diff --git a/account.php b/account.php
index 79267fa9ab3cc4d7265a4987fd6995ff84c97dea..b3851e6cbb3b4eedc2302078a42d1b6981e83c49 100644
--- a/account.php
+++ b/account.php
@@ -201,7 +201,7 @@ function account_user($uname) {
$box1 .= " <TR><TD ALIGN=\"right\"><B>Bio:</B></TD><TD>". format_data($account->bio) ."</TD></TR>\n";
$box1 .= "</TABLE>\n";
- $result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND c.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
+ $result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND s.status = 2 AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
while ($comment = db_fetch_object($result)) {
$box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
$box2 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A></TD></TR>\n";
@@ -418,4 +418,4 @@ function account_comments() {
account_user($user->userid);
}
-?>
\ No newline at end of file
+?>
diff --git a/discussion.php b/discussion.php
index 24c6d6ab0695b69bc5a84ba77a35a3cfb6e63b74..e38729c9994918aff68242f2fe0e6a1c70e271cb 100644
--- a/discussion.php
+++ b/discussion.php
@@ -35,7 +35,7 @@ function discussion_kids($cid, $mode, $threshold, $level = 0, $dummy = 0) {
$comments++;
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
- $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, check_output($comment->url), check_output($comment->fake_email), discussion_score($comment), $comment->votes, $comment->cid, $link);
+ $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link);
discussion_kids($comment->cid, $mode, $threshold, $level + 1, $dummy + 1);
}
@@ -45,7 +45,7 @@ function discussion_kids($cid, $mode, $threshold, $level = 0, $dummy = 0) {
while ($comment = db_fetch_object($result)) {
if ($comment->score >= $threshold) {
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
- $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, check_output($comment->url), check_output($comment->fake_email), discussion_score($comment), $comment->votes, $comment->cid, $link);
+ $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link);
}
discussion_kids($comment->cid, $mode, $threshold);
}
@@ -70,7 +70,7 @@ function discussion_childs($cid, $threshold, $level = 0, $thread) {
$comments++;
### Compose link:
- $thread .= "<LI><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid\">". check_output($comment->subject) ."</A> by ". format_username($comment->userid) ." <SMALL>(". discussion_score($comment) .")<SMALL></LI>";
+ $thread .= "<LI><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> by ". format_username($comment->userid) ." <SMALL>(". discussion_score($comment) .")<SMALL></LI>";
### Recursive:
discussion_childs($comment->cid, $threshold, $level + 1, &$thread);
@@ -138,10 +138,10 @@ function discussion_display($sid, $pid, $cid, $level = 0) {
### Display the comments:
if (empty($mode) || $mode == "threaded") {
$thread = discussion_childs($comment->cid, $threshold);
- $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid, $link, $thread);
+ $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link, $thread);
}
else {
- $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid, $link);
+ $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link);
discussion_kids($comment->cid, $mode, $threshold, $level);
}
}
@@ -157,7 +157,7 @@ function discussion_reply($pid, $sid) {
### Extract parent-information/data:
if ($pid) {
$item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid"));
- $theme->comment($item->userid, check_output($item->subject), check_output($item->comment), $item->timestamp, check_output($item->url), check_output($item->fake_email), discussion_score($comment), $comment->votes, $item->cid, "reply to this comment");
+ $theme->comment(new Comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->fake_email, discussion_score($comment), $comment->votes, $item->cid), "reply to this comment");
}
else {
$item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid"));
@@ -201,7 +201,7 @@ function comment_preview($pid, $sid, $subject, $comment) {
global $user, $theme, $allowed_html;
### Preview comment:
- $theme->comment($user->userid, check_output($subject), check_output($comment), time(), check_output($user->url), check_output($user->fake_email), "", "", "", "reply to this comment");
+ $theme->comment(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, "", "", ""), "reply to this comment");
### Build reply form:
$output .= "<FORM ACTION=\"discussion.php\" METHOD=\"post\">\n";
@@ -252,7 +252,7 @@ function comment_post($pid, $sid, $subject, $comment) {
$fake = db_result(db_query("SELECT COUNT(*) FROM stories WHERE id = $sid"), 0);
### Check for duplicate comments:
- $duplicate = db_result(db_query("SELECT COUNT(*) FROM comments WHERE pid = '$pid' AND sid = '$sid' AND subject = '". addslashes($subject) ."' AND comment = '". addslashes($comment) ."'"), 0);
+ $duplicate = db_result(db_query("SELECT COUNT(*) FROM comments WHERE pid = '$pid' AND sid = '$sid' AND subject = '". check_input($subject) ."' AND comment = '". check_input($comment) ."'"), 0);
if ($fake != 1) {
watchdog(3, "attemp to insert fake comment");
@@ -267,7 +267,7 @@ function comment_post($pid, $sid, $subject, $comment) {
$subject = ($subject) ? $subject : substr($comment, 0, 29);
### Add comment to database:
- db_insert("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '$user->id', '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
+ db_insert("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '$user->id', '". check_input($subject) ."', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
### Compose header:
header("Location: discussion.php?id=$sid");
@@ -275,6 +275,7 @@ function comment_post($pid, $sid, $subject, $comment) {
}
include "includes/theme.inc";
+include "includes/comment.inc";
switch($op) {
case "Preview comment":
@@ -308,4 +309,4 @@ function comment_post($pid, $sid, $subject, $comment) {
$theme->footer();
}
-?>
\ No newline at end of file
+?>
diff --git a/includes/config.inc b/includes/config.inc
index c5fdffd8f26e889a44f4644ac1752cc02afac4b0..fa943fedbb4c2277b01b4af15ba4369203485ab3 100644
--- a/includes/config.inc
+++ b/includes/config.inc
@@ -11,17 +11,17 @@
#$dbname = "droporg";
### http://beta.drop.org/:
-$dbhost = "zind.net";
-$dbuname = "dries";
-$dbpass = "Abc123";
-$dbname = "dries";
-
-### http://dione/:
-#$dbhost = "";
+#$dbhost = "zind.net";
#$dbuname = "dries";
-#$dbpass = "oakley";
+#$dbpass = "Abc123";
#$dbname = "dries";
+### http://dione/:
+$dbhost = "";
+$dbuname = "dries";
+$dbpass = "oakley";
+$dbname = "dries";
+
#
# Name of the site
#
@@ -118,7 +118,7 @@
#
# Submission moderation thresholds:
#
-$submission_post_threshold = "2";
+$submission_post_threshold = "3";
$submission_dump_threshold = "-2";
-?>
\ No newline at end of file
+?>
diff --git a/includes/story.inc b/includes/story.inc
index 31deede659d34351b9bccc6411c25f65c9d25e12..d0c40ab14e04a1216e214ae242a11d7c4df847a8 100644
--- a/includes/story.inc
+++ b/includes/story.inc
@@ -1,7 +1,7 @@
<?
class Story {
- function story($userid, $subject, $abstract, $article, $category, $timestamp) {
+ function Story($userid, $subject, $abstract, $article, $category, $timestamp) {
$this->userid = $userid;
$this->subject = $subject;
$this->abstract = $abstract;
diff --git a/search.php b/search.php
index 18ef2c3b7920fcac84c14d0ac3612e42046693d7..1ea6defc157304537eb15436cb593d2541678110 100644
--- a/search.php
+++ b/search.php
@@ -40,10 +40,10 @@
$output .= " <TD>\n";
### Compose and perform query:
- $query = "SELECT DISTINCT s.id, s.subject, u.userid, s.timestamp, COUNT(c.cid) AS comments FROM comments c, stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND s.id = c.sid ";
+ $query = "SELECT s.id, s.subject, u.userid, s.timestamp, COUNT(c.cid) AS comments FROM stories s LEFT JOIN users u ON s.author = u.id LEFT JOIN comments c ON s.id = c.sid WHERE s.status = 2 ";
$query .= ($author) ? "AND u.userid = '$author' " : "";
$query .= ($terms) ? "AND (s.subject LIKE '%$terms%' OR s.abstract LIKE '%$terms%' OR s.updates LIKE '%$terms%') " : "";
- $query .= ($category) ? "AND s.category = '$category' GROUP BY c.sid " : "GROUP BY c.sid ";
+ $query .= ($category) ? "AND s.category = '$category' GROUP BY s.id " : "GROUP BY s.id ";
$query .= ($order == "Oldest first") ? "ORDER BY s.timestamp ASC" : "ORDER BY s.timestamp DESC";
$result = db_query("$query");
@@ -64,4 +64,4 @@
$theme->box("Search", $output);
$theme->footer();
-?>
\ No newline at end of file
+?>
diff --git a/submit.php b/submit.php
index 18eeb2a429fadef2b2f801a21e751d1bd9cfef88..121e9385f3111c3a8641f0ccd9e528952bfd8d40 100644
--- a/submit.php
+++ b/submit.php
@@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) {
$output .= "</FORM>\n";
$theme->header();
- $theme->article(new Story($user->userid, check_output($subject), check_output($abstract), check_output($article), check_output($category), time()));
+ $theme->article(new Story($user->userid, $subject, $abstract, $article, $category, time()));
$theme->box("Submit a story", $output);
$theme->footer();
}
@@ -160,4 +160,4 @@ function submit_submit($subject, $abstract, $article, $category) {
break;
}
-?>
\ No newline at end of file
+?>
diff --git a/themes/marvin/marvin.theme b/themes/marvin/marvin.theme
index 5512ebe1b6a634aff6724e586aa0969fede2a614..6b3356c009bc7a65fa219a953a6a9f86b8b6982c 100644
--- a/themes/marvin/marvin.theme
+++ b/themes/marvin/marvin.theme
@@ -177,9 +177,8 @@ function commentControl($sid, $title, $threshold, $mode, $order) {
######
# Syntax.......: comment(...);
# Description..: this function is used to theme user comments.
- function comment($poster, $subject, $comment, $timestamp, $url, $email, $score, $votes, $cid, $link, $thread = "") {
- print "\n<!-- Comment: \"$subject\" by $poster -->\n";
- print "<A NAME=\"$cid\">\n";
+ function comment($comment, $link, $thread = "") {
+ print "<A NAME=\"$comment->cid\">\n";
### Create comment header:
print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"0\" BGCOLOR=\"#000000\" WIDTH=\"100%\">\n";
@@ -193,22 +192,22 @@ function comment($poster, $subject, $comment, $timestamp, $url, $email, $score,
### Subject:
print " <TD ALIGN=\"right\" WIDTH=\"5%\"><B>Subject:</FONT></TD>\n";
- print " <TD WIDTH=\"80%\"><B><FONT COLOR=\"$this->hlcolor1\">$subject</FONT></B></TD>\n";
+ print " <TD WIDTH=\"80%\"><B><FONT COLOR=\"$this->hlcolor1\">". check_output($comment->subject) ."</FONT></B></TD>\n";
### Moderation:
print " <TD ALIGN=\"right\" ROWSPAN=\"3\" VALIGN=\"middle\" WIDTH=\"15%\">\n";
- display_comment_moderation($cid, $poster, $score, $votes);
+ display_comment_moderation($comment->cid, $comment->poster, $comment->score, $comment->votes);
print " </TD>\n";
print " </TR>\n";
### Author:
print " <TR>\n";
- print " <TD ALIGN=\"right\" VALIGN=\"top\">Author:</TD><TD>". format_username($poster) ."</TD>\n";
+ print " <TD ALIGN=\"right\" VALIGN=\"top\">Author:</TD><TD>". format_username($comment->userid) ."</TD>\n";
print " </TR>\n";
### Date
print " <TR>\n";
- print " <TD ALIGN=\"right\">Date:</TD><TD>". format_date($timestamp) ."</TD>\n";
+ print " <TD ALIGN=\"right\">Date:</TD><TD>". format_date($comment->timestamp) ."</TD>\n";
print " </TR>\n";
print " </TABLE>\n";
@@ -216,7 +215,7 @@ function comment($poster, $subject, $comment, $timestamp, $url, $email, $score,
print " </TR>\n";
### Print body of comment:
- if ($comment) print " <TR><TD BGCOLOR=\"#FFFFFF\">". check_output($comment, 1) ."</TD></TR>\n";
+ if ($comment->comment) print " <TR><TD BGCOLOR=\"#FFFFFF\">". check_output($comment->comment, 1) ."</TD></TR>\n";
### Print thread (if any):
if ($thread) print " <TR><TD BGCOLOR=\"$this->bgcolor1\">$thread</TD></TR>\n";