summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rwxr-xr-xpages/quotes.php7
-rwxr-xr-xtheme/quotes/add.tpl4
2 files changed, 8 insertions, 3 deletions
diff --git a/pages/quotes.php b/pages/quotes.php index f47dbd3..9524cd0 100755 --- a/pages/quotes.php +++ b/pages/quotes.php
@@ -70,14 +70,15 @@ if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
70 $template = new FITemplate('quotes/add'); 70 $template = new FITemplate('quotes/add');
71 if (isset($_GET['submit'])) 71 if (isset($_GET['submit']))
72 { 72 {
73 $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
74 if (!isLoggedIn()) 73 if (!isLoggedIn())
75 { 74 {
76 $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; 75 $template->adds_block('ERROR', array('exi'=>1));
77 } else { 76 } else {
78 $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")"; 77 $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")";
78 $insquote2 = mysql_query($insquote);
79
80 $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlspecialchars($_POST['rash_quote']))));
79 } 81 }
80 $insquote2 = mysql_query($insquote);
81 } 82 }
82 $template->display(); 83 $template->display();
83} elseif ($_GET['act'] == 'bottom') 84} elseif ($_GET['act'] == 'bottom')
diff --git a/theme/quotes/add.tpl b/theme/quotes/add.tpl index 6c45876..f55615d 100755 --- a/theme/quotes/add.tpl +++ b/theme/quotes/add.tpl
@@ -9,6 +9,10 @@
9 Also, there is no need to press the submit button again. You're quote has already been sent.</p> 9 Also, there is no need to press the submit button again. You're quote has already been sent.</p>
10<!--END SUBMITTED--> 10<!--END SUBMITTED-->
11 11
12<!--BEGIN ERROR-->
13 <p class="light-at-night">Sorry, for the time being, because of the massive problem we are having with spam, anonymous submission of quotes is disabled. If you have an account, you can still log in and submit a quote.</p>
14<!--END ERROR-->
15
12<form action="/quotes/add.php?submit=" method="POST"> 16<form action="/quotes/add.php?submit=" method="POST">
13 <textarea cols="80" rows="5" name="rash_quote"></textarea><br /> 17 <textarea cols="80" rows="5" name="rash_quote"></textarea><br />
14 <input type="submit" value="Add Quote!" /> 18 <input type="submit" value="Add Quote!" />