diff --git a/account.php b/account.php
index 92015c3ae75b..5ff5200a3470 100644
--- a/account.php
+++ b/account.php
@@ -97,8 +97,8 @@ function validateUser($user) {
if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
### Check to see whether the username or e-mail address are banned:
- if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned for the following reason: $ban->reason .";
- if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: $ban->reason .";
+ if ($ban = ban_match($user[userid], $type2index[usernames])) $rval = "the specified username is banned for the following reason: $ban->reason .";
+ if ($ban = ban_match($user[email], $type2index[addresses])) $rval = "the specified e-mail address is banned for the following reason: $ban->reason .";
### Verify whether username and e-mail address are unique:
if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
@@ -114,11 +114,41 @@ function account_makePassword($min_length=6) {
return $password;
}
+function account_track_comments() {
+ global $user;
+
+ include "function.inc";
+
+ $output .= "This page is helpful in case you want to keep track of your most recent comments in any of the discussions. It helps you to review the replies your comments got.\n
\n";
+
+ ### Perform query:
+ $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
+
+ while ($story = db_fetch_object($sresult)) {
+ $output .= "
". plural($story->count, comment, comments) ." in article `id\">$story->subject `: \n";
+ $output .= " \n";
+
+ $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
+ while ($comment = db_fetch_object($cresult)) {
+ $output .= " id&cid=$comment->cid&pid=$comment->pid\">$comment->subject (". plural(discussion_num_replies($comment->cid), "reply", "replies") ." ) \n";
+ }
+
+ return $output;
+}
+
switch ($op) {
case "Login":
session_start();
$user = new User($userid, $passwd);
- if ($user && $user->valid()) session_register("user");
+ if ($user && $user->valid()) {
+ session_register("user");
+ watchdog(1, "session opened for user `$user->userid'.");
+ }
+ else {
+ watchdog(2, "failed login for user `$userid'.");
+ }
showUser($user->userid);
break;
case "new":
@@ -127,8 +157,14 @@ switch ($op) {
case "info":
showUser($uname);
break;
+ case "discussion":
+ include "theme.inc";
+ $theme->header();
+ $theme->box("Track your comments", account_track_comments());
+ $theme->footer();
+ break;
case "logout":
- // session_start();
+ watchdog(1, "session closed for user `$user->userid'.");
session_unset();
session_destroy();
unset($user);
@@ -157,6 +193,8 @@ switch ($op) {
$theme->box("Account details", "Your member account has been created and the details necessary to login have been sent to your e-mail account $new[email] . Once you received the account confirmation, hit this link to login.");
$theme->footer();
}
+
+ watchdog(1, "new user `$new[userid]' registered with e-mail address `$new[email]'");
}
break;
case "user":
@@ -191,7 +229,7 @@ switch ($op) {
### Display output/content:
include "theme.inc";
$theme->header();
- $theme->box("Edit user information", $output);
+ $theme->box("Edit your information", $output);
$theme->footer();
}
else {
@@ -246,7 +284,7 @@ switch ($op) {
### Display output/content:
include "theme.inc";
$theme->header();
- $theme->box("Customize page", $output);
+ $theme->box("Customize your page", $output);
$theme->footer();
}
else {
diff --git a/admin.inc b/admin.inc
index 7480000b2775..e81bd21e1fa2 100644
--- a/admin.inc
+++ b/admin.inc
@@ -15,11 +15,30 @@ function admin_header() {
th { font-family: helvetica, arial; text-align: center; background-color: #C0C0C0; color: #447744; }
td { font-family: helvetica, arial; }
-
+
+
+
+
+
\ No newline at end of file
diff --git a/admin.php b/admin.php
index 1993c14aa4c9..2253c46e520d 100644
--- a/admin.php
+++ b/admin.php
@@ -1,798 +1,317 @@
-Accounts:\n";
+
+ while ($account = db_fetch_object($result)) {
+ $output .= "$account->useridLogs: \n";
+ print "\n";
+ print " \n";
+ print " Date \n";
+ print " User \n";
+ print " Message \n";
+ print " Operations \n";
+ print " \n";
+
+ while ($log = db_fetch_object($result)) {
+ if ($log->userid) print " level] ."\">". date("D d/m, H:m:s", $log->timestamp) ." userid\">$log->userid ". substr($log->message, 0, 44) ." id\">more \n";
+ else print " level] ."\">". date("D d/m, H:m:s", $log->timestamp) ." $anonymous ". substr($log->message, 0, 44) ." id\">more \n";
+ }
+
+ print "
\n";
+}
+
+function log_view($id) {
+ ### Perform query:
+ $result = db_query("SELECT l.*, u.userid FROM logs l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id");
+
+ if ($log = db_fetch_object($result)) {
+ print "Logs: \n";
+ print "\n";
+ print " Level: $log->level Date: ". date("l, F d, Y - H:i A", $log->timestamp) ." User: userid\">". username($log->userid) ." Message: $log->message Hostname: $log->hostname
\n";
+ }
+}
+
+/*
+ * Ban administration:
+ */
+
+function ban_check($mask, $category) {
+ $ban = ban_match($mask, $category);
+
+ print "Status: \n";
+ print "". ($ban ? "Matched ban '$ban->mask ' with reason: $ban->reason .\n" : "No matching bans for '$mask'.
\n") ."";
+}
+
+function ban_new($mask, $category, $reason) {
+ ban_add($mask, $category, $reason, &$message);
+
+ print "
Status: \n";
+ print "$message\n";
+}
+
+function ban_display($category = "") {
+ global $PHP_SELF, $type2index;
+
+ ### initialize variable:
+ $category = $category ? $category : 1;
+
+ ### Perform query:
+ $result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask");
+
+ ### Generate output:
+ print "Bans: \n";
+ print "\n";
+ print " \n";
+ print " Active bans \n";
+ print " \n";
+ print " \n";
+ print " \n";
+ print " \n";
+ print " \n";
+ print " \n";
+ print " Mask \n";
+ print " Reason \n";
+ print " Operations \n";
+ print " \n";
+
+ while ($ban = db_fetch_object($result)) {
+ print " $ban->mask $ban->reason id\">delete %: matches any number of characters, even zero characters.
\n";
+ print "Add new ban: \n";
+ print "\n";
+ print "Ban check: \n";
+ print "\n";
+}
+
+/*
+ * Story administration:
+ */
+
+function story_edit($id) {
+ global $PHP_SELF, $anonymous, $categories;
+
+ $result = db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.id = $id");
+ $story = db_fetch_object($result);
+
+ $output .= "\n";
+
+ print $output;
+}
+
+function story_save($id, $subject, $abstract, $updates, $article, $category, $status) {
+ global $PHP_SELF;
+
+ ### Add submission to SQL table:
+ db_query("UPDATE stories SET subject = '$subject', abstract = '$abstract', updates = '$updates', article = '$article', category = '$category', status = '$status' WHERE id = $id");
+
+ ### Add log entry:
+ watchdog(1, "modified story `$subject'.");
+}
+
+function story_display($category = "") {
+ global $PHP_SELF;
+
+ ### Initialize variables:
+ $status = array("deleted", "pending", "public");
+
+ ### Perform SQL query:
+ $result = db_query("SELECT * FROM stories");
+
+ ### Display stories:
+ $output .= "Stories: \n";
+ $output .= "\n";
+ $output .= " \n";
+ $output .= " Subject \n";
+ $output .= " Status \n";
+ $output .= " Operations \n";
+ $output .= " \n";
+
+ while ($story = db_fetch_object($result)) {
+ $output .= " id\">$story->subject ". $status[$story->status] ." id\">edit
\n";
+
+ print $output;
+}
+
include "functions.inc";
-include "authentication.inc";
+include "function.inc";
+include "admin.inc";
-function login() {
- include "theme.inc";
- $theme->header();
- $theme->box("Login", "");
- $theme->footer();
-}
+admin_header();
-function logout() {
- setcookie("admin");
-
- include "theme.inc";
- $theme->header();
- ?>
- You are now logged out!
- You have been logged out of the system. Since authentication details are stored by using cookies, logging out is only necessary to prevent those who have access to your computer from abusing your account.
- footer();
-}
-
-function backup() {
- include "config.inc";
- if ($system == 0) {
- exec("mysqldump -h $dbhost -u $dbuname -p$dbpass $dbname | mail -s \"[$sitename] MySQL backup\" $notify_email");
- exec("mysqldump -h $dbhost -u $dbuname -p$dbpass $dbname > ../$sitename-backup-". date("Ymd", time()).".mysql");
- }
- else print "Warning: the backup feature is only supported on UNIX systems. Check your configuration file if you are using a UNIX system.
";
-}
-
-function main() {
- include "config.inc";
- include "theme.inc";
- $theme->header();
- dbconnect();
-
- $result = mysql_query("SELECT qid, subject, timestamp FROM queue order by timestamp");
-
- echo "";
-
- mysql_free_result($result);
- ?>
- Edit global blocks on main page. Allows you to update the content blocks on the main page.
- Edit user accounts. Add, delete, block, view and update user accounts.
- Edit adminstrators accounts. Backup MySQL tables. Will mail a backup of the MySQL database to ''.
- Webboard manager. Allows you to delete flamebait post or threads from the webboard.
- Poll manager. Install, delete or update polls.
- Referring site manager. Edit, block or delete sites that participate with the referring site program.
- Resource manager. (not implemented yet)Allows admins to maintain a list of resources, news sites and other interesting start points to start their search for news.
- Logout here ?";
}
-function block_add($title, $content) {
- dbconnect();
- mysql_query("INSERT INTO blocks VALUES (NULL,'$aid','$title','$content')");
- header("Location: admin.php?op=main");
-}
+admin_footer();
-function block_update($id, $title, $content) {
- dbconnect();
- mysql_query("update blocks set title='$title', content='$content' where id=$id");
- header("Location: admin.php?op=main");
-}
-
-function block_delete($id) {
- dbconnect();
- mysql_query("DELETE FROM blocks WHERE id = '$id'");
- header("Location: admin.php?op=main");
-}
-
-
-/*********************************************************/
-/* user account functions */
-/*********************************************************/
-
-function user_overview() {
- include "theme.inc";
- $theme->header();
- dbconnect();
- $result = mysql_query("SELECT * FROM users");
- while ($account = mysql_fetch_object($result)) {
- $count++;
- print "$count. $account->uname [ uname\">view | edit | block | delete ]current authors ";
- include "header.inc";
- dbconnect();
- $result = mysql_query("select aid from authors");
- echo "";
- while(list($a_aid) = mysql_fetch_row($result)) {
- echo "$a_aid ";
- echo "Modify Info Delete Author
";
- echo "";
- include "footer.inc";
-}
-
-function modifyadmin($chng_aid) {
- $titlebar = "update $chng_aid ";
- include "header.inc";
- dbconnect();
- $result = mysql_query("select aid, name, url, email, pwd from authors where aid='$chng_aid'");
- list($chng_aid, $chng_name, $chng_url, $chng_email, $chng_pwd) = mysql_fetch_row($result);
- echo "";
- include "footer.inc";
-}
-
-function updateadmin($chng_aid, $chng_name, $chng_email, $chng_url, $chng_pwd, $chng_pwd2) {
- if ($chng_pwd2 != "") {
- if($chng_pwd != $chng_pwd2) {
- $titlebar = "bad pass ";
- include "header.inc";
- echo "Sorry, the new passwords do not match. Click back and try again";
- include "footer.inc";
- exit;
- }
- dbconnect();
- $result = mysql_query("update authors set aid='$chng_aid', email='$chng_email', url='$chng_url', pwd='$chng_pwd' where NAME='$chng_name'");
- header("Location: admin.php?op=main");
- } else {
- dbconnect();
- $result = mysql_query("update authors set aid='$chng_aid', email='$chng_email', url='$chng_url' where NAME='$chng_name'");
- header("Location: admin.php?op=main");
- }
-}
-
-
-if ($admin) {
- switch($op) {
- case "main":
- main();
- break;
- case "blocks":
- block_overview();
- break;
- case "Add new block":
- block_add($title, $content);
- break;
- case "Delete block":
- block_delete($id);
- break;
- case "Update block":
- block_update($id, $title, $content);
- break;
- case "submission":
- // fall through
- case "View article":
- news_display($qid);
- break;
- case "Preview article":
- news_preview($qid, $uid, $author, $subject, $department, $category, $abstract, $comments, $article);
- break;
- case "Post article":
- news_post($qid, $uid, $author, $subject, $department, $category, $abstract, $comments, $article);
- break;
- case "Edit article":
- news_edit($sid);
- break;
- case "Update article":
- news_update($sid, $subject, $category, $department, $abstract, $comments, $article);
- break;
- case "Delete article":
- news_queue_delete($qid);
- break;
- case "news_admin_write":
- news_admin_write($sid);
- break;
- case "Preview admin article":
- news_admin_preview($subject, $category, $department, $abstract, $article);
- break;
- case "Post admin article":
- news_admin_post($subject, $category, $department, $abstract, $article);
- break;
- case "mod_authors":
- displayadmins();
- break;
- case "modifyadmin":
- modifyadmin($chng_aid);
- break;
- case "Update author":
- updateadmin($chng_aid, $chng_name, $chng_email, $chng_url, $chng_pwd, $chng_pwd2);
- break;
- case "Add author":
- dbconnect();
- $result = mysql_query("INSERT INTO authors VALUES ('$add_aid','$add_name','$add_url','$add_email','$add_pwd')");
- if (!$result) {
- echo mysql_errno(). ": ".mysql_error(). "Yes No ";
- include "footer.inc";
- break;
- case "deladminconf":
- dbconnect();
- mysql_query("delete from authors where aid='$del_aid'");
- header("Location: $that_url/admin.php?op=main");
- break;
- case "create":
- poll_createPoll();
- break;
- case "createPosted":
- poll_createPosted();
- break;
- case "remove":
- poll_removePoll();
- break;
- case "removePosted":
- poll_removePosted();
- break;
- case "user_overview":
- user_overview();
- break;
- case "backup":
- backup();
- main();
- break;
- case "view":
- poll_viewPoll();
- break;
- case "viewPosted":
- poll_viewPosted();
- break;
- case "logout":
- logout();
- break;
- default:
- main();
- break;
- }
-} else {
- login();
-}
?>
\ No newline at end of file
diff --git a/authentication.inc b/authentication.inc
deleted file mode 100644
index 16a91c4a0349..000000000000
--- a/authentication.inc
+++ /dev/null
@@ -1,20 +0,0 @@
-
\ No newline at end of file
diff --git a/ban.inc b/ban.inc
index 72f6f2ce0e80..1d9fa095ed72 100644
--- a/ban.inc
+++ b/ban.inc
@@ -1,9 +1,13 @@
0x01,
- "profanity" => 0x02,
- "hostnames" => 0x03,
- "usernames" => 0x04);
+$type2index = array("addresses" => 0x01,
+ "profanity" => 0x02,
+ "hostnames" => 0x03,
+ "usernames" => 0x04);
+$index2type = array(0x01 => "addresses",
+ 0x02 => "profanity",
+ 0x03 => "hostnames",
+ 0x04 => "usernames");
function ban_match($mask, $category) {
### Perform query:
@@ -14,6 +18,8 @@ function ban_match($mask, $category) {
}
function ban_add($mask, $category, $reason, $message = "") {
+ global $index2type;
+
if (empty($mask)) {
$message = "Failed: empty banmasks are not allowed.\n";
}
@@ -23,12 +29,24 @@ function ban_add($mask, $category, $reason, $message = "") {
else {
$result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')");
$message = "Added new ban with mask `$mask'.
\n";
+
+ ### Add log entry:
+ watchdog(1, "added new ban `$mask' to category `". $index2type[$category] ."' with reason `$reason'.");
}
}
function ban_delete($id) {
- ### Perform query:
- $result = db_query("DELETE FROM bans WHERE id = $id");
+ global $index2type;
+
+ $result = db_query("SELECT * FROM bans WHERE id = $id");
+
+ if ($ban = db_fetch_object($result)) {
+ ### Perform query:
+ $result = db_query("DELETE FROM bans WHERE id = $id");
+
+ ### Deleted log entry:
+ watchdog(1, "removed ban `$ban->mask' from category `". $index2type[$ban->type] ."'.");
+ }
}
?>
diff --git a/config.inc b/config.inc
index c923769f3f50..d51bef6bbc61 100644
--- a/config.inc
+++ b/config.inc
@@ -3,9 +3,15 @@
#
# MySQL settings:
#
-$dbhost = "zind.net";
+
+#$dbhost = "zind.net";
+#$dbuname = "dries";
+#$dbpass = "Abc123";
+#$dbname = "dries";
+
+$dbhost = "";
$dbuname = "dries";
-$dbpass = "Abc123";
+$dbpass = "oakley";
$dbname = "dries";
#
@@ -64,7 +70,7 @@ $anonymous = "Anonymous Chicken";
#
# Default theme:
#
-$cfg_theme = "Dries";
+$cfg_theme = "UnConeD";
#
# Submission moderation votes:
diff --git a/discussion.php b/discussion.php
index 4de067b46f07..90929ed848b9 100644
--- a/discussion.php
+++ b/discussion.php
@@ -14,7 +14,7 @@ function comments_kids ($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy
$comments++;
$link = "sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\">hlcolor2\">reply to this comment ";
- $theme->comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
+ $theme->comment($comment->userid, stripslashes($comment->subject), stripslashes($comment->comment), $comment->timestamp, stripslashes($comment->url), stripslashes($comment->femail), $comment->score, $comment->cid, $link);
comments_kids($comment->cid, $mode, $order, $thold, $level + 1, $dummy + 1);
}
@@ -133,7 +133,7 @@ function comments_reply($pid, $sid, $mode, $order, $thold) {
### Extract parent-information/data:
if ($pid) {
$item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid"));
- $theme->comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->femail, $item->score, $item->cid, "reply to this comment");
+ $theme->comment($item->userid, stripslashes($item->subject), stripslashes($item->comment), $item->timestamp, stripslashes($item->url), stripslashes($item->femail), $item->score, $item->cid, "reply to this comment");
}
else {
$item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid"));
@@ -162,13 +162,13 @@ function comments_reply($pid, $sid, $mode, $order, $thold) {
$output .= " Subject:
\n";
### Comment field:
$output .= "\n";
$output .= " Comment:
\n";
### Hidden fields:
@@ -189,8 +189,8 @@ function comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold)
global $anonymous, $user, $theme;
### Preview comment:
- if ($user) $theme->comment("", $subject, $comment, time(), "", "", "na", "", "reply to this comment");
- else $theme->comment($user->userid, $subject, $comment, time(), $user->url, $user->femail, "na", "", "reply to this comment");
+ if ($user) $theme->comment("", stripslashes($subject), stripslashes($comment), time(), "", "", "na", "", "reply to this comment");
+ else $theme->comment($user->userid, stripslashes($subject), stripslashes($comment), time(), stripslashes($user->url), stripslashes($user->femail), "na", "", "reply to this comment");
### Build reply form:
$output .= "\n";
$theme->header();
- $theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($story), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes");
+ $theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($article), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes");
$theme->box("Submit a story", $output);
$theme->footer();
}
@@ -140,6 +140,9 @@ function submit_submit($subject, $abstract, $article, $category) {
$message = "New submission:\n\nsubject...: $subject\nauthor....: $user->userid <$user->email>\ncategory..: $category\nabstract..:\n$abstract\n\narticle...:\n$article";
mail($notify_email, "$notify_subject $subject", $message, "From: $notify_from\nX-Mailer: PHP/" . phpversion());
}
+
+ ### Add log entry:
+ watchdog(1, "added new submission with subject `$subject'.");
}
include "functions.inc";
@@ -147,10 +150,10 @@ include "theme.inc";
switch($op) {
case "Preview submission":
- submit_preview($subject, $abstract, $story, $category);
+ submit_preview($subject, $abstract, $article, $category);
break;
case "Submit submission":
- submit_submit($subject, $abstract, $story, $category);
+ submit_submit($subject, $abstract, $article, $category);
break;
default:
submit_enter();