Do formularza dodawania wpisu dodajesz jakieś pole z pytaniem, np.:
Suma pięć i piętnaście? <input type="text" name="antybot">
I potem w pliku, który odbiera dane z formularza [może to być ten sam plik, masz w <form action="plik">] dajesz np:
$antybot = (int)$_POST['antybot'];
$poprawnaodpowiedz = '20';
Dajesz warunek
if ($antybot==$poprawnaodpowiedz) {
// tu kod dodawania komentarza
} else {
echo 'A sio biocie';
}
Jednak nie umiem tego zastosować.
Na pewno odpowiada za to plik comm.inc podaje jego treść:
Kod
# wyswietlanie tesci komentarzy
function list_comm() {
global $comm_tbl, $PHP_SELF, $id, $what;
$result = mysql_query("SELECT * FROM $comm_tbl WHERE wid=$id AND what='$what' ORDER BY date");
$numer = mysql_num_rows($result);
echo '
<table width="99%" border="0" cellspacing="0" cellpadding="0" align="center">';
if($numer==0) {
$text = 'Jeszcze nikt tego nie komentował, może Ty to zrobisz...';
list_body_open('info', $text);
}
while($r = mysql_fetch_array($result)) {
$nid = $r['id'];
$title = $r['title'];
$date = $r['date'];
$text = $r['text'];
$mail = $r['mail'];
$aut = $r['name'];
$text = str_replace("<script>", '', $text);
$text = str_replace("</script>", '', $text);
$title = str_replace("<script>", '', $title);
$title = str_replace("</script>", '', $title);
$title = htmlspecialchars_decode($title);
$author = htmlspecialchars_decode($author);
$mail = htmlspecialchars_decode($mail);
$text = htmlspecialchars_decode($text);
$name = htmlspecialchars_decode($name);
$text = smilies($text);
// stosowanie bbcode i innych bajeroof
$text = str_replace("[b]", "<b>", $text);
$text = str_replace("[/b]", "</b>", $text);
$text = str_replace("[i]", "<i>", $text);
$text = str_replace("[/i]", "</i>", $text);
$text = str_replace("[u]", "<u>", $text);
$text = str_replace("[/u]", "</u>", $text);
// koniec bajeroof
$title = stripslashes($title);
$text = stripslashes($text);
$name = stripslashes($name);
$text = make_clickable($text);
$title = $title.'</b> - '.$date;
if($mail<>'anonim') {
if(eregi("^~",$aut)) $aut = '<a href="mailto:'.$mail.'">'.$aut.'</a>'; else $aut = '<a href="user.php?cmd=info&id='.$aut.'">'.$aut.'</a>';
}
if(is_login()=='yes') {
$link_a = '<a href="admin.php?op=comm&cmd=edit&id='.$nid.'&goto=index.php" title="edit" class="t_list">E</a>';
$link_b = '<a href="admin.php?op=comm&cmd=del&id='.$nid.'&goto=index.php" title="delete" class="t_list">D</a>';
$title = $title.' <b>···</b> (<b> '.$link_a.'</b> | <b>'.$link_b.' </b>)';
}
$others = 'autor: <b>'.$aut.'</b>';
list_body_open($title, $text, $others);
}
}
# wyswietla tytul strony
function comm_title() {
global $news_tbl, $art_tbl, $PHP_SELF, $id, $what, $php_tbl;
if($what=='news') $tbl = $news_tbl;
if($what=='article') $tbl = $art_tbl;
if($what=='script') $tbl = $php_tbl;
$id = (int)$id;
$result = mysql_query("SELECT * FROM $tbl WHERE id=$id");
$r = mysql_fetch_array($result);
$title = $r['title'];
$title = stripslashes($title);
echo "Komentarze do \"$title\"";
}
# dodaje komentarz do bazy
function add_comment() {
global $news_tbl, $art_tbl, $PHP_SELF, $id, $what, $REMOTE_ADDR;
global $title, $text, $imie, $mail, $comm_tbl, $php_tbl;
if($what=='news') $tbl = $news_tbl;
if($what=='article') $tbl = $art_tbl;
if($what=='script') $tbl = $php_tbl;
if(is_user_login()<>'yes'){
save_anonim($imie, $mail);
$imie = '~'.$imie;
}
$query = "INSERT INTO $comm_tbl VALUES(NULL, '$what', now(), $id, '".xss_remove($imie)."', '".xss_remove($mail)."', '".xss_remove($title)."', '".xss_remove($text)."', '$REMOTE_ADDR')";
$result = mysql_query($query);
echo mysql_error();
$query = "SELECT comments FROM $tbl WHERE id='$id'";
$result = mysql_query($query);
$r = mysql_fetch_array($result);
$aaa = $r['comments'];
$aaa++;
$query = "UPDATE $tbl SET comments=$aaa WHERE id='$id'";
$result = mysql_query($query);
echo mysql_error();
}
# pokazuje formularz do komentowania
function comm_form() {
global $PHP_SELF, $what, $id, $f_author, $f_mail;
if(is_user_login()=='yes')
$info = get_user_info();
echo '<form name="comments" method="post" action="'.$PHP_SELF.'">
<table border="0" cellspacing="3" cellpadding="0" align="center">
<tr>
<td class="uni_01" valign="top"><div align="right">podaj: <b>imię</b></div></td>
<td class="uni_01">';
if(is_user_login()=='yes') echo '<b>'.$info[1].'<input type="hidden" name="imie" value="'.$info[1].'">';
else
echo '<input type="text" name="imie" size="30" value="'.$GLOBALS[f_author].'">';
echo '</td>
</tr>
<tr>
<td class="uni_01"z><div align="right"><b>e-mail</div></td>
<td class="uni_01">';
if(is_user_login()=='yes') echo '<b>'.$info[2].'<input type="hidden" name="mail" value="'.$info[2].'">';
else
echo '<input type="text" name="mail" size="30" value="'.$GLOBALS[f_mail].'">';
echo '</td>
</tr>
<tr>
<td class="uni_01" valign="top"><div align="right"><b>temat</div></td>
<td class="uni_01">
<input type="text" name="title" size="30">
</td>
</tr>
<tr>
<td class="uni_01" valign="top"><div align="right"><b>tre¶ć</div></td>
<td class="uni_01">
<textarea name="text" rows="10" cols="45"></textarea>
</td>
</tr>
<tr>
<td align="right" class="uni_01"> </td>
<td class="uni_01">
<input style="font-weight: bold;" type="submit" name="ok" value="dopisz">
<input type="reset" name="Reset" value="wyczy¶ć">
<input type="hidden" name="id" value="'.$id.'">
<input type="hidden" name="what" value="'.$what.'">
<input type="hidden" name="act" value="add">
</td>
</tr>
</table>
</form>';
}
# sprawdza poprawnosc podanych danych we formie
function check_comm() {
global $title, $text, $imie, $mail;
global $aa, $bb, $anty_f_tbl, $REMOTE_ADDR;
$a = 0;
if($title=='') $a++;
if($text=='') $a++;
if($imie=='') $a++;
if($mail=='') {
$mail = 'anonim';
} else {
if (!ereg ("^.+@.+\..+$", $mail)) {
$a++;
$bb = "
Niepoprawny adres e-mail! Jeżeli nie chcesz go podać,
po prostu zostaw puste pole.";
}
}
if($a<>0) $aa = "Formularz wypełniony niepoprawnie. Musisz wypełnić
wszystkie pola oprócz e-mail!";
if($a == 0) {
$anty = 0;
$now = time();
$ok_time = time() + 60;
@mysql_query("DELETE FROM $anty_f_tbl WHERE what='komentarze' AND time < '$now'");
$antyflood = @mysql_query("SELECT * FROM $anty_f_tbl WHERE what='komentarze' AND ip='$REMOTE_ADDR'");
$flood = @mysql_num_rows($antyflood);
if($flood <> '0') {
$anty++;
} else {
@mysql_query("INSERT INTO $anty_f_tbl VALUES (NULL,'$REMOTE_ADDR', '$ok_time', 'komentarze', '$id');");
}
}
if($anty<>0) $aa = "Ochrona antyflood! Przed dodaniem kolejnego wpisu prosimy odczekac minute!";
$a = $a + $anty;
if($a==0) return 10;
}
function is_news() {
global $news_tbl, $art_tbl, $id, $what;
global $comm_tbl;
$id = (int)$id;
if($what=='news') $tbl = $news_tbl;
if($what=='article') $tbl = $art_tbl;
if($what=='script') $tbl = $php_tbl;
$result = mysql_query("SELECT * FROM $tbl WHERE id='$id'");
$r = mysql_num_rows($result);
echo mysql_error();
if($r>0) return 'yes'; else return 'no';
}
function xss_remove($text)
{
$text = str_replace ("/(<(.)script([^>]+)>|<img([^>]+)>|<(.)iframe([^>]+)>)/si", "", $text);
$text = htmlspecialchars($text, ENT_QUOTES);
return $text;
}
?>
function list_comm() {
global $comm_tbl, $PHP_SELF, $id, $what;
$result = mysql_query("SELECT * FROM $comm_tbl WHERE wid=$id AND what='$what' ORDER BY date");
$numer = mysql_num_rows($result);
echo '
<table width="99%" border="0" cellspacing="0" cellpadding="0" align="center">';
if($numer==0) {
$text = 'Jeszcze nikt tego nie komentował, może Ty to zrobisz...';
list_body_open('info', $text);
}
while($r = mysql_fetch_array($result)) {
$nid = $r['id'];
$title = $r['title'];
$date = $r['date'];
$text = $r['text'];
$mail = $r['mail'];
$aut = $r['name'];
$text = str_replace("<script>", '', $text);
$text = str_replace("</script>", '', $text);
$title = str_replace("<script>", '', $title);
$title = str_replace("</script>", '', $title);
$title = htmlspecialchars_decode($title);
$author = htmlspecialchars_decode($author);
$mail = htmlspecialchars_decode($mail);
$text = htmlspecialchars_decode($text);
$name = htmlspecialchars_decode($name);
$text = smilies($text);
// stosowanie bbcode i innych bajeroof
$text = str_replace("[b]", "<b>", $text);
$text = str_replace("[/b]", "</b>", $text);
$text = str_replace("[i]", "<i>", $text);
$text = str_replace("[/i]", "</i>", $text);
$text = str_replace("[u]", "<u>", $text);
$text = str_replace("[/u]", "</u>", $text);
// koniec bajeroof
$title = stripslashes($title);
$text = stripslashes($text);
$name = stripslashes($name);
$text = make_clickable($text);
$title = $title.'</b> - '.$date;
if($mail<>'anonim') {
if(eregi("^~",$aut)) $aut = '<a href="mailto:'.$mail.'">'.$aut.'</a>'; else $aut = '<a href="user.php?cmd=info&id='.$aut.'">'.$aut.'</a>';
}
if(is_login()=='yes') {
$link_a = '<a href="admin.php?op=comm&cmd=edit&id='.$nid.'&goto=index.php" title="edit" class="t_list">E</a>';
$link_b = '<a href="admin.php?op=comm&cmd=del&id='.$nid.'&goto=index.php" title="delete" class="t_list">D</a>';
$title = $title.' <b>···</b> (<b> '.$link_a.'</b> | <b>'.$link_b.' </b>)';
}
$others = 'autor: <b>'.$aut.'</b>';
list_body_open($title, $text, $others);
}
}
# wyswietla tytul strony
function comm_title() {
global $news_tbl, $art_tbl, $PHP_SELF, $id, $what, $php_tbl;
if($what=='news') $tbl = $news_tbl;
if($what=='article') $tbl = $art_tbl;
if($what=='script') $tbl = $php_tbl;
$id = (int)$id;
$result = mysql_query("SELECT * FROM $tbl WHERE id=$id");
$r = mysql_fetch_array($result);
$title = $r['title'];
$title = stripslashes($title);
echo "Komentarze do \"$title\"";
}
# dodaje komentarz do bazy
function add_comment() {
global $news_tbl, $art_tbl, $PHP_SELF, $id, $what, $REMOTE_ADDR;
global $title, $text, $imie, $mail, $comm_tbl, $php_tbl;
if($what=='news') $tbl = $news_tbl;
if($what=='article') $tbl = $art_tbl;
if($what=='script') $tbl = $php_tbl;
if(is_user_login()<>'yes'){
save_anonim($imie, $mail);
$imie = '~'.$imie;
}
$query = "INSERT INTO $comm_tbl VALUES(NULL, '$what', now(), $id, '".xss_remove($imie)."', '".xss_remove($mail)."', '".xss_remove($title)."', '".xss_remove($text)."', '$REMOTE_ADDR')";
$result = mysql_query($query);
echo mysql_error();
$query = "SELECT comments FROM $tbl WHERE id='$id'";
$result = mysql_query($query);
$r = mysql_fetch_array($result);
$aaa = $r['comments'];
$aaa++;
$query = "UPDATE $tbl SET comments=$aaa WHERE id='$id'";
$result = mysql_query($query);
echo mysql_error();
}
# pokazuje formularz do komentowania
function comm_form() {
global $PHP_SELF, $what, $id, $f_author, $f_mail;
if(is_user_login()=='yes')
$info = get_user_info();
echo '<form name="comments" method="post" action="'.$PHP_SELF.'">
<table border="0" cellspacing="3" cellpadding="0" align="center">
<tr>
<td class="uni_01" valign="top"><div align="right">podaj: <b>imię</b></div></td>
<td class="uni_01">';
if(is_user_login()=='yes') echo '<b>'.$info[1].'<input type="hidden" name="imie" value="'.$info[1].'">';
else
echo '<input type="text" name="imie" size="30" value="'.$GLOBALS[f_author].'">';
echo '</td>
</tr>
<tr>
<td class="uni_01"z><div align="right"><b>e-mail</div></td>
<td class="uni_01">';
if(is_user_login()=='yes') echo '<b>'.$info[2].'<input type="hidden" name="mail" value="'.$info[2].'">';
else
echo '<input type="text" name="mail" size="30" value="'.$GLOBALS[f_mail].'">';
echo '</td>
</tr>
<tr>
<td class="uni_01" valign="top"><div align="right"><b>temat</div></td>
<td class="uni_01">
<input type="text" name="title" size="30">
</td>
</tr>
<tr>
<td class="uni_01" valign="top"><div align="right"><b>tre¶ć</div></td>
<td class="uni_01">
<textarea name="text" rows="10" cols="45"></textarea>
</td>
</tr>
<tr>
<td align="right" class="uni_01"> </td>
<td class="uni_01">
<input style="font-weight: bold;" type="submit" name="ok" value="dopisz">
<input type="reset" name="Reset" value="wyczy¶ć">
<input type="hidden" name="id" value="'.$id.'">
<input type="hidden" name="what" value="'.$what.'">
<input type="hidden" name="act" value="add">
</td>
</tr>
</table>
</form>';
}
# sprawdza poprawnosc podanych danych we formie
function check_comm() {
global $title, $text, $imie, $mail;
global $aa, $bb, $anty_f_tbl, $REMOTE_ADDR;
$a = 0;
if($title=='') $a++;
if($text=='') $a++;
if($imie=='') $a++;
if($mail=='') {
$mail = 'anonim';
} else {
if (!ereg ("^.+@.+\..+$", $mail)) {
$a++;
$bb = "
Niepoprawny adres e-mail! Jeżeli nie chcesz go podać,
po prostu zostaw puste pole.";
}
}
if($a<>0) $aa = "Formularz wypełniony niepoprawnie. Musisz wypełnić
wszystkie pola oprócz e-mail!";
if($a == 0) {
$anty = 0;
$now = time();
$ok_time = time() + 60;
@mysql_query("DELETE FROM $anty_f_tbl WHERE what='komentarze' AND time < '$now'");
$antyflood = @mysql_query("SELECT * FROM $anty_f_tbl WHERE what='komentarze' AND ip='$REMOTE_ADDR'");
$flood = @mysql_num_rows($antyflood);
if($flood <> '0') {
$anty++;
} else {
@mysql_query("INSERT INTO $anty_f_tbl VALUES (NULL,'$REMOTE_ADDR', '$ok_time', 'komentarze', '$id');");
}
}
if($anty<>0) $aa = "Ochrona antyflood! Przed dodaniem kolejnego wpisu prosimy odczekac minute!";
$a = $a + $anty;
if($a==0) return 10;
}
function is_news() {
global $news_tbl, $art_tbl, $id, $what;
global $comm_tbl;
$id = (int)$id;
if($what=='news') $tbl = $news_tbl;
if($what=='article') $tbl = $art_tbl;
if($what=='script') $tbl = $php_tbl;
$result = mysql_query("SELECT * FROM $tbl WHERE id='$id'");
$r = mysql_num_rows($result);
echo mysql_error();
if($r>0) return 'yes'; else return 'no';
}
function xss_remove($text)
{
$text = str_replace ("/(<(.)script([^>]+)>|<img([^>]+)>|<(.)iframe([^>]+)>)/si", "", $text);
$text = htmlspecialchars($text, ENT_QUOTES);
return $text;
}
?>
Za pomoc będę dozgonnie wdzięczny. Ewentualnie mogę odwdzięczyc sie mogę drobna kwota finansową.
Pozdrawiam