diff options
| author | Dries Buytaert <dries@buytaert.net> | 2000-10-19 13:31:23 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2000-10-19 13:31:23 +0000 |
| commit | 11ee95dadc408e16e9832af9fd0b41495e78b0a6 (patch) | |
| tree | a8f5ca3387e360b37d0eafc4edfdc5fdc52d3b87 | |
| parent | 43af5a7389265891770e4a283e4748678754797f (diff) | |
| download | brdo-11ee95dadc408e16e9832af9fd0b41495e78b0a6.tar.gz brdo-11ee95dadc408e16e9832af9fd0b41495e78b0a6.tar.bz2 | |
A big, fat commit with a shitload of internal changes. Not that much
visual changes:
- removed redundant files user.class.php, calendar.class.php
and backend.class.php.
- converted *all* mysql queries to queries supported by the
database abstraction layer.
- expanded the watchdog to record more information on what
actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'
and last but not least:
- redid 50% of the user account system
| -rw-r--r-- | account.php | 266 | ||||
| -rw-r--r-- | admin.php | 16 | ||||
| -rw-r--r-- | diary.php | 1 | ||||
| -rw-r--r-- | discussion.php | 55 | ||||
| -rw-r--r-- | faq.php | 14 | ||||
| -rw-r--r-- | includes/backend.class.php | 241 | ||||
| -rw-r--r-- | includes/calendar.class.php | 76 | ||||
| -rw-r--r-- | includes/config.inc | 16 | ||||
| -rw-r--r-- | includes/database.inc | 5 | ||||
| -rw-r--r-- | includes/function.inc | 25 | ||||
| -rw-r--r-- | includes/submission.inc | 14 | ||||
| -rw-r--r-- | includes/template.inc | 8 | ||||
| -rw-r--r-- | includes/user.inc | 41 | ||||
| -rw-r--r-- | index.php | 2 | ||||
| -rw-r--r-- | submission.php | 2 | ||||
| -rw-r--r-- | submit.php | 2 | ||||
| -rw-r--r-- | themes/marvin/marvin.theme | 22 | ||||
| -rw-r--r-- | themes/unconed/unconed.theme | 22 |
18 files changed, 274 insertions, 554 deletions
diff --git a/account.php b/account.php index 2c30239f5..ffeb263f2 100644 --- a/account.php +++ b/account.php @@ -8,35 +8,37 @@ function account_get_user($uname) { return db_fetch_object($result); } -function account_login($userid = "") { +function account_login() { $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n"; $output .= " <TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n"; - $output .= " <TR><TH>User ID:</TH><TD><INPUT NAME=\"userid\" VALUE=\"$userid\"></TD></TR>\n"; - $output .= " <TR><TH>Password:</TH><TD><INPUT NAME=\"passwd\" TYPE=\"password\"></TD></TR>\n"; - $output .= " <TR><TD ALIGN=\"center\"><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Login\"></TD></TR>\n"; - $output .= " <TR><TD ALIGN=\"center\"><A HREF=\"account.php?op=new\">Register</A> as new user.</A></TD></TR>\n"; - $output .= " <TR><TD COLSPAN=\"2\">$user->ublock</TD></TR>\n"; + $output .= " <TR><TH ALIGN=\"right\">Username:</TH><TD><INPUT NAME=\"userid\"></TD></TR>\n"; + $output .= " <TR><TH ALIGN=\"right\">Password:</TH><TD><INPUT NAME=\"passwd\" TYPE=\"password\"></TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\" COLSPAN=\"2\"><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Login\"></TD></TR>\n"; $output .= " </TABLE>\n"; $output .= "</FORM>\n"; + $output .= "You don't have an account yet? <A HREF=\"account.php?op=register\">Register</A> as new user.\n"; + return $output; } function account_session_start($userid, $passwd) { global $user; - session_start(); + $user = new User($userid, $passwd); - if ($user && user_valid()) { + + if ($user->id) { + session_start(); session_register("user"); - watchdog(1, "session opened for user `$user->userid'."); + watchdog(1, "session opened for user `$user->userid'"); } else { - watchdog(2, "failed login for user `$userid'."); + watchdog(2, "failed login for user `$userid'"); } } function account_session_close() { global $user; - watchdog(1, "session closed for user `$user->userid'."); + watchdog(1, "$user->userid: sucessful attempt to logout"); session_unset(); session_destroy(); unset($user); @@ -45,18 +47,21 @@ function account_session_close() { function account_user_edit() { global $theme, $user; - if ($user->id && user_valid()) { + if ($user->id) { ### Generate output/content: $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n"; + $output .= "<B>Username:</B><BR>\n"; + $output .= " $user->userid<P>\n"; + $output .= "<I>Required, unique, and can not be changed.</I><P>\n"; $output .= "<B>Real name:</B><BR>\n"; $output .= "<INPUT NAME=\"edit[name]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->name\"><BR>\n"; $output .= "<I>Optional.</I><P>\n"; $output .= "<B>Real e-mail address:</B><BR>\n"; - $output .= "<INPUT NAME=\"edit[email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->email\"><BR>\n"; - $output .= "<I>Required, but never displayed publicly: needed in case you lose your password.</I><P>\n"; + $output .= " $user->real_email<P>\n"; + $output .= "<I>Required, unique, can not be changed and is never displayed publicly: only needed in case you lose your password.</I><P>\n"; $output .= "<B>Fake e-mail address:</B><BR>\n"; - $output .= "<INPUT NAME=\"edit[femail]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->femail\"><BR>\n"; - $output .= "<I>Optional, and displayed publicly by your comments. You may spam proof it if you want.</I><P>\n"; + $output .= "<INPUT NAME=\"edit[fake_email]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->fake_email\"><BR>\n"; + $output .= "<I>Optional, and displayed publicly. You may spam proof your real e-mail address if you want.</I><P>\n"; $output .= "<B>URL of homepage:</B><BR>\n"; $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=\"55\" SIZE=\"30\" VALUE=\"$user->url\"><BR>\n"; $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n"; @@ -67,7 +72,7 @@ function account_user_edit() { $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">$user->signature</TEXTAREA><BR>\n"; $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n"; $output .= "<B>Password:</B><BR>\n"; - $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"><INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n"; + $output .= "<INPUT TYPE=\"password\" NAME=\"edit[pass1]\" SIZE=\"10\" MAXLENGTH=\"20\"> <INPUT TYPE=\"password\" NAME=\"edit[pass2]\" SIZE=\"10\" MAXLENGTH=\"20\"><BR>\n"; $output .= "<I>Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.</I><P>\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save user information\"><BR>\n"; $output .= "</FORM>\n"; @@ -79,30 +84,30 @@ function account_user_edit() { } else { $theme->header(); - $theme->box("Login", account_login($userid)); + $theme->box("Login", account_login()); $theme->footer(); } } function account_user_save($edit) { global $user; - if ($user && user_valid()) { + if ($user->id) { $data[name] = $edit[name]; - $data[email] = $edit[email]; - $data[femail] = $edit[femail]; + $data[fake_email] = $edit[fake_email]; $data[url] = $edit[url]; $data[bio] = $edit[bio]; $data[signature] = $edit[signature]; - if ($edit[pass1] == $edit[pass2] && !empty($edit[pass1])) { $data[passwd] = $edit[pass1]; } - dbsave("users", $data, $user->id); - user_rehash(); + + if ($edit[pass1] && $edit[pass1] == $edit[pass2]) $data[passwd] = $edit[pass1]; + + user_save($data, $user->id); } } function account_page_edit() { global $theme, $themes, $user; - if ($user && user_valid()) { + if ($user->id) { ### Generate output/content: $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n"; $output .= "<B>Theme:</B><BR>\n"; @@ -115,27 +120,27 @@ function account_page_edit() { $output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n"; $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n"; $output .= "<B>Maximum number of stories:</B><BR>\n"; - $output .= "<INPUT NAME=\"edit[storynum]\" MAXLENGTH=\"3\" SIZE=\"3\" VALUE=\"$user->storynum\"><P>\n"; + $output .= "<INPUT NAME=\"edit[stories]\" MAXLENGTH=\"3\" SIZE=\"3\" VALUE=\"$user->stories\"><P>\n"; $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n"; - $options = "<OPTION VALUE=\"nested\"". ($user->umode == "nested" ? " SELECTED" : "") .">Nested</OPTION>"; - $options .= "<OPTION VALUE=\"flat\"". ($user->umode == "flat" ? " SELECTED" : "") .">Flat</OPTION>"; - $options .= "<OPTION VALUE=\"threaded\"". ($user->umode == "threaded" ? " SELECTED" : "") .">Threaded</OPTION>"; + $options = "<OPTION VALUE=\"nested\"". ($user->mode == "nested" ? " SELECTED" : "") .">Nested</OPTION>"; + $options .= "<OPTION VALUE=\"flat\"". ($user->mode == "flat" ? " SELECTED" : "") .">Flat</OPTION>"; + $options .= "<OPTION VALUE=\"threaded\"". ($user->mode == "threaded" ? " SELECTED" : "") .">Threaded</OPTION>"; $output .= "<B>Comment display mode:</B><BR>\n"; - $output .= "<SELECT NAME=\"edit[umode]\">$options</SELECT><P>\n"; - $options = "<OPTION VALUE=\"0\"". ($user->uorder == 0 ? " SELECTED" : "") .">Oldest first</OPTION>"; - $options .= "<OPTION VALUE=\"1\"". ($user->uorder == 1 ? " SELECTED" : "") .">Newest first</OPTION>"; - $options .= "<OPTION VALUE=\"2\"". ($user->uorder == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>"; + $output .= "<SELECT NAME=\"edit[mode]\">$options</SELECT><P>\n"; + $options = "<OPTION VALUE=\"0\"". ($user->sort == 0 ? " SELECTED" : "") .">Oldest first</OPTION>"; + $options .= "<OPTION VALUE=\"1\"". ($user->sort == 1 ? " SELECTED" : "") .">Newest first</OPTION>"; + $options .= "<OPTION VALUE=\"2\"". ($user->sort == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>"; $output .= "<B>Comment sort order:</B><BR>\n"; - $output .= "<SELECT NAME=\"edit[uorder]\">$options</SELECT><P>\n"; - $options = "<OPTION VALUE=\"-1\"". ($user->thold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>"; - $options .= "<OPTION VALUE=\"0\"". ($user->thold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>"; - $options .= "<OPTION VALUE=\"1\"". ($user->thold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>"; - $options .= "<OPTION VALUE=\"2\"". ($user->thold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>"; - $options .= "<OPTION VALUE=\"3\"". ($user->thold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>"; - $options .= "<OPTION VALUE=\"4\"". ($user->thold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>"; - $options .= "<OPTION VALUE=\"5\"". ($user->thold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>"; + $output .= "<SELECT NAME=\"edit[sort]\">$options</SELECT><P>\n"; + $options = "<OPTION VALUE=\"-1\"". ($user->threshold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>"; + $options .= "<OPTION VALUE=\"0\"". ($user->threshold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>"; + $options .= "<OPTION VALUE=\"1\"". ($user->threshold == 1 ? " SELECTED" : "") .">1: Display almost no anonymous comments.</OPTION>"; + $options .= "<OPTION VALUE=\"2\"". ($user->threshold == 2 ? " SELECTED" : "") .">2: Display comments with score +2 only.</OPTION>"; + $options .= "<OPTION VALUE=\"3\"". ($user->threshold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>"; + $options .= "<OPTION VALUE=\"4\"". ($user->threshold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>"; + $options .= "<OPTION VALUE=\"5\"". ($user->threshold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>"; $output .= "<B>Comment threshold:</B><BR>\n"; - $output .= "<SELECT NAME=\"edit[thold]\">$options</SELECT><BR>\n"; + $output .= "<SELECT NAME=\"edit[threshold]\">$options</SELECT><BR>\n"; $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save page settings\"><BR>\n"; $output .= "</FORM>\n"; @@ -147,33 +152,32 @@ function account_page_edit() { } else { $theme->header(); - $theme->box("Login", account_login($userid)); + $theme->box("Login", account_login()); $theme->footer(); } } function account_page_save($edit) { global $user; - if ($user && user_valid()) { + if ($user->id) { $data[theme] = $edit[theme]; - $data[storynum] = $edit[storynum]; - $data[umode] = $edit[umode]; - $data[uorder] = $edit[uorder]; - $data[thold] = $edit[thold]; - dbsave("users", $data, $user->id); - user_rehash(); + $data[stories] = $edit[stories]; + $data[mode] = $edit[mode]; + $data[sort] = $edit[sort]; + $data[threshold] = $edit[threshold]; + user_save($data, $user->id); } } function account_user($uname) { global $user, $theme; - if ($user && $uname && $user->userid == $uname) { + if ($user->id && $user->userid == $uname) { $output .= "<P>Welcome $user->userid! This is <B>your</B> user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.</P>\n"; $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n"; $output .= " <TR><TD ALIGN=\"right\"><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Name:</B></TD><TD>". format_data($user->name) ."</TD></TR>\n"; - $output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email_address($user->femail) ."</A></TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email_address($user->fake_email) ."</A></TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($user->url) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Bio:</B></TD><TD>". format_data($user->bio) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Signature:</B></TD><TD>". format_data($user->signature) ."</TD></TR>\n"; @@ -187,7 +191,7 @@ function account_user($uname) { elseif ($uname && $account = account_get_user($uname)) { $box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n"; $box1 .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n"; - $box1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email_address($account->femail) ."</TD></TR>\n"; + $box1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email_address($account->fake_email) ."</TD></TR>\n"; $box1 .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n"; $box1 .= " <TR><TD ALIGN=\"right\"><B>Bio:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n"; $box1 .= "</TABLE>\n"; @@ -219,50 +223,51 @@ function account_user($uname) { else { ### Display login form: $theme->header(); - $theme->box("Login", account_login($userid)); + $theme->box("Login", account_login()); $theme->footer(); } } -function account_register() { - if ($rval = account_validate($new)) { - account_new($new, "<B>Error: $rval</B>"); - } - else { - ### Generate new password: - $new[passwd] = account_password(); - dbsave("users", $new); - - if ($mail == 1) { - ### Display account information: - $theme->header(); - $theme->box("Account details", "Your password is: <B>$new[passwd]</B><BR><A HREF=\"account.php?op=Login&userid=$new[userid]&passwd=$new[passwd]\">Login</A> to change your personal settings."); - $theme->footer(); - } - else { - ### Send e-mail with account details: - mail($new[email], "Account details for $sitename", "$new[userid],\n\nyour $sitename member account has been created succesfully. To be able to use it, you must login using the information below. Please save this mail for further reference.\n\n username: $new[userid]\n e-mail: $new[email]\n password: $new[passwd]\n\nThis password is generated by a randomizer. It is recommended that you change this password immediately.\n\n$contact_signature", "From: $contact_email\nX-Mailer: PHP/" . phpversion()); +function account_validate($user) { + include "includes/ban.inc"; - ### Display account information: - $theme->header(); - $theme->box("Account details", "Your member account has been created and the details necessary to login have been sent to your e-mail account <B>$new[email]</B>. Once you received the account confirmation, hit <A HREF=\"account.php\">this link</A> to login."); - $theme->footer(); - } - watchdog(1, "new user `$new[userid]' registered with e-mail address `$new[email]'"); - } + ### Verify username and e-mail address: + $user[userid] = trim($user[userid]); + if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n"; + if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n"; + if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n"; + + ### Check to see whether the username or e-mail address are banned: + if ($ban = ban_match($user[userid], $type2index[usernames])) $error .= "<LI>the specified username is banned for the following reason: <I>$ban->reason</I>.</LI>\n"; + if ($ban = ban_match($user[real_email], $type2index[addresses])) $error .= "<LI>the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.</LI>\n"; + + ### Verify whether username and e-mail address are unique: + if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error .= "<LI>the specified username is already taken.</LI>\n"; + if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error .= "<LI>the specified e-mail address is already registered.</LI>\n"; + + return $error; } -function account_new($user = "", $error = "") { +function account_register_enter($user = "", $error = "") { global $theme; - $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n"; - $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n"; - if (!empty($error)) $output .= "<TR><TD COLSPAN=2>$error</TD></TR>\n"; - $output .= "<TR><TH>Name:</TH><TD><INPUT NAME=\"new[name]\" VALUE=\"$new[name]\"></TD></TR>\n"; - $output .= "<TR><TH>User ID:</TR><TD><INPUT NAME=\"new[userid]\" VALUE=\"$new[userid]\"></TD></TR>\n"; - $output .= "<TR><TH>E-mail:</TH><TD><INPUT NAME=\"new[email]\" VALUE=\"$new[email]\"></TD></TR>\n"; - $output .= "<TR><TD ALIGN=right COLSPAN=2><INPUT NAME=op TYPE=submit VALUE=\"Register\"></TD></TR>\n"; - $output .= "</TABLE>\n"; + if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to register.</FONT>$error</B>\n"; + else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to maintain an online diary, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Register' button below. An e-mail will then be sent to you with instructions on how to validate your account.</P>\n"; + + $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n"; + $output .= "<P>\n"; + $output .= " <B>Username:</B><BR>\n"; + $output .= " <INPUT NAME=\"new[userid]\" VALUE=\"$new[userid]\"><BR>\n"; + $output .= " <SMALL><I>Enter your desired username: only letters, numbers and some special characters are allowed.</I></SMALL><BR>\n"; + $output .= "</P>\n"; + $output .= "<P>\n"; + $output .= " <B>E-mail address:</B><BR>\n"; + $output .= " <INPUT NAME=\"new[real_email]\" VALUE=\"$new[real_email]\"><BR>\n"; + $output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n"; + $output .= "</P>\n"; + $output .= "<P>\n"; + $output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Register\">\n"; + $output .= "</P>\n"; $output .= "</FORM>\n"; $theme->header(); @@ -270,24 +275,62 @@ function account_new($user = "", $error = "") { $theme->footer(); } -function account_validate($user) { - include "includes/ban.inc"; +function account_register_submit($new) { + global $theme, $mail, $sitename; - ### Verify username and e-mail address: - $user[userid] = trim($user[userid]); - if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>"; - if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>"; - if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters."; + if ($rval = account_validate($new)) { + account_register_enter($new, "$rval"); + } + else { + $new[passwd] = account_password(); + $new[status] = 1; + $new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12); - ### Check to see whether the username or e-mail address are banned: - if ($ban = ban_match($user[userid], $type2index[usernames])) $rval = "the specified username is banned for the following reason: <I>$ban->reason</I>."; - if ($ban = ban_match($user[email], $type2index[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>."; + user_save($new); - ### Verify whether username and e-mail address are unique: - if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken."; - if (db_num_rows(db_query("SELECT email FROM users WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered."; + $link = "http://". getenv("HOSTNAME") ."/account.php?op=confirm&name=$new[userid]&hash=$new[hash]"; + $message = "$new[userid],\n\n\nsomeone signed up for a user account on $sitename and supplied this email address as their contact. If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login. You can activate your account by visiting the URL below:\n\n $link\n\nVisiting this URL will automatically activate your account. Once activated you can login using the following information:\n\n username: $new[userid]\n password: $new[passwd]\n\n\n-- $sitename crew\n"; + // mail($new[real_email], "Account details for $sitename", $message, "From: noreply@$sitename"); + print "<PRE>$message</PRE>\n"; + + watchdog(1, "new user `$new[userid]' <$new[real_email]>"); - return($rval); + $theme->header(); + $theme->box("Account details", "Congratulations! Your member account has been sucessfully created and further instructions on how to activate your account have been sent to your e-mail address."); + $theme->footer(); + } +} + +function account_register_confirm($name, $hash) { + global $theme; + + $result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'"); + + if ($account = db_fetch_object($result)) { + if ($account->status == 1) { + if ($account->hash == $hash) { + db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'"); + $output .= "Your account has been sucessfully confirmed. You can click <A HREF=\"account.php?op=login\">here</A> to login.\n"; + watchdog(1, "$name: account confirmation sucessful"); + } + else { + $output .= "Confirmation failed: invalid confirmation hash.\n"; + watchdog(3, "$name: invalid confirmation hash"); + } + } + else { + $output .= "Confirmation failed: your account has already been confirmed. You can click <A HREF=\"account.php?op=login\">here</A> to login.\n"; + watchdog(3, "$name: attempt to re-confirm account"); + } + } + else { + $output .= "Confirmation failed: no such account found.<BR>"; + watchdog(3, "$name: attempt to confirm non-existing account"); + } + + $theme->header(); + $theme->box("Account confirmation", $output); + $theme->footer(); } function account_password($min_length=6) { @@ -300,9 +343,8 @@ function account_password($min_length=6) { function account_comments() { global $theme, $user; - $output .= "<P>This page might be helpful in case you want to keep track of your most recent comments in any of the discussions. You are given an overview of your comments in each of the stories you participates in along with the number of replies each comment got.\n<P>\n"; + $info = "<P>This page might be helpful in case you want to keep track of your most recent comments in any of the discussions. You are given an overview of your comments in each of the stories you participates in along with the number of replies each comment got.\n<P>\n"; - ### Perform query: $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5"); while ($story = db_fetch_object($sresult)) { @@ -315,7 +357,9 @@ function account_comments() { } $output .= " </UL>\n"; } - + + $output = ($output) ? "$info $output" : "$info <CENTER><B>You have not posted any comments recently.</B></CENTER>\n"; + $theme->header(); $theme->box("Track your comments", $output); $theme->footer(); @@ -326,8 +370,14 @@ switch ($op) { account_session_start($userid, $passwd); header("Location: account.php?op=info"); break; - case "new": - account_new(); + case "register": + account_register_enter(); + break; + case "confirm": + account_register_confirm($name, $hash); + break; + case "Register": + account_register_submit($new); break; case "view": account_user($name); @@ -343,7 +393,7 @@ switch ($op) { header("Location: account.php"); break; case "Register": - account_register($new); + account_register_submit($new); break; case "user": account_user_edit(); @@ -8,7 +8,7 @@ if ($user->userid != "Dries") exit(); */ function account_display($order = "username") { - $sort = array("ID" => "id", "fake e-mail address" => "femail", "homepage" => "url", "hostname" => "last_host", "last access date" => "last_access", "real e-mail address" => "email", "real name" => "name", "status" => "status", "theme" => "theme", "username" => "userid"); + $sort = array("ID" => "id", "fake e-mail address" => "fake_email", "homepage" => "url", "hostname" => "last_host", "last access date" => "last_access", "real e-mail address" => "real_email", "real name" => "name", "status" => "status", "theme" => "theme", "username" => "userid"); $show = array("ID" => "id", "username" => "userid", "$order" => "$sort[$order]", "status" => "status"); ### Perform query: @@ -39,7 +39,7 @@ function account_display($order = "username") { $output .= " <TR>\n"; foreach ($show as $key=>$value) { switch($value) { - case "email": + case "real_email": $output .= " <TD>". format_email_address($account[$value]) ."</TD>\n"; break; case "last_access": @@ -91,8 +91,8 @@ function account_view($name) { $output .= " <TR><TD ALIGN=\"right\"><B>ID:</B></TD><TD>$account->id</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Real name:</B></TD><TD>". format_data($account->name) ."</TD></TR>\n"; - $output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email_address($account->email) ."</TD></TR>\n"; - $output .= " <TR><TD ALIGN=\"right\"><B>Fake e-mail address:</B></TD><TD>". format_data($account->femail) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email_address($account->real_email) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Fake e-mail address:</B></TD><TD>". format_data($account->fake_email) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>URL of homepage:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Last access:</B></TD><TD>". format_date($account->last_access) ." from $account->last_host</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Bio information:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n"; @@ -110,10 +110,10 @@ function account_view($name) { */ function log_display($order = "date") { $colors = array("#FFFFFF", "#FFFFFF", "#90EE90", "#CD5C5C"); - $fields = array("date" => "id DESC", "username" => "user", "message" => "message DESC", "level" => "level DESC"); + $fields = array("date" => "id DESC", "username" => "user", "location" => "location", "message" => "message DESC", "level" => "level DESC"); ### Perform query: - $result = db_query("SELECT l.*, u.userid FROM logs l LEFT JOIN users u ON l.user = u.id ORDER BY l.$fields[$order]"); + $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id ORDER BY l.$fields[$order]"); ### Generate output: $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; @@ -146,13 +146,14 @@ function log_display($order = "date") { } function log_view($id) { - $result = db_query("SELECT l.*, u.userid FROM logs l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id"); + $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id"); if ($log = db_fetch_object($result)) { $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Level:</B></TD><TD>$log->level</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($log->timestamp, "extra large") ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>User:</B></TD><TD>". format_username($log->userid, 1) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Location:</B></TD><TD>$log->location</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Message:</B></TD><TD>$log->message</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Hostname:</B></TD><TD>$log->hostname</TD></TR>\n"; $output .= "</TABLE>\n"; @@ -557,7 +558,6 @@ function info_display() { $output .= "sitename: $sitename<BR>\n"; $output .= "e-mail address: $contact_email<BR>\n"; - $output .= "signature: $contact_signature<BR>\n"; $output .= "send e-mail notifications: $notify<BR>\n"; $output .= "allowed HTML tags: <I>". htmlspecialchars($allowed_html) ."</I><BR>\n"; $output .= "anonymous user: $anonymous<BR>\n"; @@ -66,7 +66,6 @@ function diary_display($username) { function diary_add() { global $theme, $user, $allowed_html; - ### Submission form: $output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n"; $output .= "<P>\n"; diff --git a/discussion.php b/discussion.php index 1a06b0426..a6097b4d8 100644 --- a/discussion.php +++ b/discussion.php @@ -23,33 +23,33 @@ function discussion_moderate($moderate) { } } -function discussion_kids($cid, $mode, $thold, $level = 0, $dummy = 0) { +function discussion_kids($cid, $mode, $threshold, $level = 0, $dummy = 0) { global $user, $theme; $comments = 0; - $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $thold) ORDER BY c.timestamp, c.cid"); + $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $threshold) ORDER BY c.timestamp, c.cid"); if ($mode == "nested") { while ($comment = db_fetch_object($result)) { - if ($comment->score >= $thold) { + if ($comment->score >= $threshold) { if ($level && !$comments) print "<UL>"; $comments++; $link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>"; - $theme->comment($comment->userid, stripslashes($comment->subject), stripslashes($comment->comment), $comment->timestamp, stripslashes($comment->url), stripslashes($comment->femail), discussion_score($comment), $comment->votes, $comment->cid, $link); + $theme->comment($comment->userid, stripslashes($comment->subject), stripslashes($comment->comment), $comment->timestamp, stripslashes($comment->url), stripslashes($comment->fake_email), discussion_score($comment), $comment->votes, $comment->cid, $link); - discussion_kids($comment->cid, $mode, $thold, $level + 1, $dummy + 1); + discussion_kids($comment->cid, $mode, $threshold, $level + 1, $dummy + 1); } } } else { // mode == 'flat' while ($comment = db_fetch_object($result)) { - if ($comment->score >= $thold) { + if ($comment->score >= $threshold) { $link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>"; - $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->femail, discussion_score($comment), $comment->votes, $comment->cid, $link); + $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid, $link); } - discussion_kids($comment->cid, $mode, $thold); + discussion_kids($comment->cid, $mode, $threshold); } } @@ -58,11 +58,11 @@ function discussion_kids($cid, $mode, $thold, $level = 0, $dummy = 0) { } } -function discussion_childs($cid, $thold, $level = 0, $thread) { +function discussion_childs($cid, $threshold, $level = 0, $thread) { global $theme, $user; ### Perform SQL query: - $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $thold) ORDER BY c.timestamp, c.cid"); + $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $threshold) ORDER BY c.timestamp, c.cid"); if ($level == 0) $thread = ""; $comments = 0; @@ -78,7 +78,7 @@ function discussion_childs($cid, $thold, $level = 0, $thread) { $thread .= "<LI><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid\">". check_output($comment->subject) ."</A> by ". format_username($comment->userid) ." <SMALL>(". discussion_score($comment) .")<SMALL></LI>"; ### Recursive: - discussion_childs($comment->cid, $thold, $level + 1, &$thread); + discussion_childs($comment->cid, $threshold, $level + 1, &$thread); } if ($level && $comments) { @@ -88,12 +88,15 @@ function discussion_childs($cid, $thold, $level = 0, $thread) { return $thread; } -function discussion_settings($mode, $order, $thold) { +function discussion_settings($mode, $order, $threshold) { global $user; if ($user->id) { - db_query("UPDATE users SET umode = '$mode', uorder = '$order', thold = '$thold' WHERE id = '$user->id'"); - user_rehash(); + $data[mode] = $mode; + $data[sort] = $order; + $data[threshold] = $threshold; + + user_save($data, $user->id); } } @@ -103,9 +106,9 @@ function discussion_display($sid, $pid, $cid, $level = 0) { ### Pre-process variables: $pid = (empty($pid)) ? 0 : $pid; $cid = (empty($cid)) ? 0 : $cid; - $mode = ($user) ? $user->umode : "threaded"; - $order = ($user) ? $user->uorder : "1"; - $thold = ($user) ? $user->thold : "0"; + $mode = ($user->id) ? $user->mode : "threaded"; + $order = ($user->id) ? $user->sort : "1"; + $threshold = ($user->id) ? $user->threshold : "0"; ### Compose story-query: $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status != 0 AND s.id = $sid"); @@ -116,10 +119,10 @@ function discussion_display($sid, $pid, $cid, $level = 0) { else $theme->article($story, "[ <A HREF=\"\"><FONT COLOR=\"$theme->hlcolor2\">home</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$story->id&pid=0\"><FONT COLOR=\"$theme->hlcolor2\">add a comment</FONT></A> ]"); ### Display `comment control'-box: - if ($user->id) $theme->commentControl($sid, $title, $thold, $mode, $order); + if ($user->id) $theme->commentControl($sid, $title, $threshold, $mode, $order); ### Compose query: - $query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.sid = $sid AND c.pid = $pid AND (c.votes = 0 OR c.score / c.votes >= $thold)"; + $query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.sid = $sid AND c.pid = $pid AND (c.votes = 0 OR c.score / c.votes >= $threshold)"; if ($order == 1) $query .= " ORDER BY c.timestamp DESC"; if ($order == 2) $query .= " ORDER BY c.score DESC"; $result = db_query($query); @@ -139,12 +142,12 @@ function discussion_display($sid, $pid, $cid, $level = 0) { ### Display the comments: if (empty($mode) || $mode == "threaded") { - $thread = discussion_childs($comment->cid, $thold); - $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->femail, discussion_score($comment), $comment->votes, $comment->cid, $link, $thread); + $thread = discussion_childs($comment->cid, $threshold); + $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid, $link, $thread); } else { - $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->femail, discussion_score($comment), $comment->votes, $comment->cid, $link); - discussion_kids($comment->cid, $mode, $thold, $level); + $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid, $link); + discussion_kids($comment->cid, $mode, $threshold, $level); } } @@ -159,7 +162,7 @@ function discussion_reply($pid, $sid) { ### Extract parent-information/data: if ($pid) { $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid")); - $theme->comment($item->userid, check_output(stripslashes($item->subject)), check_output(stripslashes($item->comment)), $item->timestamp, stripslashes($item->url), stripslashes($item->femail), discussion_score($comment), $comment->votes, $item->cid, "reply to this comment"); + $theme->comment($item->userid, check_output(stripslashes($item->subject)), check_output(stripslashes($item->comment)), $item->timestamp, stripslashes($item->url), stripslashes($item->fake_email), discussion_score($comment), $comment->votes, $item->cid, "reply to this comment"); } else { $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid")); @@ -211,7 +214,7 @@ function comment_preview($pid, $sid, $subject, $comment) { ### Preview comment: if ($user->id) $theme->comment("", check_output(stripslashes($subject)), check_output(stripslashes($comment)), time(), "", "", "", "", "", "reply to this comment"); - else $theme->comment($user->userid, check_output(stripslashes($subject)), check_output(stripslashes($comment)), time(), stripslashes($user->url), stripslashes($user->femail), "", "", "", "reply to this comment"); + else $theme->comment($user->userid, check_output(stripslashes($subject)), check_output(stripslashes($comment)), time(), stripslashes($user->url), stripslashes($user->fake_email), "", "", "", "reply to this comment"); ### Build reply form: $output .= "<FORM ACTION=\"discussion.php\" METHOD=\"post\">\n"; @@ -308,7 +311,7 @@ switch($op) { $theme->footer(); break; case "Save": - discussion_settings($mode, $order, $thold); + discussion_settings($mode, $order, $threshold); $theme->header(); discussion_display($id, $pid, $sid); $theme->footer(); @@ -51,6 +51,20 @@ $output = " <DT><B>Is the source code of this site available?</B></DT> <DD>This site is powered by <A HREF=\"http://www.fsf.org/\">Free Software</A>; including <A HREF=\"http://www.apache.org/\">Apache</A>, <A HREF=\"http://www.php.net/\">PHP</A>, <A HREF=\"http://www.mysql.com/\">MySQL</A> and <A HREF=\"http://www.linux.com/\">Linux</A>, and is inspired by several <A HREF=\"http://www.fsf.org/\">Free Software</A> projects. Therefor we have decided to make the software engine of this site available under terms of GPL.<P>However, the sources are <B>not</B> available yet at this time, but will be released as soon we have a first, well-rounded source tree that has proven to be stable. If you can't wait or in case you have big plans (like `total domination') with the engine, don't hesitate to contact us and we might grant you CVS access.<P></DD> + <DT><B>What features does the engine have?</B></DT> + <DD> + <LI>a theme system: the entire website is fully themable in terms of colors, layout, look-and-feel and markup.</LI> + <LI>a user account system with session management, secure authentication, human-readable password generator, user and page preferences, comment tracker and so on.</LI> + <LI>a discussion system: supports different display (<I>threaded</I>, <I>flat</I>, <I>netsted</I>) and order (<I>newest first</I>, <I>oldest first</I>, <I>highest scorings first</I>), comment moderation, customable HTML-support, etc.</LI> + <LI>a database abstraction layer: allows the website to run on top of different database systems.</LI> + <LI>anonymous reader/poster support across the entire site in case visitors prefers to remain anonymous or in case cookies are disabled.</LI> + <LI>a submission queue and submission moderation.</LI> + <LI>an embedded diary system.</LI> + <LI>an administrator section which is considered the control center of the website.</LI> + <LI>a RDF/RSS backend which allows third party websites to become <I>channels</I> in your website with a minimum of extra work.</LI> + <P> + </DD> + <DT><B>What is your privacy policy?</B></DT> <DD>--- under construction ---<P></DD> diff --git a/includes/backend.class.php b/includes/backend.class.php deleted file mode 100644 index 865ec2e77..000000000 --- a/includes/backend.class.php +++ /dev/null @@ -1,241 +0,0 @@ -<? - -include "function.inc"; - -class backend { - - // Channel properties: - var $id; - var $url; - var $site; - var $file; - var $contact; - var $timestamp; - - // Contains the raw rdf/rss/xml file: - var $data; - - // Contains the parsed rdf/rss/xml file: - var $headlines = array(); // latest headlines - - - ##### - # Syntax.......: backend(...); - # Description..: Constructor - initializes the internal variables. - # - function backend($id, $site, $url, $file, $contact, $timout = 1800) { - ### Get channel info: - $result = db_query("SELECT * FROM channel WHERE id = '$id' OR site = '$site'"); - - if ($channel = db_fetch_object($result)) { - ### Initialize internal variables: - $this->id = $channel->id; - $this->site = $channel->site; - $this->file = $channel->file; - $this->url = $channel->url; - $this->contact = $channel->contact; - $this->timestamp = $channel->timestamp; - - ### Check to see whether we have to update our headlines first: - if (time() - $this->timestamp > $timout) $this->url2sql(); - - ### Read headlines: - $result = db_query("SELECT * FROM headlines WHERE id = $this->id ORDER BY number"); - while ($headline = db_fetch_object($result)) { - array_push($this->headlines, "<A HREF=\"$headline->link\">$headline->title</A>"); - } - - } - else { - $this->site = $site; - $this->url = $url; - $this->file = $file; - $this->contact = $contact; - } - } - - ##### - # Syntax.......: rdf2sql(optional timout value in seconds); - # Description..: Reads a RDF file from a server, parses it and inserts - # the fresh data in a MySQL table. - # - function rdf2sql($timout = 10) { - if ($this->file) { - ### Decode URL: - $url = parse_url($this->file); - $host = $url[host]; - $port = $url[port] ? $url[port] : 80; - $path = $url[path]; - - // print "<PRE><B>Debug:</B> $url - $host - $port - $path</PRE>"; - - ### Retrieve data from website: - $fp = fsockopen($host, $port, &$errno, &$errstr, $timout); - - if ($fp) { - ### Get data from URL: - fputs($fp, "GET $path HTTP/1.0\n"); - fputs($fp, "User-Agent: headline grabber\n"); - fputs($fp, "Host: ". $host ."\n"); - fputs($fp, "Accept: */*\n\n"); - - while(!feof($fp)) $data .= fgets($fp, 128); - - // print "<PRE>$data</PRE><HR>"; - - if (strstr($data, "200 OK")) { - - ### Remove existing entries: - $result = db_query("DELETE FROM headlines WHERE id = $this->id"); - - ### Strip all 'junk': - $data = ereg_replace("<?xml.*/image>", "", $data); - $data = ereg_replace("</rdf.*", "", $data); - $data = chop($data); - - ### Iterating through our data processing each entry/item: - $items = explode("</item>", $data); - $number = 0; - - for (reset($items); $item = current($items); next($items)) { - ### Extract data: - $link = ereg_replace(".*<link>", "", $item); - $link = ereg_replace("</link>.*", "", $link); - $title = ereg_replace(".*<title>", "", $item); - $title = ereg_replace("</title>.*", "", $title); - - ### Clean headlines: - $title = stripslashes(fixquotes($title)); - - ### Count the number of stories: - $number += 1; - - ### Insert item in database: - $result = db_query("INSERT INTO headlines (id, title, link, number) VALUES('$this->id', '$title', '$link', '$number')"); - } - - ### Mark channels as being updated: - $result = db_query("UPDATE channel SET timestamp = '". time() ."' WHERE id = $this->id"); - $this->timestamp = time(); - } - else print "<HR>RDF parser: 404 error?<BR><BR><PRE>$data</PRE><HR>"; - } - } - } - - - ##### - # Syntax.......: rss2sql(optional timout value in seconds); - # Description..: Reads a RSS file from a server, parses it and inserts - # the fresh data in a MySQL table. - # - function rss2sql($timout = 10) { - print "backend->rss2sql : TODO<BR>"; - } - - - ##### - # Syntax.......: xml2sql(optional timout value in seconds); - # Description..: Reads a XML file from a server, parses it and inserts - # the fresh data in a MySQL table. - # - function xml2sql($timout = 10) { - print "backend->xml2sql : TODO<BR>"; - } - - - ##### - # Syntax.......: url2sql(optional timout value in seconds); - # Description..: Generic function to fetch fresh headlines. It checks whether - # we are dealing with a remote RDF, RSS or XML file and calls - # the appropriate function to fetch the headline. The function - # is an abstraction towards the programmer as he doesn't need - # to know with what file extension we are dealing. - # - function url2sql($timout = 10) { - if (strstr($this->file, ".rdf")) $this->rdf2sql($timout); - if (strstr($this->file, ".rss")) $this->rss2sql($timout); - if (strstr($this->file, ".xml")) $this->xml2sql($timout); - } - - - ##### - # Syntax.......: - # Description..: - # - function displayHeadlines($timout = 1800) { - global $theme; - - ### Get channel info: - $result = db_query("SELECT * FROM channel WHERE site = '$this->site'"); - - if ($this->id) { - - ### Check to see whether we have to update our headlines first: - if (time() - $this->timestamp > $timout) $this->url2sql(); - - ### Grab headlines from database: - $result = db_query("SELECT * FROM headlines WHERE id = $this->id ORDER BY number"); - while ($headline = db_fetch_object($result)) { - $content .= "<LI><A HREF=\"$headline->link\">$headline->title</A></LI>"; - } - ### Add timestamp: - $update = round((time() - $this->timestamp) / 60); - $content .= "<P ALIGN=\"right\">[ <A HREF=\"backend.php?op=reset&site=$this->site\"><FONT COLOR=\"$theme->hlcolor2\">reset</FONT></A> | updated $update min. ago ]</P>"; - - ### Display box: - $theme->box("$this->site", $content); - } - else print "<P>Warning: something whiched happened: specified channel could not be found in database.</P>"; - } - - - ##### - # Syntax.......: add() - # Description..: Adds this backend to the database. - # - function add() { - ### Add channel: - $result = db_query("INSERT INTO channel (site, file, url, contact, timestamp) VALUES ('$this->site', '$this->file', '$this->url', '$this->contact', 42)"); - } - - - ##### - # Syntax.......: delete() - # Description..: Deletes this backend - # - function delete() { - ### Delete channel: - $result = db_query("DELETE FROM channel WHERE id = $this->id"); - - ### Delete headlines: - $result = db_query("DELETE FROM headlines WHERE id = $this->id"); - } - - ##### - # Syntax.......: refresh() - # Description..: Deletes all headlines associated with this backend. - # - function refresh() { - ### Delete headlines: - $result = db_query("DELETE FROM headlines WHERE id = $this->id"); - - ### Mark channel as invalid to enforce an update: - $result = db_query("UPDATE channel SET timestamp = 42 WHERE id = $this->id"); - } - - ##### - # Syntax.......: dump() - # Description..: Dumps the content of this class to screen. - # - function dump() { - print "<B>Dump backend:</B><BR>"; - print "Id: $this->id<BR>"; - print "Site: $this->site<BR>"; - print "URL: $this->url<BR>"; - print "File: $this->file<BR>"; - print "Contact: $this->contact<BR>"; - } -} - -?> diff --git a/includes/calendar.class.php b/includes/calendar.class.php deleted file mode 100644 index 561363c33..000000000 --- a/includes/calendar.class.php +++ /dev/null @@ -1,76 +0,0 @@ -<? - -class calendar { - var $date; - - function calendar($date) { - $this->date = $date; - } - - function display() { - global $PHP_SELF; - - ### Extract information from the given date: - $month = date("n", $this->date); - $year = date("Y", $this->date); - $day = date("d", $this->date); - - ### Extract first day of the month: - $first = date("w", mktime(0, 0, 0, $month, 1, $year)); - - ### Extract last day of the month: - $last = date("t", mktime(0, 0, 0, $month, 1, $year)); - - ### Calculate previous and next months dates: - $prev = mktime(0, 0, 0, $month - 1, $day, $year); - $next = mktime(0, 0, 0, $month + 1, $day, $year); - - ### Generate calendar header: - $output .= "\n<!-- calendar -->\n"; - $output .= "<TABLE WIDTH=\"100%\" BORDER=\"1\" CELLSPACING=\"0\" CELLPADDING=\"1\">\n"; - $output .= " <TR><TD ALIGN=\"center\" COLSPAN=\"7\"><SMALL><A HREF=\"$PHP_SELF?date=$prev\"><</A> ". date("F Y", $this->date) ." <A HREF=\"$PHP_SELF?date=$next\">></A></SMALL></TD></TR>\n"; - $output .= " <TR><TD ALIGN=\"center\"><SMALL>S</SMALL></TD><TD ALIGN=\"center\"><SMALL>M</SMALL></TD><TD ALIGN=\"center\"><SMALL>T</SMALL></TD><TD ALIGN=\"center\"><SMALL>W</SMALL></TD><TD ALIGN=\"center\"><SMALL>T</SMALL></TD><TD ALIGN=\"center\"><SMALL>F</SMALL></TD><TD ALIGN=\"center\"><SMALL>S</SMALL></TD></TR>\n"; - - ### Initialize temporary variables: - $nday = 1; - $sday = $first; - - ### Loop through all the days of the month: - while ($nday <= $last) { - ### Set up blank days for first week of the month: - if ($first) { - $output .= " <TR><TD COLSPAN=\"$first\"> </TD>\n"; - $first = 0; - } - - ### Start every week on a new line: - if ($sday == 0) $output .= " <TR>\n"; - - ### Print one cell: - $date = mktime(24, 0, 0, $month, $nday, $year); - if ($nday == $day) $output .= " <TD ALIGN=\"center\"><SMALL><B>$nday</B></SMALL></TD>\n"; - else if ($date > time()) $output .= " <TD ALIGN=\"center\"><SMALL>$nday</SMALL></TD>\n"; - else $output .= " <TD ALIGN=\"center\"><SMALL><A HREF=\"$PHP_SELF?date=$date\" STYLE=\"text-decoration: none;\">$nday</A></SMALL></TD>\n"; - - ### Start every week on a new line: - if ($sday == 6) $output .= " </TR>\n"; - - ### Update temporary variables: - $sday++; - $sday = $sday % 7; - $nday++; - } - - ### Complete the calendar: - if ($sday) { - $end = 7 - $sday; - $output .= " <TD COLSPAN=\"$end\"> </TD>\n </TR>\n"; - } - $output .= "</TABLE>\n\n"; - - ### Return calendar: - return $output; - } -} - -?> diff --git a/includes/config.inc b/includes/config.inc index 4d54bca98..d4f535919 100644 --- a/includes/config.inc +++ b/includes/config.inc @@ -9,7 +9,7 @@ $dbuname = "dries"; $dbpass = "Abc123"; $dbname = "dries"; -#$dbhost = "localhost"; +#$dbhost = ""; #$dbuname = "dries"; #$dbpass = "oakley"; #$dbname = "dries"; @@ -24,7 +24,6 @@ $sitename = "drop.org"; # The contact information will be used to send out automated mails # to users, account holders or visitors. $contact_email = "droppies@zind.net"; -$contact_signature = "Kind regards,\n\n-- the drop.org crew\nhttp://beta.drop.org/"; # # Notify: @@ -80,13 +79,13 @@ $anonymous = "Anonymous Chicken"; # $themes = array("Marvin" => array( "themes/marvin/marvin.theme", - "white, simple"), + "classic theme, white, basic design with a fresh look"), "Zaphod" => array( "themes/zaphod/zaphod.theme", - "yellow, simple"), + "classis theme, yellow, structured, advanced navigation"), "UnConeD" => array( "themes/unconed/unconed.theme", - "gray, flashy")); + "modern theme, gray and blue, high coolness factor")); # # Submission moderation votes: @@ -105,11 +104,4 @@ $submission_votes = array("neutral (+0)" => "+ 0", $submission_post_threshold = "2"; $submission_dump_threshold = "-2"; -# -# Debug flag: -# Set to '1' if you are using Windows so the engine won't try -# to send out mails and such. When using Unix or Linux, set -# to '0' -$mail = 0; - ?>
\ No newline at end of file diff --git a/includes/database.inc b/includes/database.inc index 3721fbd65..843cb270a 100644 --- a/includes/database.inc +++ b/includes/database.inc @@ -26,9 +26,8 @@ function db_query($query, $debug = false) { $qid = mysql_query($query); ### debug output (if required): - if ($debug || empty($qid)) { - print "<PRE>query: ". htmlspecialchars($query) ."<BR>error message: ". mysql_error() ."</PRE>"; - } + if ($debug || empty($qid)) print "<PRE>query: ". htmlspecialchars($query) ."<BR>error message: ". mysql_error() ."</PRE>"; + if (empty($qid)) watchdog(3, "error: ". mysql_error() ."<BR>query: ". htmlspecialchars($query) .""); ### return result from query: return $qid; diff --git a/includes/function.inc b/includes/function.inc index 281eb0358..5c1a3615a 100644 --- a/includes/function.inc +++ b/includes/function.inc @@ -1,7 +1,7 @@ <? include "includes/database.inc"; -include "includes/log.inc"; +include "includes/watchdog.inc"; function id2story($id) { ### Perform query: @@ -9,17 +9,6 @@ function id2story($id) { return db_fetch_object($result); } -function dbsave($dbase, $data, $id=0) { - foreach ($data as $key=>$value) { - if ($key == "passwd") { $query .= "$key=PASSWORD('". addslashes($value) ."'), "; } - else { $query .= "$key='". addslashes($value) ."', "; } - } - $query = substr($query, 0, -2); - - if (!empty($id)) { db_query("UPDATE $dbase SET $query WHERE id=$id") or die(mysql_error()); return $id; } - else { db_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); } -} - function load_theme() { global $user, $themes; @@ -44,7 +33,7 @@ function check_output($message) { function discussion_num_replies($id, $count = 0) { $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = $id"); - return ($result) ? mysql_result($result, 0) : 0; + return ($result) ? db_result($result, 0) : 0; } function format_plural($count, $one, $more) { @@ -93,14 +82,4 @@ function format_url($address, $description = "") { return ($address) ? "<A HREF=\"$address\">$description</A>" : format_data($address); } -function format_story_link($story, $subject = "") { - global $user; - $output .= "<A HREF=\"discussion.php?id=$story->id"; - $output .= ($user->umode) ? "&mode=$user->umode" : "&mode=threaded"; - $output .= ($user->uorder) ? "&order=$user->uorder" : "&order=0"; - $output .= ($user->thold) ? "&thold=$user->thold" : "&thold=0"; - $output .= ($subject) ? "\">$subject</A>" : "\">$story->subject</A>"; - return $output; -} - ?> diff --git a/includes/submission.inc b/includes/submission.inc index 376c84059..23f608f7d 100644 --- a/includes/submission.inc +++ b/includes/submission.inc @@ -2,12 +2,12 @@ function submission_count() { $result = db_query("SELECT COUNT(id) FROM stories WHERE status = 1"); - return ($result) ? mysql_result($result, 0) : 0; + return ($result) ? db_result($result, 0) : 0; } function submission_score($id) { $result = db_query("SELECT score FROM stories WHERE id = $id"); - return ($result) ? mysql_result($result, 0) : 0; + return ($result) ? db_result($result, 0) : 0; } function submission_vote($id, $vote, $comment) { @@ -26,8 +26,14 @@ function submission_vote($id, $vote, $comment) { ### Update story table (if required): $result = db_query("SELECT * FROM stories WHERE id = $id"); if ($submission = db_fetch_object($result)) { - if ($submission->score >= $submission_post_threshold) db_query("UPDATE stories SET status = 2, timestamp = '". time() ."' WHERE id = $id"); - if ($submission->score <= $submission_dump_threshold) db_query("UPDATE stories SET status = 0, timestamp = '". time() ."' WHERE id = $id"); + if ($submission->score >= $submission_post_threshold) { + db_query("UPDATE stories SET status = 2, timestamp = '". time() ."' WHERE id = $id"); + watchdog(1, "posted story `$submission->subject'"); + } + if ($submission->score <= $submission_dump_threshold) { + db_query("UPDATE stories SET status = 0, timestamp = '". time() ."' WHERE id = $id"); + watchdog(1, "dumped story `$submission->subject'"); + } } } } diff --git a/includes/template.inc b/includes/template.inc index 8e86620a0..5cb6c84d1 100644 --- a/includes/template.inc +++ b/includes/template.inc @@ -43,7 +43,7 @@ function display_related_links($theme, $story) { function display_old_headlines($theme, $num = 10) { global $user; - if ($user->storynum) $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $user->storynum, $num"); + if ($user->stories) $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $user->stories, $num"); else $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $num, $num"); while ($story = db_fetch_object($result)) { @@ -51,7 +51,7 @@ function display_old_headlines($theme, $num = 10) { $content .= "<P><B>". date("l, M jS", $story->timestamp) ."</B></P>\n"; $time = date("F jS", $story->timestamp); } - $content .= "<LI>". format_story_link($story) ."</LI>\n"; + $content .= "<LI><A HREF=\"discussion.php?id=$story->id\">$story->subject</A></LI>\n"; } $content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"; @@ -92,7 +92,7 @@ function display_new_headlines($theme, $num = 10) { $content = ""; $result = db_query("SELECT id, subject FROM stories WHERE status = 2 ORDER BY id DESC LIMIT $num"); - while ($story = db_fetch_object($result)) $content .= "<LI>". format_story_link($story) ."</LI>\n"; + while ($story = db_fetch_object($result)) $content .= "<LI><A HREF=\"discussion.php?id=$story->id\">$story->subject</A></LI>\n"; $content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"; $theme->box("Latest headlines", $content); } @@ -109,7 +109,7 @@ function display_account($theme) { if ($user && $user->userid) { function submission_number() { $result = db_query("SELECT COUNT(id) FROM stories WHERE status = 1"); - return ($result) ? mysql_result($result, 0) : 0; + return ($result) ? db_result($result, 0) : 0; } ### Display account settings: diff --git a/includes/user.inc b/includes/user.inc index 115c940c0..62e5547be 100644 --- a/includes/user.inc +++ b/includes/user.inc @@ -1,41 +1,36 @@ <? -$access = array("Administrator" => 0x00000001, +$permissions = array("Administrator" => 0x00000001, "User manager" => 0x00000002, "News manager" => 0x00000004); class User { - function User($userid, $passwd="") { - $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 0"); + function User($userid, $passwd = "") { + $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } + db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $this->id"); } } } -function user_save() { +function user_save($data, $id = 0) { global $user; - ### Compose query to update user record: -} - -function user_rehash() { - global $user; - $result = db_query("SELECT * FROM users WHERE id=$user->id"); - if (db_num_rows($result) == 1) { - foreach (db_fetch_array($result) as $key=>$value) { $user->$key = stripslashes($value); } + + foreach ($data as $key=>$value) { + if ($key == "passwd") $query .= "$key = PASSWORD('". addslashes($value) ."'), "; + else $query .= "$key='". addslashes($value) ."', "; } -} - -function user_valid($access = 0) { - global $user; - if ($user->userid) { - user_rehash(); // synchronisation purpose - $user->last_access = time(); - $user->last_host = ($GLOBALS[REMOTE_HOST]) ? $GLOBALS[REMOTE_HOST] : $GLOBALS[REMOTE_ADDR]; - db_query("UPDATE users SET last_access = '$user->last_access', last_host = '$user->last_host' WHERE id = $user->id"); - if ($user->access & $access || $access == 0) return 1; + + if (empty($id)) { + db_query("INSERT INTO users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]'"); + } + else { + db_query("UPDATE users SET $query last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_HOST]' WHERE id = $id"); + $result = db_query("SELECT * FROM users WHERE id = $id AND status = 2"); + if (db_num_rows($result) == 1) foreach (db_fetch_array($result) as $key=>$value) { $user->$key = stripslashes($value); } + else $user = 0; } - return 0; } function user_getHistory($history, $field) { @@ -3,7 +3,7 @@ include "includes/theme.inc"; ### Initialize/pre-process variables: -$number = ($user->storynum) ? $user->storynum : 10; +$number = ($user->stories) ? $user->stories : 10; $date = ($date) ? $date : time(); ### Perform query: diff --git a/submission.php b/submission.php index a9466a422..b1a64291e 100644 --- a/submission.php +++ b/submission.php @@ -57,7 +57,7 @@ function submission_displayItem($id) { $theme->footer(); } -if ($user) { +if ($user->id) { switch($op) { case "view": submission_displayItem($id); diff --git a/submit.php b/submit.php index 88bd38faa..5bd8d137c 100644 --- a/submit.php +++ b/submit.php @@ -138,7 +138,7 @@ function submit_submit($subject, $abstract, $article, $category) { ### Send e-mail notification (if enabled): if ($notify) { - $message = "New submission:\n\nsubject...: $subject\nauthor....: $user->userid <$user->email>\ncategory..: $category\nabstract..:\n$abstract\n\narticle...:\n$article"; + $message = "New submission:\n\nsubject...: $subject\nauthor....: $user->userid <$user->real_email>\ncategory..: $category\nabstract..:\n$abstract\n\narticle...:\n$article"; mail($notify_email, "$notify_subject $subject", $message, "From: $notify_from\nX-Mailer: PHP/" . phpversion()); } diff --git a/themes/marvin/marvin.theme b/themes/marvin/marvin.theme index c36830f38..c44073c42 100644 --- a/themes/marvin/marvin.theme +++ b/themes/marvin/marvin.theme @@ -111,13 +111,13 @@ ###### # Syntax.......: commentControl(...); # Description..: this function is used to theme the comment control box. - function commentControl($sid, $title, $thold, $mode, $order) { + function commentControl($sid, $title, $threshold, $mode, $order) { global $user; $query = db_query("SELECT sid FROM comments WHERE sid = $sid"); if (!$query) $count = 0; else $count = db_num_rows($query); - if (!isset($thold)) $thold = 0; + if (!isset($threshold)) $threshold = 0; ?> <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" BGCOLOR="#000000" WIDTH="100%"> <TR> @@ -131,14 +131,14 @@ <FORM METHOD="post" ACTION="discussion.php"> <SMALL> <INPUT TYPE="hidden" NAME="id" VALUE="<? echo "$sid"; ?>"> - <SELECT NAME="thold"> - <OPTION VALUE="-1" <? if ($thold == -1) { echo "SELECTED"; } ?>>Threshold: -1 - <OPTION VALUE="0" <? if ($thold == 0) { echo "SELECTED"; } ?>>Threshold: 0 - <OPTION VALUE="1" <? if ($thold == 1) { echo "SELECTED"; } ?>>Threshold: 1 - <OPTION VALUE="2" <? if ($thold == 2) { echo "SELECTED"; } ?>>Threshold: 2 - <OPTION VALUE="3" <? if ($thold == 3) { echo "SELECTED"; } ?>>Threshold: 3 - <OPTION VALUE="4" <? if ($thold == 4) { echo "SELECTED"; } ?>>Threshold: 4 - <OPTION VALUE="5" <? if ($thold == 5) { echo "SELECTED"; } ?>>Threshold: 5 + <SELECT NAME="threshold"> + <OPTION VALUE="-1" <? if ($threshold == -1) { echo "SELECTED"; } ?>>Threshold: -1 + <OPTION VALUE="0" <? if ($threshold == 0) { echo "SELECTED"; } ?>>Threshold: 0 + <OPTION VALUE="1" <? if ($threshold == 1) { echo "SELECTED"; } ?>>Threshold: 1 + <OPTION VALUE="2" <? if ($threshold == 2) { echo "SELECTED"; } ?>>Threshold: 2 + <OPTION VALUE="3" <? if ($threshold == 3) { echo "SELECTED"; } ?>>Threshold: 3 + <OPTION VALUE="4" <? if ($threshold == 4) { echo "SELECTED"; } ?>>Threshold: 4 + <OPTION VALUE="5" <? if ($threshold == 5) { echo "SELECTED"; } ?>>Threshold: 5 </SELECT> <SELECT NAME="mode"> <OPTION VALUE="nested" <? if ($mode == "nested") { echo "SELECTED"; } ?>>Nested @@ -156,7 +156,7 @@ </TD> </TR> <? - $result = db_query("SELECT COUNT(cid) FROM comments WHERE sid = $sid AND score < $thold"); + $result = db_query("SELECT COUNT(cid) FROM comments WHERE sid = $sid AND score < $threshold"); if ($result && $number = db_result($result, 0)) { ?> <TR> diff --git a/themes/unconed/unconed.theme b/themes/unconed/unconed.theme index e9d108910..ddf19ad62 100644 --- a/themes/unconed/unconed.theme +++ b/themes/unconed/unconed.theme @@ -158,12 +158,12 @@ ###### # Syntax.......: commentControl(...); # Description..: this function is used to theme the comment control box. - function commentControl($sid, $title, $thold, $mode, $order) { + function commentControl($sid, $title, $threshold, $mode, $order) { global $user; $query = mysql_query("SELECT sid FROM comments WHERE sid = $sid"); if (!$query) $count = 0; else $count = mysql_num_rows($query); - if (!isset($thold)) $thold = 0; + if (!isset($threshold)) $threshold = 0; ?> <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" BGCOLOR="<? echo $this->brcolor1; ?>" WIDTH="100%"> @@ -177,14 +177,14 @@ ?> <FORM METHOD="get" ACTION="discussion.php"> <FONT SIZE="2"> - <SELECT NAME="thold"> - <OPTION VALUE="-1" <? if ($thold == -1) { echo "SELECTED"; } ?>>Threshold: -1 - <OPTION VALUE="0" <? if ($thold == 0) { echo "SELECTED"; } ?>>Threshold: 0 - <OPTION VALUE="1" <? if ($thold == 1) { echo "SELECTED"; } ?>>Threshold: 1 - <OPTION VALUE="2" <? if ($thold == 2) { echo "SELECTED"; } ?>>Threshold: 2 - <OPTION VALUE="3" <? if ($thold == 3) { echo "SELECTED"; } ?>>Threshold: 3 - <OPTION VALUE="4" <? if ($thold == 4) { echo "SELECTED"; } ?>>Threshold: 4 - <OPTION VALUE="5" <? if ($thold == 5) { echo "SELECTED"; } ?>>Threshold: 5 + <SELECT NAME="threshold"> + <OPTION VALUE="-1" <? if ($threshold == -1) { echo "SELECTED"; } ?>>Threshold: -1 + <OPTION VALUE="0" <? if ($threshold == 0) { echo "SELECTED"; } ?>>Threshold: 0 + <OPTION VALUE="1" <? if ($threshold == 1) { echo "SELECTED"; } ?>>Threshold: 1 + <OPTION VALUE="2" <? if ($threshold == 2) { echo "SELECTED"; } ?>>Threshold: 2 + <OPTION VALUE="3" <? if ($threshold == 3) { echo "SELECTED"; } ?>>Threshold: 3 + <OPTION VALUE="4" <? if ($threshold == 4) { echo "SELECTED"; } ?>>Threshold: 4 + <OPTION VALUE="5" <? if ($threshold == 5) { echo "SELECTED"; } ?>>Threshold: 5 </SELECT> <SELECT NAME="mode"> <OPTION VALUE="nocomments" <? if ($mode == 'nocomments') { echo "SELECTED"; } ?>>No comments @@ -204,7 +204,7 @@ </FONT> </FORM> <? - $result = mysql_query("SELECT COUNT(tid) FROM comments WHERE sid = $sid AND score < $thold"); + $result = mysql_query("SELECT COUNT(tid) FROM comments WHERE sid = $sid AND score < $threshold"); if ($result && $number = mysql_result($result, 0)) { ?> <SMALL><FONT COLOR="<? echo "$this->fgcolor2"; ?>">There are at least <? echo $number; ?> comments below your threshold.</FONT></SMALL> <? } |