diff options
| author | Starla Insigna <starla4444@gmail.com> | 2011-02-20 07:30:35 -0500 |
|---|---|---|
| committer | Starla Insigna <starla4444@gmail.com> | 2011-02-20 07:30:35 -0500 |
| commit | 87b42536198dfab02de616f9ba1e68ea307cce90 (patch) | |
| tree | a595f2b988cf935a2caaa8dee51b81d5ce001a59 /pages | |
| parent | a4976f966f0de5abc11235e8decb760ad79ecad1 (diff) | |
| download | fourisland-87b42536198dfab02de616f9ba1e68ea307cce90.tar.gz fourisland-87b42536198dfab02de616f9ba1e68ea307cce90.tar.bz2 fourisland-87b42536198dfab02de616f9ba1e68ea307cce90.zip | |
Disabled anonymous submission of quotes
A blog post explaining why will be posted soon.
Diffstat (limited to 'pages')
| -rwxr-xr-x | pages/quotes.php | 7 |
1 files changed, 4 insertions, 3 deletions
| diff --git a/pages/quotes.php b/pages/quotes.php index f47dbd3..9524cd0 100755 --- a/pages/quotes.php +++ b/pages/quotes.php | |||
| @@ -70,14 +70,15 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id']))) | |||
| 70 | $template = new FITemplate('quotes/add'); | 70 | $template = new FITemplate('quotes/add'); |
| 71 | if (isset($_GET['submit'])) | 71 | if (isset($_GET['submit'])) |
| 72 | { | 72 | { |
| 73 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote'])))); | ||
| 74 | if (!isLoggedIn()) | 73 | if (!isLoggedIn()) |
| 75 | { | 74 | { |
| 76 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; | 75 | $template->adds_block('ERROR', array('exi'=>1)); |
| 77 | } else { | 76 | } else { |
| 78 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")"; | 77 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")"; |
| 78 | $insquote2 = mysql_query($insquote); | ||
| 79 | |||
| 80 | $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote'])))); | ||
| 79 | } | 81 | } |
| 80 | $insquote2 = mysql_query($insquote); | ||
| 81 | } | 82 | } |
| 82 | $template->display(); | 83 | $template->display(); |
| 83 | } elseif ($_GET['act'] == 'bottom') | 84 | } elseif ($_GET['act'] == 'bottom') |