X-Git-Url: https://disinclined.org/git/?a=blobdiff_plain;f=index.php;h=e743a3897ac6d06e471cf459b41beef527beff4d;hb=8a98916cf3e32d836493c4f1800aea0b25d7b63f;hp=516089e056816089995fced1e48f4219dea7626b;hpb=5b70780eb304ed68645d48f06f65034499d7a515;p=dylansserver.git
diff --git a/index.php b/index.php
index 516089e..e743a38 100644
--- a/index.php
+++ b/index.php
@@ -321,11 +321,8 @@ class note extends cms {
public function display() {
$this->display_head();
$this->display_note();
- if (isset($_GET['verify'])) {
- $this->verify();
- }
if ($this->comments_enabled) {
- $this->display_comments(); // but where are they?
+ $this->display_comments();
$this->display_comment_form();
}
$this->write_navigation();
@@ -334,19 +331,26 @@ class note extends cms {
private function verify() {
require_once('includes/recaptchalib.php');
+ echo "
";
$resp = recaptcha_check_answer ($this->recaptcha_privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
- echo "The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")";
+ echo "sorry, reCAPTCHA said you're not human.
";
} else {
$sql = ("INSERT INTO comments (date_posted, author,
- email, text, note
- VALUES(NOW(), ?, ?, ?, ?, ?");
- echo htmlspecialchars($_POST['author']);
- echo htmlspecialchars($_POST['email']);
- echo htmlspecialchars($_POST['text']);
+ email, text, note)
+ VALUES(NOW(), ?, ?, ?, ?)");
+ $stmt = $this->db->prepare($sql);
+ // Checks are needed here (no blank text,
+ // and a default author / email need to be set
+ $stmt->bind_param('ssss',
+ htmlspecialchars($_POST['author']),
+ htmlspecialchars($_POST['email']),
+ htmlspecialchars($_POST['text']),
+ $this->id);
+ $stmt->execute();
}
}
@@ -376,13 +380,15 @@ class note extends cms {