Commit 44c48004 authored by Dries's avatar Dries

- here a bunch of changes to make "drupal" (for now) work with PHP 4.0.4
- tidied up some of the code and mainly working on the documentation
parent 83f6495c
......@@ -33,7 +33,7 @@ ErrorDocument 500 /error.php
php_value magic_quotes_runtime 0
php_value magic_quotes_sybase 0
php_value session.name DROPID
php_value session.auto_start 1
php_value session.auto_start 0
php_value session.cookie_lifetime 2000000
php_value session.gc_maxlifetime 2000000
php_value session.cache_expire 200000
......
......@@ -77,7 +77,7 @@ function account_user_edit() {
global $theme, $user;
if ($user->id) {
### Generate output/content:
// Generate output/content:
$output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
$output .= "<B>Username:</B><BR>\n";
$output .= "&nbsp; $user->userid<P>\n";
......@@ -106,7 +106,7 @@ function account_user_edit() {
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save user information\"><BR>\n";
$output .= "</FORM>\n";
### Display output/content:
// Display output/content:
$theme->header();
$theme->box("Edit user settings", $output);
$theme->footer();
......@@ -276,7 +276,7 @@ function account_user($uname) {
$output .= " <TR><TD ALIGN=\"right\" VALIGN=\"top\"><B>Signature:</B></TD><TD>". format_data($user->signature) ."</TD></TR>\n";
$output .= "</TABLE>\n";
### Display account information:
// Display account information:
$theme->header();
$theme->box("View user settings", $output);
$theme->footer();
......@@ -306,7 +306,7 @@ function account_user($uname) {
$diaries++;
}
### Display account information:
// Display account information:
$theme->header();
if ($box1) $theme->box("User information for $uname", $box1);
if ($box2) $theme->box("$uname has posted ". format_plural($comments, "comment", "comments") ." recently", $box2);
......@@ -314,7 +314,7 @@ function account_user($uname) {
$theme->footer();
}
else {
### Display login form:
// Display login form:
$theme->header();
$theme->box("Create user account", account_create());
$theme->box("E-mail password", account_email());
......@@ -323,18 +323,16 @@ function account_user($uname) {
}
function account_validate($user) {
include "includes/ban.inc";
### Verify username and e-mail address:
// Verify username and e-mail address:
if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n";
if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n";
if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n";
### Check to see whether the username or e-mail address are banned:
// Check to see whether the username or e-mail address are banned:
if ($ban = ban_match($user[userid], $type2index[usernames])) $error .= "<LI>the specified username is banned for the following reason: <I>$ban->reason</I>.</LI>\n";
if ($ban = ban_match($user[real_email], $type2index[addresses])) $error .= "<LI>the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.</LI>\n";
### Verify whether username and e-mail address are unique:
// Verify whether username and e-mail address are unique:
if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error .= "<LI>the specified username is already taken.</LI>\n";
if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error .= "<LI>the specified e-mail address is already registered.</LI>\n";
......@@ -537,7 +535,7 @@ function account_track_site() {
$theme->footer();
}
### Security check:
// Security check:
if (strstr($name, " ") || strstr($hash, " ")) {
watchdog("error", "account: attempt to provide malicious input through URI");
exit();
......
<?
include "includes/common.inc";
// validate user permission:
if (!$user->id || ($user->permissions != 1 && $user->id > 1)) exit();
include "includes/common.inc";
function admin_page($mod) {
global $repository, $menu, $modules;
......
This diff is collapsed.
......@@ -12,10 +12,10 @@
function ban_match($mask, $category) {
### Perform query:
// Perform query:
$result = db_query("SELECT * FROM bans WHERE type = $category AND LOWER('$mask') LIKE LOWER(mask)");
### Return result:
// Return result:
return db_fetch_object($result);
}
......@@ -32,7 +32,7 @@ function ban_add($mask, $category, $reason, $message = "") {
$result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')");
$message = "added new ban with mask `$mask'.<P>\n";
### Add log entry:
// Add log entry:
watchdog("message", "added new ban `$mask' to category `". $index2type[$category] ."' with reason `$reason'.");
}
}
......@@ -43,10 +43,10 @@ function ban_delete($id) {
$result = db_query("SELECT * FROM bans WHERE id = $id");
if ($ban = db_fetch_object($result)) {
### Perform query:
// Perform query:
$result = db_query("DELETE FROM bans WHERE id = $id");
### Deleted log entry:
// Deleted log entry:
watchdog("message", "removed ban `$ban->mask' from category `". $index2type[$ban->type] ."'.");
}
}
......
......@@ -8,8 +8,8 @@
include_once "includes/theme.inc";
include_once "includes/user.inc";
global $user;
session_start();
$theme = load_theme();
?>
?>
\ No newline at end of file
......@@ -41,7 +41,7 @@ function db_fetch_array($qid) {
if ($qid) return mysql_fetch_array($qid);
}
function db_result($qid, $field) {
function db_result($qid, $field = 0) {
if ($qid) return mysql_result($qid, $field);
}
......
<?
function id2story($id) {
### Perform query:
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id");
return db_fetch_object($result);
}
function load_theme() {
global $user, $themes;
......
......@@ -14,20 +14,20 @@ function submission_vote($id, $vote, $comment) {
global $user, $submission_post_threshold, $submission_dump_threshold;
if (!user_getHistory($user->history, "s$id")) {
### Update submission's score- and votes-field:
// Update submission's score- and votes-field:
db_query("UPDATE stories SET score = score $vote, votes = votes + 1 WHERE id = $id");
### Update the comments (if required):
// Update the comments (if required):
if ($comment) {
watchdog("comment", "moderation: added comment with subject '$subject'");
db_query("INSERT INTO comments (sid, author, subject, comment, hostname, timestamp) VALUES($id, $user->id, '". check_input(substr($comment, 0, 29)) ." ...', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
}
### Update user's history record:
// Update user's history record:
user_setHistory($user, "s$id", $vote); // s = submission
### Update story table (if required):
// Update story table (if required):
$result = db_query("SELECT * FROM stories WHERE id = $id");
if ($submission = db_fetch_object($result)) {
if ($submission->score >= $submission_post_threshold) {
......
......@@ -10,7 +10,7 @@ function submission_number() {
return ($result) ? db_result($result, 0) : 0;
}
### Display account settings:
// Display account settings:
$content .= "<LI><A HREF=\"account.php?op=track&topic=comments\">track your comments</A></LI>\n";
$content .= "<LI><A HREF=\"account.php?op=track&topic=stories\">track your stories</A></LI>\n";
$content .= "<LI><A HREF=\"account.php?op=track&topic=site\">track $site_name</A></LI>\n";
......@@ -99,7 +99,7 @@ function theme_moderation_results($theme, $story) {
}
function theme_related_links($theme, $story) {
### Parse story for <A HREF="">-tags:
// Parse story for <A HREF="">-tags:
$text = stripslashes("$story->abstract $story->updates $story->article");
while ($text = stristr($text, "<A HREF=")) {
$link = substr($text, 0, strpos(strtolower($text), "</a>") + 4);
......@@ -107,33 +107,15 @@ function theme_related_links($theme, $story) {
if (!stristr($link, "mailto:")) $content .= "<LI>$link</LI>";
}
### Stories in the same category:
// Stories in the same category:
$content .= " <LI>More about <A HREF=\"search.php?category=". urlencode($story->category) ."\">$story->category</A>.</LI>";
### Stories from the same author:
// Stories from the same author:
if ($story->userid) $content .= " <LI>Also by <A HREF=\"search.php?author=". urlencode($story->userid) ."\">$story->userid</A>.</LI>";
$theme->box("Related links", $content);
}
function theme_old_headlines($theme, $num = 10) {
global $user;
if ($user->stories) $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $user->stories, $num");
else $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $num, $num");
while ($story = db_fetch_object($result)) {
if ($time != date("F jS", $story->timestamp)) {
$content .= "<P><B>". date("l, M jS", $story->timestamp) ."</B></P>\n";
$time = date("F jS", $story->timestamp);
}
$content .= "<LI><A HREF=\"discussion.php?id=$story->id\">$story->subject</A></LI>\n";
}
$content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>";
$theme->box("Older headlines", $content);
}
function theme_comment_moderation($id, $author, $score, $votes) {
global $user, $comment_votes;
......@@ -154,9 +136,28 @@ function theme_new_headlines($theme, $num = 10) {
$content = "";
$result = db_query("SELECT id, subject FROM stories WHERE status = 2 ORDER BY id DESC LIMIT $num");
while ($story = db_fetch_object($result)) $content .= "<LI><A HREF=\"discussion.php?id=$story->id\">$story->subject</A></LI>\n";
while ($story = db_fetch_object($result)) $content .= "<LI><A HREF=\"discussion.php?id=$story->id\">". check_output($story->subject) ."</A></LI>\n";
$content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>";
$theme->box("Latest headlines", $content);
}
function theme_old_headlines($theme, $num = 10) {
global $user;
if ($user->stories) $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $user->stories, $num");
else $result = db_query("SELECT id, subject, timestamp FROM stories WHERE status = 2 ORDER BY timestamp DESC LIMIT $num, $num");
while ($story = db_fetch_object($result)) {
if ($time != date("F jS", $story->timestamp)) {
$content .= "<P><B>". date("l, M jS", $story->timestamp) ."</B></P>\n";
$time = date("F jS", $story->timestamp);
}
$content .= "<LI><A HREF=\"discussion.php?id=$story->id\">". check_output($story->subject) ."</A></LI>\n";
}
$content .= "<P ALIGN=\"right\">[ <A HREF=\"search.php\"><FONT COLOR=\"$theme->hlcolor2\">more</FONT></A> ]</P>";
$theme->box("Older headlines", $content);
}
?>
......@@ -42,7 +42,7 @@ function user_setHistory(&$user, $field, $value) {
$history = $user->history;
if (!$value) {
### remove entry:
// remove entry:
$data = explode(";", $history);
for (reset($data); current($data); next($data)) {
$entry = explode(":", current($data));
......@@ -50,7 +50,7 @@ function user_setHistory(&$user, $field, $value) {
}
}
else if (strstr($history, "$field:")) {
### found: update exsisting entry:
// found: update exsisting entry:
$data = explode(";", $history);
for (reset($data); current($data); next($data)) {
$entry = explode(":", current($data));
......@@ -59,12 +59,12 @@ function user_setHistory(&$user, $field, $value) {
}
}
else {
### not found: add new entry:
// not found: add new entry:
$rval = "$history$field:$value;";
}
$user->history = $rval;
### save new history:
// save new history:
$query .= "UPDATE users SET ";
foreach ($user->field as $key=>$field) { $value = $user->$field; $query .= "$field = '". addslashes($value) ."', "; }
$query .= " id = $user->id WHERE id = $user->id";
......@@ -75,4 +75,4 @@ function user_clean() {
// todo - called by cron job
}
?>
?>
\ No newline at end of file
......@@ -10,7 +10,7 @@ function submission_number() {
return ($result) ? db_result($result, 0) : 0;
}
### Display account settings:
// Display account settings:
$content .= "<LI><A HREF=\"account.php?op=track&topic=comments\">track your comments</A></LI>\n";
$content .= "<LI><A HREF=\"account.php?op=track&topic=stories\">track your stories</A></LI>\n";
$content .= "<LI><A HREF=\"account.php?op=track&topic=site\">track $site_name</A></LI>\n";
......@@ -91,7 +91,7 @@ function display_moderation_results($theme, $story) {
}
function display_related_links($theme, $story) {
### Parse story for <A HREF="">-tags:
// Parse story for <A HREF="">-tags:
$text = stripslashes("$story->abstract $story->updates $story->article");
while ($text = stristr($text, "<A HREF=")) {
$link = substr($text, 0, strpos(strtolower($text), "</a>") + 4);
......@@ -99,10 +99,10 @@ function display_related_links($theme, $story) {
if (!stristr($link, "mailto:")) $content .= "<LI>$link</LI>";
}
### Stories in the same category:
// Stories in the same category:
$content .= " <LI>More about <A HREF=\"search.php?category=". urlencode($story->category) ."\">$story->category</A>.</LI>";
### Stories from the same author:
// Stories from the same author:
if ($story->userid) $content .= " <LI>Also by <A HREF=\"search.php?author=". urlencode($story->userid) ."\">$story->userid</A>.</LI>";
$theme->box("Related links", $content);
......
......@@ -2,20 +2,20 @@
include "includes/common.inc";
### Security check:
// Security check:
if (strstr($number, " ") || strstr($date, " ")) {
watchdog("error", "main page: attempt to provide malicious input through URI");
exit();
}
### Initialize/pre-process variables:
// Initialize/pre-process variables:
$number = ($user->stories) ? $user->stories : 10;
$date = ($date) ? $date : time();
### Perform query:
// Perform query:
$result = db_query("SELECT stories.*, users.userid, COUNT(comments.sid) AS comments FROM stories LEFT JOIN comments ON stories.id = comments.sid LEFT JOIN users ON stories.author = users.id WHERE stories.status = 2 AND stories.timestamp <= $date GROUP BY stories.id ORDER BY stories.timestamp DESC LIMIT $number");
### Display stories:
// Display stories:
$theme->header();
while ($story = db_fetch_object($result)) $theme->abstract($story);
$theme->footer();
......
<?
$module = array("block" => "ab_block",
$module = array("help" => "ab_help",
"block" => "ab_block",
"admin" => "ab_admin");
function ab_help() {
?>
<P>The content of the site can be almost entirely altered by means of blocks. Simply put, <I>admin blocks</I> are small bit of PHP code which will get plugged into the site. Admin blocks are typically used to add custom blocks to the site.</P>
<P>If you know how to script in PHP, admin blocks are pretty simple to create. Don't get your panties in a knot if you are not confident with PHP: simply use the standard admin blocks (i.e. those available by default) as they are just fine or ask an expert 'admin blocker' to help you creating custom admin blocks that fit your need.</P>
<P>Each admin block consists of a key of maximum 255 characters and an associated block of PHP code which can be as long as you want it to be. You can use any piece of PHP code to make up an admin block. A admin block's code is stored in the database and the engine or a particular module will use the key to find the associated piece of PHP code which will then be dynamically embedded in the engine or the module just-in-time for execution.</P>
<P>There are however some factors to keep in mind when using and creating admin blocks: admin blocks can be extremly useful and flexible, yet be dangerous and insecure if not properly used. If you are not confident with PHP, SQL or even with the site engine for that matter, avoid experimenting with admin blocks because you can - and you probably will - corrupt your database or even break your site! If you don't plan to do fancy stuff with admin blocks then you are probably save.</P>
<P>Remember that the code within each admin block must be valid PHP code, including things like terminating statements with a semicolon so the parser won't die. Therefore, it is highly recommended to test your admin blocks seperatly using a simple test script on top of a test database before migrating to your production environment running your real database.</P>
<P>Note that you can use any global variables, such as configuration parameters within the scope of an admin block and keep in mind that variables that have been given values in an admin block will retain these values in the engine or module afterwards.</P>
<P>You may as well use the <CODE>return</CODE> statement to return the actual content of the block.</P>
<P><U>A basic example:</U></P>
<P>Given the admin block with subject "Welcome", used to create a Welcome-block. The content for this admin block could be created by using:</P>
<PRE>
return "Welcome visitor, ... welcome message goes here ...";
</PRE>
<P>If we are however dealing with a registered user, we can customize the message by using:
<PRE>
if ($user) {
return "Welcome $user->userid, ... weclome message goes here ...";
}
else {
return "Welcome visitor, ... welcome message goes here ...";
}
</PRE>
<P>For more in depth example, we recommand you to check any of the available admin blocks and to go from there.</P>
<P>As said above, you can virtually use any piece of PHP code in an admin block: you can declare and use functions, consult the SQL database, access configuration settings and so on.</P>
<?
}
function ab_block() {
$result = db_query("SELECT * FROM admin_blocks");
$i = 0;
......
......@@ -2,8 +2,6 @@
$module = array("admin" => "cron_admin");
include_once "includes/function.inc";
function cron_save($edit) {
foreach ($edit as $key=>$value) {
db_query("UPDATE crons SET scheduled = '$value' WHERE module = '$key'");
......
This diff is collapsed.
......@@ -2,6 +2,7 @@
$module = array("page" => "headline_page",
"cron" => "headline_cron",
"help" => "headline_help",
"block" => "headline_block",
"admin" => "headline_admin",
"export" => "headline_export");
......@@ -65,6 +66,12 @@ function headline_cron() {
}
}
function headline_help() {
?>
The headline module both imports and exports RDF/RSS headlines.
<?
}
function headline_block() {
$result = db_query("SELECT * FROM channel");
while ($channel = db_fetch_object($result)) {
......
......@@ -90,14 +90,14 @@ function story_save($id, $subject, $abstract, $updates, $article, $category, $st
}
function story_display($order = "date") {
### Initialize variables:
// Initialize variables:
$status = array("deleted", "pending", "public");
$fields = array("author" => "author", "category" => "category", "date" => "timestamp DESC", "status" => "status DESC");
### Perform SQL query:
// Perform SQL query:
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON u.id = s.author ORDER BY s.$fields[$order]");
### Display stories:
// Display stories:
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR>\n";
$output .= " <TH ALIGN=\"right\" COLSPAN=\"5\">\n";
......
......@@ -90,14 +90,14 @@ function story_save($id, $subject, $abstract, $updates, $article, $category, $st
}
function story_display($order = "date") {
### Initialize variables:
// Initialize variables:
$status = array("deleted", "pending", "public");
$fields = array("author" => "author", "category" => "category", "date" => "timestamp DESC", "status" => "status DESC");
### Perform SQL query:
// Perform SQL query:
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON u.id = s.author ORDER BY s.$fields[$order]");
### Display stories:
// Display stories:
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR>\n";
$output .= " <TH ALIGN=\"right\" COLSPAN=\"5\">\n";
......
......@@ -11,10 +11,10 @@ function watchdog_display($order = "date") {
$colors = array("#D8BFD8", "#6495ED", "#6A5ADF", "#FFFFFF", "#FFA500", "#FF3C3C");
$fields = array("date" => "id DESC", "username" => "user", "location" => "location", "message" => "message DESC", "level" => "level DESC");
### Perform query:
// Perform query:
$result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id ORDER BY l.$fields[$order]");
### Generate output:
// Generate output:
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR>\n";
$output .= " <TH ALIGN=\"right\" COLSPAN=\"4\">\n";
......
......@@ -11,10 +11,10 @@ function watchdog_display($order = "date") {
$colors = array("#D8BFD8", "#6495ED", "#6A5ADF", "#FFFFFF", "#FFA500", "#FF3C3C");
$fields = array("date" => "id DESC", "username" => "user", "location" => "location", "message" => "message DESC", "level" => "level DESC");
### Perform query:
// Perform query:
$result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id ORDER BY l.$fields[$order]");
### Generate output:
// Generate output:
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR>\n";
$output .= " <TH ALIGN=\"right\" COLSPAN=\"4\">\n";
......
<?
$module = array("page" => "wishlist_page");
$module = array("page" => "wishlist_page",
"help" => "wishlist_help");
function wishlist_page() {
?>
......@@ -73,4 +74,8 @@ function wishlist_page() {
<?
}
function wishlist_help() {
print "Check the <A HREF=\"module.php?mod=wishlist\">feature wishlist</A>.";
}
?>
\ No newline at end of file
......@@ -11,7 +11,7 @@
$output .= " <FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
$output .= " <INPUT SIZE=\"50\" VALUE=\"$terms\" NAME=\"terms\" TYPE=\"text\"><BR>\n";
### category:
// category:
$output .= "<SELECT NAME=\"category\">\n";
if ($category) $output .= " <OPTION VALUE=\"$category\">$category</OPTION>\n";
$output .= " <OPTION VALUE=\"\">All categories</OPTION>\n";
......@@ -20,7 +20,7 @@
}
$output .= "</SELECT>\n";
### order:
// order:
$output .= "<SELECT NAME=\"order\">\n";
if ($order == "Oldest first") {
$output .= " <OPTION VALUE=\"Oldest first\">Oldest first</OPTION>\n";
......@@ -38,7 +38,7 @@
$output .= " <TR>\n";
$output .= " <TD>\n";
### Compose and perform query:
// Compose and perform query:
$query = "SELECT s.id, s.subject, u.userid, s.timestamp, COUNT(c.cid) AS comments FROM stories s LEFT JOIN users u ON s.author = u.id LEFT JOIN comments c ON s.id = c.sid WHERE s.status = 2 ";
$query .= ($author) ? "AND u.userid = '$author' " : "";
$query .= ($terms) ? "AND (s.subject LIKE '%$terms%' OR s.abstract LIKE '%$terms%' OR s.updates LIKE '%$terms%') " : "";
......@@ -46,7 +46,7 @@
$query .= ($order == "Oldest first") ? "ORDER BY s.timestamp ASC" : "ORDER BY s.timestamp DESC";
$result = db_query("$query");
### Display search results:
// Display search results:
$output .= "<HR>\n";
while ($entry = db_fetch_object($result)) {
......
......@@ -6,7 +6,7 @@
function submission_displayMain() {
global $PHP_SELF, $theme, $user;
### Perform query:
// Perform query:
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 1 ORDER BY s.id");
$content .= "<P>Anyone who happens by, and has some news or some thoughts they'd like to share, can <A HREF=\"submit.php\">submit</A> new content for consideration. After someone has submitted something, their story is added to a queue. All registered users can access this list of pending stories, that is, stories that have been submitted, but do not yet appear on the public front page. Those registered users can vote whether they think the story should be posted or not. When enough people vote to post a story, the story is pushed over the threshold and up it goes on the public page. On the other hand, when too many people voted to drop a story, the story will get trashed.</P><P>Basically, this means that you, the community, are truly the editors of this site as you have the final decision on the content of this site. It's you judging the overall quality of a story. But remember, vote on whether the story is interesting, not on whether you agree with it or not. If the story goes up, you can disagree all you want, but don't vote `no' because you think the ideas expressed are wrong. Instead, vote `no' when you think the story is plain boring.</P>";
......@@ -58,7 +58,7 @@ function submission_displayItem($id) {
$theme->footer();
}
### Security check:
// Security check:
if (strstr($id, " ")) {
watchdog("error", "submission: attempt to provide malicious input through URI");
exit();
......
......@@ -3,12 +3,12 @@
function submit_enter() {
global $anonymous, $categories, $allowed_html, $theme, $user;
### Guidlines:
// Guidlines:
$output .= "<P>Got some news or some thoughts you would like to share? Fill out this form and they will automatically get whisked away to our submission queue where our moderators will frown at it, poke at it and hopefully post it. Every registered user is automatically a moderator and can vote whether or not your sumbission should be carried to the front page for discussion.</P>\n";
$output .= "<P>Note that we do not revamp or extend your submission so it is up to you to make sure your submission is well-written: if you don't care enough to be clear and complete, your submission is likely to be moderated down by our army of moderators. Try to be complete, aim for clarity, organize and structure your text, and try to carry out your statements with examples. It is also encouraged to extend your submission with arguments that flow from your unique intellectual capability and experience: offer some insight or explanation as to why you think your submission is interesting. Make sure your submission has some meat on it!</P>\n";
$output .= "<P>However, if you have bugs to report, complaints, personal questions or anything besides a public submission, we would prefer you to mail us instead, or your message is likely to get lost.</P><BR>\n";
### Submission form:
// Submission form:
$output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
$output .= "<P>\n <B>Your name:</B><BR>\n";
......@@ -129,13 +129,13 @@ function submit_preview($subject, $abstract, $article, $category) {
function submit_submit($subject, $abstract, $article, $category) {
global $user, $theme;
### Add log entry:
// Add log entry:
watchdog("story", "added new story with subject `$subject'");
### Add submission to SQL table:
// Add submission to SQL table:
db_query("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check_input($subject) ."', '". check_input($abstract) ."', '". check_input($article) ."', '". check_input($category) ."', '". time() ."')");
### Display confirmation message:
// Display confirmation message:
$theme->header();
$theme->box("Thank you for your submission.", "Thank you for your submission. Your submission has been whisked away to our submission queue where our registered users will frown at it, poke at it and hopefully carry it to the front page for discussion.");
$theme->footer();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment