Revision 605
Added by thorn over 17 years ago
| submit_comment.php | ||
|---|---|---|
| 30 | 30 |
$wb = new wb; |
| 31 | 31 |
|
| 32 | 32 |
// Check if we should show the form or add a comment |
| 33 |
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['comment']) AND $_POST['comment'] != '') {
|
|
| 33 |
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['c0mment']) AND $_POST['c0mment'] != '') {
|
|
| 34 | 34 |
|
| 35 | 35 |
// Check captcha |
| 36 | 36 |
$query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".$_GET['section_id']."'");
|
| ... | ... | |
| 45 | 45 |
(!isset($_SESSION['comes_from_view_time']) OR $_SESSION['comes_from_view_time'] > $t-ASP_VIEW_MIN_AGE) OR // user is too fast |
| 46 | 46 |
(!isset($_SESSION['submitted_when']) OR !isset($_POST['submitted_when'])) OR // faked form |
| 47 | 47 |
($_SESSION['submitted_when'] != $_POST['submitted_when']) OR // faked form |
| 48 |
($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE) OR // user too fast |
|
| 48 |
($_SESSION['submitted_when'] > $t-ASP_INPUT_MIN_AGE && !isset($_SESSION['captcha_retry_news'])) OR // user too fast
|
|
| 49 | 49 |
($_SESSION['submitted_when'] < $t-43200) OR // form older than 12h |
| 50 |
($_POST['email'] OR $_POST['url'] OR $_POST['homepage']) // honeypot-fields |
|
| 50 |
($_POST['email'] OR $_POST['url'] OR $_POST['homepage'] OR $_POST['comment']) // honeypot-fields
|
|
| 51 | 51 |
)) {
|
| 52 | 52 |
exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
|
| 53 | 53 |
} |
| ... | ... | |
| 57 | 57 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
| 58 | 58 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 59 | 59 |
$_SESSION['comment_title'] = $_POST['title']; |
| 60 |
$_SESSION['comment_body'] = $_POST['comment'];
|
|
| 60 |
$_SESSION['comment_body'] = $_POST['c0mment'];
|
|
| 61 | 61 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
| 62 | 62 |
} |
| 63 | 63 |
} else {
|
| 64 | 64 |
$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA']; |
| 65 | 65 |
$_SESSION['comment_title'] = $_POST['title']; |
| 66 |
$_SESSION['comment_body'] = $_POST['comment'];
|
|
| 66 |
$_SESSION['comment_body'] = $_POST['c0mment'];
|
|
| 67 | 67 |
exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));
|
| 68 | 68 |
} |
| 69 | 69 |
} |
| ... | ... | |
| 80 | 80 |
$section_id = $_GET['section_id']; |
| 81 | 81 |
$post_id = $_GET['post_id']; |
| 82 | 82 |
$title = $wb->add_slashes(strip_tags($_POST['title'])); |
| 83 |
$comment = $wb->add_slashes(strip_tags($_POST['comment']));
|
|
| 83 |
$comment = $wb->add_slashes(strip_tags($_POST['c0mment']));
|
|
| 84 | 84 |
$commented_when = mktime(); |
| 85 | 85 |
if($wb->is_authenticated() == true) {
|
| 86 | 86 |
$commented_by = $wb->get_user_id(); |
Also available in: Unified diff
fixed some issues with CAPTCHA and ASP: Adjusted baseline of '*' in supplyed fonts to meet baseline of numbers. Added counter to ttf_image generation-loop. Removed now unneeded GD-lib checks. Improved ASP in news-module.