Commit 1f0a87f4 authored by Dries's avatar Dries
Browse files

Over the last 2 days I redid and reorganized an afwul lot of code and
made quite a lot of additions.   The most remarkable addition is the
diary server, which I slapped together in less then 40 minutes.   Most
of the other changes are however `unvisible' for the user but add much
value to a better maintainability from a developer's objective.  Like
always, I fixed quite a number of small bugs that creeped into the code
so we should have a bigger, better and more stable drop.org.

Unfortunatly, some theme update _are_ required:


REQUIRED THEME UPDATES:
=======================

* use format_username() where usernames are used
* use format_date() where timestamps/dates are used
* use format_email() where e-mail addresses are displayed
* use format_url() where url are displayed
* replace 'formatTimestamp' with format_date
* replace 'morelink_*' with 'display_morelink'

[most of these functions are in function.inc or template.inc]

___PLEASE___ (<- this should get your attention ;) update your themes
as soon as possible - it only takes 30 min. to get in sync with the
other themes.  Don't start whining about the fact you don't know what
to change ... either eat the source cookie, or ask me to elaborate on
a few changes.  Just let me know what's puzzling you and I'll try to
help you out!


TODO LIST FOR NEXT WEEK
=======================
* Add checks for max. text length in textarea's?  Is there an HMTL
  attribute for this or ...?
* Comment moderation + mojo
* Edit/admin user accounts: block, delete, change permissions, ...
* E-mail password, change password, change e-mail address -> extra
  checks and routines to validate such `special' changes.
* Input checking - input filter: bad words, html tags, ...
parent 17d8330e
......@@ -37,9 +37,12 @@ ErrorDocument 500 /error.php
# Overload PHP variables:
<IfModule mod_php4.c>
php_value track_vars On
php_value php_register_globals On
php_value magic_quotes_gpc On
php_value magic_quotes_runtime Off
php_value magic_quotes_sybase Off
php_value session.auto_start 1
php_value session.cookie_lifetime 1728000
php_value session.gc_maxlifetime 1728000
php_value session.name DROPID
......
<?
include "function.inc";
include "config.inc";
include "functions.inc";
include "theme.inc";
function account_getUser($uname) {
$result = db_query("SELECT * FROM users WHERE userid = '$uname'");
......@@ -27,9 +29,7 @@ function showAccess() {
}
function showUser($uname) {
global $user;
include "theme.inc";
global $user, $theme;
if ($user && $uname && $user->userid == $uname) {
$output .= "<P>Welcome $user->userid! This is <B>your</B> user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.</P>\n";
......@@ -71,7 +71,6 @@ function showUser($uname) {
}
function newUser($user = "", $error="") {
include "theme.inc";
$output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
$output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
if (!empty($error)) $output .= "<TR><TD COLSPAN=2>$error</TD></TR>\n";
......@@ -117,20 +116,18 @@ function account_makePassword($min_length=6) {
function account_track_comments() {
global $user;
include "function.inc";
$output .= "<P>This page is helpful in case you want to keep track of your most recent comments in any of the discussions. It helps you to review the replies your comments got.\n<P>\n";
$output .= "<P>This page might be helpful in case you want to keep track of your most recent comments in any of the discussions. You are given an overview of your comments in each of the stories you participates in along with the number of replies each comment got.\n<P>\n";
### Perform query:
$sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
while ($story = db_fetch_object($sresult)) {
$output .= "<LI>". plural($story->count, comment, comments) ." in article `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n";
$output .= "<LI>". format_plural($story->count, comment, comments) ." in story `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n";
$output .= " <UL>\n";
$cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
while ($comment = db_fetch_object($cresult)) {
$output .= " <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n";
$output .= " <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". format_plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n";
}
$output .= " </UL>\n";
}
......@@ -142,7 +139,7 @@ function account_track_comments() {
case "Login":
session_start();
$user = new User($userid, $passwd);
if ($user && $user->valid()) {
if ($user && user_valid()) {
session_register("user");
watchdog(1, "session opened for user `$user->userid'.");
}
......@@ -154,11 +151,10 @@ function account_track_comments() {
case "new":
newUser();
break;
case "info":
showUser($uname);
case "view":
showUser($name);
break;
case "discussion":
include "theme.inc";
$theme->header();
$theme->box("Track your comments", account_track_comments());
$theme->footer();
......@@ -173,8 +169,6 @@ function account_track_comments() {
case "Register":
if ($rval = validateUser($new)) { newUser($new, "<B>Error: $rval</B>"); }
else {
include"theme.inc";
### Generate new password:
$new[passwd] = account_makePassword();
dbsave("users", $new);
......@@ -198,7 +192,7 @@ function account_track_comments() {
}
break;
case "user":
if ($user && $user->valid()) {
if ($user->id && user_valid()) {
### Generate output/content:
$output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
$output .= "<B>Real name:</B><BR>\n";
......@@ -213,10 +207,10 @@ function account_track_comments() {
$output .= "<B>URL of homepage:</B><BR>\n";
$output .= "<INPUT NAME=\"edit[url]\" MAXLENGTH=55 SIZE=30 VALUE=\"$user->url\"><BR>\n";
$output .= "<I>Optional, but make sure you enter fully qualified URLs only. That is, remember to include \"http://\".</I><P>\n";
$output .= "<B>Bio:</B> (255 char limit)<BR>\n";
$output .= "<B>Bio:</B> (255 char. limit)<BR>\n";
$output .= "<TEXTAREA NAME=\"edit[bio]\" COLS=35 ROWS=5 WRAP=virtual>$user->bio</TEXTAREA><BR>\n";
$output .= "<I>Optional. This biographical information is publicly displayed on your user page.</I><P>\n";
$output .= "<B>User block:</B> (255 char limit)<BR>\n";
$output .= "<B>User block:</B> (255 char. limit)<BR>\n";
$output .= "<TEXTAREA NAME=\"edit[ublock]\" COLS=35 ROWS=5 WRAP=virtual>$user->ublock</TEXTAREA><BR>\n";
$output .= "<INPUT NAME=\"edit[ublockon]\" TYPE=checkbox". ($user->ublockon == 1 ? " CHECKED" : "") ."> Enable user block<BR>\n";
$output .= "<I>Enable the checkbox and whatever you enter below will appear on your costum main page.</I><P>\n";
......@@ -227,20 +221,18 @@ function account_track_comments() {
$output .= "</FORM>\n";
### Display output/content:
include "theme.inc";
$theme->header();
$theme->box("Edit your information", $output);
$theme->footer();
}
else {
include "theme.inc";
$theme->header();
$theme->box("Login", showLogin($userid));
$theme->footer();
}
break;
case "page":
if ($user && $user->valid()) {
if ($user && user_valid()) {
### Generate output/content:
$output .= "<FORM ACTION=\"account.php\" METHOD=post>\n";
$output .= "<B>Theme:</B><BR>\n";
......@@ -252,18 +244,19 @@ function account_track_comments() {
if ($userinfo[theme]=="") $userinfo[theme] = $cfg_theme;
$output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n";
$output .= "<I>Changes the look and feel of the site.</I><P>\n";
$output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
$output .= "<B>Maximum number of stories:</B><BR>\n";
$output .= "<INPUT NAME=\"edit[storynum]\" MAXLENGTH=3 SIZE=3 VALUE=\"$user->storynum\"><P>\n";
$output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
$options = "<OPTION VALUE=\"nested\"". ($user->umode == 'nested' ? " SELECTED" : "") .">Nested</OPTION>";
$options .= "<OPTION VALUE=\"flat\"". ($user->umode == 'flat' ? " SELECTED" : "") .">Flat</OPTION>";
$options .= "<OPTION VALUE=\"threaded\"". ($user->umode == 'threaded' ? " SELECTED" : "") .">Threaded</OPTION>";
$output .= "<B>Display mode:</B><BR>\n";
$output .= "<B>Comment display mode:</B><BR>\n";
$output .= "<SELECT NAME=\"edit[umode]\">$options</SELECT><P>\n";
$options = "<OPTION VALUE=0". ($user->uorder == 0 ? " SELECTED" : "") .">Oldest first</OPTION>";
$options .= "<OPTION VALUE=1". ($user->uorder == 1 ? " SELECTED" : "") .">Newest first</OPTION>";
$options .= "<OPTION VALUE=2". ($user->uorder == 2 ? " SELECTED" : "") .">Highest scoring first</OPTION>";
$output .= "<B>Sort order:</B><BR>\n";
$output .= "<B>Comment sort order:</B><BR>\n";
$output .= "<SELECT NAME=\"edit[uorder]\">$options</SELECT><P>\n";
$options = "<OPTION VALUE=\"-1\"". ($user->thold == -1 ? " SELECTED" : "") .">-1: Display uncut and raw comments.</OPTION>";
$options .= "<OPTION VALUE=0". ($user->thold == 0 ? " SELECTED" : "") .">0: Display almost all comments.</OPTION>";
......@@ -272,30 +265,28 @@ function account_track_comments() {
$options .= "<OPTION VALUE=3". ($user->thold == 3 ? " SELECTED" : "") .">3: Display comments with score +3 only.</OPTION>";
$options .= "<OPTION VALUE=4". ($user->thold == 4 ? " SELECTED" : "") .">4: Display comments with score +4 only.</OPTION>";
$options .= "<OPTION VALUE=5". ($user->thold == 5 ? " SELECTED" : "") .">5: Display comments with score +5 only.</OPTION>";
$output .= "<B>Threshold:</B><BR>\n";
$output .= "<B>Comment threshold:</B><BR>\n";
$output .= "<SELECT NAME=\"edit[thold]\">$options</SELECT><BR>\n";
$output .= "<I>Comments that scored less than this setting will be ignored. Anonymous comments start at 0, comments of people logged on start at 1 and moderators can add and subtract points.</I><P>\n";
$output .= "<B>Singature:</B> (255 char limit)<BR>\n";
$output .= "<B>Singature:</B> (255 char. limit)<BR>\n";
$output .= "<TEXTAREA NAME=\"edit[signature]\" COLS=35 ROWS=5 WRAP=virtual>$user->signature</TEXTAREA><BR>\n";
$output .= "<I>Optional. This information will be publicly displayed at the end of your comments. </I><P>\n";
$output .= "<INPUT TYPE=submit NAME=op VALUE=\"Save page settings\"><BR>\n";
$output .= "</FORM>\n";
### Display output/content:
include "theme.inc";
$theme->header();
$theme->box("Customize your page", $output);
$theme->footer();
}
else {
include "theme.inc";
$theme->header();
$theme->box("Login", showLogin($userid));
$theme->footer();
}
break;
case "Save user information":
if ($user && $user->valid()) {
if ($user && user_valid()) {
$data[name] = $edit[name];
$data[email] = $edit[email];
$data[femail] = $edit[femail];
......@@ -305,12 +296,12 @@ function account_track_comments() {
$data[ublockon] = $edit[ublockon];
if ($edit[pass1] == $edit[pass2] && !empty($edit[pass1])) { $data[passwd] = $edit[pass1]; }
dbsave("users", $data, $user->id);
$user->rehash();
user_rehash();
}
showUser($user->userid);
break;
case "Save page settings":
if ($user && $user->valid()) {
if ($user && user_valid()) {
$data[theme] = $edit[theme];
$data[storynum] = $edit[storynum];
$data[umode] = $edit[umode];
......@@ -318,7 +309,7 @@ function account_track_comments() {
$data[thold] = $edit[thold];
$data[signature] = $edit[signature];
dbsave("users", $data, $user->id);
$user->rehash();
user_rehash();
}
showUser($user->userid);
break;
......
This diff is collapsed.
<?
include "functions.inc";
include "function.inc";
class backend {
......
<?
include "function.inc";
include "theme.inc";
function diary_entry($timestamp, $text, $id = 0) {
if ($id) {
$output .= "<DL>\n";
$output .= " <DT><B>". date("l, F jS", $timestamp) .":</B> </DT>\n";
$output .= " <DD><P>[ <A HREF=\"diary.php?op=edit&id=$id\">edit</A> ]</P><P>$text</P></DD>\n";
$output .= "</DL>\n";
}
else {
$output .= "<DL>\n";
$output .= " <DT><B>". date("l, F jS", $timestamp) .":</B></DT>\n";
$output .= " <DD><P>$text</P></DD>\n";
$output .= "</DL>\n";
}
return $output;
}
function diary_display($username) {
global $theme, $user;
$result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE u.userid = '$username' ORDER BY timestamp DESC");
if ($username == $user->userid) {
$output .= diary_entry(time(), "<BIG><A HREF=\"diary.php?op=add\">Add new diary entry!</A></BIG><P>");
while ($diary = db_fetch_object($result)) $output .= diary_entry($diary->timestamp, $diary->text, $diary->id);
}
else {
while ($diary = db_fetch_object($result)) $output .= diary_entry($diary->timestamp, $diary->text);
}
$theme->header();
$theme->box("Online diary", $output);
$theme->footer();
}
function diary_add_enter() {
global $theme, $user;
### Submission form:
$output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <B>Enter new diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n";
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\">\n";
$output .= "</P>\n";
$output .= "</FORM>\n";
$theme->header();
$theme->box("Online diary", $output);
$theme->footer();
}
function diary_edit_enter($id) {
global $theme, $user;
$result = db_query("SELECT * FROM diaries WHERE id = $id");
$diary = db_fetch_object($result);
$output .= diary_entry($diary->timestamp, $diary->text);
$output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <B>Edit diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($diary->text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$diary->id\">\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"timestamp\" VALUE=\"$diary->timestamp\">\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Submit diary entry\">\n";
$output .= "</P>\n";
$output .= "</FORM>\n";
$theme->header();
$theme->box("Online diary", $output);
$theme->footer();
}
function diary_preview($text, $timestamp, $id = 0) {
global $theme, $user;
$output .= diary_entry($timestamp, $text);
$output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <B>Preview diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Submit diary entry\">\n";
$output .= "</P>\n";
$output .= "</FORM>\n";
$theme->header();
$theme->box("Online diary", $output);
$theme->footer();
}
function diary_submit($text, $id = 0) {
global $user, $theme;
if ($id) {
db_query("UPDATE diaries SET text = '".addslashes($text) ."' WHERE id = $id");
watchdog(1, "old diary entry updated");
}
else {
db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". addslashes($text) ."', '". time() ."')");
watchdog(1, "new diary entry added");
}
header("Location: diary.php?op=view&name=$user->userid");
}
switch($op) {
case "add":
diary_add_enter();
break;
case "edit":
diary_edit_enter($id);
break;
case "view":
diary_display($name);
break;
case "Preview diary entry":
if ($id) diary_preview($text, $timestamp, $id);
else diary_preview($text, time());
break;
case "Submit diary entry":
if ($id) diary_submit($text, $id);
else diary_submit($text);
break;
default:
diary_display($user->userid);
}
?>
\ No newline at end of file
......@@ -77,7 +77,7 @@ function comments_childs($cid, $mode, $order, $thold, $level = 0, $thread) {
return $thread;
}
function comments_display ($sid, $pid, $cid, $mode, $order, $thold, $level = 0) {
function comments_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0) {
global $user, $theme;
### Pre-process variables:
......@@ -283,7 +283,7 @@ function comment_post($pid, $sid, $subject, $comment, $mode, $order, $thold) {
}
}
include "functions.inc";
include "function.inc";
include "config.inc";
include "theme.inc";
......
<?
include "functions.inc";
include "function.inc";
include "theme.inc";
$output = "
......
<?
function plural($count, $one, $more) {
return ($count == 1) ? "$count $one" : "$count $more";
include "config.inc";
include "database.inc";
include "log.inc";
function id2story($id) {
### Perform query:
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id");
return db_fetch_object($result);
}
function dbsave($dbase, $data, $id=0) {
foreach ($data as $key=>$value) {
if ($key == "passwd") { $query .= "$key=PASSWORD('". addslashes($value) ."'), "; }
else { $query .= "$key='". addslashes($value) ."', "; }
}
$query = substr($query, 0, -2);
if (!empty($id)) { db_query("UPDATE $dbase SET $query WHERE id=$id") or die(mysql_error()); return $id; }
else { db_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); }
}
function FixQuotes ($what = "") {
$what = ereg_replace("'","''",$what);
while (eregi("\\\\'", $what)) {
$what = ereg_replace("\\\\'","'",$what);
}
return $what;
}
function username($username) {
include "config.inc";
return ($username) ? $username : $anonymous;
function check_html($message) {
## TODO
return $message;
}
function filter_text($message, $strip="") {
### TODO
return check_html($text, $strip);
}
function discussion_num_replies($id, $count = 0) {
......@@ -14,4 +44,60 @@ function discussion_num_replies($id, $count = 0) {
return ($result) ? mysql_result($result, 0) : 0;
}
?>
\ No newline at end of file
function format_plural($count, $one, $more) {
return ($count == 1) ? "$count $one" : "$count $more";
}
function format_date($timestamp, $type = "medium") {
switch ($type) {
case "small":
$date = date("D, m/d/y - H:i", $timestamp);
break;
case "medium":
$date = date("l, m/d/Y - H:i", $timestamp);
break;
case "large":
$date = date("D, M d, Y - H:i", $timestamp);
break;
case "extra large":
$date = date("l, F dS, Y - H:i", $timestamp);
break;
default:
$date = date("D, M d, Y - H:i", $timestamp);
}
return $date;
}
function format_availability($field, $replacement = "<I>n/a</I>") {
return ($field) ? $field : $replacement;
}
function format_username($username, $admin = 0) {
if ($username) return ($admin) ? "<A HREF=\"admin.php?section=accounts&op=view&name=$username\">$username</A>" : "<A HREF=\"account.php?op=view&name=$username\">$username</A>";
else { include "config.inc"; return $anonymous; }
}
function format_email_address($address) {
return ($address) ? "<A HREF=\"mailto:$address\">$address</A>" : format_availability($address);
}
function format_url($address, $description = "") {
// POSSIBLE EXTENSIONS:
// 1. add `http://' in case it's missing.
// 2. add a trailing `/' in case it's missing.
// 3. remove any parameters in the URI.
$description = ($description) ? $description : $address;
return ($address) ? "<A HREF=\"$address\">$description</A>" : format_availability($address);
}
function format_story_link($story, $subject = "") {
global $user;
$output .= "<A HREF=\"discussion.php?id=$story->id";
$output .= ($user->umode) ? "&mode=$user->umode" : "&mode=threaded";
$output .= ($user->uorder) ? "&order=$user->uorder" : "&order=0";
$output .= ($user->thold) ? "&thold=$user->thold" : "&thold=0";
$output .= ($subject) ? "\">$subject</A>" : "\">$story->subject</A>";
return $output;
}
?>
<?PHP
<?
include "functions.inc";
include "function.inc";
include "theme.inc";
### Initialize/pre-process variables:
......
......@@ -18,6 +18,14 @@ CREATE TABLE bans (
PRIMARY KEY (id)
);
CREATE TABLE diaries (
id int DEFAULT '0' NOT NULL auto_increment;
author int DEFAULT '0' NOT NULL,
text text NOT NULL,
timestamp int(11),
PRIMARY KEY(id)
);
CREATE TABLE blocks (
id tinyint(4) DEFAULT '0' NOT NULL auto_increment,
author varchar(30),
......
......@@ -187,7 +187,7 @@ function adminPolls() {
}
if (!$box) {
include "functions.inc";
include "function.inc";
include "theme.inc";
$theme->header();
}
......
......@@ -3,7 +3,7 @@
### Include global settings:
include "config.inc";
include "functions.inc";
include "function.inc";
include "authentication.inc";
include "theme.inc";
......
<?
include "functions.inc";
include "function.inc";
include "theme.inc";
$theme->header();
......@@ -10,13 +10,13 @@
$output .= "<TABLE WIDTH=\"100%\" BORDER=\"0\">\n";
$output .= " <TR VALIGN=\"center\">\n";
$output .= " <TD COLSPAN=3>\n";
$output .= " <FORM ACTION=\"". basename($GLOBALS[PHP_SELF]) ."\" METHOD=\"POST\">\n";
$output .= " <FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
$output .= " <INPUT SIZE=\"50\" VALUE=\"$terms\" NAME=\"terms\" TYPE=\"text\"><BR>\n";
### category:
$output .= " <SELECT NAME=\"category\">\n";
if ($category != "") $output .= " <OPTION VALUE=\"$category\">$category</OPTION>\n";
$output .= "<OPTION VALUE=\"\">All categories</OPTION>\n";
$output .= "<SELECT NAME=\"category\">\n";
if ($category) $output .= " <OPTION VALUE=\"$category\">$category</OPTION>\n";
$output .= " <OPTION VALUE=\"\">All categories</OPTION>\n";
for ($i = 0; $i < sizeof($categories); $i++) {
$output .= " <OPTION VALUE=\"$categories[$i]\">$categories[$i]</OPTION>\n";
}
......@@ -40,34 +40,20 @@
$output .= " <TR>\n";
$output .= " <TD>\n";
### Compose query:
$query = "SELECT DISTINCT s.id, s.subject, u.userid, s.timestamp FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 ";
if ($terms != "") $query .= "AND (s.subject LIKE '%$terms%' OR s.abstract LIKE '%$terms%' OR s.updates LIKE '%$terms%') ";
if ($category != "") $query .= "AND s.category = '$category' ";
if ($author != "") $query .= "AND u.userid = '$author' ";
if ($order == "Oldest first") $query .= " ORDER BY s.timestamp ASC";
else $query .= " ORDER BY s.timestamp DESC";
### Perform query:
### Compose and perform query:
$query = "SELECT DISTINCT s.id, s.subject, u.userid, s.timestamp, COUNT(c.cid) AS comments FROM comments c, stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND s.id = c.sid ";
$query .= ($author) ? "AND u.userid = '$author' " : "";
$query .= ($terms) ? "AND (s.subject LIKE '%$terms%' OR s.abstract LIKE '%$terms%' OR s.updates LIKE '%$terms%') " : "";
$query .= ($category) ? "AND s.category = '$category' GROUP BY c.sid " : "GROUP BY c.sid ";
$query .= ($order == "Oldest first") ? "ORDER BY s.timestamp ASC" : "ORDER BY s.timestamp DESC";
$result = db_query("$query");