From 87b42536198dfab02de616f9ba1e68ea307cce90 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Sun, 20 Feb 2011 07:30:35 -0500 Subject: Disabled anonymous submission of quotes A blog post explaining why will be posted soon. --- pages/quotes.php | 7 ++++--- theme/quotes/add.tpl | 4 ++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/pages/quotes.php b/pages/quotes.php index f47dbd3..9524cd0 100755 --- a/pages/quotes.php +++ b/pages/quotes.php @@ -70,14 +70,15 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id']))) $template = new FITemplate('quotes/add'); if (isset($_GET['submit'])) { - $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","
",htmlspecialchars($_POST['rash_quote'])))); if (!isLoggedIn()) { - $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; + $template->adds_block('ERROR', array('exi'=>1)); } else { $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")"; + $insquote2 = mysql_query($insquote); + + $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","
",htmlspecialchars($_POST['rash_quote'])))); } - $insquote2 = mysql_query($insquote); } $template->display(); } elseif ($_GET['act'] == 'bottom') diff --git a/theme/quotes/add.tpl b/theme/quotes/add.tpl index 6c45876..f55615d 100755 --- a/theme/quotes/add.tpl +++ b/theme/quotes/add.tpl @@ -9,6 +9,10 @@ Also, there is no need to press the submit button again. You're quote has already been sent.

+ +

Sorry, for the time being, because of the massive problem we are having with spam, anonymous submission of quotes is disabled. If you have an account, you can still log in and submit a quote.

+ +

-- cgit 1.4.1