From 5a83ee3e1d7f468e904cd44b282293eda1250708 Mon Sep 17 00:00:00 2001 From: Dylan Lloyd Date: Tue, 8 Mar 2011 14:28:24 -0500 Subject: [PATCH] Comment form works! Still needs field validation, and the author/email fields need default values. The way the author/email is displayed above comments needs to be adjusted when there is no email to link to. The comments link on note/ pages should be changed when there are no comments yet. Most importantly, the note class has gotten sloppy. $this->id is initiated from display_note(), creating a dependency for the form method. This should be moved into the constructor, but some thought should to be given to minimize database queries. Also a few subtle formatting changes, but I still can't get the reCAPTCHA to align right without floating... --- index.php | 44 +++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/index.php b/index.php index 516089e..90f1938 100644 --- a/index.php +++ b/index.php @@ -321,11 +321,8 @@ class note extends cms { public function display() { $this->display_head(); $this->display_note(); - if (isset($_GET['verify'])) { - $this->verify(); - } if ($this->comments_enabled) { - $this->display_comments(); // but where are they? + $this->display_comments(); $this->display_comment_form(); } $this->write_navigation(); @@ -334,19 +331,26 @@ class note extends cms { private function verify() { require_once('includes/recaptchalib.php'); + echo "
"; $resp = recaptcha_check_answer ($this->recaptcha_privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { - echo "The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")"; + echo "sorry, reCAPTCHA said you're not human.


"; } else { $sql = ("INSERT INTO comments (date_posted, author, - email, text, note - VALUES(NOW(), ?, ?, ?, ?, ?"); - echo htmlspecialchars($_POST['author']); - echo htmlspecialchars($_POST['email']); - echo htmlspecialchars($_POST['text']); + email, text, note) + VALUES(NOW(), ?, ?, ?, ?)"); + $stmt = $this->db->prepare($sql); + // Checks are needed here (no blank text, + // and a default author / email need to be set + $stmt->bind_param('ssss', + htmlspecialchars($_POST['author']), + htmlspecialchars($_POST['email']), + htmlspecialchars($_POST['text']), + $this->id); + $stmt->execute(); } } @@ -383,6 +387,8 @@ END_OF_NAVIGATION; } private function display_comment_link() { + // somehow I should be checking if there are any first, + // change to 'comment?' $url = $this->url . 'comments/'; echo "comments"; } @@ -390,7 +396,8 @@ END_OF_NAVIGATION; private function display_comments() { echo "
"; $sql= "SELECT date_posted, author, email, text - FROM comments WHERE note = ?"; + FROM comments WHERE note = ? + ORDER BY date_posted DESC"; $result = $this->query($sql, "d", $this->id); foreach ($result as $row => $entry) { $date_posted = $entry['date_posted']; @@ -424,7 +431,7 @@ END_CAPTCHA_STYLE;

comment:


-
+

name:



email:


@@ -438,14 +445,17 @@ END_CAPTCHA_STYLE; enter the numbers you hear:
-
get another CAPTCHA
- - -
help?
-

+
another CAPTCHA?
+ + +
help?
+
FORM; echo recaptcha_get_html($this->recaptcha_publickey); + if (isset($_GET['verify'])) { + $this->verify(); + } echo << -- 2.30.2