Commit e7019c25 authored by Dries's avatar Dries
Browse files

Changelog
---------
- improved the user information page.
- improved the story submission page.
- fixed comments score bug: '.00' --> 'x.00'
- tried fixing the calendar wrapping - UnConeD, is it fixed now?
- provided a link back to the submission queue after having voted
  for a story.
- fixed comment subject bug (and security flaw) by replacing
  quotes by ".
- updated theme 'zaphod': fixed 2 bugs.
- updated theme 'marvin': fixed 1 bug and improved the layout so
  things wrap (hopefully) better in Windows.
- comments have by default no subject pre-set - if no subject is
  provided, the user is warned and when a comment eventually got
  submitted without a subject, a subject is composed using the x
  first characters of the comment's body.
- improved comments on submit.php
- corrected a typo in the FAQ.

UnConeD
-------
- replace 'article.php' by 'discussion.php'
- comment() still uses old references to account.php: the
  parameters you supply to account.php does no longer hold.
  You have to update those links to the new syntax.
- commentcontrol() is outdated - copy paste the one of
  theme 'marvin' and adjust it to your likings.
parent 7dd86ad6
......@@ -41,8 +41,8 @@ ErrorDocument 500 /error.php
php_value magic_quotes_gpc 1
php_value magic_quotes_runtime 0
php_value magic_quotes_sybase 0
php_value session.auto_start 1
php_value session.cookie_lifetime 1728000
php_value session.gc_maxlifetime 1728000
php_value session.auto_start 1
php_value session.cookie_lifetime 17280000
php_value session.gc_maxlifetime 17280000
php_value session.name DROPID
</IfModule>
......@@ -33,7 +33,7 @@ function showUser($uname) {
if ($user && $uname && $user->userid == $uname) {
$output .= "<P>Welcome $user->userid! This is <B>your</B> user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.</P>\n";
$output .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
$output .= "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR><TD ALIGN=\"right\"><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Name:</B></TD><TD>". format_data($user->name) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email_address($user->femail) ."</A></TD></TR>\n";
......@@ -48,7 +48,7 @@ function showUser($uname) {
$theme->footer();
}
elseif ($uname && $account = account_getUser($uname)) {
$box1 .= "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2>\n";
$box1 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
$box1 .= " <TR><TD ALIGN=\"right\"><B>Username:</B></TD><TD>$account->userid</TD></TR>\n";
$box1 .= " <TR><TD ALIGN=\"right\"><B>E-mail:</B></TD><TD>". format_email_address($account->femail) ."</TD></TR>\n";
$box1 .= " <TR><TD ALIGN=\"right\"><B>URL:</B></TD><TD>". format_url($account->url) ."</TD></TR>\n";
......@@ -56,15 +56,19 @@ function showUser($uname) {
$box1 .= "</TABLE>\n";
$result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND c.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10");
while ($comment = db_fetch_object($result)) {
$box2 .= "<LI><TABLE BORDER=\"0\"><TR><TD>subject: <A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A><BR>date: ". format_date($comment->timestamp) ."<BR>attached to story: <A HREF=\"discussion.php?id=$comment->sid\">$comment->story</A></TD></TR></TABLE></LI>\n";
$box2 .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
$box2 .= " <TR><TD ALIGN=\"right\"><B>Comment:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A></TD></TR>\n";
$box2 .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($comment->timestamp) ."</TD></TR>\n";
$box2 .= " <TR><TD ALIGN=\"right\"><B>Story:</B></TD><TD><A HREF=\"discussion.php?id=$comment->sid\">$comment->story</A></TD></TR>\n";
$box2 .= "</TABLE>\n";
$box2 .= "<BR><BR>\n";
$comments++;
}
$result = db_query("SELECT d.* FROM diaries d LEFT JOIN users u ON u.id = d.author WHERE u.userid = '$uname' AND d.timestamp > ". (time() - 1209600) ." ORDER BY id DESC LIMIT 2");
while ($diary = db_fetch_object($result)) {
$box3 .= "<DL><DT><B>". date("l, F jS", $diary->timestamp) .":</B></DT><DD><P>". check($diary->text) ."</P><P>[ <A HREF=\"diary.php?op=view&name=$uname\">more</A> ]</P></DD></DL>\n";
$box3 .= "<DL><DT><B>". date("l, F jS", $diary->timestamp) .":</B></DT><DD><P>". check_output($diary->text) ."</P><P>[ <A HREF=\"diary.php?op=view&name=$uname\">more</A> ]</P></DD></DL>\n";
$diaries++;
}
......
......@@ -28,7 +28,7 @@ function display() {
### Generate calendar header:
$output .= "\n<!-- calendar -->\n";
$output .= "<TABLE WIDTH=\"100%\" BORDER=\"1\" CELLSPACING=\"0\" CELLPADDING=\"1\">\n";
$output .= " <TR><TD ALIGN=\"center\" COLSPAN=\"7\"><SMALL><A HREF=\"$PHP_SELF?date=$prev\">&lt;&lt;</A> &nbsp; ". date("F Y", $this->date) ." &nbsp; <A HREF=\"$PHP_SELF?date=$next\">&gt;&gt;</A></SMALL></TD></TR>\n";
$output .= " <TR><TD ALIGN=\"center\" COLSPAN=\"7\"><SMALL><A HREF=\"$PHP_SELF?date=$prev\">&lt;</A> &nbsp; ". date("F Y", $this->date) ." &nbsp; <A HREF=\"$PHP_SELF?date=$next\">&gt;</A></SMALL></TD></TR>\n";
$output .= " <TR><TD ALIGN=\"center\"><SMALL>S</SMALL></TD><TD ALIGN=\"center\"><SMALL>M</SMALL></TD><TD ALIGN=\"center\"><SMALL>T</SMALL></TD><TD ALIGN=\"center\"><SMALL>W</SMALL></TD><TD ALIGN=\"center\"><SMALL>T</SMALL></TD><TD ALIGN=\"center\"><SMALL>F</SMALL></TD><TD ALIGN=\"center\"><SMALL>S</SMALL></TD></TR>\n";
### Initialize temporary variables:
......
......@@ -19,7 +19,7 @@ function diary_overview($num = 20) {
$output .= "<DL>\n";
$output .= " <DD><P><B>$diary->userid wrote:</B></P></DD>\n";
$output .= " <DL>\n";
$output .= " <DD><P>". check($diary->text) ."</P><P>[ <A HREF=\"diary.php?op=view&name=$diary->userid\">more</A> ]</P></DD>\n";
$output .= " <DD><P>". check_output($diary->text) ."</P><P>[ <A HREF=\"diary.php?op=view&name=$diary->userid\">more</A> ]</P></DD>\n";
$output .= " </DL>\n";
$output .= "</DL>\n";
}
......@@ -34,13 +34,13 @@ function diary_entry($timestamp, $text, $id = 0) {
if ($id) {
$output .= "<DL>\n";
$output .= " <DT><B>". date("l, F jS", $timestamp) .":</B> </DT>\n";
$output .= " <DD><P>[ <A HREF=\"diary.php?op=edit&id=$id\">edit</A> ]</P><P>". check($text) ."</P></DD>\n";
$output .= " <DD><P>[ <A HREF=\"diary.php?op=edit&id=$id\">edit</A> ]</P><P>". check_output($text) ."</P></DD>\n";
$output .= "</DL>\n";
}
else {
$output .= "<DL>\n";
$output .= " <DT><B>". date("l, F jS", $timestamp) .":</B></DT>\n";
$output .= " <DD><P>". check($text) ."</P></DD>\n";
$output .= " <DD><P>". check_output($text) ."</P></DD>\n";
$output .= "</DL>\n";
}
return $output;
......@@ -74,7 +74,7 @@ function diary_add() {
$output .= "<P>\n";
$output .= " <B>Enter new diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
......@@ -101,7 +101,7 @@ function diary_edit($id) {
$output .= "<P>\n";
$output .= " <B>Edit diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($diary->text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
......@@ -127,7 +127,7 @@ function diary_preview($text, $timestamp, $id = 0) {
$output .= "<P>\n";
$output .= " <B>Preview diary entry:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"text\">". stripslashes($text) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) ."</I></SMALL>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
......
<?
function discussion_score($comment) {
$value = ($comments->votes) ? $comment->score / $comment->votes : $comments->score;
$value = ($comments->votes) ? $comment->score / $comment->votes : ($comments->score) ? $comments->score : 0;
return (strpos($value, ".")) ? substr($value ."00", 0, 4) : $value .".00";
}
......@@ -21,7 +21,7 @@ function discussion_moderate($moderate) {
}
}
function discussion_kids($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy = 0) {
function discussion_kids($cid, $mode, $level = 0, $dummy = 0) {
global $user, $theme;
$comments = 0;
......@@ -34,25 +34,22 @@ function discussion_kids($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy
if ($level && !$comments) print "<UL>";
$comments++;
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
$theme->comment($comment->userid, stripslashes($comment->subject), stripslashes($comment->comment), $comment->timestamp, stripslashes($comment->url), stripslashes($comment->femail), $comment->score, $comment->cid, $link);
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
$theme->comment($comment->userid, stripslashes($comment->subject), stripslashes($comment->comment), $comment->timestamp, stripslashes($comment->url), stripslashes($comment->femail), discussion_score($comment), $comment->cid, $link);
discussion_kids($comment->cid, $mode, $order, $thold, $level + 1, $dummy + 1);
discussion_kids($comment->cid, $mode, $level + 1, $dummy + 1);
}
}
}
elseif ($mode == "flat") {
while ($comment = db_fetch_object($result)) {
if ($comment->score >= $thold) {
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
$theme->comment($comment->userid, check($comment->subject), check($comment->comment), $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
$theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->femail, discussion_score($comment), $comment->cid, $link);
}
discussion_kids($comment->cid, $mode, $order, $thold);
discussion_kids($comment->cid, $mode);
}
}
elseif ($mode == "disabled") {
// do nothing
}
else {
print "ERROR: we should not get here!";
}
......@@ -62,8 +59,8 @@ function discussion_kids($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy
}
}
function discussion_childs($cid, $mode, $order, $thold, $level = 0, $thread) {
global $anonymous, $theme, $user;
function discussion_childs($cid, $level = 0, $thread) {
global $theme, $user;
### Perform SQL query:
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid ORDER BY c.timestamp, c.cid");
......@@ -79,16 +76,10 @@ function discussion_childs($cid, $mode, $order, $thold, $level = 0, $thread) {
$comments++;
### Compose link:
$thread .= "<LI><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid";
$thread .= ($mode) ? "&mode=$mode" : "&mode=threaded";
$thread .= ($order) ? "&order=$order" : "&order=0";
$thread .= ($thold) ? "&thold=$thold" : "&thold=0";
$thread .= "\">". check($comment->subject) ."</A> by ";
$thread .= ($comment->userid) ? $comment->userid : $anonymous;
$thread .= " <SMALL>(". discussion_score($comment) .")<SMALL></LI>";
$thread .= "<LI><A HREF=\"discussion.php?id=$comment->sid&cid=$comment->cid&pid=$comment->pid\">". check_output($comment->subject) ."</A> by ". format_username($comment->userid) ." <SMALL>(". discussion_score($comment) .")<SMALL></LI>";
### Recursive:
discussion_childs($comment->cid, $mode, $order, $thold, $level + 1, &$thread);
discussion_childs($comment->cid, $level + 1, &$thread);
}
if ($level && $comments) {
......@@ -98,22 +89,41 @@ function discussion_childs($cid, $mode, $order, $thold, $level = 0, $thread) {
return $thread;
}
function discussion_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0) {
function discussion_settings($mode, $order, $thold) {
global $user;
if ($user) {
db_query("UPDATE users SET umode = '$mode', uorder = '$order', thold = '$thold' WHERE id = '$user->id'");
user_rehash();
}
}
function discussion_display($sid, $pid, $cid, $level = 0) {
global $user, $theme;
### Pre-process variables:
$pid = (empty($pid)) ? 0 : $pid;
$cid = (empty($pid)) ? 0 : $cid;
$cid = (empty($cid)) ? 0 : $cid;
$mode = ($user) ? $user->umode : "threaded";
$order = ($user) ? $user->uorder : "1";
$thold = ($user) ? $user->thold : "0";
### Compose story-query:
$result = db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid");
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status != 0 AND s.id = $sid");
$story = db_fetch_object($result);
### Display story:
$theme->article($story, "[ <A HREF=\"\"><FONT COLOR=\"$theme->hlcolor2\">home</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$story->id&pid=0\"><FONT COLOR=\"$theme->hlcolor2\">add a comment</FONT></A> ]");
if ($story->status == 1) {
$theme->article($story, "[ <A HREF=\"submission.php\"><FONT COLOR=\"$theme->hlcolor2\">submission queue</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$story->id&pid=0\"><FONT COLOR=\"$theme->hlcolor2\">add a comment</FONT></A> ]");
}
else {
$theme->article($story, "[ <A HREF=\"\"><FONT COLOR=\"$theme->hlcolor2\">home</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$story->id&pid=0\"><FONT COLOR=\"$theme->hlcolor2\">add a comment</FONT></A> ]");
}
### Display `comment control'-box:
$theme->commentControl($sid, $title, $thold, $mode, $order);
if ($user) {
$theme->commentControl($sid, $title, $thold, $mode, $order);
}
### Compose query:
$query = "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.sid = $sid AND c.pid = $pid";
......@@ -132,20 +142,20 @@ function discussion_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0)
### Dynamically compose the `reply'-link:
if ($pid != 0) {
list($pid) = mysql_fetch_row(mysql_query("SELECT pid FROM comments WHERE cid = $comment->pid"));
$link = "<A HREF=\"discussion.php?id=$comment->sid&pid=$pid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">return to parent</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
$link = "<A HREF=\"discussion.php?id=$comment->sid&pid=$pid\"><FONT COLOR=\"$theme->hlcolor2\">return to parent</FONT></A> | <A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
}
else {
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A> ";
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A> ";
}
### Display the comments:
if (empty($mode) || $mode == "threaded") {
$thread = discussion_childs($comment->cid, $mode, $order, $thold);
$theme->comment($comment->userid, check($comment->subject), check($comment->comment), $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link, $thread);
$thread = discussion_childs($comment->cid);
$theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link, $thread);
}
else {
$theme->comment($comment->userid, check($comment->subject), check($comment->comment), $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
discussion_kids($comment->cid, $mode, $order, $thold, $level);
$theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
discussion_kids($comment->cid, $mode, $level);
}
}
......@@ -154,13 +164,13 @@ function discussion_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0)
print "</FORM>\n";
}
function discussion_reply($pid, $sid, $mode, $order, $thold) {
function discussion_reply($pid, $sid) {
global $anonymous, $user, $theme;
### Extract parent-information/data:
if ($pid) {
$item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid"));
$theme->comment($item->userid, check(stripslashes($item->subject)), check(stripslashes($item->comment)), $item->timestamp, stripslashes($item->url), stripslashes($item->femail), $item->score, $item->cid, "reply to this comment");
$theme->comment($item->userid, check_output(stripslashes($item->subject)), check_output(stripslashes($item->comment)), $item->timestamp, stripslashes($item->url), stripslashes($item->femail), $item->score, $item->cid, "reply to this comment");
}
else {
$item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid"));
......@@ -187,23 +197,18 @@ function discussion_reply($pid, $sid, $mode, $order, $thold) {
### Subject field:
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
if (!eregi("Re:",$item->subject)) $item->subject = "Re: $item->subject";
// Only one 'Re:' will just do fine. ;)
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($item->subject) ."\">\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\">\n";
$output .= "</P>\n";
### Comment field:
$output .= "<P>\n";
$output .= " <B>Comment:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". stripslashes($user->signature) ."</TEXTAREA><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_input($user->signature) ."</TEXTAREA><BR>\n";
$output .= "</P>\n";
### Hidden fields:
$output .= "<INPUT TYPE=\"hidden\" NAME=\"pid\" VALUE=\"$pid\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"sid\" VALUE=\"$sid\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"mode\" VALUE=\"$mode\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"order\" VALUE=\"$order\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"thold\" VALUE=\"$thold\">\n";
### Preview button:
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview comment\"> (You must preview at least once before you can submit.)\n";
......@@ -212,12 +217,12 @@ function discussion_reply($pid, $sid, $mode, $order, $thold) {
$theme->box("Reply", $output);
}
function comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold) {
function comment_preview($pid, $sid, $subject, $comment) {
global $anonymous, $user, $theme;
### Preview comment:
if ($user) $theme->comment("", check(stripslashes($subject)), check(stripslashes($comment)), time(), "", "", "na", "", "reply to this comment");
else $theme->comment($user->userid, check(stripslashes($subject)), check(stripslashes($comment)), time(), stripslashes($user->url), stripslashes($user->femail), "na", "", "reply to this comment");
if ($user) $theme->comment("", check_output(stripslashes($subject)), check_output(stripslashes($comment)), time(), "", "", "na", "", "reply to this comment");
else $theme->comment($user->userid, check_output(stripslashes($subject)), check_output(stripslashes($comment)), time(), stripslashes($user->url), stripslashes($user->femail), "na", "", "reply to this comment");
### Build reply form:
$output .= "<FORM ACTION=\"discussion.php\" METHOD=\"post\">\n";
......@@ -239,41 +244,36 @@ function comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold)
### Subject field:
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($subject) ."\">\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_input($subject) ."\">\n";
$output .= "</P>\n";
### Comment field:
$output .= "<P>\n";
$output .= " <B>Comment:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". stripslashes($comment) ."</TEXTAREA><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". check_input($comment) ."</TEXTAREA><BR>\n";
$output .= "</P>\n";
### Hidden fields:
$output .= "<INPUT TYPE=\"hidden\" NAME=\"pid\" VALUE=\"$pid\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"sid\" VALUE=\"$sid\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"mode\" VALUE=\"$mode\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"order\" VALUE=\"$order\">\n";
$output .= "<INPUT TYPE=\"hidden\" NAME=\"thold\" VALUE=\"$thold\">\n";
### Preview and submit buttons:
if (empty($subject)) {
$output .= "<P>\n";
$output .= " <FONT COLOR=\"red\"><B>Warning:</B></FONT> you did not supply a <U>subject</U>.\n";
$outout .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview comment\">\n";
$output .= "</P>\n";
}
else {
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview comment\">\n";
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Post comment\">\n";
$output .= "</FORM>\n";
}
### Preview and submit button:
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview comment\">\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Post comment\">\n";
$output .= " </FORM>\n";
$output .= "</P>\n";
$theme->box("Reply", $output);
}
function comment_post($pid, $sid, $subject, $comment, $mode, $order, $thold) {
function comment_post($pid, $sid, $subject, $comment) {
global $user, $theme;
### Check for fake threads:
......@@ -283,30 +283,22 @@ function comment_post($pid, $sid, $subject, $comment, $mode, $order, $thold) {
$duplicate = db_result(db_query("SELECT COUNT(*) FROM comments WHERE pid = '$pid' AND sid = '$sid' AND subject = '". addslashes($subject) ."' AND comment = '". addslashes($comment) ."'"), 0);
if ($fake != 1) {
watchdog(3, "attemp to insert fake comment");
$theme->box("fake comment", "fake comment: $fake");
}
elseif ($duplicate != 0) {
watchdog(3, "attemp to insert duplicate comment");
$theme->box("duplicate comment", "duplicate comment: $duplicate");
}
else {
if ($user) {
### Add comment to database:
db_insert("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, $user->id, '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
### Compose header:
$header = "discussion.php?id=$sid";
$header .= ($mode) ? "&mode=$mode" : "&mode=threaded";
$header .= ($order) ? "&order=$order" : "&order=0";
$header .= ($thold) ? "&thold=$thold" : "&thold=0";
}
else {
### Add comment to database:
db_insert("INSERT INTO comments (pid, sid, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
### Validate subject:
$subject = ($subject) ? $subject : substr($comment, 0, 29);
### Compose header:
$header .= "discussion.php?id=$sid&mode=threaded&order=1&thold=0";
}
header("Location: $header");
### Add comment to database:
db_insert("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, $user->id, '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
### Compose header:
header("Location: discussion.php?id=$sid");
}
}
......@@ -314,30 +306,35 @@ function comment_post($pid, $sid, $subject, $comment, $mode, $order, $thold) {
include "config.inc";
include "theme.inc";
if ($save) {
db_query("UPDATE users SET umode = '$mode', uorder = '$order', thold = '$thold' where id = '$user->id'");
$user->rehash();
}
switch($op) {
case "Preview comment":
$theme->header();
comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold);
comment_preview($pid, $sid, $subject, $comment);
$theme->footer();
break;
case "Post comment":
comment_post($pid, $sid, $subject, $comment, $mode, $order, $thold);
comment_post($pid, $sid, $subject, $comment);
break;
case "reply":
$theme->header();
discussion_reply($pid, $sid, $mode, $order, $thold);
discussion_reply($pid, $sid);
$theme->footer();
break;
case "Save":
discussion_settings($mode, $order, $thold);
$theme->header();
discussion_display($id, $pid, $sid);
$theme->footer();
break;
case "Moderate comments":
discussion_moderate($moderate);
$theme->header();
discussion_display($id, $pid, $sid);
$theme->footer();
break;
default:
$theme->header();
discussion_display($id, $pid, $sid, $mode, $order, $thold);
discussion_display($id, $pid, $sid);
$theme->footer();
}
......
......@@ -29,7 +29,7 @@
<DD>Comments that gain the approbation of participants gradually move up through statistical effects and pointless comments sink into oblivion.<P>--- under construction ---<P>Hence, the purpose of comment moderation is two-fold: <UL><LI>To bring the really good comments to everyone's attention.</LI><LI>To hide or get get rid of spam, flamebait and trolls.</LI></UL>In the latter, comment moderation provides a technical solution to a social problem.<P></DD>
<DT><B>Why would I want to create a user account?</B></DT>
<DD>No $sitename participant can use his own name or handle to post comments until they sign up and submit their e-mail address. Those who do not may participate as `$anonymous', but they will suffer numerous disadvantages, not the least that their posts begin at a lower score.<P>In contrast, those with a user account can use their own name or handle and are granted various priveleges: the most important is probably the ability to moderate new submissions and to rate comments. Also, registered users can tune the site to their personal needs. For instance: they can select one of the available themes to alter the look-and-feel of the site or they fine-tune the values of various settings to their likings.<P></DD>
<DD>No $sitename participant can use his own name or handle to post comments until they sign up and submit their e-mail address. Those who do not may participate as `$anonymous', but they will suffer numerous disadvantages, not the least that their posts begin at a lower score.<P>In contrast, those with a user account can use their own name or handle and are granted various priveleges: the most important is probably the ability to moderate new submissions and to rate comments. Also, registered users can tune the site to their personal needs. For instance: they can select one of the available themes to alter the look-and-feel of the site or they can fine-tune the values of various settings to their likings.<P></DD>
<DT><B>I forgot my password, what do I do?</B></DT>
<DD>--- under construction ---<P></DD>
......
......@@ -21,15 +21,11 @@ function dbsave($dbase, $data, $id=0) {
else { db_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); }
}
function FixQuotes ($what = "") {
$what = ereg_replace("'","''",$what);
while (eregi("\\\\'", $what)) {
$what = ereg_replace("\\\\'","'",$what);
}
return $what;
function check_input($message) {
return str_replace("\"", "&quot;", stripslashes($message));
}
function check($message) {
function check_output($message) {
include "config.inc";
return nl2br(strip_tags(stripslashes($message), $allowed_html));
}
......
......@@ -53,7 +53,7 @@
while ($entry = db_fetch_object($result)) {
$num++;
$output .= "<P>$num) <B>". format_story_link($entry) ."</B> (". format_plural($entry->comments, "comment", comments) .")<BR><SMALL>by ". format_username($entry->userid) ."</B>, posted on ". format_date($entry->timestamp) .".</SMALL></P>\n";
$output .= "<P>$num) <B><A HREF=\"discussion.php?id=$entry->id\">$entry->subject</A></B> (". format_plural($entry->comments, "comment", comments) .")<BR><SMALL>by ". format_username($entry->userid) ."</B>, posted on ". format_date($entry->timestamp) .".</SMALL></P>\n";
}
if ($num == 0) $output .= "<P>Your search did <B>not</B> match any articles in our database: <UL><LI>Try using fewer words.</LI><LI>Try using more general keywords.</LI><LI>Try using different keywords.</LI></UL></P>\n";
......
<?
function submit_enter() {
global $anonymous, $categories, $theme, $user;
global $anonymous, $categories, $allowed_html, $theme, $user;
### Guidlines:
$output .= "<P>Got some news or some thoughts you would like to share? Fill out this form and they will automatically get whisked away to our submission queue where our moderators will frown at it, poke at it and hopefully post it. Every registered user is automatically a moderator and can vote whether or not your sumbission should be carried to the front page for discussion.</P>\n";
......@@ -12,7 +12,7 @@ function submit_enter() {
$output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
$output .= "<P>\n <B>Your name:</B><BR>\n";
if ($user->id) $output .= " <A HREF=\"account.php\">$user->userid</A> &nbsp; &nbsp; <SMALL>[ <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n";
if ($user->id) $output .= " $user->userid &nbsp; &nbsp; <SMALL>[ <A HREF=\"account.php\">edit</A> | <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n";
else $output .= " $anonymous &nbsp; &nbsp; <SMALL>[ <A HREF=\"account.php\">login</A> | <A HREF=\"account.php\">create an account</A> ]</SMALL>\n";
$output .= "</P>\n";
......@@ -35,13 +35,13 @@ function submit_enter() {
$output .= "<P>\n";
$output .= " <B>Abstract:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\" MAXLENGTH=\"20\"></TEXTAREA><BR>\n";
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Extended story:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\"></TEXTAREA><BR>\n";
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
......@@ -57,19 +57,19 @@ function submit_enter() {
}
function submit_preview($subject, $abstract, $article, $category) {
global $anonymous, $categories, $theme, $user;
global $anonymous, $categories, $allowed_html, $theme, $user;
$output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <B>Your name:</B><BR>\n";
if ($user->id) $output .= " <A HREF=\"account.php\">$user->userid</A> &nbsp; &nbsp; <SMALL> [ <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n";
if ($user->id) $output .= " $user->userid &nbsp; &nbsp; <SMALL> [ <A HREF=\"account.php\">edit</A> | <A HREF=\"account.php?op=logout\">logout</A> ]</SMALL>\n";
else $output .= " $anonymous &nbsp; &nbsp; <SMALL>[ <A HREF=\"account.php\">login</A> | <A HREF=\"account.php\">create an account</A> ]</SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($subject) ."\"><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". check_input($subject) ."\"><BR>\n";
$output .= " <SMALL><I>Bad subjects are 'Check this out!' or 'An article'. Be descriptive, clear and simple!</I></SMALL>\n";
$output .= "</P>\n";
......@@ -85,14 +85,14 @@ function submit_preview($subject, $abstract, $article, $category) {
$output .= "<P>\n";
$output .= "<B>Abstract:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". stripslashes($abstract) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">". check_input($abstract) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Extended story:</B><BR>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". stripslashes($article) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
$output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". check_input($article) ."</TEXTAREA><BR>\n";
$output .= " <SMALL><I>Allowed HTML tags: ". htmlspecialchars($allowed_html) .".</I></SMALL>\n";
$output .= "</P>\n";
if (empty($subject)) {
......@@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) {
$output .= "</FORM>\n";
$theme->header();
$theme->preview($user->userid, check(stripslashes($subject)), check(stripslashes($abstract)), "", check(stripslashes($article)), date("l, F d, Y - H:i A", time()), check(stripslashes($category)), "we-hate-typoes");