Commit ebe3dddc authored by Dries's avatar Dries
Browse files

amdin.php:

  - fixed bug in story section
account.php:
  - removed death code, clean-up, reorganization
  - added "lost password?" functionality
faq.php:
  - clean-up
watchdog.inc:
  - improvements
  - end of input-limit test period
error.php:
  - improvements, still crappy layout though
parent a461e369
......@@ -15,7 +15,44 @@ function account_login() {
$output .= " <TR><TD ALIGN=\"right\" COLSPAN=\"2\"><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Login\"></TD></TR>\n";
$output .= " </TABLE>\n";
$output .= "</FORM>\n";
$output .= "You don't have an account yet? <A HREF=\"account.php?op=register\">Register</A> as new user.\n";
return $output;
}
function account_email() {
$output .= "<P>Lost your password? Fill out your username and e-mail address, and your password will be mailed to you.</P>\n";
$output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
$output .= " <TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR><TH ALIGN=\"right\">Username:</TH><TD><INPUT NAME=\"userid\"></TD></TR>\n";
$output .= " <TR><TH ALIGN=\"right\">E-mail addres:</TH><TD><INPUT NAME=\"email\"></TD></TR>\n";
$output .= " <TR><TD ALIGN=\"right\" COLSPAN=\"2\"><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"E-mail password\"></TD></TR>\n";
$output .= " </TABLE>\n";
$output .= "</FORM>\n";
return $output;
}
function account_create($user = "", $error = "") {
global $theme;
if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to register.</FONT>$error</B>\n";
else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to maintain an online diary, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Create account' button below. An e-mail will then be sent to you with instructions on how to validate your account.</P>\n";
$output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <B>Username:</B><BR>\n";
$output .= " <INPUT NAME=\"userid\" VALUE=\"$userid\"><BR>\n";
$output .= " <SMALL><I>Enter your desired username: only letters, numbers and common special characters are allowed.</I></SMALL><BR>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>E-mail address:</B><BR>\n";
$output .= " <INPUT NAME=\"email\" VALUE=\"$email\"><BR>\n";
$output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Create account\">\n";
$output .= "</P>\n";
$output .= "</FORM>\n";
return $output;
}
......@@ -83,6 +120,8 @@ function account_user_edit() {
else {
$theme->header();
$theme->box("Login", account_login());
$theme->box("E-mail password", account_email());
$theme->box("Create new account", account_create());
$theme->footer();
}
}
......@@ -157,6 +196,8 @@ function account_page_edit() {
else {
$theme->header();
$theme->box("Login", account_login());
$theme->box("E-mail password", account_email());
$theme->box("E-mail password", account_create());
$theme->footer();
}
}
......@@ -229,6 +270,8 @@ function account_user($uname) {
### Display login form:
$theme->header();
$theme->box("Login", account_login());
$theme->box("E-mail password", account_email());
$theme->box("Create new account", account_create());
$theme->footer();
}
}
......@@ -237,7 +280,6 @@ function account_validate($user) {
include "includes/ban.inc";
### Verify username and e-mail address:
$user[userid] = trim($user[userid]);
if (empty($user[real_email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[real_email]))) $error .= "<LI>the specified e-mail address is not valid.</LI>\n";
if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $error .= "<LI>the specified username is not valid.</LI>\n";
if (strlen($user[userid]) > 15) $error .= "<LI>the specified username is too long: it must be less than 15 characters.</LI>\n";
......@@ -253,38 +295,48 @@ function account_validate($user) {
return $error;
}
function account_register_enter($user = "", $error = "") {
global $theme;
function account_email_submit($userid, $email) {
global $theme, $site_name, $site_url;
if ($error) $output .= "<B><FONT COLOR=\"red\">Failed to register.</FONT>$error</B>\n";
else $output .= "<P>Registering allows you to comment on stories, to moderate comments and pending stories, to maintain an online diary, to customize the look and feel of the site and generally helps you interact with the site more efficiently.</P><P>To create an account, simply fill out this form an click the `Register' button below. An e-mail will then be sent to you with instructions on how to validate your account.</P>\n";
$result = db_query("SELECT id FROM users WHERE userid = '". check_output($userid) ."' AND real_email = '". check_output($email) ."'");
if ($account = db_fetch_object($result)) {
$new[userid] = $userid;
$new[passwd] = account_password();
$new[status] = 1;
$new[hash] = substr(md5("$new[userid]. ". time() .""), 0, 12);
$output .= "<FORM ACTION=\"account.php\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <B>Username:</B><BR>\n";
$output .= " <INPUT NAME=\"new[userid]\" VALUE=\"$new[userid]\"><BR>\n";
$output .= " <SMALL><I>Enter your desired username: only letters, numbers and common special characters are allowed.</I></SMALL><BR>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>E-mail address:</B><BR>\n";
$output .= " <INPUT NAME=\"new[real_email]\" VALUE=\"$new[real_email]\"><BR>\n";
$output .= " <SMALL><I>You will be sent instructions on how to validate your account via this e-mail address - please make sure it is accurate.</I></SMALL><BR>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Register\">\n";
$output .= "</P>\n";
$output .= "</FORM>\n";
user_save($new, 1);
$link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
$message = "$new[userid],\n\n\nyou requested us to e-mail you a new password for your $site_name account. Note that you will need to re-activate your account before you can login. You can do so simply by visiting the URL below:\n\n $link\n\nVisiting this URL will automatically re-activate your account. Once activated you can login using the following information:\n\n username: $new[userid]\n password: $new[passwd]\n\n\n-- $site_name crew\n";
watchdog("message", "new password: `$userid' &lt;$email&gt;");
mail($email, "Account details for $site_name", $message, "From: noreply@$site_url");
$output = "Your password and further instructions have been sent to your e-mail address.";
}
else {
watchdog("warning", "new password: '$userid' and &lt;$email&gt; do not match");
$output = "Could not sent password: no match for the specified username and e-mail address.";
}
$theme->header();
$theme->box("Register as new user", $output);
$theme->box("E-mail password", $output);
$theme->footer();
}
function account_register_submit($new) {
global $theme, $mail, $site_name, $site_url;
function account_create_submit($userid, $email) {
global $theme, $site_name, $site_url;
$new[userid] = $userid;
$new[real_email] = $email;
if ($rval = account_validate($new)) {
account_register_enter($new, "$rval");
$theme->header();
$theme->box("Create new account", account_create($new, $rval));
$theme->footer();
}
else {
$new[passwd] = account_password();
......@@ -296,17 +348,17 @@ function account_register_submit($new) {
$link = $site_url ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
$message = "$new[userid],\n\n\nsomeone signed up for a user account on $site_name and supplied this email address as their contact. If it wasn't you, don't get your panties in a knot and simply ignore this mail.\n\nIf this was you, you have to activate your account first before you can login. You can do so simply by visiting the URL below:\n\n $link\n\nVisiting this URL will automatically activate your account. Once activated you can login using the following information:\n\n username: $new[userid]\n password: $new[passwd]\n\n\n-- $site_name crew\n";
mail($new[real_email], "Account details for $site_name", $message, "From: noreply@$site_url");
watchdog("message", "new account: `$new[userid]' &lt;$new[real_email]&gt;");
watchdog("message", "new user `$new[userid]' &lt;$new[real_email]&gt;");
mail($new[real_email], "Account details for $site_name", $message, "From: noreply@$site_url");
$theme->header();
$theme->box("Account details", "Congratulations! Your member account has been sucessfully created and further instructions on how to activate your account have been sent to your e-mail address.");
$theme->box("Create new account", "Congratulations! Your member account has been sucessfully created and further instructions on how to activate your account have been sent to your e-mail address.");
$theme->footer();
}
}
function account_register_confirm($name, $hash) {
function account_create_confirm($name, $hash) {
global $theme;
$result = db_query("SELECT userid, hash, status FROM users WHERE userid = '$name'");
......@@ -320,17 +372,17 @@ function account_register_confirm($name, $hash) {
}
else {
$output .= "Confirmation failed: invalid confirmation hash.\n";
watchdog("error", "$name: invalid confirmation hash");
watchdog("warning", "$name: invalid confirmation hash");
}
}
else {
$output .= "Confirmation failed: your account has already been confirmed. You can click <A HREF=\"account.php?op=login\">here</A> to login.\n";
watchdog("error", "$name: attempt to re-confirm account");
watchdog("warning", "$name: attempt to re-confirm account");
}
}
else {
$output .= "Confirmation failed: no such account found.<BR>";
watchdog("error", "$name: attempt to confirm non-existing account");
watchdog("warning", "$name: attempt to confirm non-existing account");
}
$theme->header();
......@@ -381,21 +433,12 @@ function account_comments() {
account_session_start($userid, $passwd);
header("Location: account.php?op=info");
break;
case "register":
account_register_enter();
break;
case "confirm":
account_register_confirm($name, $hash);
break;
case "Register":
account_register_submit($new);
account_create_confirm($name, $hash);
break;
case "view":
account_user($name);
break;
case "info":
account_user($user->userid);
break;
case "discussion":
account_comments();
break;
......@@ -403,8 +446,11 @@ function account_comments() {
account_session_close();
header("Location: account.php");
break;
case "Register":
account_register_submit($new);
case "E-mail password":
account_email_submit($userid, $email);
break;
case "Create account":
account_create_submit($userid, $email);
break;
case "user":
account_user_edit();
......
......@@ -270,7 +270,7 @@ function comment_edit($id) {
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" VALUE=\"". check_output($comment->subject) ."\"><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" VALUE=\"". check_output(check_field($comment->subject)) ."\"><BR>\n";
$output .= "</P>\n";
$output .= "<P>\n";
......@@ -298,7 +298,7 @@ function comment_display($order = "date") {
### Perform SQL query:
$result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON u.id = c.author ORDER BY c.$fields[$order] LIMIT 50");
### Display stories:
### Display comments:
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR>\n";
$output .= " <TH ALIGN=\"right\" COLSPAN=\"5\">\n";
......@@ -470,7 +470,7 @@ function story_edit($id) {
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" VALUE=\"". check_output($story->subject) ."\"><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" VALUE=\"". check_output(check_field($story->subject)) ."\"><BR>\n";
$output .= "</P>\n";
$output .= "<P><B>Category:</B><BR>\n";
......
<H1>Oops, an error occured!</H1>
<PRE>
<?
switch($REDIRECT_STATUS) {
case 500:
$message = "500 error - internal server error";
break;
case 404:
$message = "404 error - document not found";
break;
case 403:
$message = "403 error - access denied - forbidden";
break;
case 401:
$message = "401 error - authorization required";
break;
case 401:
$message = "400 error - bad request";
break;
default:
$message = "unknown error";
}
include "includes/config.inc";
include "includes/database.inc";
include "includes/watchdog.inc";
function error_flood() {
global $site_email;
watchdog("error", "message: `$message' - requested url: $REDIRECT_URL - referring url: $HTTP_REFERER");
?>
print "WARNING: submission rate exceeded. We detected too much data or events from your IP. Please wait a few minutes and try again. If you think this is not justified, please contact us at <A HREF=\"mailto:$site_email\">$site_email</A>.";
}
<B>Processed output:</B><BR>
* <? echo $message; ?><BR>
* Return to the <A HREF="">main page</A>.
</PRE>
function error_httpd() {
global $REDIRECT_STATUS, $REDIRECT_URL, $HTTP_REFERER;
switch($REDIRECT_STATUS) {
case 500:
$message = "500 error - internal server error";
break;
case 404:
$message = "404 error - document not found";
break;
case 403:
$message = "403 error - access denied - forbidden";
break;
case 401:
$message = "401 error - authorization required";
break;
case 401:
$message = "400 error - bad request";
break;
default:
$message = "unknown error";
}
watchdog("error", "message: `$message' - requested url: $REDIRECT_URL - referring url: $HTTP_REFERER");
print "<PRE>\n";
print "<H1>Oops, an error occured!</H1>\n";
print "<B>Processed output:</B><BR>\n";
print " * $message<BR>\n";
print " * Return to the <A HREF=\"\">main page</A>.\n";
print "</PRE>\n";
}
include "includes/theme.inc";
switch ($op) {
case "flood":
error_flood();
break;
default:
error_httpd();
}
?>
......@@ -16,6 +16,9 @@
<DT><B>What is $site_name all about?</B></DT>
<DD>$site_name is a news and discussion forum. It is a <I>tool</I>. And as a tool, it aims to create an environment to make discussions possible. $site_name is not an organization, but a non-profit hobby project instead.<P>People log in to the site, read the news, select one or more items and start to discuss and post their reactions. $site_name is a community site that relies solely on reader-contributed content.<P>First off, we strive towards discussion rather then to deliver news on its own: discussion can really make a story considerably better as user comments frequently `upstage' the story itself.<P>Secondly, we aim towards a high quality of content and content posters by using and experimenting with several techniques and systems such as trust metrics, scoring, moderation and collaborative filtering.<P></DD>
<DT><B>Who runs $site_name?</B></DT>
<DD><P>$site_name was originally created by ". format_username("Dries") ." and is written primarily by ". format_username("Dries"). " with help from others like ". format_username("Jeroen") ." and ". format_username("UnConeD") ." who helped creating themes. The bandwidth and hardware are donated by ". format_username("Natrak") .". Together we are $site_name and if you want to get in touch with the $site_name team, you can contact us at <A HREF=\"mailto:$site_email\">$site_email</A>.<P></DD>
<DT><B>Isn't $site_name similar to slashdot.org and kuro5hin.org?</B></DT>
<DD>To some extend, yes. Credit where credit is due: we borrowed many ideas (like the interface and moderation) from <A HREF=\"http://slashdot.org/\">slashdot.org</A> and <A HREF=\"http://kuro5hin.org/\">kuro5hin.org</A> because they have many good ideas about discussion forums. We do not use their code or any permutation thereof as $site_name has been written entirely from scratch. Our goal was to create a similar base initially, and to go from there and to transform $site_name into something different by adding new and unique features.<P></DD>
......@@ -32,7 +35,7 @@
<DD>No $site_name participant can use his own name or handle to post comments until they sign up and submit their e-mail address. Those who do not may participate as `$anonymous', but they will suffer numerous disadvantages, not the least that their posts begin at a lower score.<P>In contrast, those with a user account can use their own name or handle and are granted various priveleges: the most important is probably the ability to moderate new submissions and to rate comments. Also, registered users can tune the site to their personal needs. For instance: they can select one of the available themes to alter the look-and-feel of the site or they can fine-tune the values of various settings to their likings.<P></DD>
<DT><B>I forgot my password, what do I do?</B></DT>
<DD>--- under construction ---<P></DD>
<DD>You should be able to get it from the <A HREF=\"account.php\">account page</A>. Just type in your username, hit the 'E-mail password' button and your password will be whisked off to your e-mail address. If, however, this doesn't seem to be working, contact us at <A HREF=\"mailto:$site_email\">$site_email</A>.<P></DD>
<DT><B>I have a cool story that you should post, what do I do?</B></DT>
<DD>Check out the <A HREF=\"submit.php\">submission form</A>. If you fill out that form, your contribution gets shipped off to the submission queue for evaluation, <A HREF=\"#moderation\">moderation</A>, and possibly even posting.<P></DD>
......@@ -53,14 +56,13 @@
<DD>
<LI>A theme system: the entire website is fully themable in terms of colors, layout, look-and-feel and markup.</LI>
<LI>A user account system with session management, secure authentication, human-readable password generator, user and page preferences, comment tracker and so on.</LI>
<LI>A discussion system: supports different display (<I>threaded</I>, <I>flat</I>, <I>netsted</I>) and order (<I>newest first</I>, <I>oldest first</I>, <I>highest scorings first</I>), comment moderation, customable HTML-support, etc.</LI>
<LI>A submission queue and submission moderation.</LI>
<LI>A discussion system: supports different display modes (<I>threaded</I>, <I>flat</I>, <I>netsted</I>), order modes (<I>newest first</I>, <I>oldest first</I>, <I>highest scorings first</I>), comment moderation, customable HTML-support, etc.</LI>
<LI>An open submission queue and submission moderation.</LI>
<LI>An embedded diary system.</LI>
<LI>Anonymous reader/poster support across the entire site in case visitors prefers to remain anonymous or in case cookies are disabled.</LI>
<LI>An administrator section which is considered the control center of the website.</LI>
<LI>A database abstraction layer: allows the website to run on top of different database systems.</LI>
<LI>A RDF/RSS backend which allows third party websites to become <I>channels</I> in your website with a minimum of extra work.</LI>
<LI>...</LI>
<P>
</DD>
......@@ -70,7 +72,7 @@
<DT><B>What are your terms and conditions?</B></DT>
<DD>
This website includes threaded discussion groups and discussion forums which allow feedback to $site_name and real-time interaction between the persons who use this service. The responsibility for any opinions, advice, statements or other information contained in any messages posted or transmitted by any third party on this website resides solely with the author.<P>
<U>1. When using the discussion forums, you may NOT:</U><UL><LI>Keep any other person from using and enjoying the discussion forums.</LI><LI>Post or transmit any messages (or content in general) that would constitute or encourage conduct that would constitute a criminal offense, give rise to civil liability or otherwise violate any local, state, national or international law, including any threatening, abusive libelous, defamatory, obscene, vulgar, pornographic, profane or indecent messages of any kind.</LI><LI>Post or transmit any information, software or other materials which violate or infringe upon the rights of others, including their privacy or publicity rights, or which is protected by copyright, trademark or other proprietary rights, without first obtaining permission from the person who owns or holds that right.</LI><LI>Use the discussion forum in any way for solicitations or other commercial purposes.</LI></UL><P>
<U>1. When using the discussion forums, you may NOT:</U><BR><I>a.</I> Keep any other person from using and enjoying the discussion forums.<BR><I>b.</I> Post or transmit any messages (or content in general) that would constitute or encourage conduct that would constitute a criminal offense, give rise to civil liability or otherwise violate any local, state, national or international law, including any threatening, abusive libelous, defamatory, obscene, vulgar, pornographic, profane or indecent messages of any kind.<BR><I>c.</I> Post or transmit any information, software or other materials which violate or infringe upon the rights of others, including their privacy or publicity rights, or which is protected by copyright, trademark or other proprietary rights, without first obtaining permission from the person who owns or holds that right.<BR><I>d.</I> Use the discussion forum in any way for solicitations or other commercial purposes.<P>
<U>2. $site_name's right to monitor the discussion forums:</U><BR>You understand that $site_name has no obligation to monitor the discussion forum. However $site_name reserves the right at all times to edit, refuse to post or to remove any information or materials, in whole or in part, that in $site_name's sole discretion are objectionable or in violation of these terms and conditions and to disclose any information necessary to satisfy or governmental request.<P>
</DD>
</DL>";
......
......@@ -27,21 +27,17 @@
#
$site_name = "drop.org";
$site_url = "http://www.drop.org/";
$site_email = "droppies@drop.org";
$site_email = "info@drop.org";
#
# Notify information:
# The notify information will be used to send out automated mails
# for internal purpose.
#
$notify_email = $contact_email;
$notify_subject = "submission: ";
$notify_message = "New submission: '$subject'\n\n$story";
$notify_from = "droppies@drop.org";
#
# Comment meta reasons:
# Comment votes:
# the keys of this associative array are displayed in each
# comment's selection box whereas the corresponding values
# represent the mathematical calculation to be performed
# to update a comment's value.
#
$comment_votes = array("none" => "none",
"-1" => "- 1",
"0" => "+ 0",
......@@ -73,13 +69,13 @@
$allowed_html = "<A><B><BR><DD><DL><DT><EM><HR><I><IL><SMALL><OL><U><UL>";
#
# Name of the 'anonymous' user account:
# Name for anonymous users:
#
$anonymous = "Anonymous Chicken";
#
# Themes:
# the first theme listed in the associative array `$themes' will
# the first theme listed in this associative array will
# automatically become the default theme.
#
$themes = array("Marvin" => array(
......@@ -94,11 +90,14 @@
#
# Submission moderation votes:
# changing $submission_votes will affect the integrity of your
# database. In short, the database field user.history will
# become invalid, and will need to be reset! Please, do not
# change this setting unless you have an empty database or
# unless you know what you are doing.
# the keys of this associative array are displayed in each
# submission's selection box whereas the corresponding values
# represent the mathematical calculation to be performed to
# update a comment's value.
# Warning: changing $submission_votes will affect the integrity
# of all pending stories in the open submission queue. Do not
# change this setting unless there are no pending stories in the
# submission queue or unless you know what you are doing.
$submission_votes = array("neutral (+0)" => "+ 0",
"post it (+1)" => "+ 1",
"dump it (-1)" => "- 1");
......@@ -115,20 +114,28 @@
#
# Submission rate:
# defines the submission rate for the different types of content
# submission. It is supposed to stop malicious attempts to screw
# with the database and to stop denial of service attacks.
# Example:
# '"comment" => 60' means that there is only one new comment
# allowed from the same IP-address every 60 seconds.
#
$submission_rate = array("comment" => "60", // 60 seconds = 1 minute
"diary" => "300", // 300 seconds = 5 minutes
"story" => "300"); // 300 seconds = 5 minutes
#
# Submission size:
# the maximum length in characters a submission (story, diary,
# comment) is allowed to be.
# the maximum length (i.e. the maximum number of characters) a
# story, a diary entry, or a comment is allowed to be.
#
$submission_size = 6000;
$submission_size = 6000; // 6.000 characters is more or less 150 lines
#
# Watchdog history:
# how long we should store the log files generated by the
# watchdog
#
$watchdog_history = 604800; // 604800 seconds = 1 week
$watchdog_history = 604800; // 604.800 seconds = 1 week
?>
......@@ -14,7 +14,8 @@ function watchdog($id, $message) {
if ($log = db_fetch_object(db_query("SELECT * FROM watchdog WHERE hostname = '". getenv("REMOTE_ADDR") ."' AND level = '". $watchdog[$id][0] ."'"))) {
if (time() - $log->timestamp < $watchdog[$id][1]) {
watchdog("warning", "'". getenv("REMOTE_ADDR") ."' exceeded '$id' submission rate");
// header("Location: error.php");
header("Location: error.php?op=flood");
exit();
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment