ntry;
}
// this will remove the blog entry. this will
// perform any of the security checks necessary to ensure that the
// user is authorized to remove the entry. It will return false
// if there was an error trying to delete the entry.
function deleteBlogEntryById($entryId) {
// figure out who the currently logged in user is.
$uid = getUID($HTTP_SESSION_VARS['login']);
// retrieve the entry.
$blogEntry = $this->getBlogEntryById($entryId);
if (($uid == $blogEntry->entryUserId) or (isBlogAdmin($this->blogId)) or (isAdmin())) {
// yes, they are authorized, so remove the entry.
if ( $blogEntry->delete() ) {
return true;
}
}
// must not have worked...
return false;
}
// this funciton will update the selected blog entry after performing
// security checks to make sure the user is authorized to perform the update.
function updateBlogEntryById($entryId, $title, $body, $formatId, $categoryId) {
// figure out who the currently logged in user is.
$uid = getUID($HTTP_SESSION_VARS['login']);
$title = escape($title);
$body = escape ($body);
// retrieve the entry
$blogEntry = $this->getBlogEntryById($entryId);
if (($uid == $blogEntry->entryUserId) or (isBlogAdmin($this->blogId)) or (isAdmin())) {
// yes, they are authorized, so remove the entry.
if ( $blogEntry->update($title, $body, $formatId, $categoryId) ) {
return true;
}
}
// must not have worked...
return false;
}
// this will return those blog entries that
// match all of the criteria that were submitted. This is
// primarily used by archive.php
function getBlogEntriesByCriteria($keyword, $entryId, $categoryId, $date) {
global $db;
$sql = "select * from blog_entries where blog_id = $this->blogId ";
if ( !empty($keyword) ) {
$sql .= " and title LIKE '%$key
word%' OR body LIKE '%$keyword%' ";
}
if ( !empty($entryId) ) {
$sql .= " and compat_entry_id = $entryId ";
}
if ( !empty($categoryId) ) {
$sql .= " and cat_id = $categoryId ";
}
if ( !empty($date) ) {
$sql .= " and date like '$date%' ";
}
$sql .= " order by compat_entry_id DESC ";
$rs = $db->Execute($sql);
if (!$rs) {
// nothing in result set. return empty array.
return array();
} else {
$blogEntries = array();
while (!$rs->EOF) {
$blogEntry = new BlogEntry($rs, $this->blogTableName, $this->blogId);
$blogEntries[] = $blogEntry;
$rs->MoveNext();
}