diff options
Diffstat (limited to 'pages/quotes.php')
-rwxr-xr-x | pages/quotes.php | 261 |
1 files changed, 130 insertions, 131 deletions
diff --git a/pages/quotes.php b/pages/quotes.php index 6db3cb0..4e0332f 100755 --- a/pages/quotes.php +++ b/pages/quotes.php | |||
@@ -24,70 +24,92 @@ require('headerproc.php'); | |||
24 | 24 | ||
25 | $pageCategory = 'quotes'; | 25 | $pageCategory = 'quotes'; |
26 | 26 | ||
27 | if (isset($_GET['id'])) | 27 | $hatNav = array( array( 'title' => 'Latest', |
28 | 'url' => 'http://fourisland.com/quotes/latest.php', | ||
29 | 'icon' => '16-star-hot' | ||
30 | ), | ||
31 | array( 'title' => 'Best', | ||
32 | 'url' => 'http://fourisland.com/quotes/top.php', | ||
33 | 'icon' => 'medal_gold_1' | ||
34 | ), | ||
35 | array( 'title' => 'Worst', | ||
36 | 'url' => 'http://fourisland.com/quotes/bottom.php', | ||
37 | 'icon' => '16-message-warn' | ||
38 | ), | ||
39 | array( 'title' => 'Browse All', | ||
40 | 'url' => 'http://fourisland.com/quotes/browse.php', | ||
41 | 'icon' => '16-file-archive' | ||
42 | ), | ||
43 | array( 'title' => 'Random', | ||
44 | 'url' => 'http://fourisland.com/quotes/random.php', | ||
45 | 'icon' => '16-clock' | ||
46 | ), | ||
47 | array( 'title' => 'Add', | ||
48 | 'url' => 'http://fourisland.com/quotes/add.php', | ||
49 | 'icon' => '16-em-pencil' | ||
50 | ), | ||
51 | array( 'title' => 'Search', | ||
52 | 'url' => 'http://fourisland.com/quotes/search.php', | ||
53 | 'icon' => 'book_open' | ||
54 | )); | ||
55 | |||
56 | if (isset($_GET['id']) && is_numeric($_GET['id'])) | ||
28 | { | 57 | { |
29 | $quote_num = $_GET['id']; | 58 | $quote_num = $_GET['id']; |
30 | } | 59 | } |
31 | 60 | ||
32 | if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest')) | 61 | if (isset($_GET['id']) && !(is_numeric($_GET['id']))) |
62 | { | ||
63 | generateError('404'); | ||
64 | } else if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest')) | ||
33 | { | 65 | { |
34 | $query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY id DESC LIMIT 50"; | 66 | $query = "SELECT * FROM rash_quotes ORDER BY id DESC LIMIT 50"; |
35 | quote_generation($query, "Latest", -1); | 67 | quote_generation($query, "Latest", -1); |
36 | } else if ($_GET['act'] == 'add') | 68 | } else if ($_GET['act'] == 'add') |
37 | { | 69 | { |
38 | $template = new FITemplate('quotes/add'); | 70 | $template = new FITemplate('quotes/add'); |
39 | if (isset($_GET['submit'])) | 71 | if (isset($_GET['submit'])) |
40 | { | 72 | { |
41 | $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n"))); | 73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlentities($_POST['rash_quote'])))); |
42 | if (!isLoggedIn()) | 74 | if (!isLoggedIn()) |
43 | { | 75 | { |
44 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; | 76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; |
45 | } else { | 77 | } else { |
46 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); | 78 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")"; |
47 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")"; | ||
48 | } | 79 | } |
49 | $insquote2 = mysql_query($insquote); | 80 | $insquote2 = mysql_query($insquote); |
50 | } | 81 | } |
51 | $template->display(); | 82 | $template->display(); |
52 | } elseif ($_GET['act'] == 'bottom') | 83 | } elseif ($_GET['act'] == 'bottom') |
53 | { | 84 | { |
54 | $query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating < 0 ORDER BY rating ASC LIMIT 50"; | 85 | $query = "SELECT * FROM rash_quotes WHERE rating < 0 ORDER BY rating ASC LIMIT 50"; |
55 | quote_generation($query, "Bottom", -1); | 86 | quote_generation($query, "Bottom", -1); |
56 | } elseif ($_GET['act'] == 'browse') | 87 | } elseif ($_GET['act'] == 'browse') |
57 | { | 88 | { |
58 | $query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY id ASC "; | 89 | $query = "SELECT * FROM rash_quotes ORDER BY id ASC "; |
59 | quote_generation($query, "Browse", (isset($_GET['page']) ? $_GET['page'] : 1), 10, 5); | 90 | quote_generation($query, "Browse", (isset($_GET['page']) ? $_GET['page'] : 1), 10, 5); |
60 | } elseif ($_GET['act'] == 'flag') | 91 | } elseif ($_GET['act'] == 'flag') |
61 | { | 92 | { |
62 | $template = new FITemplate('msg'); | 93 | $getfla = "SELECT * FROM rash_quotes WHERE id = " . $quote_num . " LIMIT 0,1"; |
63 | $tracking_verdict = user_quote_status('flag', $quote_num, $template); | 94 | $getfla2 = mysql_query($getfla); |
64 | if ($tracking_verdict < 3) | 95 | $getfla3 = mysql_fetch_array($getfla2); |
96 | |||
97 | if ($getfla3['flag'] == 2) | ||
65 | { | 98 | { |
66 | $getfla = "SELECT flag FROM rash_quotes WHERE id = " . $quote_num . " LIMIT 0,1"; | 99 | die('0'); |
67 | $getfla2 = mysql_query($getfla); | 100 | } else { |
68 | $getfla3 = mysql_fetch_array($getfla2); | 101 | $setfla = "UPDATE rash_quotes SET flag = 1 WHERE id = " . $quote_num; |
102 | $setfla2 = mysql_query($setfla); | ||
69 | 103 | ||
70 | if ($getfla3['flag'] == 2) | 104 | die('1'); |
71 | { | ||
72 | $template->add('MSG',"This quote has been flagged and rechecked by a moderator already."); | ||
73 | } elseif ($getfla3['flag'] == 1) | ||
74 | { | ||
75 | $template->add('MSG',"This quote is currently pending deletion."); | ||
76 | } else { | ||
77 | $template->add('MSG',"You have marked this quote for deletion."); | ||
78 | $setfla = "UPDATE rash_quotes SET flag = 1 WHERE id = " . $quote_num; | ||
79 | $setfla2 = mysql_query($setfla); | ||
80 | } | ||
81 | } | 105 | } |
82 | $template->add('BACK','Quote #' . $quote_num); | ||
83 | $template->display(); | ||
84 | } elseif ($_GET['act'] == 'random') | 106 | } elseif ($_GET['act'] == 'random') |
85 | { | 107 | { |
86 | $query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY rand() LIMIT 50"; | 108 | $query = "SELECT * FROM rash_quotes ORDER BY rand() LIMIT 50"; |
87 | quote_generation($query, "Random", -1); | 109 | quote_generation($query, "Random", -1); |
88 | } elseif ($_GET['act'] == 'random2') | 110 | } elseif ($_GET['act'] == 'random2') |
89 | { | 111 | { |
90 | $query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating > 1 ORDER BY rand() LIMIT 50"; | 112 | $query = "SELECT * FROM rash_quotes WHERE rating > 1 ORDER BY rand() LIMIT 50"; |
91 | quote_generation($query, "Random2", -1); | 113 | quote_generation($query, "Random2", -1); |
92 | } elseif ($_GET['act'] == 'search') | 114 | } elseif ($_GET['act'] == 'search') |
93 | { | 115 | { |
@@ -99,22 +121,24 @@ if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest')) | |||
99 | } else { | 121 | } else { |
100 | $how = 'asc'; | 122 | $how = 'asc'; |
101 | } | 123 | } |
102 | $getquotes = "SELECT id, quote, rating, flag FROM rash_quotes WHERE quote LIKE \"%" . $_POST['search'] . "%\" ORDER BY " . $_POST['sortby'] . " " . $how . " LIMIT 0," . $_POST['number']; | 124 | $getquotes = "SELECT * FROM rash_quotes WHERE quote LIKE \"%" . $_POST['search'] . "%\" ORDER BY " . $_POST['sortby'] . " " . $how . " LIMIT 0," . $_POST['number']; |
103 | quote_generation($getquotes, "Query Results", -1); | 125 | quote_generation($getquotes, "Query Results", -1); |
104 | } | 126 | } |
105 | $template = new FITemplate('quotes/search'); | 127 | $template = new FITemplate('quotes/search'); |
106 | $template->display(); | 128 | $template->display(); |
107 | } elseif ($_GET['act'] == 'top') | 129 | } elseif ($_GET['act'] == 'top') |
108 | { | 130 | { |
109 | $query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating > 0 ORDER BY rating DESC LIMIT 50"; | 131 | $query = "SELECT * FROM rash_quotes WHERE rating > 0 ORDER BY rating DESC LIMIT 50"; |
110 | quote_generation($query, "Top", -1); | 132 | quote_generation($query, "Top", -1); |
111 | } elseif ($_GET['act'] == 'vote') | 133 | } elseif ($_GET['act'] == 'vote') |
112 | { | 134 | { |
113 | $template = new FITemplate('msg'); | 135 | $gettrack = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; |
114 | $tracking_verdict = user_quote_status('vote', $quote_num,$template); | 136 | $gettrack2 = mysql_query($gettrack); |
115 | $template->add('BACK','Quote #' . $quote_num); | 137 | $gettrack3 = mysql_fetch_array($gettrack2); |
116 | $template->display(); | 138 | |
117 | if ($tracking_verdict < 3) | 139 | $trackArr = explode(',',$gettrack3['vote']); |
140 | |||
141 | if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($quote_num,$trackArr) === FALSE)) | ||
118 | { | 142 | { |
119 | if ($_GET['dir'] == "plus") | 143 | if ($_GET['dir'] == "plus") |
120 | { | 144 | { |
@@ -125,18 +149,32 @@ if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest')) | |||
125 | $setquote = "UPDATE rash_quotes SET rating = rating-1 WHERE id = " . $quote_num; | 149 | $setquote = "UPDATE rash_quotes SET rating = rating-1 WHERE id = " . $quote_num; |
126 | $setquote2 = mysql_query($setquote); | 150 | $setquote2 = mysql_query($setquote); |
127 | } | 151 | } |
128 | } | ||
129 | } else { | ||
130 | if ((is_int($_GET['act']) || ($_GET['act'] != false)) && (verify_int($_GET['act']))) | ||
131 | { | ||
132 | $query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE id = " . $_GET['act']; | ||
133 | quote_generation($query, "#" . $_GET['act'], -1); | ||
134 | 152 | ||
135 | $page_id = 'quote-' . $_GET['act']; | 153 | if ($gettrack3['ip'] == $_SERVER['REMOTE_ADDR']) |
136 | include('includes/comments.php'); | 154 | { |
155 | $settrack = "UPDATE rash_tracking SET vote = \"" . $gettrack3['vote'] . "," . $quote_num . "\" WHERE id = " . $gettrack3['id']; | ||
156 | } else { | ||
157 | $settrack = "INSERT INTO tracking (ip,vote) VALUES (\"" . $_SERVER['REMOTE_ADDR'] . "\",\"" . $quote_num . "\")"; | ||
158 | } | ||
159 | $settrack2 = mysql_query($settrack) or die($settrack); | ||
160 | |||
161 | $getquote = "SELECT * FROM rash_quotes WHERE id = " . $quote_num; | ||
162 | $getquote2 = mysql_query($getquote); | ||
163 | $getquote3 = mysql_fetch_array($getquote2); | ||
164 | |||
165 | die($getquote3['rating']); | ||
137 | } else { | 166 | } else { |
138 | generateError('404'); | 167 | die; |
139 | } | 168 | } |
169 | } else if (is_numeric($_GET['act'])) | ||
170 | { | ||
171 | $query = "SELECT * FROM rash_quotes WHERE id = " . $_GET['act']; | ||
172 | quote_generation($query, "#" . $_GET['act'], -1); | ||
173 | |||
174 | $page_id = 'quote-' . $_GET['act']; | ||
175 | include('includes/comments.php'); | ||
176 | } else { | ||
177 | generateError('404'); | ||
140 | } | 178 | } |
141 | 179 | ||
142 | function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_limit = 10) | 180 | function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_limit = 10) |
@@ -152,13 +190,56 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l | |||
152 | } | 190 | } |
153 | $template->add('ORIGIN',$origin); | 191 | $template->add('ORIGIN',$origin); |
154 | 192 | ||
193 | $gettrack = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; | ||
194 | $gettrack2 = mysql_query($gettrack); | ||
195 | $gettrack3 = mysql_fetch_array($gettrack2); | ||
196 | |||
197 | $trackArr = explode(',',$gettrack3['vote']); | ||
198 | |||
155 | $getquotes2 = mysql_query($query); | 199 | $getquotes2 = mysql_query($query); |
156 | $i=0; | 200 | $i=0; |
157 | while ($getquotes3[$i] = mysql_fetch_array($getquotes2)) | 201 | while ($getquotes3[$i] = mysql_fetch_array($getquotes2)) |
158 | { | 202 | { |
159 | $template->adds_block('QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'], | 203 | if (!isset($curID)) |
160 | 'RATING' => $getquotes3[$i]['rating'], | 204 | { |
161 | 'QUOTE' => parseSmilies(str_replace("\n","<BR>",stripslashes($getquotes3[$i]['quote']))))); | 205 | $curID = 0; |
206 | } else { | ||
207 | $curID++; | ||
208 | } | ||
209 | |||
210 | $cntcomments = "SELECT COUNT(*) FROM comments WHERE page_id = \"quote-" . $getquotes3[$i]['id'] . "\""; | ||
211 | $cntcomments2 = mysql_query($cntcomments); | ||
212 | $cntcomments3 = mysql_fetch_array($cntcomments2); | ||
213 | |||
214 | if ($cntcomments3['COUNT(*)'] == 0) | ||
215 | { | ||
216 | $comments = ''; | ||
217 | } else if ($cntcomments3['COUNT(*)'] == 1) | ||
218 | { | ||
219 | $comments = '1 Comment'; | ||
220 | } else { | ||
221 | $comments = $cntcomments3['COUNT(*)'] . ' Comments'; | ||
222 | } | ||
223 | |||
224 | $template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'], | ||
225 | 'RATING' => $getquotes3[$i]['rating'], | ||
226 | 'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''), | ||
227 | 'QUOTE' => str_replace("\n","<br />",htmlentities(stripslashes($getquotes3[$i]['quote']))), | ||
228 | 'COMMENTS' => $comments)); | ||
229 | |||
230 | if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE)) | ||
231 | { | ||
232 | $template->adds_ref_sub($curID, 'CANVOTE', array('exi'=>1)); | ||
233 | } else { | ||
234 | $template->adds_ref_sub($curID, 'NOVOTE', array('exi'=>1)); | ||
235 | } | ||
236 | |||
237 | if ($getquotes3[$i]['flag'] == 0) | ||
238 | { | ||
239 | $template->adds_ref_sub($curID, 'CANFLAG', array('exi'=>1)); | ||
240 | } else { | ||
241 | $template->adds_ref_sub($curID, 'NOFLAG', array('exi'=>1)); | ||
242 | } | ||
162 | 243 | ||
163 | $i++; | 244 | $i++; |
164 | } | 245 | } |
@@ -170,7 +251,7 @@ function page_numbers($template, $origin, $quote_limit, $page_default, $page_lim | |||
170 | { | 251 | { |
171 | $numrows = countRows('rash_quotes'); | 252 | $numrows = countRows('rash_quotes'); |
172 | $testrows = $numrows; | 253 | $testrows = $numrows; |
173 | $pagenum = (($testrows + 1) / ($quote_limit > 0 ? $quote_limit : 1)); | 254 | $pagenum = floor(($testrows + 1) / ($quote_limit > 0 ? $quote_limit : 1)); |
174 | 255 | ||
175 | if (($page_limit % 2)) | 256 | if (($page_limit % 2)) |
176 | { | 257 | { |
@@ -227,86 +308,4 @@ function page_numbers($template, $origin, $quote_limit, $page_default, $page_lim | |||
227 | $template->add('LASTPAGE',$pagenum); | 308 | $template->add('LASTPAGE',$pagenum); |
228 | } | 309 | } |
229 | 310 | ||
230 | function user_quote_status($where, $quote_num, $template) | ||
231 | { | ||
232 | $tracking_verdict = ip_track($where, $quote_num); | ||
233 | if ($where != 'flag') | ||
234 | { | ||
235 | switch ($tracking_verdict) | ||
236 | { | ||
237 | case 1: | ||
238 | $template->add('TRACKING',"Quote has been modified, and data of your action has been recorded in the database."); | ||
239 | break; | ||
240 | case 2: | ||
241 | $template->add('TRACKING',"Quote has been modified, your IP has been logged, and data of your action has been recorded in the database."); | ||
242 | break; | ||
243 | case 3: | ||
244 | $template->add('TRACKING',"You have already voted on this quote, please try again later."); | ||
245 | break; | ||
246 | } | ||
247 | } | ||
248 | return $tracking_verdict; | ||
249 | } | ||
250 | |||
251 | function ip_track($where, $quote_num) | ||
252 | { | ||
253 | switch ($where) | ||
254 | { | ||
255 | case 'flag': | ||
256 | $where2 = 'vote'; | ||
257 | break; | ||
258 | case 'vote': | ||
259 | $where2 = 'flag'; | ||
260 | break; | ||
261 | } | ||
262 | |||
263 | $getip = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; | ||
264 | $getip2 = mysql_query($getip); | ||
265 | $getip3 = mysql_fetch_array($getip2); | ||
266 | |||
267 | if ($getip3['ip'] == $_SERVER['REMOTE_ADDR']) | ||
268 | { | ||
269 | $quote_array = explode(",", $getip3['quote_id']); | ||
270 | $quote_place = array_search($quote_num, $quote_array); | ||
271 | if (in_array($quote_num, $quote_array)) | ||
272 | { | ||
273 | $where_result = explode(",", $getip3[$where]); | ||
274 | if (!isset($where_result[$quote_place])) | ||
275 | { | ||
276 | $where_result[$quote_place] = 1; | ||
277 | $where_result = implode(",", $where_result); | ||
278 | $setip = "UPDATE rash_tracking SET " . $where . " = \"" . $where_result . "\" WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; | ||
279 | $setip2 = mysql_query($getip); | ||
280 | return 1; | ||
281 | } else { | ||
282 | return 3; | ||
283 | } | ||
284 | } else { | ||
285 | $setip = "UPDATE rash_tracking SET " . $where . " = CONCAT(" . $where . ",\",1\"), " . $where2 . " = CONCAT(" . $where2 . ",\",0\"), quote_id = CONCAT(quote_id,\"," . $quote_num . "\") WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\""; | ||
286 | $setip2 = mysql_query($setip); | ||
287 | return 1; | ||
288 | } | ||
289 | } else { | ||
290 | $insip = "INSERT INTO rash_tracking (ip, quote_id, " . $where . ", " . $where2 . ") VALUES (\"" . $_SERVER['REMOTE_ADDR'] . "\", \"" . $quote_num . "\", 1, 0)"; | ||
291 | $insip2 = mysql_query($insip); | ||
292 | return 2; | ||
293 | } | ||
294 | } | ||
295 | |||
296 | function verify_int($subject) | ||
297 | { | ||
298 | $ymax = strlen($subject); | ||
299 | $y = 0; | ||
300 | while($y < $ymax) | ||
301 | { | ||
302 | if ((is_int((int)($subject{$y})) && (int)($subject{$y})) || (int)($subject{$y}) === 0 ) | ||
303 | { | ||
304 | $y++; | ||
305 | } else { | ||
306 | return false; | ||
307 | } | ||
308 | } | ||
309 | return true; | ||
310 | } | ||
311 | |||
312 | ?> | 311 | ?> |