diff --git a/account.php b/account.php index 79267fa9ab3..b3851e6cbb3 100644 --- a/account.php +++ b/account.php @@ -201,7 +201,7 @@ function account_user($uname) { $box1 .= " Bio:". format_data($account->bio) ."\n"; $box1 .= "\n"; - $result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND c.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10"); + $result = db_query("SELECT c.cid, c.pid, c.sid, c.subject, c.timestamp, s.subject AS story FROM comments c LEFT JOIN users u ON u.id = c.author LEFT JOIN stories s ON s.id = c.sid WHERE u.userid = '$uname' AND s.status = 2 AND s.timestamp > ". (time() - 1209600) ." ORDER BY cid DESC LIMIT 10"); while ($comment = db_fetch_object($result)) { $box2 .= "\n"; $box2 .= " \n"; @@ -418,4 +418,4 @@ switch ($op) { account_user($user->userid); } -?> \ No newline at end of file +?> diff --git a/discussion.php b/discussion.php index 24c6d6ab069..e38729c9994 100644 --- a/discussion.php +++ b/discussion.php @@ -35,7 +35,7 @@ function discussion_kids($cid, $mode, $threshold, $level = 0, $dummy = 0) { $comments++; $link = "sid&pid=$comment->cid\">hlcolor2\">reply to this comment"; - $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, check_output($comment->url), check_output($comment->fake_email), discussion_score($comment), $comment->votes, $comment->cid, $link); + $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link); discussion_kids($comment->cid, $mode, $threshold, $level + 1, $dummy + 1); } @@ -45,7 +45,7 @@ function discussion_kids($cid, $mode, $threshold, $level = 0, $dummy = 0) { while ($comment = db_fetch_object($result)) { if ($comment->score >= $threshold) { $link = "sid&pid=$comment->cid\">hlcolor2\">reply to this comment"; - $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, check_output($comment->url), check_output($comment->fake_email), discussion_score($comment), $comment->votes, $comment->cid, $link); + $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link); } discussion_kids($comment->cid, $mode, $threshold); } @@ -70,7 +70,7 @@ function discussion_childs($cid, $threshold, $level = 0, $thread) { $comments++; ### Compose link: - $thread .= "
  • sid&cid=$comment->cid&pid=$comment->pid\">". check_output($comment->subject) ." by ". format_username($comment->userid) ." (". discussion_score($comment) .")
    • "; + $thread .= "
  • sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ." by ". format_username($comment->userid) ." (". discussion_score($comment) .")
    • "; ### Recursive: discussion_childs($comment->cid, $threshold, $level + 1, &$thread); @@ -138,10 +138,10 @@ function discussion_display($sid, $pid, $cid, $level = 0) { ### Display the comments: if (empty($mode) || $mode == "threaded") { $thread = discussion_childs($comment->cid, $threshold); - $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid, $link, $thread); + $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link, $thread); } else { - $theme->comment($comment->userid, check_output($comment->subject), check_output($comment->comment), $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid, $link); + $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link); discussion_kids($comment->cid, $mode, $threshold, $level); } } @@ -157,7 +157,7 @@ function discussion_reply($pid, $sid) { ### Extract parent-information/data: if ($pid) { $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid")); - $theme->comment($item->userid, check_output($item->subject), check_output($item->comment), $item->timestamp, check_output($item->url), check_output($item->fake_email), discussion_score($comment), $comment->votes, $item->cid, "reply to this comment"); + $theme->comment(new Comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->fake_email, discussion_score($comment), $comment->votes, $item->cid), "reply to this comment"); } else { $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid")); @@ -201,7 +201,7 @@ function comment_preview($pid, $sid, $subject, $comment) { global $user, $theme, $allowed_html; ### Preview comment: - $theme->comment($user->userid, check_output($subject), check_output($comment), time(), check_output($user->url), check_output($user->fake_email), "", "", "", "reply to this comment"); + $theme->comment(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, "", "", ""), "reply to this comment"); ### Build reply form: $output .= "
    \n"; @@ -252,7 +252,7 @@ function comment_post($pid, $sid, $subject, $comment) { $fake = db_result(db_query("SELECT COUNT(*) FROM stories WHERE id = $sid"), 0); ### Check for duplicate comments: - $duplicate = db_result(db_query("SELECT COUNT(*) FROM comments WHERE pid = '$pid' AND sid = '$sid' AND subject = '". addslashes($subject) ."' AND comment = '". addslashes($comment) ."'"), 0); + $duplicate = db_result(db_query("SELECT COUNT(*) FROM comments WHERE pid = '$pid' AND sid = '$sid' AND subject = '". check_input($subject) ."' AND comment = '". check_input($comment) ."'"), 0); if ($fake != 1) { watchdog(3, "attemp to insert fake comment"); @@ -267,7 +267,7 @@ function comment_post($pid, $sid, $subject, $comment) { $subject = ($subject) ? $subject : substr($comment, 0, 29); ### Add comment to database: - db_insert("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '$user->id', '". addslashes($subject) ."', '". addslashes($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')"); + db_insert("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '$user->id', '". check_input($subject) ."', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')"); ### Compose header: header("Location: discussion.php?id=$sid"); @@ -275,6 +275,7 @@ function comment_post($pid, $sid, $subject, $comment) { } include "includes/theme.inc"; +include "includes/comment.inc"; switch($op) { case "Preview comment": @@ -308,4 +309,4 @@ switch($op) { $theme->footer(); } -?> \ No newline at end of file +?> diff --git a/includes/config.inc b/includes/config.inc index c5fdffd8f26..fa943fedbb4 100644 --- a/includes/config.inc +++ b/includes/config.inc @@ -11,16 +11,16 @@ #$dbname = "droporg"; ### http://beta.drop.org/: -$dbhost = "zind.net"; -$dbuname = "dries"; -$dbpass = "Abc123"; -$dbname = "dries"; +#$dbhost = "zind.net"; +#$dbuname = "dries"; +#$dbpass = "Abc123"; +#$dbname = "dries"; ### http://dione/: -#$dbhost = ""; -#$dbuname = "dries"; -#$dbpass = "oakley"; -#$dbname = "dries"; +$dbhost = ""; +$dbuname = "dries"; +$dbpass = "oakley"; +$dbname = "dries"; # # Name of the site @@ -118,7 +118,7 @@ $submission_votes = array("neutral (+0)" => "+ 0", # # Submission moderation thresholds: # -$submission_post_threshold = "2"; +$submission_post_threshold = "3"; $submission_dump_threshold = "-2"; -?> \ No newline at end of file +?> diff --git a/includes/story.inc b/includes/story.inc index 31deede659d..d0c40ab14e0 100644 --- a/includes/story.inc +++ b/includes/story.inc @@ -1,7 +1,7 @@ userid = $userid; $this->subject = $subject; $this->abstract = $abstract; diff --git a/search.php b/search.php index 18ef2c3b792..1ea6defc157 100644 --- a/search.php +++ b/search.php @@ -40,10 +40,10 @@ $output .= "     \n"; ### Print body of comment: - if ($comment) print " \n"; + if ($comment->comment) print " \n"; ### Print thread (if any): if ($thread) print " \n";
    Comment:sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."
    \n"; ### Compose and perform query: - $query = "SELECT DISTINCT s.id, s.subject, u.userid, s.timestamp, COUNT(c.cid) AS comments FROM comments c, stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND s.id = c.sid "; + $query = "SELECT s.id, s.subject, u.userid, s.timestamp, COUNT(c.cid) AS comments FROM stories s LEFT JOIN users u ON s.author = u.id LEFT JOIN comments c ON s.id = c.sid WHERE s.status = 2 "; $query .= ($author) ? "AND u.userid = '$author' " : ""; $query .= ($terms) ? "AND (s.subject LIKE '%$terms%' OR s.abstract LIKE '%$terms%' OR s.updates LIKE '%$terms%') " : ""; - $query .= ($category) ? "AND s.category = '$category' GROUP BY c.sid " : "GROUP BY c.sid "; + $query .= ($category) ? "AND s.category = '$category' GROUP BY s.id " : "GROUP BY s.id "; $query .= ($order == "Oldest first") ? "ORDER BY s.timestamp ASC" : "ORDER BY s.timestamp DESC"; $result = db_query("$query"); @@ -64,4 +64,4 @@ $theme->box("Search", $output); $theme->footer(); -?> \ No newline at end of file +?> diff --git a/submit.php b/submit.php index 18eeb2a429f..121e9385f31 100644 --- a/submit.php +++ b/submit.php @@ -120,7 +120,7 @@ function submit_preview($subject, $abstract, $article, $category) { $output .= "\n"; $theme->header(); - $theme->article(new Story($user->userid, check_output($subject), check_output($abstract), check_output($article), check_output($category), time())); + $theme->article(new Story($user->userid, $subject, $abstract, $article, $category, time())); $theme->box("Submit a story", $output); $theme->footer(); } @@ -160,4 +160,4 @@ switch($op) { break; } -?> \ No newline at end of file +?> diff --git a/themes/marvin/marvin.theme b/themes/marvin/marvin.theme index 5512ebe1b6a..6b3356c009b 100644 --- a/themes/marvin/marvin.theme +++ b/themes/marvin/marvin.theme @@ -177,9 +177,8 @@ ###### # Syntax.......: comment(...); # Description..: this function is used to theme user comments. - function comment($poster, $subject, $comment, $timestamp, $url, $email, $score, $votes, $cid, $link, $thread = "") { - print "\n\n"; - print "\n"; + function comment($comment, $link, $thread = "") { + print "cid\">\n"; ### Create comment header: print "\n"; @@ -193,22 +192,22 @@ ### Subject: print " \n"; - print " \n"; + print " \n"; ### Moderation: print " \n"; print " \n"; ### Author: print " \n"; - print " \n"; + print " \n"; print " \n"; ### Date print " \n"; - print " \n"; + print " \n"; print " \n"; print "
    Subject:hlcolor1\">$subjecthlcolor1\">". check_output($comment->subject) ."\n"; - display_comment_moderation($cid, $poster, $score, $votes); + display_comment_moderation($comment->cid, $comment->poster, $comment->score, $comment->votes); print "
    Author:". format_username($poster) ."Author:". format_username($comment->userid) ."
    Date:". format_date($timestamp) ."Date:". format_date($comment->timestamp) ."
    \n"; @@ -216,7 +215,7 @@ print "
    ". check_output($comment, 1) ."
    ". check_output($comment->comment, 1) ."
    bgcolor1\">$thread