Revision 596
Added by thorn over 17 years ago
| submit_comment.php | ||
|---|---|---|
| 38 | 38 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
|
| 39 | 39 |
} else {
|
| 40 | 40 |
$settings = $query_settings->fetchRow(); |
| 41 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg') AND $settings['use_captcha']) { /* Make's sure GD library is installed */
|
|
| 42 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
|
|
| 41 |
$t=time(); |
|
| 42 |
if(ENABLED_ASP && ( // Advanced Spam Protection |
|
| 43 |
($_SESSION['session_started']+ASP_SESSION_MIN_AGE > $t) OR // session too young |
|
| 44 |
(!isset($_SESSION['comes_from_view'])) OR // user doesn't come from view.php |
|
| 45 |
(!isset($_SESSION['comes_from_view_time']) OR $_SESSION['comes_from_view_time'] > $t-ASP_VIEW_MIN_AGE) OR // user is too fast |
|
| 46 |
(!isset($_SESSION['submitted_when']) OR !isset($_POST['submitted_when'])) OR // faked form |
|
| 47 |
($_SESSION['submitted_when'] != $_POST['submitted_when']) OR // faked form |
|
| 48 |
($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE) OR // user too fast |
|
| 49 |
($_SESSION['submitted_when'] < $t-43200) OR // form older than 12h |
|
| 50 |
($_POST['email'] OR $_POST['url'] OR $_POST['homepage']) // honeypot-fields |
|
| 51 |
)) {
|
|
| 52 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
|
|
| 53 |
} |
|
| 54 |
if($settings['use_captcha']) {
|
|
| 55 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != '') {
|
|
| 43 | 56 |
// Check for a mismatch |
| 44 | 57 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
| 45 | 58 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 46 | 59 |
$_SESSION['comment_title'] = $_POST['title']; |
| 47 | 60 |
$_SESSION['comment_body'] = $_POST['comment']; |
| 48 |
exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
|
|
| 61 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
|
| 49 | 62 |
} |
| 50 | 63 |
} else {
|
| 51 | 64 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 52 | 65 |
$_SESSION['comment_title'] = $_POST['title']; |
| 53 | 66 |
$_SESSION['comment_body'] = $_POST['comment']; |
| 54 |
exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));
|
|
| 67 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
|
| 55 | 68 |
} |
| 56 | 69 |
} |
| 57 | 70 |
} |
| 58 | 71 |
if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
|
| 59 |
|
|
| 72 |
if(ENABLED_ASP) {
|
|
| 73 |
unset($_SESSION['comes_from_view']); |
|
| 74 |
unset($_SESSION['comes_from_view_time']); |
|
| 75 |
unset($_SESSION['submitted_when']); |
|
| 76 |
} |
|
| 77 |
|
|
| 60 | 78 |
// Insert the comment into db |
| 61 | 79 |
$page_id = $_GET['page_id']; |
| 62 | 80 |
$section_id = $_GET['section_id']; |
| ... | ... | |
| 75 | 93 |
$page = $query_page->fetchRow(); |
| 76 | 94 |
header('Location: '.$wb->page_link($page['link']).'?id='.$post_id);
|
| 77 | 95 |
} else {
|
| 78 |
header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']);
|
|
| 96 |
header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}");
|
|
| 79 | 97 |
} |
| 80 | 98 |
|
| 81 | 99 |
?> |
Also available in: Unified diff
added new CAPTCHA and ASP (Advanced Spam Protection)