1: <?php
  2: 
  3: namespace Alpha\Controller;
  4: 
  5: use Alpha\Util\Logging\Logger;
  6: use Alpha\Util\Logging\KPI;
  7: use Alpha\Util\Config\ConfigProvider;
  8: use Alpha\Util\Security\SecurityUtils;
  9: use Alpha\Util\Extension\TCPDFFacade;
 10: use Alpha\Util\Http\Request;
 11: use Alpha\Util\Http\Response;
 12: use Alpha\Util\Http\Session\SessionProviderFactory;
 13: use Alpha\Util\File\FileUtils;
 14: use Alpha\Model\Article;
 15: use Alpha\Model\ArticleComment;
 16: use Alpha\View\View;
 17: use Alpha\View\ViewState;
 18: use Alpha\View\Widget\Button;
 19: use Alpha\Exception\SecurityException;
 20: use Alpha\Exception\AlphaException;
 21: use Alpha\Exception\RecordNotFoundException;
 22: use Alpha\Exception\IllegalArguementException;
 23: use Alpha\Exception\ResourceNotFoundException;
 24: use Alpha\Exception\FileNotFoundException;
 25: use Alpha\Model\ActiveRecord;
 26: use Alpha\Controller\Front\FrontController;
 27: 
 28: /**
 29:  * Controller used handle Article objects.
 30:  *
 31:  * @since 1.0
 32:  *
 33:  * @author John Collins <dev@alphaframework.org>
 34:  * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
 35:  * @copyright Copyright (c) 2015, John Collins (founder of Alpha Framework).
 36:  * All rights reserved.
 37:  *
 38:  * <pre>
 39:  * Redistribution and use in source and binary forms, with or
 40:  * without modification, are permitted provided that the
 41:  * following conditions are met:
 42:  *
 43:  * * Redistributions of source code must retain the above
 44:  *   copyright notice, this list of conditions and the
 45:  *   following disclaimer.
 46:  * * Redistributions in binary form must reproduce the above
 47:  *   copyright notice, this list of conditions and the
 48:  *   following disclaimer in the documentation and/or other
 49:  *   materials provided with the distribution.
 50:  * * Neither the name of the Alpha Framework nor the names
 51:  *   of its contributors may be used to endorse or promote
 52:  *   products derived from this software without specific
 53:  *   prior written permission.
 54:  *
 55:  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 56:  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 57:  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 58:  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 59:  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 60:  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 61:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 62:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 63:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 64:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 65:  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 66:  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 67:  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 68:  * </pre>
 69:  */
 70: class ArticleController extends ActiveRecordController implements ControllerInterface
 71: {
 72:     /**
 73:      * Trace logger.
 74:      *
 75:      * @var Alpha\Util\Logging\Logger
 76:      *
 77:      * @since 1.0
 78:      */
 79:     private static $logger = null;
 80: 
 81:     /**
 82:      * constructor to set up the object.
 83:      *
 84:      * @since 1.0
 85:      */
 86:     public function __construct()
 87:     {
 88:         self::$logger = new Logger('ArticleController');
 89:         self::$logger->debug('>>__construct()');
 90: 
 91:         // ensure that the super class constructor is called, indicating the rights group
 92:         parent::__construct('Public');
 93: 
 94:         self::$logger->debug('<<__construct');
 95:     }
 96: 
 97:     /**
 98:      * Handle GET requests.
 99:      *
100:      * @param Alpha\Util\Http\Request
101:      *
102:      * @return Alpha\Util\Http\Response
103:      *
104:      * @throws Alpha\Exception\ResourceNotFoundException
105:      *
106:      * @since 1.0
107:      */
108:     public function doGET($request)
109:     {
110:         self::$logger->debug('>>doGET($request=['.var_export($request, true).'])');
111: 
112:         $config = ConfigProvider::getInstance();
113: 
114:         $params = $request->getParams();
115: 
116:         $body = '';
117: 
118:         // handle requests for PDFs
119:         if (isset($params['title']) && (isset($params['pdf']) || $request->getHeader('Accept') == 'application/pdf')) {
120:             try {
121:                 $title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']);
122: 
123:                 if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) {
124:                     $record = new $params['ActiveRecordType'];
125:                 } else {
126:                     $record = new Article();
127:                 }
128:                 $record->loadByAttribute('title', $title);
129:                 $this->record = $record;
130: 
131:                 ActiveRecord::disconnect();
132: 
133:                 $pdf = new TCPDFFacade($record);
134:                 $pdfData = $pdf->getPDFData();
135:                 $pdfDownloadName = str_replace(' ', '-', $record->get('title').'.pdf');
136: 
137:                 $headers = array(
138:                     'Pragma' => 'public',
139:                     'Expires' => 0,
140:                     'Cache-Control' => 'must-revalidate, post-check=0, pre-check=0',
141:                     'Content-Transfer-Encoding' => 'binary',
142:                     'Content-Type' => 'application/pdf',
143:                     'Content-Length' => strlen($pdfData),
144:                     'Content-Disposition' => 'attachment; filename="'.$pdfDownloadName.'";',
145:                 );
146: 
147:                 return new Response(200, $pdfData, $headers);
148:             } catch (IllegalArguementException $e) {
149:                 self::$logger->error($e->getMessage());
150:                 throw new ResourceNotFoundException($e->getMessage());
151:             } catch (RecordNotFoundException $e) {
152:                 self::$logger->error($e->getMessage());
153:                 throw new ResourceNotFoundException($e->getMessage());
154:             }
155:         }
156: 
157:         // view edit article requests
158:         if ((isset($params['view']) && $params['view'] == 'edit') && (isset($params['title']) || isset($params['ActiveRecordOID']))) {
159:             if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) {
160:                 $record = new $params['ActiveRecordType'];
161:             } else {
162:                 $record = new Article();
163:             }
164: 
165:             try {
166:                 if (isset($params['title'])) {
167:                     $title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']);
168:                     $record->loadByAttribute('title', $title);
169:                 } else {
170:                     $record->load($params['ActiveRecordOID']);
171:                 }
172:             } catch (RecordNotFoundException $e) {
173:                 self::$logger->warn($e->getMessage());
174:                 $body .= View::renderErrorPage(404, 'Failed to find the requested article!');
175: 
176:                 return new Response(404, $body, array('Content-Type' => 'text/html'));
177:             }
178: 
179:             ActiveRecord::disconnect();
180: 
181:             $this->record = $record;
182:             $view = View::getInstance($record);
183: 
184:             // set up the title and meta details
185:             $this->setTitle($record->get('title').' (editing)');
186:             $this->setDescription('Page to edit '.$record->get('title').'.');
187:             $this->setKeywords('edit,article');
188: 
189:             $body .= View::displayPageHead($this);
190: 
191:             $message = $this->getStatusMessage();
192:             if (!empty($message)) {
193:                 $body .= $message;
194:             }
195: 
196:             $body .= $view->editView(array('URI' => $request->getURI()));
197:             $body .= View::renderDeleteForm($request->getURI());
198: 
199:             $body .= View::displayPageFoot($this);
200:             self::$logger->debug('<<doGET');
201: 
202:             return new Response(200, $body, array('Content-Type' => 'text/html'));
203:         }
204: 
205:         // handle requests for viewing articles
206:         if (isset($params['title']) || isset($params['ActiveRecordOID'])) {
207:             $KDP = new KPI('viewarticle');
208:             if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) {
209:                 $record = new $params['ActiveRecordType'];
210:             } else {
211:                 $record = new Article();
212:             }
213: 
214:             try {
215:                 if (isset($params['title'])) {
216:                     $title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']);
217: 
218:                     $record->loadByAttribute('title', $title, false, array('OID', 'version_num', 'created_ts', 'updated_ts', 'title', 'author', 'published', 'content', 'headerContent'));
219:                 } else {
220:                     $record->load($params['ActiveRecordOID']);
221:                 }
222: 
223:                 if (!$record->get('published')) {
224:                     throw new RecordNotFoundException('Attempted to load an article which is not published yet');
225:                 }
226: 
227:                 $record->set('tags', $record->getOID());
228:             } catch (IllegalArguementException $e) {
229:                 self::$logger->warn($e->getMessage());
230:                 throw new ResourceNotFoundException('The file that you have requested cannot be found!');
231:             } catch (RecordNotFoundException $e) {
232:                 self::$logger->warn($e->getMessage());
233:                 throw new ResourceNotFoundException('The article that you have requested cannot be found!');
234:             }
235: 
236:             $this->record = $record;
237:             $this->setTitle($record->get('title'));
238:             $this->setDescription($record->get('description'));
239: 
240:             $BOView = View::getInstance($record);
241: 
242:             $body .= View::displayPageHead($this);
243: 
244:             $message = $this->getStatusMessage();
245:             if (!empty($message)) {
246:                 $body .= $message;
247:             }
248: 
249:             $body .= $BOView->markdownView();
250: 
251:             $body .= View::displayPageFoot($this);
252: 
253:             $KDP->log();
254: 
255:             return new Response(200, $body, array('Content-Type' => 'text/html'));
256:         }
257: 
258:         // handle requests to view an article stored in a file
259:         if (isset($params['file'])) {
260:             try {
261:                 $record = new Article();
262: 
263:                 // just checking to see if the file path is absolute or not
264:                 if (mb_substr($params['file'], 0, 1) == '/') {
265:                     $record->loadContentFromFile($params['file']);
266:                 } else {
267:                     $record->loadContentFromFile($config->get('app.root').'docs/'.$params['file']);
268:                 }
269:             } catch (IllegalArguementException $e) {
270:                 self::$logger->error($e->getMessage());
271:                 throw new ResourceNotFoundException($e->getMessage());
272:             } catch (FileNotFoundException $e) {
273:                 self::$logger->warn($e->getMessage().' File path is ['.$params['file'].']');
274:                 throw new ResourceNotFoundException('Failed to load the requested article from the file system!');
275:             }
276: 
277:             $this->record = $record;
278:             $this->setTitle($record->get('title'));
279: 
280:             $BOView = View::getInstance($record);
281: 
282:             $body .= View::displayPageHead($this, false);
283: 
284:             $body .= $BOView->markdownView();
285: 
286:             $body .= View::displayPageFoot($this);
287: 
288:             return new Response(200, $body, array('Content-Type' => 'text/html'));
289:         }
290: 
291:         // handle requests to view a list of articles
292:         if (isset($params['start'])) {
293:             return parent::doGET($request);
294:         }
295: 
296:         // create a new article requests
297:         $record = new Article();
298:         $view = View::getInstance($record);
299: 
300:         // set up the title and meta details
301:         $this->setTitle('Creating article');
302:         $this->setDescription('Page to create a new article.');
303:         $this->setKeywords('create,article');
304: 
305:         $body .= View::displayPageHead($this);
306: 
307:         $message = $this->getStatusMessage();
308:         if (!empty($message)) {
309:             $body .= $message;
310:         }
311: 
312:         $fields = array('formAction' => $this->request->getURI());
313:         $body .= $view->createView($fields);
314: 
315:         $body .= View::displayPageFoot($this);
316:         self::$logger->debug('<<doGET');
317: 
318:         return new Response(200, $body, array('Content-Type' => 'text/html'));
319:     }
320: 
321:     /**
322:      * Method to handle PUT requests.
323:      *
324:      * @param Alpha\Util\Http\Request
325:      *
326:      * @return Alpha\Util\Http\Response
327:      *
328:      * @since 1.0
329:      */
330:     public function doPUT($request)
331:     {
332:         self::$logger->debug('>>doPUT($request=['.var_export($request, true).'])');
333: 
334:         $config = ConfigProvider::getInstance();
335: 
336:         $params = $request->getParams();
337: 
338:         try {
339:             // check the hidden security fields before accepting the form POST data
340:             if (!$this->checkSecurityFields()) {
341:                 throw new SecurityException('This page cannot accept post data from remote servers!');
342:                 self::$logger->debug('<<doPUT');
343:             }
344: 
345:             if (isset($params['markdownTextBoxRows']) && $params['markdownTextBoxRows'] != '') {
346:                 $viewState = ViewState::getInstance();
347:                 $viewState->set('markdownTextBoxRows', $params['markdownTextBoxRows']);
348:             }
349: 
350:             if (isset($params['title']) || isset($params['ActiveRecordOID'])) {
351:                 if (isset($params['ActiveRecordType']) && class_exists($params['ActiveRecordType'])) {
352:                     $record = new $params['ActiveRecordType'];
353:                 } else {
354:                     $record = new Article();
355:                 }
356: 
357:                 if (isset($params['title'])) {
358:                     $title = str_replace($config->get('cms.url.title.separator'), ' ', $params['title']);
359: 
360:                     $record->loadByAttribute('title', $title, false, array('OID', 'version_num', 'created_ts', 'updated_ts', 'title', 'author', 'published', 'content', 'headerContent'));
361:                 } else {
362:                     $record->load($params['ActiveRecordOID']);
363:                 }
364: 
365:                 // uploading an article attachment
366:                 if (isset($params['uploadBut'])) {
367:                     $source = $request->getFile('userfile')['tmp_name'];
368:                     $dest = $record->getAttachmentsLocation().'/'.$request->getFile('userfile')['name'];
369: 
370:                     // upload the file to the attachments directory
371:                     FileUtils::copy($source, $dest);
372: 
373:                     if (!file_exists($dest)) {
374:                         throw new AlphaException('Could not move the uploaded file ['.$request->getFile('userfile')['name'].']');
375:                     }
376: 
377:                     // set read/write permissions on the file
378:                     $success = chmod($dest, 0666);
379: 
380:                     if (!$success) {
381:                         throw new AlphaException('Unable to set read/write permissions on the uploaded file ['.$dest.'].');
382:                     }
383: 
384:                     if ($success) {
385:                         self::$logger->action('File '.$source.' uploaded to '.$dest);
386:                         $this->setStatusMessage(View::displayUpdateMessage('File '.$source.' uploaded to '.$dest));
387:                     }
388:                 } elseif (isset($params['deletefile']) && $params['deletefile'] != '') {
389:                     $success = unlink($record->getAttachmentsLocation().'/'.$params['deletefile']);
390: 
391:                     if (!$success) {
392:                         throw new AlphaException('Could not delete the file ['.$params['deletefile'].']');
393:                     }
394: 
395:                     if ($success) {
396:                         self::$logger->action('File '.$record->getAttachmentsLocation().'/'.$params['deletefile'].' deleted');
397:                         $this->setStatusMessage(View::displayUpdateMessage('File '.$record->getAttachmentsLocation().'/'.$params['deletefile'].' deleted'));
398:                     }
399:                 } else {
400:                     self::$logger->debug('<<doPUT');
401: 
402:                     return parent::doPUT($request);
403:                 }
404:             } else {
405:                 throw new IllegalArguementException('No valid article ID provided!');
406:             }
407:         } catch (SecurityException $e) {
408:             $this->setStatusMessage(View::displayErrorMessage($e->getMessage()));
409:             self::$logger->warn($e->getMessage());
410:         } catch (IllegalArguementException $e) {
411:             $this->setStatusMessage(View::displayErrorMessage($e->getMessage()));
412:             self::$logger->error($e->getMessage());
413:         } catch (RecordNotFoundException $e) {
414:             self::$logger->warn($e->getMessage());
415:             $this->setStatusMessage(View::displayErrorMessage('Failed to load the requested article from the database!'));
416:         } catch (AlphaException $e) {
417:             $this->setStatusMessage(View::displayErrorMessage($e->getMessage()));
418:             self::$logger->error($e->getMessage());
419:         }
420: 
421:         $response = new Response(301);
422: 
423:         if ($this->getNextJob() != '') {
424:             $response->redirect($this->getNextJob());
425:         } else {
426:             if ($this->request->isSecureURI()) {
427:                 $response->redirect(FrontController::generateSecureURL('act=Alpha\\Controller\\ActiveRecordController&ActiveRecordType=Alpha\Model\Article&ActiveRecordOID='.$record->getOID().'&view=edit'));
428:             } else {
429:                 $title = str_replace(' ', $config->get('cms.url.title.separator'), $record->get('title'));
430:                 $response->redirect($config->get('app.url').'/a/'.$title.'/edit');
431:             }
432:         }
433: 
434:         self::$logger->debug('<<doPUT');
435: 
436:         return $response;
437:     }
438: 
439:     /**
440:      * Method to handle DELETE requests.
441:      *
442:      * @param Alpha\Util\Http\Request
443:      *
444:      * @return Alpha\Util\Http\Response
445:      *
446:      * @since 2.0
447:      */
448:     public function doDELETE($request)
449:     {
450:         self::$logger->debug('>>doDELETE($request=['.var_export($request, true).'])');
451: 
452:         $this->setUnitOfWork(array());
453: 
454:         self::$logger->debug('<<doDELETE');
455: 
456:         return parent::doDELETE($request);
457:     }
458: 
459:     /**
460:      * Renders custom HTML header content.
461:      *
462:      * @return string
463:      *
464:      * @since 1.0
465:      */
466:     public function during_displayPageHead_callback()
467:     {
468:         $config = ConfigProvider::getInstance();
469: 
470:         $params = $this->request->getParams();
471: 
472:         $html = '';
473: 
474:         if ($config->get('cms.highlight.provider.name') == 'Alpha\Util\Code\Highlight\HighlightProviderLuminous') {
475:             $html .= '<link rel="StyleSheet" type="text/css" href="'.$config->get('app.url').'/css/luminous.css">';
476:             $html .= '<link rel="StyleSheet" type="text/css" href="'.$config->get('app.url').'/css/luminous_light.css">';
477:         }
478: 
479:         if ((isset($params['view']) && ($params['view'] == 'edit' || $params['view'] == 'create')) || (isset($params['ActiveRecordType']) && !isset($params['ActiveRecordOID']))) {
480: 
481:             $fieldid = ($config->get('security.encrypt.http.fieldnames') ? 'text_field_'.base64_encode(SecurityUtils::encrypt('content')).'_0' : 'text_field_content_0');
482: 
483:             $html .= '
484:                 <script type="text/javascript">
485:                 $(document).ready(function() {
486:                     $(\'[id="'.$fieldid.'"]\').pagedownBootstrap({
487:                         \'sanatize\': false
488:                     });
489:                 });
490:                 </script>';
491: 
492:         } elseif (isset($params['view']) && $params['view'] == 'print') {
493:             $html .= '<link rel="StyleSheet" type="text/css" href="'.$config->get('app.url').'/css/print.css">';
494:         }
495: 
496:         return $html;
497:     }
498: 
499:     /**
500:      * Callback that inserts the CMS level header.
501:      *
502:      * @return string
503:      *
504:      * @since 1.0
505:      */
506:     public function insert_CMSDisplayStandardHeader_callback()
507:     {
508:         if ($this->request->getParam('token') != null) {
509:             return '';
510:         }
511: 
512:         if (!$this->record instanceof Article) {
513:             return '';
514:         }
515: 
516:         $config = ConfigProvider::getInstance();
517: 
518:         $html = '';
519: 
520:         if ($config->get('cms.display.standard.header')) {
521:             $html .= '<p><a href="'.$config->get('app.url').'">'.$config->get('app.title').'</a> &nbsp; &nbsp;';
522:             $html .= 'Date Added: <em>'.$this->record->getCreateTS()->getDate().'</em> &nbsp; &nbsp;';
523:             $html .= 'Last Updated: <em>'.$this->record->getUpdateTS()->getDate().'</em> &nbsp; &nbsp;';
524:             $html .= 'Revision: <em>'.$this->record->getVersion().'</em></p>';
525:         }
526: 
527:         $html .= $config->get('cms.header');
528: 
529:         return $html;
530:     }
531: 
532:     /**
533:      * Callback used to render footer content, including comments, votes and print/PDF buttons when
534:      * enabled to do so.
535:      *
536:      * @return string
537:      *
538:      * @since 1.0
539:      */
540:     public function before_displayPageFoot_callback()
541:     {
542:         $config = ConfigProvider::getInstance();
543:         $sessionProvider = $config->get('session.provider.name');
544:         $session = SessionProviderFactory::getInstance($sessionProvider);
545: 
546:         $html = '';
547:         $params = $this->request->getParams();
548: 
549:         // this will ensure that direct requests to ActiveRecordController will be re-directed here.
550:         if (isset($this->record) && !$this->record->isTransient()) {
551:             $this->setName($config->get('app.url').$this->request->getURI());
552:             $this->setUnitOfWork(array($config->get('app.url').$this->request->getURI(), $config->get('app.url').$this->request->getURI()));
553:         } else {
554:             $this->setUnitOfWork(array());
555:         }
556: 
557:         if ($this->record != null) {
558:             if (isset($params['view']) && $params['view'] == 'detailed') {
559:                 if ($config->get('cms.display.comments')) {
560:                     $html .= $this->renderComments();
561:                 }
562: 
563:                 if ($config->get('cms.display.tags')) {
564:                     $tags = $this->record->getPropObject('tags')->getRelatedObjects();
565: 
566:                     if (count($tags) > 0) {
567:                         $html .= '<p>Tags:';
568: 
569:                         foreach ($tags as $tag) {
570:                             $html .= ' <a href="'.$config->get('app.url').'/search/'.$tag->get('content').'">'.$tag->get('content').'</a>';
571:                         }
572:                         $html .= '</p>';
573:                     }
574:                 }
575: 
576:                 if ($config->get('cms.display.votes')) {
577:                     $rating = $this->record->getArticleScore();
578:                     $votes = $this->record->getArticleVotes();
579:                     $html .= '<p>Average Article User Rating: <strong>'.$rating.'</strong> out of 10 (based on <strong>'.count($votes).'</strong> votes)</p>';
580:                 }
581: 
582:                 if (!$this->record->checkUserVoted() && $config->get('cms.voting.allowed')) {
583:                     $URL = FrontController::generateSecureURL('act=Alpha\Controller\ActiveRecordController&ActiveRecordType=Alpha\Model\ArticleVote');
584:                     $html .= '<form action="'.$URL.'" method="post" accept-charset="UTF-8">';
585:                     $fieldname = ($config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt('score')) : 'score');
586:                     $html .= '<p>Please rate this article from 1-10 (10 being the best):'.
587:                             '<select name="'.$fieldname.'">'.
588:                             '<option value="1">1'.
589:                             '<option value="2">2'.
590:                             '<option value="3">3'.
591:                             '<option value="4">4'.
592:                             '<option value="5">5'.
593:                             '<option value="6">6'.
594:                             '<option value="7">7'.
595:                             '<option value="8">8'.
596:                             '<option value="9">9'.
597:                             '<option value="10">10'.
598:                             '</select></p>&nbsp;&nbsp;';
599: 
600:                     $fieldname = ($config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt('articleOID')) : 'articleOID');
601:                     $html .= '<input type="hidden" name="'.$fieldname.'" value="'.$this->record->getOID().'"/>';
602: 
603:                     $fieldname = ($config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt('personOID')) : 'personOID');
604:                     $html .= '<input type="hidden" name="'.$fieldname.'" value="'.$session->get('currentUser')->getID().'"/>';
605: 
606:                     $fieldname = ($config->get('security.encrypt.http.fieldnames') ? base64_encode(SecurityUtils::encrypt('statusMessage')) : 'statusMessage');
607:                     $html .= '<input type="hidden" name="'.$fieldname.'" value="Thank you for rating this article!"/>';
608: 
609:                     $temp = new Button('submit', 'Vote!', 'voteBut');
610:                     $html .= $temp->render();
611: 
612:                     $html .= View::renderSecurityFields();
613:                     $html .= '<form>';
614:                 }
615: 
616:                 ActiveRecord::disconnect();
617: 
618:                 if ($config->get('cms.allow.print.versions')) {
619:                     $html .= '&nbsp;&nbsp;';
620:                     $temp = new Button("window.open('".$this->record->get('printURL')."')", 'Open Printer Version', 'printBut');
621:                     $html .= $temp->render();
622:                 }
623: 
624:                 $html .= '&nbsp;&nbsp;';
625:                 if ($config->get('cms.allow.pdf.versions')) {
626:                     $html .= '&nbsp;&nbsp;';
627:                     $temp = new Button("document.location = '".FrontController::generateSecureURL("act=Alpha\Controller\ArticleController&mode=pdf&title=".$this->record->get('title'))."';", 'Open PDF Version', 'pdfBut');
628:                     $html .= $temp->render();
629:                 }
630: 
631:                 // render edit button for admins only
632:                 if ($session->get('currentUser') instanceof Alpha\Model\Person && $session->get('currentUser')->inGroup('Admin')) {
633:                     $html .= '&nbsp;&nbsp;';
634:                     $button = new Button("document.location = '".FrontController::generateSecureURL('act=Alpha\Controller\ArticleController&mode=edit&ActiveRecordOID='.$this->record->getID())."'", 'Edit', 'editBut');
635:                     $html .= $button->render();
636:                 }
637:             }
638: 
639:             if ($config->get('cms.display.standard.footer')) {
640:                 $html .= '<p>Article URL: <a href="'.$this->record->get('URL').'">'.$this->record->get('URL').'</a><br>';
641:                 $html .= 'Title: '.$this->record->get('title').'<br>';
642:                 $html .= 'Author: '.$this->record->get('author').'</p>';
643:             }
644:         }
645: 
646:         $html .= $config->get('cms.footer');
647: 
648:         return $html;
649:     }
650: 
651:     /**
652:      * Method for displaying the user comments for the article.
653:      *
654:      * @return string
655:      *
656:      * @since 1.0
657:      */
658:     private function renderComments()
659:     {
660:         $config = ConfigProvider::getInstance();
661:         $sessionProvider = $config->get('session.provider.name');
662:         $session = SessionProviderFactory::getInstance($sessionProvider);
663: 
664:         $html = '';
665: 
666:         $comments = $this->record->getArticleComments();
667:         $commentsCount = count($comments);
668: 
669:         $URL = FrontController::generateSecureURL('act=Alpha\Controller\ActiveRecordController&ActiveRecordType=Alpha\Model\ArticleComment');
670: 
671:         $fields = array('formAction' => $URL);
672: 
673:         if ($config->get('cms.display.comments') && $commentsCount > 0) {
674:             $html .= '<h2>There are ['.$commentsCount.'] user comments for this article</h2>';
675: 
676:             for ($i = 0; $i < $commentsCount; ++$i) {
677:                 $view = View::getInstance($comments[$i]);
678:                 $html .= $view->markdownView($fields);
679:             }
680:         }
681: 
682:         if ($session->get('currentUser') != null && $config->get('cms.comments.allowed')) {
683:             $comment = new ArticleComment();
684:             $comment->set('articleOID', $this->record->getID());
685: 
686:             $view = View::getInstance($comment);
687:             $html .= $view->createView($fields);
688:         }
689: 
690:         return $html;
691:     }
692: }
693: