Revision 596
Added by thorn almost 17 years ago
| view.php | ||
|---|---|---|
| 39 | 39 |
echo "\n</style>\n"; |
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 |
require_once(WB_PATH.'/include/captcha/captcha.php'); |
|
| 43 |
require_once(WB_PATH.'/include/captcha/asp.php'); |
|
| 44 |
|
|
| 42 | 45 |
// Function for generating an optionsfor a select field |
| 43 | 46 |
if (!function_exists('make_option')) {
|
| 44 | 47 |
function make_option(&$n) {
|
| ... | ... | |
| 119 | 122 |
// Print header |
| 120 | 123 |
echo $header; |
| 121 | 124 |
|
| 125 |
if(ENABLED_ASP) { // first add some honeypot-fields
|
|
| 126 |
?> |
|
| 127 |
<input type="hidden" name="submitted_when" value="<?php $t=time(); echo $t; $_SESSION['submitted_when']=$t; ?>" /> |
|
| 128 |
<p class="nixhier"> |
|
| 129 |
email address: |
|
| 130 |
<label for="email">Your e-mail address is not relevant Leave this field blank:</label> |
|
| 131 |
<input id="email" name="email" size="56" value="" /><br /> |
|
| 132 |
Homepage: |
|
| 133 |
<label for="homepage">Do not enter a homepage-url www.whatever.com here:</label> |
|
| 134 |
<input id="homepage" name="homepage" size="55" value="" /><br /> |
|
| 135 |
URL: |
|
| 136 |
<label for="url">Don't write anything in this field:</label> |
|
| 137 |
<input id="url" name="url" size="61" value="" /><br /> |
|
| 138 |
Comment: |
|
| 139 |
<label for="comment">Enter not your comment here:</label> |
|
| 140 |
<textarea name="comment" cols="50" rows="10"></textarea><br /> |
|
| 141 |
</p> |
|
| 142 |
<?php } |
|
| 143 |
|
|
| 122 | 144 |
// Get list of fields |
| 123 | 145 |
$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
|
| 124 | 146 |
if($query_fields->numRows() > 0) {
|
| ... | ... | |
| 179 | 201 |
} |
| 180 | 202 |
|
| 181 | 203 |
// Captcha |
| 182 |
if($use_captcha) {
|
|
| 183 |
$_SESSION['captcha'] = ''; |
|
| 184 |
for($i = 0; $i < 5; $i++) {
|
|
| 185 |
$_SESSION['captcha'] .= rand(0,9); |
|
| 186 |
} |
|
| 187 |
?><tr><td class="field_title"><?php echo $TEXT['VERIFICATION']; ?>:</td><td> |
|
| 188 |
<table cellpadding="2" cellspacing="0" border="0"> |
|
| 189 |
<tr><td><img src="<?php echo WB_URL; ?>/include/captcha.php?t=<?php echo time(); ?>" alt="Captcha" /></td> |
|
| 190 |
<td><input type="text" name="captcha" maxlength="5" /></td> |
|
| 191 |
</tr></table> |
|
| 192 |
</td></tr> |
|
| 204 |
if($use_captcha) { ?>
|
|
| 205 |
<tr> |
|
| 206 |
<td class="field_title"><?php echo $TEXT['VERIFICATION']; ?>:</td> |
|
| 207 |
<td><?php call_captcha(); ?></td> |
|
| 208 |
</tr> |
|
| 193 | 209 |
<?php |
| 194 | 210 |
} |
| 195 | 211 |
echo ' |
| ... | ... | |
| 292 | 308 |
// Set new submission ID in session |
| 293 | 309 |
$_SESSION['form_submission_id'] = new_submission_id(); |
| 294 | 310 |
|
| 311 |
if(ENABLED_ASP && ( // form faked? Check the honeypot-fields. |
|
| 312 |
(!isset($_POST['submitted_when']) OR !isset($_SESSION['submitted_when'])) OR |
|
| 313 |
($_POST['submitted_when'] != $_SESSION['submitted_when']) OR |
|
| 314 |
(!isset($_POST['email']) OR $_POST['email']) OR |
|
| 315 |
(!isset($_POST['homepage']) OR $_POST['homepage']) OR |
|
| 316 |
(!isset($_POST['comment']) OR $_POST['comment']) OR |
|
| 317 |
(!isset($_POST['url']) OR $_POST['url']) |
|
| 318 |
)) {
|
|
| 319 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
|
|
| 320 |
} |
|
| 321 |
|
|
| 295 | 322 |
// Submit form data |
| 296 | 323 |
// First start message settings |
| 297 | 324 |
$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| ... | ... | |
| 354 | 381 |
} |
| 355 | 382 |
|
| 356 | 383 |
// Captcha |
| 357 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */
|
|
| 358 |
if($use_captcha) {
|
|
| 359 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
|
|
| 360 |
// Check for a mismatch |
|
| 361 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
|
| 362 |
$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
|
| 363 |
} |
|
| 364 |
} else {
|
|
| 384 |
if($use_captcha) {
|
|
| 385 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
|
|
| 386 |
// Check for a mismatch |
|
| 387 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
|
| 365 | 388 |
$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 366 | 389 |
} |
| 390 |
} else {
|
|
| 391 |
$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
|
| 367 | 392 |
} |
| 368 | 393 |
} |
| 369 | 394 |
if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
|
| ... | ... | |
| 431 | 456 |
} |
| 432 | 457 |
|
| 433 | 458 |
// Write submission to database |
| 434 |
if(isset($admin) AND $admin->get_user_id() > 0) {
|
|
| 435 |
$admin->get_user_id(); |
|
| 459 |
if(isset($admin) AND $admin->is_authenticated() AND $admin->get_user_id() > 0) {
|
|
| 460 |
$submitted_by = $admin->get_user_id();
|
|
| 436 | 461 |
} else {
|
| 437 | 462 |
$submitted_by = 0; |
| 438 | 463 |
} |
Also available in: Unified diff
added new CAPTCHA and ASP (Advanced Spam Protection)