2 files changed, 8 insertions, 3 deletions

@@ -70,14 +70,15 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
         $template = new FITemplate('quotes/add');
         if (isset($_GET['submit']))
         {
-                $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
                 if (!isLoggedIn())
                 {
-                        $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
+                        $template->adds_block('ERROR', array('exi'=>1));
                 } else {
                         $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")";
+                        $insquote2 = mysql_query($insquote);
+                        
+                        $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
                 }
-                $insquote2 = mysql_query($insquote);
         }
         $template->display();
 } elseif ($_GET['act'] == 'bottom')
@@ -9,6 +9,10 @@
            Also, there is no need to press the submit button again. You're quote has already been sent.</p>
 <!--END SUBMITTED-->
 
+<!--BEGIN ERROR-->
+  <p class="light-at-night">Sorry, for the time being, because of the massive problem we are having with spam, anonymous submission of quotes is disabled. If you have an account, you can still log in and submit a quote.</p>
+<!--END ERROR-->
+
 <form action="/quotes/add.php?submit=" method="POST">
         <textarea cols="80" rows="5" name="rash_quote"></textarea><br />
         <input type="submit" value="Add Quote!" />