Project

General

Profile

« Previous | Next » 

Revision 596

Added by thorn almost 17 years ago

added new CAPTCHA and ASP (Advanced Spam Protection)

View differences:

submit_comment.php
38 38
		exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
39 39
	} else {
40 40
		$settings = $query_settings->fetchRow();
41
		if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg') AND $settings['use_captcha']) { /* Make's sure GD library is installed */
42
			if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
41
		$t=time();
42
		if(ENABLED_ASP && ( // Advanced Spam Protection
43
			($_SESSION['session_started']+ASP_SESSION_MIN_AGE > $t) OR // session too young
44
			(!isset($_SESSION['comes_from_view'])) OR // user doesn't come from view.php
45
			(!isset($_SESSION['comes_from_view_time']) OR $_SESSION['comes_from_view_time'] > $t-ASP_VIEW_MIN_AGE) OR // user is too fast
46
			(!isset($_SESSION['submitted_when']) OR !isset($_POST['submitted_when'])) OR // faked form
47
			($_SESSION['submitted_when'] != $_POST['submitted_when']) OR // faked form
48
			($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE) OR // user too fast
49
			($_SESSION['submitted_when'] < $t-43200) OR // form older than 12h
50
			($_POST['email'] OR $_POST['url'] OR $_POST['homepage']) // honeypot-fields
51
		)) {
52
			exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
53
		}
54
		if($settings['use_captcha']) {
55
			if(isset($_POST['captcha']) AND $_POST['captcha'] != '') {
43 56
				// Check for a mismatch
44 57
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
45 58
					$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
46 59
					$_SESSION['comment_title'] = $_POST['title'];
47 60
					$_SESSION['comment_body'] = $_POST['comment'];
48
					exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
61
					exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
49 62
				}
50 63
			} else {
51 64
				$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
52 65
				$_SESSION['comment_title'] = $_POST['title'];
53 66
				$_SESSION['comment_body'] = $_POST['comment'];
54
				exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
67
				exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
55 68
			}
56 69
		}
57 70
	}
58 71
	if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
59
	
72
	if(ENABLED_ASP) {
73
		unset($_SESSION['comes_from_view']);
74
		unset($_SESSION['comes_from_view_time']);
75
		unset($_SESSION['submitted_when']);
76
	}
77

  
60 78
	// Insert the comment into db
61 79
	$page_id = $_GET['page_id'];
62 80
	$section_id = $_GET['section_id'];
......
75 93
	$page = $query_page->fetchRow();
76 94
	header('Location: '.$wb->page_link($page['link']).'?id='.$post_id);
77 95
} else {
78
	header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']);
96
	header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}");
79 97
}
80 98

  
81 99
?>

Also available in: Unified diff