Revision 299
Added by stefan almost 19 years ago
John: /modules/news/submit_comment.php
- ticket 124 - line 35, added captcha settings check
- ticket 107 - line 72, changed captcha.php call to include timestamp
| submit_comment.php | ||
|---|---|---|
| 33 | 33 |
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['comment']) AND $_POST['comment'] != '') {
|
| 34 | 34 |
|
| 35 | 35 |
// Check captcha |
| 36 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */
|
|
| 37 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
|
|
| 38 |
// Check for a mismatch |
|
| 39 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
|
| 36 |
$query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".SECTION_ID."'");
|
|
| 37 |
if($query_settings->numRows() == 0) {
|
|
| 38 |
exit(header('Location: '.WB_URL.'/pages/'));
|
|
| 39 |
} else {
|
|
| 40 |
$settings = $query_settings->fetchRow(); |
|
| 41 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg') AND $settings['use_captcha']) { /* Make's sure GD library is installed */
|
|
| 42 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
|
|
| 43 |
// Check for a mismatch |
|
| 44 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
|
| 45 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
|
| 46 |
$_SESSION['comment_title'] = $_POST['title']; |
|
| 47 |
$_SESSION['comment_body'] = $_POST['comment']; |
|
| 48 |
exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
|
|
| 49 |
} |
|
| 50 |
} else {
|
|
| 40 | 51 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 41 | 52 |
$_SESSION['comment_title'] = $_POST['title']; |
| 42 | 53 |
$_SESSION['comment_body'] = $_POST['comment']; |
| 43 | 54 |
exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
|
| 44 | 55 |
} |
| 45 |
} else {
|
|
| 46 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
|
| 47 |
$_SESSION['comment_title'] = $_POST['title']; |
|
| 48 |
$_SESSION['comment_body'] = $_POST['comment']; |
|
| 49 |
exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
|
|
| 50 | 56 |
} |
| 51 | 57 |
} |
| 52 | 58 |
if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
|
Also available in: Unified diff