diff options
| author | Dries Buytaert <dries@buytaert.net> | 2000-09-11 07:45:22 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2000-09-11 07:45:22 +0000 |
| commit | 1f0a87f4e704fff7f6c94191afbe7dc0fa9f031e (patch) | |
| tree | 968ffbc61a794f7ec18b649273a86d42e4081050 | |
| parent | 17d8330e44fdd03429605d3131bd36c10fddf991 (diff) | |
| download | brdo-1f0a87f4e704fff7f6c94191afbe7dc0fa9f031e.tar.gz brdo-1f0a87f4e704fff7f6c94191afbe7dc0fa9f031e.tar.bz2 | |
Over the last 2 days I redid and reorganized an afwul lot of code and
made quite a lot of additions. The most remarkable addition is the
diary server, which I slapped together in less then 40 minutes. Most
of the other changes are however `unvisible' for the user but add much
value to a better maintainability from a developer's objective. Like
always, I fixed quite a number of small bugs that creeped into the code
so we should have a bigger, better and more stable drop.org.
Unfortunatly, some theme update _are_ required:
REQUIRED THEME UPDATES:
=======================
* use format_username() where usernames are used
* use format_date() where timestamps/dates are used
* use format_email() where e-mail addresses are displayed
* use format_url() where url are displayed
* replace 'formatTimestamp' with format_date
* replace 'morelink_*' with 'display_morelink'
[most of these functions are in function.inc or template.inc]
___PLEASE___ (<- this should get your attention ;) update your themes
as soon as possible - it only takes 30 min. to get in sync with the
other themes. Don't start whining about the fact you don't know what
to change ... either eat the source cookie, or ask me to elaborate on
a few changes. Just let me know what's puzzling you and I'll try to
help you out!
TODO LIST FOR NEXT WEEK
=======================
* Add checks for max. text length in textarea's? Is there an HMTL
attribute for this or ...?
* Comment moderation + mojo
* Edit/admin user accounts: block, delete, change permissions, ...
* E-mail password, change password, change e-mail address -> extra
checks and routines to validate such `special' changes.
* Input checking - input filter: bad words, html tags, ...
| -rw-r--r-- | .htaccess | 3 | ||||
| -rw-r--r-- | account.php | 57 | ||||
| -rw-r--r-- | admin.php | 324 | ||||
| -rw-r--r-- | backend.class.php | 2 | ||||
| -rw-r--r-- | diary.php | 154 | ||||
| -rw-r--r-- | discussion.php | 4 | ||||
| -rw-r--r-- | faq.php | 3 | ||||
| -rw-r--r-- | function.inc | 98 | ||||
| -rw-r--r-- | functions.inc | 271 | ||||
| -rw-r--r-- | index.php | 4 | ||||
| -rw-r--r-- | mysql.tables | 8 | ||||
| -rw-r--r-- | poll.php | 2 | ||||
| -rw-r--r-- | refer.php | 2 | ||||
| -rw-r--r-- | search.php | 40 | ||||
| -rw-r--r-- | submission.inc | 9 | ||||
| -rw-r--r-- | submission.php | 14 | ||||
| -rw-r--r-- | submit.php | 11 | ||||
| -rw-r--r-- | template.inc | 148 | ||||
| -rw-r--r-- | theme.inc | 2 | ||||
| -rw-r--r-- | themes/jeroen/theme.class.php | 3 | ||||
| -rw-r--r-- | user.class.php | 66 |
21 files changed, 726 insertions, 499 deletions
@@ -37,9 +37,12 @@ ErrorDocument 500 /error.php # Overload PHP variables: <IfModule mod_php4.c> + php_value track_vars On + php_value php_register_globals On php_value magic_quotes_gpc On php_value magic_quotes_runtime Off php_value magic_quotes_sybase Off + php_value session.auto_start 1 php_value session.cookie_lifetime 1728000 php_value session.gc_maxlifetime 1728000 php_value session.name DROPID diff --git a/account.php b/account.php index 5ff5200a3..aa78c294b 100644 --- a/account.php +++ b/account.php @@ -1,6 +1,8 @@ <? + +include "function.inc"; include "config.inc"; -include "functions.inc"; +include "theme.inc"; function account_getUser($uname) { $result = db_query("SELECT * FROM users WHERE userid = '$uname'"); @@ -27,9 +29,7 @@ function showAccess() { } function showUser($uname) { - global $user; - - include "theme.inc"; + global $user, $theme; if ($user && $uname && $user->userid == $uname) { $output .= "<P>Welcome $user->userid! This is <B>your</B> user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.</P>\n"; @@ -71,7 +71,6 @@ function showUser($uname) { } function newUser($user = "", $error="") { - include "theme.inc"; $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n"; $output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n"; if (!empty($error)) $output .= "<TR><TD COLSPAN=2>$error</TD></TR>\n"; @@ -117,20 +116,18 @@ function account_makePassword($min_length=6) { function account_track_comments() { global $user; - include "function.inc"; - - $output .= "<P>This page is helpful in case you want to keep track of your most recent comments in any of the discussions. It helps you to review the replies your comments got.\n<P>\n"; + $output .= "<P>This page might be helpful in case you want to keep track of your most recent comments in any of the discussions. You are given an overview of your comments in each of the stories you participates in along with the number of replies each comment got.\n<P>\n"; ### Perform query: $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5"); while ($story = db_fetch_object($sresult)) { - $output .= "<LI>". plural($story->count, comment, comments) ." in article `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n"; + $output .= "<LI>". format_plural($story->count, comment, comments) ." in story `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n"; $output .= " <UL>\n"; $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id"); while ($comment = db_fetch_object($cresult)) { - $output .= " <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n"; + $output .= " <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". format_plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n"; } $output .= " </UL>\n"; } @@ -142,7 +139,7 @@ switch ($op) { case "Login": session_start(); $user = new User($userid, $passwd); - if ($user && $user->valid()) { + if ($user && user_valid()) { session_register("user"); watchdog(1, "session opened for user `$user->userid'."); } @@ -154,11 +151,10 @@ switch ($op) { case "new": newUser(); break; - case "info": - showUser($uname); + case "view": + showUser($name); break; case "discussion": - include "theme.inc"; $theme->header(); $theme->box("Track your comments", account_track_comments()); $theme->footer(); @@ -173,8 +169,6 @@ switch ($op) { case "Register": if ($rval = validateUser($new)) { newUser($new, "<B>Error: $rval</B>"); } else { - include"theme.inc"; - ### Generate new password: $new[passwd] = account_makePassword(); dbsave("users", $new); @@ -198,7 +192,7 @@ switch ($op) { } break; case "user": - if ($user && $user->valid()) { + if ($user->id && user_valid()) { ### Generate output/content: $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n"; $output .= "<B>Real name:</B><BR>\n"; @@ -213,10 +207,10 @@ switch ($op) { $output .= "<B>URL of homepage:</B><BR>\n"; $output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->url\"><BR>\n"; $output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n"; - $output .= "<B>Bio:</B> (255 char limit)<BR>\n"; + $output .= "<B>Bio:</B> (255 char. limit)<BR>\n"; $output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=35 ROWS=5 WRAP=virtual>$user->bio</TEXTAREA><BR>\n"; $output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n"; - $output .= "<B>User block:</B> (255 char limit)<BR>\n"; + $output .= "<B>User block:</B> (255 char. limit)<BR>\n"; $output .= "<TEXTAREA NAME=\"edit[ublock]\" COLS=35 ROWS=5 WRAP=virtual>$user->ublock</TEXTAREA><BR>\n"; $output .= "<INPUT NAME=\"edit[ublockon]\" TYPE=checkbox". ($user->ublockon == 1 ? " CHECKED" : "") ."> Enable user block<BR>\n"; $output .= "<I>Enable the checkbox and whatever you enter below will appear on your costum main page.</I><P>\n"; @@ -227,20 +221,18 @@ switch ($op) { $output .= "</FORM>\n"; ### Display output/content: - include "theme.inc"; $theme->header(); $theme->box("Edit your information", $output); $theme->footer(); } else { - include "theme.inc"; $theme->header(); $theme->box("Login", showLogin($userid)); $theme->footer(); } break; case "page": - if ($user && $user->valid()) { + if ($user && user_valid()) { ### Generate output/content: $output .= "<FORM ACTION=\"account.php\" METHOD=post>\n"; $output .= "<B>Theme:</B><BR>\n"; @@ -252,18 +244,19 @@ switch ($op) { if ($userinfo[theme]=="") $userinfo[theme] = $cfg_theme; $output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n"; - $output .= "<I>Changes the look and feel of the site.</I><P>\n"; + $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n"; $output .= "<B>Maximum number of stories:</B><BR>\n"; $output .= "<INPUT NAME=\"edit[storynum]\" MAXLENGTH=3 SIZE=3 VALUE=\"$user->storynum\"><P>\n"; + $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n"; $options = "<OPTION VALUE=\"nested\"". ($user->umode == 'nested' ? " SELECTED" : "") .">Nested</OPTION>"; $options .= "<OPTION VALUE=\"flat\"". ($user->umode == 'flat' ? " SELECTED" : "") .">Flat</OPTION>"; $options .= "<OPTION VALUE=\"threaded\"". ($user->umode == 'threaded' ? " SELECTED" : "") .">Threaded</OPTION>"; - $output .= "<B>Display mode:</B><BR>\n"; + $output .= "<B>Comment display mode:</B><BR>\n"; $output .= "<SELECT NAME=\"edit[umode]\">$options</SELECT><P>\n"; $options = "<OPTION VALUE=0". ($user->uorder == 0 ? " SELECTED" : "") .">Oldest first</OPTION>"; $options .= "<OPTION VALUE=1". ($user->uorder == 1 ? " SELECTED" : "") .">Newest first</OPTION>"; $options .= "<OPTION VALUE=2". ($user->uorder == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>"; - $output .= "<B>Sort order:</B><BR>\n"; + $output .= "<B>Comment sort order:</B><BR>\n"; $output .= "<SELECT NAME=\"edit[uorder]\">$options</SELECT><P>\n"; $options = "<OPTION VALUE=\"-1\"". ($user->thold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>"; $options .= "<OPTION VALUE=0". ($user->thold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>"; @@ -272,30 +265,28 @@ switch ($op) { $options .= "<OPTION VALUE=3". ($user->thold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>"; $options .= "<OPTION VALUE=4". ($user->thold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>"; $options .= "<OPTION VALUE=5". ($user->thold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>"; - $output .= "<B>Threshold:</B><BR>\n"; + $output .= "<B>Comment threshold:</B><BR>\n"; $output .= "<SELECT NAME=\"edit[thold]\">$options</SELECT><BR>\n"; $output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n"; - $output .= "<B>Singature:</B> (255 char limit)<BR>\n"; + $output .= "<B>Singature:</B> (255 char. limit)<BR>\n"; $output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=35 ROWS=5 WRAP=virtual>$user->signature</TEXTAREA><BR>\n"; $output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n"; $output .= "<INPUT TYPE=submit NAME=op VALUE=\"Save page settings\"><BR>\n"; $output .= "</FORM>\n"; ### Display output/content: - include "theme.inc"; $theme->header(); $theme->box("Customize your page", $output); $theme->footer(); } else { - include "theme.inc"; $theme->header(); $theme->box("Login", showLogin($userid)); $theme->footer(); } break; case "Save user information": - if ($user && $user->valid()) { + if ($user && user_valid()) { $data[name] = $edit[name]; $data[email] = $edit[email]; $data[femail] = $edit[femail]; @@ -305,12 +296,12 @@ switch ($op) { $data[ublockon] = $edit[ublockon]; if ($edit[pass1] == $edit[pass2] && !empty($edit[pass1])) { $data[passwd] = $edit[pass1]; } dbsave("users", $data, $user->id); - $user->rehash(); + user_rehash(); } showUser($user->userid); break; case "Save page settings": - if ($user && $user->valid()) { + if ($user && user_valid()) { $data[theme] = $edit[theme]; $data[storynum] = $edit[storynum]; $data[umode] = $edit[umode]; @@ -318,7 +309,7 @@ switch ($op) { $data[thold] = $edit[thold]; $data[signature] = $edit[signature]; dbsave("users", $data, $user->id); - $user->rehash(); + user_rehash(); } showUser($user->userid); break; @@ -4,48 +4,149 @@ * Account administration: */ -function account_display($id = "", $order = 1) { - ### Perform query: - $result = db_query("SELECT * FROM users"); +function account_display($order = "username") { + global $PHP_SELF; + $sort = array("ID" => "id", "fake e-mail address" => "femail", "homepage" => "url", "hostname" => "last_host", "last access date" => "last_access", "real e-mail address" => "email", "real name" => "name", "status" => "status", "theme" => "theme", "username" => "userid"); + $show = array("ID" => "id", "username" => "userid", "$order" => "$sort[$order]", "status" => "status"); + + ### Perform query: + $result = db_query("SELECT u.id, u.userid, u.$sort[$order], u.status FROM users u ORDER BY $sort[$order]"); + ### Generate output: - print "<H3>Accounts:</H3>\n"; - - while ($account = db_fetch_object($result)) { - $output .= "$account->userid<BR>"; + $output .= "<H3>Accounts:</H3>\n"; + $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + $output .= " <TR>\n"; + $output .= " <TH ALIGN=\"right\" COLSPAN=\"". (sizeof($show) + 1) ."\">\n"; + $output .= " <FORM ACTION=\"$PHP_SELF?section=accounts\" METHOD=\"post\">\n"; + $output .= " <SELECT NAME=\"order\">\n"; + foreach ($sort as $key=>$value) { + $output .= " <OPTION VALUE=\"$key\"". ($key == $order ? " SELECTED" : "") .">Sort by $key</OPTION>\n"; } + $output .= " </SELECT>\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Update\">\n"; + $output .= " </FORM>\n"; + $output .= " </TH>\n"; + $output .= " </TR>\n"; + $output .= " <TR>\n"; + foreach ($show as $key=>$value) { + $output .= " <TH>$key</TH>\n"; + } + $output .= " <TH>operations</TH>\n"; + $output .= " </TR>\n"; + + while ($account = db_fetch_array($result)) { + $output .= " <TR>\n"; + foreach ($show as $key=>$value) { + switch($value) { + case "email": + $output .= " <TD>". format_email_address($account[$value]) ."</TD>\n"; + break; + case "last_access": + $output .= " <TD>". format_date($account[$value]) ."</TD>\n"; + break; + case "status": + $output .= " <TD ALIGN=\"center\"><I>todo</I></TD>\n"; + break; + case "url": + $output .= " <TD>". format_url($account[$value]) ."</TD>\n"; + break; + case "userid": + $output .= " <TD>". format_username($account[$value], 1) ."</TD>\n"; + break; + default: + $output .= " <TD>". format_availability($account[$value]) ."</TD>\n"; + } + } + $output .= " <TD ALIGN=\"center\"><A HREF=\"admin.php?section=accounts&op=view&name=$account[userid]\">view</A></TD>\n"; + $output .= " </TR>\n"; + } + $output .= "</TABLE>\n"; print $output; } +function account_stories($id) { + $result = db_query("SELECT * FROM stories WHERE author = $id ORDER BY timestamp DESC"); + while ($story = db_fetch_object($result)) { + $output .= "<LI><A HREF=\"discussion.php?id=$story->id\">$story->subject</A></LI>\n"; + } + return $output; +} + +function account_comments($id) { + $result = db_query("SELECT * FROM comments WHERE author = $id ORDER BY timestamp DESC"); + while ($comment = db_fetch_object($result)) { + $output .= "<LI><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A></LI>\n"; + } + return $output; +} + +function account_view($name) { + ### Perform query: + $result = db_query("SELECT * FROM users WHERE userid = '$name'"); + + if ($account = db_fetch_object($result)) { + $output .= "<H3>Accounts:</H3>\n"; + $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>ID:</B></TD><TD>$account->id</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Real name:</B></TD><TD>". format_availability($account->name) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email_address($account->email) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Fake e-mail address:</B></TD><TD>". format_availability($account->femail) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>URL of homepage:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Last access:</B></TD><TD>". format_date($account->last_access) ." from $account->last_host</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Bio information:</B></TD><TD>". format_availability($account->bio) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Signature:</B></TD><TD>". format_availability($account->signature) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Theme:</B></TD><TD>$account->theme</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Submitted stories:</B></TD><TD>". format_availability(account_stories($account->id)) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Submitted comments:</B></TD><TD>". format_availability(account_comments($account->id)) ."</TD></TR>\n"; + $output .= "</TABLE>\n"; + print "$output"; + } +} /* * Log administration: */ -function log_display() { - global $PHP_SELF, $anonymous, $log_level; +function log_display($order = "date") { + global $PHP_SELF, $anonymous; - ### Perform query: - $result = db_query("SELECT l.*, u.userid FROM logs l LEFT JOIN users u ON l.user = u.id ORDER BY l.id DESC"); + $colors = array("#FFFFFF", "#FFFFFF", "#90EE90", "#CD5C5C"); + $fields = array("date" => "id DESC", "username" => "user", "message" => "message DESC", "level" => "level DESC"); - $color = array("#FFFFFF", "#FFFFFF", "#90EE90", "#CD5C5C"); + ### Perform query: + $result = db_query("SELECT l.*, u.userid FROM logs l LEFT JOIN users u ON l.user = u.id ORDER BY l.$fields[$order]"); ### Generate output: - print "<H3>Logs:</H3>\n"; - print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; - print " <TR>\n"; - print " <TH>Date</TH>\n"; - print " <TH>User</TH>\n"; - print " <TH>Message</TH>\n"; - print " <TH>Operations</TH>\n"; - print " </TR>\n"; + $output .= "<H3>Logs:</H3>\n"; + $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + $output .= " <TR>\n"; + $output .= " <TH ALIGN=\"right\" COLSPAN=\"4\">\n"; + $output .= " <FORM ACTION=\"$PHP_SELF?section=logs\" METHOD=\"post\">\n"; + $output .= " <SELECT NAME=\"order\">\n"; + foreach ($fields as $key=>$value) { + $output .= " <OPTION VALUE=\"$key\"". ($key == $order ? " SELECTED" : "") .">Sort by $key</OPTION>\n"; + } + $output .= " </SELECT>\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Update\">\n"; + $output .= " </FORM>\n"; + $output .= " </TH>\n"; + $output .= " </TR>\n"; + $output .= " <TR>\n"; + $output .= " <TH>date</TH>\n"; + $output .= " <TH>user</TH>\n"; + $output .= " <TH>message</TH>\n"; + $output .= " <TH>operations</TH>\n"; + $output .= " </TR>\n"; while ($log = db_fetch_object($result)) { - if ($log->userid) print " <TR BGCOLOR=\"". $color[$log->level] ."\"><TD>". date("D d/m, H:m:s", $log->timestamp) ."</TD><TD ALIGN=\"center\"><A HREF=\"account.php?op=info&uname=$log->userid\">$log->userid</A></TD><TD>". substr($log->message, 0, 44) ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=logs&op=view&id=$log->id\">more</A></TD></TR>\n"; - else print " <TR BGCOLOR=\"". $color[$log->level] ."\"><TD>". date("D d/m, H:m:s", $log->timestamp) ."</TD><TD ALIGN=\"center\">$anonymous</TD><TD>". substr($log->message, 0, 44) ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=logs&op=view&id=$log->id\">more</A></TD></TR>\n"; + $output .= " <TR BGCOLOR=\"". $colors[$log->level] ."\"><TD>". date("D d/m, H:m:s", $log->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($log->userid, 1) ."</A></TD><TD>". substr($log->message, 0, 44) ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=logs&op=view&id=$log->id\">more</A></TD></TR>\n"; } - print "</TABLE>\n"; + $output .= "</TABLE>\n"; + + print $output; } function log_view($id) { @@ -53,14 +154,15 @@ function log_view($id) { $result = db_query("SELECT l.*, u.userid FROM logs l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id"); if ($log = db_fetch_object($result)) { - print "<H3>Logs:</H3>\n"; - print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; - print " <TR><TD ALIGN=\"right\"><B>Level:</B></TD><TD>$log->level</TD></TR>\n"; - print " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". date("l, F d, Y - H:i A", $log->timestamp) ."</TD></TR>\n"; - print " <TR><TD ALIGN=\"right\"><B>User:</B></TD><TD><A HREF=\"account.php?op=info&uname=$log->userid\">". username($log->userid) ."</TD></TR>\n"; - print " <TR><TD ALIGN=\"right\"><B>Message:</B></TD><TD>$log->message</TD></TR>\n"; - print " <TR><TD ALIGN=\"right\"><B>Hostname:</B></TD><TD>$log->hostname</TD></TR>\n"; - print "</TABLE>\n"; + $output .= "<H3>Logs:</H3>\n"; + $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Level:</B></TD><TD>$log->level</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". date("l, F d, Y - H:i A", $log->timestamp) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>User:</B></TD><TD>". format_username($log->userid, 1) ."</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Message:</B></TD><TD>$log->message</TD></TR>\n"; + $output .= " <TR><TD ALIGN=\"right\"><B>Hostname:</B></TD><TD>$log->hostname</TD></TR>\n"; + $output .= "</TABLE>\n"; + print $output; } } @@ -70,16 +172,16 @@ function log_view($id) { function ban_check($mask, $category) { $ban = ban_match($mask, $category); - - print "<H3>Status:</H3>\n"; - print "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") .""; + $output .= "<H3>Status:</H3>\n"; + $output .= "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") .""; + print $output; } function ban_new($mask, $category, $reason) { ban_add($mask, $category, $reason, &$message); - - print "<H3>Status:</H3>\n"; - print "$message\n"; + $output .= "<H3>Status:</H3>\n"; + $output .= "$message\n"; + print $output; } function ban_display($category = "") { @@ -92,64 +194,64 @@ function ban_display($category = "") { $result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask"); ### Generate output: - print "<H3>Bans:</H3>\n"; - print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; - print " <TR>\n"; - print " <TH COLSPAN=\"2\" >Active bans</TH>\n"; - print " </TH>\n"; - print " <TH>\n"; - print " <FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; - print " <SELECT NAME=\"category\">\n"; + $output .= "<H3>Bans:</H3>\n"; + $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + $output .= " <TR>\n"; + $output .= " <TH COLSPAN=\"3\">\n"; + $output .= " <FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; + $output .= " <SELECT NAME=\"category\">\n"; for (reset($type2index); $cur = current($type2index); next($type2index)) { - print " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n"; + $output .= " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">Sort by ". key($type2index) ."</OPTION>\n"; } - print " </SELECT>\n"; - print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Refresh\">\n"; - print " </FORM>\n"; - print " </TH>\n"; - print " </TR>\n"; - print " <TR>\n"; - print " <TH>Mask</TH>\n"; - print " <TH>Reason</TH>\n"; - print " <TH>Operations</TH>\n"; - print " </TR>\n"; + $output .= " </SELECT>\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Update\">\n"; + $output .= " </FORM>\n"; + $output .= " </TH>\n"; + $output .= " </TR>\n"; + $output .= " <TR>\n"; + $output .= " <TH>mask</TH>\n"; + $output .= " <TH>reason</TH>\n"; + $output .= " <TH>operations</TH>\n"; + $output .= " </TR>\n"; while ($ban = db_fetch_object($result)) { - print " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=bans&op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n"; + $output .= " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=bans&op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n"; } - print " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n"; - print "</TABLE>\n"; - print "<BR><HR>\n"; - - print "<H3>Add new ban:</H3>\n"; - print "<FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; - print "<B>Banmask:</B><BR>\n"; - print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n"; - print "<B>Type:</B><BR>\n"; - print "<SELECT NAME=\"category\"\">\n"; + $output .= " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n"; + $output .= "</TABLE>\n"; + $output .= "<BR><HR>\n"; + + $output .= "<H3>Add new ban:</H3>\n"; + $output .= "<FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; + $output .= "<B>Banmask:</B><BR>\n"; + $output .= "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n"; + $output .= "<B>Type:</B><BR>\n"; + $output .= "<SELECT NAME=\"category\"\">\n"; for (reset($type2index); $cur = current($type2index); next($type2index)) { - print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n"; + $output .= "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n"; } - print "</SELECT><P>\n"; - print "<B>Reason:</B><BR>\n"; - print "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n"; - print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n"; - print "</FORM>\n"; - print "<BR><HR>\n"; - - print "<H3>Ban check:</H3>\n"; - print "<FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; - print "<B>Banmask:</B><BR>\n"; - print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n"; - print "<B>Type:</B><BR>\n"; - print "<SELECT NAME=\"category\"\">\n"; + $output .= "</SELECT><P>\n"; + $output .= "<B>Reason:</B><BR>\n"; + $output .= "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n"; + $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n"; + $output .= "</FORM>\n"; + $output .= "<BR><HR>\n"; + + $output .= "<H3>Ban check:</H3>\n"; + $output .= "<FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; + $output .= "<B>Banmask:</B><BR>\n"; + $output .= "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n"; + $output .= "<B>Type:</B><BR>\n"; + $output .= "<SELECT NAME=\"category\"\">\n"; for (reset($type2index); $cur = current($type2index); next($type2index)) { - print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n"; + $output .= "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n"; } - print "</SELECT><P>\n"; - print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n"; - print "</FORM>\n"; + $output .= "</SELECT><P>\n"; + $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n"; + $output .= "</FORM>\n"; + + print $output; } /* @@ -166,7 +268,7 @@ function story_edit($id) { $output .= "<P>\n"; $output .= " <B>Author:</B><BR>\n"; - if ($story->userid) $output .= " <A HREF=\"account.php?op=info&uname=$story->userid\">$story->userid</A>\n"; + if ($story->userid) $output .= " <A HREF=\"admin.php?section=accounts&op=view&id=$story->author\">$story->userid</A>\n"; else $output .= " $anonymous\n"; $output .= "</P>\n"; @@ -220,32 +322,48 @@ function story_save($id, $subject, $abstract, $updates, $article, $category, $st global $PHP_SELF; ### Add submission to SQL table: - db_query("UPDATE stories SET subject = '$subject', abstract = '$abstract', updates = '$updates', article = '$article', category = '$category', status = '$status' WHERE id = $id"); + db_query("UPDATE stories SET subject = '". addslashes($subject) ."', abstract = '". addslashes($abstract) ."', updates = '". addslashes($updates) ."', article = '". addslashes($article) ."', category = '". addslashes($category) ."', status = '$status' WHERE id = $id"); ### Add log entry: watchdog(1, "modified story `$subject'."); } -function story_display($category = "") { +function story_display($order = "date") { global $PHP_SELF; ### Initialize variables: $status = array("deleted", "pending", "public"); + $fields = array("author" => "author", "category" => "category", "date" => "timestamp DESC", "status" => "status DESC"); ### Perform SQL query: - $result = db_query("SELECT * FROM stories"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON u.id = s.author ORDER BY s.$fields[$order]"); ### Display stories: $output .= "<H3>Stories:</H3>\n"; $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; $output .= " <TR>\n"; - $output .= " <TH>Subject</TH>\n"; - $output .= " <TH>Status</TH>\n"; - $output .= " <TH>Operations</TH>\n"; + $output .= " <TH ALIGN=\"right\" COLSPAN=\"5\">\n"; + $output .= " <FORM ACTION=\"$PHP_SELF?section=stories\" METHOD=\"post\">\n"; + $output .= " <SELECT NAME=\"order\">\n"; + foreach ($fields as $key=>$value) { + $output .= " <OPTION VALUE=\"$key\"". ($key == $order ? " SELECTED" : "") .">Sort by $key</OPTION>\n"; + } + $output .= " </SELECT>\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Update\">\n"; + $output .= " </FORM>\n"; + $output .= " </TH>\n"; + $output .= " </TR>\n"; + + $output .= " <TR>\n"; + $output .= " <TH>subject</TH>\n"; + $output .= " <TH>author</TH>\n"; + $output .= " <TH>category</TH>\n"; + $output .= " <TH>status</TH>\n"; + $output .= " <TH>operations</TH>\n"; $output .= " </TR>\n"; while ($story = db_fetch_object($result)) { - $output .= " <TR><TD><A HREF=\"discussion.php?id=$story->id\">$story->subject</A></TD><TD ALIGN=\"center\">". $status[$story->status] ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=stories&op=edit&id=$story->id\">edit</A></TD></TR>\n"; + $output .= " <TR><TD><A HREF=\"discussion.php?id=$story->id\">$story->subject</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->category</TD><TD ALIGN=\"center\">". $status[$story->status] ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=stories&op=edit&id=$story->id\">edit</A></TD></TR>\n"; } $output .= "</TABLE>\n"; @@ -253,8 +371,6 @@ function story_display($category = "") { print $output; } - -include "functions.inc"; include "function.inc"; include "admin.inc"; @@ -263,6 +379,12 @@ admin_header(); switch ($section) { case "accounts": switch ($op) { + case "view": + account_view($name); + break; + case "Update": + account_display($order); + break; default: account_display(); } @@ -291,8 +413,11 @@ switch ($section) { case "view": log_view($id); break; + case "Update": + log_display($order); + break; default: - log_display($category); + log_display(); } break; case "stories": @@ -304,12 +429,15 @@ switch ($section) { story_save($id, $subject, $abstract, $updates, $article, $category, $status); story_edit($id); break; + case "Update": + story_display($order); + break; default: - story_display($category); + story_display(); } break; default: - print "Bad visitor! Bad, bad visitor! What are you looking for? Maybe it's <A HREF=\"\">here</A>?"; + print "Welcome to the adminstration page!"; } admin_footer(); diff --git a/backend.class.php b/backend.class.php index 844b0a9bc..865ec2e77 100644 --- a/backend.class.php +++ b/backend.class.php @@ -1,6 +1,6 @@ <? -include "functions.inc"; +include "function.inc"; class backend { diff --git a/diary.php b/diary.php new file mode 100644 index 000000000..e11826a95 --- /dev/null +++ b/diary.php @@ -0,0 +1,154 @@ +<? +include "function.inc"; +include "theme.inc"; + + +function diary_entry($timestamp, $text, $id = 0) { + if ($id) { + $output .= "<DL>\n"; + $output .= " <DT><B>". date("l, F jS", $timestamp) .":</B> </DT>\n"; + $output .= " <DD><P>[ <A HREF=\"diary.php?op=edit&id=$id\">edit</A> ]</P><P>$text</P></DD>\n"; + $output .= "</DL>\n"; + } + else { + $output .= "<DL>\n"; + $output .= " <DT><B>". date("l, F jS", $timestamp) .":</B></DT>\n"; + $output .= " <DD><P>$text</P></DD>\n"; + $output .= "</DL>\n"; + } + return $output; +} + +function diary_display($username) { + global $theme, $user; + + $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE u.userid = '$username' ORDER BY timestamp DESC"); + + if ($username == $user->userid) { + $output .= diary_entry(time(), "<BIG><A HREF=\"diary.php?op=add\">Add new diary entry!</A></BIG><P>"); + while ($diary = db_fetch_object($result)) $output .= diary_entry($diary->timestamp, $diary->text, $diary->id); + } + else { + while ($diary = db_fetch_object($result)) $output .= diary_entry($diary->timestamp, $diary->text); + } + + $theme->header(); + $theme->box("Online diary", $output); + $theme->footer(); +} + +function diary_add_enter() { + global $theme, $user; + + ### Submission form: + $output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n"; + + $output .= "<P>\n"; + $output .= " <B>Enter new diary entry:</B><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n"; + $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= "</P>\n"; + + $output .= "<P>\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\">\n"; + $output .= "</P>\n"; + + $output .= "</FORM>\n"; + + $theme->header(); + $theme->box("Online diary", $output); + $theme->footer(); +} + +function diary_edit_enter($id) { + global $theme, $user; + + $result = db_query("SELECT * FROM diaries WHERE id = $id"); + $diary = db_fetch_object($result); + + $output .= diary_entry($diary->timestamp, $diary->text); + + $output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n"; + + $output .= "<P>\n"; + $output .= " <B>Edit diary entry:</B><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($diary->text) ."</TEXTAREA><BR>\n"; + $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= "</P>\n"; + + $output .= "<P>\n"; + $output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$diary->id\">\n"; + $output .= " <INPUT TYPE=\"hidden\" NAME=\"timestamp\" VALUE=\"$diary->timestamp\">\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Submit diary entry\">\n"; + $output .= "</P>\n"; + + $output .= "</FORM>\n"; + + $theme->header(); + $theme->box("Online diary", $output); + $theme->footer(); +} + +function diary_preview($text, $timestamp, $id = 0) { + global $theme, $user; + + $output .= diary_entry($timestamp, $text); + + $output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n"; + + $output .= "<P>\n"; + $output .= " <B>Preview diary entry:</B><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($text) ."</TEXTAREA><BR>\n"; + $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; + $output .= "</P>\n"; + + $output .= "<P>\n"; + $output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Submit diary entry\">\n"; + $output .= "</P>\n"; + + $output .= "</FORM>\n"; + + $theme->header(); + $theme->box("Online diary", $output); + $theme->footer(); +} + +function diary_submit($text, $id = 0) { + global $user, $theme; + + if ($id) { + db_query("UPDATE diaries SET text = '".addslashes($text) ."' WHERE id = $id"); + watchdog(1, "old diary entry updated"); + } + else { + db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". addslashes($text) ."', '". time() ."')"); + watchdog(1, "new diary entry added"); + } + header("Location: diary.php?op=view&name=$user->userid"); +} + + +switch($op) { + case "add": + diary_add_enter(); + break; + case "edit": + diary_edit_enter($id); + break; + case "view": + diary_display($name); + break; + case "Preview diary entry": + if ($id) diary_preview($text, $timestamp, $id); + else diary_preview($text, time()); + break; + case "Submit diary entry": + if ($id) diary_submit($text, $id); + else diary_submit($text); + break; + default: + diary_display($user->userid); +} + +?>
\ No newline at end of file diff --git a/discussion.php b/discussion.php index 90929ed84..5fb29412a 100644 --- a/discussion.php +++ b/discussion.php @@ -77,7 +77,7 @@ function comments_childs($cid, $mode, $order, $thold, $level = 0, $thread) { return $thread; } -function comments_display ($sid, $pid, $cid, $mode, $order, $thold, $level = 0) { +function comments_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0) { global $user, $theme; ### Pre-process variables: @@ -283,7 +283,7 @@ function comment_post($pid, $sid, $subject, $comment, $mode, $order, $thold) { } } -include "functions.inc"; +include "function.inc"; include "config.inc"; include "theme.inc"; @@ -1,6 +1,5 @@ <? - -include "functions.inc"; +include "function.inc"; include "theme.inc"; $output = " diff --git a/function.inc b/function.inc index 9bc0f4605..ff03936d5 100644 --- a/function.inc +++ b/function.inc @@ -1,12 +1,42 @@ <? -function plural($count, $one, $more) { - return ($count == 1) ? "$count $one" : "$count $more"; +include "config.inc"; +include "database.inc"; +include "log.inc"; + +function id2story($id) { + ### Perform query: + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); + return db_fetch_object($result); +} + +function dbsave($dbase, $data, $id=0) { + foreach ($data as $key=>$value) { + if ($key == "passwd") { $query .= "$key=PASSWORD('". addslashes($value) ."'), "; } + else { $query .= "$key='". addslashes($value) ."', "; } + } + $query = substr($query, 0, -2); + + if (!empty($id)) { db_query("UPDATE $dbase SET $query WHERE id=$id") or die(mysql_error()); return $id; } + else { db_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); } +} + +function FixQuotes ($what = "") { + $what = ereg_replace("'","''",$what); + while (eregi("\\\\'", $what)) { + $what = ereg_replace("\\\\'","'",$what); + } + return $what; } -function username($username) { - include "config.inc"; - return ($username) ? $username : $anonymous; +function check_html($message) { + ## TODO + return $message; +} + +function filter_text($message, $strip="") { + ### TODO + return check_html($text, $strip); } function discussion_num_replies($id, $count = 0) { @@ -14,4 +44,60 @@ function discussion_num_replies($id, $count = 0) { return ($result) ? mysql_result($result, 0) : 0; } -?>
\ No newline at end of file +function format_plural($count, $one, $more) { + return ($count == 1) ? "$count $one" : "$count $more"; +} + +function format_date($timestamp, $type = "medium") { + switch ($type) { + case "small": + $date = date("D, m/d/y - H:i", $timestamp); + break; + case "medium": + $date = date("l, m/d/Y - H:i", $timestamp); + break; + case "large": + $date = date("D, M d, Y - H:i", $timestamp); + break; + case "extra large": + $date = date("l, F dS, Y - H:i", $timestamp); + break; + default: + $date = date("D, M d, Y - H:i", $timestamp); + } + return $date; +} + +function format_availability($field, $replacement = "<I>n/a</I>") { + return ($field) ? $field : $replacement; +} + +function format_username($username, $admin = 0) { + if ($username) return ($admin) ? "<A HREF=\"admin.php?section=accounts&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>"; + else { include "config.inc"; return $anonymous; } +} + +function format_email_address($address) { + return ($address) ? "<A HREF=\"mailto:$address\">$address</A>" : format_availability($address); +} + +function format_url($address, $description = "") { + // POSSIBLE EXTENSIONS: + // 1. add `http://' in case it's missing. + // 2. add a trailing `/' in case it's missing. + // 3. remove any parameters in the URI. + $description = ($description) ? $description : $address; + return ($address) ? "<A HREF=\"$address\">$description</A>" : format_availability($address); +} + +function format_story_link($story, $subject = "") { + global $user; + $output .= "<A HREF=\"discussion.php?id=$story->id"; + $output .= ($user->umode) ? "&mode=$user->umode" : "&mode=threaded"; + $output .= ($user->uorder) ? "&order=$user->uorder" : "&order=0"; + $output .= ($user->thold) ? "&thold=$user->thold" : "&thold=0"; + $output .= ($subject) ? "\">$subject</A>" : "\">$story->subject</A>"; + return $output; +} + +?> diff --git a/functions.inc b/functions.inc deleted file mode 100644 index 340191345..000000000 --- a/functions.inc +++ /dev/null @@ -1,271 +0,0 @@ -<? -include "user.class.php"; -include "database.inc"; -include "log.inc"; - -session_start(); - -include "config.inc"; -$functions = 1; - -function id2story($id) { - ### Perform query: - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); - return db_fetch_object($result); -} - -function dbsave($dbase, $data, $id=0) { - foreach ($data as $key=>$value) { - if ($key == "passwd") { $query .= "$key=PASSWORD('". addslashes($value) ."'), "; } - else { $query .= "$key='". addslashes($value) ."', "; } - } - $query = substr($query, 0, -2); - - if (!empty($id)) { db_query("UPDATE $dbase SET $query WHERE id=$id") or die(mysql_error()); return $id; } - else { db_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); } -} - -function morelink_bytes($theme, $story) { - global $user; - - ### Compose more-link: - $morelink = "[ "; - if ($story->article) { - $morelink .= "<A HREF=\"discussion.php?id=$story->id"; - $morelink .= ($user->umode) ? "&mode=$user->umode" : "&mode=threaded"; - $morelink .= ($user->uorder) ? "&order=$user->uorder" : "&order=0"; - $morelink .= ($user->thold) ? "&thold=$user->thold" : "&thold=0"; - $morelink .= "\"><FONT COLOR=\"$theme->hlcolor2\"><B>read more</B></FONT></A> | $bytes bytes in body | "; - } - $morelink .= "<A HREF=\"discussion.php?id=$story->id"; - $morelink .= ($user->umode) ? "&mode=$user->umode" : "&mode=threaded"; - $morelink .= ($user->uorder) ? "&order=$user->uorder" : "&order=0"; - $morelink .= ($user->thold) ? "&thold=$user->thold" : "&thold=0"; - $morelink .= "\"><FONT COLOR=\"$theme->hlcolor2\">$story->comments comments</FONT></A> ]"; - - return $morelink; -} - -function morelink_words($theme, $story) { - // todo -} - -function morelink_lines($theme, $story) { - // todo -} - -function FixQuotes ($what = "") { - $what = ereg_replace("'","''",$what); - while (eregi("\\\\'", $what)) { - $what = ereg_replace("\\\\'","'",$what); - } - return $what; -} - -function check_html($message) { - ## TODO - return $message; -} - -function filter_text($message, $strip="") { - ### TODO - return check_html($text, $strip); -} - -function formatTimestamp($time) { - ### Should be removed as soon as possible! - global $datetime; - ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $time, $datetime); - $datetime = date("l, F d, Y - h:i A", mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1])); - return($datetime); -} - -function addRefer($url) { - $query = "SELECT * FROM refer WHERE url = '$url'"; - $result = db_query($query); - - if ($site = db_fetch_object($result)) { - if ($site->status) { - $site->refers++; - $query = "UPDATE refer SET refers = '$site->refers', access_dt = '". time() ."' WHERE url = '$url'"; - $result = db_query($query); - } - } - else { - $query = "INSERT INTO refer (url, name, refers, create_dt, access_dt) VALUES ('$url', '', '1', '". time() ."', '". time() ."')"; - $result = db_query($query); - } -} - -function displayModerationResults($theme, $story) { - global $user; - - if ($user->id && $story->id && $vote = $user->getHistory("s$story->id")) { - $output .= "<P><B>You voted `$vote'.</B></P>\n"; - $output .= "<P>\n"; - $output .= "<B>Other people voted:</B><BR>\n"; - - $result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'"); - while ($account = db_fetch_object($result)) { - $output .= "<A HREF=\"account.php?op=info&uname=$account->userid\">$account->userid</A> voted `". getHistory($account->history, "s$story->id") ."'.<BR>"; - } - - $theme->box("Moderation results", $output); - } -} - -function displayRelatedLinks($theme, $story) { - ### Parse story for <A HREF="">-tags: - $text = stripslashes("$story->abstract $story->updates $story->article"); - while ($text = stristr($text, "<A HREF=")) { - $link = substr($text, 0, strpos(strtolower($text), "</a>") + 4); - $text = stristr($text, "</A>"); - if (!stristr($link, "mailto:")) $content .= "<LI>$link</LI>"; - } - - ### Default related links: - $content .= " <LI>More about <A HREF=\"search.php?category=". urlencode($story->category) ."\">$story->category</A>.</LI>"; - $content .= " <LI>Also by <A HREF=\"search.php?author=". urlencode($story->userid) ."\">$story->userid</A>.</LI>"; - - $theme->box("Related links", $content); -} - -function displayOldHeadlines($theme, $num = 10) { - global $user; - - if ($user->storynum) $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $user->storynum, $num"); - else $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $num, $num"); - - while ($story = db_fetch_object($result)) { - if ($time != date("F jS", $story->timestamp)) { - $content .= "<P><B>". date("l, F jS", $story->timestamp) ."</B></P>"; - $time = date("F jS", $story->timestamp); - } - - if ($user->userid) { - $content .= "<LI><A HREF=\"discussion.php?id=$story->id"; - $content .= ($user->umode) ? "&mode=$user->umode" : "&mode=threaded"; - $content .= ($user->uorder) ? "&order=$user->uorder" : "&order=0"; - $content .= ($user->thold) ? "&thold=$user->thold" : "&thold=0"; - $content .= "\">$story->subject</A></LI>"; - } - else { - $content .= "<LI><A HREF=\"discussion.php?id=$story->id&mode=threaded&order=1&thold=0\">$story->subject</A></LI>"; - } - } - $content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"; - - $theme->box("Older headlines", $content); -} - -function displayNewHeadlines($theme, $num = 10) { - global $user; - - $content = ""; - $result = db_query("SELECT id, subject FROM stories WHERE status = 2 ORDER BY id DESC LIMIT $num"); - while ($story = db_fetch_object($result)) { - if ($user->userid) { - $content .= "<LI><A HREF=\"discussion.php?id=$story->id"; - $content .= ($user->umode) ? "&mode=$user->umode" : "&mode=threaded"; - $content .= ($user->uorder) ? "&order=$user->uorder" : "&order=0"; - $content .= ($user->thold) ? "&thold=$user->thold" : "&thold=0"; - $content .= "\">$story->subject</A></LI>"; - } - else { - $content .= "<LI><A HREF=\"discussion.php?id=$story->id&mode=threaded&order=1&thold=0\">$story->subject</A></LI>"; - } - } - $content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"; - $theme->box("Latest headlines", $content); -} - -function displayAdminblock($theme) { - $result = db_query("SELECT title, content FROM blocks"); - while (list($title, $content) = mysql_fetch_array($result)) { - $theme->box($title, nl2br($content)); - } -} - -function displayUserblock($theme) { - global $user; - - if ($user && $user->ublockon) { - $content .= "<P ALIGN=\"right\">[ <A HREF=\"account.php?op=edithome\"><FONT COLOR=\"$theme->hlcolor2\">edit</FONT></A> | <A HREF=\"account.php?op=discussion\"><FONT COLOR=\"$theme->hlcolor2\">Track comments</FONT></A> | <A HREF=\"account.php?op=logout\"><FONT COLOR=\"$theme->hlcolor2\">logout</FONT></A>]</P>"; - $theme->box("$user->userid's box", $user->content); - } -} - -function displayLogin($theme) { - global $user; - - if ($user && $user->userid) { - ### Display userblock if any: - displayUserblock(); - } - else { - $content = "<CENTER><FORM METHOD=\"post\" ACTION=\"account.php\">\n"; - $content .= "<P>Username:<BR><INPUT NAME=userid MAXLENGTH=50 SIZE=12></P>\n"; - $content .= "<P>Password:<BR> <INPUT TYPE=password NAME=passwd MAXLENGTH=25 SIZE=12></P>\n"; - $content .= "<INPUT TYPE=submit NAME=op VALUE=\"Login\">\n"; - $content .= "</FORM>\n"; - $content .= "<P><A HREF=\"account.php?op=new\">Register</A> as new user.<BR><A HREF=\"account.php?op=forgot\">Forgot</A> your password?</P></CENTER>"; - $theme->box("Login", $content); - } -} - -function displayCalendar($theme, $date) { - include "calendar.class.php"; - $calendar = new calendar($date); - $theme->box("Browse archives", $calendar->display()); -} - -function displayAccount($theme) { - global $user; - - if ($user && $user->userid) { - - function submission_number() { - $result = db_query("SELECT COUNT(id) FROM stories WHERE status = 1"); - return ($result) ? mysql_result($result, 0) : 0; - } - - ### Display account settings: - $content = "<LI><A HREF=\"account.php\">view your information</A></LI>"; - $content .= "<LI><A HREF=\"account.php?op=user\">edit your information</A></LI>"; - $content .= "<LI><A HREF=\"account.php?op=page\">customize your page</A></LI>"; - $content .= "<LI><A HREF=\"account.php?op=discussion\">track your comments</A></LI>"; - $content .= "<LI><A HREF=\"submission.php\">moderate submissions</A> (<FONT COLOR=\"red\">". submission_number() ."</FONT>)</LI>"; - $content .= "<LI><A HREF=\"account.php?op=logout\">logout</A></LI>"; - - $theme->box("$user->userid's account", "$content"); - } -} - -function displayReferrals($theme, $number = 10) { - $count = 1; - - if ($number) { - $query = "SELECT * FROM refer ORDER BY refers DESC LIMIT $number"; - $result = db_query($query); - } - else { - $query = "SELECT * FROM refer ORDER BY refers DESC"; - $result = db_query($query); - } - - while (($site = db_fetch_object($result)) && ($count <= $number)) { - if ($site->name) $rval .= "$count. <A HREF=\"$site->url\">$site->name</A> ($site->refers)<BR>"; - else $rval .= "$count. <A HREF=\"$site->url\">$site->url</A> ($site->refers)<BR>"; - $count++; - } - - $theme->box("Referring sites", "$rval <P ALIGN=\"right\">[ <A HREF=\"refer.php#refer-info\"><FONT COLOR=\"$theme->hlcolor2\">info</FONT></A> | <A HREF=\"refer.php#refer-more\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"); -} - -function displayPoll($theme) { - global $answer, $answer1, $answer2, $answer3, $answer4, $answer5, $answer6, $id, $method, $section, $poll, $question; - // Pass the URI and FORM parameters along to poll.php. - $box = 1; - include "poll.php"; -} -?>
\ No newline at end of file @@ -1,6 +1,6 @@ -<?PHP +<? -include "functions.inc"; +include "function.inc"; include "theme.inc"; ### Initialize/pre-process variables: diff --git a/mysql.tables b/mysql.tables index 12d2653c4..a31e7351f 100644 --- a/mysql.tables +++ b/mysql.tables @@ -18,6 +18,14 @@ CREATE TABLE bans ( PRIMARY KEY (id) ); +CREATE TABLE diaries ( + id int DEFAULT '0' NOT NULL auto_increment; + author int DEFAULT '0' NOT NULL, + text text NOT NULL, + timestamp int(11), + PRIMARY KEY(id) +); + CREATE TABLE blocks ( id tinyint(4) DEFAULT '0' NOT NULL auto_increment, author varchar(30), @@ -187,7 +187,7 @@ function adminPolls() { } if (!$box) { - include "functions.inc"; + include "function.inc"; include "theme.inc"; $theme->header(); } @@ -3,7 +3,7 @@ ### Include global settings: include "config.inc"; -include "functions.inc"; +include "function.inc"; include "authentication.inc"; include "theme.inc"; diff --git a/search.php b/search.php index cbb0b1dd6..c84325d58 100644 --- a/search.php +++ b/search.php @@ -1,6 +1,6 @@ <? - include "functions.inc"; + include "function.inc"; include "theme.inc"; $theme->header(); @@ -10,13 +10,13 @@ $output .= "<TABLE WIDTH=\"100%\" BORDER=\"0\">\n"; $output .= " <TR VALIGN=\"center\">\n"; $output .= " <TD COLSPAN=3>\n"; - $output .= " <FORM ACTION=\"". basename($GLOBALS[PHP_SELF]) ."\" METHOD=\"POST\">\n"; + $output .= " <FORM ACTION=\"search.php\" METHOD=\"POST\">\n"; $output .= " <INPUT SIZE=\"50\" VALUE=\"$terms\" NAME=\"terms\" TYPE=\"text\"><BR>\n"; ### category: - $output .= " <SELECT NAME=\"category\">\n"; - if ($category != "") $output .= " <OPTION VALUE=\"$category\">$category</OPTION>\n"; - $output .= "<OPTION VALUE=\"\">All categories</OPTION>\n"; + $output .= "<SELECT NAME=\"category\">\n"; + if ($category) $output .= " <OPTION VALUE=\"$category\">$category</OPTION>\n"; + $output .= " <OPTION VALUE=\"\">All categories</OPTION>\n"; for ($i = 0; $i < sizeof($categories); $i++) { $output .= " <OPTION VALUE=\"$categories[$i]\">$categories[$i]</OPTION>\n"; } @@ -40,34 +40,20 @@ $output .= " <TR>\n"; $output .= " <TD>\n"; - ### Compose query: - $query = "SELECT DISTINCT s.id, s.subject, u.userid, s.timestamp FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 "; - if ($terms != "") $query .= "AND (s.subject LIKE '%$terms%' OR s.abstract LIKE '%$terms%' OR s.updates LIKE '%$terms%') "; - if ($category != "") $query .= "AND s.category = '$category' "; - if ($author != "") $query .= "AND u.userid = '$author' "; - if ($order == "Oldest first") $query .= " ORDER BY s.timestamp ASC"; - else $query .= " ORDER BY s.timestamp DESC"; - - ### Perform query: + ### Compose and perform query: + $query = "SELECT DISTINCT s.id, s.subject, u.userid, s.timestamp, COUNT(c.cid) AS comments FROM comments c, stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND s.id = c.sid "; + $query .= ($author) ? "AND u.userid = '$author' " : ""; + $query .= ($terms) ? "AND (s.subject LIKE '%$terms%' OR s.abstract LIKE '%$terms%' OR s.updates LIKE '%$terms%') " : ""; + $query .= ($category) ? "AND s.category = '$category' GROUP BY c.sid " : "GROUP BY c.sid "; + $query .= ($order == "Oldest first") ? "ORDER BY s.timestamp ASC" : "ORDER BY s.timestamp DESC"; $result = db_query("$query"); ### Display search results: $output .= "<HR>\n"; + while ($entry = db_fetch_object($result)) { $num++; - - if ($user) { - $link = "<A HREF=\"discussion.php?id=$entry->id"; - if (isset($user->umode)) { $link .= "&mode=$user->umode"; } else { $link .= "&mode=threaded"; } - if (isset($user->uorder)) { $link .= "&order=$user->uorder"; } else { $link .= "&order=0"; } - if (isset($user->thold)) { $link .= "&thold=$user->thold"; } else { $link .= "&thold=0"; } - $link .= "\">$entry->subject</A>"; - } - else { - $link = "<A HREF=\"discussion.php?id=$entry->id&mode=threaded&order=1&thold=0\">$entry->subject</A>"; - } - - $output .= "<P>$num) <B>$link</B><BR><SMALL>by <B><A HREF=\"account.php?op=info&uname=$entry->userid\">$entry->userid</A></B>, posted on ". date("l, F d, Y - H:i A", $entry->timestamp) .".</SMALL></P>\n"; + $output .= "<P>$num) <B>". format_story_link($entry) ."</B> (". format_plural($entry->comments, "comment", comments) .")<BR><SMALL>by ". format_username($entry->userid) ."</B>, posted on ". format_date($entry->timestamp) .".</SMALL></P>\n"; } if ($num == 0) $output .= "<P>Your search did <B>not</B> match any articles in our database: <UL><LI>Try using fewer words.</LI><LI>Try using more general keywords.</LI><LI>Try using different keywords.</LI></UL></P>\n"; diff --git a/submission.inc b/submission.inc index c1adcc9d8..81dfb2339 100644 --- a/submission.inc +++ b/submission.inc @@ -12,10 +12,10 @@ function submission_score($id) { function submission_vote($id, $vote, $comment) { global $user; - + include "config.inc"; - - if (!getHistory($user->history, "s$id")) { + + if (!user_getHistory($user->history, "s$id")) { ### Update submission's score- and votes-field: db_query("UPDATE stories SET score = score $vote, votes = votes + 1 WHERE id = $id"); @@ -23,8 +23,7 @@ function submission_vote($id, $vote, $comment) { if ($comment) db_query("INSERT INTO comments (sid, author, subject, comment, hostname, timestamp) VALUES($id, $user->id, '". addslashes(substr($comment, 0, 29)) ." ...', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')"); ### Update user's history record: - $user->setHistory("s$id", "$vote"); // s = submission - $user->save(); + user_setHistory($user, "s$id", "$vote"); // s = submission ### Update story table (if required): $result = db_query("SELECT * FROM stories WHERE id = $id"); diff --git a/submission.php b/submission.php index a734e1433..ad61af422 100644 --- a/submission.php +++ b/submission.php @@ -1,8 +1,7 @@ <? - -include "functions.inc"; -include "theme.inc"; include "submission.inc"; +include "function.inc"; +include "theme.inc"; function submission_displayMain() { global $PHP_SELF, $theme, $user; @@ -16,9 +15,8 @@ function submission_displayMain() { $content .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; $content .= " <TR BGCOLOR=\"$bgcolor1\"><TH>Subject</TH><TH>Category</TH><TH>Date</TH><TH>Author</TH><TH>Score</TH></TR>\n"; while ($submission = db_fetch_object($result)) { - $submission->userid = ($submission->userid) ? $submission->userid : $anonymous; - if (getHistory($user->history, "s$submission->id")) $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">$submission->subject</A></TD><TD>$submission->category</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">$submission->userid</TD><TD ALIGN=\"center\">". submission_score($submission->id) ."</TD></TR>\n"; - else $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">$submission->subject</A></TD><TD>$submission->category</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">$submission->userid</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">vote</A></TD></TR>\n"; + if (user_getHistory($user->history, "s$submission->id")) $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">$submission->subject</A></TD><TD>$submission->category</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\">". submission_score($submission->id) ."</TD></TR>\n"; + else $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">$submission->subject</A></TD><TD>$submission->category</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">vote</A></TD></TR>\n"; } $content .= "</TABLE>\n"; @@ -30,7 +28,7 @@ function submission_displayMain() { function submission_displayItem($id) { global $PHP_SELF, $theme, $user; - if ($vote = getHistory($user->history, "s$id")) { + if ($vote = user_getHistory($user->history, "s$id")) { header("Location: discussion.php?id=$id"); } else { @@ -74,7 +72,7 @@ if ($user) { submission_displayItem($id); break; default: - submission_displayMain(); + submission_displayMain(); break; } } diff --git a/submit.php b/submit.php index e97c25537..45b8c1e41 100644 --- a/submit.php +++ b/submit.php @@ -18,7 +18,7 @@ function submit_enter() { $output .= "<P>\n"; $output .= " <B>Subject:</B><BR>\n"; - $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\"><BR>\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\"><BR>\n"; $output .= " <SMALL><I>Bad subjects are 'Check this out!' or 'An article'. Be descriptive, clear and simple!</I></SMALL>\n"; $output .= "</P>\n"; @@ -34,7 +34,7 @@ function submit_enter() { $output .= "<P>\n"; $output .= " <B>Abstract:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\"></TEXTAREA><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n"; $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; $output .= "</P>\n"; @@ -45,7 +45,8 @@ function submit_enter() { $output .= "</P>\n"; $output .= "<P>\n"; - $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview submission\"> (You must preview at least once before you can submit.)\n"; + $output .= " You must preview at least once before you can submit:<BR>\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview submission\">\n"; $output .= "</P>\n"; $output .= "</FORM>\n"; @@ -68,7 +69,7 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "<P>\n"; $output .= " <B>Subject:</B><BR>\n"; - $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" VALUE=\"". stripslashes($subject) ."\"><BR>\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($subject) ."\"><BR>\n"; $output .= " <SMALL><I>Bad subjects are 'Check this out!' or 'An article'. Be descriptive, clear and simple!</I></SMALL>\n"; $output .= "</P>\n"; @@ -145,7 +146,7 @@ function submit_submit($subject, $abstract, $article, $category) { watchdog(1, "added new submission with subject `$subject'."); } -include "functions.inc"; +include "function.inc"; include "theme.inc"; switch($op) { diff --git a/template.inc b/template.inc new file mode 100644 index 000000000..d4148b84c --- /dev/null +++ b/template.inc @@ -0,0 +1,148 @@ +<? +include "user.class.php"; + +function display_morelink($theme, $story) { + return ($story->article) ? "[ ". format_story_link($story, "<FONT COLOR=\"$theme->hlcolor2\"><B>read more</B></FONT>") ." | ". strlen($story->article) ." bytes | ". format_story_link($story, "<FONT COLOR=\"$theme->hlcolor2\">". format_plural($story->comments, "comment", "comments") ."</FONT>") ." ]" : "[ ". format_story_link($story, "<FONT COLOR=\"$theme->hlcolor2\">". format_plural($story->comments, "comment", "comments") ."</FONT>") ." ]"; +} + +function displayModerationResults($theme, $story) { + global $user; + + if ($user->id && $story->id && $vote = user_getHistory($user->history, "s$story->id")) { + $output .= "<P><B>You voted `$vote'.</B></P>\n"; + $output .= "<P>\n"; + $output .= "<B>Other people voted:</B><BR>\n"; + + $result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'"); + while ($account = db_fetch_object($result)) { + $output .= "". format_username($account->userid) ." voted `". user_getHistory($account->history, "s$story->id") ."'.<BR>"; + } + + $theme->box("Moderation results", $output); + } +} + +function displayRelatedLinks($theme, $story) { + ### Parse story for <A HREF="">-tags: + $text = stripslashes("$story->abstract $story->updates $story->article"); + while ($text = stristr($text, "<A HREF=")) { + $link = substr($text, 0, strpos(strtolower($text), "</a>") + 4); + $text = stristr($text, "</A>"); + if (!stristr($link, "mailto:")) $content .= "<LI>$link</LI>"; + } + + ### Stories in the same category: + $content .= " <LI>More about <A HREF=\"search.php?category=". urlencode($story->category) ."\">$story->category</A>.</LI>"; + + ### Stories from the same author: + if ($story->userid) $content .= " <LI>Also by <A HREF=\"search.php?author=". urlencode($story->userid) ."\">$story->userid</A>.</LI>"; + + $theme->box("Related links", $content); +} + +function displayOldHeadlines($theme, $num = 10) { + global $user; + + if ($user->storynum) $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $user->storynum, $num"); + else $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $num, $num"); + + while ($story = db_fetch_object($result)) { + if ($time != date("F jS", $story->timestamp)) { + $content .= "<P><B>". date("l, F jS", $story->timestamp) ."</B></P>\n"; + $time = date("F jS", $story->timestamp); + } + $content .= "<LI>". format_story_link($story) ."</LI>\n"; + } + $content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"; + + $theme->box("Older headlines", $content); +} + +function displayNewDiaries($theme, $num = 20) { + $result = db_query("SELECT u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id GROUP BY u.userid ORDER BY timestamp DESC LIMIT $num"); + while ($diary = db_fetch_object($result)) { + $content .= "<LI><A HREF=\"diary.php?op=view&name=$diary->userid\">$diary->userid</A></LI>\n"; + } + $theme->box("Recent diary entries", $content); +} + +function displayNewHeadlines($theme, $num = 10) { + global $user; + + $content = ""; + $result = db_query("SELECT id, subject FROM stories WHERE status = 2 ORDER BY id DESC LIMIT $num"); + while ($story = db_fetch_object($result)) $content .= "<LI>". format_story_link($story) ."</LI>\n"; + $content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"; + $theme->box("Latest headlines", $content); +} + +function displayAdminblock($theme) { + $result = db_query("SELECT title, content FROM blocks"); + while (list($title, $content) = mysql_fetch_array($result)) { + $theme->box($title, nl2br($content)); + } +} + +function displayUserblock($theme) { + global $user; + + if ($user && $user->ublockon) { + $content .= "<P ALIGN=\"right\">[ <A HREF=\"account.php?op=edithome\"><FONT COLOR=\"$theme->hlcolor2\">edit</FONT></A> | <A HREF=\"account.php?op=discussion\"><FONT COLOR=\"$theme->hlcolor2\">Track comments</FONT></A> | <A HREF=\"account.php?op=logout\"><FONT COLOR=\"$theme->hlcolor2\">logout</FONT></A>]</P>"; + $theme->box("$user->userid's box", $user->content); + } +} + +function displayLogin($theme) { + global $user; + + if ($user && $user->userid) { + ### Display userblock if any: + displayUserblock(); + } + else { + $content = "<CENTER><FORM METHOD=\"post\" ACTION=\"account.php\">\n"; + $content .= "<P>Username:<BR><INPUT NAME=userid MAXLENGTH=50 SIZE=12></P>\n"; + $content .= "<P>Password:<BR> <INPUT TYPE=password NAME=passwd MAXLENGTH=25 SIZE=12></P>\n"; + $content .= "<INPUT TYPE=submit NAME=op VALUE=\"Login\">\n"; + $content .= "</FORM>\n"; + $content .= "<P><A HREF=\"account.php?op=new\">Register</A> as new user.<BR><A HREF=\"account.php?op=forgot\">Forgot</A> your password?</P></CENTER>"; + $theme->box("Login", $content); + } +} + +function displayCalendar($theme, $date) { + include "calendar.class.php"; + $calendar = new calendar($date); + $theme->box("Browse archives", $calendar->display()); +} + +function displayAccount($theme) { + global $user; + + if ($user && $user->userid) { + + function submission_number() { + $result = db_query("SELECT COUNT(id) FROM stories WHERE status = 1"); + return ($result) ? mysql_result($result, 0) : 0; + } + + ### Display account settings: + $content = "<LI><A HREF=\"account.php\">view your information</A></LI>"; + $content .= "<LI><A HREF=\"account.php?op=user\">edit your information</A></LI>"; + $content .= "<LI><A HREF=\"account.php?op=page\">customize your page</A></LI>"; + $content .= "<LI><A HREF=\"account.php?op=discussion\">track your comments</A></LI>"; + $content .= "<LI><A HREF=\"submission.php\">moderate submissions</A> (<FONT COLOR=\"red\">". submission_number() ."</FONT>)</LI>"; + $content .= "<LI><A HREF=\"diary.php\">update your diary</A></LI>"; + $content .= "<LI><A HREF=\"account.php?op=logout\">logout</A></LI>"; + + $theme->box("$user->userid's account", "$content"); + } +} + +function displayPoll($theme) { + global $answer, $answer1, $answer2, $answer3, $answer4, $answer5, $answer6, $id, $method, $section, $poll, $question; + // Pass the URI and FORM parameters along to poll.php. + $box = 1; + include "poll.php"; +} +?> @@ -1,5 +1,7 @@ <? +include "template.inc"; + global $user; ### Verify theme: if (isset($user->theme) && file_exists("themes/$user->theme/theme.class.php")) { diff --git a/themes/jeroen/theme.class.php b/themes/jeroen/theme.class.php index 866d7b623..ae57ddb1f 100644 --- a/themes/jeroen/theme.class.php +++ b/themes/jeroen/theme.class.php @@ -46,8 +46,6 @@ <TR> <TD WIDTH="160" VALIGN="top" ALIGN="right"> <? - dbconnect(); - ### Display admin blocks: displayAdminblock($this); ?> @@ -256,7 +254,6 @@ # Description..: this function is used to theme the comment control box. function commentControl($sid, $title, $thold, $mode, $order) { global $user; - dbconnect(); $query = mysql_query("SELECT sid FROM comments WHERE sid = $sid"); if (!$query) $count = 0; else $count = mysql_num_rows($query); diff --git a/user.class.php b/user.class.php index 0643ee36c..115c940c0 100644 --- a/user.class.php +++ b/user.class.php @@ -6,49 +6,39 @@ $access = array("Administrator" => 0x00000001, class User { function User($userid, $passwd="") { - $result = db_query("SELECT * FROM users WHERE LOWER(userid)=LOWER('$userid') && passwd=PASSWORD('$passwd') && STATUS=0"); + $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 0"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } } } +} - function save() { - ### Compose query to update user record: - $query .= "UPDATE users SET "; - foreach ($this->field as $key=>$field) { $value = $this->$field; $query .= "$field = '". addslashes($value) ."', "; } - $query .= " id = $this->id WHERE id = $this->id"; - ### Perform query: - db_query($query); - } - - function rehash() { - $result = db_query("SELECT * FROM users WHERE id=$this->id"); - if (db_num_rows($result) == 1) { - foreach (db_fetch_array($result) as $key=>$value) { $this->$key = stripslashes($value); } - } - } - - function valid($access = 0) { - if ($this->userid) { - $this->rehash(); // synchronisation purpose - $this->last_access = time(); - $this->last_host = (!empty($GLOBALS[REMOTE_HOST]) ? $GLOBALS[REMOTE_HOST] : $GLOBALS[REMOTE_ADDR]); - db_query("UPDATE users SET last_access = '$this->last_access', last_host = '$this->last_host' WHERE id = $this->id"); - if ($this->access & $access || $access == 0) return 1; - } - return 0; - } +function user_save() { + global $user; + ### Compose query to update user record: +} - function getHistory($field) { - return getHistory($this->history, $field); +function user_rehash() { + global $user; + $result = db_query("SELECT * FROM users WHERE id=$user->id"); + if (db_num_rows($result) == 1) { + foreach (db_fetch_array($result) as $key=>$value) { $user->$key = stripslashes($value); } } +} - function setHistory($field, $value) { - $this->history = setHistory($this->history, $field, $value); +function user_valid($access = 0) { + global $user; + if ($user->userid) { + user_rehash(); // synchronisation purpose + $user->last_access = time(); + $user->last_host = ($GLOBALS[REMOTE_HOST]) ? $GLOBALS[REMOTE_HOST] : $GLOBALS[REMOTE_ADDR]; + db_query("UPDATE users SET last_access = '$user->last_access', last_host = '$user->last_host' WHERE id = $user->id"); + if ($user->access & $access || $access == 0) return 1; } + return 0; } -function getHistory($history, $field) { +function user_getHistory($history, $field) { $data = explode(";", $history); for (reset($data); current($data); next($data)) { $entry = explode(":", current($data)); @@ -57,7 +47,9 @@ function getHistory($history, $field) { return $rval; } -function setHistory($history, $field, $value) { +function user_setHistory(&$user, $field, $value) { + + $history = $user->history; if (!$value) { ### remove entry: $data = explode(";", $history); @@ -79,7 +71,13 @@ function setHistory($history, $field, $value) { ### not found: add new entry: $rval = "$history$field:$value;"; } - return $rval; + $user->history = $rval; + + ### save new history: + $query .= "UPDATE users SET "; + foreach ($user->field as $key=>$field) { $value = $user->$field; $query .= "$field = '". addslashes($value) ."', "; } + $query .= " id = $user->id WHERE id = $user->id"; + db_query($query); } ?> |