Revision 596
Added by thorn almost 17 years ago
submit_comment.php | ||
---|---|---|
38 | 38 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY."")); |
39 | 39 |
} else { |
40 | 40 |
$settings = $query_settings->fetchRow(); |
41 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg') AND $settings['use_captcha']) { /* Make's sure GD library is installed */ |
|
42 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){ |
|
41 |
$t=time(); |
|
42 |
if(ENABLED_ASP && ( // Advanced Spam Protection |
|
43 |
($_SESSION['session_started']+ASP_SESSION_MIN_AGE > $t) OR // session too young |
|
44 |
(!isset($_SESSION['comes_from_view'])) OR // user doesn't come from view.php |
|
45 |
(!isset($_SESSION['comes_from_view_time']) OR $_SESSION['comes_from_view_time'] > $t-ASP_VIEW_MIN_AGE) OR // user is too fast |
|
46 |
(!isset($_SESSION['submitted_when']) OR !isset($_POST['submitted_when'])) OR // faked form |
|
47 |
($_SESSION['submitted_when'] != $_POST['submitted_when']) OR // faked form |
|
48 |
($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE) OR // user too fast |
|
49 |
($_SESSION['submitted_when'] < $t-43200) OR // form older than 12h |
|
50 |
($_POST['email'] OR $_POST['url'] OR $_POST['homepage']) // honeypot-fields |
|
51 |
)) { |
|
52 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY."")); |
|
53 |
} |
|
54 |
if($settings['use_captcha']) { |
|
55 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != '') { |
|
43 | 56 |
// Check for a mismatch |
44 | 57 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) { |
45 | 58 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
46 | 59 |
$_SESSION['comment_title'] = $_POST['title']; |
47 | 60 |
$_SESSION['comment_body'] = $_POST['comment']; |
48 |
exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
|
|
61 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
|
49 | 62 |
} |
50 | 63 |
} else { |
51 | 64 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
52 | 65 |
$_SESSION['comment_title'] = $_POST['title']; |
53 | 66 |
$_SESSION['comment_body'] = $_POST['comment']; |
54 |
exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
|
|
67 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
|
55 | 68 |
} |
56 | 69 |
} |
57 | 70 |
} |
58 | 71 |
if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); } |
59 |
|
|
72 |
if(ENABLED_ASP) { |
|
73 |
unset($_SESSION['comes_from_view']); |
|
74 |
unset($_SESSION['comes_from_view_time']); |
|
75 |
unset($_SESSION['submitted_when']); |
|
76 |
} |
|
77 |
|
|
60 | 78 |
// Insert the comment into db |
61 | 79 |
$page_id = $_GET['page_id']; |
62 | 80 |
$section_id = $_GET['section_id']; |
... | ... | |
75 | 93 |
$page = $query_page->fetchRow(); |
76 | 94 |
header('Location: '.$wb->page_link($page['link']).'?id='.$post_id); |
77 | 95 |
} else { |
78 |
header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']);
|
|
96 |
header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}");
|
|
79 | 97 |
} |
80 | 98 |
|
81 | 99 |
?> |
Also available in: Unified diff
added new CAPTCHA and ASP (Advanced Spam Protection)