6 files changed, 142 insertions, 23 deletions

diff --git a/htdocs/new-post.php b/htdocs/new-post.php
index b4dd6ad..7112a8c 100644
--- a/htdocs/new-post.php
+++ b/htdocs/new-post.php
@@ -138,7 +138,8 @@ function finish_post() {
         );
 
     $error = '';
-    $values = array();
+    $values = array('title' => '', 'description' => '',
+        'email' => '', 'email2' => '');
     foreach ($required as $field => $desc) {
         if (!isset($_POST[$field]) or trim($_POST[$field]) == '') { 
             $error .= "<p>$desc is a required field.</p>";
@@ -188,9 +189,11 @@ function handle_images() {
 function finish_images() {
     $post = $_SESSION['newpost'];
 
-    if (isset($_FILES['images']) and is_array($_FILES['images'])) {
-        foreach ($_FILES['images'] as $file) {
-            $post->addImage($file['tmp_name']);
+    if (isset($_FILES['images'])) {
+        foreach ($_FILES["images"]["error"] as $key => $error) {
+            if ($error == UPLOAD_ERR_OK) {
+                $post->addImage($_FILES['images']['tmp_name'][$key]);
+            }
         }
     }
 
@@ -223,21 +226,25 @@ require_once "src/footer.inc.php";
 
 
 function render_form($error="") {
-    global $values;
+
+    $title = isset($_POST['title']) ? $_POST['title'] : '';
+    $description = isset($_POST['description']) ? $_POST['description'] : '';
+    $email = isset($_POST['email']) ? $_POST['email'] : '';
+    $email2 = isset($_POST['email2']) ? $_POST['email2'] : '';
 
     if ($error != '') {
         echo "<div class=\"errorbox\">$error</div>";
     }
 
-    echo "<p><label>Title: <input type=\"text\" name=\"title\" value=\"${_POST[title]}\" /></label></p>";
+    echo "<p><label>Title: <input type=\"text\" name=\"title\" value=\"$title\" /></label></p>";
 
     echo "<p><label for=\"desc\">Description:</label></p>";
     echo "<p><textarea name=\"description\" id=\"desc\" rows=\"10\""
-            . " cols=\"80\">${_POST[description]}</textarea></p>";
+            . " cols=\"80\">$description</textarea></p>";
 
-    echo "<p><label>Email Address: <input type=\"text\" name=\"email\" value=\"${_POST[email]}\" />"
+    echo "<p><label>Email Address: <input type=\"text\" name=\"email\" value=\"$email\" />"
             . "</label>";
-    echo " <label>Confirm Email: <input type=\"text\" name=\"email2\" value=\"${_POST[email2]}\" />"
+    echo " <label>Confirm Email: <input type=\"text\" name=\"email2\" value=\"$email2\" />"
             . "</label></p>"
             . "<p>Your email address will only be visible to our moderators.</p>";
 
diff --git a/htdocs/postimages.php b/htdocs/postimages.php
new file mode 100644
index 0000000..375e8d7
--- /dev/null
+++ b/htdocs/postimages.php
@@ -0,0 +1,55 @@
+<?php
+
+/* Foursquare Community Site
+ * 
+ * Copyright (C) 2011 Foursquare Church.
+ * 
+ * Developers: Jesse Morgan <jmorgan@foursquarestaff.com>
+ *
+ */
+
+require_once "src/base.inc.php";
+
+// Make sure we had a path info
+if (!isset($_SERVER['PATH_INFO'])) {
+    errorNotFound();
+}
+
+// Clean up the id in the path info.
+$id = substr($_SERVER['PATH_INFO'], 1);
+
+if (!is_numeric($id)) {
+    errorNotFound();
+}
+
+// Get the post.
+$post = Post::getByImage($id);
+
+if (!$post or 
+    (!isset($_SESSION['currentUser']) and $post->getStage() != 'approved')) {
+    errorNotFound();
+}
+
+// Check if file exists.
+$file = $CONFIG['uploads'] . "/$id";
+
+if (!file_exists($file)) {
+    echo $file;
+    errorNotFound();
+}
+
+// Output the file
+$info = getimagesize($file);
+header('Content-Type: ' . $info['mime']);
+header('Content-Transfer-Encoding: binary');
+header('Content-Length: ' . filesize($file));
+readfile($file);
+exit;
+
+function errorNotFound() {
+    header("HTTP/1.0 404 Not Found");
+    exit;
+}
+
+?>
+
diff --git a/htdocs/postings.php b/htdocs/postings.php
index 5c3dd55..7550e18 100644
--- a/htdocs/postings.php
+++ b/htdocs/postings.php
@@ -50,9 +50,16 @@ if (isset($_GET['moderate'])) {
 
 echo "<h2>". $post->getName() ."</h2>";
 
-echo "<p>". $post->getDescription() ."</p>";
+echo "<p>Date: ". date('r', $post->getTimestamp()) ."</p>";
 
+echo "<p class=\"desc\">". 
+    str_replace("\n", '<br />', $post->getDescription())
+    ."</p>";
 
+foreach ($post->getImages() as $imgid) {
+    echo "<p><img src=\"". $GLOBALS['CONFIG']['urlroot']
+        . "/postimages/$imgid\" /></p>";
+}
 
 require_once "src/footer.inc.php";
 
diff --git a/htdocs/src/Post.inc.php b/htdocs/src/Post.inc.php
index 34230b2..c05cb7e 100644
--- a/htdocs/src/Post.inc.php
+++ b/htdocs/src/Post.inc.php
@@ -13,6 +13,7 @@ require_once "base.inc.php";
 class Post {
     private $info;
     private $indatabase = false;
+    private $images;
 
 
     public function __construct($info=null) {
@@ -24,6 +25,8 @@ class Post {
         } else {
             $this->indatabase = false;
         }
+
+        $images = null;
     }
 
     public static function getById($id) {
@@ -38,6 +41,12 @@ class Post {
         return Post::getPost($where);
     }
 
+    public static function getByImage($imgid) {
+        $where = "id=(SELECT post_id FROM image WHERE id='$imgid')";
+
+        return Post::getPost($where);
+    }
+
     private static function getPost($where) {
         $query = "SELECT *, UNIX_TIMESTAMP(created) AS createdts FROM post WHERE $where";
 
@@ -150,6 +159,10 @@ class Post {
         return $this->info['created'];
     }
 
+    public function getTimestamp() {
+        return $this->info['createdts'];
+    }
+
     public function getEmail() {
         return $this->info['email'];
     }
@@ -186,24 +199,60 @@ class Post {
         return $this->info['location'];
     }
 
-    public function addImage($file) {
-        // TODO: Verify file type
+    public function getImages() { 
+        if ($this->images == null) {
+            $this->loadImages();
+        }
 
-        // TODO: Unique name for file.
-        $newfile = $GLOBALS['CONFIG']['uploads'];
+        return $this->images;
+    }
 
-        if (move_uploaded_file($file, $newfile)) {
-            return true;
+    public function addImage($file) {
+        // Verify file type
+        $info = @getimagesize($file);
 
-        } else {
+        if (!$info) {
             return false;
         }
+
+        // TODO Verify image dimensions?
+
+        // Get image id
+        $db = getDatabase();
+        try {
+            $id = $db->insert('image', array('post_id' => $this->getId()));
+            $newfile = $GLOBALS['CONFIG']['uploads'] . "/$id";
+
+            if (move_uploaded_file($file, $newfile)) {
+                // Invalidate the image cache
+                $this->images = null;
+
+                return true;
+            }
+
+        } catch (Cif_Database_Exception $e) {
+
+        }
+
+        return false;
+    }
+
+    private function loadImages() {
+        $query = "SELECT id FROM image WHERE post_id='". $this->getId() ."'";
+
+        $db = getDatabase();
+        $imgs = $db->fetchAssocRows($query);
+
+        $this->images = array();
+        foreach ($imgs as $img) {
+            $this->images[] = $img['id'];
+        }
     }
 
     public function sendValidation() {
         $email = new Email($this->getEmail());
 
-        $email->setSubject($GLOBAL['CONFIG']['sitetitle'] . " Email Validation");
+        $email->setSubject($GLOBALS['CONFIG']['sitetitle'] . " Email Validation");
 
         $url = $GLOBALS['CONFIG']['urlroot'] . '/validate.php?id=' . $this->getSecretId();
         
@@ -216,7 +265,7 @@ class Post {
     public function sendAcceptance() {
         $email = new Email($this->getEmail());
 
-        $email->setSubject($GLOBAL['CONFIG']['sitetitle'] . " Posting Approved");
+        $email->setSubject($GLOBALS['CONFIG']['sitetitle'] . " Posting Approved");
 
         $email->appendMessage("Your posting titled ". $this->getName()
             ." has been approved by our moderation team.\n\n");
@@ -231,7 +280,7 @@ class Post {
     public function sendRejection($message='') {
         $email = new Email($this->getEmail());
 
-        $email->setSubject($GLOBAL['CONFIG']['sitetitle'] . " Posting Rejected");
+        $email->setSubject($GLOBALS['CONFIG']['sitetitle'] . " Posting Rejected");
 
         $email->appendMessage("Your posting titled ". $this->getName()
             ." has been rejected by our moderation team.\n\n");
diff --git a/htdocs/src/PostIterator.inc.php b/htdocs/src/PostIterator.inc.php
index cced79b..43c1a05 100644
--- a/htdocs/src/PostIterator.inc.php
+++ b/htdocs/src/PostIterator.inc.php
@@ -42,7 +42,7 @@ class PostIterator implements Iterator {
     }
 
     public function limit($limit) {
-        $this->limit = limit;
+        $this->limit = $limit;
     }
 
     public function rewind() {
diff --git a/htdocs/src/config.inc.php b/htdocs/src/config.inc.php
index 211a798..829c632 100644
--- a/htdocs/src/config.inc.php
+++ b/htdocs/src/config.inc.php
@@ -19,11 +19,12 @@ $CONFIG = array(
     'sitetitle'  => 'Foursquare Community',
     'email_from' => 'community@myfoursquarechurch.com',
 
-    'urlroot'   => 'http://localhost/~jesse/p4s/community/htdocs',
+    'urlroot'   => '/~jesse/p4s/community/htdocs',
     'root'      => '/home/jesse/Development/p4square/community/htdocs',
+    'uploads'   => '/home/jesse/Development/p4square/community/uploads',
 
     'debug'      => true,
-    'production' => false,
+    'production' => true,
 );
 
 set_include_path(get_include_path() . PATH_SEPARATOR . $CONFIG['root'].'/src');