From 8c31377933232ca4cf4495dde1537e2ccc19231d Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Wed, 19 May 2004 21:17:47 +0000 Subject: [PATCH] Allow logged in users to see their private articles and STRs. Allow logged in users to modify their articles (sets is_published to 0). Send article notification emails to admin address. Fix LOGIN_foo globals in auth.php (didn't declare as global everywhere) Tweek background colors for softer appearance. Add PHP_URL global for full URL to pages. Fix notification emails to use the full URL. --- www/articles.php | 222 ++++++++++++++++++++++++++++++++--------- www/index.php | 17 ++-- www/phplib/auth.php | 14 ++- www/phplib/common.php | 70 +++++++------ www/phplib/globals.php | 12 ++- www/str.php | 45 +++++---- www/style.css | 6 +- 7 files changed, 271 insertions(+), 115 deletions(-) diff --git a/www/articles.php b/www/articles.php index fefc14d..8ec3c8f 100644 --- a/www/articles.php +++ b/www/articles.php @@ -1,9 +1,13 @@ You don't have permission to use command '$op'!\n"); @@ -64,6 +96,35 @@ if ($argc) exit(); } + if (($op == 'D' || $op == 'M') && $LOGIN_LEVEL < AUTH_DEVEL) + { + $result = db_query("SELECT * FROM article WHERE id = $id"); + if (db_count($result) != 1) + { + db_free($result); + + html_header("Article Error"); + print("

Article #$id does not exist!\n"); + html_footer(); + exit(); + } + + $row = db_next($result); + + if ($row['create_user'] != $LOGIN_USER && + $row['create_user'] != $LOGIN_EMAIL) + { + db_free($result); + + html_header("Article Error"); + print("

You don't have permission to use command '$op'!\n"); + html_footer(); + exit(); + } + + db_free($result); + } + if ($op == 'N' && $id) { html_header("Article Error"); @@ -183,7 +244,7 @@ switch ($op) ."

\n"); if (!$row['is_published']) - print("\n"); $temp = htmlspecialchars($row["title"]); @@ -215,17 +276,22 @@ switch ($op) exit(); } - $row = db_next($result); - $title = htmlspecialchars($row['title']); - $contents = format_text($row['contents']); - $date = date("H:i M d, Y", $row['modify_date']); + $row = db_next($result); + $title = htmlspecialchars($row['title']); + $abstract = htmlspecialchars($row['abstract']); + $contents = format_text($row['contents']); + $create_user = sanitize_email($row['create_user']); + $date = date("H:i M d, Y", $row['modify_date']); html_header("Article #$id: $title"); html_start_links(1); html_link("Return to Articles", "$PHP_SELF?L$options"); html_link("Show Comments", "#_USER_COMMENTS"); - if ($LOGIN_LEVEL >= AUTH_DEVEL) + html_link("Submit Comment", "comment.php?r0+particles.php_L$id"); + + if ($LOGIN_LEVEL >= AUTH_DEVEL || + $row['create_user'] == $LOGIN_USER) { html_link("Modify Article", "$PHP_SELF?M$id$options"); html_link("Delete Article", "$PHP_SELF?D$id$options"); @@ -233,21 +299,23 @@ switch ($op) html_end_links(); if (!$row['is_published']) - print("

This Article is currently hidden from " - ."public view.

\n"); + print("

This article is currently hidden from " + ."public view.

\n"); print("

Article #$id: $title

\n" - ."

$date

\n" - ."$contents\n"); + ."

$date by $create_user
$abstract

\n" + ."
\n" + ."$contents\n" + ."
\n" + ."

Comments

\n"); - db_free($result); - - print("
\n" - ."

Comments " - ."[ " - ."Add Comment ]

\n"); + html_start_links(); + html_link("Submit Comment", "comment.php?r0+particles.php_L$id"); + html_end_links(); show_comments("articles.php_L$id"); + + db_free($result); } else { @@ -271,7 +339,8 @@ switch ($op) if ($LOGIN_LEVEL < AUTH_DEVEL) { - $query .= "${prefix}is_published = 1"; + $query .= "${prefix}(is_published = 1 OR create_user = '" + . db_escape($LOGIN_USER) . "')"; $prefix = " AND "; } @@ -451,6 +520,9 @@ switch ($op) print("\n"); print("
This Article is " + print("
This article is " ."currently hidden from public view.

\n"); } + + print("

private = hidden from public view

\n"); } html_footer(); @@ -459,7 +531,9 @@ switch ($op) case 'M' : // Modify Article if ($REQUEST_METHOD == "POST") { - if (array_key_exists("IS_PUBLISHED", $_POST)) + if ($LOGIN_LEVEL < AUTH_DEVEL) + $is_published = 0; + else if (array_key_exists("IS_PUBLISHED", $_POST)) $is_published = (int)$_POST["IS_PUBLISHED"]; else $is_published = 0; @@ -523,6 +597,9 @@ switch ($op) ."modify_user = '$LOGIN_USER' " ."WHERE id = $id"); + if (!$is_published) + notify_users($id, "modified"); + header("Location: $PHP_SELF?L$id$options"); } else @@ -536,31 +613,69 @@ switch ($op) print("

Modify Article #$id

\n"); + if ($REQUEST_METHOD == "POST") + { + print("

Error: Please fill in the fields marked in " + ."bold red below and resubmit " + ."your article.

\n"); + + $hstart = ""; + $hend = ""; + } + else + { + $hstart = ""; + $hend = ""; + } + print("
" ."

\n"); - print("\n"); + if ($LOGIN_LEVEL >= AUTH_DEVEL) + { + print("\n"); + } + else + print("\n"); - $temp = htmlspecialchars($title, ENT_QUOTES); - print("" - ."\n"); + $title = htmlspecialchars($title, ENT_QUOTES); - $temp = htmlspecialchars($abstract, ENT_QUOTES); - print("" - ."\n"); + if ($title == "") + print(""); + else + print(""); + print("\n"); - $temp = htmlspecialchars($contents, ENT_QUOTES); - print("" - ."\n"); + ."$contents\n" + ."

The contents of the article may contain the following " + ."HTML elements: A, B, BLOCKQUOTE, " + ."CODE, EM, H1, H2, " + ."H3, H4, H5, H6, I, " + ."IMG, LI, OL, P, PRE, " + ."TT, U, UL

\n"); print("\n"); + ."\n"); print("
Published:"); - select_is_published($is_published); - print("
Published:"); + select_is_published($is_published); + print("
Title:
Abstract:
${hstart}Title:${hend}
Title:
Contents:
" - ."

\n"); html_footer(); @@ -592,13 +707,16 @@ switch ($op) else $contents = ""; - if (array_key_exists("CREATE_USER", $_POST)) + if ($LOGIN_USER != "" && $LOGIN_LEVEL < AUTH_DEVEL) + $create_user = $LOGIN_USER; + else if (array_key_exists("CREATE_USER", $_POST)) $create_user = $_POST["CREATE_USER"]; else $create_user = ""; if (($is_published == 0 || $LOGIN_LEVEL >= AUTH_DEVEL) && - $title != "" && $abstract != "" && $contents != "") + $title != "" && $abstract != "" && $contents != "" && + $create_user != "") $havedata = 1; else $havedata = 0; @@ -610,7 +728,9 @@ switch ($op) $abstract = ""; $contents = ""; - if (array_key_exists("FROM", $_COOKIE)) + if ($LOGIN_USER != "") + $create_user = $LOGIN_USER; + else if (array_key_exists("FROM", $_COOKIE)) $create_user = $_COOKIE["FROM"]; else $create_user = ""; @@ -632,6 +752,9 @@ switch ($op) $id = db_insert_id(); + if (!$is_published) + notify_users($id); + header("Location: $PHP_SELF?L$id$options"); break; } @@ -656,10 +779,10 @@ switch ($op) else { print("

Please use this form to post announcements, how-to's, " - ."examples, and case studies showing how you use $PROJECT. " + ."examples, and case studies showing how you use $PROJECT_NAME. " ."We will proofread your article, and if we determine it is " ."appropriate for the site, we will make the article public " - ."on the site. Thank you for supporting $PROJECT!

\n" + ."on the site. Thank you for supporting $PROJECT_NAME!

\n" ."
\n"); $hstart = ""; @@ -685,7 +808,7 @@ switch ($op) else print("Title:"); print("\n"); + ."size='80' value='$title'/>\n"); $abstract = htmlspecialchars($abstract, ENT_QUOTES); @@ -694,7 +817,7 @@ switch ($op) else print("Abstract:"); print("\n"); + ."size='80' value='$abstract'/>\n"); $create_user = htmlspecialchars($create_user, ENT_QUOTES); @@ -702,8 +825,13 @@ switch ($op) print("${hstart}Author:${hend}"); else print("Author:"); - print("\n"); + + if ($LOGIN_USER != "" && $LOGIN_LEVEL < AUTH_DEVEL) + print("$create_user\n"); + else + print("\n"); $contents = htmlspecialchars($contents, ENT_QUOTES); @@ -722,7 +850,7 @@ switch ($op) ."TT, U, UL

\n"); print("" - ."\n"); + ."\n"); print("

\n"); html_footer(); @@ -731,6 +859,6 @@ switch ($op) // -// End of "$Id: articles.php,v 1.9 2004/05/19 16:34:54 mike Exp $". +// End of "$Id: articles.php,v 1.10 2004/05/19 21:17:47 mike Exp $". // ?> diff --git a/www/index.php b/www/index.php index 5702475..b6eb8ab 100644 --- a/www/index.php +++ b/www/index.php @@ -1,6 +1,6 @@ $title\n" - ."

$date, $count
$abstract [ " + ."

$date by $create_user, $count
$abstract [ " ."Read ]

\n"); } } @@ -87,6 +88,6 @@ print("\n" html_footer(); // -// End of "$Id: index.php,v 1.3 2004/05/19 14:02:38 mike Exp $". +// End of "$Id: index.php,v 1.4 2004/05/19 21:17:47 mike Exp $". // ?> diff --git a/www/phplib/auth.php b/www/phplib/auth.php index 3ec2e14..7bc5296 100644 --- a/www/phplib/auth.php +++ b/www/phplib/auth.php @@ -1,6 +1,6 @@ diff --git a/www/phplib/common.php b/www/phplib/common.php index 842d850..2d0805f 100644 --- a/www/phplib/common.php +++ b/www/phplib/common.php @@ -1,6 +1,6 @@ 0 AND parent_id = $parent_id " + ."AND parent_id = $parent_id " ."ORDER BY id"); - $num_comments = db_count($result); + $num_comments = 0; while ($row = db_next($result)) + { + if ($row["status"] > 0) + $num_comments ++; + $num_comments += count_comments($url, $row['id']); + } db_free($result); @@ -577,7 +582,7 @@ show_comments($url, // I - URL for comment $result = db_query("SELECT * FROM comment WHERE " ."url = '" . db_escape($url) ."' " - ."AND status > 0 AND parent_id = $parent_id " + ."AND parent_id = $parent_id " ."ORDER BY id"); if (array_key_exists("MODPOINTS", $_COOKIE)) @@ -593,42 +598,49 @@ show_comments($url, // I - URL for comment $safeurl = urlencode($url); $num_comments = 0; + $div = 0; while ($row = db_next($result)) { - if ($heading > 3 && $num_comments == 0) - print("
\n"); - - $num_comments ++; - - $create_date = date("H:i M d, Y", $row['create_date']); - $create_user = sanitize_email($row['create_user']); - $contents = format_text($row['contents']); - - print("From " - ."$create_user, $create_date (score=$row[status])\n" - ."$contents\n"); - - html_start_links(); - html_link("Reply", "${path}comment.php?r$row[id]+p$safeurl"); - - if ($modpoints > 0) + if ($row["status"] > 0) { - if ($row['status'] > 0) - html_link("Moderate Down", "${path}comment.php?md$row[id]+p$safeurl"); + if ($heading > 3 && !$div) + { + print("
\n"); + $div = 1; + } - if ($row['status'] < 5) - html_link("Moderate Up", "${path}comment.php?mu$row[id]+p$safeurl"); + $num_comments ++; + + $create_date = date("H:i M d, Y", $row['create_date']); + $create_user = sanitize_email($row['create_user']); + $contents = format_text($row['contents']); + + print("From " + ."$create_user, $create_date (score=$row[status])\n" + ."$contents\n"); + + html_start_links(); + html_link("Reply", "${path}comment.php?r$row[id]+p$safeurl"); + + if ($modpoints > 0) + { + if ($row['status'] > 0) + html_link("Moderate Down", "${path}comment.php?md$row[id]+p$safeurl"); + + if ($row['status'] < 5) + html_link("Moderate Up", "${path}comment.php?mu$row[id]+p$safeurl"); + } + + html_end_links(); } - html_end_links(); - $num_comments += show_comments($url, $path, $row['id'], $heading + 1); } db_free($result); - if ($num_comments > 0 && $heading > 3) + if ($div) print("
\n"); return ($num_comments); @@ -636,6 +648,6 @@ show_comments($url, // I - URL for comment // -// End of "$Id: common.php,v 1.8 2004/05/19 16:34:54 mike Exp $". +// End of "$Id: common.php,v 1.9 2004/05/19 21:17:47 mike Exp $". // ?> diff --git a/www/phplib/globals.php b/www/phplib/globals.php index 3eaf06e..7d647dc 100644 --- a/www/phplib/globals.php +++ b/www/phplib/globals.php @@ -1,6 +1,6 @@ diff --git a/www/str.php b/www/str.php index 6d39a98..a25b251 100644 --- a/www/str.php +++ b/www/str.php @@ -1,6 +1,6 @@ email, "$PROJECT STR #$id $what", + mail($ccrow->email, "$PROJECT_NAME STR #$id $what", "Software trouble report #$id has been $what. You can check\n" ."the status of the report and add additional comments and/or files\n" ."at the following URL:\n" ."\n" - ." $PHP_SELF?L$id\n" + ." $PHP_URL?L$id\n" ."\n" ." Summary: $row[summary]\n" ." Version: $row[str_version]\n" @@ -152,7 +152,7 @@ notify_creator($id, // I - STR # ."Fix Version: $fix_version\n" ."\n$contents" ."________________________________________________________________\n" - ."Thank you for using the $PROJECT Software Trouble Report page!", + ."Thank you for using the $PROJECT_NAME Software Trouble Report page!", "From: noreply@easysw.com\r\n"); } @@ -162,15 +162,15 @@ notify_creator($id, // I - STR # if ($row['manager_email'] != "") $manager = $row['manager_email']; else - $manager = "$EMAIL"; + $manager = "$PROJECT_EMAIL"; if ($row['modify_user'] != $manager) - mail($manager, "$PROJECT STR #$id $what", + mail($manager, "$PROJECT_NAME STR #$id $what", "The software trouble report #$id assigned to you has been $what.\n" ."You can manage the report and add additional comments and/or files\n" ."at the following URL:\n" ."\n" - ." $PHP_SELF?L$id\n" + ." $PHP_URL?L$id\n" ."\n" ." Summary: $row[summary]\n" ." Version: $row[str_version]\n" @@ -186,6 +186,7 @@ notify_creator($id, // I - STR # } } + // Get command-line options... // // Usage: str.php [operation] [options] @@ -660,7 +661,8 @@ switch ($op) if ($LOGIN_LEVEL < AUTH_DEVEL) { - $query .= "${prefix}is_published = 1"; + $query .= "${prefix}(is_published = 1 OR create_user = '" + . db_escape($LOGIN_USER) . "')"; $prefix = " AND "; } @@ -947,8 +949,9 @@ switch ($op) print("

" ."MACH = Machine, " ."OS = Operating System, " - ."STR = Software Trouble Report" - ."

\n"); + ."STR = Software Trouble Report, " + ."private = hidden from public view

\n"); } html_footer(); @@ -1553,7 +1556,9 @@ switch ($op) $version = $_POST["VERSION"]; $contents = $_POST["CONTENTS"]; - if (array_key_exists("EMAIL", $_POST)) + if ($LOGIN_USER != "" && $LOGIN_LEVEL < AUTH_DEVEL) + $email = $LOGIN_USER; + else if (array_key_exists("EMAIL", $_POST)) { $email = $_POST["EMAIL"]; setcookie("FROM", "$email", time() + 90 * 86400, "/"); @@ -1578,7 +1583,9 @@ switch ($op) } else { - if (array_key_exists("FROM", $_COOKIE)) + if ($LOGIN_USER != "") + $email = $LOGIN_USER; + else if (array_key_exists("FROM", $_COOKIE)) $email = $_COOKIE["FROM"]; else $email = ""; @@ -1673,11 +1680,11 @@ switch ($op) else { print("

Please use this form to report all bugs and request " - ."features in the $PROJECT software. Be sure to include " + ."features in the $PROJECT_NAME software. Be sure to include " ."the operating system, compiler, sample programs and/or " ."files, and any other information you can about your " ."problem. Thank you for helping us to improve " - ."$PROJECT!

\n"); + ."$PROJECT_NAME!

\n"); $hstart = ""; $hend = ""; @@ -1865,6 +1872,6 @@ switch ($op) } // -// End of "$Id: str.php,v 1.9 2004/05/19 14:02:38 mike Exp $". +// End of "$Id: str.php,v 1.10 2004/05/19 21:17:47 mike Exp $". // ?> diff --git a/www/style.css b/www/style.css index afa27f6..46d967e 100644 --- a/www/style.css +++ b/www/style.css @@ -35,15 +35,15 @@ TR.header, TR.header TH, TH.header { } TR.page { - background-color: #f8f8f8; + background-color: #f4f4f4; } TR.data0, TD.data0 { - background-color: #eeeeee; + background-color: #e8e8e8; } TR.data1, TD.data1 { - background-color: #dddddd; + background-color: #e0e0e0; } INPUT[TYPE="TEXT"], TEXTAREA {