From 3e8305ea055c4216e542187e93bba831accd9fd5 Mon Sep 17 00:00:00 2001
From: Anthony Parsons <ant@specialops.ath.cx>
Date: Sat, 14 Jan 2006 20:25:20 +0000
Subject: [PATCH] New readme, updated some inconsistency in the invite code.

---
 README.xml             | 120 ++++++++++++++++++++++++-------------------------
 css/gfh2.css           |   2 +-
 lib/class.anonuser.php |  15 +++++--
 lib/class.authuser.php |   9 ++--
 lib/class.reguser.php  |   6 ++-
 5 files changed, 81 insertions(+), 71 deletions(-)
 rewrite README.xml (83%)

diff --git a/README.xml b/README.xml
dissimilarity index 83%
index 466b720..cb49a01 100644
--- a/README.xml
+++ b/README.xml
@@ -1,61 +1,59 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!-- Just to piss all you WDP validation fundies off I'm using HTML 5. Validate this, bitch. -->
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>SO2 Readme</title>
-<link rel="stylesheet" type="text/css" href="css/default.css"/>
-</head>
-
-<body>
-<header>
-	<h1>Special Ops 2 Documentation</h1>
-	<p>Last modification: $Id$</p>
-</header>
-
-<h2>Intro</h2>
-<section>
-<p>This project is based on mBoard, a GameFAQs spinoff I started writing one day to try out SQLite.
-	I had it working in 7 hours and left it at that. Over time it gained users in the <!-- BRIDGE OUT (no I have no fucking idea where the rest of this sentence went.) --></p>
-<p>The code in mBoard as well as SO1.x was a pile of cack, so I threw it all out and rewrote it from scratch.</p>
-<p>With this being my third attempt at writing a message board, the design is a lot better thought-out.</p>
-
-<!-- How's THIS for semantics abuse? -->
-<aside>And unlike most of the crap these days, this spinoff got somewhere. I'm looking at you, WebFAQs.</aside>
-</section>
-
-<h2>Requirements</h2>
-<section>
-<p>You need PHP 5, MySQL 5, the PHP extensions mysqli and SPL, and an operating system designed for use on the Internet.</p>
-</section>
-
-<h2>Installation</h2>
-<section>
-<p>The DB files are in res/.</p>
-<p>Setup is the same as GFH, except there's no board editor. You don't have to set yourself to admin either (well you can if you want).</p>
-<p>You can turn off various features by ripping out code and deleting files.</p>
-</section>
-
-<h2>To Do list (major)</h2>
-<section>
-<p>*shrug*</p>
-</section>
-
-<h2>Dev info</h2>
-<section>
-<p>The latest public version of the source is at
-<a href="http://specialops.ath.cx/repos/so2/trunk/">http://specialops.ath.cx/repos/so2/trunk/</a>.
-This is a Subversion repository, so you can checkout the source and poke around using whatever SVN client you prefer.
-Of course there's nothing stopping people from being retarded and trying to download it in a web browser,
-	but when it doesn't work because you leeched the files when someone commits changes, you get to keep the pieces you spent forever downloading.</p>
-<p>Source is formatted for tab indents, width 4.</p>
-<p>Bugs, suggestions, fan mail and death threats can be sent to <a href="irc://specialops.ath.cx/">the IRC server</a>.
-	Register a username if you want to get in. Any WDPers can go fuck themselves in the arse with a &lt;marquee&gt; tag.</p>
-</section>
-
-<footer id="footer">
-	<address>© 2004-2005 <a href="irc://specialops.ath.cx/">Ant P.</a></address>
-	<p rel="licence">License: <a href="COPYING">ZLib</a>.</p>
-</footer>
-</body>
-</html>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB">
+<head>
+<title>SO2 Readme</title>
+<link rel="stylesheet" type="text/css" href="css/default.css"/>
+</head>
+
+<body>
+<div id="header">
+	<h1>Special Ops 2 - Docs</h1>
+	<p>File last modified: <var>$Id$</var></p>
+</div>
+
+<h2>Intro</h2>
+<p>This project is based on mBoard, a GameFAQs spinoff I started writing one day to try out SQLite.
+	I had it working in 7 hours and left it at that. Unfortunately it had one major flaw: people were using it.
+	Since I never bothered to optimise the SQLite code it ran painfully slow.</p>
+<p>The code in mBoard and the other board I had at the time, SO1, was a huge mess. So I rewrote from scratch.</p>
+<p>A lot of work has gone into doing things correctly this time, such as testing the code before it's used.
+	All other spinoffs blindly pile on more and more features without a thought to making them secure.
+	SQL injection for instance, one of the most common exploits in spinoff boards, is impossible by design in SO2.</p>
+
+<h2>Requirements</h2>
+<p>You need PHP 5, MySQL 5 installed. In PHP, make sure the MySQLi, SPL and libxml extensions are enabled.</p>
+<p>Also you'll need an operating system with a POSIX-compliant file system such as Solaris, BSD, MacOS X and Linux.
+	These are freely downloadable from the Internet if you don't already use one for some perverse reason.</p>
+
+<h2>Installation</h2>
+<p>The DB files are in res/. Setup is the same as GFH except for a few things:</p>
+<ol>
+	<li>No board editor. You'll have to use phpMyAdmin and add them manually. This may be added in the future.</li>
+	<li>The admin userlevel doesn't actually do anything right now.</li>
+	<li>The DB password is in mysql.php. An example file is in res/.</li>
+</ol>
+<p>You can turn off various features usually by removing code and deleting files.</p>
+
+<h2><del>To Do list</del> <ins>Roadmap</ins></h2>
+<ul>
+	<li>Clean up the messagelist classes (maybe split out the tree/flat view into another 2 classes)</li>
+</ul>
+
+<h2>Dev Info</h2>
+<p>The latest version of the source is at <a href="http://specialops.ath.cx/repos/so2/">http://specialops.ath.cx/repos/so2/</a>.
+This is a Subversion repository, so just do <kbd>svn co http://specialops.ath.cx/repos/so2/trunk/</kbd> to get the latest copy.</p>
+<p>The code is formatted for tab indents, width 4. There isn't any formal line length limit.</p>
+<p>Bugs, suggestions, fan mail and death threats can be sent to <a href="irc://specialops.ath.cx/">the IRC server</a>.</p>
+
+<h2>Contributors</h2>
+<ul>
+	<li>Old GFAQs theme by <a href="http://aquatakat.com/">Aquatakat</a></li>
+	<li>Various ideas from the IRC regulars</li>
+</ul>
+
+<div id="footer">
+	<address>© 2004-2005 <a href="irc://specialops.ath.cx/">Ant P.</a></address>
+	<p>License: <a href="COPYING" rel="licence">ZLib</a>.</p>
+</div>
+</body>
+</html>
diff --git a/css/gfh2.css b/css/gfh2.css
index f10ccaa..a97bced 100644
--- a/css/gfh2.css
+++ b/css/gfh2.css
@@ -45,7 +45,7 @@ th, dt, .nl, #footer { color: #fff; background: #667; font-weight: bold }
 #footer { padding: 0; margin: 0 }
 #footer p { padding: 0.5em; margin: 0 }
 #footer fieldset { margin: 0; border: none; float: right; background: #667; -moz-border-radius: 0 0 1em 1em }
-#footer legend { display: none; background: #667 }
+#footer legend { display: none }
 #footer label, #footer label ~ button { display: block }
 #footer:target fieldset { color: #000; background: #ff0 }
 
diff --git a/lib/class.anonuser.php b/lib/class.anonuser.php
index e752574..e3a112a 100644
--- a/lib/class.anonuser.php
+++ b/lib/class.anonuser.php
@@ -8,6 +8,9 @@
  */
 class anonuser
 {
+	/**
+	 * Links displayed in div#userheader, in label => url format.
+	 */
 	public $userlinks = array(
 		'Log In' => '#footer',
 		'Register' => 'register',
@@ -81,7 +84,7 @@ class anonuser
 		global $DB;
 		
 		if ( empty($this->namecache[$id]) ) {
-			if ( $name === null ) {
+			if ( null === $name ) {
 				list($name) = $DB->query('SELECT `alias` FROM `users` WHERE `userid` = '.$id)->fetch_row();
 			}
 			
@@ -109,14 +112,20 @@ class anonuser
 	/**
 	 * Turn a Unix timestamp into a human-readable date.
 	 * Outputs UTC time in ISO-8601 format.
+	 *
+	 * @param int $timestamp Unix timestamp to display
 	 */
 	public function fdate($timestamp)
 	{
-		return ( $timestamp == 0 ? 'N/A' : gmdate('Y-m-d H:i:s', $timestamp) );
+		return ( 0 == $timestamp ? 'N/A' : gmdate('Y-m-d H:i:s', $timestamp) );
 	}
 	
 	/**
-	 * User privilege check thing - since this is an anonymous user they have none
+	 * User privilege check, replacement for userlevel system.
+	 * The one in authuser makes more use of this.
+	 *
+	 * @param string $name The thing to check for
+	 * @return bool True if they have it, false otherwise
 	 */
 	public function has_priv($name)
 	{
diff --git a/lib/class.authuser.php b/lib/class.authuser.php
index 6449af1..dac014e 100644
--- a/lib/class.authuser.php
+++ b/lib/class.authuser.php
@@ -2,7 +2,7 @@
 // $Id$
 
 /**
- * Class for the current user.
+ * Class for the current logged in user.
  */
 class authuser extends reguser
 {
@@ -19,13 +19,14 @@ class authuser extends reguser
 		
 		$this->namecache[$this->attrcache['userid']] = $this->attrcache['alias'];
 		
-		// Update user info
-		if ( strpos($this->options, 'alwaysonline') !== false || 'POST' === $_SERVER['REQUEST_METHOD'] )
+		/* Update last active info if they sent a HTTP POST or explicitly stated they want to break HTTP convention */
+		if ( strpos($this->options, 'alwaysonline') !== false || 'POST' === $_SERVER['REQUEST_METHOD'] ) {
 			$DB->query('UPDATE `users` SET
 						`useragent` = '.$DB->string(substr($_SERVER['HTTP_USER_AGENT'], 0, 130)).',
 						`last_active_date` = UNIX_TIMESTAMP(),
 						`last_ip` = INET_ATON("'.$_SERVER['REMOTE_ADDR'].'")
 						WHERE `userid` = @userid');
+		}
 		
 		$this->userlinks = array(
 			/* Username link*/
@@ -33,7 +34,7 @@ class authuser extends reguser
 				=> 'user',
 			/* Online Users link */
 			vsprintf('Online Users: %d', $DB->query('SELECT COUNT(*) AS `c` FROM `users`
-								WHERE `last_active_date` > (UNIX_TIMESTAMP() - 600)')->fetch_row() )
+								WHERE `last_active_date` > UNIX_TIMESTAMP() - 600')->fetch_row() )
 				=> 'userlist?online'
 		);
 	}
diff --git a/lib/class.reguser.php b/lib/class.reguser.php
index ba1b95a..098ef00 100644
--- a/lib/class.reguser.php
+++ b/lib/class.reguser.php
@@ -76,8 +76,10 @@ class reguser extends anonuser
 				$value = "AES_ENCRYPT('$value', `reg_ip`)";
 				break;
 			case 'points':
-				if ( 20 < $value && sqrt($value) == floor(sqrt($value)) && $DB->query('SELECT COUNT(*) AS `c` FROM `items`
-									WHERE `item` = "invite" AND `userid` = '.$this->userid)->fetch_object()->c < 5 ) {
+				if ( is_int(sqrt($value)) && sqrt($value) > $this->attrcache['invites'] &&
+						$DB->query('SELECT COUNT(*) AS `c` FROM `items`
+									WHERE `item` = "invite"
+									AND `userid` = '.$this->userid)->fetch_object()->c < 5 ) {
 					$DB->query('INSERT INTO `items` VALUES (NULL, '.$this->attrcache['userid'].', "invite", UUID())');
 					$DB->query('UPDATE `users` SET `invites` = (`invites` + 1) WHERE `userid` = '.$this->attrcache['userid']);
 				}
-- 
2.11.4.GIT