| 1 | <?php
 | 
  
    | 2 | /**
 | 
  
    | 3 |  *
 | 
  
    | 4 |  * @category        modules
 | 
  
    | 5 |  * @package         news
 | 
  
    | 6 |  * @author          WebsiteBaker Project
 | 
  
    | 7 |  * @copyright       2004-2009, Ryan Djurovich
 | 
  
    | 8 |  * @copyright       2009-2010, Website Baker Org. e.V.
 | 
  
    | 9 |  * @link			http://www.websitebaker2.org/
 | 
  
    | 10 |  * @license         http://www.gnu.org/licenses/gpl.html
 | 
  
    | 11 |  * @platform        WebsiteBaker 2.8.x
 | 
  
    | 12 |  * @requirements    PHP 4.3.4 and higher
 | 
  
    | 13 |  * @version         $Id: submit_comment.php 1289 2010-02-10 15:13:21Z kweitzel $
 | 
  
    | 14 |  * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/trunk/wb/modules/news/submit_comment.php $
 | 
  
    | 15 |  * @lastmodified    $Date: 2010-02-10 16:13:21 +0100 (Wed, 10 Feb 2010) $
 | 
  
    | 16 |  *
 | 
  
    | 17 |  */
 | 
  
    | 18 | 
 | 
  
    | 19 | // Include config file
 | 
  
    | 20 | require('../../config.php');
 | 
  
    | 21 | 
 | 
  
    | 22 | /*overwrite php.ini on Apache servers for valid SESSION ID Separator
 | 
  
    | 23 | if(function_exists('ini_set')) {
 | 
  
    | 24 | 	ini_set('arg_separator.output', '&');
 | 
  
    | 25 | }
 | 
  
    | 26 | */
 | 
  
    | 27 | require_once(WB_PATH.'/framework/class.wb.php');
 | 
  
    | 28 | $wb = new wb;
 | 
  
    | 29 |          /*  */
 | 
  
    | 30 | 
 | 
  
    | 31 | // Check if we should show the form or add a comment
 | 
  
    | 32 | if(isset($_GET['page_id']) AND is_numeric($_GET['page_id'])
 | 
  
    | 33 |     AND isset($_GET['section_id']) AND is_numeric($_GET['section_id'])
 | 
  
    | 34 |         AND isset($_GET['post_id']) AND is_numeric($_GET['post_id'])
 | 
  
    | 35 |             AND ( ( ENABLED_ASP AND isset($_POST['comment_'.date('W')]) AND $_POST['comment_'.date('W')] != '')
 | 
  
    | 36 |             OR ( !ENABLED_ASP AND isset($_POST['comment']) AND $_POST['comment'] != '' ) ) )
 | 
  
    | 37 | {
 | 
  
    | 38 | 
 | 
  
    | 39 | 	if(ENABLED_ASP){
 | 
  
    | 40 |         $comment = $_POST['comment_'.date('W')];
 | 
  
    | 41 | 	}
 | 
  
    | 42 | 	else
 | 
  
    | 43 |     {
 | 
  
    | 44 |         $comment = $_POST['comment'];
 | 
  
    | 45 | 	}
 | 
  
    | 46 | 
 | 
  
    | 47 | 	$comment = $wb->add_slashes(strip_tags($comment));
 | 
  
    | 48 | 	$title = $wb->add_slashes(strip_tags($_POST['title']));
 | 
  
    | 49 | 	$page_id = $_GET['page_id'];
 | 
  
    | 50 | 	$section_id = $_GET['section_id'];
 | 
  
    | 51 | 	$post_id = $_GET['post_id'];
 | 
  
    | 52 | 
 | 
  
    | 53 | 	// Check captcha
 | 
  
    | 54 | 	$query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");
 | 
  
    | 55 | 	if( !$query_settings->numRows())
 | 
  
    | 56 |     {
 | 
  
    | 57 | 		header("Location: ".WB_URL.PAGES_DIRECTORY."");
 | 
  
    | 58 | 	    exit( 0 );
 | 
  
    | 59 | 	}
 | 
  
    | 60 |     else
 | 
  
    | 61 |     {
 | 
  
    | 62 | 		$settings = $query_settings->fetchRow();
 | 
  
    | 63 | 		$t=time();
 | 
  
    | 64 | 
 | 
  
    | 65 |         // Advanced Spam Protection
 | 
  
    | 66 | 	    if(ENABLED_ASP AND ( ($_SESSION['session_started']+ASP_SESSION_MIN_AGE > $t)  // session too young
 | 
  
    | 67 |             OR (!isset($_SESSION['comes_from_view']))// user doesn't come from view.php
 | 
  
    | 68 |             OR (!isset($_SESSION['comes_from_view_time']) OR $_SESSION['comes_from_view_time'] > $t-ASP_VIEW_MIN_AGE) // user is too fast
 | 
  
    | 69 |             OR (!isset($_SESSION['submitted_when']) OR !isset($_POST['submitted_when'])) // faked form
 | 
  
    | 70 |             OR ($_SESSION['submitted_when'] != $_POST['submitted_when']) // faked form
 | 
  
    | 71 |             OR ($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE && !isset($_SESSION['captcha_retry_news'])) // user too fast
 | 
  
    | 72 |             OR ($_SESSION['submitted_when'] < $t-43200) // form older than 12h
 | 
  
    | 73 |             OR ($_POST['email'] OR $_POST['url'] OR $_POST['homepage'] OR $_POST['comment']) /* honeypot-fields */ ) )
 | 
  
    | 74 |         {
 | 
  
    | 75 |             header("Location: ".WB_URL.PAGES_DIRECTORY."");
 | 
  
    | 76 | 	        exit( 0 );
 | 
  
    | 77 | 		}
 | 
  
    | 78 | 
 | 
  
    | 79 | 		if(ENABLED_ASP)
 | 
  
    | 80 |         {
 | 
  
    | 81 | 			if(isset($_SESSION['captcha_retry_news']))
 | 
  
    | 82 |             {
 | 
  
    | 83 |               unset($_SESSION['captcha_retry_news']);
 | 
  
    | 84 |             }
 | 
  
    | 85 | 		}
 | 
  
    | 86 | 
 | 
  
    | 87 | 		if($settings['use_captcha'])
 | 
  
    | 88 |         {
 | 
  
    | 89 | 			if(isset($_POST['captcha']) AND $_POST['captcha'] != '')
 | 
  
    | 90 |             {
 | 
  
    | 91 | 				// Check for a mismatch
 | 
  
    | 92 | 				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha'])
 | 
  
    | 93 |                 {
 | 
  
    | 94 | 					$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
 | 
  
    | 95 | 					$_SESSION['comment_title'] = $title;
 | 
  
    | 96 | 					$_SESSION['comment_body'] = $comment;
 | 
  
    | 97 | 					header("Location: ".WB_URL."/modules/news/comment.php?post_id=".$post_id."§ion_id=".$section_id."" );
 | 
  
    | 98 | 	                exit( 0 );
 | 
  
    | 99 | 				}
 | 
  
    | 100 | 			}
 | 
  
    | 101 |             else
 | 
  
    | 102 |             {
 | 
  
    | 103 | 				$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
 | 
  
    | 104 | 				$_SESSION['comment_title'] = $title;
 | 
  
    | 105 | 				$_SESSION['comment_body'] = $comment;
 | 
  
    | 106 | 				header("Location: ".WB_URL."/modules/news/comment.php?post_id=".$post_id."§ion_id=".$section_id."" );
 | 
  
    | 107 | 	            exit( 0 );
 | 
  
    | 108 | 			}
 | 
  
    | 109 | 		}
 | 
  
    | 110 | 	}
 | 
  
    | 111 | 
 | 
  
    | 112 | 	if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
 | 
  
    | 113 | 
 | 
  
    | 114 | 	if(ENABLED_ASP)
 | 
  
    | 115 |     {
 | 
  
    | 116 | 		unset($_SESSION['comes_from_view']);
 | 
  
    | 117 | 		unset($_SESSION['comes_from_view_time']);
 | 
  
    | 118 | 		unset($_SESSION['submitted_when']);
 | 
  
    | 119 | 	}
 | 
  
    | 120 | 
 | 
  
    | 121 | 	// Insert the comment into db
 | 
  
    | 122 | 	$commented_when = time();
 | 
  
    | 123 | 	if($wb->is_authenticated() == true)
 | 
  
    | 124 |     {
 | 
  
    | 125 | 		$commented_by = $wb->get_user_id();
 | 
  
    | 126 | 	}
 | 
  
    | 127 |     else
 | 
  
    | 128 |     {
 | 
  
    | 129 | 		$commented_by = '';
 | 
  
    | 130 | 	}
 | 
  
    | 131 | 
 | 
  
    | 132 | 	$query = $database->query("INSERT INTO ".TABLE_PREFIX."mod_news_comments (section_id,page_id,post_id,title,comment,commented_when,commented_by) VALUES ('$section_id','$page_id','$post_id','$title','$comment','$commented_when','$commented_by')");
 | 
  
    | 133 | 	// Get page link
 | 
  
    | 134 | 	$query_page = $database->query("SELECT link FROM ".TABLE_PREFIX."mod_news_posts WHERE post_id = '$post_id'");
 | 
  
    | 135 | 	$page = $query_page->fetchRow();
 | 
  
    | 136 | 	header('Location: '.$wb->page_link($page['link']).'?post_id='.$post_id.'' );
 | 
  
    | 137 | 	exit( 0 );
 | 
  
    | 138 | }
 | 
  
    | 139 | else
 | 
  
    | 140 | {
 | 
  
    | 141 | 	if( isset($_GET['post_id']) AND is_numeric($_GET['post_id'])
 | 
  
    | 142 |         AND isset($_GET['section_id']) AND is_numeric($_GET['section_id']) )
 | 
  
    | 143 |     {
 | 
  
    | 144 |  		header("Location: ".WB_URL."/modules/news/comment.php?post_id=".($_GET['post_id'])."§ion_id=".($_GET['section_id'])."" ) ;
 | 
  
    | 145 | 	    exit( 0 );
 | 
  
    | 146 |     }
 | 
  
    | 147 | 	else
 | 
  
    | 148 |     {
 | 
  
    | 149 | 		header("Location: ".WB_URL.PAGES_DIRECTORY."");
 | 
  
    | 150 | 	    exit( 0 );
 | 
  
    | 151 |     }
 | 
  
    | 152 | }
 | 
  
    | 153 | 
 | 
  
    | 154 | ?>
 |