8 files changed, 93 insertions, 79 deletions

diff --git a/includes/admin.inc b/includes/admin.inc
index 08c8642c4..2d13c7c17 100644
--- a/includes/admin.inc
+++ b/includes/admin.inc
@@ -8,12 +8,12 @@ function admin_icon($name) {
 }
 
 function admin_header() {
-  global $sitename, $section;
+  global $site_name, $section;
 
  ?>
   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <HTML>
-   <HEAD><TITLE><? echo $sitename; ?> administration center</TITLE></HEAD>
+   <HEAD><TITLE><? echo $site_name; ?> administration center</TITLE></HEAD>
    <STYLE>
     body    { font-family: helvetica, arial; }
     h1      { font-size: 14pt; font-weight: bold; color: #006699; }
@@ -24,7 +24,7 @@ function admin_header() {
    </STYLE>
    <BODY BGCOLOR="#FFFFFF" LINK="#006699" VLINK="#004499" ALINK="#FF0000">
    <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="2" WIDTH="780">
-    <TR><TD COLSPAN="10"><H1><? echo "$sitename"; ?> administration center</H1></TD></TR>
+    <TR><TD COLSPAN="10"><H1><? echo "$site_name"; ?> administration center</H1></TD></TR>
     <TR><TD BGCOLOR="#000000" COLSPAN="10" WIDTH="100%"><IMG SRC="images/pixel.gif" WIDTH="1" HEIGHT="1" ALT=""></TD></TR>
     <TR>
      <?
@@ -67,4 +67,4 @@ function admin_footer() {
  <?
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/includes/ban.inc b/includes/ban.inc
index 1d9fa095e..8a4045945 100644
--- a/includes/ban.inc
+++ b/includes/ban.inc
@@ -31,7 +31,7 @@ function ban_add($mask, $category, $reason, $message = "") {
     $message = "Added new ban with mask `$mask'.<P>\n";
 
     ### Add log entry:
-    watchdog(1, "added new ban `$mask' to category `". $index2type[$category] ."' with reason `$reason'.");
+    watchdog("message", "added new ban `$mask' to category `". $index2type[$category] ."' with reason `$reason'.");
   }
 }
   
@@ -45,7 +45,7 @@ function ban_delete($id) {
     $result = db_query("DELETE FROM bans WHERE id = $id");
 
     ### Deleted log entry:
-    watchdog(1, "removed ban `$ban->mask' from category `". $index2type[$ban->type] ."'.");
+    watchdog("message", "removed ban `$ban->mask' from category `". $index2type[$ban->type] ."'.");
   }
 }
 
diff --git a/includes/config.inc b/includes/config.inc
index 15b1c719a..80ee2dc74 100644
--- a/includes/config.inc
+++ b/includes/config.inc
@@ -1,45 +1,33 @@
 <?
 
 #
-# MySQL settings:
+# Database settings:
 #
 
-### http://www.drop.org/:
-#$dbhost = "zind.net";
-#$dbuname = "droporg";
-#$dbpass = "DropIes";
-#$dbname = "droporg";
+### host: "http://www.drop.org/":
+#$db_host = "zind.net";
+#$db_uname = "droporg";
+#$db_pass = "DropIes";
+#$db_name = "droporg";
 
-### http://beta.drop.org/:
-$dbhost = "zind.net";
-$dbuname = "dries";
-$dbpass = "Abc123";
-$dbname = "dries";
+### host: "http://beta.drop.org/":
+#$db_host = "zind.net";
+#$db_uname = "dries";
+#$db_pass = "Abc123";
+#$db_name = "dries";
 
-### http://dione/:
-#$dbhost = "";
-#$dbuname = "dries";
-#$dbpass = "oakley";
-#$dbname = "dries";
+### host: "http://localhost/":
+$db_host = "";
+$db_uname = "dries";
+$db_pass = "oakley";
+$db_name = "dries";
 
 #
-# Name of the site
+# Administrative information
 #
-$sitename = "drop.org";
-$siteurl  = "http://www.drop.org/";
-
-#
-# Contact information:
-#  The contact information will be used to send out automated mails
-#  to users, account holders or visitors.
-$contact_email = "droppies@drop.org";
-
-#
-# Notify:
-#   Set to '1' to receive an e-mail when news has been submitted
-#   through submit.php
-#
-$notify = 0;
+$site_name = "drop.org";
+$site_url  = "http://www.drop.org/";
+$site_email = "droppies@drop.org";
 
 #
 # Notify information:
@@ -55,13 +43,13 @@ $notify_from    = "droppies@drop.org";
 # Comment meta reasons:
 #
 $comment_votes = array("none" => "none", 
-                       "-1" => "- 1", 
-                       "0" => "+ 0",
-                       "+1" => "+ 1",
-                       "+2" => "+ 2",
-                       "+3" => "+ 3", 
-                       "+4" => "+ 4", 
-                       "+5" => "+ 5");
+                       "-1"   => "- 1", 
+                       "0"    => "+ 0",
+                       "+1"   => "+ 1",
+                       "+2"   => "+ 2",
+                       "+3"   => "+ 3", 
+                       "+4"   => "+ 4", 
+                       "+5"   => "+ 5");
 
 #
 # Categories:
@@ -94,10 +82,10 @@ $anonymous = "Anonymous Chicken";
 #   the first theme listed in the associative array `$themes' will 
 #   automatically become the default theme.
 #
-$themes = array("Marvin" => array(
+$themes = array("Marvin"  => array(
                    "themes/marvin/marvin.theme", 
                    "classic theme, white, basic design with a fresh look"),
-                "Zaphod" => array(
+                "Zaphod"  => array(
                    "themes/zaphod/zaphod.theme", 
                    "classis theme, yellow, structured, advanced navigation"),
 		"UnConeD" => array(
@@ -117,8 +105,30 @@ $submission_votes = array("neutral (+0)" => "+ 0",
 
 #
 # Submission moderation thresholds:
-#
+#   registered users can vote whether they think the story should
+#   be posted or not.  When enough people vote to post a story, the 
+#   story is pushed over the threshold and up it goes on the public 
+#   page.  On the other hand, when too many people voted to drop a 
+#   story, the story will get trashed.
 $submission_post_threshold = "3";
 $submission_dump_threshold = "-2";
 
+#
+# Submission rate:
+#
+$submission_rate = array("comment" => "60",     //  60 seconds = 1 minute
+                         "diary"   => "300",    // 300 seconds = 5 minutes
+                         "story"   => "300");   // 300 seconds = 5 minutes
+#
+# Submission size:
+#  the maximum length in characters a submission (story, diary, 
+#  comment) is allowed to be.
+#
+$submission_size = 6000;
+
+#
+# Watchdog history:
+#
+$watchdog_history = 604800;   // 604800 seconds = 1 week
+
 ?>
diff --git a/includes/database.inc b/includes/database.inc
index 843cb270a..6a81b003a 100644
--- a/includes/database.inc
+++ b/includes/database.inc
@@ -8,28 +8,21 @@
  */
 
 function db_connect() {
-  global $dbhost, $dbuname, $dbpass, $dbname;
-  mysql_pconnect($dbhost, $dbuname, $dbpass) or die(mysql_Error());
-  mysql_select_db($dbname) or die ("Unable to select database");
+  global $db_host, $db_uname, $db_pass, $db_name;
+  mysql_pconnect($db_host, $db_uname, $db_pass) or die(mysql_Error());
+  mysql_select_db($db_name) or die ("Unable to select database");
    // NOTE: we are using a persistent connection!
 }
 
-function db_insert($query, $debug = false) {
-  // NOTE:
-  //   add spam- and/or flood-checks
-
-  db_query($query, $debug);
-}
-
 function db_query($query, $debug = false) {
-  ### perform query:
+  // perform query:
   $qid = mysql_query($query);
 
-  ### debug output (if required):
-  if ($debug || empty($qid)) print "<PRE>query: ". htmlspecialchars($query) ."<BR>error message: ". mysql_error() ."</PRE>";
-  if (empty($qid)) watchdog(3, "error: ". mysql_error() ."<BR>query: ". htmlspecialchars($query) ."");
+  // debug output (if required):
+  if ($debug) print "<PRE>query: ". htmlspecialchars($query) ."<BR>error message: ". mysql_error() ."</PRE>";
+  if (!$qid) watchdog("error", "database: ". mysql_error() ."<BR>query: ". htmlspecialchars($query) ."");
  
-  ### return result from query: 
+  // return result from query: 
   return $qid;
 }
 
@@ -58,4 +51,4 @@ function db_result($qid, $field) {
 #
 db_connect();
 
-?>
\ No newline at end of file
+?>
diff --git a/includes/function.inc b/includes/function.inc
index 0215955d0..3c3cd3afe 100644
--- a/includes/function.inc
+++ b/includes/function.inc
@@ -23,8 +23,8 @@ function check_field($message) {
 }
 
 function check_input($message) {
-  global $allowed_html;
-  return strip_tags(addslashes($message), $allowed_html);
+  global $allowed_html, $submission_size;
+  return strip_tags(addslashes(substr($message, 0, $submission_size)), $allowed_html);
 }
 
 function check_output($message, $nl2br = 0) {
diff --git a/includes/submission.inc b/includes/submission.inc
index 23f608f7d..297bb0294 100644
--- a/includes/submission.inc
+++ b/includes/submission.inc
@@ -28,14 +28,14 @@ function submission_vote($id, $vote, $comment) {
     if ($submission = db_fetch_object($result)) {
       if ($submission->score >= $submission_post_threshold) {
         db_query("UPDATE stories SET status = 2, timestamp = '". time() ."' WHERE id = $id");
-        watchdog(1, "posted story `$submission->subject'");
+        watchdog("message", "posted story `$submission->subject'");
       }
       if ($submission->score <= $submission_dump_threshold) {
         db_query("UPDATE stories SET status = 0, timestamp = '". time() ."' WHERE id = $id");
-        watchdog(1, "dumped story `$submission->subject'");
+        watchdog("message", "dumped story `$submission->subject'");
       }
     }
   }
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/includes/user.inc b/includes/user.inc
index 62e5547be..0db582121 100644
--- a/includes/user.inc
+++ b/includes/user.inc
@@ -1,9 +1,5 @@
 <?
 
-$permissions = array("Administrator"	=> 0x00000001,
-		"User manager"	=> 0x00000002,
-		"News manager"	=> 0x00000004);
-
 class User {
   function User($userid, $passwd = "") {
     $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2");
diff --git a/includes/watchdog.inc b/includes/watchdog.inc
index efc4b4618..78e481fd9 100644
--- a/includes/watchdog.inc
+++ b/includes/watchdog.inc
@@ -1,15 +1,30 @@
 <?
 
+$watchdog = array("comment" => array("0", $submission_rate["comment"]),
+                  "diary"   => array("1", $submission_rate["diary"]),
+                  "story"   => array("2", $submission_rate["story"]),
+                  "message" => array("3", "0"),
+                  "warning" => array("4", "0"),
+                  "error"   => array("5", "0"));
 
-function watchdog($level, $message) {
-  global $user;
+function watchdog($id, $message) {
+  global $user, $watchdog, $watchdog_history;
 
-  ### Perform query to add new log entry:
-  db_query("INSERT INTO watchdog (level, timestamp, user, message, location, hostname) VALUES ($level, '". time() ."', '". addslashes($user->id) ."', '". addslashes($message) ."', '". getenv("SCRIPT_NAME") ."', '". getenv("REMOTE_ADDR") ."')");
+  if ($watchdog[$id][1]) {
+    if ($log = db_fetch_object(db_query("SELECT * FROM watchdog WHERE hostname = '". getenv("REMOTE_ADDR") ."' AND level = '". $watchdog[$id][0] ."'"))) {
+      if (time() - $log->timestamp < $watchdog[$id][1]) { 
+        watchdog("warning", "'". getenv("REMOTE_ADDR") ."' exceeded '$id' submission rate"); 
+        // header("Location: error.php");
+      }
+    }
+  }
+
+  // Perform query to add new watchdog entry:
+  db_query("INSERT INTO watchdog (level, timestamp, user, message, location, hostname) VALUES ('". $watchdog[$id][0] ."', '". time() ."', '". check_input($user->id) ."', '". check_input($message) ."', '". check_input(getenv("REQUEST_URI")) ."', '". check_input(getenv("REMOTE_ADDR")) ."')");
 
-  ### Periodically remove old log entries:
+  // Periodically remove old watchdog entries:
   if (time() % 20 == 0) {
-    $timestamp = time() - 1209600; // 2 weeks
+    $timestamp = time() - $watchdog_history;
     db_query("DELETE FROM watchdog WHERE timestamp < $timestamp");
   }
 }