALUES (
  $post_id,
  NOW(),
  '$name',
  '$email',
  '$site',
  '$comments'
)
EOQ;

      //
      // check: is commenting allowed?
      //

      $comment_allowed_query = mysql_query( 'SELECT allowComments FROM tblBlogPosts WHERE blogPostID = ' . $post_id );
      $comment_allowed_row   = mysql_fetch_row( $comment_allowed_query );

      if ( $comment_allowed_row[0] )
      {
        mysql_query( $comment_insert_query );

        if( $comment_allowed_row[0] == 1 )
        {
          if ( stripos( $_SERVER['REQUEST_URI'], 'current.php' ) !== false )
          {
            header( 'Location: /current.php?p=' . $post_id );
          }
          else
          {
            header( 'Location: ./' );
          }
        
          exit;
        }
      }
    }
  }
  
  
  
  $most_recent_post_query_string = <<<EOQ
SELECT
  blogPostID,
  blogPostTitle,
  postHTML,
  UNIX_TIMESTAMP(postDateTime),
  postURL,
  allowComments
FROM tblBlogPosts
WHERE
  (
    $post_id < 0
    OR blogPostID = $post_id
  ) $override
ORDER BY postDateTime DESC
LIMIT 0,1
EOQ;

  $most_recent_post_query = mysql_query($most_recent_post_query_string);
  $most_recent_post_row   = mysql_fetch_row($most_recent_post_query);
        
  $post_title     = $most_recent_post_row[1];
  $unix_timestamp = $most_recent_post_row[3];
  if ( $post_id < 0 )
  {
    $post_id = $most_recent_post_row[0];
  }
  
  $headers_query_string = <<<EOQ
SELECT
  bph.headerContent,
  ht.headerType
FROM
  tblBlogPostHeaders bph,
  luHeaderTypes ht
WHERE
  bph.headerTypeID = ht.headerTypeID
  AND bph.blogPostID = $post_id
EOQ;

  $addl_headers  = array();
  $addl_footers  = array();
  $headers_query = mysql_query( $headers_query_string );
  
  while ( $headers_row = mysql_fetch_row( $headers_query ) )
  {
    if ( $headers_row[1] == 'Header' )
    {
      array_push( $addl_headers, $headers_row[0] );
    }
    else if ( $headers_row[1] == 'Footer' )
    {
      array_push( $addl_footers, $headers_row[0] );
    }
  }



  if ( strlen( $replacement_name ) > 0 )
  {
    wrapPageTop( 'current.php', null, $addl_headers );
  }
  else
  {
    wrapPageTop( null, null, $addl_headers );
  }
        

//        $blog_post = populateBlogPost($most_recent_post_row[0],$most_recent_post_row[1],$unix_timestamp);
//        $blog_post->render();
?>
<h3 style="margin-bottom:0px;"><a href="/<?php print $most_recent_post_row[4];?>" target="_top"><?php print $post_title; ?></a></h3>
<span style="display:block;margin-bottom:2em;"><?php print date( 'j F Y', $unix_timestamp );?></span>
<?
        print $most_recent_post_row[2];
?>
        <p style="margin-top:2em;"><em>All included <img alt="LaTeX" src="/latex.png" title="LaTeX" /> graphics are generated at <a href="/latex.php">LaTeX to png </a>.</em></p>
        <h3 style="margin-top:2em;">contemporary entries</h3>
        <ul class="blog_history">
<?php
          $adjacent_post_query_string = <<<EOQ
SELECT
  bp.blogPostID,
  bp.blogPostTitle,
  UNIX_TIMESTAMP(bp.postDateTime),
  CONCAT( 'current/', bp.postURL )
FROM tblBlogPosts bp
WHERE
  bp.isVisible = 1
  AND (
    SELECT COUNT(*)
    FROM tblBlogPosts
    WHERE
      isVisible = 1
      AND (
        UNIX_TIMESTAMP(postDateTime) BETWEEN $unix_timestamp AND UNIX_TIMESTAMP(bp.postDateTime)
        OR UNIX_TIMESTAMP(postDateTime) BETWEEN UNIX_TIMESTAMP(bp.postDateTime) AND $unix_timestamp
      )
      AND postDateTime <> bp.postDateTime
  ) < 3
ORDER BY bp.postDateTime DESC
EOQ;
          $adjacent_post_query = mysql_query($adjacent_post_query_string);
          while ( $adjacent_post_row = mysql_fetch_row($adjacent_post_query) ) {
?>
          <li class="blog_history"><?php
            if ( $adjacent_post_row[0] == $post_id ) {
?><strong><?php
            }
            //<a href="http://1.618034.com/thoughts.php?p=<?php print $adjacent_post_row[0];?/>" target="_top"><?php print $adjacent_post_row[1];?/>
?><a href="/<?php print $adjacent_post_row[3];?>" target="_top"><?php print $adjacent_post_row[1];?>
<?php
            if ( $adjacent_post_row[0] == $post_id ) {
?></strong><?php
            }
?></a> (<?php print date('j F Y',$adjacent_post_row[2]);?>)</li>
<?php
          }
?>
          <li class="blog_history"><br /><a href="/blog.archive.php" target="_top">view all entries &#x0bb;</a></li>
        </ul>
        <h3 style="margin-top:2em;">comments</h3>
<?php
          $comment_query_string = <<<EOQ
SELECT
  UNIX_TIMESTAMP( bpc.commentDateTime ),
  bpc.commentorName,
  bpc.commentorGravatar,
  bpc.commentorSite,
  bpc.comment
FROM
  tblBlogPostComments bpc,
  tblBlogPosts bp
WHERE
  bpc.blogPostID = $post_id
  AND bp.blogPostID = $post_id
  AND (
    bpc.isApproved = 1
    OR bp.allowComments <> 2
  )
ORDER BY bpc.commentDateTime
EOQ;
          $comment_query = mysql_query($comment_query_string);

          if ( mysql_num_rows($comment_query) < 1 ) {
?>
        <p style="margin-top:0em;">there are no comments on this post</p>
<?php
          } else {
            while ( $comment_row = mysql_fetch_row($comment_query) ) {
?>
        <div class="comment">
          <div class="comment_content">
            <?php print preg_replace('/[\r\n]+/','<br /><br />',$comment_row[4]);?>
          </div><div class="comment_signature">
            <img src="http://www.gravatar.com/avatar.php?gravatar_id=<?php print md5($comment_row[2]);?>&amp;size=40" />
<?php
              if ( strlen($comment_row[3]) > 0 )
              {
?>
            <a href="<?php print $comment_row[3];?>" target="_top"><?php print $comment_row[1];?></a>
<?php
              }
              else
              {
                print $comment_row[1];
              }
?>
            (<?php print date( 'j F Y, g:ia', $comment_row[0] ); ?>)
          </div>
        </div>
<?php
            }
          }

          if ( strlen($comment_array['captcha_error']) > 0 )
          {
?>
          <span style="color:red;"><?php print $comment_array['captcha_error'];?></span>
<?php
          }
          else if ( $commented && $most_recent_post_row[5] == 2 )
          {
?>
          <span style="font-style:italic;">Comments on this post are pre-moderated; your comment will be approved or rejected shortly.</span>
<?php
          }

          if ( $most_recent_post_row[5] || isset( $_SESSION[$PROTECTED_VALUES['admin-cookie']] ) )
          {
            /*
            this was the code to shoot comments back to current.php; this breaks the url, so let's not enter an action and let the browser default to the same page.
            action="/current.php?p=<?php print $post_id.(isset($_GET['override'])?'&override':'');?>"*/
?>
        <form method="post" style="padding-top:1em;">
          <fieldset>
            <div class="input_element">
              <input id="name" name="name" type="text" value="<?php print $comment_array['name'];?>" /> <label for="name">name</label>
            </div>
            <div class="input_element">
            <input id="email" name="email" type="text" value="<?php print $comment_array['email'];?>" /> <label for="email">email (for <a href="http://gravatar.com/">gravatar</a>)</label>
            </div>
            <div class="input_element">
              <input id="site" name="site" type="text" value="<?php print $comment_array['site'];?>" /> <label for="site">site</label>
            </div>
<?php
          $captcha_id = time() . '_' . rand();
?>
            <div class="input_element">
              <input id="captcha" name="captcha" type="text" value="" />
              <label for="captcha"> = <img alt="captcha" src="/capcha.php?capchaid=<?php print $captcha_id;?>" style="vertical-align:text-bottom;" /> (3 decimal places)</label>
              <input id="captcha_id" name="captcha_id" type="hidden" value="<?php print $captcha_id;?>" />
            </div>
            <textarea id="comments" name="comments" rows="5" style="width:100%;"><?php print $comment_array['comments'];?></textarea>
            <input id="p" name="p" type="hidden" value="<?=$post_id;?>" />
            <input id="action" name="action" type="hidden" value="comment" />
            <input type="submit" value="comment" />
          </fieldset>
        </form>
<?php
          }
          else
          {
?>
        <p>Sorry, further commenting on this post has been disabled. For more information, <a href="/about.php">contact me</a>.</p>
<?php
          }



  wrapPageBottom( $addl_footers );
  
  
  
?>