id && $moderate) { $none = $comment_votes[key($comment_votes)]; foreach ($moderate as $id=>$vote) { if ($vote != $comment_votes[$none] && !user_getHistory($user->history, "c$id")) { ### Update the comment's score: $result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id"); ### Update the user's history: user_setHistory($user, "c$id", $vote); } } } } function discussion_kids($cid, $mode, $threshold, $level = 0, $dummy = 0) { global $user, $theme; $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $threshold) ORDER BY c.timestamp, c.cid"); if ($mode == "nested") { while ($comment = db_fetch_object($result)) { if ($comment->score >= $threshold) { if ($level && !$comments) print "

sid&pid=$comment->cid\">hlcolor2\">reply to this comment

"; } function discussion_childs($cid, $threshold, $level = 0, $thread) { global $theme, $user; ### Perform SQL query: $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid AND (c.votes = 0 OR c.score / c.votes >= $threshold) ORDER BY c.timestamp, c.cid"); if ($level == 0) $thread = ""; while ($comment = db_fetch_object($result)) { if ($level && !$comments) { $thread .= "

sid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ." by ". format_username($comment->userid) ." (". discussion_score($comment) .")

"; ### Recursive: discussion_childs($comment->cid, $threshold, $level + 1, &$thread); } if ($level && $comments) { $thread .= "

"; } return $thread; } function discussion_settings($mode, $order, $threshold) { global $user; if ($user->id) { $data[mode] = $mode; $data[sort] = $order; $data[threshold] = $threshold; user_save($data, $user->id); } } function discussion_display($sid, $pid, $cid, $level = 0) { global $user, $theme; ### Pre-process variables: $pid = (empty($pid)) ? 0 : $pid; $cid = (empty($cid)) ? 0 : $cid; $mode = ($user->id) ? $user->mode : "threaded"; $order = ($user->id) ? $user->sort : "1"; $threshold = ($user->id) ? $user->threshold : "0"; ### Compose story-query: $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status != 0 AND s.id = $sid"); $story = db_fetch_object($result); ### Display story: if ($story->status == 1) $theme->article($story, "[ hlcolor2\">submission queue | id&pid=0\">hlcolor2\">add a comment ]"); else $theme->article($story, "[ hlcolor2\">home | id&pid=0\">hlcolor2\">add a comment ]"); ### Display `comment control'-box: if ($user->id) $theme->commentControl($sid, $title, $threshold, $mode, $order); ### Compose query: $query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.sid = $sid AND c.pid = $pid AND (c.votes = 0 OR c.score / c.votes >= $threshold)"; if ($order == 1) $query .= " ORDER BY c.timestamp DESC"; if ($order == 2) $query .= " ORDER BY c.score DESC"; $result = db_query($query); print "

\n"; ### Display the comments: while ($comment = db_fetch_object($result)) { ### Dynamically compose the `reply'-link: if ($pid != 0) { list($pid) = db_fetch_row(db_query("SELECT pid FROM comments WHERE cid = $comment->pid")); $link = "sid&pid=$pid#$pid\">hlcolor2\">return to parent | sid&pid=$comment->cid\">hlcolor2\">reply to this comment"; } else { $link = "sid&pid=$comment->cid\">hlcolor2\">reply to this comment "; } ### Display the comments: if (empty($mode) || $mode == "threaded") { $thread = discussion_childs($comment->cid, $threshold); $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link, $thread); } else { $theme->comment(new Comment($comment->userid, $comment->subject, $comment->comment, $comment->timestamp, $comment->url, $comment->fake_email, discussion_score($comment), $comment->votes, $comment->cid), $link); discussion_kids($comment->cid, $mode, $threshold, $level); } } print " \n"; print " \n"; print "

\n"; } function discussion_reply($pid, $sid) { global $user, $theme, $allowed_html; ### Extract parent-information/data: if ($pid) { $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid")); $theme->comment(new Comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->fake_email, discussion_score($comment), $comment->votes, $item->cid), "reply to this comment"); } else { $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $sid")); $theme->article($item, ""); } ### Build reply form: $output .= "\n"; $theme->box("Reply", $output); } function comment_preview($pid, $sid, $subject, $comment) { global $user, $theme, $allowed_html; ### Preview comment: $theme->comment(new Comment($user->userid, $subject, $comment, time(), $user->url, $user->fake_email, "", "", ""), "reply to this comment"); ### Build reply form: $output .= "\n"; $output .= "

\n"; $theme->box("Reply", $output); } function comment_post($pid, $sid, $subject, $comment) { global $user, $theme; ### Check for fake threads: $fake = db_result(db_query("SELECT COUNT(id) FROM stories WHERE id = $sid"), 0); ### Check for duplicate comments: $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$pid' AND sid = '$sid' AND subject = '". check_input($subject) ."' AND comment = '". check_input($comment) ."'"), 0); if ($fake != 1) { watchdog("error", "discussion: attempt to insert fake comment"); $theme->box("fake comment", "fake comment: $fake"); } elseif ($duplicate != 0) { watchdog("error", "discussion: attempt to insert duplicate comment"); $theme->box("duplicate comment", "duplicate comment: $duplicate"); } else { ### Validate subject: $subject = ($subject) ? $subject : substr($comment, 0, 29); ### Add watchdog entry: watchdog("comment", "discussion: added comment with subject '$subject'"); ### Add comment to database: db_query("INSERT INTO comments (pid, sid, author, subject, comment, hostname, timestamp) VALUES ($pid, $sid, '$user->id', '". check_input($subject) ."', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."')"); ### Compose header: header("Location: discussion.php?id=$sid"); } } include "includes/common.inc"; include "includes/comment.inc"; ### Security check: if (strstr($id, " ") || strstr($pid, " ") || strstr($sid, " ") || strstr($mode, " ") || strstr($order, " ") || strstr($threshold, " ")) { watchdog("error", "discussion: attempt to provide malicious input through URI"); exit(); } switch($op) { case "Preview comment": $theme->header(); comment_preview($pid, $sid, $subject, $comment); $theme->footer(); break; case "Post comment": comment_post($pid, $sid, $subject, $comment); break; case "reply": $theme->header(); discussion_reply($pid, $sid); $theme->footer(); break; case "Save": discussion_settings($mode, $order, $threshold); $theme->header(); discussion_display($id, $pid, $sid); $theme->footer(); break; case "Moderate comments": discussion_moderate($moderate); $theme->header(); discussion_display($id, $pid, $sid); $theme->footer(); break; default: $theme->header(); discussion_display($id, $pid, $sid); $theme->footer(); } ?>