Commit 28bf9e89 authored by Dries's avatar Dries
Browse files

- fixed a bug in check_input: html stripping was not 100% correct.
- fixed a bug in account.php: the confirmation url is now correct.
- improved error checking + security in diary.php.
- fixed a bug in the html code of theme zaphod.
- improved the date handling: always call format_date().
- expanded account information in administration pages.
- added a new variable $siteurl to ./includes/config.inc.
- added comment moderation to theme zaphod.
- "alter table users add timezone varchar(8);"

- !!! added new timezone feature !!! :o)
parent 4ede9967
...@@ -106,17 +106,24 @@ function account_page_edit() { ...@@ -106,17 +106,24 @@ function account_page_edit() {
global $theme, $themes, $user; global $theme, $themes, $user;
if ($user->id) { if ($user->id) {
### Generate output/content:
$output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n"; $output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
$output .= "<B>Theme:</B><BR>\n"; $output .= "<B>Theme:</B><BR>\n";
### Loop (dynamically) through all available themes:
foreach ($themes as $key=>$value) { foreach ($themes as $key=>$value) {
$options .= "<OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>"; $options1 .= " <OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>\n";
} }
$output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n"; $output .= "<SELECT NAME=\"edit[theme]\">\n$options1</SELECT><BR>\n";
$output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n"; $output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
$output .= "<B>Timezone:</B><BR>\n";
$date = time() - date("Z");
for ($zone = -43200; $zone <= 43200; $zone += 3600) {
$options2 .= " <OPTION VALUE=\"$zone\"". (($user->timezone == $zone) ? " SELECTED" : "") .">". date("l, F dS, Y - h:i A", $date + $zone) ." (GMT ". $zone / 3600 .")</OPTION>\n";
}
$output .= "<SELECT NAME=\"edit[timezone]\">\n$options2</SELECT><BR>\n";
$output .= "<I>Select what time you currently have and your timezone settings will be set appropriate.</I><P>\n";
$output .= "<B>Maximum number of stories:</B><BR>\n"; $output .= "<B>Maximum number of stories:</B><BR>\n";
$output .= "<INPUT NAME=\"edit[stories]\" MAXLENGTH=\"3\" SIZE=\"3\" VALUE=\"$user->stories\"><P>\n"; $output .= "<INPUT NAME=\"edit[stories]\" MAXLENGTH=\"3\" SIZE=\"3\" VALUE=\"$user->stories\"><P>\n";
$output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n"; $output .= "<I>The maximum number of stories that will be displayed on the main page.</I><P>\n";
...@@ -143,7 +150,6 @@ function account_page_edit() { ...@@ -143,7 +150,6 @@ function account_page_edit() {
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save page settings\"><BR>\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save page settings\"><BR>\n";
$output .= "</FORM>\n"; $output .= "</FORM>\n";
### Display output/content:
$theme->header(); $theme->header();
$theme->box("Customize your page", $output); $theme->box("Customize your page", $output);
$theme->footer(); $theme->footer();
...@@ -159,6 +165,7 @@ function account_page_save($edit) { ...@@ -159,6 +165,7 @@ function account_page_save($edit) {
global $user; global $user;
if ($user->id) { if ($user->id) {
$data[theme] = $edit[theme]; $data[theme] = $edit[theme];
$data[timezone] = $edit[timezone];
$data[stories] = $edit[stories]; $data[stories] = $edit[stories];
$data[mode] = $edit[mode]; $data[mode] = $edit[mode];
$data[sort] = $edit[sort]; $data[sort] = $edit[sort];
...@@ -276,8 +283,6 @@ function account_register_enter($user = "", $error = "") { ...@@ -276,8 +283,6 @@ function account_register_enter($user = "", $error = "") {
function account_register_submit($new) { function account_register_submit($new) {
global $theme, $mail, $sitename, $siteurl; global $theme, $mail, $sitename, $siteurl;
$siteurl = "www.drop.org"; // temporary solution
if ($rval = account_validate($new)) { if ($rval = account_validate($new)) {
account_register_enter($new, "$rval"); account_register_enter($new, "$rval");
} }
...@@ -288,7 +293,7 @@ function account_register_submit($new) { ...@@ -288,7 +293,7 @@ function account_register_submit($new) {
user_save($new); user_save($new);
$link = "http://$siteurl/account.php?op=confirm&name=$new[userid]&hash=$new[hash]"; $link = $siteurl ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
$message = "$new[userid],\n\n\nsomeone signed up for a user account on $sitename and supplied this email address as their contact. If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login. You can do so simply by visiting the URL below:\n\n $link\n\nVisiting this URL will automatically activate your account. Once activated you can login using the following information:\n\n username: $new[userid]\n password: $new[passwd]\n\n\n-- $sitename crew\n"; $message = "$new[userid],\n\n\nsomeone signed up for a user account on $sitename and supplied this email address as their contact. If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login. You can do so simply by visiting the URL below:\n\n $link\n\nVisiting this URL will automatically activate your account. Once activated you can login using the following information:\n\n username: $new[userid]\n password: $new[passwd]\n\n\n-- $sitename crew\n";
mail($new[real_email], "Account details for $sitename", $message, "From: noreply@$sitename"); mail($new[real_email], "Account details for $sitename", $message, "From: noreply@$sitename");
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
function account_display($order = "username") { function account_display($order = "username") {
$sort = array("ID" => "id", "fake e-mail address" => "fake_email", "homepage" => "url", "hostname" => "last_host", "last access date" => "last_access", "real e-mail address" => "real_email", "real name" => "name", "status" => "status", "theme" => "theme", "username" => "userid"); $sort = array("ID" => "id", "fake e-mail address" => "fake_email", "homepage" => "url", "hostname" => "last_host", "last access date" => "last_access", "real e-mail address" => "real_email", "real name" => "name", "status" => "status", "theme" => "theme", "username" => "userid");
$show = array("ID" => "id", "username" => "userid", "$order" => "$sort[$order]", "status" => "status"); $show = array("ID" => "id", "username" => "userid", "$order" => "$sort[$order]", "status" => "status");
$stat = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
### Perform query: ### Perform query:
$result = db_query("SELECT u.id, u.userid, u.$sort[$order], u.status FROM users u ORDER BY $sort[$order]"); $result = db_query("SELECT u.id, u.userid, u.$sort[$order], u.status FROM users u ORDER BY $sort[$order]");
...@@ -46,7 +47,7 @@ function account_display($order = "username") { ...@@ -46,7 +47,7 @@ function account_display($order = "username") {
$output .= " <TD>". format_date($account[$value]) ."</TD>\n"; $output .= " <TD>". format_date($account[$value]) ."</TD>\n";
break; break;
case "status": case "status":
$output .= " <TD ALIGN=\"center\"><I>todo</I></TD>\n"; $output .= " <TD ALIGN=\"center\">". $stat[$account[$value]] ."</TD>\n";
break; break;
case "url": case "url":
$output .= " <TD>". format_url($account[$value]) ."</TD>\n"; $output .= " <TD>". format_url($account[$value]) ."</TD>\n";
...@@ -83,12 +84,14 @@ function account_comments($id) { ...@@ -83,12 +84,14 @@ function account_comments($id) {
} }
function account_view($name) { function account_view($name) {
### Perform query: $status = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
$result = db_query("SELECT * FROM users WHERE userid = '$name'"); $result = db_query("SELECT * FROM users WHERE userid = '$name'");
if ($account = db_fetch_object($result)) { if ($account = db_fetch_object($result)) {
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TD ALIGN=\"right\"><B>ID:</B></TD><TD>$account->id</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>ID:</B></TD><TD>$account->id</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Status:</B></TD><TD>". $status[$account->status] ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Real name:</B></TD><TD>". format_data($account->name) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Real name:</B></TD><TD>". format_data($account->name) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email($account->real_email) ."</TD></TR>\n"; $output .= " <TR><TD ALIGN=\"right\"><B>Real e-mail address:</B></TD><TD>". format_email($account->real_email) ."</TD></TR>\n";
...@@ -137,7 +140,7 @@ function log_display($order = "date") { ...@@ -137,7 +140,7 @@ function log_display($order = "date") {
$output .= " </TR>\n"; $output .= " </TR>\n";
while ($log = db_fetch_object($result)) { while ($log = db_fetch_object($result)) {
$output .= " <TR BGCOLOR=\"". $colors[$log->level] ."\"><TD>". date("D d/m, H:m:s", $log->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($log->userid, 1) ."</A></TD><TD>". substr($log->message, 0, 44) ."</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?section=logs&op=view&id=$log->id\">more</A></TD></TR>\n"; $output .= " <TR BGCOLOR=\"". $colors[$log->level] ."\"><TD>". format_date($log->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($log->userid, 1) ."</A></TD><TD>". substr($log->message, 0, 44) ."</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?section=logs&op=view&id=$log->id\">more</A></TD></TR>\n";
} }
$output .= "</TABLE>\n"; $output .= "</TABLE>\n";
......
...@@ -17,7 +17,7 @@ function diary_overview($num = 20) { ...@@ -17,7 +17,7 @@ function diary_overview($num = 20) {
$output .= "<DL>\n"; $output .= "<DL>\n";
$output .= " <DD><P><B>$diary->userid wrote:</B></P></DD>\n"; $output .= " <DD><P><B>$diary->userid wrote:</B></P></DD>\n";
$output .= " <DL>\n"; $output .= " <DL>\n";
$output .= " <DD><P>". check_output($diary->text) ."</P><P>[ <A HREF=\"diary.php?op=view&name=$diary->userid\">more</A> ]</P></DD>\n"; $output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"diary.php?op=view&name=$diary->userid\">more</A> ]</P></DD>\n";
$output .= " </DL>\n"; $output .= " </DL>\n";
$output .= "</DL>\n"; $output .= "</DL>\n";
} }
...@@ -38,7 +38,7 @@ function diary_entry($timestamp, $text, $id = 0) { ...@@ -38,7 +38,7 @@ function diary_entry($timestamp, $text, $id = 0) {
else { else {
$output .= "<DL>\n"; $output .= "<DL>\n";
$output .= " <DT><B>". date("l, F jS", $timestamp) .":</B></DT>\n"; $output .= " <DT><B>". date("l, F jS", $timestamp) .":</B></DT>\n";
$output .= " <DD><P>". check_output($text) ."</P></DD>\n"; $output .= " <DD><P>". check_output($text, 1) ."</P></DD>\n";
$output .= "</DL>\n"; $output .= "</DL>\n";
} }
return $output; return $output;
...@@ -97,7 +97,7 @@ function diary_edit($id) { ...@@ -97,7 +97,7 @@ function diary_edit($id) {
$output .= "<P>\n"; $output .= "<P>\n";
$output .= " <B>Edit diary entry:</B><BR>\n"; $output .= " <B>Edit diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_input(stripslashes($diary->text)) ."</TEXTAREA><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_input($diary->text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n"; $output .= "</P>\n";
...@@ -123,13 +123,14 @@ function diary_preview($text, $timestamp, $id = 0) { ...@@ -123,13 +123,14 @@ function diary_preview($text, $timestamp, $id = 0) {
$output .= "<P>\n"; $output .= "<P>\n";
$output .= " <B>Preview diary entry:</B><BR>\n"; $output .= " <B>Preview diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($text) ."</TEXTAREA><BR>\n"; $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". check_output($text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n"; $output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n"; $output .= "</P>\n";
$output .= "<P>\n"; $output .= "<P>\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n"; $output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Submit diary entry\">\n"; $output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\">\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Submit diary entry\">\n";
$output .= "</P>\n"; $output .= "</P>\n";
$output .= "</FORM>\n"; $output .= "</FORM>\n";
...@@ -143,11 +144,11 @@ function diary_submit($text, $id = 0) { ...@@ -143,11 +144,11 @@ function diary_submit($text, $id = 0) {
global $user, $theme; global $user, $theme;
if ($id) { if ($id) {
db_query("UPDATE diaries SET text = '". addslashes($text) ."' WHERE id = $id"); db_query("UPDATE diaries SET text = '". check_input($text) ."' WHERE id = $id");
watchdog(1, "old diary entry updated"); watchdog(1, "old diary entry updated");
} }
else { else {
db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". addslashes($text) ."', '". time() ."')"); db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". check_input($text) ."', '". time() ."')");
watchdog(1, "new diary entry added"); watchdog(1, "new diary entry added");
} }
header("Location: diary.php?op=view&name=$user->userid"); header("Location: diary.php?op=view&name=$user->userid");
......
...@@ -4,20 +4,19 @@ ...@@ -4,20 +4,19 @@
# MySQL settings: # MySQL settings:
# #
### http://www.drop.org/:
### www.drop.org:
#$dbhost = "zind.net"; #$dbhost = "zind.net";
#$dbuname = "droporg"; #$dbuname = "droporg";
#$dbpass = "DropIes"; #$dbpass = "DropIes";
#$dbname = "droporg"; #$dbname = "droporg";
### beta.drop.org: ### http://beta.drop.org/:
$dbhost = "zind.net"; $dbhost = "zind.net";
$dbuname = "dries"; $dbuname = "dries";
$dbpass = "Abc123"; $dbpass = "Abc123";
$dbname = "dries"; $dbname = "dries";
### localhost Dries: ### http://dione/:
#$dbhost = ""; #$dbhost = "";
#$dbuname = "dries"; #$dbuname = "dries";
#$dbpass = "oakley"; #$dbpass = "oakley";
...@@ -27,12 +26,13 @@ ...@@ -27,12 +26,13 @@
# Name of the site # Name of the site
# #
$sitename = "drop.org"; $sitename = "drop.org";
$siteurl = "http://www.drop.org/";
# #
# Contact information: # Contact information:
# The contact information will be used to send out automated mails # The contact information will be used to send out automated mails
# to users, account holders or visitors. # to users, account holders or visitors.
$contact_email = "droppies@zind.net"; $contact_email = "droppies@drop.org";
# #
# Notify: # Notify:
...@@ -49,12 +49,19 @@ ...@@ -49,12 +49,19 @@
$notify_email = $contact_email; $notify_email = $contact_email;
$notify_subject = "submission: "; $notify_subject = "submission: ";
$notify_message = "New submission: '$subject'\n\n$story"; $notify_message = "New submission: '$subject'\n\n$story";
$notify_from = "droppies@zind.net"; $notify_from = "droppies@drop.org";
# #
# Comment meta reasons: # Comment meta reasons:
# #
$comment_votes = array("none" => "none", "-1" => "- 1", "0" => "+ 0", "+1" => "+ 1", "+2" => "+ 2", "+3" => "+ 3", "+4" => "+ 4", "+5" => "+ 5"); $comment_votes = array("none" => "none",
"-1" => "- 1",
"0" => "+ 0",
"+1" => "+ 1",
"+2" => "+ 2",
"+3" => "+ 3",
"+4" => "+ 4",
"+5" => "+ 5");
# #
# Categories: # Categories:
...@@ -82,7 +89,6 @@ ...@@ -82,7 +89,6 @@
# #
$anonymous = "Anonymous Chicken"; $anonymous = "Anonymous Chicken";
# #
# Themes: # Themes:
# the first theme listed in the associative array `$themes' will # the first theme listed in the associative array `$themes' will
......
...@@ -24,12 +24,14 @@ function check_field($message) { ...@@ -24,12 +24,14 @@ function check_field($message) {
} }
function check_input($message) { function check_input($message) {
return strip_tags($message); global $allowed_html;
return strip_tags(addslashes($message), $allowed_html);
} }
function check_output($message) { function check_output($message, $nl2br = 0) {
global $allowed_html; global $allowed_html;
return strip_tags(stripslashes($message), $allowed_html); if ($nl2br == 1) return nl2br(strip_tags(stripslashes($message), $allowed_html));
else return strip_tags(stripslashes($message), $allowed_html);
} }
function discussion_num_replies($id, $count = 0) { function discussion_num_replies($id, $count = 0) {
...@@ -49,6 +51,10 @@ function format_plural($count, $one, $more) { ...@@ -49,6 +51,10 @@ function format_plural($count, $one, $more) {
} }
function format_date($timestamp, $type = "medium") { function format_date($timestamp, $type = "medium") {
global $user;
$timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
switch ($type) { switch ($type) {
case "small": case "small":
$date = date("D, m/d/y - H:i", $timestamp); $date = date("D, m/d/y - H:i", $timestamp);
......
...@@ -12,8 +12,8 @@ function submission_displayMain() { ...@@ -12,8 +12,8 @@ function submission_displayMain() {
$content .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n"; $content .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
$content .= " <TR BGCOLOR=\"$bgcolor1\"><TH>Subject</TH><TH>Category</TH><TH>Date</TH><TH>Author</TH><TH>Score</TH></TR>\n"; $content .= " <TR BGCOLOR=\"$bgcolor1\"><TH>Subject</TH><TH>Category</TH><TH>Date</TH><TH>Author</TH><TH>Score</TH></TR>\n";
while ($submission = db_fetch_object($result)) { while ($submission = db_fetch_object($result)) {
if (user_getHistory($user->history, "s$submission->id")) $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">". check_output($submission->subject) ."</A></TD><TD>$submission->category</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\">". submission_score($submission->id) ."</TD></TR>\n"; if (user_getHistory($user->history, "s$submission->id")) $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">". stripslashes($submission->subject) ."</A></TD><TD>$submission->category</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\">". submission_score($submission->id) ."</TD></TR>\n";
else $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">". check_output($submission->subject) ."</A></TD><TD>$submission->category</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">vote</A></TD></TR>\n"; else $content .= " <TR><TD WIDTH=\"100%\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">". stripslashes($submission->subject) ."</A></TD><TD>$submission->category</TD><TD ALIGN=\"center\">". date("Y-m-d", $submission->timestamp) ."<BR>". date("H:m:s", $submission->timestamp) ."</TD><TD ALIGN=\"center\">". format_username($submission->userid) ."</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=view&id=$submission->id\">vote</A></TD></TR>\n";
} }
$content .= "</TABLE>\n"; $content .= "</TABLE>\n";
......
...@@ -118,7 +118,7 @@ function submit_preview($subject, $abstract, $article, $category) { ...@@ -118,7 +118,7 @@ function submit_preview($subject, $abstract, $article, $category) {
$output .= "</FORM>\n"; $output .= "</FORM>\n";
$theme->header(); $theme->header();
$theme->preview($user->userid, check_output($subject), check_output($abstract), "", check_output($article), date("l, F d, Y - H:i A", time()), check_output($category), "we-hate-typoes"); $theme->preview($user->userid, check_output($subject), check_output($abstract), "", check_output($article), format_date(time(), "extra large"), check_output($category), "we-hate-typoes");
$theme->box("Submit a story", $output); $theme->box("Submit a story", $output);
$theme->footer(); $theme->footer();
} }
......
...@@ -39,13 +39,17 @@ function header($title) { ...@@ -39,13 +39,17 @@ function header($title) {
<TABLE BORDER="0" CELLPADDING="8" CELLSPACING="0"> <TABLE BORDER="0" CELLPADDING="8" CELLSPACING="0">
<TR> <TR>
<TD ROWSPAN="3" WIDTH="30">&nbsp;</TD> <TD ROWSPAN="3" WIDTH="30">&nbsp;</TD>
<TD COLSPAN="2"><A HREF="" ><IMG SRC="themes/marvin/images/logo.gif" ALT="drop.org" BORDER="0"></A></TD> <TD WIDTH="470"><A HREF=""><IMG SRC="themes/marvin/images/logo.gif" ALT="drop.org" BORDER="0"></A></TD>
<TD WIDTH="180">
<LI>Create an <A HREF="account.php?op=register">account</A> and <A HREF="submit.php">submit</A> new stories.</LI>
<LI>Send your questions, feedback and bug reports to <A HREF="mailto:info@drop.org">info@drop.org</A>.</LI>
</TD>
</TR> </TR>
<TR> <TR>
<TD ALIGN="right" COLSPAN="2"><SMALL><A HREF="">home</A> | <A HREF="faq.php">faq</A> | <A HREF="diary.php">diary</A> | <A HREF="search.php">search</A> | <A HREF="submit.php">submit news</A> | <A HREF="account.php">user account</A></SMALL></TD> <TD ALIGN="right" COLSPAN="2"><SMALL><A HREF="">home</A> | <A HREF="faq.php">faq</A> | <A HREF="diary.php">diary</A> | <A HREF="search.php">search</A> | <A HREF="submit.php">submit news</A> | <A HREF="account.php">user account</A></SMALL></TD>
</TR> </TR>
<TR> <TR>
<TD VALIGN="top" WIDTH="470"> <TD VALIGN="top">
<? <?
} }
...@@ -54,15 +58,13 @@ function header($title) { ...@@ -54,15 +58,13 @@ function header($title) {
# Description..: a function to draw an abstract story box, that is the # Description..: a function to draw an abstract story box, that is the
# boxes displayed on the main page. # boxes displayed on the main page.
function abstract($story) { function abstract($story) {
$story->timestamp = date("l, F d, Y - h:i:s A", $story->timestamp);
print "\n<!-- story: \"$story->subject\" -->\n"; print "\n<!-- story: \"$story->subject\" -->\n";
print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"2\" WIDTH=\"100%\">\n"; print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"2\" WIDTH=\"100%\">\n";
print " <TR><TD COLSPAN=\"2\"><IMG SRC=\"themes/marvin/images/drop.gif\" ALT=\"\"> &nbsp; <B>$story->subject</B></TD></TR>\n"; print " <TR><TD COLSPAN=\"2\"><IMG SRC=\"themes/marvin/images/drop.gif\" ALT=\"\"> &nbsp; <B>$story->subject</B></TD></TR>\n";
print " <TR VALIGN=\"bottom\"><TD COLSPAN=\"2\" BGCOLOR=\"#000000\" WIDTH=\"100%\"><IMG SRC=\"themes/marvin/images/pixel.gif\" WIDTH=\"1\" HEIGHT=\"0\" ALT=\"\"></TD></TR>\n"; print " <TR VALIGN=\"bottom\"><TD COLSPAN=\"2\" BGCOLOR=\"#000000\" WIDTH=\"100%\"><IMG SRC=\"themes/marvin/images/pixel.gif\" WIDTH=\"1\" HEIGHT=\"0\" ALT=\"\"></TD></TR>\n";
print " <TR>\n"; print " <TR>\n";
print " <TD>\n"; print " <TD>\n";
print " <FONT COLOR=\"#7C7C7C\"><SMALL>Posted by ". format_username($story->userid) ." on $story->timestamp"; ?><? if ($story->department) print "<BR>from the $story->department dept."; ?><? print "</SMALL></FONT></TD><TD ALIGN=\"right\" VALIGN=\"top\" NOWRAP><SMALL><A HREF=\"search.php?category=". urlencode($story->category) ."\"><FONT COLOR=\"#83997A\">$story->category</FONT></A></SMALL>\n"; print " <FONT COLOR=\"#7C7C7C\"><SMALL>Posted by ". format_username($story->userid) ." on ". format_date($story->timestamp, "extra large"). ""; ?><? if ($story->department) print "<BR>from the $story->department dept."; ?><? print "</SMALL></FONT></TD><TD ALIGN=\"right\" VALIGN=\"top\" NOWRAP><SMALL><A HREF=\"search.php?category=". urlencode($story->category) ."\"><FONT COLOR=\"#83997A\">$story->category</FONT></A></SMALL>\n";
print " </TD>\n"; print " </TD>\n";
print " </TR>\n"; print " </TR>\n";
print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>\n"; print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>\n";
...@@ -84,15 +86,13 @@ function abstract($story) { ...@@ -84,15 +86,13 @@ function abstract($story) {
# comments). It's what you get when you followed for # comments). It's what you get when you followed for
# instance one of read-more links on the main page. # instance one of read-more links on the main page.
function article($story, $reply) { function article($story, $reply) {
$story->timestamp = date("l, F d, Y - h:i:s A", $story->timestamp);
print "\n<!-- story: \"$story->subject\" -->\n"; print "\n<!-- story: \"$story->subject\" -->\n";
print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"2\" WIDTH=\"100%\">\n"; print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"2\" WIDTH=\"100%\">\n";
print " <TR><TD COLSPAN=\"2\"><IMG SRC=\"themes/marvin/images/drop.gif\" ALT=\"\"> &nbsp; <B>$story->subject</B></TD></TR>\n"; print " <TR><TD COLSPAN=\"2\"><IMG SRC=\"themes/marvin/images/drop.gif\" ALT=\"\"> &nbsp; <B>$story->subject</B></TD></TR>\n";
print " <TR VALIGN=\"bottom\"><TD COLSPAN=\"2\" BGCOLOR=\"#000000\" WIDTH=\"100%\"><IMG SRC=\"themes/marvin/images/pixel.gif\" WIDTH=\"1\" HEIGHT=\"0\" ALT=\"\"></TD></TR>\n"; print " <TR VALIGN=\"bottom\"><TD COLSPAN=\"2\" BGCOLOR=\"#000000\" WIDTH=\"100%\"><IMG SRC=\"themes/marvin/images/pixel.gif\" WIDTH=\"1\" HEIGHT=\"0\" ALT=\"\"></TD></TR>\n";
print " <TR>\n"; print " <TR>\n";
print " <TD>\n"; print " <TD>\n";
print " <FONT COLOR=\"#7C7C7C\"><SMALL>Posted by ". format_username($story->userid) ." on $story->timestamp"; ?><? if ($story->department) print "<BR>from the $story->department dept."; ?><? print "</SMALL></FONT></TD><TD ALIGN=\"right\" VALIGN=\"top\" NOWRAP><SMALL><A HREF=\"search.php?category=". urlencode($story->category) ."\"><FONT COLOR=\"#83997A\">$story->category</FONT></A></SMALL>\n"; print " <FONT COLOR=\"#7C7C7C\"><SMALL>Posted by ". format_username($story->userid) ." on ". format_date($story->timestamp, "extra large") .""; ?><? if ($story->department) print "<BR>from the $story->department dept."; ?><? print "</SMALL></FONT></TD><TD ALIGN=\"right\" VALIGN=\"top\" NOWRAP><SMALL><A HREF=\"search.php?category=". urlencode($story->category) ."\"><FONT COLOR=\"#83997A\">$story->category</FONT></A></SMALL>\n";
print " </TD>\n"; print " </TD>\n";
print " </TR>\n"; print " </TR>\n";
print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>\n"; print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>\n";
...@@ -283,7 +283,7 @@ function box($subject, $content) { ...@@ -283,7 +283,7 @@ function box($subject, $content) {
function footer() { function footer() {
?> ?>
</TD> </TD>
<TD VALIGN="top" WIDTH="180"> <TD VALIGN="top">
<? <?
global $PHP_SELF; global $PHP_SELF;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment