diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/comment.inc | 10 | ||||
| -rw-r--r-- | includes/common.inc | 20 | ||||
| -rw-r--r-- | includes/function.inc | 2 | ||||
| -rw-r--r-- | includes/hostname.conf | 12 | ||||
| -rw-r--r-- | includes/node.inc | 4 | ||||
| -rw-r--r-- | includes/search.inc | 2 | ||||
| -rw-r--r-- | includes/section.inc | 18 | ||||
| -rw-r--r-- | includes/theme.inc | 6 | ||||
| -rw-r--r-- | includes/variable.inc | 54 | ||||
| -rw-r--r-- | includes/watchdog.inc | 32 |
10 files changed, 96 insertions, 64 deletions
diff --git a/includes/comment.inc b/includes/comment.inc index 4e1a74f2c..23c79717a 100644 --- a/includes/comment.inc +++ b/includes/comment.inc @@ -124,6 +124,8 @@ function comment_preview($pid, $id, $subject, $comment) { function comment_post($pid, $id, $subject, $comment) { global $theme, $user; + throttle("post comment", variable_get(max_comment_rate, 60)); + // Check for duplicate comments: $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$pid' AND lid = '$id' AND subject = '$subject' AND comment = '$comment'"), 0); @@ -135,7 +137,7 @@ function comment_post($pid, $id, $subject, $comment) { $subject = ($subject) ? $subject : substr($comment, 0, 29); // Add watchdog entry: - watchdog("comment", "comment: added '$subject'"); + watchdog("special", "comment: added '$subject'"); // Add comment to database: db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('$id', '$pid', '$user->id', '$subject', '$comment', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')"); @@ -281,9 +283,9 @@ function comment_render($lid, $cid) { // Pre-process variables: $lid = empty($lid) ? 0 : $lid; $cid = empty($cid) ? 0 : $cid; - $mode = ($user->id) ? $user->mode : variable_get("default_comment_mode", 4); - $order = ($user->id) ? $user->sort : variable_get("default_comment_order", 1); - $threshold = ($user->id) ? $user->threshold : variable_get("default_comment_threshold", 3); + $mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4); + $order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1); + $threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3); if ($user->id) { // Comment control: diff --git a/includes/common.inc b/includes/common.inc index 3dece2c39..81127c22c 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -9,12 +9,30 @@ function conf_init() { return $file; } +function watchdog($type, $message) { + global $user, $watchdog, $PHP_SELF; + $link = ($mod) ? $mod : substr(strrchr($PHP_SELF, "/"), 1, strrchr($PHP_SELF, "/") - 4); + db_query("INSERT INTO watchdog (user, type, link, message, location, hostname, timestamp) VALUES ('$user->id', '". check_input($type) ."', '". check_input($link) ."', '". check_input($message) ."', '". check_input(getenv("REQUEST_URI")) ."', '". check_input(getenv("REMOTE_ADDR")) ."', '". time() ."')"); +} + +function throttle($type, $rate) { + if (!(user_access($user, "watchdog") || user_access($user, "comment") || user_access($user, "node"))) { + if ($throttle = db_fetch_object(db_query("SELECT * FROM watchdog WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) { + watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type"); + header("Location: error.php?op=throttle"); + exit(); + } + else { + watchdog($type, "throttle control"); + } + } +} + $conf = conf_init(); include_once "includes/$conf.conf"; include_once "includes/database.inc"; include_once "includes/variable.inc"; -include_once "includes/watchdog.inc"; include_once "includes/function.inc"; include_once "includes/comment.inc"; include_once "includes/module.inc"; diff --git a/includes/function.inc b/includes/function.inc index 809fd4ed9..00a4a14f7 100644 --- a/includes/function.inc +++ b/includes/function.inc @@ -81,7 +81,7 @@ function format_date($timestamp, $type = "medium") { function format_username($username) { global $user; if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>"); - else { global $anonymous; return $anonymous; } + else return variable_get(anonymous, "Anonymous"); } function format_email($address) { diff --git a/includes/hostname.conf b/includes/hostname.conf index 871110493..1c2528323 100644 --- a/includes/hostname.conf +++ b/includes/hostname.conf @@ -9,13 +9,6 @@ $db_pass = "password"; $db_name = "database"; # -# Administrative information -# -$site_name = "site name"; -$site_url = "http://yourdomain.com/"; // add a trailing slash -$site_email = "info@yourdomain.com"; - -# # Comment votes: # The keys of this associative array are displayed in each comment's selection box whereas the corresponding values represent the mathematical calculation to be performed to update a comment's value. # @@ -34,11 +27,6 @@ $comment_votes = array("none" => "none", $allowed_html = "<A><B><BLOCKQUOTE><CODE><DD><DL><DT><EM><HR><I><LI><SMALL><OL><U><UL>"; # -# Name for anonymous users: -# -$anonymous = "Anonymous Chicken"; - -# # Themes: # The first theme listed in this associative array will automatically become the default theme. # diff --git a/includes/node.inc b/includes/node.inc index 462fc7a47..75b1fdc8c 100644 --- a/includes/node.inc +++ b/includes/node.inc @@ -52,7 +52,7 @@ function node_save($node) { if ($u1 = implode(", ", $u1)) db_query("UPDATE node SET $u1 WHERE nid = '$node[nid]'"); if ($u2 = implode(", ", $u2)) db_query("UPDATE $n->type SET $u2 WHERE nid = '$node[nid]'"); - if ($n->pid && ($node[status] == $status[posted])) db_query("UPDATE node SET status = '$status[expired]' WHERE nid = '$node[pid]'"); + if ($n->pid && ($node[status] == $status[posted])) db_query("UPDATE node SET status = '$status[expired]' WHERE nid = '$n->pid'"); watchdog("message", "node: modified '$n->title'"); } @@ -63,6 +63,8 @@ function node_save($node) { watchdog("warning", "node: duplicate '$node[title]'"); } else { + throttle("post node", variable_get(max_node_rate, 900)); + // setup default values: $node = array_merge(array(title => "?", author => $user->id, type => "?", pid => 0, log => "node created", status => $status[queued], score => 0, votes => 0, timestamp => time()), $node); diff --git a/includes/search.inc b/includes/search.inc index cf47ebda8..851bc3a3a 100644 --- a/includes/search.inc +++ b/includes/search.inc @@ -15,7 +15,7 @@ function search_data($keys, $type) { foreach ($result as $entry) { $output .= "<P>\n"; $output .= " <B><U><A HREF=\"$entry[link]\">$entry[title]</A></U></B><BR>"; - $output .= " <SMALL>$site_url$entry[link]". ($entry[user] ? " - ". format_username($entry[user]) : "") ."". ($entry[date] ? " - ". format_date($entry[date], "small") : "") ."</SMALL>"; + $output .= " <SMALL>$entry[link]". ($entry[user] ? " - ". format_username($entry[user]) : "") ."". ($entry[date] ? " - ". format_date($entry[date], "small") : "") ."</SMALL>"; $output .= "</P>\n"; } } diff --git a/includes/section.inc b/includes/section.inc index c816818d4..ad25b179c 100644 --- a/includes/section.inc +++ b/includes/section.inc @@ -7,19 +7,19 @@ function section_get() { return $array; } -function section_post_threshold($section, $threshold = 5) { - $result = db_query("SELECT post FROM sections WHERE name = '". check_input($section) ."'"); - return ($result) ? db_result($result, 0) : $threshold; +function section_post_threshold($section, $default) { + $section = db_fetch_object(db_query("SELECT post AS threshold FROM sections WHERE name = '". check_input($section) ."'")); + return $section->threshold ? $section->threshold : $default; } -function section_dump_threshold($section, $threshold = - 3) { - $result = db_query("SELECT dump FROM sections WHERE name = '". check_input($section) ."'"); - return ($result) ? db_result($result, 0) : $threshold; +function section_dump_threshold($section, $default) { + $section = db_fetch_object(db_query("SELECT dump AS threshold FROM sections WHERE name = '". check_input($section) ."'")); + return $section->threshold ? $section->threshold : $default; } -function section_timout_threshold($section, $threshold = 10) { - $result = db_query("SELECT timout FROM sections WHERE name = '". check_input($section) ."'"); - return ($result) ? db_result($result, 0) : $threshold; +function section_timout_threshold($section, $default) { + $section = db_fetch_object(db_query("SELECT timout AS threshold FROM sections WHERE name = '". check_input($section) ."'")); + return $section->threshold ? $section->threshold : $default; } ?>
\ No newline at end of file diff --git a/includes/theme.inc b/includes/theme.inc index ad2bbeebb..c973868b4 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -28,7 +28,7 @@ function theme_menu($name, $module) { } function theme_account($theme) { - global $user, $site_name, $links, $menu; + global $user, $links, $menu; if ($user->id) { @@ -38,7 +38,7 @@ function theme_account($theme) { // Display account settings: $content .= "<LI><A HREF=\"account.php?op=track&topic=comments\">". t("track your comments") ."</A></LI>\n"; $content .= "<LI><A HREF=\"account.php?op=track&topic=nodes\">". t("track your nodes") ."</A></LI>\n"; - $content .= "<LI><A HREF=\"account.php?op=track&topic=site\">". strtr(t("track %a"), array("%a" => $site_name)) ."</A></LI>\n"; + $content .= "<LI><A HREF=\"account.php?op=track&topic=site\">". strtr(t("track %a"), array("%a" => variable_get(site_name, "drupal"))) ."</A></LI>\n"; $content .= "<P>\n"; $content .= "<LI><A HREF=\"account.php?op=edit&topic=user\">". t("edit your information") ."</A></LI>\n"; $content .= "<LI><A HREF=\"account.php?op=edit&topic=site\">". t("edit your preferences") ."</A></LI>\n"; @@ -46,7 +46,7 @@ function theme_account($theme) { $content .= "<P>\n"; if (user_access($user)) { - $content .= "<LI><A HREF=\"admin.php\">administer ". $site_name ."</A></LI>\n"; + $content .= "<LI><A HREF=\"admin.php\">administer ". variable_get(site_name, "drupal") ."</A></LI>\n"; $content .= "<P>\n"; } diff --git a/includes/variable.inc b/includes/variable.inc new file mode 100644 index 000000000..20beb5efd --- /dev/null +++ b/includes/variable.inc @@ -0,0 +1,54 @@ +<?php + +function variable_init($conf = array()) { + $result = db_query("SELECT * FROM variable"); + while ($variable = db_fetch_object($result)) $conf[$variable->name] = $variable->value; + return $conf; +} + +function handler_post_threshold($node, $default) { + if ($node->type) { + $function = $node->type ."_post_threshold"; + return $function($node, $default); + } + else { + return $default; + } +} + +function handler_dump_threshold($node, $default) { + if ($node->type) { + $function = $node->type ."_dump_threshold"; + return $function($node, $default); + } + else { + return $default; + } +} + +function handler_timout_threshold($node, $default) { + if ($node->type) { + $function = $node->type ."_timout_threshold"; + return $function($node, $default); + } + else { + return $default; + } +} + +function variable_get($name, $default, $object = 0) { + global $conf; + + switch ($name) { + case "post_threshold": + return handler_post_threshold($object, $default); + case "dump_threshold": + return handler_dump_threshold($object, $default); + case "timout_threshold": + return handler_timout_threshold($object, $default); + default: + return ($conf[$name] ? $conf[$name] : $default); + } +} + +?>
\ No newline at end of file diff --git a/includes/watchdog.inc b/includes/watchdog.inc deleted file mode 100644 index 9b28f3904..000000000 --- a/includes/watchdog.inc +++ /dev/null @@ -1,32 +0,0 @@ -<?php - -$watchdog = array("comment" => array("0", variable_get("max_comment_rate", 60)), - "node" => array("1", variable_get("max_node_rate", 900)), - "message" => array("3", "0"), - "warning" => array("4", "0"), - "error" => array("5", "0")); - -function watchdog($id, $message) { - global $user, $watchdog, $watchdog_history; - - // flood protection: - if ($watchdog[$id][1] && !user_access($user, "watchdog")) { - if ($log = db_fetch_object(db_query("SELECT * FROM watchdog WHERE hostname = '". getenv("REMOTE_ADDR") ."' AND level = '". $watchdog[$id][0] ."'"))) { - if (time() - $log->timestamp < $watchdog[$id][1]) { - watchdog("warning", "'". getenv("REMOTE_ADDR") ."' exceeded '$id' submission rate"); - header("Location: error.php?op=flood"); - exit(); - } - } - } - - // perform query to add new watchdog entry: - db_query("INSERT INTO watchdog (level, timestamp, user, message, location, hostname) VALUES ('". $watchdog[$id][0] ."', '". time() ."', '". check_input($user->id) ."', '". check_input(check_output($message)) ."', '". check_input(getenv("REQUEST_URI")) ."', '". check_input(getenv("REMOTE_ADDR")) ."')"); -} - -function watchdog_clean($history = 302400) { - $timestamp = time() - $history; - db_query("DELETE FROM watchdog WHERE timestamp < $timestamp"); -} - -?> |