Changeset 1184 in ExiteCMS

Timestamp:

12/31/07 13:01:02 (4 years ago)

Author:

hverton

Message:

Added a captcha validation check to comment posts of guests

Location:

trunk

Files:

• administration/tools/language_pack_English.php (modified) (2 diffs)
• files/locales/en.main.global.php (modified) (1 diff)
• includes/comments_include.php (modified) (4 diffs)
• includes/templates/include.comments.tpl (modified) (3 diffs)

trunk/administration/tools/language_pack_English.php

@@ -2315 +2315 @@
     $localestrings['c101'] = "No Comments have been Posted.";
     $localestrings['c102'] = "Post Comment";
-    $localestrings['c103'] = "Name:";
+    $localestrings['c103'] = "Your Name:";
     $localestrings['c104'] = "Message:";
     $localestrings['c105'] = "Please Login to Post a Comment.";
@@ -2321 +2321 @@
     $localestrings['c107'] = " Disable smileys in this comment";
     $localestrings['c108'] = "Toggle smileys";
+    $localestrings['c110'] = "Incorrect Validation Code";
+    $localestrings['c111'] = "The validation code below must be entered, it expires 15 minutes after page generation.";
+    $localestrings['c112'] = "Validation Code:";
+    $localestrings['c113'] = "Enter Validation Code:";
     load_localestrings($localestrings, LP_LOCALE, "main.comments", $step);
 

trunk/files/locales/en.main.global.php

@@ -3 +3 @@
 // locale       : English
 // locale name  : main.global
-// generated on : Tue Dec 25 2007, 15:30:41 CET
+// generated on : Mon Dec 31 2007, 12:03:00 CET
 // translators  : ExiteCMS team,WanWizard
 // ----------------------------------------------------------

trunk/includes/comments_include.php

@@ -25 +25 @@
 
     $variables = array();
-    
+
     if ((iMEMBER || $settings['guestposts'] == "1") && isset($_POST['post_comment'])) {
+
+        $result = dbquery("DELETE FROM ".$db_prefix."captcha WHERE captcha_datestamp<'".(time()-900)."'");
+
         $flood = false;
         if (dbrows(dbquery("SELECT $ccol FROM ".$db_prefix."$cdb WHERE $ccol='$comment_id'"))==0) {
@@ -38 +41 @@
             if (isNum($comment_name)) $comment_name="";
         }
+        
+        // captcha check for guest posts
+        $cic = (iGUEST && !check_captcha($_POST['captcha_encode'], $_POST['captcha_code'])) ? "&cic=1" : "";
+
         $comment_message = trim(stripinput(censorwords($_POST['comment_message'])));
         $comment_smileys = isset($_POST['disable_smileys']) ? "0" : "1";
-        if ($comment_name != "" && $comment_message != "") {
+        if ($comment_name != "" && $comment_message != "" && $cic == "") {
             $result = dbquery("SELECT MAX(comment_datestamp) AS last_comment FROM ".$db_prefix."comments WHERE comment_ip='".USER_IP."'");
             if (!iSUPERADMIN || dbrows($result) > 0) {
@@ -54 +61 @@
             if (!$flood) $result = dbquery("INSERT INTO ".$db_prefix."comments (comment_item_id, comment_type, comment_name, comment_message, comment_smileys, comment_datestamp, comment_ip) VALUES ('$comment_id', '$comment_type', '$comment_name', '$comment_message', '$comment_smileys', '".time()."', '".USER_IP."')");
         }
-        redirect($clink);
+        if ($cic != "") redirect($clink.$cic);
     }
 
@@ -77 +84 @@
     $variables['comment_id'] = $comment_id;
     $variables['post_link'] = $clink;
+    $variables['cic'] = (isset($_GET['cic']) && !empty($_GET['cic'])) ? $_GET['cic'] : "";
 
     // define the body panel variables

trunk/includes/templates/include.comments.tpl

@@ -24 +24 @@
         <td class='tbl2'>
             <b>
-                {if $smarty.const.iMEMBER && $comments[item].user_name|default:false}
+                {if $smarty.const.iMEMBER && $comments[item].user_name != ""}
                     <a href='{$smarty.const.BASEDIR}profile.php?lookup={$comments[item].comment_name}'>{$comments[item].user_name}</a>
                 {else}
-                    {$comments[item].user_name}
+                    {$comments[item].comment_name}
                 {/if}
             </b>
@@ -59 +59 @@
         {if $smarty.const.iGUEST}
             <tr>
-                <td>
-                    {$locale.c103}
-                </td>
-            </tr>
-            <tr>
-                <td>
-                    <input type='text' name='comment_name' maxlength='30' class='textbox' style='width:100%;' />
+                <td colspan='2' align='center'>
+                    {$locale.c103} <input type='text' name='comment_name' maxlength='30' class='textbox' style='width:200px;' />
+                    <span style='color:#CC0000;font-weight:bold;'>*</span>
+                    <br /><br />
                 </td>
             </tr>
         {/if}
         <tr>
-            <td align='center'>
+            <td colspan='2' align='center'>
                 <textarea name='comment_message' rows='6' cols='80' class='textbox' style='width:400px'></textarea><br />
                 <input type='button' value='b' class='button' style='font-weight:bold;width:25px;' onclick="addText('comment_message', '[b]', '[/b]');" />
@@ -87 +84 @@
         </tr>
         <tr>
-            <td align='center'>
-                <input type='submit' name='toggle' value='{$locale.c108}' class='button' onclick='javascript:flipDiv("smileys");return false;' /><br /><br />
+            <td colspan=2' align='center'>
+                <input type='submit' name='toggle' value='{$locale.c108}' class='button' onclick='javascript:flipDiv("smileys");return false;' />
                 <input type='checkbox' name='disable_smileys' value='1' />{$locale.c107}<br /><br />
+            </td>
+        </tr>
+        {if $smarty.const.iGUEST}
+            {if $cic != ""}
+                <tr>
+                    <td colspan='2' align='center'>
+                        <span style='color:#CC0000;font-weight:bold;'>{$locale.c110}<br /><br /></span>
+                    </td>
+                </tr>
+            {/if}
+            <tr>
+                <td colspan='2' class='tbl2'>
+                    {$locale.c111}
+                </td>
+            </tr>
+            <tr>
+                <td align='right' width='50%' class='tbl1'>
+                    {$locale.c112}
+                </td>
+                <td align='left' width='50%' class='tbl1'>
+                    {make_captcha}
+                </td>
+            </tr>
+            <tr>
+                <td align='right' width='50%' class='tbl1'>
+                    {$locale.c113}
+                </td>
+                <td align='left' width='50%' class='tbl1'>
+                    <input type='text' name='captcha_code' class='textbox' style='vertical-align:middle;width:100px' />
+                </td>
+            </tr>
+            <tr>
+                <td colspan='2' class='tbl1'>
+                    &nbsp;
+                </td>
+            </tr>
+        {/if}
+        <tr>
+            <td colspan=2' align='center'>
                 <input type='submit' name='post_comment' value='{$locale.c102}' class='button' />
             </td>