X-Git-Url: https://disinclined.org/git/?a=blobdiff_plain;f=index.php;h=5bf04d624bb2aeca2e97f88374664e31ff0d894c;hb=7a7a4e50628b1397204dfe1c3847aee0bda73a08;hp=516089e056816089995fced1e48f4219dea7626b;hpb=5b70780eb304ed68645d48f06f65034499d7a515;p=dylansserver.git diff --git a/index.php b/index.php index 516089e..5bf04d6 100644 --- a/index.php +++ b/index.php @@ -304,7 +304,7 @@ class note extends cms { $this->comments_enabled = $comments_enabled; $url = htmlspecialchars($_SERVER['REQUEST_URI']); if (isset($_GET['verify'])) { - $url = substr($url, 0, (strlen($url)-7)); + $url = substr($url, 0, (strlen($url)-6)); } $this->url = $url; } @@ -321,11 +321,8 @@ class note extends cms { public function display() { $this->display_head(); $this->display_note(); - if (isset($_GET['verify'])) { - $this->verify(); - } if ($this->comments_enabled) { - $this->display_comments(); // but where are they? + $this->display_comments(); $this->display_comment_form(); } $this->write_navigation(); @@ -334,19 +331,26 @@ class note extends cms { private function verify() { require_once('includes/recaptchalib.php'); + echo "
"; $resp = recaptcha_check_answer ($this->recaptcha_privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { - echo "The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")"; + echo "sorry, reCAPTCHA said you're not human.


"; } else { $sql = ("INSERT INTO comments (date_posted, author, - email, text, note - VALUES(NOW(), ?, ?, ?, ?, ?"); - echo htmlspecialchars($_POST['author']); - echo htmlspecialchars($_POST['email']); - echo htmlspecialchars($_POST['text']); + email, text, note) + VALUES(NOW(), ?, ?, ?, ?)"); + $stmt = $this->db->prepare($sql); + // Checks are needed here (no blank text, + // and a default author / email need to be set + $stmt->bind_param('ssss', + htmlspecialchars($_POST['author']), + htmlspecialchars($_POST['email']), + htmlspecialchars($_POST['text']), + $this->id); + $stmt->execute(); } } @@ -376,21 +380,28 @@ class note extends cms {

- notes/ + notes/

END_OF_NAVIGATION; } private function display_comment_link() { - $url = $this->url . 'comments/'; + // somehow I should be checking if there are any first, + // change to 'comment?' + if (substr($this->url, (strlen($this->url)-1), strlen($this->url)) == '/') { + $url = $this->url . 'comments/'; + } else { + $url = $this->url . '/comments/'; + } echo "comments"; } private function display_comments() { echo "
"; $sql= "SELECT date_posted, author, email, text - FROM comments WHERE note = ?"; + FROM comments WHERE note = ? + ORDER BY date_posted DESC"; $result = $this->query($sql, "d", $this->id); foreach ($result as $row => $entry) { $date_posted = $entry['date_posted']; @@ -418,13 +429,13 @@ var RecaptchaOptions = { END_CAPTCHA_STYLE; require_once('includes/recaptchalib.php'); // Trailing slash is necessary for reloads to work - $url = $this->url . "verify/"; + $url = $this->url . "verify"; echo "
"; echo <<

comment:


-
+

name:



email:


@@ -438,14 +449,17 @@ END_CAPTCHA_STYLE; enter the numbers you hear:
-
get another CAPTCHA
-
get an audio CAPTCHA
-
Get an image CAPTCHA
-
help?
-

+
another CAPTCHA?
+
audio CAPTCHA?
+
Get an image CAPTCHA
+
help?
+
FORM; echo recaptcha_get_html($this->recaptcha_publickey); + if (isset($_GET['verify'])) { + $this->verify(); + } echo <<