} load_skin('comments'); // stop crawlers if (Surfer::is_crawler()) { Safe::header('Status: 401 Unauthorized', TRUE, 401); die(i18n::s('You are not allowed to perform this operation.')); // an anchor is mandatory } elseif (!is_object($anchor)) { Safe::header('Status: 404 Not Found', TRUE, 404); die(i18n::s('No anchor has been found.')); // the anchor has to be viewable by this surfer } elseif (!$anchor->is_viewable()) { Safe::header('Status: 401 Unauthorized', TRUE, 401); die(i18n::s('You are not allowed to perform this operation.')); // robots cannot contribute } elseif (isset($_REQUEST['message']) && Surfer::may_be_a_robot()) { Safe::header('Status: 401 Unauthorized', TRUE, 401); die(i18n::s('You are not allowed to perform this operation.')); // this anchor does not accept contributions } elseif (isset($_REQUEST['message']) && is_object($anchor) && !Comments::allow_creation($anchor)) { Safe::header('Status: 401 Unauthorized', TRUE, 401); die(i18n::s('You are not allowed to perform this operation.')); // a new contribution has been submitted } elseif (isset($_REQUEST['message']) && trim($_REQUEST['message'])) { // sanitize the message $_REQUEST['message'] = str_replace(array("\r\n", "\r"), "\n", trim($_REQUEST['message'])); // protect from hackers if (isset($_REQUEST['edit_name'])) { $_REQUEST['edit_name'] = preg_replace(FORBIDDEN_IN_NAMES, '_', $_REQUEST['edit_name']); } if (isset($_REQUEST['edit_address'])) {
if (!$_REQUEST['create_name']) { $_REQUEST['create_name'] =& i18n::c('(anonymous)'); } // always auto-publish queries $_REQUEST['publish_date'] = gmstrftime('%Y-%m-%d %H:%M:%S'); if (isset($_REQUEST['edit_id'])) { $_REQUEST['publish_id'] = $_REQUEST['edit_id']; } $_REQUEST['publish_address'] = $_REQUEST['edit_address']; $_REQUEST['publish_name'] = $_REQUEST['edit_name']; // show e-mail address of anonymous surfer if ($_REQUEST['edit_address'] && !Surfer::is_logged()) { $_REQUEST['description'] = '<p>' . sprintf(i18n::c('Sent by %s'), '[email=' . ($_REQUEST['edit_name'] ? $_REQUEST['edit_name'] : i18n::c('e-mail')) . ']' . $_REQUEST['edit_address'] . '[/email]') . "</p>\n" . $_REQUEST['description']; } // stop robots if (Surfer::may_be_a_robot()) { Logger::error(i18n::s('Please prove you are not a robot.')); $with_form = TRUE; // display the form on error } elseif (!($_REQUEST['id'] = Articles::post($_REQUEST))) { $with_form = TRUE; // post-processing } else { // do whatever is necessary on page publication Articles::finalize_publication($anchor, $_REQUEST); // message to the query poster $context['page_title'] = i18n::s('Your query has been registered'); // use the secret handle to access the query $link = ''; $status = ''; if ($item = Articles::get($_REQUEST['id'])) {
Logger::error(i18n::s('E-mail has not been enabled on this system.')); // permission denied } elseif (!$permitted) { // anonymous users are invited to log in or to register if (!Surfer::is_logged()) { Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'users/login.php?url=' . urlencode(Sections::get_url($item['id'], 'invite'))); } // permission denied to authenticated user Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('You are not allowed to perform this operation.')); // no mail in demo mode } elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST' && file_exists($context['path_to_root'] . 'parameters/demo.flag')) { Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('You are not allowed to perform this operation in demonstration mode.')); // stop robots } elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST' && Surfer::may_be_a_robot()) { Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('Please prove you are not a robot.')); // process submitted data } elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') { // ensure the section has a private handle if (!isset($item['handle']) || !$item['handle']) { $item['handle'] = md5(mt_rand()); // save in the database $fields = array(); $fields['id'] = $item['id']; $fields['handle'] = $item['handle']; $fields['silent'] = 'Y'; Sections::put_attributes($fields); } // track anonymous surfers