Commit ea978885 authored by Dries's avatar Dries

I know, I know, it is getting nasty lately but I have another large commit after nothing but code.

This time I redid the "category"-stuff.  Categories - from now on called sections - are now maintained from the admin pages, can have their own post, dump and timout thresholds as discussed earlier (some weeks ago).  By tomorrow evening users will be able to enable or disable section as well - i.e. to customize the content of drop.org.
parent 7cc7b405
......@@ -454,12 +454,12 @@ function account_track_stories() {
$msg = "<P>This page might be helpful in case you want to keep track of the stories you contributed. You are presented an overview of your stories along with the number of replies each story got.\n<P>\n";
$result = db_query("SELECT s.id, s.subject, s.timestamp, s.category, COUNT(c.cid) as count FROM stories s LEFT JOIN comments c ON c.lid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC");
$result = db_query("SELECT s.id, s.subject, s.timestamp, s.section, COUNT(c.cid) as count FROM stories s LEFT JOIN comments c ON c.lid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC");
while ($story = db_fetch_object($result)) {
$output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Subject:</B></TD><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A> (". format_plural($story->count, "comment", "comments") .")</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Category:</B></TD><TD><A HREF=\"search.php?category=". urlencode($story->category) ."\">". check_output($story->category) ."</A></TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Section:</B></TD><TD><A HREF=\"search.php?section=". urlencode($story->section) ."\">". check_output($story->section) ."</A></TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\"><B>Date:</B></TD><TD>". format_date($story->timestamp) ."</TD></TR>\n";
$output .= "</TABLE>\n";
$output .= "<P>\n";
......
......@@ -8,11 +8,19 @@ CREATE TABLE affiliates (
PRIMARY KEY (id)
);
CREATE TABLE sections (
name varchar(64) DEFAULT '' NOT NULL,
post tinyint(3) DEFAULT '0' NOT NULL,
dump tinyint(3) DEFAULT '0' NOT NULL,
timout tinyint(3) DEFAULT '0' NOT NULL,
status tinyint(2) DEFAULT '0' NOT NULL,
PRIMARY KEY (name)
);
CREATE TABLE blocks (
name varchar(64) DEFAULT '' NOT NULL,
module varchar(64) DEFAULT '' NOT NULL,
offset tinyint(2) DEFAULT '0' NOT NULL,
status tinyint(2) DEFAULT '0' NOT NULL,
weight tinyint(1) DEFAULT '0' NOT NULL,
region tinyint(1) DEFAULT '0' NOT NULL,
PRIMARY KEY (name)
......@@ -119,8 +127,7 @@ CREATE TABLE stories (
abstract text NOT NULL,
updates text NOT NULL,
article text NOT NULL,
category varchar(128) DEFAULT '' NOT NULL,
department varchar(128) DEFAULT '' NOT NULL,
section varchar(64) DEFAULT '' NOT NULL,
timestamp int(11) DEFAULT '0' NOT NULL,
score int(11) DEFAULT '0' NOT NULL,
votes int(11) DEFAULT '0' NOT NULL,
......
......@@ -10,6 +10,6 @@
session_start();
$theme = load_theme();
$theme = theme_load();
?>
\ No newline at end of file
<?
function load_theme() {
global $user, $themes;
if ($user->theme && file_exists($themes[$user->theme][0])) {
include_once $themes[$user->theme][0];
}
else {
include_once $themes[key($themes)][0];
}
return new Theme();
}
function check_textfield($message) {
global $allowed_html;
return strip_tags(str_replace("\"", "&quot;", stripslashes($message)), $allowed_html);
......
......@@ -33,22 +33,6 @@ $comment_votes = array("none" => "none",
"+4" => "+ 4",
"+5" => "+ 5");
#
# Categories:
#
$categories = array("Announcements",
"Arts & Humanities",
"Business & Economy",
"Coding & Webdesign",
"Computers & Internet",
"Drop.org",
"Entertainment",
"News & Media",
"Politics & Freedom",
"Reviews",
"Science",
"Society & Culture");
#
# Allowed HTML tags:
#
......
<?
function section_get() {
$array = array();
$result = db_query("SELECT name FROM sections");
while ($section = db_fetch_object($result)) array_push($array, $section->name);
return $array;
}
function section_post_threshold($section, $threshold = 5) {
$result = db_query("SELECT post FROM sections WHERE name = '$section'");
return ($result) ? db_result($result, 0) : $threshold;
}
function section_dump_threshold($section, $threshold = - 3) {
$result = db_query("SELECT dump FROM sections WHERE name = '$section'");
return ($result) ? db_result($result, 0) : $threshold;
}
function section_timout_threshold($section, $threshold = 10) {
$result = db_query("SELECT timout FROM sections WHERE name = '$section'");
return ($result) ? db_result($result, 0) : $threshold;
}
?>
\ No newline at end of file
<?
class Story {
function Story($userid, $subject, $abstract, $article, $category, $timestamp) {
function Story($userid, $subject, $abstract, $article, $section, $timestamp) {
$this->userid = $userid;
$this->subject = $subject;
$this->abstract = $abstract;
$this->article = $article;
$this->category = $category;
$this->section = $section;
$this->timestamp = $timestamp;
}
}
......
......@@ -11,7 +11,7 @@ function submission_score($id) {
}
function submission_vote($id, $vote, $comment) {
global $submission_post_threshold, $submission_dump_threshold, $user;
global $user;
if (!user_getHistory($user->history, "s$id")) {
// Update submission's score- and votes-field:
......@@ -19,27 +19,30 @@ function submission_vote($id, $vote, $comment) {
// Update the comments (if required):
if ($comment) {
watchdog("comment", "moderation: added comment with subject '$subject'");
db_query("INSERT INTO comments (lid, link, author, subject, comment, hostname, timestamp, score) VALUES($id, 'story', $user->id, '". check_input(substr($comment, 0, 29)) ." ...', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '1')");
watchdog("comment", "moderation: added comment with subject '$subject'");
}
// Update user's history record:
user_setHistory($user, "s$id", $vote); // s = submission
user_setHistory($user, "s$id", $vote);
// Update story table (if required):
$result = db_query("SELECT * FROM stories WHERE id = $id");
if ($submission = db_fetch_object($result)) {
if ($submission->score >= $submission_post_threshold) {
if ($submission->score >= section_post_threshold($submission->section)) {
db_query("UPDATE stories SET status = 2, timestamp = '". time() ."' WHERE id = $id");
watchdog("message", "posted story `$submission->subject'");
watchdog("message", "posted story '$submission->subject'");
}
else if ($submission->score <= section_dump_threshold($submission->section)) {
db_query("UPDATE stories SET status = 0, timestamp = '". time() ."' WHERE id = $id");
watchdog("message", "dumped story '$submission->subject'");
}
if ($submission->score <= $submission_dump_threshold) {
else if ($submission->votes >= section_timout_threshold($submission->section)) {
db_query("UPDATE stories SET status = 0, timestamp = '". time() ."' WHERE id = $id");
watchdog("message", "dumped story `$submission->subject'");
watchdog("message", "expired story '$submission->subject'");
}
}
}
}
?>
?>
\ No newline at end of file
<?
function theme_load() {
global $user, $themes;
if ($user->theme && file_exists($themes[$user->theme][0])) {
include_once $themes[$user->theme][0];
}
else {
include_once $themes[key($themes)][0];
}
return new Theme();
}
function theme_account($theme) {
global $user, $site_name, $links, $menu;
......@@ -104,8 +116,8 @@ function theme_related_links($theme, $story) {
if (!stristr($link, "mailto:")) $content .= "<LI>$link</LI>";
}
// Stories in the same category:
$content .= " <LI>More about <A HREF=\"search.php?category=". urlencode($story->category) ."\">$story->category</A>.</LI>";
// Stories in the same section:
$content .= " <LI>More about <A HREF=\"index.php?section=". urlencode($story->section) ."\">$story->section</A>.</LI>";
// Stories from the same author:
if ($story->userid) $content .= " <LI>Also by <A HREF=\"search.php?author=". urlencode($story->userid) ."\">$story->userid</A>.</LI>";
......
......@@ -71,8 +71,4 @@ function user_setHistory(&$user, $field, $value) {
db_query($query);
}
function user_clean() {
// todo - called by cron job
}
?>
\ No newline at end of file
......@@ -2,18 +2,12 @@
include "includes/common.inc";
// Security check:
if (strstr($number, " ") || strstr($date, " ")) {
watchdog("error", "main page: attempt to provide malicious input through URI");
exit();
}
// Initialize/pre-process variables:
$number = ($user->stories) ? $user->stories : 10;
$date = ($date) ? $date : time();
// Perform query:
$result = db_query("SELECT stories.*, users.userid, COUNT(comments.lid) AS comments FROM stories LEFT JOIN comments ON stories.id = comments.lid LEFT JOIN users ON stories.author = users.id WHERE stories.status = 2 AND stories.timestamp <= $date GROUP BY stories.id ORDER BY stories.timestamp DESC LIMIT $number");
$result = db_query("SELECT stories.*, users.userid, COUNT(comments.lid) AS comments FROM stories LEFT JOIN comments ON stories.id = comments.lid LEFT JOIN users ON stories.author = users.id WHERE stories.status = 2 ". ($section ? "AND section = '$section' " : "") ."AND stories.timestamp <= $date GROUP BY stories.id ORDER BY stories.timestamp DESC LIMIT $number");
// Display stories:
$theme->header();
......
<?
$module = array("help" => "section_help",
"block" => "section_block",
"admin" => "section_admin");
// global variables:
$_section = array("status" => array(2 => "enabled: always", 1 => "enabled: custom", 0 => "disabled"),
"timout" => array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 20, 25, 30, 35, 40, 45, 50, 60, 70, 80, 90, 100),
"post" => array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 20, 25, 30, 35, 40, 45, 50, 60, 70, 80, 90, 100),
"dump" => array(-1, -2, -3, -4, -5, -6, -7, -8, -9, -10, -11, -12, -13, -14, -15, -20, -25, -30));
function section_help() {
?>
under construction
<?
}
function section_block() {
$result = db_query("SELECT se.name, COUNT(st.id) AS stories FROM sections se LEFT JOIN stories st ON se.name = st.section GROUP BY se.name");
while ($_section = db_fetch_object($result)) {
$content .= "<LI><A HREF=\"?section=". urlencode($_section->name) ."\">$_section->name</A> (". format_data($_section->stories, 0) .")</LI>\n";
}
$block[0]["subject"] = "Sections";
$block[0]["content"] = $content;
$block[0]["info"] = "Section list";
return $block;
}
function section_add() {
global $_section;
$output .= " <FORM ACTION=\"admin.php?mod=section\" METHOD=\"post\">\n";
$output .= " <P>\n";
$output .= " <B>Section name:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"edit[name]\" SIZE=\"50\">\n";
$output .= " </P>\n";
$output .= " <P>\n";
$output .= " <B>Post threshold:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[post]\">\n";
foreach ($_section[post] as $value) $output .= "<OPTION VALUE=\"$value\">". format_plural($value, "point", "points") ."</OPTION>\n";
$output .= " </SELECT>\n";
$output .= " </P>\n";
$output .= " <P>\n";
$output .= " <B>Dump threshold:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[dump]\">\n";
foreach ($_section[dump] as $value) $output .= "<OPTION VALUE=\"$value\">". format_plural($value, "point", "points") ."</OPTION>\n";
$output .= " </SELECT>\n";
$output .= " </P>\n";
$output .= " <P>\n";
$output .= " <B>Timout threshold:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[timout]\">\n";
foreach ($_section[timout] as $value) $output .= "<OPTION VALUE=\"$value\">". format_plural($value, "vote", "votes") ."</OPTION>\n";
$output .= " </SELECT>\n";
$output .= " </P>\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add section\">\n";
$output .= " </FORM>\n";
print $output;
}
function section_add_save($edit) {
db_query("INSERT INTO sections (name, post, dump, timout) VALUES ('". check_input($edit[name]) ."', '". check_input($edit[post]) ."', '". check_input($edit[dump]) ."', '". check_input($edit[timout]) ."')");
}
function section_delete($name) {
db_query("DELETE FROM sections WHERE name = '$name'");
}
function section_display() {
global $_section;
$status = $_section[status];
$timout = $_section[timout];
$post = $_section[post];
$dump = $_section[dump];
// Perform query:
$result = db_query("SELECT * FROM sections");
// Generate output:
$output .= "<FORM ACTION=\"admin.php?mod=section\" METHOD=\"post\">\n";
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR><TH>section name</TH><TH>status</TH><TH>post threshold</TH><TH>dump threshold</TH><TH>expiration threshold<TH>operations</TH></TR>\n";
while ($_section = db_fetch_object($result)) {
foreach ($status as $key=>$value) $options0 .= "<OPTION VALUE=\"$key\"". (($_section->status == $key) ? " SELECTED" : "") .">$value</OPTION>\n";
foreach ($post as $value) $options1 .= "<OPTION VALUE=\"$value\"". (($_section->post == $value) ? " SELECTED" : "") .">". format_plural($value, "point", "points") ."</OPTION>\n";
foreach ($dump as $value) $options2 .= "<OPTION VALUE=\"$value\"". (($_section->dump == $value) ? " SELECTED" : "") .">". format_plural($value, "point", "points") ."</OPTION>\n";
foreach ($timout as $value) $options3 .= "<OPTION VALUE=\"$value\"". (($_section->timout == $value) ? " SELECTED" : "") .">". format_plural($value, "vote", "votes") ."</OPTION>\n";
$output .= " <TR><TD>". check_output($_section->name) ."</TD><TD><SELECT NAME=\"edit[$_section->name][status]\">$options0</SELECT></TD><TD><SELECT NAME=\"edit[$_section->name][post]\">$options1</SELECT></TD><TD><SELECT NAME=\"edit[$_section->name][dump]\">$options2</SELECT></TD><TD><SELECT NAME=\"edit[$_section->name][timout]\">$options3</SELECT></TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=section&op=delete&name=". urlencode($_section->name) ."\">delete</A></TD></TR>\n";
unset($options0); unset($options1); unset($options2); unset($options3);
}
$output .= "</TABLE>\n";
$output .= "<INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Save sections\">\n";
$output .= "</FORM>\n";
print $output;
}
function section_display_save($edit) {
foreach ($edit as $key=>$value) {
db_query("UPDATE sections SET status = '". $value[status] ."', post = '". $value[post] ."', dump = '". $value[dump] ."', timout = '". $value[timout] ."' WHERE name = '$key'");
}
}
function section_admin() {
global $op, $edit, $name;
print "<SMALL><A HREF=\"admin.php?mod=section&op=add\">add new section</A> | <A HREF=\"admin.php?mod=section\">overview</A> | <A HREF=\"admin.php?mod=section&op=help\">help</A></SMALL><HR>\n";
switch($op) {
case "add":
section_add($edit);
break;
case "help":
section_help();
break;
case "delete":
section_delete($name);
section_display();
break;
case "Add section":
section_add_save($edit);
section_display();
break;
case "Save sections":
section_display_save($edit);
// fall through
default:
section_display();
}
}
?>
......@@ -5,6 +5,8 @@
"block" => "story_block",
"admin" => "story_admin");
include_once "includes/section.inc";
function story_cron() {
$result = db_query("SELECT * FROM stories WHERE status = 3 AND timestamp <= ". time() ."");
while ($story = db_fetch_object($result)) {
......@@ -46,7 +48,7 @@ function story_block() {
}
function story_add() {
global $allowed_html, $categories;
global $allowed_html;
$output .= "<FORM ACTION=\"admin.php?mod=story\" METHOD=\"post\">\n";
......@@ -55,10 +57,10 @@ function story_add() {
$output .= " <INPUT TYPE=\"text\" NAME=\"edit[subject]\" SIZE=\"50\" MAXLENGTH=\"60\"><BR>\n";
$output .= "</P>\n";
$output .= "<P><B>Category:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[category]\">\n";
for ($i = 0; $i < sizeof($categories); $i++) {
$output .= " <OPTION VALUE=\"$categories[$i]\">$categories[$i]</OPTION>\n";
$output .= "<P><B>Section:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[section]\">\n";
foreach ($sections = section_get() as $value) {
$output .= " <OPTION VALUE=\"$value\">$value</OPTION>\n";
}
$output .= " </SELECT>\n";
$output .= "</P>\n";
......@@ -96,12 +98,12 @@ function story_add() {
function story_add_save($edit) {
global $user;
$timestamp = ($edit[status] == 3 && strtotime($edit[date]) > time()) ? strtotime($edit[date]) : time();
db_query("INSERT INTO stories (author, subject, abstract, article, category, status, timestamp) VALUES ('$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[abstract]) ."', '". check_input($edit[article]) ."', '". check_input($edit[category]) ."', '$edit[status]', '$timestamp')");
db_query("INSERT INTO stories (author, subject, abstract, article, section, status, timestamp) VALUES ('$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[abstract]) ."', '". check_input($edit[article]) ."', '". check_input($edit[section]) ."', '$edit[status]', '$timestamp')");
watchdog("story", "story: added '$edit[subject]'");
}
function story_edit($id) {
global $allowed_html, $categories;
global $allowed_html;
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id");
$story = db_fetch_object($result);
......@@ -119,10 +121,10 @@ function story_edit($id) {
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Category:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[category]\">\n";
for ($i = 0; $i < sizeof($categories); $i++) {
$output .= " <OPTION VALUE=\"$categories[$i]\"". ($story->category == $categories[$i] ? " SELECTED" : "") .">$categories[$i]</OPTION>\n";
$output .= " <B>Section:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[section]\">\n";
foreach ($sections = section_get() as $value) {
$output .= " <OPTION VALUE=\"$value\"". ($story->section == $value ? " SELECTED" : "") .">$value</OPTION>\n";
}
$output .= "</SELECT>\n";
$output .= "</P>\n";
......@@ -163,8 +165,8 @@ function story_edit($id) {
}
function story_edit_save($id, $edit) {
if ($edit[status] == 3 && strtotime($edit[date]) > time()) db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', category = '". check_input($edit[category]) ."', status = '$edit[status]', timestamp = '". strtotime($edit[date]) ."' WHERE id = '$id'");
else db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', category = '". check_input($edit[category]) ."', status = '$edit[status]' WHERE id = '$id'");
if ($edit[status] == 3 && strtotime($edit[date]) > time()) db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]', timestamp = '". strtotime($edit[date]) ."' WHERE id = '$id'");
else db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]' WHERE id = '$id'");
watchdog("message", "story: modified `$edit[subject]'");
}
......@@ -189,14 +191,14 @@ function story_display() {
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON u.id = s.author WHERE s.status = 0 ORDER BY timestamp DESC LIMIT 5");
$output .= " <TR><TH COLSPAN=\"4\">dumped stories</TTH></TR>\n";
while ($story = db_fetch_object($result)) {
$output .= " <TR><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->category</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=story&op=edit&id=$story->id\">edit</A></TD></TR>\n";
$output .= " <TR><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->section</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=story&op=edit&id=$story->id\">edit</A></TD></TR>\n";
}
// Posted stories:
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON u.id = s.author WHERE s.status = 2 ORDER BY timestamp DESC LIMIT 15");
$output .= " <TR><TH COLSPAN=\"4\">posted stories</TH></TR>\n";
while ($story = db_fetch_object($result)) {
$output .= " <TR><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->category</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=story&op=edit&id=$story->id\">edit</A></TD></TR>\n";
$output .= " <TR><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->section</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=story&op=edit&id=$story->id\">edit</A></TD></TR>\n";
}
$output .= "</TABLE>\n";
......
......@@ -5,6 +5,8 @@
"block" => "story_block",
"admin" => "story_admin");
include_once "includes/section.inc";
function story_cron() {
$result = db_query("SELECT * FROM stories WHERE status = 3 AND timestamp <= ". time() ."");
while ($story = db_fetch_object($result)) {
......@@ -46,7 +48,7 @@ function story_block() {
}
function story_add() {
global $allowed_html, $categories;
global $allowed_html;
$output .= "<FORM ACTION=\"admin.php?mod=story\" METHOD=\"post\">\n";
......@@ -55,10 +57,10 @@ function story_add() {
$output .= " <INPUT TYPE=\"text\" NAME=\"edit[subject]\" SIZE=\"50\" MAXLENGTH=\"60\"><BR>\n";
$output .= "</P>\n";
$output .= "<P><B>Category:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[category]\">\n";
for ($i = 0; $i < sizeof($categories); $i++) {
$output .= " <OPTION VALUE=\"$categories[$i]\">$categories[$i]</OPTION>\n";
$output .= "<P><B>Section:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[section]\">\n";
foreach ($sections = section_get() as $value) {
$output .= " <OPTION VALUE=\"$value\">$value</OPTION>\n";
}
$output .= " </SELECT>\n";
$output .= "</P>\n";
......@@ -96,12 +98,12 @@ function story_add() {
function story_add_save($edit) {
global $user;
$timestamp = ($edit[status] == 3 && strtotime($edit[date]) > time()) ? strtotime($edit[date]) : time();
db_query("INSERT INTO stories (author, subject, abstract, article, category, status, timestamp) VALUES ('$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[abstract]) ."', '". check_input($edit[article]) ."', '". check_input($edit[category]) ."', '$edit[status]', '$timestamp')");
db_query("INSERT INTO stories (author, subject, abstract, article, section, status, timestamp) VALUES ('$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[abstract]) ."', '". check_input($edit[article]) ."', '". check_input($edit[section]) ."', '$edit[status]', '$timestamp')");
watchdog("story", "story: added '$edit[subject]'");
}
function story_edit($id) {
global $allowed_html, $categories;
global $allowed_html;
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id");
$story = db_fetch_object($result);
......@@ -119,10 +121,10 @@ function story_edit($id) {
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Category:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[category]\">\n";
for ($i = 0; $i < sizeof($categories); $i++) {
$output .= " <OPTION VALUE=\"$categories[$i]\"". ($story->category == $categories[$i] ? " SELECTED" : "") .">$categories[$i]</OPTION>\n";
$output .= " <B>Section:</B><BR>\n";
$output .= " <SELECT NAME=\"edit[section]\">\n";
foreach ($sections = section_get() as $value) {
$output .= " <OPTION VALUE=\"$value\"". ($story->section == $value ? " SELECTED" : "") .">$value</OPTION>\n";
}
$output .= "</SELECT>\n";
$output .= "</P>\n";
......@@ -163,8 +165,8 @@ function story_edit($id) {
}
function story_edit_save($id, $edit) {
if ($edit[status] == 3 && strtotime($edit[date]) > time()) db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', category = '". check_input($edit[category]) ."', status = '$edit[status]', timestamp = '". strtotime($edit[date]) ."' WHERE id = '$id'");
else db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', category = '". check_input($edit[category]) ."', status = '$edit[status]' WHERE id = '$id'");
if ($edit[status] == 3 && strtotime($edit[date]) > time()) db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]', timestamp = '". strtotime($edit[date]) ."' WHERE id = '$id'");
else db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]' WHERE id = '$id'");
watchdog("message", "story: modified `$edit[subject]'");
}
......@@ -189,14 +191,14 @@ function story_display() {
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON u.id = s.author WHERE s.status = 0 ORDER BY timestamp DESC LIMIT 5");
$output .= " <TR><TH COLSPAN=\"4\">dumped stories</TTH></TR>\n";
while ($story = db_fetch_object($result)) {
$output .= " <TR><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->category</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=story&op=edit&id=$story->id\">edit</A></TD></TR>\n";
$output .= " <TR><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->section</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=story&op=edit&id=$story->id\">edit</A></TD></TR>\n";
}
// Posted stories:
$result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON u.id = s.author WHERE s.status = 2 ORDER BY timestamp DESC LIMIT 15");
$output .= " <TR><TH COLSPAN=\"4\">posted stories</TH></TR>\n";
while ($story = db_fetch_object($result)) {
$output .= " <TR><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->category</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=story&op=edit&id=$story->id\">edit</A></TD></TR>\n";
$output .= " <TR><TD><A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A></TD><TD>". format_username($story->userid, 1) ."</TD><TD>$story->section</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=story&op=edit&id=$story->id\">edit</A></TD></TR>\n";
}
$output .= "</TABLE>\n";
......
......@@ -28,7 +28,6 @@ function wishlist_page() {
<UL>
<LI>post/edit hash - magic cookie: to prevent malicious external access and to prevent duplicate posts because of hitting the "reload" button</LI>
<LI>URL validator</LI>
<LI>more adaptive submission queue</LI>
<LI>archive function</LI>
<LI>caching</LI>
<LI>more configuration options:</LI>
......@@ -54,14 +53,7 @@ function wishlist_page() {
<LI>automatically post scheduled stories</LI>
<LI>review system</LI>
</UL>
<H3>Public release</H3>
<UL>
<LI>make (or find and install) a "task manager / todo list / progress meter / bug report"-tool so we can get ourselves and the project somewhat organized. Ideally we would have a "project module".</LI>
<LI>setup a developers mailing list</LI>
<LI>code revision to close possible security holes</LI>
</UL>
<H3>Themes</H3>
<UL>
<LI>create a theme with topic icons - graphical theme</LI>
......
<?
include "includes/common.inc";
include "includes/section.inc";
$theme->header();
......@@ -11,24 +12,21 @@
$output .= " <FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
$output .= " <INPUT SIZE=\"50\" VALUE=\"$terms\" NAME=\"terms\" TYPE=\"text\"><BR>\n";
// category:
$output .= "<SELECT NAME=\"category\">\n";
if ($category) $output .= " <OPTION VALUE=\"$category\">$category</OPTION>\n";
$output .= " <OPTION VALUE=\"\">All categories</OPTION>\n";
for ($i = 0; $i < sizeof($categories); $i++) {
$output .= " <OPTION VALUE=\"$categories[$i]\">$categories[$i]</OPTION>\n";
}
// section: