Mercurial > defr > DualBlog
view tb.php @ 24:b23b8f2a8c91
Lutte anti-spam: on vérifie que le commentaire provient du formulaire du blog
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Sat, 27 Oct 2007 11:40:07 +0200 |
| parents | 629389204276 |
| children | 434751e80c88 |
line wrap: on
line source
<?php header("Content-Type: text/xml"); echo("<?xml version='1.0' encoding='utf-8'?>"); include("classes.php"); $id = $_GET['id']; $Data->Query("SELECT * FROM Messages WHERE num_mess=$id"); $post_infos = $Data->GetRow(); $titre = array_key_exists("title", $_POST)?$_POST['title']:"Undefined"; $url = array_key_exists("url", $_POST)?$_POST['url']:"#"; $info = array_key_exists("__info", $_POST)?$_POST['__info']:-1; if($info == 1) { $error = 0; $message = "Some informations"; } else if($url == "#") { $error = 1; $message = "The url field is needed for trackback to do something usefull !"; } else if($post_infos === 0) { $error = 1; $message = "There's no post with this id"; } else { $excerpt = $_POST['excerpt']; $DateComment = gmdate("Y-m-d H:i:s"); if(strlen($excerpt) > 255) $excerpt = substr($excerpt, 0, 255) . "..."; $Data = new DataAccess(); $Data->Query("INSERT INTO Commentaires(MessId, Auteur, Adresse, Comment, DateComment, isTrackback) VALUES({$id}, '{$titre}', '{$url}', '{$excerpt}', '{$DateComment}', 1)"); $Data->Query("UPDATE Mess SET NbCommentaires=NbCommentaires+1 WHERE num_mess={$id}"); $error = 0; $excerpt = htmlentities(urlencode(substr(strip_tags($post_infos['Message']), 0, 252) . "...") } echo "<response> <error>$error</error> <message>$message</message> <engine>Dual Blog custom made PHP script</engine> <encoding>UTF-8</encoding> <blog>Dual Blog</blog> <title>{$post_infos['Titre']}</title> <url>http://defr.org/post/{$post_infos['num_mess']}</url> <excerpt>$excerpt</excerpt> </response>"; ?>