From 7241d38e4c8107479611bb90c8a902dea34d711a Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Sat, 20 Jan 2001 12:24:08 +0000 Subject: - removed old discussion.php - added new story.php --- discussion.php | 318 --------------------------------------------------------- 1 file changed, 318 deletions(-) delete mode 100644 discussion.php (limited to 'discussion.php') diff --git a/discussion.php b/discussion.php deleted file mode 100644 index 5cf44e685..000000000 --- a/discussion.php +++ /dev/null @@ -1,318 +0,0 @@ -id && $moderate) { - $none = $comment_votes[key($comment_votes)]; - - foreach ($moderate as $id=>$vote) { - if ($vote != $comment_votes[$none] && !user_getHistory($user->history, "c$id")) { - // Update the comment's score: - $result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id"); - - // Update the user's history: - user_setHistory($user, "c$id", $vote); - } - } - } -} - -function discussion_kids($cid, $mode, $threshold, $level = 0, $dummy = 0) { - global $user, $theme; - - $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $threshold) ORDER BY c.timestamp, c.cid"); - - if ($mode == "nested") { - while ($comment = db_fetch_object($result)) { - if ($comment->score >= $threshold) { - if ($level && !$comments) print ""; -} - -function discussion_childs($cid, $threshold, $level = 0, $thread = "") { - global $theme, $user; - - // Perform SQL query: - $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $threshold) ORDER BY c.timestamp, c.cid"); - - if ($level == 0) $thread = ""; - - while ($comment = db_fetch_object($result)) { - if ($level && !$comments) { - $thread .= ""; - } - - return $thread; -} - -function discussion_settings($mode, $order, $threshold) { - global $user; - - if ($user->id) { - $data[mode] = $mode; - $data[sort] = $order; - $data[threshold] = $threshold; - - user_save($data, $user->id); - } -} - -function discussion_display($sid, $pid, $cid, $level = 0) { - global $user, $theme; - - // Pre-process variables: - $pid = (empty($pid)) ? 0 : $pid; - $cid = (empty($cid)) ? 0 : $cid; - $mode = ($user->id) ? $user->mode : "threaded"; - $order = ($user->id) ? $user->sort : "1"; - $threshold = ($user->id) ? $user->threshold : "0"; - - // Compose story-query: - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status != 0 AND s.id = $sid"); - $story = db_fetch_object($result); - - // Display story: - if ($story->status == 1) $theme->article($story, "[ hlcolor2\">submission queue | id&pid=0\">hlcolor2\">add a comment ]"); - else $theme->article($story, "[ hlcolor2\">home | id&pid=0\">hlcolor2\">add a comment ]"); - - // Display `comment control'-box: - if ($user->id) $theme->commentControl($sid, $title, $threshold, $mode, $order); - - // Compose query: - $query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.sid = $sid AND c.pid = $pid AND (c.votes = 0 OR c.score / c.votes >= $threshold)"; - if ($order == 1) $query .= " ORDER BY c.timestamp DESC"; - if ($order == 2) $query .= " ORDER BY c.score DESC"; - $result = db_query($query); - - print "
\n"; - - // Display the comments: - while ($comment = db_fetch_object($result)) { - // Dynamically compose the `reply'-link: - if ($comment->pid != 0) { - list($pid) = db_fetch_row(db_query("SELECT pid FROM comments WHERE cid = $comment->pid")); - $link = "sid&pid=$pid#$pid\">hlcolor2\">return to parent | sid&pid=$comment->cid\">hlcolor2\">reply to this comment"; - } - else { - $link = "sid&pid=$comment->cid\">hlcolor2\">reply to this comment "; - } - - // Display the comments: - if (empty($mode) || $mode == "threaded") { - $thread = discussion_childs($comment->cid, $threshold); - $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link, $thread); - } - else { - $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link); - discussion_kids($comment->cid, $mode, $threshold, $level); - } - } - - print " \n"; - print " \n"; - print "
\n"; -} - -function discussion_reply($pid, $sid) { - global $user, $theme, $allowed_html; - - // Extract parent-information/data: - if ($pid) { - $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid")); - $theme->comment(new Comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->fake_email, discussion_score($comment), $comment->votes, $item->cid), "reply to this comment"); - } - else { - $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid")); - $theme->article($item, ""); - } - - // Build reply form: - $output .= "
\n"; - - // Name field: - $output .= "

\n"; - $output .= " Your name:
\n"; - $output .= format_username($user->userid); - $output .= "

\n"; - - // Subject field: - $output .= "

\n"; - $output .= " Subject:
\n"; - $output .= " \n"; - $output .= "

\n"; - - // Comment field: - $output .= "

\n"; - $output .= " Comment:
\n"; - $output .= "
\n"; - $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; - $output .= "

\n"; - - // Preview button: - $output .= "

\n"; - $output .= " You must preview at least once before you can submit:
\n"; - $output .= " \n"; - $output .= " \n"; - $output .= "
\n"; - $output .= "

\n"; - - $output .= "
\n"; - - $theme->box("Reply", $output); -} - -function comment_preview($pid, $sid, $subject, $comment) { - global $user, $theme, $allowed_html; - - // Preview comment: - $theme->comment(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, "", "", ""), "reply to this comment"); - - // Build reply form: - $output .= "
\n"; - - // Name field: - $output .= "

\n"; - $output .= " Your name:
\n"; - $output .= format_username($user->userid); - $output .= "

\n"; - - // Subject field: - $output .= "

\n"; - $output .= " Subject:
\n"; - $output .= " \n"; - $output .= "

\n"; - - // Comment field: - $output .= "

\n"; - $output .= " Comment:
\n"; - $output .= "
\n"; - $output .= " Allowed HTML tags: ". htmlspecialchars($allowed_html) .".\n"; - $output .= "

\n"; - - // Hidden fields: - $output .= "\n"; - $output .= "\n"; - - if (empty($subject)) { - $output .= "

\n"; - $output .= " Warning: you did not supply a subject.\n"; - $outout .= "

\n"; - } - - // Preview and submit button: - $output .= "

\n"; - $output .= " \n"; - $output .= " \n"; - $output .= "

\n"; - $output .= "

\n"; - - $theme->box("Reply", $output); -} - -function comment_post($pid, $sid, $subject, $comment) { - global $user, $theme; - - // Check for fake threads: - $fake = db_result(db_query("SELECT COUNT(id) FROM stories WHERE id = $sid"), 0); - - // Check for duplicate comments: - $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$pid' AND sid = '$sid' AND subject = '". check_input($subject) ."' AND comment = '". check_input($comment) ."'"), 0); - - if ($fake != 1) { - watchdog("error", "discussion: attempt to insert fake comment"); - $theme->box("fake comment", "fake comment: $fake"); - } - elseif ($duplicate != 0) { - watchdog("error", "discussion: attempt to insert duplicate comment"); - $theme->box("duplicate comment", "duplicate comment: $duplicate"); - } - else { - // Validate subject: - $subject = ($subject) ? $subject : substr($comment, 0, 29); - - // Add watchdog entry: - watchdog("comment", "discussion: added comment with subject '$subject'"); - - // Add comment to database: - db_query("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp, score) VALUES ($pid, $sid, '$user->id', '". check_input($subject) ."', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')"); - - // Compose header: - header("Location: discussion.php?id=$sid"); - } -} - -include "includes/common.inc"; -include "includes/comment.inc"; - -// Security check: -if (strstr($id, " ") || strstr($pid, " ") || strstr($sid, " ") || strstr($mode, " ") || strstr($order, " ") || strstr($threshold, " ")) { - watchdog("error", "discussion: attempt to provide malicious input through URI"); - exit(); -} - -switch($op) { - case "Preview comment": - $theme->header(); - comment_preview($pid, $sid, $subject, $comment); - $theme->footer(); - break; - case "Post comment": - comment_post($pid, $sid, $subject, $comment); - break; - case "reply": - $theme->header(); - discussion_reply($pid, $sid); - $theme->footer(); - break; - case "Save": - discussion_settings($mode, $order, $threshold); - $theme->header(); - discussion_display($id, $pid, $sid); - $theme->footer(); - break; - case "Moderate comments": - discussion_moderate($moderate); - $theme->header(); - discussion_display($id, $pid, $sid); - $theme->footer(); - break; - default: - $theme->header(); - discussion_display($id, $pid, $sid); - $theme->footer(); -} - -?> \ No newline at end of file -- cgit v1.2.3