diff options
| -rw-r--r-- | account.php | 50 | ||||
| -rw-r--r-- | admin.inc | 21 | ||||
| -rw-r--r-- | admin.php | 1015 | ||||
| -rw-r--r-- | authentication.inc | 20 | ||||
| -rw-r--r-- | ban.inc | 30 | ||||
| -rw-r--r-- | config.inc | 12 | ||||
| -rw-r--r-- | discussion.php | 16 | ||||
| -rw-r--r-- | error.php | 6 | ||||
| -rw-r--r-- | faq.php | 9 | ||||
| -rw-r--r-- | function.inc | 17 | ||||
| -rw-r--r-- | functions.inc | 57 | ||||
| -rw-r--r-- | poll.php | 11 | ||||
| -rw-r--r-- | refer.php | 2 | ||||
| -rw-r--r-- | submission.inc | 2 | ||||
| -rw-r--r-- | submit.php | 15 |
15 files changed, 434 insertions, 849 deletions
diff --git a/account.php b/account.php index 92015c3ae..5ff5200a3 100644 --- a/account.php +++ b/account.php @@ -97,8 +97,8 @@ function validateUser($user) { if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters."; ### Check to see whether the username or e-mail address are banned: - if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned for the following reason: <I>$ban->reason</I>."; - if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>."; + if ($ban = ban_match($user[userid], $type2index[usernames])) $rval = "the specified username is banned for the following reason: <I>$ban->reason</I>."; + if ($ban = ban_match($user[email], $type2index[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>."; ### Verify whether username and e-mail address are unique: if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken."; @@ -114,11 +114,41 @@ function account_makePassword($min_length=6) { return $password; } +function account_track_comments() { + global $user; + + include "function.inc"; + + $output .= "<P>This page is helpful in case you want to keep track of your most recent comments in any of the discussions. It helps you to review the replies your comments got.\n<P>\n"; + + ### Perform query: + $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5"); + + while ($story = db_fetch_object($sresult)) { + $output .= "<LI>". plural($story->count, comment, comments) ." in article `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n"; + $output .= " <UL>\n"; + + $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id"); + while ($comment = db_fetch_object($cresult)) { + $output .= " <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n"; + } + $output .= " </UL>\n"; + } + + return $output; +} + switch ($op) { case "Login": session_start(); $user = new User($userid, $passwd); - if ($user && $user->valid()) session_register("user"); + if ($user && $user->valid()) { + session_register("user"); + watchdog(1, "session opened for user `$user->userid'."); + } + else { + watchdog(2, "failed login for user `$userid'."); + } showUser($user->userid); break; case "new": @@ -127,8 +157,14 @@ switch ($op) { case "info": showUser($uname); break; + case "discussion": + include "theme.inc"; + $theme->header(); + $theme->box("Track your comments", account_track_comments()); + $theme->footer(); + break; case "logout": - // session_start(); + watchdog(1, "session closed for user `$user->userid'."); session_unset(); session_destroy(); unset($user); @@ -157,6 +193,8 @@ switch ($op) { $theme->box("Account details", "Your member account has been created and the details necessary to login have been sent to your e-mail account <B>$new[email]</B>. Once you received the account confirmation, hit <A HREF=\"account.php\">this link</A> to login."); $theme->footer(); } + + watchdog(1, "new user `$new[userid]' registered with e-mail address `$new[email]'"); } break; case "user": @@ -191,7 +229,7 @@ switch ($op) { ### Display output/content: include "theme.inc"; $theme->header(); - $theme->box("Edit user information", $output); + $theme->box("Edit your information", $output); $theme->footer(); } else { @@ -246,7 +284,7 @@ switch ($op) { ### Display output/content: include "theme.inc"; $theme->header(); - $theme->box("Customize page", $output); + $theme->box("Customize your page", $output); $theme->footer(); } else { @@ -15,11 +15,30 @@ function admin_header() { th { font-family: helvetica, arial; text-align: center; background-color: #C0C0C0; color: #447744; } td { font-family: helvetica, arial; } </STYLE> - <BODY BGCOLOR="#ffffff" LINK="#0000ff" VLINK="#000099" ALINK="#ff0000"> + <BODY BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#000099" ALINK="#FF0000"> + <TABLE BORDER="1"> + <TR> + <TD ALIGN="left" VALIGN="top" WIDTH="100"> + <P> + <LI><A HREF="admin.php?section=accounts">accounts</A></LI> + <LI><A HREF="admin.php?section=bans">bans</A></LI> + <LI><A HREF="admin.php?section=logs">logs</A></LI> + <LI><A HREF="admin.php?section=stories">stories</A></LI> + <P> + <LI><A HREF="">home</A></LI> + </TD> + <TD> <? } function admin_footer() { + ?> + </TD> + </TR> + </TABLE> + </BODY> + </HTML> + <? } ?>
\ No newline at end of file @@ -1,798 +1,317 @@ -<?PHP +<? -include "functions.inc"; -include "authentication.inc"; - -function login() { - include "theme.inc"; - $theme->header(); - $theme->box("Login", "<FORM ACTION=\"admin.php\" METHOD=\"post\"><P>Name: <INPUT TYPE=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"20\"><P>Password: <INPUT TYPE=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"><P><INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"login\"></FORM>"); - $theme->footer(); -} +/* + * Account administration: + */ -function logout() { - setcookie("admin"); - - include "theme.inc"; - $theme->header(); - ?> - <BR><BR><BR><BR> - <P ALIGN="center"><FONT SIZE="+2"><B>You are now logged out!</B></FONT></P> - <P>You have been logged out of the system. Since authentication details are stored by using cookies, logging out is only necessary to prevent those who have access to your computer from abusing your account.</P> - <? - $theme->footer(); -} - -function backup() { - include "config.inc"; - if ($system == 0) { - exec("mysqldump -h $dbhost -u $dbuname -p$dbpass $dbname | mail -s \"[$sitename] MySQL backup\" $notify_email"); - exec("mysqldump -h $dbhost -u $dbuname -p$dbpass $dbname > ../$sitename-backup-". date("Ymd", time()).".mysql"); - } - else print "<P><B>Warning:</B> the backup feature is only supported on UNIX systems. Check your configuration file if you are using a UNIX system.</P>"; -} +function account_display($id = "", $order = 1) { + ### Perform query: + $result = db_query("SELECT * FROM users"); -function main() { - include "config.inc"; - include "theme.inc"; - $theme->header(); - dbconnect(); - - $result = mysql_query("SELECT qid, subject, timestamp FROM queue order by timestamp"); - - echo "<FORM ACTION=\"admin.php\" METHOD=\"post\">"; - echo "<TABLE WIDTH=\"100%\">"; - - if (mysql_num_rows($result) != 0) { - while (list($qid, $subject, $timestamp) = mysql_fetch_row($result)) { - - ### format date: - $datetime = date("F d - h:i:s A", $timestamp); - - ### generate overview: - echo " <TR>"; - echo " <TD BGCOLOR=\"#c0c0c0\" WIDTH=\"11\" ALIGN=\"middle\"><INPUT TYPE=\"radio\" NAME=\"qid\" VALUE=\"$qid\"></TD>"; - echo " <TD BGCOLOR=\"#c0c0c0\"><A HREF=\"admin.php?op=submission&qid=$qid\">$subject</A></TD>"; - echo " <TD BGCOLOR=\"#c0c0c0\">$datetime</TD>"; - echo " </TR>"; - $dummy++; - } + ### Generate output: + print "<H3>Accounts:</H3>\n"; + + while ($account = db_fetch_object($result)) { + $output .= "$account->userid<BR>"; } - if ($dummy < 1) { - echo " <TR><TD ALIGN=\"center\" BGCOLOR=\"#c0c0c0\" COLSPAN=\"3\">There are currently <B>no</B> new submissions available.</TD></TR>"; - } - else { - echo " <TR><TD COLSPAN=\"3\"><INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Delete article\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"View article\"></TD></TR>"; - } - - echo " <TR><TD COLSPAN=\"3\">Article ID: <INPUT TYPE=\"text\" NAME=\"sid\" SIZE=\"5\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Edit article\"></TD></TR>"; - echo " <TR><TD COLSPAN=\"3\"><A HREF=\"admin.php?op=news_admin_write\">Write and post an article as administrator.</A></TD></TR>"; - echo "</TABLE></FORM>"; - - mysql_free_result($result); - ?> - <HR> - <LI><A HREF="admin.php?op=blocks">Edit global blocks on main page.</A></LI><BR> - <I>Allows you to update the content blocks on the main page.</I> - <HR> - <LI><A HREF="admin.php?op=user_overview">Edit user accounts.</A></LI><BR> - <I>Add, delete, block, view and update user accounts.</I> - <HR> - <LI><A HREF="admin.php?op=mod_authors">Edit adminstrators accounts.</A></LI><BR> - <HR> - <LI><A HREF="admin.php?op=backup">Backup MySQL tables.</A></LI><BR> - <I>Will mail a backup of the MySQL database to '<? echo $notify_email; ?>'.</I> - <HR> - <LI><A HREF="webboard.php?section=webboard">Webboard manager.</A></LI><BR> - <I>Allows you to delete flamebait post or threads from the webboard.</I> - <HR> - <LI><A HREF="poll.php?section=poll">Poll manager.</A></LI><BR> - <I>Install, delete or update polls.</I> - <HR> - <LI><A HREF="refer.php?section=refer">Referring site manager.</A></LI><BR> - <I>Edit, block or delete sites that participate with the referring site program.</I> - <HR> - <LI><A HREF="">Resource manager.</A> (not implemented yet)</LI><BR> - <I>Allows admins to maintain a list of resources, news sites and other interesting start points to start their search for news.</I> - <HR> - <LI><A HREF="admin.php?op=logout">Logout</A></LI> - <?PHP - $theme->footer(); + print $output; } -/*********************************************************/ -/* block functions */ -/*********************************************************/ - -function block_overview() { - include "theme.inc"; - $theme->header(); - - dbconnect(); - $result = mysql_query("SELECT id, title, content FROM blocks"); - if (mysql_num_rows($result) > 0) { - while(list($id, $title, $content) = mysql_fetch_array($result)) { - echo "<FORM ACTION=\"admin.php\" METHOD=\"post\">"; - echo " <B>Title:</B><BR>"; - echo " <INPUT TYPE=\"text\" NAME=\"title\" SIZE=\"60\" MAXLENGTH=\"60\" VALUE=\"$title\">"; - echo " <BR><BR>"; +/* + * Log administration: + */ +function log_display() { + global $PHP_SELF, $anonymous, $log_level; - echo " <B>Content:</B><BR>"; - echo " <TEXTAREA WRAP=\"virtual\" COLS=\"60\" ROWS=\"8\" NAME=\"content\">$content</TEXTAREA>"; - echo " <BR><BR>"; + ### Perform query: + $result = db_query("SELECT l.*, u.userid FROM logs l LEFT JOIN users u ON l.user = u.id ORDER BY l.id DESC"); - echo " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">"; - echo " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Update block\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Delete block\">"; - echo "</FORM>"; - } - } - ?> - <HR> - <FORM ACTION="admin.php" METHOD="post"> - <B>Title:</B><BR> - <INPUT TYPE="text" NAME="title" SIZE="60" MAXLENGTH="60"> - <BR><BR> + $color = array("#FFFFFF", "#FFFFFF", "#90EE90", "#CD5C5C"); - <B>Content:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="8" NAME="content"></TEXTAREA> - <BR><BR> - <INPUT TYPE="submit" NAME="op" VALUE="Add new block"> - </FORM> - - <?php - $theme->footer(); -} - -function block_add($title, $content) { - dbconnect(); - mysql_query("INSERT INTO blocks VALUES (NULL,'$aid','$title','$content')"); - header("Location: admin.php?op=main"); -} - -function block_update($id, $title, $content) { - dbconnect(); - mysql_query("update blocks set title='$title', content='$content' where id=$id"); - header("Location: admin.php?op=main"); -} + ### Generate output: + print "<H3>Logs:</H3>\n"; + print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + print " <TR>\n"; + print " <TH>Date</TH>\n"; + print " <TH>User</TH>\n"; + print " <TH>Message</TH>\n"; + print " <TH>Operations</TH>\n"; + print " </TR>\n"; + + while ($log = db_fetch_object($result)) { + if ($log->userid) print " <TR BGCOLOR=\"". $color[$log->level] ."\"><TD>". date("D d/m, H:m:s", $log->timestamp) ."</TD><TD ALIGN=\"center\"><A HREF=\"account.php?op=info&uname=$log->userid\">$log->userid</A></TD><TD>". substr($log->message, 0, 44) ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=logs&op=view&id=$log->id\">more</A></TD></TR>\n"; + else print " <TR BGCOLOR=\"". $color[$log->level] ."\"><TD>". date("D d/m, H:m:s", $log->timestamp) ."</TD><TD ALIGN=\"center\">$anonymous</TD><TD>". substr($log->message, 0, 44) ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=logs&op=view&id=$log->id\">more</A></TD></TR>\n"; + } -function block_delete($id) { - dbconnect(); - mysql_query("DELETE FROM blocks WHERE id = '$id'"); - header("Location: admin.php?op=main"); + print "</TABLE>\n"; } - -/*********************************************************/ -/* user account functions */ -/*********************************************************/ - -function user_overview() { - include "theme.inc"; - $theme->header(); - dbconnect(); - $result = mysql_query("SELECT * FROM users"); - while ($account = mysql_fetch_object($result)) { - $count++; - print "$count. $account->uname [ <A HREF=\"account.php?op=userinfo&uname=$account->uname\">view</A> | edit | block | delete ]<BR>"; +function log_view($id) { + ### Perform query: + $result = db_query("SELECT l.*, u.userid FROM logs l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id"); + + if ($log = db_fetch_object($result)) { + print "<H3>Logs:</H3>\n"; + print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + print " <TR><TD ALIGN=\"right\"><B>Level:</B></TD><TD>$log->level</TD></TR>\n"; + print " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". date("l, F d, Y - H:i A", $log->timestamp) ."</TD></TR>\n"; + print " <TR><TD ALIGN=\"right\"><B>User:</B></TD><TD><A HREF=\"account.php?op=info&uname=$log->userid\">". username($log->userid) ."</TD></TR>\n"; + print " <TR><TD ALIGN=\"right\"><B>Message:</B></TD><TD>$log->message</TD></TR>\n"; + print " <TR><TD ALIGN=\"right\"><B>Hostname:</B></TD><TD>$log->hostname</TD></TR>\n"; + print "</TABLE>\n"; } - $theme->footer(); } -/*********************************************************/ -/* article functions */ -/*********************************************************/ -function news_queue_delete($qid) { - dbconnect(); - $result = mysql_query("DELETE FROM queue WHERE qid = $qid"); - header("Location: admin.php?op=main"); -} +/* + * Ban administration: + */ +function ban_check($mask, $category) { + $ban = ban_match($mask, $category); -function news_display($qid) { - global $user, $subject, $article; - - include "config.inc"; - include "header.inc"; - - dbconnect(); - - if (isset($qid)) $result = mysql_query("SELECT qid, uid, uname, timestamp, subject, abstract, article, category FROM queue WHERE qid = $qid"); - else $result = mysql_query("SELECT qid, uid, uname, timestamp, subject, abstract, article, category FROM queue LIMIT 1"); - - list($qid, $uid, $uname, $timestamp, $subject, $abstract, $article, $category) = mysql_fetch_row($result); - mysql_free_result($result); - - $subject = stripslashes($subject); - $abstract = stripslashes($abstract); - $article = stripslashes($article); - - $theme->preview("", $uname, $timestamp, $subject, "", $abstract, "", $article); - ?> - - <FORM ACTION="admin.php" METHOD="post"> - - <P> - <B>Author or poster:</B><br> - <INPUT TYPE="text" NAME="author" SIZE="50" VALUE="<?PHP echo "$uname"; ?>"> - </P> - - <P> - <B>Subject:</B><BR> - <INPUT TYPE="text" NAME="subject" SIZE="50" VALUE="<?PHP echo"$subject"; ?>"> - </P> - - <P> - <B>Department:</B><BR> - <INPUT TYPE="text" NAME="department" SIZE="50" VALUE=""> dept.<BR> - <I> - <FONT SIZE="2"> - Example departments: - <UL> - <LI>we-saw-it-coming dept.</LI> - <LI>don't-get-your-panties-in-a-knot dept.</LI> - <LI>brain-melt dept.</LI> - <LI>beats-the-heck-out-of-me dept.</LI> - </UL> - </FONT> - </I> - </P> - - <P> - <B>Category:</B><BR> - <SELECT NAME="category"> - <?PHP - for ($i = 0; $i < sizeof($categories); $i++) { - echo "<OPTION VALUE=\"$categories[$i]\" "; - if ($category == $categories[$i]) echo "SELECTED"; - echo ">$categories[$i]\n"; - } - ?> - </SELECT> - </P> - - <P> - <B>Author's abstract:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="8" NAME="abstract"><?PHP echo "$abstract"; ?></TEXTAREA><BR> - <FONT SIZE="2"><I>Will be displayed on the main page!</I></FONT> - </P> - - <P> - <B>Editor's comments:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="5" NAME="comments"></TEXTAREA><BR> - <FONT SIZE="2"><I>Will be displayed on the main page after the abstract.</I></FONT> - </P> - - <P> - <B>Extended article:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="12" NAME="article"><?PHP echo "$article"; ?></TEXTAREA><BR> - <FONT SIZE="2">Will be displayed on the article's page when following the 'read more'-link.</FONT></I> - </P> - - <INPUT TYPE="hidden" NAME="qid" VALUE="<?PHP echo "$qid"; ?>"> - <INPUT TYPE="hidden" NAME="uid" VALUE="<?PHP echo "$uid"; ?>"> - <INPUT TYPE="submit" NAME="op" VALUE="Delete article"> - <INPUT TYPE="submit" NAME="op" VALUE="Preview article"> - <INPUT TYPE="submit" NAME="op" VALUE="Post article"> - </FORM> - - <?PHP - $theme->footer(); + print "<H3>Status:</H3>\n"; + print "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") .""; } -function news_preview($qid, $uid, $author, $subject, $department, $category, $abstract, $comments, $article) { - global $user, $boxstuff, $aid; - include "config.inc"; - include "theme.inc"; +function ban_new($mask, $category, $reason) { + ban_add($mask, $category, $reason, &$message); - $theme->header(); + print "<H3>Status:</H3>\n"; + print "$message\n"; +} - $subject = stripslashes($subject); - $agstract = stripslashes($abstract); - $comments = stripslashes($comments); - $article = stripslashes($article); +function ban_display($category = "") { + global $PHP_SELF, $type2index; - $theme->preview($aid, $author, time(), $subject, $department, $abstract, $comments, $article); - $theme->footer(); - ?> - + ### initialize variable: + $category = $category ? $category : 1; - <FORM ACTION="admin.php" METHOD="post"> - - <P> - <B>Author or poster:</B><br> - <INPUT TYPE="text" NAME="author" SIZE="50" VALUE="<?PHP echo "$author"; ?>"> - </P> - - <P> - <B>Subject:</B><BR> - <INPUT TYPE="text" NAME="subject" SIZE="50" VALUE="<?PHP echo"$subject"; ?>"> - </P> - - <P> - <B>Department:</B><BR> - <INPUT TYPE="text" NAME="department" SIZE="50" VALUE="<?PHP echo"$department"; ?>"> dept.<BR> - <I><FONT SIZE="2"> - Example departments: - <UL> - <LI>we-saw-it-coming dept.</LI> - <LI>don't-get-your-panties-in-a-knot dept.</LI> - <LI>brain-melt dept.</LI> - <LI>beats-the-heck-out-of-me dept.</LI> - </UL> - </FONT></I> - </P> - - <P> - <B>Category:</B><BR> - <SELECT NAME="category"> - <?PHP - for ($i = 0; $i < sizeof($categories); $i++) { - echo "<OPTION VALUE=\"$categories[$i]\" "; - if ($category == $categories[$i]) echo "SELECTED"; - echo ">$categories[$i]\n"; - } - ?> - </SELECT> - </P> - - <P> - <B>Author's abstract:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="8" NAME="abstract"><?PHP echo "$abstract"; ?></TEXTAREA><BR> - <FONT SIZE="2"><I>Will be displayed on the main page!</I></FONT> - </P> - - <P> - <B>Editor's comments:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="5" NAME="comments"><? echo "$comments"; ?></TEXTAREA><BR> - <FONT SIZE="2"><I>Will be displayed on the main page after the abstract.</I></FONT> - </P> - - <P> - <B>Extended article:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="12" NAME="article"><? echo "$article"; ?></TEXTAREA><BR> - <I><FONT SIZE="2">Will be displayed on the article's page when following the 'read more'-link.</FONT></I> - </P> - - <INPUT TYPE="hidden" NAME="qid" VALUE="<?PHP echo "$qid"; ?>"> - <INPUT TYPE="hidden" NAME="uid" VALUE="<?PHP echo "$uid"; ?>"> - <INPUT TYPE="submit" NAME="op" VALUE="Delete article"> - <INPUT TYPE="submit" NAME="op" VALUE="Preview article"> - <INPUT TYPE="submit" NAME="op" VALUE="Post article"> - </FORM> + ### Perform query: + $result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask"); - <?PHP - $theme->footer(); + ### Generate output: + print "<H3>Bans:</H3>\n"; + print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + print " <TR>\n"; + print " <TH COLSPAN=\"2\" >Active bans</TH>\n"; + print " </TH>\n"; + print " <TH>\n"; + print " <FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; + print " <SELECT NAME=\"category\">\n"; + for (reset($type2index); $cur = current($type2index); next($type2index)) { + print " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n"; + } + print " </SELECT>\n"; + print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Refresh\">\n"; + print " </FORM>\n"; + print " </TH>\n"; + print " </TR>\n"; + print " <TR>\n"; + print " <TH>Mask</TH>\n"; + print " <TH>Reason</TH>\n"; + print " <TH>Operations</TH>\n"; + print " </TR>\n"; + + while ($ban = db_fetch_object($result)) { + print " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=bans&op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n"; + } + + print " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n"; + print "</TABLE>\n"; + print "<BR><HR>\n"; + + print "<H3>Add new ban:</H3>\n"; + print "<FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; + print "<B>Banmask:</B><BR>\n"; + print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n"; + print "<B>Type:</B><BR>\n"; + print "<SELECT NAME=\"category\"\">\n"; + for (reset($type2index); $cur = current($type2index); next($type2index)) { + print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n"; + } + print "</SELECT><P>\n"; + print "<B>Reason:</B><BR>\n"; + print "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n"; + print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n"; + print "</FORM>\n"; + print "<BR><HR>\n"; + + print "<H3>Ban check:</H3>\n"; + print "<FORM ACTION=\"$PHP_SELF?section=bans\" METHOD=\"post\">\n"; + print "<B>Banmask:</B><BR>\n"; + print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n"; + print "<B>Type:</B><BR>\n"; + print "<SELECT NAME=\"category\"\">\n"; + for (reset($type2index); $cur = current($type2index); next($type2index)) { + print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n"; + } + print "</SELECT><P>\n"; + print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n"; + print "</FORM>\n"; } -function news_post($qid, $uid, $author, $subject, $department, $category, $abstract, $comments, $article) { - global $aid; - dbconnect(); - - if ($uid == -1) $author = ""; +/* + * Story administration: + */ - $subject = stripslashes(FixQuotes($subject)); - $abstract = stripslashes(FixQuotes($abstract)); - $comments = stripslashes(FixQuotes($comments)); - $article = stripslashes(FixQuotes($article)); +function story_edit($id) { + global $PHP_SELF, $anonymous, $categories; - $result = mysql_query("INSERT INTO stories (sid, aid, subject, time, abstract, comments, article, category, informant, department) VALUES (NULL, '$aid', '$subject', '". time() ."', '$abstract', '$comments', '$article', '$category', '$author', '$department')"); + $result = db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.id = $id"); + $story = db_fetch_object($result); - ### remove article from queue: - news_queue_delete($qid); -} + $output .= "<FORM ACTION=\"$PHP_SELF?section=stories&op=save&id=$id\" METHOD=\"post\">\n"; -function news_edit($sid) { - global $user, $subject, $abstract, $comments, $article; + $output .= "<P>\n"; + $output .= " <B>Author:</B><BR>\n"; + if ($story->userid) $output .= " <A HREF=\"account.php?op=info&uname=$story->userid\">$story->userid</A>\n"; + else $output .= " $anonymous\n"; + $output .= "</P>\n"; - include "theme.inc"; - include "config.inc"; + $output .= "<P>\n"; + $output .= " <B>Subject:</B><BR>\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" VALUE=\"". stripslashes($story->subject) ."\"><BR>\n"; + $output .= "</P>\n"; + + $output .= "<P><B>Category:</B><BR>\n"; + $output .= " <SELECT NAME=\"category\">\n"; + for ($i = 0; $i < sizeof($categories); $i++) { + $output .= " <OPTION VALUE=\"$categories[$i]\" "; + if ($story->category == $categories[$i]) $output .= "SELECTED"; + $output .= ">$categories[$i]</OPTION>\n"; + } + $output .= "</SELECT>\n"; + $output .= "</P>\n"; + + $output .= "<P>\n"; + $output .= "<B>Abstract:</B><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". stripslashes($story->abstract) ."</TEXTAREA><BR>\n"; + $output .= "</P>\n"; + + $output .= "<P>\n"; + $output .= "<B>Editor's note/updates:</B><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"updates\">". stripslashes($story->updates) ."</TEXTAREA><BR>\n"; + $output .= "</P>\n"; + + $output .= "<P>\n"; + $output .= " <B>Extended story:</B><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". stripslashes($story->article) ."</TEXTAREA><BR>\n"; + $output .= "</P>\n"; + + $output .= "<P><B>Status:</B><BR>\n"; + $output .= " <SELECT NAME=\"status\">\n"; + $output .= ($story->status == 0) ? " <OPTION VALUE=\"0\" SELECTED>Deleted story</OPTION>\n" : " <OPTION VALUE=\"0\">Deleted story </OPTION>\n"; + $output .= ($story->status == 1) ? " <OPTION VALUE=\"1\" SELECTED>Pending story</OPTION>\n" : " <OPTION VALUE=\"1\">Pending story</OPTION>\n"; + $output .= ($story->status == 2) ? " <OPTION VALUE=\"2\" SELECTED>Public story</OPTION>\n" : " <OPTION VALUE=\"2\">Public story</OPTION>\n"; + $output .= "</SELECT>\n"; + $output .= "</P>\n"; + + $output .= "<P>\n"; + $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save story\">\n"; + $output .= "</P>\n"; + $output .= "</FORM>\n"; - $theme->header(); - - dbconnect(); - - $result = mysql_query("SELECT * FROM stories where sid = $sid"); - $article = mysql_fetch_object($result); - mysql_free_result($result); - - $theme->preview($article->author, $article->informant, $article->time, $article->subject, $article->department, $article->abstract, $article->comments, $article->article); - - ?> - - <FORM ACTION="admin.php" METHOD="post"> - - <P> - <B>Author or poster:</B><BR> - <INPUT TYPE="text" NAME="author" SIZE="50" VALUE="<?PHP echo "$article->aid"; ?>"> - </P> - - <P> - <B>Subject:</B><BR> - <INPUT TYPE="text" NAME="subject" SIZE="50" VALUE="<?PHP echo"$article->subject"; ?>"> - </P> - - <P> - <B>Department:</B><BR> - <INPUT TYPE="text" NAME="department" SIZE="50" VALUE="<?PHP echo"$article->department"; ?>"> dept.<BR> - <I><FONT SIZE="2"> - Example departments: - <UL> - <LI>we-saw-it-coming dept.</LI> - <LI>don't-get-your-panties-in-a-knot dept.</LI> - <LI>brain-melt dept.</LI> - <LI>beats-the-heck-out-of-me dept.</LI> - </UL> - </FONT></I> - </P> - - <P> - <B>Category:</B><BR> - <SELECT NAME="category"> - <?PHP - for ($i = 0; $i < sizeof($categories); $i++) { - echo "<OPTION VALUE=\"$categories[$i]\" "; - if ($article->category == $categories[$i]) echo "SELECTED"; - echo ">$categories[$i]\n"; - } - ?> - </SELECT> - </P> - - <P> - <B>Author's abstract:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="8" NAME="abstract"><?PHP echo "$article->abstract"; ?></TEXTAREA><BR> - <FONT SIZE="2"><I>Will be displayed on the main page!</I></FONT> - </P> - - <P> - <B>Editor's comments:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="5" NAME="comments"><? echo "$article->comments"; ?></TEXTAREA><BR> - <FONT SIZE="2"><I>Will be displayed on the main page after the abstract.</I></FONT> - </P> - - <P> - <B>Extended article:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="12" NAME="article"><? echo "$article->article"; ?></TEXTAREA><BR> - <I><FONT SIZE="2">Will be displayed on the article's page when following the 'read more'-link.</FONT></I> - </P> - - - <INPUT TYPE="hidden" NAME="sid" SIZE=60 VALUE="<?PHP echo"$sid"; ?>"> - <INPUT TYPE="submit" NAME="op" VALUE="Update article"></FORM> - - <?PHP - $theme->footer(); + print $output; } -function news_update($sid, $subject, $category, $department, $abstract, $comments, $article) { - global $aid; - dbconnect(); - $subject = stripslashes(FixQuotes($subject)); - $department = stripslashes(FixQuotes($department)); - $abstract = stripslashes(FixQuotes($abstract)); - $comments = stripslashes(FixQuotes($comments)); - $article = stripslashes(FixQuotes($article)); - mysql_query("UPDATE stories SET subject = '$subject', category = '$category', department = '$department', abstract = '$abstract', comments = '$comments', article = '$article' WHERE sid = $sid"); - header("Location: admin.php?op=main"); -} +function story_save($id, $subject, $abstract, $updates, $article, $category, $status) { + global $PHP_SELF; -function news_admin_write() { - include "theme.inc"; - include "config.inc"; - dbconnect(); - - $theme->header(); - ?> - - <FORM ACTION="admin.php" METHOD="post"> - - <P> - <B>Subject:</B><BR> - <INPUT TYPE="text" NAME="subject" SIZE="50" VALUE=""> - </P> - - <P> - <B>Department:</B><BR> - <INPUT TYPE="text" NAME="department" SIZE="50" VALUE=""> dept.<BR> - <I> - <FONT SIZE="2"> - Example departments: - <UL> - <LI>we-saw-it-coming dept.</LI> - <LI>don't-get-your-panties-in-a-knot dept.</LI> - <LI>brain-melt dept.</LI> - <LI>beats-the-heck-out-of-me dept.</LI> - </UL> - </FONT> - </I> - </P> - - <P> - <B>Category:</B><BR> - <SELECT NAME="category"> - <?PHP - for ($i = 0; $i < sizeof($categories); $i++) { - echo "<OPTION VALUE=\"$categories[$i]\">$categories[$i]\n"; - } - ?> - </SELECT> - </P> - - <P> - <B>Introduction of article:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="7" NAME="abstract"></TEXTAREA><BR> - <FONT SIZE="2"><I>Will be displayed on the main page.</I></FONT> - </P> - - <P> - <B>Rest of article:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="8" NAME="article"></TEXTAREA><BR> - <I><FONT SIZE="2">Will be displayed on the article's page when following the 'read more'-link.</FONT></I> - </P> - - <INPUT TYPE="submit" NAME="op" VALUE="Preview admin article"> - <INPUT TYPE="submit" NAME="op" VALUE="Post admin article"> - </FORM> - <? - $theme->footer(); -} + ### Add submission to SQL table: + db_query("UPDATE stories SET subject = '$subject', abstract = '$abstract', updates = '$updates', article = '$article', category = '$category', status = '$status' WHERE id = $id"); -function news_admin_preview($subject, $category, $department, $abstract, $article) { - global $aid; - include "theme.inc"; - include "config.inc"; - $subject = stripslashes($subject); - $intro = stripslashes($intro); - $rest = stripslashes($rest); - - $theme->header(); - $theme->preview("", $aid, $time, $subject, "", $abstract, "", $article); - ?> - - <FORM ACTION="admin.php" METHOD="post"> - - <P> - <B>Subject:</B><BR> - <INPUT TYPE="text" NAME="subject" SIZE="50" VALUE="<? echo "$subject"; ?>"> - </P> - - <P> - <B>Department:</B><BR> - <INPUT TYPE="text" NAME="department" SIZE="50" VALUE="<? echo "$department"; ?>"> dept.<BR> - <I> - <FONT SIZE="2"> - Example departments: - <UL> - <LI>we-saw-it-coming dept.</LI> - <LI>don't-get-your-panties-in-a-knot dept.</LI> - <LI>brain-melt dept.</LI> - <LI>beats-the-heck-out-of-me dept.</LI> - </UL> - </FONT> - </I> - </P> - - <P> - <B>Category:</B><BR> - <SELECT NAME="category"> - <?PHP - for ($i = 0; $i < sizeof($categories); $i++) { - echo "<OPTION VALUE=\"$categories[$i]\" "; - if ($category == $categories[$i]) echo "SELECTED"; - echo ">$categories[$i]\n"; - } - ?> - </SELECT> - </P> - - <P> - <B>Introduction of article:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="7" NAME="abstract"><? echo "$abstract"; ?></TEXTAREA><BR> - <FONT SIZE="2"><I>Will be displayed on the main page.</I></FONT> - </P> - - <P> - <B>Rest of article:</B><BR> - <TEXTAREA WRAP="virtual" COLS="60" ROWS="8" NAME="article"><? echo "$article"; ?></TEXTAREA><BR> - <I><FONT SIZE="2">Will be displayed on the article's page when following the 'read more'-link.</FONT></I> - </P> - - <INPUT TYPE="submit" NAME="op" VALUE="Preview admin article"> - <INPUT TYPE="submit" NAME="op" VALUE="Post admin article"> - </FORM> - - <? - $theme->footer(); + ### Add log entry: + watchdog(1, "modified story `$subject'."); } -function news_admin_post($subject, $category, $department, $abstract, $article, $category) { - global $aid; - dbconnect(); - - $subject = stripslashes(FixQuotes($subject)); - $intro = stripslashes(FixQuotes($intro)); - $rest = stripslashes(FixQuotes($rest)); +function story_display($category = "") { + global $PHP_SELF; + + ### Initialize variables: + $status = array("deleted", "pending", "public"); + + ### Perform SQL query: + $result = db_query("SELECT * FROM stories"); - $result = mysql_query("INSERT INTO stories VALUES (NULL, '$aid', '$subject', '". time() ."', '$abstract', '', '$article', '$category', '$aid', '$department')"); - if (!$result) { - echo mysql_errno(). ": ".mysql_error(). "<BR>"; - exit(); + ### Display stories: + $output .= "<H3>Stories:</H3>\n"; + $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + $output .= " <TR>\n"; + $output .= " <TH>Subject</TH>\n"; + $output .= " <TH>Status</TH>\n"; + $output .= " <TH>Operations</TH>\n"; + $output .= " </TR>\n"; + + while ($story = db_fetch_object($result)) { + $output .= " <TR><TD><A HREF=\"discussion.php?id=$story->id\">$story->subject</A></TD><TD ALIGN=\"center\">". $status[$story->status] ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?section=stories&op=edit&id=$story->id\">edit</A></TD></TR>\n"; } - header("Location: admin.php?op=main"); -} -/*********************************************************/ -/* admin admining */ -/*********************************************************/ - -function displayadmins() { - $titlebar = "<b>current authors</b>"; - include "header.inc"; - dbconnect(); - $result = mysql_query("select aid from authors"); - echo "<table border=1>"; - while(list($a_aid) = mysql_fetch_row($result)) { - echo "<tr><td>$a_aid</td>"; - echo "<td><a href=\"$that_url/admin.php?op=modifyadmin&chng_aid=$a_aid\">Modify Info</a></td>"; - echo "<td><a href=\"$that_url/admin.php?op=deladmin&del_aid=$a_aid\">Delete Author</a></td></tr>"; - } - echo "</table>"; - echo "<form action=\"$that_url/admin.php\" method=\"post\">"; - echo "Handle: <INPUT TYPE=\"text\" NAME=\"add_aid\" size=30 maxlength=30><br>"; - echo "Name: <INPUT TYPE=\"text\" NAME=\"add_name\" size=30 maxlength=60><br>"; - echo "Email: <INPUT TYPE=\"text\" NAME=\"add_email\" size=30 maxlength=60><br>"; - echo "URL: <INPUT TYPE=\"text\" NAME=\"add_url\" size=30 maxlength=60><br>"; - echo "Password: <INPUT TYPE=\"text\" NAME=\"add_pwd\" size=12 maxlength=12><br>"; - echo " <INPUT TYPE=submit NAME=op VALUE=\"Add author\"></form>"; - include "footer.inc"; + $output .= "</TABLE>\n"; + + print $output; } -function modifyadmin($chng_aid) { - $titlebar = "<b>update $chng_aid</b>"; - include "header.inc"; - dbconnect(); - $result = mysql_query("select aid, name, url, email, pwd from authors where aid='$chng_aid'"); - list($chng_aid, $chng_name, $chng_url, $chng_email, $chng_pwd) = mysql_fetch_row($result); - echo "<form action=\"admin.php\" method=\"post\">"; - echo "Name: $chng_name<INPUT TYPE=\"hidden\" NAME=\"chng_name\" VALUE=\"$chng_name\"><br>"; - echo "Handle: <INPUT TYPE=\"text\" NAME=\"chng_aid\" VALUE=\"$chng_aid\"><br>"; - echo "Email: <INPUT TYPE=\"text\" NAME=\"chng_email\" VALUE=\"$chng_email\" size=30 maxlength=60><br>"; - echo "URL: <INPUT TYPE=\"text\" NAME=\"chng_url\" VALUE=\"$chng_url\" size=30 maxlength=60><br>"; - echo "Password: <INPUT TYPE=\"password\" NAME=\"chng_pwd\" VALUE=\"$chng_pwd\" size=12 maxlength=12><br>"; - echo "Retype Password: <INPUT TYPE=\"password\" NAME=\"chng_pwd2\" size=12 maxlength=12> (for changes only)<br>"; - echo " <INPUT TYPE=submit NAME=op VALUE=\"Update Author\"></form>"; - include "footer.inc"; -} -function updateadmin($chng_aid, $chng_name, $chng_email, $chng_url, $chng_pwd, $chng_pwd2) { - if ($chng_pwd2 != "") { - if($chng_pwd != $chng_pwd2) { - $titlebar = "<b>bad pass</b>"; - include "header.inc"; - echo "Sorry, the new passwords do not match. Click back and try again"; - include "footer.inc"; - exit; - } - dbconnect(); - $result = mysql_query("update authors set aid='$chng_aid', email='$chng_email', url='$chng_url', pwd='$chng_pwd' where NAME='$chng_name'"); - header("Location: admin.php?op=main"); - } else { - dbconnect(); - $result = mysql_query("update authors set aid='$chng_aid', email='$chng_email', url='$chng_url' where NAME='$chng_name'"); - header("Location: admin.php?op=main"); - } -} +include "functions.inc"; +include "function.inc"; +include "admin.inc"; +admin_header(); -if ($admin) { - switch($op) { - case "main": - main(); - break; - case "blocks": - block_overview(); - break; - case "Add new block": - block_add($title, $content); - break; - case "Delete block": - block_delete($id); - break; - case "Update block": - block_update($id, $title, $content); - break; - case "submission": - // fall through - case "View article": - news_display($qid); - break; - case "Preview article": - news_preview($qid, $uid, $author, $subject, $department, $category, $abstract, $comments, $article); - break; - case "Post article": - news_post($qid, $uid, $author, $subject, $department, $category, $abstract, $comments, $article); - break; - case "Edit article": - news_edit($sid); - break; - case "Update article": - news_update($sid, $subject, $category, $department, $abstract, $comments, $article); - break; - case "Delete article": - news_queue_delete($qid); - break; - case "news_admin_write": - news_admin_write($sid); - break; - case "Preview admin article": - news_admin_preview($subject, $category, $department, $abstract, $article); - break; - case "Post admin article": - news_admin_post($subject, $category, $department, $abstract, $article); - break; - case "mod_authors": - displayadmins(); - break; - case "modifyadmin": - modifyadmin($chng_aid); - break; - case "Update author": - updateadmin($chng_aid, $chng_name, $chng_email, $chng_url, $chng_pwd, $chng_pwd2); - break; - case "Add author": - dbconnect(); - $result = mysql_query("INSERT INTO authors VALUES ('$add_aid','$add_name','$add_url','$add_email','$add_pwd')"); - if (!$result) { - echo mysql_errno(). ": ".mysql_error(). "<br>"; return; - } - header("Location: $that_url/admin.php?op=main"); - break; - case "deladmin": - include "header.inc"; - echo "Are you sure you want to delete $del_aid?<br>"; - echo "<a href=\"$that_url/admin.php?op=deladminconf&del_aid=$del_aid\">Yes</a> <a href=\"$that_url/admin.php?op=main\">No</a>"; - include "footer.inc"; - break; - case "deladminconf": - dbconnect(); - mysql_query("delete from authors where aid='$del_aid'"); - header("Location: $that_url/admin.php?op=main"); - break; - case "create": - poll_createPoll(); - break; - case "createPosted": - poll_createPosted(); - break; - case "remove": - poll_removePoll(); - break; - case "removePosted": - poll_removePosted(); - break; - case "user_overview": - user_overview(); - break; - case "backup": - backup(); - main(); - break; - case "view": - poll_viewPoll(); - break; - case "viewPosted": - poll_viewPosted(); - break; - case "logout": - logout(); - break; - default: - main(); - break; - } -} else { - login(); +switch ($section) { + case "accounts": + switch ($op) { + default: + account_display(); + } + break; + case "bans": + include "ban.inc"; + switch ($op) { + case "Add ban": + ban_new($mask, $category, $reason); + ban_display($category); + break; + case "Check ban": + ban_check($mask, $category); + ban_display($category); + break; + case "delete": + ban_delete($id); + ban_display($category); + break; + default: + ban_display($category); + } + break; + case "logs": + switch ($op) { + case "view": + log_view($id); + break; + default: + log_display($category); + } + break; + case "stories": + switch ($op) { + case "edit": + story_edit($id); + break; + case "Save story": + story_save($id, $subject, $abstract, $updates, $article, $category, $status); + story_edit($id); + break; + default: + story_display($category); + } + break; + default: + print "Bad visitor! Bad, bad visitor! What are you looking for? Maybe it's <A HREF=\"\">here</A>?"; } + +admin_footer(); + ?>
\ No newline at end of file diff --git a/authentication.inc b/authentication.inc deleted file mode 100644 index 16a91c4a0..000000000 --- a/authentication.inc +++ /dev/null @@ -1,20 +0,0 @@ -<? - -if ((isset($aid)) && (isset($pwd)) && ($op == "login")) { - $admin = base64_encode("$aid:$pwd"); - setcookie("admin","$admin",time()+2592000); // 1 mo is 2592000 -} - -if (isset($admin)) { - $admin = base64_decode($admin); - $admin = explode(":", $admin); - $aid = "$admin[0]"; - $pwd = "$admin[1]"; - dbconnect(); - if (mysql_num_rows(mysql_query("SELECT * FROM authors WHERE aid = '$aid' AND pwd = '$pwd'")) == 1) $admin = 1; - else $admin = 0; -} else { - $admin = 0; -} - -?>
\ No newline at end of file @@ -1,9 +1,13 @@ <? -$type = array("addresses" => 0x01, - "profanity" => 0x02, - "hostnames" => 0x03, - "usernames" => 0x04); +$type2index = array("addresses" => 0x01, + "profanity" => 0x02, + "hostnames" => 0x03, + "usernames" => 0x04); +$index2type = array(0x01 => "addresses", + 0x02 => "profanity", + 0x03 => "hostnames", + 0x04 => "usernames"); function ban_match($mask, $category) { ### Perform query: @@ -14,6 +18,8 @@ function ban_match($mask, $category) { } function ban_add($mask, $category, $reason, $message = "") { + global $index2type; + if (empty($mask)) { $message = "Failed: empty banmasks are not allowed.<P>\n"; } @@ -23,12 +29,24 @@ function ban_add($mask, $category, $reason, $message = "") { else { $result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')"); $message = "Added new ban with mask `$mask'.<P>\n"; + + ### Add log entry: + watchdog(1, "added new ban `$mask' to category `". $index2type[$category] ."' with reason `$reason'."); } } function ban_delete($id) { - ### Perform query: - $result = db_query("DELETE FROM bans WHERE id = $id"); + global $index2type; + + $result = db_query("SELECT * FROM bans WHERE id = $id"); + + if ($ban = db_fetch_object($result)) { + ### Perform query: + $result = db_query("DELETE FROM bans WHERE id = $id"); + + ### Deleted log entry: + watchdog(1, "removed ban `$ban->mask' from category `". $index2type[$ban->type] ."'."); + } } ?> diff --git a/config.inc b/config.inc index c923769f3..d51bef6bb 100644 --- a/config.inc +++ b/config.inc @@ -3,9 +3,15 @@ # # MySQL settings: # -$dbhost = "zind.net"; + +#$dbhost = "zind.net"; +#$dbuname = "dries"; +#$dbpass = "Abc123"; +#$dbname = "dries"; + +$dbhost = ""; $dbuname = "dries"; -$dbpass = "Abc123"; +$dbpass = "oakley"; $dbname = "dries"; # @@ -64,7 +70,7 @@ $anonymous = "Anonymous Chicken"; # # Default theme: # -$cfg_theme = "Dries"; +$cfg_theme = "UnConeD"; # # Submission moderation votes: diff --git a/discussion.php b/discussion.php index 4de067b46..90929ed84 100644 --- a/discussion.php +++ b/discussion.php @@ -14,7 +14,7 @@ function comments_kids ($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy $comments++; $link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>"; - $theme->comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link); + $theme->comment($comment->userid, stripslashes($comment->subject), stripslashes($comment->comment), $comment->timestamp, stripslashes($comment->url), stripslashes($comment->femail), $comment->score, $comment->cid, $link); comments_kids($comment->cid, $mode, $order, $thold, $level + 1, $dummy + 1); } @@ -133,7 +133,7 @@ function comments_reply($pid, $sid, $mode, $order, $thold) { ### Extract parent-information/data: if ($pid) { $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid")); - $theme->comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->femail, $item->score, $item->cid, "reply to this comment"); + $theme->comment($item->userid, stripslashes($item->subject), stripslashes($item->comment), $item->timestamp, stripslashes($item->url), stripslashes($item->femail), $item->score, $item->cid, "reply to this comment"); } else { $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid")); @@ -162,13 +162,13 @@ function comments_reply($pid, $sid, $mode, $order, $thold) { $output .= " <B>Subject:</B><BR>\n"; if (!eregi("Re:",$item->subject)) $item->subject = "Re: $item->subject"; // Only one 'Re:' will just do fine. ;) - $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"$item->subject\">\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($item->subject) ."\">\n"; $output .= "</P>\n"; ### Comment field: $output .= "<P>\n"; $output .= " <B>Comment:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">$user->signature</TEXTAREA><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". stripslashes($user->signature) ."</TEXTAREA><BR>\n"; $output .= "</P>\n"; ### Hidden fields: @@ -189,8 +189,8 @@ function comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold) global $anonymous, $user, $theme; ### Preview comment: - if ($user) $theme->comment("", $subject, $comment, time(), "", "", "na", "", "reply to this comment"); - else $theme->comment($user->userid, $subject, $comment, time(), $user->url, $user->femail, "na", "", "reply to this comment"); + if ($user) $theme->comment("", stripslashes($subject), stripslashes($comment), time(), "", "", "na", "", "reply to this comment"); + else $theme->comment($user->userid, stripslashes($subject), stripslashes($comment), time(), stripslashes($user->url), stripslashes($user->femail), "na", "", "reply to this comment"); ### Build reply form: $output .= "<FORM ACTION=\"discussion.php\" METHOD=\"post\">\n"; @@ -212,13 +212,13 @@ function comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold) ### Subject field: $output .= "<P>\n"; $output .= " <B>Subject:</B><BR>\n"; - $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"$subject\">\n"; + $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($subject) ."\">\n"; $output .= "</P>\n"; ### Comment field: $output .= "<P>\n"; $output .= " <B>Comment:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">$comment</TEXTAREA><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". stripslashes($comment) ."</TEXTAREA><BR>\n"; $output .= "</P>\n"; ### Hidden fields: @@ -12,7 +12,7 @@ <B>Temporary debug output:</B><BR> * STATUS...: <? echo $REDIRECT_STATUS; ?><BR> * URL......: <? echo $REDIRECT_URL; ?><BR> - * METHDOD..: <? echo $REQUEST_METHOD; ?><BR> + * METHOD...: <? echo $REQUEST_METHOD; ?><BR> <? switch($REDIRECT_STATUS) { @@ -34,6 +34,10 @@ default: $message = "unknown error"; } + + include "database.inc"; + include "log.inc"; + watchdog(3, "message: `$message' - requested url: $REDIRECT_URL - referring url: $HTTP_REFERER"); ?> <B>Processed output:</B><BR> @@ -10,7 +10,7 @@ $output = " The <I>Online Jargon Files</I> written by Eric Raymond define a FAQ as: <P><B>FAQ</B> /F-A-Q/ or /fak/ n.<BR>[Usenet] 1. A Frequently Asked Question. 2. A compendium of accumulated lore, posted periodically to high-volume newsgroups in an attempt to forestall such questions. Some people prefer the term FAQ list or FAQL /fa'kl/, reserving FAQ' for sense 1.</P> <P><B>RTFAQ</B> /R-T-F-A-Q/ imp.<BR>[Usenet: primarily written, by analogy with <A HREF=\"#RTFM\">RTFM</A>] Abbreviation for \"Read The FAQ!\", an exhortation that the person addressed ought to read the newsgroup's FAQ list before posting questions.</P> - <P><B><A NAME=\"RTFM\">RTFM</A></B> /R-T-F-M/ imp.<BR>[Unix] Abbreviation for \"Read The Fucking Manual\". 1. Used by gurus to brush off questions they consider trivial or annoying. 2. Used when reporting a problem to indicate that you aren't just asking out of randomness. \"No, I can't figure out how to interface Unix to my toaster, and yes, I have RTFM.\" Unlike sense 1, this use is considered polite.</P> + <P><B>RTFM</B> /R-T-F-M/ imp.<BR>[Unix] Abbreviation for \"Read The Fucking Manual\". 1. Used by gurus to brush off questions they consider trivial or annoying. 2. Used when reporting a problem to indicate that you aren't just asking out of randomness. \"No, I can't figure out how to interface Unix to my toaster, and yes, I have RTFM.\" Unlike sense 1, this use is considered polite.</P> <P><B>User</B> n.<BR>1. Someone doing `real work' with the computer, using it as a means rather than an end. Someone who pays to use a computer. 2. A programmer who will believe anything you tell him. One who asks silly questions. [GLS observes: This is slightly unfair. It is true that users ask questions (of necessity). Sometimes they are thoughtful or deep. Very often they are annoying or downright stupid, apparently because the user failed to think for two seconds or look in the documentation before bothering the maintainer.] 3. Someone who uses a program from the outside, however skillfully, without getting into the internals of the program. One who reports bugs instead of just going ahead and fixing them.</P> </DD> @@ -19,8 +19,11 @@ $output = " <DT><B><A NAME=\"moderation\">Why moderatiom, trust metrics and collaborative filtering?</A></B></DT> <DD>To help individuals and communities address the challenges of information overload.<P>As each new piece of information competes for attention, people quickly tend to become overwhelmed and seek assistance in identifying the most interesting, worthwhile, valuable or enteraining items. Not to mention the fact, reader-contributed content and other levels of interactivity tend to become chaotic, bloated and disreputable.<P>Therefore, we decided to develop a public system powered by a community that aims to bring quality content to everyone's attention and to filter out all junk: to <I>sort the wheat from the chaff</I>. The output should be something clean and homogenized featuring quality content, and should slide down the gullet far more easily. Another objective is to provide a customized service according to public and individual preferences, whether expressed or inferred.<P>Yes, you are right. It all sounds a bit idealistic, not to mention hypothetical. However, don't get this wrong: this isn't a new concept, various such systems exist nowadays (like <A HREF=\"http://slashdot.org/\">slashdot.org</A> or <A HREF=\"http://www.kuro5hin.org/\">kuro5hin.org</A>). We just happen to want our own system.<P>Last but not least we, the $sitename team, don't want the responsibility to manually review each post and to select the ones worthy. Systematic editing by individual editors is nice and dandy, if you get paid for it or if you have some time to kill. Afterall, we are not writers, critics nor reviewers for that matter; we are programmers, designers and technicians.<P></DD> - - <DT><B><A NAME=\"moderation\">How does submission moderation work?</A></B></DT> + + <DT><B>Isn't moderation elitist?</B></DT> + <DD>To some extent, yes. The system is not designed to allow totally open and unfiltered access. It is intended to create a good place for people who are interested in a topic to come together and communicate. You can't communicate over a noisy channel, so part of our job is to reduce the ability for malicious users to create noise.<P></DD> + + <DT><B>How does submission moderation work?</B></DT> <DD>under construction<P></DD> <DT><B>How does comment moderation work?</B></DT> diff --git a/function.inc b/function.inc new file mode 100644 index 000000000..9bc0f4605 --- /dev/null +++ b/function.inc @@ -0,0 +1,17 @@ +<? + +function plural($count, $one, $more) { + return ($count == 1) ? "$count $one" : "$count $more"; +} + +function username($username) { + include "config.inc"; + return ($username) ? $username : $anonymous; +} + +function discussion_num_replies($id, $count = 0) { + $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = $id"); + return ($result) ? mysql_result($result, 0) : 0; +} + +?>
\ No newline at end of file diff --git a/functions.inc b/functions.inc index 83476c9a2..340191345 100644 --- a/functions.inc +++ b/functions.inc @@ -1,27 +1,28 @@ <? include "user.class.php"; include "database.inc"; +include "log.inc"; session_start(); include "config.inc"; $functions = 1; +function id2story($id) { + ### Perform query: + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); + return db_fetch_object($result); +} + function dbsave($dbase, $data, $id=0) { foreach ($data as $key=>$value) { if ($key == "passwd") { $query .= "$key=PASSWORD('". addslashes($value) ."'), "; } else { $query .= "$key='". addslashes($value) ."', "; } } $query = substr($query, 0, -2); - dbconnect(); - if (!empty($id)) { mysql_query("UPDATE $dbase SET $query WHERE id=$id") or die(mysql_error()); return $id; } - else { mysql_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); } -} - -function dbconnect() { - include "config.inc"; - mysql_pconnect($dbhost, $dbuname, $dbpass) or die(mysql_Error()); - mysql_select_db("$dbname") or die ("Unable to select database"); + + if (!empty($id)) { db_query("UPDATE $dbase SET $query WHERE id=$id") or die(mysql_error()); return $id; } + else { db_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); } } function morelink_bytes($theme, $story) { @@ -96,12 +97,6 @@ function addRefer($url) { } } -function id2story($id) { - ### Perform query: - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); - return db_fetch_object($result); -} - function displayModerationResults($theme, $story) { global $user; @@ -121,7 +116,7 @@ function displayModerationResults($theme, $story) { function displayRelatedLinks($theme, $story) { ### Parse story for <A HREF="">-tags: - $text = "$story->abstract $story->updates $story->article"; + $text = stripslashes("$story->abstract $story->updates $story->article"); while ($text = stristr($text, "<A HREF=")) { $link = substr($text, 0, strpos(strtolower($text), "</a>") + 4); $text = stristr($text, "</A>"); @@ -195,7 +190,7 @@ function displayUserblock($theme) { global $user; if ($user && $user->ublockon) { - $content .= "<P ALIGN=\"right\">[ <A HREF=\"account.php?op=edithome\"><FONT COLOR=\"$theme->hlcolor2\">edit</FONT></A> | <A HREF=\"account.php?op=logout\"><FONT COLOR=\"$theme->hlcolor2\">logout</FONT></A> ]</P>"; + $content .= "<P ALIGN=\"right\">[ <A HREF=\"account.php?op=edithome\"><FONT COLOR=\"$theme->hlcolor2\">edit</FONT></A> | <A HREF=\"account.php?op=discussion\"><FONT COLOR=\"$theme->hlcolor2\">Track comments</FONT></A> | <A HREF=\"account.php?op=logout\"><FONT COLOR=\"$theme->hlcolor2\">logout</FONT></A>]</P>"; $theme->box("$user->userid's box", $user->content); } } @@ -224,28 +219,24 @@ function displayCalendar($theme, $date) { $theme->box("Browse archives", $calendar->display()); } -function displayAccountSettings($theme) { +function displayAccount($theme) { global $user; if ($user && $user->userid) { - ### Display account settings: - $content = "<LI><A HREF=\"account.php\">User info</A></LI>"; - $content .= "<LI><A HREF=\"account.php?op=user\">Edit user info</A></LI>"; - $content .= "<LI><A HREF=\"account.php?op=page\">Customize page</A></LI>"; - $content .= "<LI><A HREF=\"account.php?op=logout\">Logout</A></LI>"; - - $theme->box("$user->userid's account", "$content"); - } -} -function displayAccount($theme) { - global $user; - - include "submission.inc"; + function submission_number() { + $result = db_query("SELECT COUNT(id) FROM stories WHERE status = 1"); + return ($result) ? mysql_result($result, 0) : 0; + } - if ($user && $user->userid) { ### Display account settings: - $content .= "<LI><A HREF=\"submission.php\">moderate submissions</A> (<FONT COLOR=\"red\">". submission_count() ."</FONT>)</LI>"; + $content = "<LI><A HREF=\"account.php\">view your information</A></LI>"; + $content .= "<LI><A HREF=\"account.php?op=user\">edit your information</A></LI>"; + $content .= "<LI><A HREF=\"account.php?op=page\">customize your page</A></LI>"; + $content .= "<LI><A HREF=\"account.php?op=discussion\">track your comments</A></LI>"; + $content .= "<LI><A HREF=\"submission.php\">moderate submissions</A> (<FONT COLOR=\"red\">". submission_number() ."</FONT>)</LI>"; + $content .= "<LI><A HREF=\"account.php?op=logout\">logout</A></LI>"; + $theme->box("$user->userid's account", "$content"); } } @@ -39,13 +39,11 @@ function deletePoll($id) { - dbconnect(); $query = "DELETE FROM poll WHERE id = $id"; $result = mysql_query($query); } function enablePoll($id) { - dbconnect(); $query = "UPDATE poll SET status = 0 WHERE status = 1"; $result = mysql_query($query); @@ -54,13 +52,11 @@ function enablePoll($id) { } function disablePoll($id) { - dbconnect(); $query = "UPDATE poll SET status = 0 WHERE id = $id"; $result = mysql_query($query); } function castVote($vote) { - dbconnect(); $query = "SELECT * FROM poll WHERE status = 1"; $result = mysql_query($query); if ($poll = mysql_fetch_object($result)) { @@ -72,34 +68,28 @@ function castVote($vote) { } function addPoll($question, $answer1, $answer2, $answer3 = "", $answer4 = "", $answer5 = "", $answer6 = "") { - dbconnect(); $query = "INSERT INTO poll (question, answer1, answer2, answer3, answer4, answer5, answer6) VALUES ('$question', '$answer1', '$answer2', '$answer3', '$answer4', '$answer5', '$answer6')"; $result = mysql_query($query); } function updatePoll($id, $question, $answer1, $answer2, $answer3 = "", $answer4 = "", $answer5 = "", $answer6 = "") { - dbconnect(); $query = "UPDATE poll SET question = '$question', answer1 = '$answer1', answer2 = '$answer2', answer3 = '$answer3', answer4 = '$answer4', answer5 = '$answer5', answer6 = '$answer6' WHERE id = $id"; $result = mysql_query($query); } function getPoll($id) { - dbconnect(); $query = "SELECT * FROM poll WHERE id = $id"; $result = mysql_query($query); if ($poll = mysql_fetch_object($result)) return $poll; } function getActivePoll() { - dbconnect(); $query = "SELECT * FROM poll WHERE status = 1"; $result = mysql_query($query); if ($poll = mysql_fetch_object($result)) return $poll->id; } function getPollArray() { - dbconnect(); - $query = "SELECT * FROM poll"; $result = mysql_query($query); @@ -203,7 +193,6 @@ if (!$box) { } if ($section == "poll") { - include "authentication.inc"; if ($method == "add") { if ($admin) { addPoll($question, $answer1, $answer2, $answer3, $answer4, $answer5, $answer6); @@ -9,8 +9,6 @@ include "theme.inc"; $theme->header(); -dbconnect(); - /* function addRefer($url) { $query = "SELECT * FROM refer WHERE url = '$url'"; diff --git a/submission.inc b/submission.inc index 34e45844b..c1adcc9d8 100644 --- a/submission.inc +++ b/submission.inc @@ -20,7 +20,7 @@ function submission_vote($id, $vote, $comment) { db_query("UPDATE stories SET score = score $vote, votes = votes + 1 WHERE id = $id"); ### Update the comments (if required): - if ($comment) db_query("INSERT INTO comments (sid, subject, comment, hostname, timestamp) VALUES($id, '". addslashes(substr($comment, 0, 29)) ." ...', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')"); + if ($comment) db_query("INSERT INTO comments (sid, author, subject, comment, hostname, timestamp) VALUES($id, $user->id, '". addslashes(substr($comment, 0, 29)) ." ...', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')"); ### Update user's history record: $user->setHistory("s$id", "$vote"); // s = submission diff --git a/submit.php b/submit.php index a38f7dd24..e97c25537 100644 --- a/submit.php +++ b/submit.php @@ -40,7 +40,7 @@ function submit_enter() { $output .= "<P>\n"; $output .= " <B>Extended story:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"story\"></TEXTAREA><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\"></TEXTAREA><BR>\n"; $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; $output .= "</P>\n"; @@ -55,7 +55,7 @@ function submit_enter() { $theme->footer(); } -function submit_preview($subject, $abstract, $story, $category) { +function submit_preview($subject, $abstract, $article, $category) { global $anonymous, $categories, $theme, $user; $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n"; @@ -90,7 +90,7 @@ function submit_preview($subject, $abstract, $story, $category) { $output .= "<P>\n"; $output .= " <B>Extended story:</B><BR>\n"; - $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"story\">". stripslashes($story) ."</TEXTAREA><BR>\n"; + $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". stripslashes($article) ."</TEXTAREA><BR>\n"; $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n"; $output .= "</P>\n"; @@ -119,7 +119,7 @@ function submit_preview($subject, $abstract, $story, $category) { $output .= "</FORM>\n"; $theme->header(); - $theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($story), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes"); + $theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($article), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes"); $theme->box("Submit a story", $output); $theme->footer(); } @@ -140,6 +140,9 @@ function submit_submit($subject, $abstract, $article, $category) { $message = "New submission:\n\nsubject...: $subject\nauthor....: $user->userid <$user->email>\ncategory..: $category\nabstract..:\n$abstract\n\narticle...:\n$article"; mail($notify_email, "$notify_subject $subject", $message, "From: $notify_from\nX-Mailer: PHP/" . phpversion()); } + + ### Add log entry: + watchdog(1, "added new submission with subject `$subject'."); } include "functions.inc"; @@ -147,10 +150,10 @@ include "theme.inc"; switch($op) { case "Preview submission": - submit_preview($subject, $abstract, $story, $category); + submit_preview($subject, $abstract, $article, $category); break; case "Submit submission": - submit_submit($subject, $abstract, $story, $category); + submit_submit($subject, $abstract, $article, $category); break; default: submit_enter(); |