summary refs log tree commit diff stats
path: root/pages/quotes.php
diff options
context:
space:
mode:
authorStarla Insigna <starla4444@gmail.com>2011-02-20 07:30:35 -0500
committerStarla Insigna <starla4444@gmail.com>2011-02-20 07:30:35 -0500
commit87b42536198dfab02de616f9ba1e68ea307cce90 (patch)
treea595f2b988cf935a2caaa8dee51b81d5ce001a59 /pages/quotes.php
parenta4976f966f0de5abc11235e8decb760ad79ecad1 (diff)
downloadfourisland-87b42536198dfab02de616f9ba1e68ea307cce90.tar.gz
fourisland-87b42536198dfab02de616f9ba1e68ea307cce90.tar.bz2
fourisland-87b42536198dfab02de616f9ba1e68ea307cce90.zip
Disabled anonymous submission of quotes
A blog post explaining why will be posted soon.
Diffstat (limited to 'pages/quotes.php')
-rwxr-xr-xpages/quotes.php7
1 files changed, 4 insertions, 3 deletions
diff --git a/pages/quotes.php b/pages/quotes.php index f47dbd3..9524cd0 100755 --- a/pages/quotes.php +++ b/pages/quotes.php
@@ -70,14 +70,15 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
70 $template = new FITemplate('quotes/add'); 70 $template = new FITemplate('quotes/add');
71 if (isset($_GET['submit'])) 71 if (isset($_GET['submit']))
72 { 72 {
73 $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
74 if (!isLoggedIn()) 73 if (!isLoggedIn())
75 { 74 {
76 $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; 75 $template->adds_block('ERROR', array('exi'=>1));
77 } else { 76 } else {
78 $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")"; 77 $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")";
78 $insquote2 = mysql_query($insquote);
79
80 $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
79 } 81 }
80 $insquote2 = mysql_query($insquote);
81 } 82 }
82 $template->display(); 83 $template->display();
83} elseif ($_GET['act'] == 'bottom') 84} elseif ($_GET['act'] == 'bottom')