Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

I just commit everything what was queued in my backlog: 

- Added a basic implementation of comment moderation
- Updated and renamed my 2 themes: I removed redundant boxes and tried to
  work towards simplicity.
- Disabled the other themes as they are broken (I gave you sufficent time
  to update them).
- Removed redundant files.
- Added security checks with regard to the usage of HTML tags.
3-00
Dries Buytaert 2000-09-26 07:34:33 +00:00
parent 6ca7f1e2f3
commit 5fc99970ab
19 changed files with 508 additions and 381 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.htaccess
View File

@ -1,4 +1,3 @@
#
# Apache/PHP/site settings:
#
@ -37,11 +36,11 @@ ErrorDocument 500 /error.php
# Overload PHP variables:
<IfModule mod_php4.c>
php_value track_vars On
php_value php_register_globals On
php_value magic_quotes_gpc On
php_value magic_quotes_runtime Off
php_value magic_quotes_sybase Off
php_value php_register_globals 1
php_value track_vars 1
php_value magic_quotes_gpc 1
php_value magic_quotes_runtime 0
php_value magic_quotes_sybase 0
php_value session.auto_start 1
php_value session.cookie_lifetime 1728000
php_value session.gc_maxlifetime 1728000

9
account.php
View File

@ -37,7 +37,7 @@ function showUser($uname) {
$output .= " <TR><TD><B>User ID:</B></TD><TD>$user->userid</TD></TR>\n";
$output .= " <TR><TD><B>Name:</B></TD><TD>$user->name</TD></TR>\n";
$output .= " <TR><TD><B>E-mail:</B></TD><TD><A HREF=\"mailto:$user->femail\">$user->femail</A></TD></TR>\n";
$output .= " <TR><TD><B>URL:</B></TD><TD><A HREF=\"$user->url\">$user->url</A></TD></TR>\n";
$output .= " <TR><TD><B>URL:</B></TD><TD><A HREF=\"$user->url\" TARGET=\"_new\">$user->url</A></TD></TR>\n";
if ($user->access > 0) $output .= "<TR><TD VALIGN=top><B>Access:</B></TD><TD>". showAccess() ."</TD></TR>\n";
$output .= " <TR><TD><B>Bio:</B></TD><TD>$user->bio</TD></TR>\n";
$output .= " <TR><TD><B>Signature:</B></TD><TD>$user->signature</TD></TR>\n";
@ -240,11 +240,10 @@ switch ($op) {
$output .= "<B>Theme:</B><BR>\n";
### Loop (dynamically) through all available themes:
$handle = opendir("themes");
while ($file = readdir($handle)) if(!ereg("^\.",$file) && file_exists("themes/$file/theme.class.php")) $options .= "<OPTION VALUE=\"$file\"". (((!empty($userinfo[theme])) && ($file == $cfg_theme)) || ($user->theme == $file) ? " SELECTED" : "") .">$file</OPTION>";
closedir($handle);
foreach ($themes as $key=>$value) {
$options .= "<OPTION VALUE=\"$key\"". (($user->theme == $key) ? " SELECTED" : "") .">$key - $value[1]</OPTION>";
}
if ($userinfo[theme]=="") $userinfo[theme] = $cfg_theme;
$output .= "<SELECT NAME=\"edit[theme]\">$options</SELECT><BR>\n";
$output .= "<I>Selecting a different theme will change the look and feel of the site.</I><P>\n";
$output .= "<B>Maximum number of stories:</B><BR>\n";

124
admin-new.php
View File

@ -1,124 +0,0 @@
<?
//////////////////////////////////////////////////
// This code should go in the admin pages and is only a temporary
// placeholder untill we are going to rewrite the admin pages. If
// you have the sudden urge to integrate it into admin.php or if
// you have some time to kill ... I won't stop you. A rewrite of
// admin.php is sheduled for v0.20 anyway ...
// Like this the ban.php code I just queued it to be included into
// the new admin pages. After proper integration, this file can
// be removed.
//
// -- Dries
//////////////////////////////////////////////////
include "database.inc";
include "ban.inc";
function ban_check($mask, $category) {
$ban = ban_match($mask, $category);
print "<H3>Status:</H3>\n";
print "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") ."";
}
function ban_new($mask, $category, $reason) {
ban_add($mask, $category, $reason, &$message);
print "<H3>Status:</H3>\n";
print "$message\n";
}
function ban_display($category = "") {
global $PHP_SELF, $type;
### initialize variable:
$category = $category ? $category : 1;
### Perform query:
$result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask");
### Generate output:
print "<H3>Active bans:</H3>\n";
print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
print " <TR>\n";
print " <TH COLSPAN=\"2\" >Active bans</TH>\n";
print " </TH>\n";
print " <TH>\n";
print " <FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print " <SELECT NAME=\"category\">\n";
for (reset($type); $cur = current($type); next($type)) {
print " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print " </SELECT>\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Refresh\">\n";
print " </FORM>\n";
print " </TH>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH>Mask</TH>\n";
print " <TH>Reason</TH>\n";
print " <TH>Operations</TH>\n";
print " </TR>\n";
while ($ban = db_fetch_object($result)) {
print " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n";
}
print " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n";
print "</TABLE>\n";
print "<BR><HR>\n";
print "<H3>Add new ban:</H3>\n";
print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print "<B>Banmask:</B><BR>\n";
print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
print "<B>Type:</B><BR>\n";
print "<SELECT NAME=\"category\"\">\n";
for (reset($type); $cur = current($type); next($type)) {
print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print "</SELECT><P>\n";
print "<B>Reason:</B><BR>\n";
print "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n";
print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n";
print "</FORM>\n";
print "<BR><HR>\n";
print "<H3>Ban check:</H3>\n";
print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print "<B>Banmask:</B><BR>\n";
print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
print "<B>Type:</B><BR>\n";
print "<SELECT NAME=\"category\"\">\n";
for (reset($type); $cur = current($type); next($type)) {
print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print "</SELECT><P>\n";
print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n";
print "</FORM>\n";
}
include "admin.inc";
admin_header();
switch ($op) {
case "Add ban":
ban_new($mask, $category, $reason);
ban_display($category);
break;
case "Check ban":
ban_check($mask, $category);
ban_display($category);
break;
case "delete":
ban_delete($id);
ban_display($category);
break;
default:
ban_display($category);
}
admin_footer();
?>

4
admin.php
View File

@ -1,5 +1,9 @@
<?
// TEMPORARY SECURITY PATCH:
if ($user->userid != "Dries") exit();
/*
* Account administration:
*/

56
config.inc
View File

@ -1,19 +1,19 @@
<?PHP
<?
#
# MySQL settings:
#
$dbhost = "zind.net";
$dbuname = "dries";
$dbpass = "Abc123";
$dbname = "dries";
#$dbhost = "";
#$dbhost = "zind.net";
#$dbuname = "dries";
#$dbpass = "oakley";
#$dbpass = "Abc123";
#$dbname = "dries";
$dbhost = "";
$dbuname = "dries";
$dbpass = "oakley";
$dbname = "dries";
#
# Name of the site
#
@ -24,7 +24,7 @@ $sitename = "drop.org";
# The contact information will be used to send out automated mails
# to users, account holders or visitors.
$contact_email = "droppies@zind.net";
$contact_signature = "Kind regards,\n\n-- the drop.org crew\nhttp://www.drop.org/";
$contact_signature = "Kind regards,\n\n-- the drop.org crew\nhttp://beta.drop.org/";
#
# Notify:
@ -46,36 +46,52 @@ $notify_from = "droppies@zind.net";
#
# Comment meta reasons:
#
$comments_votes = array("-1" => "-1", "0" => "0", "+1" => "+ 1", "+2" => "+ 2", "+3" => "+ 3", "+4" => "+ 4", "+5" => "+ 5");
$comment_votes = array("none" => "none", "-1" => "-1", "0" => "0", "+1" => "+ 1", "+2" => "+ 2", "+3" => "+ 3", "+4" => "+ 4", "+5" => "+ 5");
#
# Categories:
#
$categories = array('Announcements', 'Arts & Humanities', 'Business & Economy', 'Coding & Webdesign', 'Computers & Internet', 'Drop.org', 'Entertainment', 'Freedom', 'Government', 'News & Media', 'Science', 'Society & Culture');
$categories = array("Announcements",
"Arts & Humanities",
"Business & Economy",
"Coding & Webdesign",
"Computers & Internet",
"Drop.org",
"Entertainment",
"Freedom",
"Government",
"News & Media",
"Science",
"Society & Culture");
#
# Allowed HTML tags:
#
$allowed_html = "<A> <B> <BR> <DD> <DL> <DT> <EM> <I> <IL> <OL> <U> <UL>";
$allowed_html = "<A><B><BR><DD><DL><DT><EM><HR><I><IL><SMALL><OL><U><UL>";
#
# Name of the 'anonymous' user account:
#
$anonymous = "Anonymous Chicken";
#
# Default theme:
# Themes:
#
$cfg_theme = "Dries";
$themes = array("Marvin" => array(
"themes/marvin/marvin.theme",
"white, simple"),
"Zaphod" => array(
"themes/zaphod/zaphod.theme",
"yellow, simple"));
#
# Submission moderation votes:
#
// NOTE: changing $submission_votes will affect the integrity of your
// database. In short, the database field user.history will
// become invalid, and will need to be reset! Please, do not
// just change this setting unless you have an empty database
// or unless you know what you are doing.
# changing $submission_votes will affect the integrity of your
# database. In short, the database field user.history will
# become invalid, and will need to be reset! Please, do not
# change this setting unless you have an empty database or
# unless you know what you are doing.
$submission_votes = array("neutral (+0)" => "+ 0",
"post it (+1)" => "+ 1",
"dump it (-1)" => "- 1");

9
database.inc
View File

@ -11,7 +11,14 @@ function db_connect() {
include "config.inc";
mysql_pconnect($dbhost, $dbuname, $dbpass) or die(mysql_Error());
mysql_select_db("$dbname") or die ("Unable to select database");
// Note: we are using a persistent connection!
// NOTE: we are using a persistent connection!
}
function db_insert($query, $debug = false) {
// NOTE:
// add spam- and/or flood-checks
db_query($query, $debug);
}
function db_query($query, $debug = false) {

24
diary.php
View File

@ -19,7 +19,7 @@ function diary_overview($num = 20) {
$output .= "<DL>\n";
$output .= " <DD><P><B>$diary->userid wrote:</B></P></DD>\n";
$output .= " <DL>\n";
$output .= " <DD><P>$diary->text</P><P>[ <A HREF=\"diary.php?op=view&name=$diary->userid\">more</A> ]</P></DD>\n";
$output .= " <DD><P>". check($diary->text) ."</P><P>[ <A HREF=\"diary.php?op=view&name=$diary->userid\">more</A> ]</P></DD>\n";
$output .= " </DL>\n";
$output .= "</DL>\n";
}
@ -34,13 +34,13 @@ function diary_entry($timestamp, $text, $id = 0) {
if ($id) {
$output .= "<DL>\n";
$output .= " <DT><B>". date("l, F jS", $timestamp) .":</B> </DT>\n";
$output .= " <DD><P>[ <A HREF=\"diary.php?op=edit&id=$id\">edit</A> ]</P><P>$text</P></DD>\n";
$output .= " <DD><P>[ <A HREF=\"diary.php?op=edit&id=$id\">edit</A> ]</P><P>". check($text) ."</P></DD>\n";
$output .= "</DL>\n";
}
else {
$output .= "<DL>\n";
$output .= " <DT><B>". date("l, F jS", $timestamp) .":</B></DT>\n";
$output .= " <DD><P>$text</P></DD>\n";
$output .= " <DD><P>". check($text) ."</P></DD>\n";
$output .= "</DL>\n";
}
return $output;
@ -65,7 +65,7 @@ function diary_display($username) {
$theme->footer();
}
function diary_add_enter() {
function diary_add() {
global $theme, $user, $allowed_html;
### Submission form:
@ -88,13 +88,13 @@ function diary_add_enter() {
$theme->footer();
}
function diary_edit_enter($id) {
function diary_edit($id) {
global $theme, $user, $allowed_html;
$result = db_query("SELECT * FROM diaries WHERE id = $id");
$diary = db_fetch_object($result);
$output .= diary_entry($diary->timestamp, check($diary->text));
$output .= diary_entry($diary->timestamp, $diary->text);
$output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n";
@ -106,7 +106,7 @@ function diary_edit_enter($id) {
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$diary->id\">\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"timestamp\" VALUE=\"$diary->timestamp\">\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"timesamp\" VALUE=\"$diary->timestamp\">\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Preview diary entry\"> <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Submit diary entry\">\n";
$output .= "</P>\n";
@ -120,7 +120,7 @@ function diary_edit_enter($id) {
function diary_preview($text, $timestamp, $id = 0) {
global $theme, $user, $allowed_html;
$output .= diary_entry($timestamp, check($text));
$output .= diary_entry($timestamp, $text);
$output .= "<FORM ACTION=\"diary.php\" METHOD=\"post\">\n";
@ -146,11 +146,11 @@ function diary_submit($text, $id = 0) {
global $user, $theme;
if ($id) {
db_query("UPDATE diaries SET text = '". check(addslashes($text)) ."' WHERE id = $id");
db_query("UPDATE diaries SET text = '". addslashes($text) ."' WHERE id = $id");
watchdog(1, "old diary entry updated");
}
else {
db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". check(addslashes($text)) ."', '". time() ."')");
db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". addslashes($text) ."', '". time() ."')");
watchdog(1, "new diary entry added");
}
header("Location: diary.php?op=view&name=$user->userid");
@ -159,10 +159,10 @@ function diary_submit($text, $id = 0) {
switch($op) {
case "add":
diary_add_enter();
diary_add();
break;
case "edit":
diary_edit_enter($id);
diary_edit($id);
break;
case "view":
diary_display($name);

73
discussion.php
View File

@ -1,6 +1,27 @@
<?
function comments_kids ($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy = 0) {
function discussion_score($comment) {
$value = ($comments->votes) ? $comment->score / $comment->votes : $comments->score;
return (strpos($value, ".")) ? substr($value ."00", 0, 4) : $value .".00";
}
function discussion_moderate($moderate) {
global $user, $comment_votes;
$na = $comment_votes[key($comment_votes)];
foreach ($moderate as $id=>$vote) {
if ($user && $vote != $comment_votes[$na] && !user_getHistory($user->history, "c$id")) {
### Update the comment's score:
$result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id");
### Update the user's history:
user_setHistory($user, "c$id", $vote);
}
}
}
function discussion_kids($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy = 0) {
global $user, $theme;
$comments = 0;
@ -16,7 +37,7 @@ function comments_kids ($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
$theme->comment($comment->userid, stripslashes($comment->subject), stripslashes($comment->comment), $comment->timestamp, stripslashes($comment->url), stripslashes($comment->femail), $comment->score, $comment->cid, $link);
comments_kids($comment->cid, $mode, $order, $thold, $level + 1, $dummy + 1);
discussion_kids($comment->cid, $mode, $order, $thold, $level + 1, $dummy + 1);
}
}
}
@ -24,9 +45,9 @@ function comments_kids ($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy
while ($comment = db_fetch_object($result)) {
if ($comment->score >= $thold) {
$link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
$theme->comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
$theme->comment($comment->userid, check($comment->subject), check($comment->comment), $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
}
comments_kids($comment->cid, $mode, $order, $thold);
discussion_kids($comment->cid, $mode, $order, $thold);
}
}
elseif ($mode == "disabled") {
@ -41,7 +62,7 @@ function comments_kids ($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy
}
}
function comments_childs($cid, $mode, $order, $thold, $level = 0, $thread) {
function discussion_childs($cid, $mode, $order, $thold, $level = 0, $thread) {
global $anonymous, $theme, $user;
### Perform SQL query:
@ -62,12 +83,12 @@ function comments_childs($cid, $mode, $order, $thold, $level = 0, $thread) {
$thread .= ($mode) ? "&mode=$mode" : "&mode=threaded";
$thread .= ($order) ? "&order=$order" : "&order=0";
$thread .= ($thold) ? "&thold=$thold" : "&thold=0";
$thread .= "\">$comment->subject</A> by ";
$thread .= "\">". check($comment->subject) ."</A> by ";
$thread .= ($comment->userid) ? $comment->userid : $anonymous;
$thread .= " <SMALL>(". date("D, M d, Y - H:i:s", $comment->timestamp) .")<SMALL></LI>";
$thread .= " <SMALL>(". discussion_score($comment) .")<SMALL></LI>";
### Recursive:
comments_childs($comment->cid, $mode, $order, $thold, $level + 1, &$thread);
discussion_childs($comment->cid, $mode, $order, $thold, $level + 1, &$thread);
}
if ($level && $comments) {
@ -77,7 +98,7 @@ function comments_childs($cid, $mode, $order, $thold, $level = 0, $thread) {
return $thread;
}
function comments_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0) {
function discussion_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0) {
global $user, $theme;
### Pre-process variables:
@ -104,6 +125,8 @@ function comments_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0) {
if ($order == 2) $query .= " ORDER BY c.score DESC";
$result = db_query("$query");
print "<FORM METHOD=\"post\" ACTION=\"discussion.php\">\n";
### Display the comments:
while ($comment = db_fetch_object($result)) {
### Dynamically compose the `reply'-link:
@ -117,23 +140,27 @@ function comments_display($sid, $pid, $cid, $mode, $order, $thold, $level = 0) {
### Display the comments:
if (empty($mode) || $mode == "threaded") {
$thread = comments_childs($comment->cid, $mode, $order, $thold);
$theme->comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link, $thread);
$thread = discussion_childs($comment->cid, $mode, $order, $thold);
$theme->comment($comment->userid, check($comment->subject), check($comment->comment), $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link, $thread);
}
else {
$theme->comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
comments_kids($comment->cid, $mode, $order, $thold, $level);
$theme->comment($comment->userid, check($comment->subject), check($comment->comment), $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
discussion_kids($comment->cid, $mode, $order, $thold, $level);
}
}
print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$sid\">\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Moderate comments\">\n";
print "</FORM>\n";
}
function comments_reply($pid, $sid, $mode, $order, $thold) {
function discussion_reply($pid, $sid, $mode, $order, $thold) {
global $anonymous, $user, $theme;
### Extract parent-information/data:
if ($pid) {
$item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid"));
$theme->comment($item->userid, stripslashes($item->subject), stripslashes($item->comment), $item->timestamp, stripslashes($item->url), stripslashes($item->femail), $item->score, $item->cid, "reply to this comment");
$theme->comment($item->userid, check(stripslashes($item->subject)), check(stripslashes($item->comment)), $item->timestamp, stripslashes($item->url), stripslashes($item->femail), $item->score, $item->cid, "reply to this comment");
}
else {
$item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid"));
@ -189,8 +216,8 @@ function comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold)
global $anonymous, $user, $theme;
### Preview comment:
if ($user) $theme->comment("", stripslashes($subject), stripslashes($comment), time(), "", "", "na", "", "reply to this comment");
else $theme->comment($user->userid, stripslashes($subject), stripslashes($comment), time(), stripslashes($user->url), stripslashes($user->femail), "na", "", "reply to this comment");
if ($user) $theme->comment("", check(stripslashes($subject)), check(stripslashes($comment)), time(), "", "", "na", "", "reply to this comment");
else $theme->comment($user->userid, check(stripslashes($subject)), check(stripslashes($comment)), time(), stripslashes($user->url), stripslashes($user->femail), "na", "", "reply to this comment");
### Build reply form:
$output .= "<FORM ACTION=\"discussion.php\" METHOD=\"post\">\n";
@ -264,7 +291,7 @@ function comment_post($pid, $sid, $subject, $comment, $mode, $order, $thold) {
else {
if ($user) {
### Add comment to database:
db_query("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, $user->id, '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
db_insert("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, $user->id, '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
### Compose header:
$header = "discussion.php?id=$sid";
@ -274,7 +301,7 @@ function comment_post($pid, $sid, $subject, $comment, $mode, $order, $thold) {
}
else {
### Add comment to database:
db_query("INSERT INTO comments (pid, sid, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
db_insert("INSERT INTO comments (pid, sid, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
### Compose header:
$header .= "discussion.php?id=$sid&mode=threaded&order=1&thold=0";
@ -292,7 +319,7 @@ if ($save) {
$user->rehash();
}
switch($op) {
switch($op) {
case "Preview comment":
$theme->header();
comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold);
@ -303,12 +330,14 @@ switch($op) {
break;
case "reply":
$theme->header();
comments_reply($pid, $sid, $mode, $order, $thold);
discussion_reply($pid, $sid, $mode, $order, $thold);
$theme->footer();
break;
case "Moderate comments":
discussion_moderate($moderate);
default:
$theme->header();
comments_display($id, $pid, $sid, $mode, $order, $thold);
discussion_display($id, $pid, $sid, $mode, $order, $thold);
$theme->footer();
}

2
function.inc
View File

@ -31,7 +31,7 @@ function FixQuotes ($what = "") {
function check($message) {
include "config.inc";
return strip_tags(nl2br($message), $allowed_html);
return nl2br(strip_tags($message, $allowed_html));
}
function discussion_num_replies($id, $count = 0) {

169
refer.php
View File

@ -1,169 +0,0 @@
<?
### Include global settings:
include "config.inc";
include "function.inc";
include "authentication.inc";
include "theme.inc";
$theme->header();
/*
function addRefer($url) {
$query = "SELECT * FROM refer WHERE url = '$url'";
$result = mysql_query($query);
if ($site = mysql_fetch_object($result)) {
if ($site->status) {
$site->refers++;
$query = "UPDATE refer SET refers = '$site->refers', access_dt = '". time() ."' WHERE url = '$url'";
$result = mysql_query($query);
}
}
else {
$query = "INSERT INTO refer (url, name, refers, create_dt, access_dt) VALUES ('$url', '', '1', '". time() ."', '". time() ."')";
$result = mysql_query($query);
}
}
*/
function blockRefer($url) {
$query = "UPDATE refer SET status = '0' WHERE url = '$url'";
$result = mysql_query($query);
}
function setReferName($url, $name) {
$query = "UPDATE refer SET name = '$name' WHERE url = '$url'";
$result = mysql_query($query);
}
function deleteRefer($url) {
$query = "DELETE FROM refer WHERE url = '$url'";
$result = mysql_query($query);
}
function openRefer($url) {
$query = "UPDATE refer SET status = '1' WHERE url = '$url'";
$result = mysql_query($query);
}
function getReferArray($number = "") {
if ($number) {
$query = "SELECT * FROM refer ORDER BY refers DESC LIMIT $number";
$result = mysql_query($query);
}
else {
$query = "SELECT * FROM refer ORDER BY refers DESC";
$result = mysql_query($query);
}
$index = 0;
while ($site = mysql_fetch_object($result)) {
$rval[$index] = $site;
$index++;
}
return $rval;
}
$info = "<P>If you are not familiar with \"top sites\"-lists: we use a script that keeps track of the number of visitor your website referred to our site and we rank you according to that number. This can be a good, free way of increasing your website traffic: it is our way to give a link back to referring sites. In order to take advantage of this feature, you have to do is to use the following code when linking to our site:</P><BR><CENTER><FONT COLOR=\"orange\"><CODE>&lt;A HREF=\"http://this-site.com/<B>?url=http://www.your-website.com/</B>\"&gt;&lt;IMG SRC=\"this-site-button.gif\"&gt;&lt/A&gt;</CODE></FONT></CENTER><BR><P>By using the above line of code you will automatically participate in our referring site program. Note however that it will only work if you applied to above code correctly, that is, make sure you don't forget the <I>?url=http://www.your-website.com/</I> part. The more visitors you refer, the higher your ranking.</P><P>The highest ranked sites will be automatically included in most (if not all) our pages!</P>\n";
function referList($number = "", $detail = "0") {
$site = getReferArray($number);
$count = 1;
if ($detail) {
$rval .= "<TABLE CELLSPACING=\"2\" CELLPADDING=\"4\" WIDTH=\"100%\">\n";
$rval .= " <TR><TD><B>Rank</B></TD><TD><B>Referrals</B></TD><TD><B>URL or name</B></TD><TD NOWRAP><B>Last refer</B></TD></TR>\n";
for (reset($site); $entry = current($site); next($site)) {
$last = date("d/m/y - H:i:s", $entry->access_dt) ." &nbsp; <SMALL><I>(". round((time() - $entry->access_dt) / 86400) ." days ago)</I></SMALL>";
if ($entry->name) $rval .= " <TR><TD>$count</TD><TD>$entry->refers</TD><TD><A HREF=\"$entry->url\">$entry->name</A></TD><TD>$last</TD><TR>\n";
else $rval .= " <TR><TD>$count</TD><TD>$entry->refers</TD><TD><A HREF=\"$entry->url\">$entry->url</A></TD><TD>$last</TD></TR>\n";
$count++;
}
$rval .= "</TABLE>\n";
}
else {
for (reset($site); $entry = current($site); next($site)) {
if ($entry->name) $rval .= "$count. <A HREF=\"$entry->url\">$entry->name</A> ($entry->refers)<BR>";
else $rval .= "$count. <A HREF=\"$entry->url\">$entry->url</A> ($entry->refers)<BR>";
$count++;
}
}
return $rval;
}
function referAdmin($number = "") {
global $PHP_SELF, $bgcolor1, $bgcolor2;
$site = getReferArray($number);
$count = 1;
$rval .= "<TABLE CELLSPACING=\"2\" CELLPADDING=\"4\" WIDTH=\"100%\">\n";
$rval .= "<TR BGCOLOR=\"$bgcolor2\"><TD>#</TD><TD COLSPAN=\"2\">URL or name</TD><TD NOWRAP>First refer</TD><TD NOWRAP>Last refer</TD><TD>&nbsp;</TD><TD COLSPAN=\"3\">Commands</TD></TR>\n";
for (reset($site); $entry = current($site); next($site)) {
if ($entry->status) {
$delete = "delete";
$block = "<A HREF=\"$PHP_SELF?section=refer&method=block&url=$entry->url\">block</A>";
$status = "<FONT COLOR=\"orange\" SIZE=\"+2\">*</FONT>";
}
else {
$delete = "<A HREF=\"$PHP_SELF?section=refer&method=delete&url=$entry->url\">delete</A>";
$block = "<A HREF=\"$PHP_SELF?section=refer&method=open&url=$entry->url\">open</A>";
$status = "<FONT COLOR=\"red\" SIZE=\"+2\">*</FONT>";
}
$first = date("d/m/y - H:i:s", $entry->create_dt) ."<BR><FONT SIZE=\"-1\"><I>(". round((time() - $entry->create_dt) / 86400) ." days ago)</I></FONT>";
$last = date("d/m/y - H:i:s", $entry->access_dt) ."<BR><FONT SIZE=\"-1\"><I>(". round((time() - $entry->access_dt) / 86400) ." days ago)</I></FONT>";
if ($entry->name) $rval .= "<TR BGCOLOR=\"$bgcolor1\"><TD>$count</TD><TD><A HREF=\"$entry->url\">$entry->name</A></TD><TD>$entry->refers</TD><TD>$first</TD><TD>$last</TD><TD>$status</TD><TD>$block</TD><TD>$delete</TD><TD><A HREF=\"$PHP_SELF?section=refer&method=edit&url=$entry->url\">edit</A></TD></TR>";
else $rval .= "<TR BGCOLOR=\"$bgcolor1\"><TD>$count</TD><TD><A HREF=\"$entry->url\">$entry->url</A></TD><TD>$entry->refers</TD><TD>$first</TD><TD>$last</TD><TD>$status</TD><TD>$block</TD><TD>$delete</TD><TD><A HREF=\"$PHP_SELF?section=refer&method=edit&url=$entry->url\">edit</A></TD></TR>";
$count++;
}
$rval .= "</TABLE>\n";
return $rval;
}
/*
### log valid refers:
if (($url) && ($section != "refer") && (strstr(getenv("HTTP_REFERER"), $url))) {
addRefer($url);
}
*/
### parse URI:
if ($section == "refer") {
if ($admin) {
if ($method == "block") {
blockRefer($url);
print referAdmin();
}
else if ($method == "open") {
openRefer($url);
print referAdmin();
}
else if ($method == "delete") {
deleteRefer($url);
print referAdmin();
}
else if ($method == "edit") {
print "<FORM METHOD=\"post\" ACTION=\"$PHP_SELF?section=refer&method=update&url=$url\">\nEnter a description for $url:<BR><INPUT TYPE=\"text\" LENGTH=\"40\" NAME=\"name\">\n<INPUT TYPE=\"submit\" NAME=\"update\" VALUE=\"Update\">\n</FORM>";
}
else if ($method == "update") {
setReferName($url, $name);
print referAdmin();
}
else {
print referAdmin();
}
}
}
else {
$theme->box("Referring sites", "<P><U><A NAME=\"#refer-info\">Information:</A></U></P><P>$info</P><BR><BR><P><U><A NAME=\"#refer-more\">Complete list:</A></U></P>". referList("", 1));
}
$theme->footer();
?>

2
submission.inc
View File

@ -23,7 +23,7 @@ function submission_vote($id, $vote, $comment) {
if ($comment) db_query("INSERT INTO comments (sid, author, subject, comment, hostname, timestamp) VALUES($id, $user->id, '". addslashes(substr($comment, 0, 29)) ." ...', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
### Update user's history record:
user_setHistory($user, "s$id", "$vote"); // s = submission
user_setHistory($user, "s$id", $vote); // s = submission
### Update story table (if required):
$result = db_query("SELECT * FROM stories WHERE id = $id");

2
submit.php
View File

@ -129,7 +129,7 @@ function submit_submit($subject, $abstract, $article, $category) {
global $user, $theme;
### Add submission to SQL table:
db_query("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check(addslashes($subject)) ."', '". check(addslashes($abstract)) ."', '". check(addslashes($article)) ."', '". check(addslashes($category)) ."', '". time() ."')");
db_insert("INSERT INTO stories (author, subject, abstract, article, category, timestamp) VALUES ('$user->id', '". check(addslashes($subject)) ."', '". check(addslashes($abstract)) ."', '". check(addslashes($article)) ."', '". check(addslashes($category)) ."', '". time() ."')");
### Display confirmation message:
$theme->header();

18
template.inc
View File

@ -59,20 +59,12 @@ function displayOldHeadlines($theme, $num = 10) {
}
function displayCommentModeration($id) {
global $user;
global $user, $comment_votes;
print "VOTE: ";
if (($user) && !($vote = user_getHistory($user->history, "c$id"))) {
$output .= " <SELECT NAME=\"meta:$cid\">";
$output .= " <OPTION VALUE=\"-1\">Moderate</OPTION>\n";
foreach ($comments_meta_reasons as $key=>$value) {
$output .= " <OPTION VALUE=\"$value\">$key</OPTION>\n";
}
$output .= " </SELECT>";
}
else {
$output .= "voted";
if ($user && !user_getHistory($user->history, "c$id")) {
$output .= "<SELECT NAME=\"moderate[$id]\">\n";
foreach ($comment_votes as $key=>$value) $output .= " <OPTION VALUE=\"$value\">$key</OPTION>\n";
$output .= "</SELECT>\n";
}
print $output;

11
theme.inc
View File

@ -1,16 +1,17 @@
<?
include "config.inc";
include "template.inc";
global $user;
### Verify theme:
if (isset($user->theme) && file_exists("themes/$user->theme/theme.class.php")) {
include "themes/$user->theme/theme.class.php";
if ($user->theme && file_exists($themes[$user->theme][0])) {
include $themes[$user->theme][0];
}
else {
include "config.inc";
include "themes/$cfg_theme/theme.class.php";
include $themes[key($themes)][0];
}
$theme = new Theme();
?>

1
themes/index.php
View File

@ -1 +0,0 @@
<A HREF="/">home</A>

BIN
themes/marvin/images/drop.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 863 B

BIN
themes/marvin/images/logo.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.0 KiB

BIN
themes/marvin/images/pixel.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 B

374
themes/marvin/marvin.theme Normal file
View File

@ -0,0 +1,374 @@
<?
class Theme {
### color set #1:
var $bgcolor1 = "#EAEAEA"; // background color
var $fgcolor1 = "#404040"; // table body color
var $hlcolor1 = "#666699"; // high-light color
### color set #2:
var $bgcolor2 = "#666699";
var $fgcolor2 = "#666699";
var $hlcolor2 = "#666699";
### color set #3:
var $bgcolor3 = "#EFEFEF";
var $fgcolor3 = "yellow";
var $hlcolor3 = "yellow";
######
# Syntax.......: header($title);
# Description..: a function to draw the page header.
function header($title) {
?>
<HTML>
<HEAD>
<TITLE><? include "config.inc"; print $sitename; ?></TITLE>
<META NAME="description" CONTENT="drop.org">
<META NAME="keywords" CONTENT="drop, weblog, portal, community, news, article, announcements, stories, story, computer, science, space, hype, cult, geek, nerd, foo, bar">
</HEAD>
<STYLE type="text/css">
<!--
BODY,TD,P,UL,LI,DIV,FORM,EM,BLOCKQUOTE { font-size: 10pt; font-family: Lucida,Verdana,Helvetica,Arial; }
TH { font-size: 11pt; font-family: Lucida,Verdana,Helvetica,Arial; }
-->
</STYLE>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" ALINK="#CCCCCC" LINK="#665555" VLINK="#665555">
<TABLE BORDER="0" CELLPADDING="8" CELLSPACING="0">
<TR>
<TD ROWSPAN="3" WIDTH="30">&nbsp;</TD>
<TD COLSPAN="2"><A HREF="" ><IMG SRC="themes/marvin/images/logo.gif" ALT="drop.org" BORDER="0"></A></TD>
</TR>
<TR>
<TD ALIGN="right" COLSPAN="2"><SMALL><A HREF="">home</A> | <A HREF="faq.php">faq</A> | <A HREF="diary.php">diary</A> | <A HREF="search.php">search</A> | <A HREF="submit.php">submit news</A> | <A HREF="account.php">user account</A></SMALL></TD>
</TR>
<TR>
<TD VALIGN="top" WIDTH="500">
<?
}
######
# Syntax.......: abstract(...);
# Description..: a function to draw an abstract story box, that is the
# boxes displayed on the main page.
function abstract($story) {
include "config.inc";
$story->timestamp = date("l, F d, Y - h:i:s A", $story->timestamp);
print "\n<!-- story: \"$story->subject\" -->\n";
print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"2\" WIDTH=\"100%\">\n";
print " <TR><TD COLSPAN=\"2\"><IMG SRC=\"themes/marvin/images/drop.gif\" ALT=\"\"> &nbsp; <B>$story->subject</B></TD></TR>\n";
print " <TR VALIGN=\"bottom\"><TD COLSPAN=\"2\" BGCOLOR=\"#000000\" WIDTH=\"100%\"><IMG SRC=\"themes/marvin/images/pixel.gif\" WIDTH=\"1\" HEIGHT=\"0\" ALT=\"\"></TD></TR>\n";
print " <TR>\n";
print " <TD>\n";
print " <FONT COLOR=\"#7C7C7C\"><SMALL>Posted by ". format_username($story->userid) ." on $story->timestamp"; ?><? if ($story->department) print "<BR>from the $story->department dept."; ?><? print "</SMALL></FONT></TD><TD ALIGN=\"right\" VALIGN=\"top\" NOWRAP><SMALL><A HREF=\"search.php?category=". urlencode($story->category) ."\"><FONT COLOR=\"#83997A\">$story->category</FONT></A></SMALL>\n";
print " </TD>\n";
print " </TR>\n";
print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>\n";
print " <TR>\n";
print " <TD COLSPAN=\"2\">\n";
if ($story->abstract) print " <P>$story->abstract</P>\n";
if ($story->updates) print " <P><FONT COLOR=\"$this->bgcolor2\">Editor's note:</FONT> $story->updates</P>\n";
print " </TD>\n";
print " </TR>\n";
print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>\n";
print " <TR><TD COLSPAN=\"2\">". display_morelink($this, $story) ."</TD></TR>\n";
print "</TABLE>\n";
print "<BR><BR>\n\n";
}
######
# Syntax.......: article(...);
# Description..: a function to dispay a complete article (without user
# comments). It's what you get when you followed for
# instance one of read-more links on the main page.
function article($story, $reply) {
include "config.inc";
$story->timestamp = date("l, F d, Y - h:i:s A", $story->timestamp);
print "\n<!-- story: \"$story->subject\" -->\n";
print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"2\" WIDTH=\"100%\">\n";
print " <TR><TD COLSPAN=\"2\"><IMG SRC=\"themes/marvin/images/drop.gif\" ALT=\"\"> &nbsp; <B>$story->subject</B></TD></TR>\n";
print " <TR VALIGN=\"bottom\"><TD COLSPAN=\"2\" BGCOLOR=\"#000000\" WIDTH=\"100%\"><IMG SRC=\"themes/marvin/images/pixel.gif\" WIDTH=\"1\" HEIGHT=\"0\" ALT=\"\"></TD></TR>\n";
print " <TR>\n";
print " <TD>\n";
print " <FONT COLOR=\"#7C7C7C\"><SMALL>Posted by ". format_username($story->userid) ." on $story->timestamp"; ?><? if ($story->department) print "<BR>from the $story->department dept."; ?><? print "</SMALL></FONT></TD><TD ALIGN=\"right\" VALIGN=\"top\" NOWRAP><SMALL><A HREF=\"search.php?category=". urlencode($story->category) ."\"><FONT COLOR=\"#83997A\">$story->category</FONT></A></SMALL>\n";
print " </TD>\n";
print " </TR>\n";
print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>\n";
print " <TR>\n";
print " <TD COLSPAN=\"2\">\n";
if ($story->abstract) print " <P>$story->abstract</P>\n";
if ($story->updates) print " <P><FONT COLOR=\"$this->bgcolor2\">Editor's note:</FONT> $story->updates</P>\n";
if ($story->article) print " <P>$story->article</P>\n";
print " </TD>\n";
print " </TR>\n";
print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>\n";
print " <TR><TD ALIGN=\"right\" COLSPAN=\"2\">". $reply ."</TD></TR>\n";
print "</TABLE>\n";
print "<BR><BR>\n\n";
}
######
# Syntax.......: commentControl(...);
# Description..: this function is used to theme the comment control box.
function commentControl($sid, $title, $thold, $mode, $order) {
global $user;
$query = db_query("SELECT sid FROM comments WHERE sid = $sid");
if (!$query) $count = 0; else $count = db_num_rows($query);
if (!isset($thold)) $thold = 0;
?>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" BGCOLOR="#000000" WIDTH="100%">
<TR>
<TD>
<TABLE WIDTH="100%" BORDER="0" CELLSPACING="1" CELLPADDING="2">
<TR>
<TD ALIGN="center" BGCOLOR="<? echo "$this->bgcolor2"; ?>"><FONT COLOR="<? echo "$this->bgcolor1" ?>"><B>Comment control</B></FONT></TD>
</TR>
<TR>
<TD ALIGN="center" BGCOLOR="<? echo "$this->bgcolor1"; ?>">
<FORM METHOD="get" ACTION="discussion.php">
<SMALL>
<SELECT NAME="thold">
<OPTION VALUE="-1" <? if ($thold == -1) { echo "SELECTED"; } ?>>Threshold: -1
<OPTION VALUE="0" <? if ($thold == 0) { echo "SELECTED"; } ?>>Threshold: 0
<OPTION VALUE="1" <? if ($thold == 1) { echo "SELECTED"; } ?>>Threshold: 1
<OPTION VALUE="2" <? if ($thold == 2) { echo "SELECTED"; } ?>>Threshold: 2
<OPTION VALUE="3" <? if ($thold == 3) { echo "SELECTED"; } ?>>Threshold: 3
<OPTION VALUE="4" <? if ($thold == 4) { echo "SELECTED"; } ?>>Threshold: 4
<OPTION VALUE="5" <? if ($thold == 5) { echo "SELECTED"; } ?>>Threshold: 5
</SELECT>
<SELECT NAME="mode">
<OPTION VALUE="nested" <? if ($mode == "nested") { echo "SELECTED"; } ?>>Nested
<OPTION VALUE="flat" <? if ($mode == "flat") { echo "SELECTED"; } ?>>Flat
<OPTION VALUE="threaded" <? if (!isset($mode) || $mode=='threaded' || $mode=="") { echo "SELECTED"; } ?>>Threaded
</SELECT>
<SELECT NAME="order">
<OPTION VALUE="0" <? if (!$order) { echo "SELECTED"; } ?>>Oldest first
<OPTION VALUE="1" <? if ($order==1) { echo "SELECTED"; } ?>>Newest first
<OPTION VALUE="2" <? if ($order==2) { echo "SELECTED"; } ?>>Highest scoring first
</SELECT>
<INPUT TYPE="hidden" NAME="id" VALUE="<? echo "$sid"; ?>">
<INPUT TYPE="submit" VALUE="Refresh">
<?
if (isset($user)) echo "<BR><CENTER><INPUT TYPE=\"checkbox\" NAME=\"save\"> Save preferences</CENTER>";
?>
</SMALL>
</FORM>
</TD>
</TR>
<?
$result = db_query("SELECT COUNT(cid) FROM comments WHERE sid = $sid AND score < $thold");
if ($result && $number = db_result($result, 0)) {
?>
<TR>
<TD ALIGN="center" BGCOLOR="<? echo "$this->bgcolor2"; ?>"><SMALL><FONT COLOR="<? echo "$this->fgcolor2"; ?>">There are at least <? echo $number; ?> comments below your threshold.</FONT></SMALL></TD>
</TR>
<?
}
?>
</TABLE>
</TD>
</TR>
</TABLE>
<BR><BR>
<?
}
######
# Syntax.......: comment(...);
# Description..: this function is used to theme user comments.
function comment($poster, $subject, $comment, $timestamp, $url, $email, $score, $cid, $link, $thread = "") {
include "config.inc";
print "\n<!-- Comment: \"$subject\" by $poster -->\n";
print "<A NAME=\"$cid\">\n";
### Create comment header:
print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"0\" BGCOLOR=\"#000000\" WIDTH=\"100%\">\n";
print " <TR BGCOLOR=\"#000000\">\n";
print " <TD>\n";
print " <TABLE BORDER=\"0\" CELLPADDING=\"3\" CELLSPACING=\"1\" WIDTH=\"100%\">\n";
print " <TR>\n";
print " <TD BGCOLOR=\"$this->bgcolor1\">\n";
print " <TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"1\" WIDTH=\"100%\">\n";
print " <TR>\n";
### Subject:
print " <TD ALIGN=\"right\" WIDTH=\"5%\"><B>Subject:</FONT></TD>\n";
print " <TD WIDTH=\"80%\"><B><FONT COLOR=\"$this->hlcolor1\">$subject</FONT></B></TD>\n";
### Moderation:
print " <TD ALIGN=\"right\" ROWSPAN=\"3\" VALIGN=\"middle\" WIDTH=\"15%\">\n";
displayCommentModeration($cid);
print " </TD>\n";
print " </TR>\n";
### Author:
print " <TR>\n";
print " <TD ALIGN=\"right\" VALIGN=\"top\">Author:</TD><TD>". format_username($poster) ."</TD>\n";
print " </TR>\n";
### Date
print " <TR>\n";
print " <TD ALIGN=\"right\">Date:</TD><TD>". format_date($timestamp) ."</TD>\n";
print " </TR>\n";
print " </TABLE>\n";
print " </TD>\n";
print " </TR>\n";
### Print body of comment:
if ($comment) print " <TR><TD BGCOLOR=\"#FFFFFF\">$comment</TD></TR>\n";
### Print thread (if any):
if ($thread) print " <TR><TD BGCOLOR=\"$this->bgcolor1\">$thread</TD></TR>\n";
### Print bottom link(s):
print " <TR><TD ALIGN=\"right\" BGCOLOR=\"$this->bgcolor1\">[ $link ]</TD></TR>\n";
print " </TABLE>\n";
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "<BR>\n\n";
}
######
# Syntax.......: preview(...);
# Description..: this function is used to preview a story and is used at
# different parts of the homepage: when a visitors sumbits
# news, when an editor wants to post news, when people
# check the entries in the sumbission queue, etc.
function preview($author, $subject, $abstract, $updates, $article, $timestamp, $category, $department) {
include "config.inc";
print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"2\" WIDTH=\"100%\">";
print " <TR><TD COLSPAN=\"2\"><B>$subject</B></TD></TR>";
print " <TR VALIGN=\"bottom\"><TD COLSPAN=\"2\" BGCOLOR=\"#000000\" WIDTH=\"100%\"><IMG SRC=\"themes/marvin/images/pixel.gif\" WIDTH=\"1\" HEIGHT=\"0\" ALT=\"\"></TD></TR>";
print " <TR>";
print " <TD>";
print " <FONT COLOR=\"#7C7C7C\"><SMALL>Posted by ". format_username($author) ." on $timestamp"; ?><? if ($department) print "<BR>from the $department dept."; ?><? print "</SMALL></FONT></TD><TD ALIGN=\"right\" VALIGN=\"top\" NOWRAP><SMALL><A HREF=\"search.php?category=". urlencode($category) ."\"><FONT COLOR=\"#83997A\">$category</FONT></A></SMALL>\n";
print " </TD>";
print " </TR>";
print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>";
print " <TR>";
print " <TD COLSPAN=\"2\">";
if ($abstract) print "<P>$abstract</P>";
if ($comments) print "<P><FONT COLOR=\"$this->bgcolor2\">Editor's note:</FONT> $comments</P>";
if ($article) print "<P>$article</P>";
print " </TD>";
print " </TR>";
print " <TR><TD COLSPAN=\"2\">&nbsp;</TD></TR>";
print " <TR><TD COLSPAN=\"2\">$link</TD></TR>";
print "</TABLE>";
print "<BR><BR>";
}
######
# Syntax.......: box($subject, $body);
# Description..: a function to draw a box/block.
function box($subject, $content) {
include "config.inc";
print "\n<!-- box: \"$subject\" -->\n";
print "<TABLE BORDER=\"0\" CELLPADDING=\"0\" CELLSPACING=\"0\" BGCOLOR=\"#000000\" WIDTH=\"100%\">\n";
print " <TR>\n";
print " <TD>\n";
print " <TABLE BORDER=\"0\" CELLPADDING=\"5\" CELLSPACING=\"1\" WIDTH=\"100%\">\n";
print " <TR><TD ALIGN=\"center\" BGCOLOR=\"$this->bgcolor1\" WIDTH=\"100%\"><FONT COLOR=\"$this->fgcolor1\"><B>$subject</B></FONT></TD></TR>\n";
print " <TR><TD BGCOLOR=\"#FFFFFF\">$content</TD></TR>\n";
print " </TABLE>\n";
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "<BR>\n\n";
}
######
# Syntax.......: footer();
# Description..: a function to draw the page footer.
function footer() {
?>
</TD>
<TD VALIGN="top" WIDTH="150">
<?
global $PHP_SELF;
if (strstr($PHP_SELF, "index.php")) {
global $user, $date;
### Display account:
displayAccount($this);
### Display calendar:
displayOldHeadlines($this);
### Display calendar:
displayCalendar($this, $date);
### Display new diary entries:
displayNewDiaries($this);
}
elseif (strstr($PHP_SELF, "account.php")) {
### Display account:
displayAccount($this);
}
elseif (strstr($PHP_SELF, "diary.php")) {
### Display account:
displayAccount($this);
### Display new diary entries:
displayNewDiaries($this);
}
elseif (strstr($PHP_SELF, "submission.php")) {
### Display account:
displayAccount($this);
}
elseif (strstr($PHP_SELF, "submit.php")) {
### Display new headlines:
displayNewHeadlines($this);
}
elseif (strstr($PHP_SELF, "discussion.php")) {
global $id;
if ($id && $story = id2story($id)) {
if ($story->status == 2) {
### Display new headlines:
displayNewHeadlines($this);
}
else {
### Display results of moderation:
displayModerationResults($this, $story);
}
}
else {
### Display account:
displayAccount($this);
### Display new headlines:
displayNewHeadlines($this);
}
}
else {
### Display new headlines:
displayNewHeadlines($this);
}
?>
</TD>
</TR>
<TR>
<TD ALIGN="center" COLSPAN="3">
<SMALL>[ <A HREF="">home</A> | <A HREF="faq.php">faq</A> | <A HREF="diary.php">diary</A> | <A HREF="search.php">search</A> | <A HREF="submit.php">submit news</A> | <A HREF="account.php">user account</A> ]</SMALL>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
<?
}
}
?>