diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/comment.inc | 24 | ||||
| -rw-r--r-- | includes/common.inc | 16 | ||||
| -rw-r--r-- | includes/hostname.conf | 1 | ||||
| -rw-r--r-- | includes/module.inc | 10 | ||||
| -rw-r--r-- | includes/story.inc | 5 | ||||
| -rw-r--r-- | includes/submission.inc | 4 | ||||
| -rw-r--r-- | includes/theme.inc | 11 | ||||
| -rw-r--r-- | includes/user.inc | 29 | ||||
| -rw-r--r-- | includes/watchdog.inc | 5 |
9 files changed, 70 insertions, 35 deletions
diff --git a/includes/comment.inc b/includes/comment.inc index 6e39ee2ba..4f9ee3ac5 100644 --- a/includes/comment.inc +++ b/includes/comment.inc @@ -8,7 +8,7 @@ if (strstr($id, " ") || strstr($pid, " ") || strstr($lid, " ") || strstr($mode, $cmodes = array(1 => "List - min", 2 => "List - max", 3 => "Threaded - min", 4 => "Threaded - max"); $corder = array(1 => "Date - new", 2 => "Date - old", 3 => "Rate - high", 4 => "Rate - low"); -$link = ($mod) ? $mod : substr($PHP_SELF, 1, strlen($PHP_SELF) - 5); +$link = ($mod) ? $mod : substr(strrchr($PHP_SELF, "/"), 1, strrchr($PHP_SELF, "/") - 4); class Comment { function Comment($userid, $subject, $comment, $timestamp, $url, $fake_email, $score, $votes, $cid, $lid) { @@ -32,12 +32,12 @@ function comment_moderate($moderate) { $none = $comment_votes[key($comment_votes)]; foreach ($moderate as $id=>$vote) { - if ($vote != $comment_votes[$none] && !user_getHistory($user->history, "c$id")) { + if ($vote != $comment_votes[$none] && !user_get_history($user->history, "c$id")) { // Update the comment's score: $result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id"); // Update the user's history: - user_setHistory($user, "c$id", $vote); + user_set_history("c$id", $vote); } } } @@ -54,7 +54,7 @@ function comment_settings($mode, $order, $threshold) { } function comment_reply($pid, $id) { - global $allowed_html, $link, $theme, $user; + global $allowed_html, $link, $REQUEST_URI, $theme, $user; // Extract parent-information/data: if ($pid) { @@ -70,7 +70,7 @@ function comment_reply($pid, $id) { } // Build reply form: - $output .= "<FORM ACTION=\"". comment_uri() ."\" METHOD=\"post\">\n"; + $output .= "<FORM ACTION=\"$REQUEST_URI\" METHOD=\"post\">\n"; // Name field: $output .= "<P>\n"; @@ -105,13 +105,13 @@ function comment_reply($pid, $id) { } function comment_preview($pid, $id, $subject, $comment) { - global $allowed_html, $link, $theme, $user; + global $allowed_html, $link, $REQUEST_URI, $theme, $user; // Preview comment: $theme->comment(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, 0, 0, 0, 0), "reply to this comment"); // Build reply form: - $output .= "<FORM ACTION=\"". comment_uri() ."\" METHOD=\"post\">\n"; + $output .= "<FORM ACTION=\"$REQUEST_URI\" METHOD=\"post\">\n"; // Name field: $output .= "<P>\n"; @@ -160,7 +160,6 @@ function comment_post($pid, $id, $subject, $comment) { if ($duplicate != 0) { watchdog("error", "comment: attempt to insert duplicate comment"); - $theme->box("duplicate comment", "duplicate comment: $duplicate"); } else { // Validate subject: @@ -171,9 +170,6 @@ function comment_post($pid, $id, $subject, $comment) { // Add comment to database: db_query("INSERT INTO comments (link, lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($link) ."', $id, $pid, '$user->id', '". check_input($subject) ."', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')"); - - // Compose header: - header("Location: ". comment_uri("id=$id")); } } @@ -203,7 +199,7 @@ function comment_moderation($comment) { if ($op == "reply") { $output .= " "; } - else if ($user->id && $user->userid != $comment->userid && !user_getHistory($user->history, "c$comment->cid")) { + else if ($user->id && $user->userid != $comment->userid && !user_get_history($user->history, "c$comment->cid")) { $output .= "<SELECT NAME=\"moderate[$comment->cid]\">\n"; foreach ($comment_votes as $key=>$value) $output .= " <OPTION VALUE=\"$value\">$key</OPTION>\n"; $output .= "</SELECT>\n"; @@ -282,8 +278,8 @@ function comment_uri($args = 0) { function comment_link($comment, $return = 1) { global $link, $theme; - if ($return) return "<A HREF=\"". comment_uri("id=$comment->lid#$comment->cid") ."\"><FONT COLOR=\"$theme->hlcolor2\">return</FONT></A> | <A HREF=\"". comment_uri("op=reply&id=$comment->lid&pid=$comment->cid") ."\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>"; - else return "<A HREF=\"". comment_uri("op=reply&id=$comment->lid&pid=$comment->cid") ."\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>"; + if ($return) return "<A HREF=\"". comment_uri("id=$comment->lid#$comment->cid") ."\"><FONT COLOR=\"$theme->link\">return</FONT></A> | <A HREF=\"". comment_uri("op=reply&id=$comment->lid&pid=$comment->cid") ."\"><FONT COLOR=\"$theme->link\">reply to this comment</FONT></A>"; + else return "<A HREF=\"". comment_uri("op=reply&id=$comment->lid&pid=$comment->cid") ."\"><FONT COLOR=\"$theme->link\">reply to this comment</FONT></A>"; } function comment_comment($comment, $folded = 0) { diff --git a/includes/common.inc b/includes/common.inc index 392fc474b..f5ebc09d6 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1,7 +1,17 @@ <? -$cf = strtr($HTTP_HOST ."". substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")), "/:", ".."); -include_once "includes/$cf.conf"; +function conf_load() { + global $HTTP_HOST, $REQUEST_URI; + $file = strtr($HTTP_HOST ."". substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")), "/:", ".."); + while ($file && !file_exists("includes/$file.conf")) { + $file = substr($file, 0, strrpos($file, ".")); + } + return $file; +} + +$conf = conf_load(); + +include_once "includes/$conf.conf"; include_once "includes/database.inc"; include_once "includes/watchdog.inc"; include_once "includes/function.inc"; @@ -10,7 +20,7 @@ include_once "includes/locale.inc"; include_once "includes/theme.inc"; include_once "includes/user.inc"; -session_start(); +user_load(); $theme = theme_load(); diff --git a/includes/hostname.conf b/includes/hostname.conf index 62e4ae02a..e9b597b2e 100644 --- a/includes/hostname.conf +++ b/includes/hostname.conf @@ -16,7 +16,6 @@ $site_name = "site name"; $site_url = "http://yourdomain.com/"; $site_email = "info@yourdomain.com"; - # # Comment votes: # the keys of this associative array are displayed in each diff --git a/includes/module.inc b/includes/module.inc index 6c11a358d..c339ee8f7 100644 --- a/includes/module.inc +++ b/includes/module.inc @@ -24,12 +24,18 @@ function module_rehash_crons($name, $module) { } function module_rehash_blocks($name, $module) { - db_query("DELETE FROM blocks WHERE module = '$name'"); + db_query("UPDATE blocks SET remove = '1' WHERE module = '$name'"); if ($module["block"] && $blocks = $module["block"]()) { foreach ($blocks as $offset=>$block) { - db_query("INSERT INTO blocks (name, module, offset) VALUES ('". check_input($block["info"]) ."', '". check_input($name) ."', '". check_input($offset) ."')"); + if (!db_fetch_object(db_query("SELECT * FROM blocks WHERE module = '$name' AND name = '". check_input($block["info"]) ."'"))) { + db_query("INSERT INTO blocks (name, module, offset) VALUES ('". check_input($block["info"]) ."', '". check_input($name) ."', '". check_input($offset) ."')"); + } + else { + db_query("UPDATE blocks SET offset = '". check_input($offset) ."', remove = '0' WHERE module = '$name' AND name = '". check_input($block["info"]) ."'"); + } } } + db_query("DELETE FROM blocks WHERE module = '$name' AND remove = '1'"); } function module_rehash($name) { diff --git a/includes/story.inc b/includes/story.inc index 2ec39ca16..a1ba62796 100644 --- a/includes/story.inc +++ b/includes/story.inc @@ -11,4 +11,9 @@ class Story { } } +function story_visible($story) { + global $user; + return ($story->status == 1 && $user->id) || ($story->status == 2) || user_permission(); +} + ?>
\ No newline at end of file diff --git a/includes/submission.inc b/includes/submission.inc index 2b3cf7ebd..78027c109 100644 --- a/includes/submission.inc +++ b/includes/submission.inc @@ -13,7 +13,7 @@ function submission_score($id) { function submission_vote($id, $vote, $comment) { global $user; - if (!user_getHistory($user->history, "s$id")) { + if (!user_get_history($user->history, "s$id")) { // Update submission's score- and votes-field: db_query("UPDATE stories SET score = score $vote, votes = votes + 1 WHERE id = $id"); @@ -24,7 +24,7 @@ function submission_vote($id, $vote, $comment) { } // Update user's history record: - user_setHistory($user, "s$id", $vote); + user_set_history("s$id", $vote); // Update story table (if required): $result = db_query("SELECT * FROM stories WHERE id = $id"); diff --git a/includes/theme.inc b/includes/theme.inc index f46c29e0b..e54de391c 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -41,7 +41,7 @@ function theme_account($theme) { $content .= "<LI><A HREF=\"account.php?op=edit&topic=content\">edit site content</A></LI>\n"; $content .= "<P>\n"; - if (($user->id) && ($user->permissions == 1 || $user->id == 1)) { + if (user_permission($user)) { $content .= "<LI><A HREF=\"admin.php\">administer ". $site_name ."</A></LI>\n"; $content .= "<P>\n"; } @@ -91,16 +91,16 @@ function theme_blocks($region, $theme) { } function theme_morelink($theme, $story) { - return ($story->article) ? "[ <A HREF=\"story.php?id=$story->id\"><FONT COLOR=\"$theme->hlcolor2\"><B>read more</B></FONT></A> | ". strlen($story->article) ." bytes | <A HREF=\"story.php?id=$story->id\"><FONT COLOR=\"$theme->hlcolor2\">". format_plural($story->comments, "comment", "comments") ."</FONT></A> ]" : "[ <A HREF=\"story.php?id=$story->id\"><FONT COLOR=\"$theme->hlcolor2\">". format_plural($story->comments, "comment", "comments") ."</FONT></A> ]"; + return ($story->article) ? "[ <A HREF=\"story.php?id=$story->id\"><FONT COLOR=\"$theme->link\"><B>read more</B></FONT></A> | ". strlen($story->article) ." bytes | <A HREF=\"story.php?id=$story->id\"><FONT COLOR=\"$theme->link\">". format_plural($story->comments, "comment", "comments") ."</FONT></A> ]" : "[ <A HREF=\"story.php?id=$story->id\"><FONT COLOR=\"$theme->link\">". format_plural($story->comments, "comment", "comments") ."</FONT></A> ]"; } function theme_moderation_results($theme, $story) { global $user; - if ($user->id && $story->id && ($user->id == $story->author || user_getHistory($user->history, "s$story->id"))) { + if ($user->id && $story->id && ($user->id == $story->author || user_get_history($user->history, "s$story->id"))) { $result = db_query("SELECT * FROM users WHERE history LIKE '%s$story->id%'"); while ($account = db_fetch_object($result)) { - $output .= format_username($account->userid) ." voted `". user_getHistory($account->history, "s$story->id") ."'.<BR>"; + $output .= format_username($account->userid) ." voted `". user_get_history($account->history, "s$story->id") ."'.<BR>"; } $theme->box("Moderation results", ($output ? $output : "This story has not been moderated yet.")); @@ -131,7 +131,6 @@ function theme_new_headlines($theme, $num = 10) { $content = ""; $result = db_query("SELECT id, subject FROM stories WHERE status = 2 ORDER BY id DESC LIMIT $num"); while ($story = db_fetch_object($result)) $content .= "<LI><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></LI>\n"; - $content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"; $theme->box("Latest headlines", $content); } @@ -148,8 +147,6 @@ function theme_old_headlines($theme, $num = 10) { } $content .= "<LI><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></LI>\n"; } - $content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>"; - $theme->box("Older headlines", $content); } diff --git a/includes/user.inc b/includes/user.inc index 90e1dc1e8..65a891cb9 100644 --- a/includes/user.inc +++ b/includes/user.inc @@ -1,7 +1,13 @@ <? class User { - function User($userid, $passwd = "") { + function User($userid) { + $result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2"); + if (db_num_rows($result) == 1) { + foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } + } + } + function User($userid, $passwd) { $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2"); if (db_num_rows($result) == 1) { foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; } @@ -10,6 +16,12 @@ class User { } } +function user_load() { + global $db_name; + session_name($db_name); + session_start(); +} + function user_save($data, $id = 0) { global $user; @@ -29,7 +41,7 @@ function user_save($data, $id = 0) { } } -function user_getHistory($history, $field) { +function user_get_history($history, $field) { $data = explode(";", $history); for (reset($data); current($data); next($data)) { $entry = explode(":", current($data)); @@ -38,8 +50,8 @@ function user_getHistory($history, $field) { return $rval; } -function user_setHistory(&$user, $field, $value) { - +function user_set_history($field, $value) { + global $user; $history = $user->history; if (!$value) { // remove entry: @@ -71,4 +83,13 @@ function user_setHistory(&$user, $field, $value) { db_query($query); } +function user_rehash() { + global $user; + if ($user->id) $user = new User($user->userid); +} + +function user_permission($account) { + return ($account->permissions == 1 || $account->id == 1); +} + ?>
\ No newline at end of file diff --git a/includes/watchdog.inc b/includes/watchdog.inc index f50fab57e..6a5b66163 100644 --- a/includes/watchdog.inc +++ b/includes/watchdog.inc @@ -9,8 +9,8 @@ $watchdog = array("comment" => array("0", $submission_rate["comment"]), function watchdog($id, $message) { global $user, $watchdog, $watchdog_history; - - if ($watchdog[$id][1] && !($user->permissions == 1 || $user->id == 1)) { +/* + if ($watchdog[$id][1] && !user_permission()) { if ($log = db_fetch_object(db_query("SELECT * FROM watchdog WHERE hostname = '". getenv("REMOTE_ADDR") ."' AND level = '". $watchdog[$id][0] ."'"))) { if (time() - $log->timestamp < $watchdog[$id][1]) { watchdog("warning", "'". getenv("REMOTE_ADDR") ."' exceeded '$id' submission rate"); @@ -19,6 +19,7 @@ function watchdog($id, $message) { } } } +*/ // Perform query to add new watchdog entry: db_query("INSERT INTO watchdog (level, timestamp, user, message, location, hostname) VALUES ('". $watchdog[$id][0] ."', '". time() ."', '". check_input($user->id) ."', '". check_input($message) ."', '". check_input(getenv("REQUEST_URI")) ."', '". check_input(getenv("REMOTE_ADDR")) ."')"); |