2004-10-14 22:20:03 +00:00
|
|
|
#!/usr/bin/perl
|
|
|
|
|
|
|
|
|
|
# we use DBI, for it's sexy body
|
|
|
|
|
use DBI;
|
|
|
|
|
|
2004-11-04 19:27:04 +00:00
|
|
|
# template variables
|
|
|
|
|
$HEADER = "header";
|
|
|
|
|
$FOOTER = "footer";
|
|
|
|
|
$CONTENT_DEFAULT = "default-content";
|
|
|
|
|
$CONTENT_ADD = "add-kwote";
|
|
|
|
|
$CONTENT_SEARCH = "search";
|
|
|
|
|
$BEFORE_LIST = "before-list";
|
|
|
|
|
$AFTER_LIST = "after-list";
|
|
|
|
|
$NAVIGATION = "navigation";
|
|
|
|
|
$NAVIGATION_NO_BACK = "navigation-no-back";
|
|
|
|
|
$NAVIGATION_NO_FORWARD = "navigation-no-forward";
|
|
|
|
|
$KWOTE_ODD = "kwote-odd";
|
|
|
|
|
$KWOTE_EVEN = "kwote-even";
|
|
|
|
|
$CONTENT_ERROR = "error";
|
|
|
|
|
$HTTP_HEADERS = "http-headers";
|
|
|
|
|
|
2004-10-14 22:20:03 +00:00
|
|
|
# database connection
|
|
|
|
|
my $GLOBAL_DBH = undef;
|
|
|
|
|
|
2004-10-28 06:29:35 +00:00
|
|
|
##
|
|
|
|
|
# Returns a random tagline
|
|
|
|
|
sub get_tagline {
|
|
|
|
|
return $TAG_LINES[ @TAG_LINES*rand() ];
|
|
|
|
|
}
|
|
|
|
|
|
2004-10-14 22:20:03 +00:00
|
|
|
##
|
|
|
|
|
# Returns the kwote count
|
|
|
|
|
sub get_kwote_count {
|
|
|
|
|
|
|
|
|
|
# connect
|
|
|
|
|
my $dbh = get_db_connection();
|
|
|
|
|
|
|
|
|
|
# execute
|
|
|
|
|
my $sth = $dbh->prepare("SELECT COUNT(*) as kwote_count FROM kwote");
|
|
|
|
|
$sth->execute();
|
|
|
|
|
|
|
|
|
|
# return
|
|
|
|
|
my $row = $sth->fetchrow_hashref();
|
|
|
|
|
return $row->{"kwote_count"};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Returns the kwote_backup count
|
|
|
|
|
sub get_kwote_backup_count {
|
|
|
|
|
|
|
|
|
|
# connect
|
|
|
|
|
my $dbh = get_db_connection();
|
|
|
|
|
|
|
|
|
|
# execute
|
|
|
|
|
my $sth = $dbh->prepare("SELECT COUNT(*) as kwote_count FROM kwote_backup");
|
|
|
|
|
$sth->execute();
|
|
|
|
|
|
|
|
|
|
# return
|
|
|
|
|
my $row = $sth->fetchrow_hashref();
|
|
|
|
|
return $row->{"kwote_count"};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# does some minor database cleanup
|
|
|
|
|
sub cleanup {
|
|
|
|
|
|
|
|
|
|
# get a db connection
|
|
|
|
|
my $dbh = get_db_connection();
|
|
|
|
|
|
|
|
|
|
# backup kwotes to be deleted
|
|
|
|
|
my $sth = $dbh->prepare(
|
|
|
|
|
"INSERT INTO kwote_backup SELECT * FROM kwote WHERE ".
|
2004-10-15 07:47:54 +00:00
|
|
|
"(now()-submit_dt)>? AND rating<=?"
|
2004-10-14 22:20:03 +00:00
|
|
|
);
|
2004-10-16 01:07:09 +00:00
|
|
|
$sth->bind_param(1, $KWOTE_TTL);
|
2004-10-15 19:35:43 +00:00
|
|
|
$sth->bind_param(2, $KWOTE_DEATH_RATING);
|
2004-10-14 22:20:03 +00:00
|
|
|
$sth->execute() or die "Couldn't backup kwotes";
|
|
|
|
|
|
|
|
|
|
# delete kwotes
|
|
|
|
|
$sth = $dbh->prepare(
|
2004-10-15 07:47:54 +00:00
|
|
|
"DELETE FROM kwote WHERE (now()-submit_dt)>? AND rating<=?"
|
2004-10-14 22:20:03 +00:00
|
|
|
);
|
2004-10-16 01:07:09 +00:00
|
|
|
$sth->bind_param(1, $KWOTE_TTL);
|
2004-10-15 19:35:43 +00:00
|
|
|
$sth->bind_param(2, $KWOTE_DEATH_RATING);
|
2004-10-14 22:20:03 +00:00
|
|
|
$sth->execute() or die "Couldn't delete kwotes";
|
|
|
|
|
|
|
|
|
|
# delete the vote log (this doesn't affect kwote rating)
|
|
|
|
|
$sth = $dbh->prepare(
|
|
|
|
|
"DELETE FROM vote WHERE (now()-vote_dt)>?"
|
|
|
|
|
);
|
2004-10-15 19:35:43 +00:00
|
|
|
$sth->bind_param(1, $VOTE_TTL);
|
2004-10-14 22:20:03 +00:00
|
|
|
$sth->execute() or die "Couldn't delete votes";
|
|
|
|
|
|
|
|
|
|
# let em know we're good
|
|
|
|
|
print "Kwote Database cleanup complete\n";
|
|
|
|
|
|
|
|
|
|
# w00t
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# votes on a kwote
|
|
|
|
|
sub vote {
|
|
|
|
|
my ($addr, $kid, $amt) = @_;
|
|
|
|
|
|
|
|
|
|
# connect to db
|
|
|
|
|
my $dbh = get_db_connection();
|
|
|
|
|
|
|
|
|
|
# prepare statement
|
|
|
|
|
my $sth = $dbh->prepare(
|
|
|
|
|
"SELECT COUNT(*) as vote_count FROM vote WHERE ".
|
|
|
|
|
"ip_address=? AND kwote_id=?"
|
|
|
|
|
);
|
|
|
|
|
$sth->bind_param(1, $addr);
|
|
|
|
|
$sth->bind_param(2, $kid);
|
|
|
|
|
|
|
|
|
|
# execute
|
|
|
|
|
$sth->execute();
|
|
|
|
|
|
|
|
|
|
# get row
|
|
|
|
|
my $row = $sth->fetchrow_hashref();
|
|
|
|
|
|
|
|
|
|
# check if they suck
|
2004-10-15 19:35:43 +00:00
|
|
|
return undef if ($row->{"vote_count"}>=$MAX_VOTES_PER_IP);
|
2004-10-14 22:20:03 +00:00
|
|
|
|
|
|
|
|
# prepare
|
|
|
|
|
$sth = $dbh->prepare(
|
|
|
|
|
"UPDATE kwote SET rating=rating+(?) WHERE id=?"
|
|
|
|
|
);
|
|
|
|
|
$sth->bind_param(1, $amt);
|
|
|
|
|
$sth->bind_param(2, $kid);
|
|
|
|
|
$sth->execute() or return undef;
|
|
|
|
|
|
|
|
|
|
# record the vote
|
|
|
|
|
$sth = $dbh->prepare(
|
|
|
|
|
"INSERT INTO vote (ip_address, kwote_id, vote_dt) ".
|
|
|
|
|
"VALUES (?, ?, now())"
|
|
|
|
|
);
|
|
|
|
|
$sth->bind_param(1, $addr);
|
|
|
|
|
$sth->bind_param(2, $kid);
|
|
|
|
|
$sth->execute() or return undef;
|
|
|
|
|
|
|
|
|
|
# we're good
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# adds a kwote to the database
|
|
|
|
|
sub add_kwote {
|
|
|
|
|
my ($dbh, $kwote_text, $ip_address) = @_;
|
2004-10-16 01:07:09 +00:00
|
|
|
my ($addr, $kid, $amt) = @_;
|
2004-10-14 22:20:03 +00:00
|
|
|
|
|
|
|
|
# make sure the kwote is ok
|
|
|
|
|
return undef if (!defined($kwote_text) || $kwote_text eq "");
|
|
|
|
|
|
|
|
|
|
# prepare statement
|
|
|
|
|
my $sth = $dbh->prepare(
|
|
|
|
|
"SELECT COUNT(*) as kwote_count FROM kwote WHERE ip_address=? AND (now()-submit_dt)<?"
|
|
|
|
|
);
|
|
|
|
|
$sth->bind_param(1, $ip_address);
|
2004-10-15 19:35:43 +00:00
|
|
|
$sth->bind_param(2, $SECS_BETWEEN_KWOTES);
|
2004-10-14 22:20:03 +00:00
|
|
|
|
|
|
|
|
# execute
|
|
|
|
|
$sth->execute() or return undef;
|
|
|
|
|
|
|
|
|
|
# get row
|
|
|
|
|
my $row = $sth->fetchrow_hashref() or return undef;
|
|
|
|
|
|
|
|
|
|
# check if they suck
|
2004-10-15 19:35:43 +00:00
|
|
|
return undef if ($row->{"kwote_count"}>=$MAX_KWOTES_PER_IP);
|
2004-10-14 22:20:03 +00:00
|
|
|
|
|
|
|
|
# prepare statement
|
|
|
|
|
my $sth = $dbh->prepare(
|
|
|
|
|
"INSERT INTO kwote (submit_dt, content, rating, ip_address) ".
|
|
|
|
|
"VALUES (now(), ?, ?, ?)"
|
|
|
|
|
) or return undef;
|
|
|
|
|
|
|
|
|
|
# bind params
|
|
|
|
|
$sth->bind_param(1, $kwote_text); # this is the kwote text
|
|
|
|
|
$sth->bind_param(2, 0); # no rating as of yet
|
|
|
|
|
$sth->bind_param(3, $ip_address); # the ip address
|
|
|
|
|
|
|
|
|
|
# execute
|
|
|
|
|
$sth->execute() or return undef;
|
|
|
|
|
|
|
|
|
|
# return the id
|
2004-10-16 01:07:09 +00:00
|
|
|
return $sth->{insertid};
|
2004-10-14 22:20:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# adds a kwote to the database
|
|
|
|
|
sub get_kwote {
|
|
|
|
|
my ($dbh, $kid) = @_;
|
|
|
|
|
|
|
|
|
|
# prepare statement
|
|
|
|
|
my $sth = $dbh->prepare(
|
|
|
|
|
"SELECT * FROM kwote WHERE id=?"
|
|
|
|
|
) or return undef;
|
|
|
|
|
|
|
|
|
|
# bind params
|
|
|
|
|
$sth->bind_param(1, $kid);
|
|
|
|
|
|
|
|
|
|
# execute
|
|
|
|
|
$sth->execute() or return undef;
|
|
|
|
|
|
|
|
|
|
# get the row
|
|
|
|
|
my $row = $sth->fetchrow_hashref();
|
|
|
|
|
|
|
|
|
|
# return the id
|
|
|
|
|
return (defined($row)) ? $row : undef;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Gets a list of kwotes
|
|
|
|
|
sub list_kwotes {
|
|
|
|
|
my ($dbh, $sort_by, $order_direction, $return_amt,
|
2004-10-28 06:29:35 +00:00
|
|
|
$start_index, $search_string, $min_rating, $max_rating) = @_;
|
2004-10-14 22:20:03 +00:00
|
|
|
|
|
|
|
|
# clean up the numbers
|
|
|
|
|
$return_amt =~ s/[^0-9]//ig;
|
|
|
|
|
$start_index =~ s/[^0-9]//ig;
|
|
|
|
|
|
|
|
|
|
# ensure these numbers are ok
|
|
|
|
|
if ($start_index eq "" || int($start_index)<=0) {
|
|
|
|
|
$start_index = 0;
|
|
|
|
|
}
|
|
|
|
|
if ($return_amt eq "" || int($return_amt)<=0
|
|
|
|
|
|| int($return_amt) > 200) {
|
|
|
|
|
$return_amt = 20;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# break out the keywords
|
|
|
|
|
my @kws = split(/,/,$search_string);
|
|
|
|
|
|
|
|
|
|
# build SQL query
|
2004-10-28 06:29:35 +00:00
|
|
|
my $sql = "SELECT * FROM kwote WHERE 1=1 ";
|
|
|
|
|
|
2004-10-14 22:20:03 +00:00
|
|
|
|
|
|
|
|
# search stuff
|
|
|
|
|
if (defined($search_string)) {
|
|
|
|
|
foreach my $kw (@kws) {
|
|
|
|
|
$sql.= "AND content LIKE ? ";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-10-28 06:29:35 +00:00
|
|
|
# min rating
|
|
|
|
|
if (defined($min_rating)) {
|
|
|
|
|
$sql .= "AND rating >= ? ";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# max rating
|
|
|
|
|
if (defined($max_rating)) {
|
|
|
|
|
$sql .= "AND rating <= ? ";
|
|
|
|
|
}
|
|
|
|
|
|
2004-10-14 22:20:03 +00:00
|
|
|
# sorting and paging
|
|
|
|
|
if (defined($sort_by)) {
|
|
|
|
|
$sql .= "ORDER BY $sort_by $order_direction ";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# paging
|
|
|
|
|
$sql .= "LIMIT $start_index, $return_amt ";
|
|
|
|
|
|
|
|
|
|
# prepare
|
|
|
|
|
my $sth = $dbh->prepare($sql) or return undef;
|
2004-10-28 06:29:35 +00:00
|
|
|
my $param_num = 1;
|
|
|
|
|
|
2004-10-14 22:20:03 +00:00
|
|
|
# apply the search criteria
|
|
|
|
|
if (defined($search_string)) {
|
2004-10-28 06:29:35 +00:00
|
|
|
for (my $i=0; $i<@kws; $i++) {
|
|
|
|
|
$sth->bind_param($param_num, "\%".$kws[$i]."\%");
|
|
|
|
|
$param_num++;
|
2004-10-14 22:20:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-10-28 06:29:35 +00:00
|
|
|
# min rating
|
|
|
|
|
if (defined($min_rating)) {
|
|
|
|
|
$sth->bind_param($param_num, $min_rating);
|
|
|
|
|
$param_num++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# max rating
|
|
|
|
|
if (defined($max_rating)) {
|
|
|
|
|
$sth->bind_param($param_num, $max_rating);
|
|
|
|
|
$param_num++;
|
|
|
|
|
}
|
2004-10-14 22:20:03 +00:00
|
|
|
|
|
|
|
|
# execute
|
|
|
|
|
$sth->execute() or return undef;
|
|
|
|
|
|
|
|
|
|
# get the rows
|
|
|
|
|
my @rows;
|
|
|
|
|
while (my $row = $sth->fetchrow_hashref()) {
|
|
|
|
|
push(@rows, $row);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# return it
|
|
|
|
|
return @rows;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Connect to the database
|
|
|
|
|
sub get_db_connection {
|
|
|
|
|
if (!$GLOBAL_DBH) {
|
|
|
|
|
$GLOBAL_DBH = DBI->connect(
|
2004-10-15 19:35:43 +00:00
|
|
|
"dbi:$DB_TYPE:$DB_NAME:$DB_HOST",
|
|
|
|
|
$DB_USER,
|
|
|
|
|
$DB_PASS
|
2004-10-14 22:20:03 +00:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
return $GLOBAL_DBH;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Escape html
|
|
|
|
|
sub html_escape {
|
|
|
|
|
my ($data) = @_;
|
2004-10-15 07:47:54 +00:00
|
|
|
my $ret_data = "";
|
|
|
|
|
foreach my $line (split(/\n/,$data)) {
|
|
|
|
|
$line =~ s/</</g;
|
|
|
|
|
$line =~ s/>/>/g;
|
|
|
|
|
$line =~ s/"/"/g;
|
|
|
|
|
$line =~ s/^\s+/" "x$+[0]/e;
|
|
|
|
|
$ret_data .= "$line<br />";
|
|
|
|
|
}
|
|
|
|
|
return $ret_data;
|
2004-10-14 22:20:03 +00:00
|
|
|
}
|
|
|
|
|
|
2004-11-02 01:38:42 +00:00
|
|
|
##
|
|
|
|
|
# Escape xml
|
|
|
|
|
sub xml_escape {
|
|
|
|
|
my ($data) = @_;
|
|
|
|
|
my $ret_data = "";
|
|
|
|
|
foreach my $line (split(/\n/,$data)) {
|
|
|
|
|
$line =~ s/</</g;
|
|
|
|
|
$line =~ s/>/>/g;
|
|
|
|
|
$line =~ s/"/"/g;
|
|
|
|
|
$line =~ s/^\s+/" "x$+[0]/e;
|
|
|
|
|
$ret_data .= $line;
|
|
|
|
|
}
|
|
|
|
|
return $ret_data;
|
|
|
|
|
}
|
|
|
|
|
|
2004-10-14 22:20:03 +00:00
|
|
|
##
|
2004-11-04 19:27:04 +00:00
|
|
|
# Returns the appropriate http headers based
|
|
|
|
|
# on the template
|
|
|
|
|
sub get_template_headers {
|
|
|
|
|
my ($template) = @_;
|
|
|
|
|
open(IN, "templates/$template/$HTTP_HEADERS");
|
|
|
|
|
my $data = join("",<IN>);
|
|
|
|
|
close(IN);
|
|
|
|
|
return $data;
|
2004-10-14 22:20:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
2004-11-04 19:27:04 +00:00
|
|
|
# Wraps an HTML template
|
2004-10-14 22:20:03 +00:00
|
|
|
sub wrap_template {
|
2004-11-02 01:38:42 +00:00
|
|
|
my ($template, $template_file, %vars) = @_;
|
|
|
|
|
open(IN,"templates/$template/$template_file");
|
2004-10-14 22:20:03 +00:00
|
|
|
my $data = join("",<IN>);
|
|
|
|
|
close(IN);
|
|
|
|
|
foreach $key (keys %vars) {
|
|
|
|
|
$data =~ s/\${$key}/$vars{$key}/ig;
|
|
|
|
|
}
|
|
|
|
|
return $data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Wraps and renders a template
|
|
|
|
|
sub render_template {
|
2004-11-02 01:38:42 +00:00
|
|
|
my ($template, $template_file, %vars) = @_;
|
|
|
|
|
my $data = wrap_template($template, $template_file, %vars);
|
2004-10-14 22:20:03 +00:00
|
|
|
print STDOUT $data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Parse form data
|
|
|
|
|
sub parse_form {
|
|
|
|
|
my (@pairs, $pair, $buffer, %FORM);
|
|
|
|
|
if ($ENV{'REQUEST_METHOD'} eq 'GET') {
|
|
|
|
|
@pairs = split(/&/, $ENV{'QUERY_STRING'});
|
|
|
|
|
} elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
|
|
|
|
|
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
|
|
|
|
|
@pairs = split(/&/, $buffer);
|
|
|
|
|
}
|
|
|
|
|
foreach $pair (@pairs) {
|
|
|
|
|
local($name, $value) = split(/=/, $pair);
|
|
|
|
|
$name =~ tr/+/ /;
|
|
|
|
|
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
|
|
|
|
|
$value =~ tr/+/ /;
|
|
|
|
|
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
|
2004-10-28 06:29:35 +00:00
|
|
|
$FORM{$name} = $value if (length($value)>0);
|
2004-10-14 22:20:03 +00:00
|
|
|
}
|
|
|
|
|
return %FORM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
1;
|
