X-Git-Url: https://disinclined.org/git/?a=blobdiff_plain;f=index.php;h=56b216aa9662175963849d9a22da89950c9fe611;hb=9412c7a558398a5a990691eb74cc61ae24d85031;hp=16a01ec0fc051c7a87a63c42fd45a12b536bca81;hpb=d4adeb654507e6cd75aac3f264ae21ed5d16bfab;p=dylansserver.git diff --git a/index.php b/index.php index 16a01ec..56b216a 100644 --- a/index.php +++ b/index.php @@ -34,7 +34,10 @@ abstract class cms { return 'index'; } else if (isset($_GET['project'])) { return 'project'; + } else if (isset($_GET['challenge'])) { + return 'captcha'; } + } public function query() { @@ -55,7 +58,7 @@ abstract class cms { call_user_func_array("mysqli_stmt_bind_result", $fields); $i = 0; while ($statement->fetch()) { - foreach ($row as $key1=>$value1) $return[$i][$key1] = $value1; + foreach ($row as $key=>$value) $return[$i][$key] = $value; $i++; } $statement->free_result(); @@ -66,8 +69,14 @@ abstract class cms { $home_link = "/") { $scripts = ""; $stylesheets = ""; - if (cms::determine_type() == "index") { $scripts = ""; + $scripts .= ""; + $scripts .= ""; + $scripts .= ""; } echo <<check_exists(); $this->comments_enabled = $comments_enabled; $url = htmlspecialchars($_SERVER['REQUEST_URI']); if (isset($_GET['verify'])) { - $url = substr($url, 0, (strlen($url)-7)); + $url = substr($url, 0, (strlen($url)-6)); } $this->url = $url; - } - - private function check_exists() { - $sql = "SELECT COUNT(*) FROM notes - WHERE url = ?"; - $results = $this->query($sql, "s", $_GET['note']); - if ($results[0]["COUNT(*)"] != 1) { + $sql = "SELECT title, date_posted, text, id + FROM notes WHERE url = ?"; + $result = $this->query($sql, "s", + $_GET['note']); + if ($result) { + $entry = $result[0]; + $this->id = $entry["id"]; + $this->title = $entry["title"]; + $date_posted = explode("-", $entry["date_posted"]); + $this->year_posted = $date_posted[0]; + $this->month_posted = $date_posted[1]; + $datetime_posted = explode(' ', $date_posted[2]); + $this->day_posted = $datetime_posted[0]; + $this->text = $entry["text"]; + } else { throw new notFound(); } + $sql = "SELECT COUNT(*) FROM comments + WHERE note = $this->id"; + $result = $this->db->query($sql); + $result = $result->fetch_array(); + $this->number_of_comments = $result[0]; + if (isset($_GET['verify'])) { + $this->verify(); + } } public function display() { $this->display_head(); $this->display_note(); - if (isset($_GET['verify'])) { - $this->verify(); - } if ($this->comments_enabled) { - $this->display_comments(); // but where are they? + $this->display_comments(); $this->display_comment_form(); } $this->write_navigation(); @@ -333,55 +361,75 @@ class note extends cms { } private function verify() { - require_once('includes/recaptchalib.php'); - $resp = recaptcha_check_answer ($this->recaptcha_privatekey, - $_SERVER["REMOTE_ADDR"], - $_POST["recaptcha_challenge_field"], - $_POST["recaptcha_response_field"]); - if (!$resp->is_valid) { - echo "The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")"; + if (!isset($_POST['captcha'])) { + require_once('includes/recaptchalib.php'); + echo "
"; + $resp = recaptcha_check_answer ($this->recaptcha_privatekey, + $_SERVER["REMOTE_ADDR"], + $_POST["recaptcha_challenge_field"], + $_POST["recaptcha_response_field"]); + if (!$resp->is_valid) { + $this->failed_captcha = true; + } } + if (isset($_POST['captcha']) || $resp->is_valid) { + $sql = ("INSERT INTO comments (date_posted, author, + email, text, note) + VALUES(NOW(), ?, ?, ?, ?)"); + $stmt = $this->db->prepare($sql); + // Checks are needed here (no blank text, + // and a default author / email need to be set + // for no-javascript users. + $stmt->bind_param('ssss', + htmlspecialchars($_POST['name']), + htmlspecialchars($_POST['email']), + htmlspecialchars($_POST['text']), + $this->id); + $stmt->execute(); + } } private function display_note() { - $sql = "SELECT title, date_posted, text, id - FROM notes WHERE url = ?"; - $result = $this->query($sql, "s", - $_GET['note']); - $entry = $result[0]; - $this->id = $entry["id"]; // This is needed for display_comments() - $title = $entry["title"]; - $date_posted = explode("-", $entry["date_posted"]); - $year_posted = $date_posted[0]; - $month_posted = $date_posted[1]; - $datetime_posted = explode(' ', $date_posted[2]); - $day_posted = $datetime_posted[0]; echo "
"; - echo "

$year_posted/$month_posted/$day_posted/$title

"; - if (!$this->comments_enabled) { - $this->display_comment_link(); - } - echo $entry['text']; + echo "

$this->year_posted/$this->month_posted/$this->day_posted/$this->title

"; + echo $this->text; } private function write_navigation() { - echo "
"; - echo "
"; - echo "

"; - echo "notes/"; - echo "

"; - echo "
"; + echo << +
+

+END_OF_NAVIGATION; + if (!$this->comments_enabled) { + $this->display_comment_link(); + } + echo <<notes/ +

+
+END_OF_NAVIGATION; } private function display_comment_link() { - $url = $this->url . 'comments/'; - echo "comments"; + if ($this->number_of_comments > 0) { + $anchor_text = "comments ($this->number_of_comments)"; + } else { + $anchor_text = "comment?"; + } + if (substr($this->url, (strlen($this->url)-1), strlen($this->url)) == '/') { + $url = $this->url . 'comments/'; + } else { + $url = $this->url . '/comments/'; + } + echo "$anchor_text"; } private function display_comments() { echo "
"; $sql= "SELECT date_posted, author, email, text - FROM comments WHERE note = ?"; + FROM comments WHERE note = ? + ORDER BY date_posted DESC"; $result = $this->query($sql, "d", $this->id); foreach ($result as $row => $entry) { $date_posted = $entry['date_posted']; @@ -394,18 +442,64 @@ class note extends cms {

END_OF_COMMENT; - } + } echo "
"; } private function display_comment_form() { - // Trailing slash is necessary for reloads to work - $url = $this->url . "verify/"; - echo "
"; + $publickey = $this->recaptcha_publickey; + echo << +Recaptcha.create("$publickey", + "recaptcha_div", + { + theme : 'custom', + custom_theme_widget: 'recaptcha_widget', + callback: Recaptcha.focus_response_field + }); + +END_CAPTCHA_STYLE; require_once('includes/recaptchalib.php'); - echo recaptcha_get_html($this->recaptcha_publickey); - echo ""; - echo ""; + $url = $this->url . "verify"; + echo "
"; + echo << + +
+
+

comment:

+ +

name:

+ +

email:

+
+ + +
+

what's this say?

+

enter the numbers you hear:

(another/audio/Get an image CAPTCHAhelp)

+ +

+
+



+
+
+END_OF_FORM; + echo recaptcha_get_html($this->recaptcha_publickey); + if ($this->failed_captcha) { + echo <<reCAPTCHA said you're not human, + + +
+END_OF_FORM; + } else { + echo << + + +END_OF_FORM; + } } } @@ -504,6 +598,19 @@ class notFound extends Exception { } } +class captcha extends cms { + public function display() { + $challenge = $_GET['challenge']; + $response = $_GET['response']; + $remoteip = $_SERVER['REMOTE_ADDR']; + $curl = curl_init('http://api-verify.recaptcha.net/verify?'); + curl_setopt ($curl, CURLOPT_POST, 4); + curl_setopt ($curl, CURLOPT_POSTFIELDS, "privatekey=$this->recaptcha_privatekey&remoteip=$remoteip&challenge=$challenge&response=$response"); + $result = curl_exec ($curl); + curl_close ($curl); + } +} + ## now actually do something: switch (cms::determine_type()) { case "index": @@ -530,6 +637,10 @@ switch (cms::determine_type()) { $archive = new archive; $archive->display(); break; + case "captcha": + $captcha = new captcha; + $captcha->display(); + break; } ?>