Initial commit

api.php

@@ -0,0 +1,25 @@
+<?php
+
+require_once 'core.php';
+
+header('Content-type: application/json');
+
+$blog = new blog();
+$entries = array();
+
+if ($blog->entries)
+{
+	while ($data = $blog->entries())
+		array_push($entries, array('entryTitle'=>$data['entryTitle'], 'entrySlug'=>$data['entrySlug'], 'entryPublished'=>show_date($data['entryPublished']), 'entryContent'=>entry_show_init($data['entryContent'], $data['entrySlug'], true)));
+		/*echo "<article>
+				<header>
+					<h2><a href='".get_entry_link($data['entrySlug'])."'>$data[entryTitle]</a></h2>
+					<p class='meta'><time class='date' title='{locale:published_on}'>".show_date($data['entryPublished'])."</time><a href='".get_profile_link($data['userName'])."' class='by' title='{locale:entry_by}'>$data[publicName]</a>".get_entry_admin($data)."</p>
+				</header>
+				<div class='content'>".entry_show_init($data['entryContent'], $data['entrySlug'])."</div>
+			</article>\n";*/
+}
+
+echo json_encode($entries);
+
+?>

config.php

@@ -0,0 +1,11 @@
+<?php
+
+//error_reporting(E_ALL);
+
+define('DBHOST', 'localhost');
+define('DBNAME', 'blog');
+define('DBUSER', 'blog');
+define('DBPASS', '');
+define('DBCHAR', 'utf8');
+
+define('DATE_FORMAT_DEFAULT', 'm/d/y H:i');

core.php

@@ -0,0 +1,305 @@
+<?php
+
+// Start session
+session_start();
+
+// REALLY NICE ERROR PAGE KINDA THING
+function nice_error($err, $errstr = false)
+{
+	if ($errstr) { $errno = $err; $err = $errstr; }
+	if (($errstr && $errno != 2048) || !$errstr)
+		die('<!doctype html><html><head><title>Insanely</title><meta charset="utf-8" /></head><body><h1>So bad...</h1><p><img style="width: 260px" src="/data/imgs/coding_in_progress.jpg" alt=""/></p><p>'.$err.(isset($errno) ? ' ('.$errno.')' : '').'</p></body></html>');
+}
+set_error_handler('nice_error');
+
+// LOAD CONFIG
+require_once 'config.php';
+
+// FEEDBACK
+$info = array();
+$error = array();
+
+// SEO
+if (isset($_GET['pathsec']))
+{
+	$seo = explode('/', $_GET['pathsec']);
+	foreach ($seo AS $a=>$b)
+		$seo[$a] = htmlspecialchars($b);
+} else
+	$seo = array('');
+
+// DATABASE
+$_sql = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME) or nice_error('Sorry, but we cant connect to the database server right now.');
+$_sql->query("SET NAMES ".DBCHAR);
+$_sql->query("SET CHARACTER SET ".DBCHAR);
+
+// LANGUAGE
+$_locale = (array)json_decode(file_get_contents('includes/locale/hu_HU.lng'));
+
+// OTHER CLEVER STUFFS
+function clear_cache() { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); }
+
+function redirect($url = '/', $status = false) { header('Location: '.$url.($status ? '?status='.$status : '')); exit; }
+function isnum($in) { return is_numeric($in); }
+function sqlprot($in) { global $_sql; return $_sql->real_escape_string($in); }
+
+function trimlink($in, $length = 140) { $in = html_entity_decode(strip_tags($in)); if (strlen($in) > $length) return substr($in, 0, $length-3).'...'; return $in; }
+
+$set = $_sql->query("SELECT * FROM settings");
+while ($data = $set->fetch_assoc())
+	$_set[$data['variable']] = $data['value'];
+
+
+// CLASSES
+require_once 'includes/user.class.php';
+require_once 'includes/blog.class.php';
+require_once 'includes/page.class.php';
+require_once 'includes/check.class.php';
+require_once 'includes/comment.class.php';
+
+
+// FUNCTIONS
+function get_page_link($slug, $p = false)					{ global $_set; $prefix = ($p ? $_set['url'] : ''); if ($_set['seo']) return $prefix."/$_set[subPage]/$slug"; return $prefix."/?pathsec=$_set[subPage]/$slug"; }
+function get_entry_link($slug, $p = false, $admin = false)	{ global $_set; $prefix = ($p ? $_set['url'] : '').($admin ? '/admin' : null); if ($_set['seo']) return $prefix."/$_set[subEntry]/$slug"; return $prefix."/?pathsec=$_set[subEntry]/$slug"; }
+function get_profile_link($slug = false, $p = false)		{ global $_set; $prefix = ($p ? $_set['url'] : ''); if (!$slug) { global $user; if (LOGGEDIN) $slug = $user['userName']; else $slug = ''; } if ($_set['seo'])	return $prefix."/$_set[subProfile]/$slug"; return $prefix."/?pathsec=$_set[subProfile]/$slug"; }
+function get_profile_picture($userData = false, $p = false)	{ global $_set; $prefix = ($p ? $_set['url'] : ''); if (!$userData) if (LOGGEDIN) { global $user; $userData = $user;} else $userData = array('userPic'=>0); return $prefix.($userData['userPic'] ? "/data/profile_pics/$userData[userId].jpg" : '/data/imgs/'.$_set['defaultProfilePic']); }
+function get_current_link($p = false)						{ global $_set, $seo; $prefix = ($p ? $_set['url'] : ''); $link = ''; for ($i = 0; $i < sizeof($seo); $i++) $link .= '/'.$seo[$i]; return $prefix.($_set['seo'] ? $link : '/?pathsec='.$link); }
+
+function get_theme_lib() { global $_set; if (file_exists('themes/'.$_set['mainTheme'])) return 'themes/'.$_set['mainTheme']; return false; }
+function get_theme()
+{
+	global $_set;
+	if (file_exists('themes/'.$_set['mainTheme'].'/template.php'))
+		return 'themes/'.$_set['mainTheme'].'/template.php';
+	return false;
+}
+function get_site_link() { global $_set; return $_set['url']; }
+function get_site_body() { global $output; return output_replacer($output); }
+
+function get_navigation($append = '')
+{
+	global $_locale, $_sql, $seo, $_title;
+	$navLinks = array();
+	if ($seo[0] && isset($_title[0])) array_push($navLinks, array('link' => '/', 'title' => $_locale['home']));
+	$navQuery = $_sql->query("SELECT pageSlug, pageTitle FROM pages ORDER BY pageTitle ASC");
+	while ($navData = $navQuery->fetch_assoc())
+		array_push($navLinks, array('link' => get_page_link($navData['pageSlug']), 'title' => $navData['pageTitle']));
+
+	for ($i = 0; $i < sizeof($navLinks); $i++)
+	{
+		$link = explode('/', $navLinks[$i]['link']);
+		for ($b = 1; $b < sizeof($link); $b++)
+		{
+			$active = true;
+			if (isset($seo[$b-1]) && $seo[$b-1] == $link[$b] && $active)
+				$active = true; else $active = false;
+		}
+		echo "<li><a href='".$navLinks[$i]['link'].$append."'".($active ? " class='active'":'').">".$navLinks[$i]['title']."</a></li>";
+	}
+}
+function get_tags($append = '')
+{
+	global $_sql;
+	$tags = $_sql->query("SELECT tagId, tagName, COUNT(taggedId) AS taggedposts FROM tagged INNER JOIN tags ON tagId = taggedTag GROUP BY tagId ORDER BY tagName ASC");
+	if ($tags->num_rows)
+	{
+		while ($data = $tags->fetch_assoc())
+			echo "<li><a href='/tag/$data[tagId]$append'>$data[tagName]</a> <span>$data[taggedposts]</span></li>";
+	}
+}
+
+function get_entry_admin($d)
+{
+	global $user;
+	if (!LOGGEDIN) return '';
+
+	if ($user['userLevel'] > 3) return "<span class='admin'>".($d['entryPinned'] ? "<a href='/admin/entry/$d[entrySlug]/unpin' class='pin unpin'>{locale:unpin}</a>":"<a href='/admin/entry/$d[entrySlug]/pin' class='pin'>{locale:pin}</a>")."<a href='/admin/entry/$d[entrySlug]' class='edit'>{locale:edit}</a><a href='/admin/entry/$d[entrySlug]/delete' class='delete' onclick='return confirm(\"{locale:delete_confirm}\")'>{locale:delete}</a></span>";
+	if ($user['userLevel'] > 2 && $d['entryBy'] == $user['userId']) return "<span class='admin'><a href='/admin/entry/$d[entrySlug]' class='edit'>{locale:edit}</a></span>";
+}
+
+function get_page_title()
+{
+	global $_title, $_set;
+	if (!empty($_title))
+	{
+		$title2 = '';
+		for ($i=sizeof($_title)-1; $i>=0; $i--)
+			$title2 .= $_title[$i].', ';
+
+		$trepf = array('{title}', '{page}');
+		$trept = array($_set['title'], rtrim($title2, ', '));
+		echo str_replace($trepf, $trept, ($_set['titleFormat'] ? $_set['titleFormat'] : '{page} | {title}'));
+	} else
+		echo $_set['title'];
+}
+function get_page_extra_head()
+{
+	global $_head, $metaimage, $_set;
+	if (!empty($_head))
+	{
+		for ($i=0; $i<sizeof($_head); $i++)
+			echo $_head[$i]."\n";
+	}
+	echo '<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="'.$_set['url'].'/rss" />'."\n";
+	if ($metaimage)
+	{
+		if (!strpos($metaimage, 'http')) $metaimage = $_set['url'].$metaimage;
+		echo '<link rel="image_src" href="'.$metaimage.'" />'."\n";
+		echo '<meta property="og:image" content="'.$metaimage.'" />';
+	}
+}
+
+function get_page_extra_body()
+{
+	global $_body, $_set;
+	if (!empty($_body))
+		for ($i=0; $i<sizeof($_body); $i++)
+			echo $_body[$i]."\n";
+}
+
+function get_errors()
+{
+	global $error;
+	if (!empty($error))
+	{
+		echo "<div id='errors'>";
+		for($i=0; $i<sizeof($error); $i++)
+			echo "<li>$error[$i]</li>";
+		echo "</ul></div>";
+	}
+}
+
+function get_infos()
+{
+	global $info;
+	if (!empty($info))
+	{
+		echo "<div id='infos'>";
+		for($i=0; $i<sizeof($info); $i++)
+			echo "<li>$info[$i]</li>";
+		echo "</ul></div>";
+	}
+}
+
+function set_pin($pin)	{ global $_SESSION; $_SESSION['entry_pin'] = $pin; }
+function get_pin()	{ global $_SESSION; return isset($_SESSION['entry_pin']) ? $_SESSION['entry_pin'] : false; }
+
+function theme_component($comp) {
+	$cf = get_theme_lib().'/components/'.$comp.'.php';
+	if (file_exists($cf))
+		return $cf;
+	return false;
+}
+
+function show_date($ts) { global $_set; return (!(int)date('Hi', $ts) ? date($_set['dateformatShort'], $ts) : date($_set['dateformat'], $ts)); }
+
+$_title = array();
+function addTitle($add) { global $_title; array_push($_title, htmlentities($add)); }
+
+$_head = array();
+$head_registered = array();
+function addHead($add, $register = false) { global $_head, $head_registered; if (($register && !in_array($register, $head_registered)) || !$register) array_push($_head, $add); }
+
+$_body = array();
+$body_registered = array();
+function addBody($add, $register = false) { global $_body, $body_registered; if (($register && !in_array($register, $body_registered)) || !$register) array_push($_body, $add); }
+
+$description = false;
+function addDescription($add) { global $description; if (!$description) $description = ''; $description .= str_replace(array('"', '\'', "\n", "\r\n", '&lt;', '&gt;'), '', strip_tags($add)).' '; }
+
+function keywords() { global $description, $_set; $keywords = explode(' ', str_replace(array(',','?','.','!'), ' ', ($description ? $description : $_set['description']))); foreach($keywords AS $a => $b) { $val = trim($b); if (strlen($val) > 3) $keywords[$a] = $val; else unset($keywords[$a]); } return implode(',', array_unique($keywords)); }
+
+$metaimage = false;
+function addImage($add) { global $metaimage; $metaimage = $add; }
+
+$headerimg = false;
+function headerImage($url) { global $headerimg; if (strlen($url) > 3) $headerimg = $url; }
+
+/* POST FUCKER */
+function entry_replacer($in)
+{
+	global $_locale;
+	$pattern[] = '#\[music=(.*?)\]#';
+	$replace[] = '<iframe style="width: 100%; height: 10em; border: 0; padding: 0; margin: 0;" class="music" src="http://music.sandros.hu/shared/$1?volume=50"></iframe>';
+
+	$pattern[] = '#\[youtube=(.*?)\]#';
+	$replace[] = '<iframe style="width: 100%; height: 600px; border: 0; padding: 0; margin: 0;" class="youtube" src="http://www.youtube-nocookie.com/embed/$1"></iframe>';
+
+	$pattern[] = '#\[spoiler\](.*?)\[/spoiler\]#';
+	$replace[] = '<div class="spoiler"><div class="spoiler_b"><button onclick="spoilerToggle($(this))">'.$_locale['show_hidden_content'].'</button><div style="display:none" class="spoiler_c">$1</div></div>';
+
+	$pattern[] = '#\[spoiler=(.*?)\](.*?)\[/spoiler\]#';
+	$replace[] = '<div class="spoiler"><div class="spoiler_b"><button onclick="spoilerToggle($(this))">$1</button><div style="display:none" class="spoiler_c">$2</div></div>';
+
+
+	return preg_replace($pattern, $replace, $in);
+}
+
+function entry_show_init($in, $slug, $flink = false)
+{
+	global $_locale;
+
+	$in = entry_replacer($in);
+
+	$search = array('@<script[^>]*?>.*?</script>@si',	// Strip out javascript
+				   '@<style[^>]*?>.*?</style>@siU',		// Strip style tags properly
+				   '@<![\s\S]*?--[ \t\n\r]*>@'			// Strip multi-line comments including CDATA
+	);
+	$in = preg_replace($search, '', $in);
+
+	$in2 = explode('[[MORE]]', $in);
+	if (isset($in2[1]) && strlen(trim($in2[1])))
+		return $in2[0]."\n<p class='readmore'><a href='".get_entry_link($slug, $flink)."#readmore'>$_locale[entry_read_more]</a></p>\n";
+	return $in;
+}
+
+function entry_show_all($in) { return str_replace('[[MORE]]', '<a name="readmore"></a>', entry_replacer($in)); }
+
+
+/* OUTPUT FUCKER */
+function regexp_locale($a)
+{
+	global $_locale;
+	if (isset($_locale[$a[1]]))
+		return $_locale[$a[1]];
+	return $a[0];
+}
+function output_replacer($in)
+{
+	return preg_replace_callback('#\{locale:([a-zA-Z\-\_]+?)\}#', 'regexp_locale', $in);
+}
+
+
+/* LOGIN SYSTEM */
+if (isset($_COOKIE['filtr_token']))
+{
+	require_once 'includes/filtr.class.php';
+
+	$filtr = new filtrLogin();
+	$filtr->cache = '/tmp/';
+	$filtr->setAppid($_set['filtr_appid']);
+	$filtr->setApptoken($_set['filtr_apptoken']);
+	$filtr->setToken($_COOKIE['filtr_token']);
+    $filtr->Login(); 
+
+	if ($filtr->status())
+	{
+		$filtr = $filtr->getData();
+		$user = new user($filtr['link'], $filtr);
+		if ($user)
+		{
+			$user = $user->data;
+			define('LOGGEDIN', true);
+		}
+		unset($filtr);
+	}
+}
+
+if (isset($_GET['logout']))
+{
+	setcookie('filtr_token', '', null, '/');
+	redirect();
+}
+
+if (!defined('LOGGEDIN'))
+	define('LOGGEDIN', false);

data/imglist.json.php

@@ -0,0 +1,69 @@
+<?php
+
+header('Cache-Control: no-cache, must-revalidate');
+header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
+header('Content-type: application/json');
+
+$images = array();
+
+
+function scan_dir($dir) {
+	$ignored = array('.', '..', '.svn', '.htaccess');
+
+	$files = array();
+		foreach (scandir($dir) as $file) {
+		if (in_array($file, $ignored)) continue;
+		$files[$file] = filemtime($dir . '/' . $file);
+	}
+
+	arsort($files);
+	$files = array_keys($files);
+
+	return ($files) ? $files : false;
+}
+
+function imagelist($dir)
+{
+	global $images;
+
+	//$stuffs = scandir($dir);
+
+	$stuffs = scan_dir($dir);
+	
+	for ($i = 0; $i < sizeof($stuffs); $i++)
+	{
+		$farr = explode('.', $stuffs[$i]);
+		if ($stuffs[$i] != '.' && $stuffs[$i] != '..' && $farr[0] != 'thumb')
+			if (is_dir($stuffs[$i]))
+				imagelist($dir.'/'.$stuffs[$i]);
+			elseif (in_array(end($farr), array('gif', 'png', 'jpg', 'jpeg')))
+			{
+				// PATHS
+				$outdir = '/data/'.ltrim($dir, './').'/';
+				$img	= $dir.'/'.$stuffs[$i];
+				$thumb	= $dir.'/thumb.'.$stuffs[$i];
+
+				// THUMBNAIL
+				if (!file_exists($thumb))
+				{
+					$cthumb = new Imagick($img);
+					$cthumb->cropThumbnailImage(260, 260);
+					$cthumb->writeImage($thumb);
+					$cthumb->destroy(); 
+				}
+
+				// ADD TO LIST
+				array_push($images, array(
+					'image'		=> $outdir.rawurlencode($stuffs[$i]),
+					'thumb'		=> $outdir.'thumb.'.$stuffs[$i],
+					'folder'	=> ltrim($dir, './')
+				));
+			}
+	}
+}
+
+imagelist('./uploads');
+foreach(glob('./uploads/*', GLOB_ONLYDIR) as $dir)
+    imagelist($dir);
+
+echo str_replace('\/', '/', json_encode($images));

data/upload.php

@@ -0,0 +1,9 @@
+<?php
+
+if (isset($_FILES["upload"]) && $_FILES["upload"]["error"] < 1 && in_array($_FILES["upload"]["type"], explode(',', $_set['allowedPicTypes'])))
+{
+	if (move_uploaded_file($_FILES["upload"]["tmp_name"], 'data/uploads/'.$_FILES["upload"]["name"]))
+		die($_locale['upload_successful']);
+}
+
+echo $_locale['upload_failed'];

includes/admin/dashboard.php

@@ -0,0 +1,7 @@
+<h1>{locale:dashboard}</h1>
+
+<ul>
+	<li><a href='/admin/entry'>{locale:entry_editor}</a></li>
+	<li><a href='/admin/plugins'>{locale:plugin_manager}</a></li>
+	<li><a href='/admin/page'>{locale:page_editor}</a></li>
+</ul>

includes/admin/entry.php

@@ -0,0 +1,149 @@
+<?php
+
+if (isset($_GET['status']))
+	switch ($_GET['status'])
+	{
+		case 'added':
+			array_push($info, $_locale['entry_added']);
+		break;
+
+		case 'updated':
+			array_push($info, $_locale['entry_updated']);
+		break;
+	}
+
+if (isset($_POST['entryContent']) && $user['userLevel'] > 2)
+{
+
+	if (isset($_POST['entryAdd']))
+	{
+		if (blog::add($_POST['entryHeader'], $_POST['entryTitle'], $_POST['entrySlug'], $_POST['entryContent'], $_POST['entryPublished'], (isset($_POST['entryHidden']) ? true : false), $_POST['entryPIN']))
+			redirect(get_entry_link($_POST['entrySlug']), 'added');
+		else
+			array_push($error, $_locale['entry_not_added']);
+	} elseif (isset($_POST['entryUpdate']))
+	{
+		if (blog::update($_POST['entryUpdate'], $_POST['entryHeader'], $_POST['entryTitle'], $_POST['entryContent'], $_POST['entryPublished'], (isset($_POST['entryHidden']) ? true : false), $_POST['entryPIN']))
+			redirect(get_current_link(), 'updated');
+		else
+			array_push($error, $_locale['entry_not_updated']);
+	}
+
+}
+
+if (isset($_POST['entryTag']) && $user['userLevel'] > 2)
+{
+	if (isset($_POST['tagIdRemove']))
+	{
+		if (blog::tagRemove($_POST['tagIdRemove'], $_POST['entryId']))
+			array_push($info, $_locale['entry_tag_removed']);
+		else
+			array_push($error, $_locale['entry_tag_not_removed']);
+	} elseif (blog::tag($_POST['tagId'], $_POST['entryId']))
+		array_push($info, $_locale['entry_tag_added']);
+	else
+		array_push($error, $_locale['entry_tag_not_added']);
+}
+
+if (isset($seo[2]) && $user['userLevel'] > 2)
+{
+	$entry = new blog($seo[2]);
+	if ($entry->entries)
+	{
+		$entryData = $entry->entry();
+		if (isset($seo[3]) && $user['userLevel'] > 3)
+			switch ($seo[3])
+			{
+				case 'delete':
+					if ($entry->delete($entryData['entryId']))
+						redirect('/admin/entry');
+					else
+						array_push($error, $_locale['entry_not_deleted']);
+				break;
+
+				case 'pin':
+					if ($entry->pin($entryData['entryId']))
+						redirect();
+					else
+						array_push($error, $_locale['entry_not_pinned']);
+				break;
+
+				case 'unpin':
+					if ($entry->unpin($entryData['entryId']))
+						redirect();
+					else
+						array_push($error, $_locale['entry_not_unpinned']);
+				break;
+			}
+	}
+} else
+{
+	$timedQuery = $_sql->query("SELECT entrySlug, entryTitle, entryCreated, entryPublished FROM entries WHERE entryPublished > ".time()."");
+	if ($timedQuery->num_rows)
+	{
+		echo "<h1>{locale:timed_entries}</h1>";
+		echo "<table class='designed timed'><tr><td>{locale:entry_title}</td><td>{locale:created_on}</td><td>{locale:timed_pub_date}</td></tr>";
+		while ($data = $timedQuery->fetch_assoc())
+			echo "<tr><td><a href='".get_entry_link($data['entrySlug'])."'>$data[entryTitle]</a></td><td>".show_date($data['entryCreated'])."</td><td>".show_date($data['entryPublished'])."</td></tr>";
+		echo "</table>";
+	}
+
+	$hiddenQuery = $_sql->query("SELECT entrySlug, entryTitle, entryCreated, entryPublished FROM entries WHERE entryHidden IS NOT NULL");
+	if ($hiddenQuery->num_rows)
+	{
+		echo "<h1>{locale:hidden_entries}</h1>";
+		echo "<table class='designed timed'><tr><td>{locale:entry_title}</td><td>{locale:created_on}</td><td>{locale:timed_pub_date}</td></tr>";
+		while ($data = $hiddenQuery->fetch_assoc())
+			echo "<tr><td><a href='".get_entry_link($data['entrySlug'], null, true)."'>$data[entryTitle]</a></td><td>".show_date($data['entryCreated'])."</td><td>".show_date($data['entryPublished'])."</td></tr>";
+		echo "</table>";
+	}
+}
+?>
+<h1>{locale:entry_editor}</h1>
+<form action="<?=get_current_link()?>" method="post" name="entry-edit">
+
+<?php if (isset($entryData)) : addTitle($entryData['entryTitle']); headerImage($entryData['entryHeader']); ?>
+	<input type="text" name="entryHeader" value="<?=htmlentities($entryData['entryHeader'])?>" placeholder="{locale:entry_header}" maxlength="255" />
+	<input type="text" name="entryTitle" value="<?=htmlentities($entryData['entryTitle'])?>" placeholder="{locale:entry_title}" maxlength="250" />
+	<textarea id="entry-textarea" name="entryContent" rows="30"><?=htmlspecialchars($entryData['entryContent'])?></textarea>
+	<input id="entry-date" type="text" name="entryPublished" value="<?=date(DATE_FORMAT_DEFAULT, $entryData['entryPublished'])?>" placeholder="{locale:entry_pub_date}" maxlength="50" />
+	<label><input type="checkbox" name="entryHidden" value="1" <?=($entryData['entryHidden'] ? 'checked ' : '')?> /> {locale:entry_hide}</label>
+	<input type="text" name="entryPIN" value="<?=htmlentities($entryData['entryPIN'])?>" placeholder="{locale:entry_pin}" maxlength="6" />
+	<input type="hidden" name="entryUpdate" value="<?=$entryData['entryId']?>" />
+<?php else: ?>
+	<input type="text" name="entryHeader" id="entryHeader" placeholder="{locale:entry_header}" maxlength="255" />
+	<input type="text" name="entryTitle" id="entryTitle" placeholder="{locale:entry_title}" maxlength="250" />
+	<textarea id="entry-textarea" name="entryContent" rows="30"></textarea>
+	<input id="entry-date" type="text" name="entryPublished" placeholder="{locale:entry_pub_date}" maxlength="50" />
+	<input type="text" name="entrySlug" id="entrySlug" placeholder="{locale:entry_slug}" maxlength="100" />
+	<label><input type="checkbox" name="entryHidden" value="1" /> {locale:entry_hide}</label>
+	<input type="text" name="entryPIN" placeholder="{locale:entry_pin}" maxlength="6" />
+	<input type="hidden" name="entryAdd" value="true" />
+<?php endif ?>
+
+	<button type="submit">{locale:save}</button>
+
+</form>
+
+<?php
+if (isset($entryData))
+{
+	$tags = $_sql->query("SELECT * FROM tags");
+	if ($tags->num_rows)
+	{
+		echo "<h3>{locale:tags}</h3>";
+		echo "<table class='designed'><tr><td>{locale:tag_name}</td><td>{locale:add}</td></tr>"
+				."<form action='".get_current_link()."' method='post' name='tagentry'>"
+				."<input type='hidden' name='entryId' value='$entryData[entryId]' />"
+				."<input type='hidden' name='entryTag' value='true' />";
+
+		while ($tag = $tags->fetch_assoc())
+			echo "<tr><td>$tag[tagName]</td><td>".($_sql->query("SELECT taggedId FROM tagged WHERE taggedEntry = $entryData[entryId] AND taggedTag = $tag[tagId]")->num_rows ? "<button type='submit' name='tagIdRemove' value='$tag[tagId]'>{locale:remove}</button>":"<button type='submit' name='tagId' value='$tag[tagId]'>{locale:add}</button>")."</td></tr>";
+
+		echo "</form>"
+			."</table>";
+	}
+}
+?>
+
+<script>$("#entry-date").datepicker({ minDate: 0, maxDate: "+48M" });</script>

includes/admin/main.php

@@ -0,0 +1,36 @@
+<?php
+
+addTitle($_locale['admin']);
+
+if (!isset($seo[1])) $seo[1] = '';
+
+switch ($seo[1])
+{
+
+	case 'upload':
+		include 'data/upload.php';
+		exit;
+	break;
+
+	case 'plugins':
+		if ($user['userLevel'] < 3) redirect();
+		addTitle($_locale['plugin_manager']);
+		include 'includes/admin/plugins.php';
+	break;
+
+	case $_set['subEntry']:
+		if ($user['userLevel'] < 2) redirect();
+		addTitle($_locale['entry_editor']);
+		include 'includes/admin/entry.php';
+	break;
+
+	case $_set['subPage']:
+		if ($user['userLevel'] < 3) redirect();
+		addTitle($_locale['page_editor']);
+		include 'includes/admin/page.php';
+	break;
+
+	default:
+		include 'includes/admin/dashboard.php';
+	break;
+}

includes/admin/page.php

@@ -0,0 +1,55 @@
+<?php
+
+if (isset($_POST['pageContent']) && isset($_POST['pageSlug']) && $user['userLevel'] > 3)
+{
+	$page = new page($_POST['pageSlug']);
+	if (isset($_POST['pageAdd']))
+	{
+		if ($page->create($_POST['pageTitle'], $_POST['pageContent']))
+			array_push($info, $_locale['page_added']);
+		else
+			array_push($error, $_locale['page_not_added']);
+	} elseif (isset($_POST['pageUpdate']))
+	{
+		if ($page->update($_POST['pageTitle'], $_POST['pageContent']))
+			array_push($info, $_locale['page_updated']);
+		else
+			array_push($error, $_locale['page_not_updated']);
+	}
+
+}
+
+if (isset($seo[2]))
+	$page = new page($seo[2]);
+else
+{
+	$pagesQuery = $_sql->query("SELECT pageSlug, pageTitle FROM pages");
+	if ($pagesQuery->num_rows)
+	{
+		echo "<h1>{locale:pages}</h1>";
+		echo "<table class='designed pages'><tr><td>{locale:page_title}</td></tr>";
+		while ($data = $pagesQuery->fetch_assoc())
+			echo "<tr><td><a href='/admin/page/$data[pageSlug]'>$data[pageTitle]</a></td></tr>";
+		echo "</table>";
+	}
+}
+?>
+<h1>{locale:page_editor}</h1>
+<form action="<?=get_current_link()?>" method="post" name="entry-edit">
+
+<?php if (isset($page->data)) : addTitle($page->data['pageTitle']); ?>
+	<input type="text" name="pageTitle" value="<?=$page->data['pageTitle']?>" placeholder="{locale:page_title}" maxlength="250" />
+	<textarea name="pageContent"><?=htmlspecialchars($page->data['pageContent'])?></textarea>
+	<input type="hidden" name="pageSlug" value="<?=$page->data['pageSlug']?>" />
+	<input type="hidden" name="pageUpdate" value="true" />
+	<button type="button" onclick="window.location.href='/admin/page'">{locale:cancel}</button>
+<?php else: ?>
+	<input type="text" id="pageTitle" name="pageTitle" value="" placeholder="{locale:page_title}" maxlength="250" />
+	<textarea name="pageContent"></textarea>
+	<input type="text" id="pageSlug" name="pageSlug" value="" placeholder="{locale:page_slug}" />
+	<input type="hidden" name="pageAdd" value="true" />
+<?php endif ?>
+
+<button type="submit">{locale:save}</button>
+
+</form>

includes/admin/plugins.php

@@ -0,0 +1,51 @@
+<?php
+
+if (isset($_POST['pluginId']) && isnum($_POST['pluginId']))
+{
+	if ($_sql->query("UPDATE plugins SET pluginStatus = ".(isset($_POST['pluginEnable']) ? 1 : 0)." WHERE pluginId = $_POST[pluginId]"))
+		redirect(get_current_link());
+	else
+		array_push($error, $_locale['plugin_not_updated']);
+}
+
+echo "<h1>$_locale[plugins]</h1>";
+
+$pluginsQuery = $_sql->query("SELECT * FROM plugins ORDER BY pluginStatus DESC");
+$plugins = array();
+if ($pluginsQuery->num_rows)
+{
+	echo "<table class='designed plugins'>";
+	echo "<tr><td>{locale:plugin_name}</td><td>{locale:description}</td><td>{locale:scope}</td><td>{locale:status}</td></tr>";
+	while ($data = $pluginsQuery->fetch_assoc())
+	{
+		$pinfo = './plugins/'.$data['pluginLib'].'/info.json';
+		if (file_exists($pinfo))
+		{
+			$pinfo = (array)json_decode(file_get_contents($pinfo));
+
+			if ($data['pluginStatus'])
+				$button = "<button name='pluginDisable' class='orange'>{locale:disable}</button>";
+			else $button = "<button name='pluginEnable'>{locale:enable}</button>";
+
+			echo "<tr><td>$pinfo[name]</td><td>$pinfo[description]<td>$pinfo[paths]</td><td><form action='".get_current_link()."' method='post'><input type='hidden' name='pluginId' value='$data[pluginId]'/>$button</form></td></tr>";
+		}
+		array_push($plugins, $data['pluginLib']);
+	}
+	echo "</table>";
+} else
+	echo "<p>$_locale[plugins_empty]</p>";
+
+
+if ($handle = opendir('./plugins')) {
+
+	while (false !== ($entry = readdir($handle)))
+	{
+		if (!in_array($entry, $plugins) && file_exists('./plugins/'.$entry.'/info.json'))
+			if ($_sql->query("INSERT INTO plugins (pluginLib, pluginStatus) VALUES ('$entry', 0)"))
+				array_push($info, $_locale['plugin_added'].$entry);
+			else
+				array_push($error, $_locale['plugin_not_added'].$entry);
+	}
+
+	closedir($handle);
+}

includes/blog.class.php

@@ -0,0 +1,124 @@
+<?php
+
+class blog
+{
+
+	private $entry;
+	private $query;
+
+	public $perpage = 10;
+	public $entries = 0;
+
+	public function __construct($entry = false, $page = 1)
+	{
+		global $_set, $_sql;
+
+		$this->perpage = $_set['entriesPerPage'];
+		if ($entry)
+		{
+			$this->query = $_sql->query("SELECT entries.*, users.userName AS userName, users.userPublicName AS publicName FROM entries INNER JOIN users ON userId = entryBy WHERE entrySlug = '".sqlprot($entry)."' LIMIT 1");
+			if ($this->query->num_rows)
+			{
+				$this->entries = 1;
+			}
+		} else
+		{
+			$this->query = $_sql->query("SELECT entries.*, users.userName AS userName, users.userPublicName AS publicName FROM entries INNER JOIN users ON userId = entryBy WHERE entryHidden IS NULL AND entryPublished <= ".time()." ORDER BY entryPinned DESC, entryPublished DESC, entryId DESC LIMIT ".$this->perpage." OFFSET ".(($page-1) * $this->perpage)."");
+			$this->entries = $this->query->num_rows;
+		}
+	}
+
+	public function entries()
+	{
+		if ($this->entries)
+			return $this->query->fetch_assoc();
+		return false;
+	}
+
+	public function entry()
+	{
+		if ($this->entries == 1)
+			return $this->query->fetch_assoc();
+		return false;
+	}
+
+	public static function update($id, $header, $title, $text, $pub, $hidden = false, $pin = false)
+	{
+		global $_sql;
+
+		$header = sqlprot($header);
+		$title = sqlprot($title);
+		$text = sqlprot($text);
+		$published = strtotime($pub); if (!$published) $published = time();
+
+		if (is_numeric($id) && Check::url($header, true) && Check::title($title) && $_sql->query("UPDATE entries SET entryHeader = '$header', entryTitle = '$title', entryContent = '$text', entryPublished = $published, entryUpdated = ".time().", entryHidden = ".($hidden ? '1' : 'NULL').", entryPIN = ".($pin && is_numeric($pin) ? $pin : 'NULL')." WHERE entryId = $id"))
+			return true;
+		return false;
+	}
+
+	public static function add($header, $title, $slug, $text, $pub, $hidden = false, $pin = false)
+	{
+		global $_sql, $user;
+
+		$header = sqlprot($header);
+		$title = sqlprot($title);
+		$text = sqlprot($text);
+		$slug = sqlprot($slug);
+		$published = strtotime($pub); if (!$published) $published = time();
+		if (Check::url($header, true) && Check::title($title) && Check::slug($slug) && $_sql->query("INSERT INTO entries (entryHeader, entryTitle, entrySlug, entryContent, entryBy, entryCreated, entryPublished, entryHidden, entryPIN) VALUES ('$header', '$title', '$slug', '$text', $user[userId], ".time().", $published, ".($hidden ? '1' : 'NULL').", ".($pin && is_numeric($pin) ? $pin : 'NULL').")"))
+			return true;
+		//die($text);
+		return false;
+	}
+
+	public static function delete($id)
+	{
+		global $_sql;
+
+		if (is_numeric($id) && $_sql->query("DELETE FROM entries WHERE entryId = $id"))
+			return true;
+		return false;
+	}
+
+	public static function pin($id)
+	{
+		global $_sql;
+
+		if (is_numeric($id) && $_sql->query("UPDATE entries SET entryPinned = 1 WHERE entryId = $id"))
+			return true;
+		return false;
+	}
+
+	public static function unpin($id)
+	{
+		global $_sql;
+
+		if (is_numeric($id) && $_sql->query("UPDATE entries SET entryPinned = NULL WHERE entryId = $id"))
+			return true;
+		return false;
+	}
+
+	public static function tag($cid, $id)
+	{
+		if (!is_numeric($cid) || !is_numeric($id)) return false;
+
+		global $_sql;
+
+		if (!$_sql->query("SELECT * FROM tags WHERE tagId = $cid")->num_rows) return false;
+		if ($_sql->query("SELECT * FROM tagged WHERE taggedTag = $cid AND taggedEntry = $id")->num_rows) return false;
+		if ($_sql->query("INSERT INTO tagged (taggedTag, taggedEntry) VALUES ($cid, $id)")) return true;
+
+		return false;
+	}
+
+	public static function tagRemove($cid, $id)
+	{
+		if (!is_numeric($cid) || !is_numeric($id)) return false;
+
+		global $_sql;
+
+		if ($_sql->query("DELETE FROM tagged WHERE taggedTag = $cid AND taggedEntry = $id")) return true;
+
+		return false;
+	}
+}

includes/check.class.php

@@ -0,0 +1,65 @@
+<?php
+
+Class Check
+{
+
+	public static function name($str) {
+	
+		if(preg_match('/^[a-zA-ZÖÜÓŐÚÉÁŰÍöüóőúéáűí\.\d_\- ]{3,20}$/i', $str))
+			return true;
+
+		return false;
+	}
+
+	public static function link($str) {
+	
+		if(!preg_match('/^[a-z0-9\d_\-]{3,20}$/i', $str))
+			return true;
+
+		return false;
+	}
+	
+	public static function email($str) {
+	
+		if(preg_match('/^[^0-9][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[@][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[.][a-zA-Z]{2,4}$/',$str) && strlen($str)<51) 
+			return true;
+
+		return false;
+	}
+
+	public static function password($str) {
+	
+		if(strlen($str)<6 || strlen($str)>20)
+			return true;
+
+		return false;
+	}
+
+	public static function domain($str) {
+	
+		if (filter_var(gethostbyname($str), FILTER_VALIDATE_IP))
+			return true;
+
+		return false;
+	}
+
+	public static function title($title) {
+		if (strlen($title) > 0 && strlen($title) < 250)
+			return true;
+		return false;
+	}
+
+	public static function slug($str) {
+	
+		if(preg_match('/^[a-zA-Z\d_\- ]{1,100}$/i', $str))
+			return true;
+
+		return false;
+	}
+
+	public static function url($url, $lazy = false) {
+		if (($lazy && !$url) || !filter_var($url, FILTER_VALIDATE_URL) === false) return true;
+		return false;
+	}
+
+}

includes/comment.class.php

@@ -0,0 +1,45 @@
+<?php
+
+class comments
+{
+
+	private $id;
+	private $comments;
+	private $replies;
+
+	public function __construct($id)
+	{
+		if (!isnum($id)) return false;
+		$this->id = $id;
+	}
+
+	public function get_comments($check = false)
+	{
+		if (!$this->comments)
+		{
+			global $_sql;
+			$query = $_sql->query("SELECT `comments`.*, users.userName AS bySlug, users.userPublicName AS byName, users.userPic FROM `comments` INNER JOIN users ON commentBy = userId WHERE commentEntry = ".$this->id." AND commentReply = 0 ORDER BY commentTime DESC");
+			if ($check)
+				return $query->num_rows;
+			else
+				$this->comments = $query;
+		}
+		return $this->comments->fetch_assoc();
+	}
+
+	public function get_replies($check = false)
+	{
+		if (!$this->replies)
+		{
+			global $_sql;
+			$query = $_sql->query("SELECT `comments`.*, users.userName AS bySlug, users.userPublicName AS byName, users.userPic FROM `comments` INNER JOIN users ON commentBy = userId WHERE commentReply = ".$this->id." ORDER BY commentTime DESC");
+			if ($check)
+				return $query->num_rows;
+			$this->replies = $query;
+		}
+		return $this->replies->fetch_assoc();
+	}
+
+
+
+}

includes/filtr.class.php

@@ -0,0 +1,173 @@
+<?php
+
+/* ---------
+	Filtr. Class 4 your Entertainment
+	filtr.sandros.hu
+	Sandros Industries
+	2015. June 28.
+
+	Version: 2.2.1.00b	<== If the last 2 numbers are equal, this version is untested!
+
+	Usage:
+
+		- Basic
+
+		$filtr = new filtrLogin( [ CUSTOM API URL / NULL ] );
+
+		$filtr->setAppid( [ APPLICATION IDENTIFIER ] );
+		$filtr->setApptoken( [ APPLICATION TOKEN HASH ] );
+
+		$filtr->setToken( [ USER'S TOKEN GENERATED BY FILTR. APL.REDIRECT ] );
+
+		- Advanced
+		$filtr->DataStorage( [ WAT TO DO (read, write, erase) ], [ KEY (only for writing) ], [ VALUE (only for writing) ]);
+		$filtr->cache = '/tmp/[ YOUR PROJECTS CODENAME ]/filtrd/';
+
+	Comments:
+		The Filtr. API has a geniune and valid SSL certificate, but it slows down the process.
+		Use it only if your connection is not trusted!
+		We're logging EVERY requests, so you will be able to monitor every access and you will be able to limit the APP's access by IP.
+
+		Public UNAME/PASSWD authentication NEVER GONNA HAPPEN!
+
+		The specified cache must end with '/'. Automatic detection just slows down the process and generates unnecessary load.
+
+	That's it! Have fun!
+	Don't forget to go out and become black. This is important! And cool! You'll be less awesome, but eh.
+
+	Just do it! Tomorrow.
+--------- */
+
+
+class filtrLogin
+{
+	/* User authentication */
+	private $token;
+
+	/* Filtr. authentication */
+	private $appid;
+	private $apptoken;
+	private $apiurl = 'http://filtr.sandros.hu/api.php';
+
+	/* This holds the response from Filtr. */
+	private $apiResponse;
+
+	// Cache
+	public $cache;
+	public $cachetimeout = 60;
+
+	/* Hey! :) */
+	public function __construct($apiurl = false, $cache = false) {
+		if ($apiurl)
+			$this->apiurl = $apiurl; // Override the class-default API url with the given one
+	}
+
+	/* Data collectors */
+	public function setToken($token = 0)	{ $this->token = $token; }
+	public function setAppid($user = 0)	{ $this->appid = $user; }
+	public function setApptoken($key = 0)	{ $this->apptoken = $key; }
+
+	/* Data storage */
+	private $datastorage = array();
+	public function DataStorage($todo, $key = false, $value = false) {
+		switch($todo)
+		{
+			case 'read':
+				$this->datastorage = array('data_storage'=>'read');
+			break;
+
+			case 'write':
+				$this->datastorage = array('data_storage'=>'write', 'data_storage_key'=>$key, 'data_storage_value'=>$value);
+			break;
+
+			case 'erase':
+				$this->datastorage = array('data_storage'=>'erase');
+			break;
+		}
+		if ($this->status())
+		{
+			$this->Login();
+			return (isset($this->apiResponse->data_storage) ? true : false);
+		}
+		return true;
+	}
+
+	/* Nasty things */
+	public function Login($timeout = 6) {
+
+		// Caching
+		if ($this->cache && file_exists($this->cache.$this->token) && filemtime($this->cache.$this->token) > time()-$this->cachetimeout)
+		{
+			$this->apiResponse = json_decode(file_get_contents($this->cache.$this->token));
+			return true;
+		}
+
+		// Collect the auth infos
+		// ! This looks pretty bad. In the next release, there will be a JSON encoder.
+		$array = array_merge(array(
+			'appid'		=> $this->appid,
+			'apptoken'	=> $this->apptoken,
+			'token'		=> $this->token,
+		), $this->datastorage);
+
+		// Convert to GET like string
+		$fields = '';
+		foreach($array as $key=>$value)
+			$fields .= $key.'='.$value.'&';
+		$fields = rtrim($fields, '&');
+
+
+		// Connect options and set data
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL,		$this->apiurl);
+		curl_setopt($ch, CURLOPT_POST,		count($array));
+		curl_setopt($ch, CURLOPT_POSTFIELDS,	$fields);
+		curl_setopt($ch, CURLOPT_TIMEOUT,	$timeout);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+		// Free up some memory
+		unset($fields);
+		unset($array);
+		$this->datastorage	= false;
+
+		// Do what we need to
+		$rawResponse		= curl_exec($ch);
+		$this->apiResponse	= json_decode($rawResponse);
+
+		// Basic cache
+		if ($this->cache)
+		{
+			$cache = fopen($this->cache.$this->token, 'w');
+			fwrite($cache, $rawResponse);
+			fclose($cache);
+			unset($cache);
+		}
+		unset($rawResponse);
+
+		// Close the connection to the login server
+		curl_close($ch);
+		unset($ch);
+
+		// '1' means the response has came from the remote server
+		// Not relevant for this script, but you can build an advanced cache control for better performance.
+		return 1;
+	}
+
+	// Logged in?
+	public function status() {
+		if (isset($this->apiResponse->status) && $this->apiResponse->status == 'ok')
+			return true;
+		return false;
+	}
+
+	// Return user's data
+	// Array mode is the default, because this could cause serious problems if someone auto-updating this script.
+	public function getData($array = true) {
+		if ($array)
+			return (array)$this->apiResponse;
+		return $this->apiResponse;
+	}
+
+}
+
+?>

includes/js/functions.js

@@ -0,0 +1,10 @@
+function set_comment_reply(cid)
+{
+	$("form[name='new-comment'] input[name='entryReply']").val(cid);
+	$("#new-comment-reply span").html('Reply');
+}
+
+function spoilerToggle(selem)
+{
+	selem.parent().children(".spoiler_c").stop().slideToggle();
+}