Project

General

Profile

« Previous | Next » 

Revision 649

Added by thorn almost 17 years ago

Improved ASP in news-module.

View differences:

submit_comment.php
30 30 
$wb = new wb;
31 31 

  		




  32
  32
  
    
// Check if we should show the form or add a comment


  		




  33
  
  
    
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['c0mment']) AND $_POST['c0mment'] != '') {


  		




  
  33
  
    
if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id'])


  		




  
  34
  
    
	AND ( ENABLED_ASP AND isset($_POST['c0mment_'.date('W')]) AND $_POST['c0mment_'.date('W')] != '')


  		




  
  35
  
    
	OR  (!ENABLED_ASP AND isset($_POST['comment']) AND $_POST['comment'] != '')


  		




  
  36
  
    
) {


  		




  34
  37
  
    
	


  		




  
  38
  
    
	if(ENABLED_ASP)


  		




  
  39
  
    
		$comment = $_POST['c0mment_'.date('W')];


  		




  
  40
  
    
	else


  		




  
  41
  
    
		$comment = $_POST['comment'];


  		




  
  42
  
    
	


  		




  35
  43
  
    
	// Check captcha


  		




  36
  44
  
    
	$query_settings = $database->query("SELECT use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".$_GET['section_id']."'");


  		




  37
  45
  
    
	if($query_settings->numRows() == 0) { 


  		




  ......




  60
  68
  
    
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {


  		




  61
  69
  
    
					$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];


  		




  62
  70
  
    
					$_SESSION['comment_title'] = $_POST['title'];


  		




  63
  
  
    
					$_SESSION['comment_body'] = $_POST['c0mment'];


  		




  
  71
  
    
					$_SESSION['comment_body'] = $comment;


  		




  64
  72
  
    
					exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));


  		




  65
  73
  
    
				}


  		




  66
  74
  
    
			} else {


  		




  67
  75
  
    
				$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];


  		




  68
  76
  
    
				$_SESSION['comment_title'] = $_POST['title'];


  		




  69
  
  
    
				$_SESSION['comment_body'] = $_POST['c0mment'];


  		




  
  77
  
    
				$_SESSION['comment_body'] = $comment;


  		




  70
  78
  
    
				exit(header('Location: '.WB_URL."/modules/news/comment.php?id={$_GET['post_id']}&sid={$_GET['section_id']}"));


  		




  71
  79
  
    
			}


  		




  72
  80
  
    
		}


  		




  ......




  83
  91
  
    
	$section_id = $_GET['section_id'];


  		




  84
  92
  
    
	$post_id = $_GET['post_id'];


  		




  85
  93
  
    
	$title = $wb->add_slashes(strip_tags($_POST['title']));


  		




  86
  
  
    
	$comment = $wb->add_slashes(strip_tags($_POST['c0mment']));


  		




  
  94
  
    
	$comment = $wb->add_slashes(strip_tags($comment));


  		




  87
  95
  
    
	$commented_when = mktime();


  		




  88
  96
  
    
	if($wb->is_authenticated() == true) {


  		




  89
  97
  
    
		$commented_by = $wb->get_user_id();


  		












Also available in:  Unified diff