diff options
| author | Starla Insigna <hatkirby@fourisland.com> | 2009-01-05 18:33:23 -0500 |
|---|---|---|
| committer | Starla Insigna <hatkirby@fourisland.com> | 2009-01-05 18:33:23 -0500 |
| commit | 9ba37f4643f825052c002bda16884ccc73f57ebc (patch) | |
| tree | 08379f2959d3c403012340daec008295d797c514 /pages | |
| parent | 36879e223fa97ab0f354bd86af3e53c11b06b7b6 (diff) | |
| download | fourisland-9ba37f4643f825052c002bda16884ccc73f57ebc.tar.gz fourisland-9ba37f4643f825052c002bda16884ccc73f57ebc.tar.bz2 fourisland-9ba37f4643f825052c002bda16884ccc73f57ebc.zip | |
Improved anonymous commenting
There was a bug where, if an anonymous commenter used a username that was being used by an actual member, Four Island would think the anonymous commentor was actually the member.
Diffstat (limited to 'pages')
| -rwxr-xr-x | pages/admin.php | 8 | ||||
| -rwxr-xr-x | pages/post.php | 4 |
2 files changed, 4 insertions, 8 deletions
| diff --git a/pages/admin.php b/pages/admin.php index 60bc73d..fda03c3 100755 --- a/pages/admin.php +++ b/pages/admin.php | |||
| @@ -539,14 +539,10 @@ if (isLoggedIn()) | |||
| 539 | 539 | ||
| 540 | if ($getcomment3['id'] == $_GET['id']) | 540 | if ($getcomment3['id'] == $_GET['id']) |
| 541 | { | 541 | { |
| 542 | $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomment3['author'] . "\""; | ||
| 543 | $getuser2 = mysql_query($getuser); | ||
| 544 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 545 | |||
| 546 | $template = new FITemplate('admin/viewComment'); | 542 | $template = new FITemplate('admin/viewComment'); |
| 547 | $template->add('ID', $_GET['id']); | 543 | $template->add('ID', $_GET['id']); |
| 548 | $template->add('USERNAME', $getcomment3['author']); | 544 | $template->add('USERNAME', $getcomment3['author']); |
| 549 | $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email']))); | 545 | $template->add('CODEDEMAIL', md5(strtolower($getcomment3['email']))); |
| 550 | $template->add('TEXT', parseText($getcomment3['comment'])); | 546 | $template->add('TEXT', parseText($getcomment3['comment'])); |
| 551 | $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate']))); | 547 | $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate']))); |
| 552 | } else { | 548 | } else { |
| @@ -567,7 +563,7 @@ if (isLoggedIn()) | |||
| 567 | $insanon = "INSERT INTO anon_commenters (username,email,website) VALUES (\"" . $getcomment3['author'] . "\",\"" . $getcomment3['email'] . "\",\"" . $getcomment3['website'] . "\")"; | 563 | $insanon = "INSERT INTO anon_commenters (username,email,website) VALUES (\"" . $getcomment3['author'] . "\",\"" . $getcomment3['email'] . "\",\"" . $getcomment3['website'] . "\")"; |
| 568 | $insanon2 = mysql_query($insanon); | 564 | $insanon2 = mysql_query($insanon); |
| 569 | 565 | ||
| 570 | $inscomment = "INSERT INTO comments (page_id,username,comment) VALUES (\"" . $getcomment3['page_id'] . "\",\"" . $getcomment3['author'] . "\",\"" . $getcomment3['comment'] . "\")"; | 566 | $inscomment = "INSERT INTO comments (page_id,username,comment,is_anon) VALUES (\"" . $getcomment3['page_id'] . "\",\"" . $getcomment3['author'] . "\",\"" . $getcomment3['comment'] . "\",1)"; |
| 571 | $inscomment2 = mysql_query($inscomment); | 567 | $inscomment2 = mysql_query($inscomment); |
| 572 | 568 | ||
| 573 | $delcomment = "DELETE FROM moderation WHERE id = " . $getcomment3['id']; | 569 | $delcomment = "DELETE FROM moderation WHERE id = " . $getcomment3['id']; |
| diff --git a/pages/post.php b/pages/post.php index 48239cf..7d6dd08 100755 --- a/pages/post.php +++ b/pages/post.php | |||
| @@ -56,7 +56,7 @@ if (!isset($_GET['id'])) | |||
| 56 | { | 56 | { |
| 57 | if ($getanon3['email'] == $_POST['email']) | 57 | if ($getanon3['email'] == $_POST['email']) |
| 58 | { | 58 | { |
| 59 | $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . $_POST['username'] . "\", comment = \"" . $_POST['comment'] . "\""; | 59 | $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . $_POST['username'] . "\", comment = \"" . $_POST['comment'] . "\", is_anon = 1"; |
| 60 | $setcomment2 = mysql_query($setcomment); | 60 | $setcomment2 = mysql_query($setcomment); |
| 61 | 61 | ||
| 62 | $page_id = $_GET['id']; | 62 | $page_id = $_GET['id']; |
| @@ -84,7 +84,7 @@ if (!isset($_GET['id'])) | |||
| 84 | } | 84 | } |
| 85 | } | 85 | } |
| 86 | } else { | 86 | } else { |
| 87 | $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . getSessionUsername() . "\", comment = \"" . $_POST['comment'] . "\""; | 87 | $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . getSessionUsername() . "\", comment = \"" . $_POST['comment'] . "\", is_anon = 0"; |
| 88 | $setcomment2 = mysql_query($setcomment); | 88 | $setcomment2 = mysql_query($setcomment); |
| 89 | 89 | ||
| 90 | mail('hatkirby@fourisland.com', 'New comment on Four Island!', getSessionUsername() . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']); | 90 | mail('hatkirby@fourisland.com', 'New comment on Four Island!', getSessionUsername() . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']); |