A really BIG, BIG UPDATE, after two straight days of nothing but code

and sleep, new stuff is finally in drop.org. This is a quite large and wide-ranging update, which affects almost all of the system files in one way or another. I fixed quite a lot of bugs and added quite a lot of new features, mostly administrative tools as these were really lacking. It's far from finished but it's a start ...
2000-09-04 16:14:46 +00:00 · 2000-09-04 16:14:46 +00:00 · 7daa3fd8ee
parent a8e16d4f70
commit 7daa3fd8ee
15 changed files with 475 additions and 890 deletions
--- a/account.php
+++ b/account.php
@ -97,8 +97,8 @@ function validateUser($user) {
  if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
  ### Check to see whether the username or e-mail address are banned:
-  if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned  for the following reason: <I>$ban->reason</I>.";
+  if ($ban = ban_match($user[userid], $type2index[usernames])) $rval = "the specified username is banned  for the following reason: <I>$ban->reason</I>.";
-  if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
+  if ($ban = ban_match($user[email], $type2index[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
  ### Verify whether username and e-mail address are unique:
  if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid)=LOWER('$user[userid]')")) > 0) $rval = "the specified username is already taken.";
@ -114,11 +114,41 @@ function account_makePassword($min_length=6) {
  return $password;
 }
 function account_track_comments() {
  global $user;
  include "function.inc";
  $output .= "<P>This page is helpful in case you want to keep track of your most recent comments in any of the discussions.  It helps you to review the replies your comments got.\n<P>\n"; 
  ### Perform query:
  $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.sid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5");
  while ($story = db_fetch_object($sresult)) {
    $output .= "<LI>". plural($story->count, comment, comments) ." in article `<A HREF=\"discussion.php?id=$story->id\">$story->subject</A>`:</LI>\n";
    $output .= " <UL>\n";
    $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND sid = $story->id");
    while ($comment = db_fetch_object($cresult)) {
      $output .= "  <LI><A HREF=\"discussion.php?id=$story->id&cid=$comment->cid&pid=$comment->pid\">$comment->subject</A> (<B>". plural(discussion_num_replies($comment->cid), "reply", "replies") ."</B>)</LI>\n";
    }
    $output .= " </UL>\n";
  }
  return $output;
 }
 switch ($op) {
  case "Login":
    session_start();
    $user = new User($userid, $passwd);
-    if ($user && $user->valid()) session_register("user");
+    if ($user && $user->valid()) {
      session_register("user");
      watchdog(1, "session opened for user `$user->userid'.");
    }
    else {
      watchdog(2, "failed login for user `$userid'.");
    }
    showUser($user->userid);
    break;
  case "new":
@ -127,8 +157,14 @@ switch ($op) {
  case "info":
    showUser($uname);
    break;
  case "discussion":
    include "theme.inc";
    $theme->header();
    $theme->box("Track your comments", account_track_comments());
    $theme->footer();
    break;
  case "logout":
-    // session_start();
+    watchdog(1, "session closed for user `$user->userid'.");
    session_unset();
    session_destroy();
    unset($user);
@ -157,6 +193,8 @@ switch ($op) {
        $theme->box("Account details", "Your member account has been created and the details necessary to login have been sent to your e-mail account <B>$new[email]</B>.  Once you received the account confirmation, hit <A HREF=\"account.php\">this link</A> to login.");
        $theme->footer();
      }
      watchdog(1, "new user `$new[userid]' registered with e-mail address `$new[email]'");
    }
    break;
  case "user":
@ -191,7 +229,7 @@ switch ($op) {
      ### Display output/content:
      include "theme.inc";
      $theme->header();
-      $theme->box("Edit user information", $output);
+      $theme->box("Edit your information", $output);
      $theme->footer();
    }
    else {
@ -246,7 +284,7 @@ switch ($op) {
      ### Display output/content:
      include "theme.inc";
      $theme->header();
-      $theme->box("Customize page", $output);
+      $theme->box("Customize your page", $output);
      $theme->footer();
    }
    else {
--- a/admin.inc
+++ b/admin.inc
@ -15,11 +15,30 @@ function admin_header() {
    th	    { font-family: helvetica, arial; text-align: center; background-color: #C0C0C0; color: #447744; }
    td	    { font-family: helvetica, arial; }
   </STYLE>
-   <BODY BGCOLOR="#ffffff" LINK="#0000ff" VLINK="#000099" ALINK="#ff0000">
+   <BODY BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#000099" ALINK="#FF0000">
   <TABLE BORDER="1">
    <TR>
     <TD ALIGN="left" VALIGN="top" WIDTH="100">
      <P>
       <LI><A HREF="admin.php?section=accounts">accounts</A></LI>
       <LI><A HREF="admin.php?section=bans">bans</A></LI>
       <LI><A HREF="admin.php?section=logs">logs</A></LI>
       <LI><A HREF="admin.php?section=stories">stories</A></LI>
      <P>
       <LI><A HREF="">home</A></LI>
     </TD>
     <TD>
 <?
 }
 function admin_footer() {
 ?>
     </TD>
    </TR>
   </TABLE>
   </BODY>
  </HTML>
 <?
 }
 ?>
--- a/admin.php
+++ b/admin.php
--- a/authentication.inc
+++ b/authentication.inc
@ -1,20 +0,0 @@
 <?
 if ((isset($aid)) && (isset($pwd)) && ($op == "login")) {
  $admin = base64_encode("$aid:$pwd");
  setcookie("admin","$admin",time()+2592000); // 1 mo is 2592000
 }
 if (isset($admin)) {
  $admin = base64_decode($admin);
  $admin = explode(":", $admin);
  $aid = "$admin[0]";
  $pwd = "$admin[1]";
  dbconnect();
  if (mysql_num_rows(mysql_query("SELECT * FROM authors WHERE aid = '$aid' AND pwd = '$pwd'")) == 1) $admin = 1;
  else $admin = 0;
 } else {
  $admin = 0;
 }
 ?>
--- a/ban.inc
+++ b/ban.inc
@ -1,9 +1,13 @@
 <?
-$type = array("addresses" => 0x01,
+$type2index = array("addresses" => 0x01, 
                    "profanity" => 0x02, 
                    "hostnames" => 0x03,
                    "usernames" => 0x04);
 $index2type = array(0x01 => "addresses", 
                    0x02 => "profanity",
                    0x03 => "hostnames",
                    0x04 => "usernames");
 function ban_match($mask, $category) {
  ### Perform query:
@ -14,6 +18,8 @@ function ban_match($mask, $category) {
 }
 function ban_add($mask, $category, $reason, $message = "") {
  global $index2type;
  if (empty($mask)) {
    $message = "Failed: empty banmasks are not allowed.<P>\n";
  }
@ -23,12 +29,24 @@ function ban_add($mask, $category, $reason, $message = "") {
  else {
    $result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')");
    $message = "Added new ban with mask `$mask'.<P>\n";
    ### Add log entry:
    watchdog(1, "added new ban `$mask' to category `". $index2type[$category] ."' with reason `$reason'.");
  }
 }
 function ban_delete($id) {
  global $index2type;
  $result = db_query("SELECT * FROM bans WHERE id = $id");
  if ($ban = db_fetch_object($result)) {
    ### Perform query:
    $result = db_query("DELETE FROM bans WHERE id = $id");
    ### Deleted log entry:
    watchdog(1, "removed ban `$ban->mask' from category `". $index2type[$ban->type] ."'.");
  }
 }
 ?>
--- a/config.inc
+++ b/config.inc
@ -3,9 +3,15 @@
 #
 # MySQL settings:
 #
-$dbhost = "zind.net";
+
 #$dbhost = "zind.net";
 #$dbuname = "dries";
 #$dbpass = "Abc123";
 #$dbname = "dries";
 $dbhost = "";
 $dbuname = "dries";
-$dbpass = "Abc123";
+$dbpass = "oakley";
 $dbname = "dries";
 #
@ -64,7 +70,7 @@ $anonymous = "Anonymous Chicken";
 #
 # Default theme:
 #
-$cfg_theme = "Dries";
+$cfg_theme = "UnConeD";
 #
 # Submission moderation votes:
--- a/discussion.php
+++ b/discussion.php
@ -14,7 +14,7 @@ function comments_kids ($cid, $mode, $order = 0, $thold = 0, $level = 0, $dummy
        $comments++;
        $link = "<A HREF=\"discussion.php?op=reply&sid=$comment->sid&pid=$comment->cid&mode=$mode&order=$order&thold=$thold\"><FONT COLOR=\"$theme->hlcolor2\">reply to this comment</FONT></A>";
-        $theme->comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->femail, $comment->score, $comment->cid, $link);
+        $theme->comment($comment->userid, stripslashes($comment->subject), stripslashes($comment->comment), $comment->timestamp, stripslashes($comment->url), stripslashes($comment->femail), $comment->score, $comment->cid, $link);
        comments_kids($comment->cid, $mode, $order, $thold, $level + 1, $dummy + 1);
      }
@ -133,7 +133,7 @@ function comments_reply($pid, $sid, $mode, $order, $thold) {
  ### Extract parent-information/data:
  if ($pid) {
    $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid"));
-    $theme->comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->femail, $item->score, $item->cid, "reply to this comment");
+    $theme->comment($item->userid, stripslashes($item->subject), stripslashes($item->comment), $item->timestamp, stripslashes($item->url), stripslashes($item->femail), $item->score, $item->cid, "reply to this comment");
  }
  else {
    $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid"));
@ -162,13 +162,13 @@ function comments_reply($pid, $sid, $mode, $order, $thold) {
  $output .= " <B>Subject:</B><BR>\n";
  if (!eregi("Re:",$item->subject)) $item->subject = "Re: $item->subject"; 
    // Only one 'Re:' will just do fine. ;)
-  $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"$item->subject\">\n";
+  $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($item->subject) ."\">\n";
  $output .= "</P>\n";
  ### Comment field:
  $output .= "<P>\n";
  $output .= " <B>Comment:</B><BR>\n";
-  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">$user->signature</TEXTAREA><BR>\n";
+  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". stripslashes($user->signature) ."</TEXTAREA><BR>\n";
  $output .= "</P>\n";
  ### Hidden fields:
@ -189,8 +189,8 @@ function comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold)
  global $anonymous, $user, $theme;
  ### Preview comment:
-  if ($user) $theme->comment("", $subject, $comment, time(), "", "", "na", "", "reply to this comment");
+  if ($user) $theme->comment("", stripslashes($subject), stripslashes($comment), time(), "", "", "na", "", "reply to this comment");
-  else $theme->comment($user->userid, $subject, $comment, time(), $user->url, $user->femail, "na", "", "reply to this comment");
+  else $theme->comment($user->userid,  stripslashes($subject), stripslashes($comment), time(), stripslashes($user->url), stripslashes($user->femail), "na", "", "reply to this comment");
  ### Build reply form:
  $output .= "<FORM ACTION=\"discussion.php\" METHOD=\"post\">\n";
@ -212,13 +212,13 @@ function comment_preview($pid, $sid, $subject, $comment, $mode, $order, $thold)
  ### Subject field:
  $output .= "<P>\n";
  $output .= " <B>Subject:</B><BR>\n";
-  $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"$subject\">\n";
+  $output .= " <INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"". stripslashes($subject) ."\">\n";
  $output .= "</P>\n";
  ### Comment field:
  $output .= "<P>\n";
  $output .= " <B>Comment:</B><BR>\n";
-  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">$comment</TEXTAREA><BR>\n";
+  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"comment\">". stripslashes($comment) ."</TEXTAREA><BR>\n";
  $output .= "</P>\n";
  ### Hidden fields:
--- a/error.php
+++ b/error.php
@ -12,7 +12,7 @@
 <B>Temporary debug output:</B><BR>
  * STATUS...: <? echo $REDIRECT_STATUS; ?><BR>
  * URL......: <? echo $REDIRECT_URL; ?><BR>
-  * METHDOD..: <? echo $REQUEST_METHOD; ?><BR>
+  * METHOD...: <? echo $REQUEST_METHOD; ?><BR>
 <?
 switch($REDIRECT_STATUS) {
@ -34,6 +34,10 @@
   default:
    $message = "unknown error";
 }
 include "database.inc"; 
 include "log.inc";
 watchdog(3, "message: `$message' - requested url: $REDIRECT_URL - referring url: $HTTP_REFERER");
 ?>
 <B>Processed output:</B><BR>
--- a/faq.php
+++ b/faq.php
@ -10,7 +10,7 @@ $output = "
    The <I>Online Jargon Files</I> written by Eric Raymond define a FAQ as:
    <P><B>FAQ</B> /F-A-Q/ or /fak/ n.<BR>[Usenet] 1. A Frequently Asked Question. 2. A compendium of accumulated lore, posted periodically to high-volume newsgroups in an attempt to forestall such questions.  Some people prefer the term FAQ list or FAQL /fa'kl/, reserving FAQ' for sense 1.</P>
    <P><B>RTFAQ</B> /R-T-F-A-Q/ imp.<BR>[Usenet: primarily written, by analogy with <A HREF=\"#RTFM\">RTFM</A>] Abbreviation for \"Read The FAQ!\", an exhortation that the person addressed ought to read the newsgroup's FAQ list before posting questions.</P>
-    <P><B><A NAME=\"RTFM\">RTFM</A></B> /R-T-F-M/ imp.<BR>[Unix] Abbreviation for \"Read The Fucking Manual\". 1. Used by gurus to brush off questions they consider trivial or annoying.  2. Used when reporting a problem to indicate that you aren't just asking out of randomness. \"No, I can't figure out how to interface Unix to my toaster, and yes, I have RTFM.\"  Unlike sense 1, this use is considered polite.</P>
+    <P><B>RTFM</B> /R-T-F-M/ imp.<BR>[Unix] Abbreviation for \"Read The Fucking Manual\". 1. Used by gurus to brush off questions they consider trivial or annoying.  2. Used when reporting a problem to indicate that you aren't just asking out of randomness. \"No, I can't figure out how to interface Unix to my toaster, and yes, I have RTFM.\"  Unlike sense 1, this use is considered polite.</P>
    <P><B>User</B> n.<BR>1. Someone doing `real work' with the computer, using it as a means rather than an end. Someone who pays to use a computer.  2. A programmer who will believe anything you tell him.  One who asks silly questions. [GLS observes: This is slightly unfair.  It is true that users ask questions (of necessity). Sometimes they are thoughtful or deep.  Very often they are annoying or downright stupid, apparently because the user failed to think for two seconds or look in the documentation before bothering the maintainer.]  3. Someone who uses a program from the outside, however skillfully, without getting into the internals of the program.  One who reports bugs instead of just going ahead and fixing them.</P>
   </DD>
@ -20,7 +20,10 @@ $output = "
   <DT><B><A NAME=\"moderation\">Why moderatiom, trust metrics and collaborative filtering?</A></B></DT>
   <DD>To help individuals and communities address the challenges of information overload.<P>As each new piece of information competes for attention, people quickly tend to become overwhelmed and seek assistance in identifying the most interesting, worthwhile, valuable or enteraining items.  Not to mention the fact, reader-contributed content and other levels of interactivity tend to become chaotic, bloated and disreputable.<P>Therefore, we decided to develop a public system powered by a community that aims to bring quality content to everyone's attention and to filter out all junk: to <I>sort the wheat from the chaff</I>.  The output should be something clean and homogenized featuring quality content, and should slide down the gullet far more easily.  Another objective is to provide a customized service according to public and individual preferences, whether expressed or inferred.<P>Yes, you are right.  It all sounds a bit idealistic, not to mention hypothetical.  However, don't get this wrong: this isn't a new concept, various such systems exist nowadays (like <A HREF=\"http://slashdot.org/\">slashdot.org</A> or <A HREF=\"http://www.kuro5hin.org/\">kuro5hin.org</A>).  We just happen to want our own system.<P>Last but not least we, the $sitename team, don't want the responsibility to manually review each post and to select the ones worthy.  Systematic editing by individual editors is nice and dandy, if you get paid for it or if you have some time to kill.  Afterall, we are not writers, critics nor reviewers for that matter; we are programmers, designers and technicians.<P></DD>
-   <DT><B><A NAME=\"moderation\">How does submission moderation work?</A></B></DT>
+   <DT><B>Isn't moderation elitist?</B></DT>
   <DD>To some extent, yes.  The system is not designed to allow totally open and unfiltered access.  It is intended to create a good place for people who are interested in a topic to come together and communicate.  You can't communicate over a noisy channel, so part of our job is to reduce the ability for malicious users to create noise.<P></DD>
   <DT><B>How does submission moderation work?</B></DT>
   <DD>under construction<P></DD>
   <DT><B>How does comment moderation work?</B></DT>
--- a/function.inc
+++ b/function.inc
@ -0,0 +1,17 @@
 <?
 function plural($count, $one, $more) {
  return ($count == 1) ? "$count $one" : "$count $more";
 }
 function username($username) {
  include "config.inc";
  return ($username) ? $username : $anonymous;
 }
 function discussion_num_replies($id, $count = 0) {
  $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = $id");
  return ($result) ? mysql_result($result, 0) : 0;
 }
 ?>
--- a/functions.inc
+++ b/functions.inc
@ -1,27 +1,28 @@
 <?
 include "user.class.php";
 include "database.inc";
 include "log.inc";
 session_start();
 include "config.inc";
 $functions = 1;
 function id2story($id) {
  ### Perform query:
  $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id");
  return db_fetch_object($result);
 }
 function dbsave($dbase, $data, $id=0) {
  foreach ($data as $key=>$value) {
    if ($key == "passwd") { $query .= "$key=PASSWORD('". addslashes($value) ."'), "; }
    else { $query .= "$key='". addslashes($value) ."', "; }
  }
  $query = substr($query, 0, -2);
  dbconnect();
  if (!empty($id)) { mysql_query("UPDATE $dbase SET $query WHERE id=$id") or die(mysql_error()); return $id; }
  else { mysql_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); }
 }
-function dbconnect() {
+  if (!empty($id)) { db_query("UPDATE $dbase SET $query WHERE id=$id") or die(mysql_error()); return $id; }
-  include "config.inc";
+  else { db_query("INSERT INTO $dbase SET $query") or die(mysql_error()); return mysql_insert_id(); }
  mysql_pconnect($dbhost, $dbuname, $dbpass) or die(mysql_Error());
  mysql_select_db("$dbname") or die ("Unable to select database");
 }
 function morelink_bytes($theme, $story) {
@ -96,12 +97,6 @@ function addRefer($url) {
  }
 }
 function id2story($id) {
  ### Perform query:
  $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id");
  return db_fetch_object($result);
 }
 function displayModerationResults($theme, $story) {
  global $user;
@ -121,7 +116,7 @@ function displayModerationResults($theme, $story) {
 function displayRelatedLinks($theme, $story) {
  ### Parse story for <A HREF="">-tags:
-  $text = "$story->abstract $story->updates $story->article";
+  $text = stripslashes("$story->abstract $story->updates $story->article");
  while ($text = stristr($text, "<A HREF=")) {
    $link = substr($text, 0, strpos(strtolower($text), "</a>") + 4);
    $text = stristr($text, "</A>");
@ -195,7 +190,7 @@ function displayUserblock($theme) {
  global $user;
  if ($user && $user->ublockon) {
-    $content .= "<P ALIGN=\"right\">[ <A HREF=\"account.php?op=edithome\"><FONT COLOR=\"$theme->hlcolor2\">edit</FONT></A> | <A HREF=\"account.php?op=logout\"><FONT COLOR=\"$theme->hlcolor2\">logout</FONT></A> ]</P>";
+    $content .= "<P ALIGN=\"right\">[ <A HREF=\"account.php?op=edithome\"><FONT COLOR=\"$theme->hlcolor2\">edit</FONT></A> | <A HREF=\"account.php?op=discussion\"><FONT COLOR=\"$theme->hlcolor2\">Track comments</FONT></A> | <A HREF=\"account.php?op=logout\"><FONT COLOR=\"$theme->hlcolor2\">logout</FONT></A>]</P>";
    $theme->box("$user->userid's box", $user->content);
  }
 }
@ -224,28 +219,24 @@ function displayCalendar($theme, $date) {
  $theme->box("Browse archives", $calendar->display());
 }
 function displayAccountSettings($theme) {
  global $user;
  if ($user && $user->userid) { 
    ### Display account settings:
    $content  = "<LI><A HREF=\"account.php\">User info</A></LI>";
    $content .= "<LI><A HREF=\"account.php?op=user\">Edit user info</A></LI>";
    $content .= "<LI><A HREF=\"account.php?op=page\">Customize page</A></LI>";
    $content .= "<LI><A HREF=\"account.php?op=logout\">Logout</A></LI>";
    $theme->box("$user->userid's account", "$content");
  }
 }
 function displayAccount($theme) {
  global $user;
  include "submission.inc";
  if ($user && $user->userid) { 
    function submission_number() {
      $result = db_query("SELECT COUNT(id) FROM stories WHERE status = 1");
      return ($result) ? mysql_result($result, 0) : 0;
    }
    ### Display account settings:
-    $content .= "<LI><A HREF=\"submission.php\">moderate submissions</A> (<FONT COLOR=\"red\">". submission_count() ."</FONT>)</LI>";
+    $content  = "<LI><A HREF=\"account.php\">view your information</A></LI>";
    $content .= "<LI><A HREF=\"account.php?op=user\">edit your information</A></LI>";
    $content .= "<LI><A HREF=\"account.php?op=page\">customize your page</A></LI>";
    $content .= "<LI><A HREF=\"account.php?op=discussion\">track your comments</A></LI>";
    $content .= "<LI><A HREF=\"submission.php\">moderate submissions</A> (<FONT COLOR=\"red\">". submission_number() ."</FONT>)</LI>";
    $content .= "<LI><A HREF=\"account.php?op=logout\">logout</A></LI>";
    $theme->box("$user->userid's account", "$content");
  }
 }
--- a/poll.php
+++ b/poll.php
@ -39,13 +39,11 @@
 function deletePoll($id) {
  dbconnect();
  $query = "DELETE FROM poll WHERE id = $id";
  $result = mysql_query($query);
 }
 function enablePoll($id) {
  dbconnect();
  $query = "UPDATE poll SET status = 0 WHERE status = 1";
  $result = mysql_query($query);
@ -54,13 +52,11 @@ function enablePoll($id) {
 }
 function disablePoll($id) {
  dbconnect();
  $query = "UPDATE poll SET status = 0 WHERE id = $id";
  $result = mysql_query($query);
 }
 function castVote($vote) {
  dbconnect();
  $query = "SELECT * FROM poll WHERE status = 1";
  $result = mysql_query($query);
  if ($poll = mysql_fetch_object($result)) {
@ -72,34 +68,28 @@ function castVote($vote) {
 }
 function addPoll($question, $answer1, $answer2, $answer3 = "", $answer4 = "", $answer5 = "", $answer6 = "") {
  dbconnect();
  $query = "INSERT INTO poll (question, answer1, answer2, answer3, answer4, answer5, answer6) VALUES ('$question', '$answer1', '$answer2', '$answer3', '$answer4', '$answer5', '$answer6')";
  $result = mysql_query($query);
 }
 function updatePoll($id, $question, $answer1, $answer2, $answer3 = "", $answer4 = "", $answer5 = "", $answer6 = "") {
  dbconnect();
  $query = "UPDATE poll SET question = '$question', answer1 = '$answer1', answer2 = '$answer2', answer3 = '$answer3', answer4 = '$answer4', answer5 = '$answer5', answer6 = '$answer6' WHERE id = $id";
  $result = mysql_query($query);
 }
 function getPoll($id) {
  dbconnect();
  $query = "SELECT * FROM poll WHERE id = $id";
  $result = mysql_query($query);
  if ($poll = mysql_fetch_object($result)) return $poll;
 }
 function getActivePoll() {
  dbconnect();
  $query = "SELECT * FROM poll WHERE status = 1";
  $result = mysql_query($query);
  if ($poll = mysql_fetch_object($result)) return $poll->id;
 }
 function getPollArray() {
  dbconnect();
  $query = "SELECT * FROM poll";
  $result = mysql_query($query);
@ -203,7 +193,6 @@ if (!$box) {
 }
 if ($section == "poll") {
  include "authentication.inc";
  if ($method == "add") {
    if ($admin) {
      addPoll($question, $answer1, $answer2, $answer3, $answer4, $answer5, $answer6);
--- a/refer.php
+++ b/refer.php
@ -9,8 +9,6 @@ include "theme.inc";
 $theme->header();
 dbconnect();
 /*
 function addRefer($url) {
  $query = "SELECT * FROM refer WHERE url = '$url'";
--- a/submission.inc
+++ b/submission.inc
@ -20,7 +20,7 @@ function submission_vote($id, $vote, $comment) {
    db_query("UPDATE stories SET score = score $vote, votes = votes + 1 WHERE id = $id");
    ### Update the comments (if required):
-    if ($comment) db_query("INSERT INTO comments (sid, subject, comment, hostname, timestamp) VALUES($id, '". addslashes(substr($comment, 0, 29)) ." ...', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
+    if ($comment) db_query("INSERT INTO comments (sid, author, subject, comment, hostname, timestamp) VALUES($id, $user->id, '". addslashes(substr($comment, 0, 29)) ." ...', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')");
    ### Update user's history record:
    $user->setHistory("s$id", "$vote");  // s = submission
--- a/submit.php
+++ b/submit.php
@ -40,7 +40,7 @@ function submit_enter() {
  $output .= "<P>\n"; 
  $output .= " <B>Extended story:</B><BR>\n";
-  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"story\"></TEXTAREA><BR>\n";
+  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\"></TEXTAREA><BR>\n";
  $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
  $output .= "</P>\n";
@ -55,7 +55,7 @@ function submit_enter() {
  $theme->footer();
 }
-function submit_preview($subject, $abstract, $story, $category) {
+function submit_preview($subject, $abstract, $article, $category) {
  global $anonymous, $categories, $theme, $user;
  $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
@ -90,7 +90,7 @@ function submit_preview($subject, $abstract, $story, $category) {
  $output .= "<P>\n";
  $output .= " <B>Extended story:</B><BR>\n";
-  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"story\">". stripslashes($story) ."</TEXTAREA><BR>\n";
+  $output .= " <TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">". stripslashes($article) ."</TEXTAREA><BR>\n";
  $output .= " <SMALL><I>HTML is nice and dandy, but double check those URLs and HTML tags!</I></SMALL>\n";
  $output .= "</P>\n";
@ -119,7 +119,7 @@ function submit_preview($subject, $abstract, $story, $category) {
  $output .= "</FORM>\n";
  $theme->header();
-  $theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($story), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes");
+  $theme->preview($user->userid, stripslashes($subject), stripslashes($abstract), "", stripslashes($article), date("l, F d, Y - H:i A", time()), stripslashes($category), "we-hate-typoes");
  $theme->box("Submit a story", $output);
  $theme->footer();
 }
@ -140,6 +140,9 @@ function submit_submit($subject, $abstract, $article, $category) {
    $message = "New submission:\n\nsubject...: $subject\nauthor....: $user->userid <$user->email>\ncategory..: $category\nabstract..:\n$abstract\n\narticle...:\n$article";
    mail($notify_email, "$notify_subject $subject", $message, "From: $notify_from\nX-Mailer: PHP/" . phpversion());
  }
  ### Add log entry:
  watchdog(1, "added new submission with subject `$subject'.");
 }
 include "functions.inc";
@ -147,10 +150,10 @@ include "theme.inc";
 switch($op) {
  case "Preview submission":
-    submit_preview($subject, $abstract, $story, $category);
+    submit_preview($subject, $abstract, $article, $category);
    break;
  case "Submit submission":
-    submit_submit($subject, $abstract, $story, $category);
+    submit_submit($subject, $abstract, $article, $category);
    break;
  default:
    submit_enter();