Another batch with a lot of internal updates, yet no visual changes to the
site:

- watchdog (rewrite):
   + the collected information provides more details and insights
     for post-mortem research
   + input limitation
- database abstraction layer:
   + mysql errors are now verbose and is no longer displayed in a
     browser - fixes a possible security risk
- admin.php:
   + updated watchdog page
   + fixed security flaw
- diary.php:
   + fixed nl2br problem
- themes:
   + fixed comment bug in all 3 themes.
- misc:
   + renamed some global variables for sake of consistency:
      $sitename  -->  $site_name
      $siteurl   -->  $site_url
   + added input check where (a) exploitable and (b) possible
   + added input size check
   + various small improvements
   + fixed various typoes

... and much, much more in fact.

- fixed bug in discussion.php
- theme update: comment() now takes 3 arguments:
    $comment - an object with comment data
    $link    - a link to the reply form of that particular
               comment
    $thread  - the subthread of that particular comment
- theme 'marvin' and theme 'zaphod' are updated, theme
  'unconed' is left to be done

- Fixed quote bug in the comment tracker.
  (suggestion UnConeD)
- Added anchors to comment links to easy comment navigation.
  (suggestion UnConeD)
- Fixed duplicate `you voted' after moderating a story.
  (suggestion UnConeD)
- Fixed quote bug in administration center.
- Expanded user administration with timezone information.
- Improved the theme system by eliminating the "preview" function.
  Let's not make the system more complex then it ought to be.
- Refined watchdog administration.
- ...

- fixed a bug in check_input: html stripping was not 100% correct.
- fixed a bug in account.php: the confirmation url is now correct.
- improved error checking + security in diary.php.
- fixed a bug in the html code of theme zaphod.
- improved the date handling: always call format_date().
- expanded account information in administration pages.
- added a new variable $siteurl to ./includes/config.inc.
- added comment moderation to theme zaphod.
- "alter table users add timezone varchar(8);"

- !!! added new timezone feature !!! :o)

* fixed the login problem

This significant commit fixes 99% of all known bugs and improves drop.org
by means of better security checks in order to avoid malicious behavior.
In addition, quite some code has been fine-tuned.

However, as a result, every theme will require a small update ...

A bunch of internal changes:
 - better organisation of include files
 - renamed a few function to make more sense
 - small bugfix in the user account registration
 - ...

A big, fat commit with a shitload of internal changes.  Not that much
visual changes:

- removed redundant files user.class.php, calendar.class.php
  and backend.class.php.
- converted *all* mysql queries to queries supported by the
  database abstraction layer.
- expanded the watchdog to record more information on what
  actually happened.
- bugfix: anonymous readers where not able to view comments.
- bugfix: anonymous readers could gain read-only access to
  the submission queue.
- bugfix: invalid includes in backend.php
- bugfix: invalid use of '$user->block'

and last but not least:

- redid 50% of the user account system

Changelog
---------
- improved the user information page.
- improved the story submission page.
- fixed comments score bug: '.00' --> 'x.00'
- tried fixing the calendar wrapping - UnConeD, is it fixed now?
- provided a link back to the submission queue after having voted
  for a story.
- fixed comment subject bug (and security flaw) by replacing
  quotes by ".
- updated theme 'zaphod': fixed 2 bugs.
- updated theme 'marvin': fixed 1 bug and improved the layout so
  things wrap (hopefully) better in Windows.
- comments have by default no subject pre-set - if no subject is
  provided, the user is warned and when a comment eventually got
  submitted without a subject, a subject is composed using the x
  first characters of the comment's body.
- improved comments on submit.php
- corrected a typo in the FAQ.

UnConeD
-------
- replace 'article.php' by 'discussion.php'
- comment() still uses old references to account.php: the
  parameters you supply to account.php does no longer hold.
  You have to update those links to the new syntax.
- commentcontrol() is outdated - copy paste the one of
  theme 'marvin' and adjust it to your likings.

* On a side note:
   Jeroen: I'm feeling somewhat better at the moment so normally it
           should be OK if you'd stop by tonight (after 19:30h).
           Give me some feedback on this. ;-)

- Added a basic implementation of comment moderation
- Updated and renamed my 2 themes: I removed redundant boxes and tried to
  work towards simplicity.
- Disabled the other themes as they are broken (I gave you sufficent time
  to update them).
- Removed redundant files.
- Added security checks with regard to the usage of HTML tags.

Over the last 2 days I redid and reorganized an afwul lot of code and
made quite a lot of additions.   The most remarkable addition is the
diary server, which I slapped together in less then 40 minutes.   Most
of the other changes are however `unvisible' for the user but add much
value to a better maintainability from a developer's objective.  Like
always, I fixed quite a number of small bugs that creeped into the code
so we should have a bigger, better and more stable drop.org.

Unfortunatly, some theme update _are_ required:


REQUIRED THEME UPDATES:
=======================

* use format_username() where usernames are used
* use format_date() where timestamps/dates are used
* use format_email() where e-mail addresses are displayed
* use format_url() where url are displayed
* replace 'formatTimestamp' with format_date
* replace 'morelink_*' with 'display_morelink'

[most of these functions are in function.inc or template.inc]

___PLEASE___ (<- this should get your attention ;) update your themes
as soon as possible - it only takes 30 min. to get in sync with the
other themes.  Don't start whining about the fact you don't know what
to change ... either eat the source cookie, or ask me to elaborate on
a few changes.  Just let me know what's puzzling you and I'll try to
help you out!


TODO LIST FOR NEXT WEEK
=======================
* Add checks for max. text length in textarea's?  Is there an HMTL
  attribute for this or ...?
* Comment moderation + mojo
* Edit/admin user accounts: block, delete, change permissions, ...
* E-mail password, change password, change e-mail address -> extra
  checks and routines to validate such `special' changes.
* Input checking - input filter: bad words, html tags, ...

A really BIG, BIG UPDATE, after two straight days of nothing but code
and sleep, new stuff is finally in drop.org.  This is a quite large
and wide-ranging update, which affects almost all of the system files
in one way or another.  I fixed quite a lot of bugs and added quite a
lot of new features, mostly administrative tools as these were really
lacking.  It's far from finished but it's a start ...

Updates:
--------

* URI/URL enhancements to make the URLs more comprehensive and shorter.
* Fixed a bug in submit.php that slipped in during the latest commit.
* Changed a few tidbits on the calendar.
* Fixed a bug in most themes:
    $tid       --> $cid
    COUNT(tid) --> COUNT(cid)
  Updated most themes except for UnConeD's.
* Fixed a handful of problems with Jeroen's theme.  However, Jeroen's
  theme is still not working yet - some features are completly missing,
  making the theme not very useful ...

Any known bugs left?  If not, I'll head on tonight and add some new
features.  I'll probably add basic admin tools to edit articles and
such.  Once done, we can start on the comment moderation.

* Added more and better error checking which should fix 'potential'
  bugs or weird behavior in case something goes wrong.  We aim for
  something that is rock-solid, right? :-)

* Update: improved error checking/handling.

* Small bugfix from Ekeren - Dries
  (hopefully it works)

* Small bugfix for `Display mode'.

* A fix related to the comment system - one of the settings is now
  truncated.

* Integrated the database abstraction layer into the account pages.  One
  reason for doing so is because the database abstraction layer provides
  build-in error checking and a debug mode for easy development.

Here we go again with a rather large commit:
fixed a lot of annoying bugs and boxed whatever there was left to be boxed.

 * user.class.php: renamed $user->update() to $user->rehash().
 * user.class.php: fixed a typical quote-bug in $user->rehash().
 * functions.inc: fixed bug in displayOldHeadlines().
 * functions.inc: improved several functions.
 * account.php: fixed major bug in showUser().
 * account.php: added some extra words to the human-readable
                password-generator(tm).
 * account.php: boxed ALL functions! Fieuw!
 * submit.php: add some general information and guidlines on how to
               post submissions.
 * config.inc: re-thought the categories to be more generic.
 * submission.php: minor changes
 * search.pph: fixed minor bug with the author's names.

Woops.  I have an exam within 4 hours: back to my books. ;-)

--------------------------------------------------------------------

 * Anyone could check sumbit.php, sumbission.php and faq.php for
   typoes?
 * Anyone could adjust calendar.class.php to fit IE?  *huh*huh*
 * Don't be scared to hack along (see below)!  I'll be working on
   the submissions and comments.

--------------------------------------------------------------------

Status of drop v0.10:
(make the system erational' and release it.)

  - submissions:
      submission queue         (75% complete)
      submission moderation    (75% complete)
  - comments:
      comment moderation       ( 0% complete)
      comment administration   ( 0% complete)
      fixup timestamp mess     ( 0% complete)
  - user system:
      mail password            ( 0% complete)
      user administation       (50% complete)
      patch admin.php          ( 0% complete)
      account confirmation     ( 0% complete)
      e-mail confimation upon modification of e-mail address
                               ( 0% complete)
  - proper handling of forms: text2html, html2text
      html2txt, txt2html       (10% complete)
      bad-word filter          (80% complete)
      automatic link detection ( 0% complete)
      allowed HTML-tag checker ( 0% complete)
  - FAQ:
      cleanup, disclaimer      (50% complete)
  - theme:
      box everything          (100% complete)

Hoeray!  I have a first core version of submission moderation up and
running.  This means people can submit stories, and moderators can
moderate stories.  When a submission reaches a certain positive
threshold (currently set to 2) the submission becomes a story and up
it goes.   If a submission reaches a certain negative threshold
(currently set to -2) the submission is dumped.

The fact this is all done by our visitors (without our intervention)
makes it truly spiffy imho.  The website can live a life on it's own,
fed by the visitors.

Beware, a lot of work need to be done though ... it's just a first
basic implementation with the core functionality.  There are quite
a lot of things that I'll need to change, extend and improve.  But
comments, suggestions and ideas are - as always - welcomed.

Please read this log message carefully!  It features quite a lot of
important information.

To test the moderation, log in, select theme 'Dries' (the other themes
need a small update) and head by clicking the one and only 'submission
moderation' link.  Don't be afraid to submit lame/funny/useless
stories for testing purpose ... as soon we go public, we'll wipe out
the story database.  ;-)


WHAT'S NEW?
-----------
* Added 2 new operations to user.class.php to set and retrieve the
  user's "history".  Very evil but required to avoid people voting
  twice.
* Moved dbsave() from account.php to functions.php.  In addition, I
  added a new function to user.class.php called `save()' that ...
  well, saves the object back to the database.  It's (IMHO) a better
  approach compared to dbsave(): it keeps things organized. ;-)


BUGFIXES:
---------
* Fixed a (heavy) memory leak in the constructor of user.class.php:
  mysql_fetch_array() returns an _associative_ array which made the
  constructor `pollute' the object with a lot of useless variables.
* Fixed the slash-problem on the account pages. :-)
* Fixed UnConeD's theme glitch, alas the warning.
* Fixed the e-mail address not showing in the confirmation email
  (upon registration).
* Fixed the typical quote and backslash problems in submit.php.
* submit.php now uses the database abstraction layer.

IMPORTANT:
----------
* You can check the new submission system at:
    http://beta.drop.org/submission.php
  or by following the `submission moderation' link from my theme.
* UnConeD, Jeroen: you'll need to update your themes to take
  advantage of the new function: displayAccount().  This function
  will display the `submission moderation' link when a user is
  logged on.
* Natrak: you might want to apply the patches in user.class.php
  on the other sites using the same user-system.

Updates:
 * Various small changes to account.php including a SQL table movement:
   'testusers' -> 'users'.  As a result, user.class.php and article.php
   needed patching as well.  Hopefully I didn't break anyting.  ;o)

* Implemented ban-capabilities, a first step towards an admin-friendly user
  system:
   - you can add and remove wild-carded e-mails from the banlist.
   - you can add and remove wild-carded hostnames from the banlist.
   - you can add and remove wild-carded usernames from the banlist.
   - you can add and remove wild-carded profanity from the banlist.
   - you can browse all bans according to their category: see ban.php.

IMPORTANT PATCH:
----------------

* Altered the theming system to follow the naming convention of class files.
  theme.class has been renamed to theme.class.php!
* I fixed the default theme and my own theme, but none of the others themes
  for your convenience...  This means *you* have to rename your theme on CVS
  by (a) removing it from CVS and (b) adding it back with a its new name:
  'theme.class.php'.
    For the clueless:
    mv theme.class theme.class.php
    cvs remove theme.class
    cvs add theme.class.php
    cvs commit theme.class.php
* Sorry for breaking things ... try to fix it asap and everything will be
  OK. ;)

* Enhancement: removed themes/list.php by integrating it directly into
  account.php.  list.php was just being clumpsy and did simply not
  belong in the themes/-directory.

Bugfixes:
---------
* Fixed a few bugs in account.php - saves Natrak some time.
  I only fixed the obvious, very small bugs reported today.

Enhancements:
-------------
* Made the default theme a setting in config.inc.  You can now easily
  change the default theme.  It's a much nicer approach with more
  flexibility.  When working on your theme, you set your theme to be the
  default theme.  In addition, with a small scripting tric in config.inc
  we could automatically set the default theme to the most popular theme
  (according to the user table), or we could periodically cycle (round
  robin) through all themes: say every week a new default theme.  I truly
  think that's better. :-)
* Adjusted config.inc, theme.inc and account.php in order to do so.
* I have some remarks with regards to config.inc, but I think I'll share
  those later in a seperate mail.