diff options
Diffstat (limited to 'src/web/_controller/blog.php')
| -rw-r--r-- | src/web/_controller/blog.php | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/src/web/_controller/blog.php b/src/web/_controller/blog.php new file mode 100644 index 0000000..f13ffd1 --- /dev/null +++ b/src/web/_controller/blog.php @@ -0,0 +1,74 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ +class Blog_controller extends Controller { + + public $comments_controller; + private $blog_model; + + function __construct($load) { + parent::__construct($load); + $this->blog_model = $this->load->model('blog'); + $this->comments_controller = $this->load->controller('_comments'); + } + + public function index(): void { + parent::index(); + $data = $this->blog_model->get_data(); + $this->view('header', $data); + $this->view('apps/blog', $data); + $this->view('footer', $data); + } + + private function protect($folder) { + if (!array_key_exists('name', $_GET)) { + $this->error(400); + } + + $basepath = $GLOBALS['assetroot'] . '/' . $folder . '/'; + $realBase = realpath($basepath); + + $userpath = $basepath . $_GET['name']; + $realUserPath = realpath($userpath); + + if ($realUserPath === false || strpos($realUserPath, $realBase) !== 0) { + $this->error(404); + } + } + + public function post(): void { + $this->protect('blog'); + parent::index(); + $data = $this->blog_model->get_post($_GET['name']); + if ($data === FALSE) { + $this->error(404); + } + $this->view('header', $data); + $this->view('apps/blog_post', $data); + $ref = 'blog/post?name=' . $_GET['name']; + $this->comments_controller->comments($data['post']['meta']['name'], $ref); + $this->view('footer', $data); + } + + public function writeup(): void { + $this->protect('writeup'); + parent::index(); + $data = $this->blog_model->get_writeup($_GET['name']); + if ($data === FALSE) { + $this->error(404); + } + $this->view('header', $data); + $this->view('apps/blog_writeup', $data); + $ref = 'blog/writeup?name=' . $_GET['name']; + $this->comments_controller->comments($data['post']['meta']['name'], $ref); + $this->view('footer', $data); + } + + public function rss() { + $data = $this->blog_model->get_data(); + header('Content-Type: application/xml'); + $this->view('apps/blog_rss', $data); + die(); + } + +} + +?> |