Project

General

Profile

« Previous | Next » 

Revision 299

Added by stefan over 18 years ago

John: /modules/news/submit_comment.php
  • ticket 124 - line 35, added captcha settings check
  • ticket 107 - line 72, changed captcha.php call to include timestamp

View differences:

submit_comment.php
33 33 
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['comment']) AND $_POST['comment'] != '') {
34 34
35 35 
	// Check captcha
36 
	if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */
37 
		if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
38 
			// Check for a mismatch
39 
			if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
36 
	$query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".SECTION_ID."'");
37 
	if($query_settings->numRows() == 0) {
38 
		exit(header('Location: '.WB_URL.'/pages/'));
39 
	} else {
40 
		$settings = $query_settings->fetchRow();
41 
		if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg') AND $settings['use_captcha']) { /* Make's sure GD library is installed */
42 
			if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
43 
				// Check for a mismatch
44 
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
45 
					$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
46 
					$_SESSION['comment_title'] = $_POST['title'];
47 
					$_SESSION['comment_body'] = $_POST['comment'];
48 
					exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
49 
				}
50 
			} else {
40 51 
				$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
41 52 
				$_SESSION['comment_title'] = $_POST['title'];
42 53 
				$_SESSION['comment_body'] = $_POST['comment'];
43 54 
				exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
44 55 
			}
45 
		} else {
46 
			$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
47 
			$_SESSION['comment_title'] = $_POST['title'];
48 
			$_SESSION['comment_body'] = $_POST['comment'];
49 
			exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
50 56 
		}
51 57 
	}
52 58 
	if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }

Also available in: Unified diff