From a6d5713db1d2cf2471cd87b0cf29ef44afb07b2c Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sun, 13 Feb 2005 06:13:33 +0000 Subject: [PATCH] *** empty log message *** svn path=/trunk/boinc/; revision=5417 --- checkin_notes | 17 ++++ html/inc/db_ops.inc | 118 +++++++++++++++--------- html/inc/gallery.inc | 39 ++++++++ html/inc/prefs.inc | 13 +++ html/inc/profile.inc | 26 ++++++ html/inc/util.inc | 136 +++++++++------------------- html/user/add_venue_action.php | 6 +- html/user/add_venue_form.php | 6 +- html/user/confirm_email_change.php | 4 +- html/user/create_account_action.php | 2 +- html/user/create_account_form.php | 2 +- html/user/debug.php | 8 +- html/user/download.php | 68 +++++++------- html/user/edit_email_action.php | 12 +-- html/user/edit_user_info_action.php | 45 ++++----- html/user/explanation.php | 27 ------ html/user/forum_edit.php | 27 ++---- html/user/forum_forum.php | 29 ++---- html/user/forum_rate.php | 68 +++++++------- html/user/forum_reply.php | 23 +++-- html/user/forum_sample_index.php | 6 +- html/user/show_user.php | 6 +- 22 files changed, 353 insertions(+), 335 deletions(-) delete mode 100644 html/user/explanation.php diff --git a/checkin_notes b/checkin_notes index 4088dab37f..a69b1de1f6 100755 --- a/checkin_notes +++ b/checkin_notes @@ -24646,3 +24646,20 @@ David 12 Feb 2005 client/ http.C + +David 12 Feb 2005 + - added functions in PHP code to get data from GET and POST, + and do various safety checking on it. + These functions should be used exclusively; + $_GET and $_POST should not be accessed directly + - moved some stuff out of html/inc/util.inc + + html/ + inc/ + db_ops.inc + gallery.inc + prefs.inc + profile.inc + util.inc + user/ + various (didn't finish) diff --git a/html/inc/db_ops.inc b/html/inc/db_ops.inc index b46145cdb3..f81133a034 100644 --- a/html/inc/db_ops.inc +++ b/html/inc/db_ops.inc @@ -3,59 +3,87 @@ $cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit define("NVALIDATE_STATES", 6); +// Converts a mysql-Timestamp to a user readable format +// @return String A user readable DateTime-String in UTC +// @param Integer $x The mysql-Timestamp to convert +function mysqltime_str($x) { + if(strpos($x,"-")==4) { + // Syntax of supplied mysql-timestamp is YYYY-MM-DD HH:MM:SS + $year = substr($x,0,4); + $month = substr($x,5,2); + $day = substr($x,8,2); + $hour = substr($x,11,2); + $minute = substr($x,14,2); + $second = substr($x,17,2); + } else { + // Syntax of supplied mysql-timestamp is YYYYMMDDHHMMSS + $year = substr($x,0,4); + $month = substr($x,4,2); + $day = substr($x,6,2); + $hour = substr($x,8,2); + $minute = substr($x,10,2); + $second = substr($x,12,2); + + } + //make a Unix-Timestamp + // echo "Time string is " . "$x"; + $time = mktime($hour,$minute,$second,$month,$day,$year); + return time_str($time); +} + // Function prints a description of $table // function print_describe_table_onecol($table, $which, $columns) { - $result=mysql_query("SELECT * from $table LIMIT 1"); - $fields=mysql_num_fields($result); - - $avgnum=(int)($fields/$columns); - if ($avgnum*$columns<$fields) { - $avgnum++; - } + $result=mysql_query("SELECT * from $table LIMIT 1"); + $fields=mysql_num_fields($result); - $actualcolumns=0; - while ($avgnum*$actualcolumns<$fields) { - $actualcolumns++; - } - - if ($which>$actualcolumns) { - return 0; - } - - $bot=($which-1)*$avgnum; - $top=$which*$avgnum; - - $width=100.0/$actualcolumns; - - // echo "\n"; - echo ""; - return 0; + + $actualcolumns=0; + while ($avgnum*$actualcolumns<$fields) { + $actualcolumns++; + } + + if ($which>$actualcolumns) { + return 0; + } + + $bot=($which-1)*$avgnum; + $top=$which*$avgnum; + + $width=100.0/$actualcolumns; + + // echo "
\n"; - echo "\n"; - for ($count=$bot; $count<$top; $count++) { - if ($count<$fields) { - $name= mysql_field_name($result, $count); - $type= mysql_field_type($result, $count); - $length=mysql_field_len($result, $count); - } else { - $name="
"; - $type="
"; - $length="
"; + $avgnum=(int)($fields/$columns); + if ($avgnum*$columns<$fields) { + $avgnum++; } - echo "\t\n"; - } - echo "
NAMETypeBytes
$name$type$length
\n"; + echo ""; + return 0; } function print_describe_table($table, $how_many_columns) { - // Number of columns for showing table description - echo "

Description of $table table fields:

\n"; - echo "
\n"; + echo "\n"; + for ($count=$bot; $count<$top; $count++) { + if ($count<$fields) { + $name= mysql_field_name($result, $count); + $type= mysql_field_type($result, $count); + $length=mysql_field_len($result, $count); + } else { + $name="
"; + $type="
"; + $length="
"; + } + echo "\t\n"; + } + echo "
NAMETypeBytes
$name$type$length
\n\t"; - for ($i=1; $i<=$how_many_columns; $i++) { - print_describe_table_onecol($table, $i, $how_many_columns); - } - echo "\t\n
\n"; - return 0; + // Number of columns for showing table description + echo "

Description of $table table fields:

\n"; + echo "\n\t"; + for ($i=1; $i<=$how_many_columns; $i++) { + print_describe_table_onecol($table, $i, $how_many_columns); + } + echo "\t\n
\n"; + return 0; } function print_detail_field() { diff --git a/html/inc/gallery.inc b/html/inc/gallery.inc index 2463d1dc07..cceb304289 100644 --- a/html/inc/gallery.inc +++ b/html/inc/gallery.inc @@ -9,6 +9,45 @@ require_once("../inc/uotd.inc"); $alphabet = array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9'); +// Generates a standard set of links between associated multi-page documents. +// All linked files must be of the form "$filename_.html". + +function write_page_links($filename, $currPageNum, $numPages) { + echo "

Page $currPageNum of $numPages

"; + + $nextPageNum = $currPageNum + 1; + $prevPageNum = $currPageNum - 1; + + // Make the 'previous' and 'next' page links as appropriate. + if ($currPageNum > 1) { + echo "Previous Page"; + + if ($currPageNum != $numPages) { + echo " | "; + } + } + if ($currPageNum != $numPages) { + //fwrite($descriptor, "Next Page"); + echo "Next Page"; + } + + //fwrite($descriptor, "

Jump to Page:\n"); + echo "

Jump to Page:\n"; + + // Make the individual page links (or a bold non-link for the current page). + // + for ($i = 1; $i <= $numPages; $i++) { + if ($i != $currPageNum) { + //fwrite($descriptor, "$i\n"); + echo "$i\n"; + } else { + //fwrite($descriptor, "$i\n"); + echo "$i\n"; + } + } + +} + // Generates the html files which comprise the photo gallery. // $room: which gallery to generate (user, computer). // $width: the width of the table of images. diff --git a/html/inc/prefs.inc b/html/inc/prefs.inc index 380a79fc1a..7637913590 100644 --- a/html/inc/prefs.inc +++ b/html/inc/prefs.inc @@ -97,6 +97,19 @@ global $top_parse_result; global $in_project_specific; global $venue_name; +function check_venue($x) { + if ($x == "home") return; + if ($x == "work") return; + if ($x == "school") return; + error_page("bad venue: $x"); +} + +function check_subset($x) { + if ($x == "global") return; + if ($x == "project") return; + error_page("bad subset: $x"); +} + // functions to convert between max_bytes_sec_* as stored in the // database and max_bytes_sec_* as displayed/entered on the web // pages. Currently max_bytes_sec_* is stored in bytes and diff --git a/html/inc/profile.inc b/html/inc/profile.inc index b7be29638e..47048f954e 100644 --- a/html/inc/profile.inc +++ b/html/inc/profile.inc @@ -18,6 +18,32 @@ define('MAX_DESC_LENGTH', 90); define('GALLERY_WIDTH', 7); define('GALLERY_HEIGHT', 4); +// output a select form item with the given name, +// from a list of newline-delineated items from the text file. +// If $selection is provided, and if it matches one of the entries in the file, +// it will be selected by default. +// +function show_combo_box($name, $filename, $selection=null) { + if (!file_exists($filename)) { + echo "ERROR: $filename does not exist! Cannot create combo box.
"; + exit(); + } + echo "\n"; + fclose($file); +} + function get_profile($userid) { $result = mysql_query("SELECT * FROM profile WHERE userid = $userid"); if (!$result) { diff --git a/html/inc/util.inc b/html/inc/util.inc index 1be17d9986..94ab054f82 100644 --- a/html/inc/util.inc +++ b/html/inc/util.inc @@ -65,6 +65,7 @@ function get_logged_in_user($must_be_logged_in=true) { if (!$authenticator) { $authenticator = $_COOKIE['auth']; } + $authenticator = process_user_text($authenticator); $user = get_user_from_auth($authenticator); if ($must_be_logged_in) { require_login($user); @@ -81,32 +82,6 @@ function show_login($user) { } } -// output a select form item with the given name, -// from a list of newline-delineated items from the text file. -// If $selection is provided, and if it matches one of the entries in the file, -// it will be selected by default. -// -function show_combo_box($name, $filename, $selection=null) { - if (!file_exists($filename)) { - echo "ERROR: $filename does not exist! Cannot create combo box.
"; - exit(); - } - echo "\n"; - fclose($file); -} - function page_head($title, $java_onload="") { $styleSheet = URL_BASE . STYLESHEET; $rssname = PROJECT . " RSS 2.0"; @@ -201,36 +176,6 @@ function time_str($x) { function pretty_time_str($x) { return time_str($x); } -// Converts a mysql-Timestamp to a user readable format -// @return String A user readable DateTime-String in UTC -// @param Integer $x The mysql-Timestamp to convert -function mysqltime_str($x) { - if(strpos($x,"-")==4) - { - // Syntax of supplied mysql-timestamp is YYYY-MM-DD HH:MM:SS - $year = substr($x,0,4); - $month = substr($x,5,2); - $day = substr($x,8,2); - $hour = substr($x,11,2); - $minute = substr($x,14,2); - $second = substr($x,17,2); - } - else - { - // Syntax of supplied mysql-timestamp is YYYYMMDDHHMMSS - $year = substr($x,0,4); - $month = substr($x,4,2); - $day = substr($x,6,2); - $hour = substr($x,8,2); - $minute = substr($x,10,2); - $second = substr($x,12,2); - - } - //make a Unix-Timestamp - // echo "Time string is " . "$x"; - $time = mktime($hour,$minute,$second,$month,$day,$year); - return time_str($time); -} function start_table($extra="width=100%") { echo ""; } @@ -387,45 +332,6 @@ function no_cache() { header ("Pragma: no-cache"); // HTTP/1.0 } -// Generates a standard set of links between associated multi-page documents. -// All linked files must be of the form "$filename_.html". - -function write_page_links($filename, $currPageNum, $numPages) { - echo "

Page $currPageNum of $numPages

"; - - $nextPageNum = $currPageNum + 1; - $prevPageNum = $currPageNum - 1; - - // Make the 'previous' and 'next' page links as appropriate. - if ($currPageNum > 1) { - echo "Previous Page"; - - if ($currPageNum != $numPages) { - echo " | "; - } - } - if ($currPageNum != $numPages) { - //fwrite($descriptor, "Next Page"); - echo "Next Page"; - } - - //fwrite($descriptor, "

Jump to Page:\n"); - echo "

Jump to Page:\n"; - - // Make the individual page links (or a bold non-link for the current page). - // - for ($i = 1; $i <= $numPages; $i++) { - if ($i != $currPageNum) { - //fwrite($descriptor, "$i\n"); - echo "$i\n"; - } else { - //fwrite($descriptor, "$i\n"); - echo "$i\n"; - } - } - -} - // Generates a legal filename from a parameter string. function get_legal_filename($name) { @@ -504,4 +410,44 @@ function html_info() { return "
You may use HTML tags\n"; } +function get_int($name, $optional=false) { + $x = $_GET[$name]; + if (!is_numeric($x)) { + if ($optional) { + return null; + } else { + error_page("missing or bad parameter: $name $x"); + } + } + return (int)$x; +} + +function post_int($name, $optional=false) { + $x = $_POST[$name]; + if (!is_numeric($x)) { + if ($optional) { + return null; + } else { + error_page("missing or bad parameter: $name $x"); + } + } + return (int)$x; +} + +function get_str($name, $optional=false) { + $x = $_GET[$name]; + if (!$x && !optional) { + error_page("missing or bad parameter: $name"); + } + return $x; +} + +function post_str($name, $optional=false) { + $x = $_POST[$name]; + if (!$x && !optional) { + error_page("missing or bad parameter: $name"); + } + return $x; +} + ?> diff --git a/html/user/add_venue_action.php b/html/user/add_venue_action.php index 6df094fbb5..460c5def03 100644 --- a/html/user/add_venue_action.php +++ b/html/user/add_venue_action.php @@ -7,8 +7,10 @@ $user = get_logged_in_user(); - $venue = $_GET["venue"]; - $subset = $_GET["subset"]; + $venue = get_str("venue"); + check_venue($venue); + $subset = get_str("subset"); + check_subset($subset); if ($subset == "global") { $prefs = prefs_parse_global($user->global_prefs); diff --git a/html/user/add_venue_form.php b/html/user/add_venue_form.php index 819df6e58b..af6de7283d 100644 --- a/html/user/add_venue_form.php +++ b/html/user/add_venue_form.php @@ -7,8 +7,10 @@ $user = get_logged_in_user(); - $venue = $_GET["venue"]; - $subset = $_GET["subset"]; + $venue = get_str("venue"); + check_venue($venue); + $subset = get_str("subset"); + check_subset($subset); $x = subset_name($subset); page_head("Add $x preferences for $venue"); diff --git a/html/user/confirm_email_change.php b/html/user/confirm_email_change.php index 30b8f9a980..5011fd250b 100644 --- a/html/user/confirm_email_change.php +++ b/html/user/confirm_email_change.php @@ -6,8 +6,8 @@ db_init(); - $id = $_GET["id"]; - $str = $_GET["str"]; + $id = get_int("id"); + $str = process_user_text(get_str("str")); $user = null; $result = mysql_query("select * from user where id=$id"); diff --git a/html/user/create_account_action.php b/html/user/create_account_action.php index bb826e154d..061bdf21c3 100644 --- a/html/user/create_account_action.php +++ b/html/user/create_account_action.php @@ -27,7 +27,7 @@ function show_error($str) { init_session(); db_init(); - $teamid = $_POST["teamid"]; + $teamid = post_int("teamid"); if ($teamid) { $team = lookup_team($teamid); $clone_user = lookup_user_id($team->userid); diff --git a/html/user/create_account_form.php b/html/user/create_account_form.php index 77e520b0e1..aaa6c11e93 100644 --- a/html/user/create_account_form.php +++ b/html/user/create_account_form.php @@ -28,7 +28,7 @@ echo "
"; -$teamid = $_GET['teamid']; +$teamid = get_int("teamid", true); if ($teamid) { $team = lookup_team($teamid); $user = lookup_user_id($team->userid); diff --git a/html/user/debug.php b/html/user/debug.php index cde6baec0c..60773e1655 100644 --- a/html/user/debug.php +++ b/html/user/debug.php @@ -3,11 +3,11 @@ require_once("../inc/db.inc"); require_once("../inc/util.inc"); - init_session(); +init_session(); - page_head("Download debugging files"); +page_head("Download debugging files"); - echo " +echo "

Download debugging files

Windows users: @@ -38,7 +38,7 @@ require_once("../inc/util.inc"); Thanks for helping make BOINC a better product.

- "; +"; page_tail(); ?> diff --git a/html/user/download.php b/html/user/download.php index 83131e877e..4a365bb8b0 100644 --- a/html/user/download.php +++ b/html/user/download.php @@ -9,40 +9,40 @@ require_once("../inc/db.inc"); require_once("../inc/download.inc"); - db_init(); +db_init(); - page_head("Download BOINC software"); - echo " - - First-time ".PROJECT." participants: -
Don't download BOINC software now. - Create an account first. - -

- "; - print_download_links(); - echo " -

- Instructions for installing and running BOINC are - here. -

- If your computer is not one of the above types, - you can -

-

- BOINC can be customized for - languages other than English -

- - BOINC - is distributed computing software - developed at the University of California by - the SETI@home project. - - "; - page_tail(); +page_head("Download BOINC software"); +echo " + + First-time ".PROJECT." participants: +
Don't download BOINC software now. + Create an account first. + +

+"; +print_download_links(); +echo " +

+ Instructions for installing and running BOINC are + here. +

+ If your computer is not one of the above types, + you can +

+

+ BOINC can be customized for + languages other than English +

+ + BOINC + is distributed computing software + developed at the University of California by + the SETI@home project. + +"; +page_tail(); end_cache(DOWNLOAD_PAGE_TTL); ?> diff --git a/html/user/edit_email_action.php b/html/user/edit_email_action.php index 1d0a58aa34..320dcf7977 100644 --- a/html/user/edit_email_action.php +++ b/html/user/edit_email_action.php @@ -1,9 +1,9 @@ id&str=$key" - ); // Changed from (URL_BASE || MASTER_URL) + ); } db_init(); $user = get_logged_in_user(); - $email_addr = trim(strtolower($HTTP_POST_VARS["email_addr"])); + $email_addr = process_user_text(post_str("email_addr")); page_head("Edit email address"); if ($email_addr == "Verification pending") { diff --git a/html/user/edit_user_info_action.php b/html/user/edit_user_info_action.php index 9a06728f4a..278c05e56d 100644 --- a/html/user/edit_user_info_action.php +++ b/html/user/edit_user_info_action.php @@ -1,28 +1,29 @@ id"); - if ($result) { - Header("Location: home.php"); - } else { - page_head("User info update"); - echo "Couldn't update user info."; - page_tail(); - } +$name = process_user_text(post_str("user_name")); +$url = process_user_text(post_str("url")); +$country = post_str("country"); +if (!is_valid_country($country)) { + echo "bad country"; + exit(); +} +$postal_code = process_user_text(post_str("postal_code")); + +$result = mysql_query("update user set name='$name', url='$url', country='$country', postal_code='$postal_code' where id=$user->id"); +if ($result) { + Header("Location: home.php"); +} else { + page_head("User info update"); + echo "Couldn't update user info."; + page_tail(); +} ?> diff --git a/html/user/explanation.php b/html/user/explanation.php deleted file mode 100644 index f9198d33e5..0000000000 --- a/html/user/explanation.php +++ /dev/null @@ -1,27 +0,0 @@ - - - -User Profile Voting Information - -

-"); - rowify("If you really like a profile, hit the \"recommend\" button. The " . PROJECT . " team reviews recommended profiles for various purposes."); -} else { - - row1("Voting to Reject a Profile"); - rowify("
"); - rowify("If you find a profile offensive, please click \"vote to reject\". This flags the profile for review by " . PROJECT . " staff."); -} - -end_table(); -?> - - - diff --git a/html/user/forum_edit.php b/html/user/forum_edit.php index 6ef7a77755..36d8c2122f 100644 --- a/html/user/forum_edit.php +++ b/html/user/forum_edit.php @@ -9,14 +9,7 @@ $logged_in_user = get_logged_in_user(); if ($_POST['submit']) { - - if (empty($_GET['id'])) { - // TODO: Standard error page - echo "Invalid post ID.
"; - exit(); - } - - $post = getPost($_GET['id']); + $post = getPost(get_int("id")); $thread = getThread($post->thread); if (time() > $post->timestamp + MAXIMUM_EDIT_TIME){ @@ -41,20 +34,14 @@ if ($_POST['submit']) { page_head('Forum'); -if (!empty($_GET['id'])) { - $post = getPost($_GET['id']); - $thread = getThread($post->thread); - $forum = getForum($thread->forum); - $category = getCategory($forum->category); -} else { - // TODO: Standard error page - echo "No post was specified.
"; - exit(); -} - if (time() > $post->timestamp + MAXIMUM_EDIT_TIME){ +$post = getPost(get_int("id")); +$thread = getThread($post->thread); +$forum = getForum($thread->forum); +$category = getCategory($forum->category); +if (time() > $post->timestamp + MAXIMUM_EDIT_TIME){ echo "You can no longer edit this post.
Posts can only be edited at most ".(MAXIMUM_EDIT_TIME/60)." minutes after they have been created."; exit(); - } +} if ($logged_in_user->id != $post->user) { // Can't edit other's posts. diff --git a/html/user/forum_forum.php b/html/user/forum_forum.php index 8273ff150b..a9c4561b5f 100644 --- a/html/user/forum_forum.php +++ b/html/user/forum_forum.php @@ -7,28 +7,17 @@ require_once('../inc/forum_show.inc'); db_init(); -if (empty($_GET['id'])) { - // TODO: Standard error page - echo "Invalid forum ID.
"; - exit(); -} +$id = get_int("id"); +$sort_style = get_str("sort", true); +$start = get_int("start", true); +if (!$start) $start = 0; -$_GET['id'] = stripslashes(strip_tags($_GET['id'])); -$_GET['sort'] = stripslashes(strip_tags($_GET['sort'])); - -if (!array_key_exists('start', $_GET) || $_GET['start'] < 0) { - $start = 0; -} else { - $start = $_GET['start']; -} - -$forum = getForum($_GET['id']); +$forum = getForum($id); $category = getCategory($forum->category); $logged_in_user = get_logged_in_user(false); $logged_in_user = getForumPreferences($logged_in_user); if ($category->is_helpdesk) { - $sort_style = $_GET['sort']; if (!$sort_style) { $sort_style = getSortStyle($logged_in_user,"faq"); } else { @@ -37,13 +26,10 @@ if ($category->is_helpdesk) { if (!$sort_style) $sort_style = 'activity'; page_head('Help Desk'); } else { - $sort_style = $_GET['sort']; if (!$sort_style) { $sort_style = getSortStyle($logged_in_user,"forum"); - //$sort_style = $_COOKIE['forum_sort_style']; } else { - setSortStyle($logged_in_user, "forum",$sort_style); - //setcookie('forum_sort_style', $sort_style, time()+3600*24*365); + setSortStyle($logged_in_user, "forum",$sort_style); } if (!$sort_style) $sort_style = 'modified-new'; page_head('Message boards : '.$forum->title); @@ -59,7 +45,7 @@ echo " show_forum_title($forum, NULL, $category->is_helpdesk); -echo "

\n"; +echo "

\n"; if ($category->is_helpdesk) { echo "Submit a question or problem"; @@ -82,5 +68,4 @@ show_forum($category, $forum, $start, $sort_style, $logged_in_user); page_tail(); - ?> diff --git a/html/user/forum_rate.php b/html/user/forum_rate.php index 25d4990b74..0e9161b1f4 100644 --- a/html/user/forum_rate.php +++ b/html/user/forum_rate.php @@ -27,55 +27,55 @@ if (!empty($_GET['post'])) { $user = get_logged_in_user(true); $user = getForumPreferences($user); - if (getHasRated($user,$postId)){ - echo "You have already rated this post."; + if (getHasRated($user,$postId)) { + echo "You have already rated this post."; } else { $result = mysql_query("SELECT * FROM post WHERE id = $postId"); - if ($result) { - if (mysql_num_rows($result) > 0) { - $post = mysql_fetch_object($result); + if ($result) { + if (mysql_num_rows($result) > 0) { + $post = mysql_fetch_object($result); - if ($choice == NULL || $choice == SOLUTION || $choice == OFF_TOPIC || $choice=="p" || $choice=="n") { - $points = $post->votes * $post->score; - $votes = $post->votes + 1; - $score = ($points + $rating) / $votes; + if ($choice == NULL || $choice == SOLUTION || $choice == OFF_TOPIC || $choice=="p" || $choice=="n") { + $points = $post->votes * $post->score; + $votes = $post->votes + 1; + $score = ($points + $rating) / $votes; - $result2 = mysql_query("UPDATE post SET votes = $votes, score = $score WHERE id = $postId"); - } else if ($choice == SUFFERER) { - $sql = "UPDATE thread SET sufferers = sufferers + 1 WHERE id = " . $post->thread; - $result2 = mysql_query($sql); - } + $result2 = mysql_query("UPDATE post SET votes = $votes, score = $score WHERE id = $postId"); + } else if ($choice == SUFFERER) { + $sql = "UPDATE thread SET sufferers = sufferers + 1 WHERE id = " . $post->thread; + $result2 = mysql_query($sql); + } - if ($result2) { - show_result_page(true, $post, $choice); - setHasRated($user,$postId); - } else { - show_result_page(false, $post, $choice); - } - } else { + if ($result2) { + show_result_page(true, $post, $choice); + setHasRated($user,$postId); + } else { + show_result_page(false, $post, $choice); + } + } else { + show_result_page(false, NULL, $choice); + } + } else { show_result_page(false, NULL, $choice); - } - } else { - show_result_page(false, NULL, $choice); - } + } } } function show_result_page($success, $post, $choice) { $logged_in_user = get_logged_in_user(false); - if ($success) { - if ($choice) { - page_head('Input Recorded'); - echo "

Your input has been successfully recorded. Thank you for your help.

"; - } else { - page_head('Vote Registered'); + if ($success) { + if ($choice) { + page_head('Input Recorded'); + echo "

Your input has been successfully recorded. Thank you for your help.

"; + } else { + page_head('Vote Registered'); echo "Vote Registered"; echo "

Your rating has been successfully recorded. Thank you for your input.

"; - } - echo "thread, "#", $post->id, "\">Return to thread"; + } + echo "thread, "#", $post->id, "\">Return to thread"; } else { - page_head('Vote Submission Problem'); + page_head('Vote Submission Problem'); echo "Vote submission failed"; if ($post) { echo "

There was a problem recording your vote in our database. Please try again later.

"; diff --git a/html/user/forum_reply.php b/html/user/forum_reply.php index 1f6f02f096..dae046f6cc 100644 --- a/html/user/forum_reply.php +++ b/html/user/forum_reply.php @@ -14,16 +14,15 @@ if (!empty($_GET['thread']) && !empty($_POST['content'])) { $_GET['thread'] = stripslashes($_GET['thread']); if (!empty($_GET['post'])) { - $parent_post = $_GET['post']; + $parent_post = $_GET['post']; } else { - $parent_post = NULL; + $parent_post = NULL; } if ($_POST['add_signature']=="add_it"){ - //$forum_signature = "\n".$logged_in_user->signature; //Old style: concatenate signature - $add_signature=true; // New style: set a flag and concatenate later + $add_signature=true; // set a flag and concatenate later } else { - $add_signature=false; + $add_signature=false; } replyToThread($_GET['thread'], $logged_in_user->id, $_POST['content'], $parent_post, $add_signature); @@ -33,9 +32,9 @@ if (!empty($_GET['thread']) && !empty($_POST['content'])) { if (empty($_GET['thread'])) { - // TODO: Standard error page. - echo "No thread ID specified.
"; - exit(); + // TODO: Standard error page. + echo "No thread ID specified.
"; + exit(); } if (!empty($_GET['post'])) { @@ -50,9 +49,9 @@ $helpdesk = $category->is_helpdesk; // TODO: Write a function for this. if ($helpdesk) { - page_head('Questions and problems'); + page_head('Questions and problems'); } else { - page_head('Message boards'); + page_head('Message boards'); } show_forum_title($forum, $thread, $helpdesk); @@ -102,12 +101,12 @@ function show_message_row($thread, $category, $post=NULL) { if ($post) echo quote_text(stripslashes($post->content), 80); if ($logged_in_user->no_signature_by_default==0){$enable_signature="checked=\"true\"";} else {$enable_signature="";} echo "

- +     Add my signature to this reply - "; + "; echo "\n"; } diff --git a/html/user/forum_sample_index.php b/html/user/forum_sample_index.php index 8a3601b1e7..177c117134 100644 --- a/html/user/forum_sample_index.php +++ b/html/user/forum_sample_index.php @@ -34,10 +34,10 @@ function show_category($category) { } function show_forums() { - $categories = getCategories(); - while ($category = mysql_fetch_object($categories)) { + $categories = getCategories(); + while ($category = mysql_fetch_object($categories)) { show_category($category); - } + } } start_forum_table(array("Topic", "Threads", "Posts", "Last post")); diff --git a/html/user/show_user.php b/html/user/show_user.php index eb2a0e4e66..9f1a7ee1fe 100644 --- a/html/user/show_user.php +++ b/html/user/show_user.php @@ -2,10 +2,10 @@ require_once("../inc/cache.inc"); require_once("../inc/util.inc"); - $id = $_GET["userid"]; - $format = $_GET["format"]; + $id = get_int("userid"); + $format = get_str("format", true); $cache_args = "userid=$id"; - if ($format) { + if ($format=="xml") { $cache_args .= "&format=xml"; } start_cache(USER_PAGE_TTL, $cache_args);