equal
deleted
inserted
replaced
74 if ( empty($_POST['subject']) && $parms['mode'] == 'topic' ) |
74 if ( empty($_POST['subject']) && $parms['mode'] == 'topic' ) |
75 $errors[] = 'Please enter a topic title.'; |
75 $errors[] = 'Please enter a topic title.'; |
76 // It's OK to trust this! The auth key is encrypted with the site's private key. |
76 // It's OK to trust this! The auth key is encrypted with the site's private key. |
77 if ( !$parms['authorized'] ) |
77 if ( !$parms['authorized'] ) |
78 $errors[] = 'Invalid authorization key'; |
78 $errors[] = 'Invalid authorization key'; |
|
79 |
|
80 // If the user isn't logged in, check the CAPTCHA code |
|
81 if ( !$session->user_logged_in ) |
|
82 { |
|
83 $captcha_hash = $_POST['captcha_hash']; |
|
84 $captcha_code = $_POST['captcha_code']; |
|
85 $real_code = $session->get_captcha($captcha_hash); |
|
86 if ( $real_code != $captcha_code ) |
|
87 $errors[] = 'The confirmation code you entered was incorrect.'; |
|
88 } |
79 |
89 |
80 if ( sizeof($errors) < 1 ) |
90 if ( sizeof($errors) < 1 ) |
81 { |
91 { |
82 // Collect other options |
92 // Collect other options |
83 |
93 |
135 } |
145 } |
136 else if ( $mode == 'quote' ) |
146 else if ( $mode == 'quote' ) |
137 { |
147 { |
138 |
148 |
139 /** |
149 /** |
140 * @TODO: validate read permissions |
150 * @FIXME: validate read permissions |
141 */ |
151 */ |
142 |
152 |
143 $post_id = intval($paths->getParam(2)); |
153 $post_id = intval($paths->getParam(2)); |
144 if ( empty($post_id) ) |
154 if ( empty($post_id) ) |
145 die_friendly('Error', '<p>Invalid post ID</p>'); |
155 die_friendly('Error', '<p>Invalid post ID</p>'); |
286 echo '<br /> |
296 echo '<br /> |
287 <form action="' . $url . '" method="post" enctype="multipart/form-data">'; |
297 <form action="' . $url . '" method="post" enctype="multipart/form-data">'; |
288 echo '<div class="tblholder"> |
298 echo '<div class="tblholder"> |
289 <table border="0" cellspacing="1" cellpadding="4">'; |
299 <table border="0" cellspacing="1" cellpadding="4">'; |
290 echo '<tr><td class="row2">Post subject:</td><td class="row1"><input name="subject" type="text" size="50" style="width: 100%;" value="' . $subject . '" /></td>'; |
300 echo '<tr><td class="row2">Post subject:</td><td class="row1"><input name="subject" type="text" size="50" style="width: 100%;" value="' . $subject . '" /></td>'; |
|
301 if ( !$session->user_logged_in ) |
|
302 { |
|
303 $hash = $session->make_captcha(); |
|
304 $captcha_url = makeUrlNS('Special', 'Captcha/' . $hash); |
|
305 $captcha_img = "<img alt=\"If you cannot read this image please contact the site administrator for assistance.\" src=\"$captcha_url\" onclick=\"this.src=this.src+'/a';\" style=\"cursor: pointer;\" />"; |
|
306 echo '<tr><td class="row2" rowspan="2">Image verification:</td><td class="row1">' . $captcha_img . '</td></tr>'; |
|
307 echo '<tr><td class="row1">Please input the code you see in the image: <input type="hidden" name="captcha_hash" value="' . $hash . '" /><input type="text" name="captcha_code" size="8" /></td></tr>'; |
|
308 } |
291 echo '<tr><td class="row3" colspan="2">'; |
309 echo '<tr><td class="row3" colspan="2">'; |
292 echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>'; |
310 echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>'; |
293 echo '</td></tr>'; |
311 echo '</td></tr>'; |
294 echo ' |
312 echo ' |
295 <!-- This authorization code is encrypted with '.AES_BITS.'-bit AES. --> |
313 <!-- This authorization code is encrypted with '.AES_BITS.'-bit AES. --> |