diff options
author | Starla Insigna <starla4444@gmail.com> | 2011-02-20 07:30:35 -0500 |
---|---|---|
committer | Starla Insigna <starla4444@gmail.com> | 2011-02-20 07:30:35 -0500 |
commit | 87b42536198dfab02de616f9ba1e68ea307cce90 (patch) | |
tree | a595f2b988cf935a2caaa8dee51b81d5ce001a59 /pages/quotes.php | |
parent | a4976f966f0de5abc11235e8decb760ad79ecad1 (diff) | |
download | fourisland-87b42536198dfab02de616f9ba1e68ea307cce90.tar.gz fourisland-87b42536198dfab02de616f9ba1e68ea307cce90.tar.bz2 fourisland-87b42536198dfab02de616f9ba1e68ea307cce90.zip |
Disabled anonymous submission of quotes
A blog post explaining why will be posted soon.
Diffstat (limited to 'pages/quotes.php')
-rwxr-xr-x | pages/quotes.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/pages/quotes.php b/pages/quotes.php index f47dbd3..9524cd0 100755 --- a/pages/quotes.php +++ b/pages/quotes.php | |||
@@ -70,14 +70,15 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id']))) | |||
70 | $template = new FITemplate('quotes/add'); | 70 | $template = new FITemplate('quotes/add'); |
71 | if (isset($_GET['submit'])) | 71 | if (isset($_GET['submit'])) |
72 | { | 72 | { |
73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote'])))); | ||
74 | if (!isLoggedIn()) | 73 | if (!isLoggedIn()) |
75 | { | 74 | { |
76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; | 75 | $template->adds_block('ERROR', array('exi'=>1)); |
77 | } else { | 76 | } else { |
78 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")"; | 77 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")"; |
78 | $insquote2 = mysql_query($insquote); | ||
79 | |||
80 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote'])))); | ||
79 | } | 81 | } |
80 | $insquote2 = mysql_query($insquote); | ||
81 | } | 82 | } |
82 | $template->display(); | 83 | $template->display(); |
83 | } elseif ($_GET['act'] == 'bottom') | 84 | } elseif ($_GET['act'] == 'bottom') |