This is the form code - it’s a *.tpl file extension - I think the package uses Smarty templates. I’ve put empty lines in front and behind the code segment I added.
<html>
<head>
<title>Comment on This Article</title>
<style type="text/css">
<?PHP readfile('./templates/index.css'); ?></style>
</head>
<body>
<div align="center">
<table width="90%" cellspacing="4" cellpadding="0" border="0">
<tr>
<td width="100%">
<div style="text-align: right; font-weight: bold; margin-bottom: 10px">
<a href="index.php" style="font-weight: bold;">Knowledge Base</a>
:
<a href="glossary.php" style="font-weight: bold;">Glossary</a>
:
<a href="suggest.php" style="font-weight: bold;">Suggest a Question</a>
</div>
<div class="titleBar" style="margin-bottom: 5px;">
Comment on This Article
</div>
<br />
<b>Article # <?PHP echo $T['Article_ID'] ?><br />
<?PHP echo $T['Topic'] ?></b>
<br />
<br />
<div style="width: 500px;">
<a href="index.php?a=<?PHP echo $T['Article_ID'] ?>" style="font-weight: bold">Back To the Article</a>
<br />
<br />
To add a comment to this article, please fill in the form below. Both of the form fields must be filled in to submit
your comment. The comment you submit may not contain HTML code, please use only plain text for your message.
</div>
<br />
<form action="comment.php" method="POST">
<table>
<tr>
<td align="right">
<b>Your Name</b>
</td>
<td>
<input type="text" name="Name" size="40">
</td>
</tr>
<tr>
<td align="right" valign="top">
<b>Comment</b>
</td>
<td>
<textarea name="Message" rows="5" cols="70"></textarea>
</td>
</tr>
## Added below segment
<tr>
<td align="right">
<b>What's the last car on <br>a train called? Type it Here</b>
</td>
<td>
<input type="text" name="Chkword" size="40">
</td>
</tr>
<tr>
<td>
</td>
<td>
<input type="submit" value="Add Comments">
</td>
</tr>
</table>
<input type="hidden" name="a" value="<?PHP echo $T['Article_ID'] ?>">
</form>
</td>
</tr>
</table>
</div>
<!-- Removing this code will result in immediate license termination --><div align="center" style="font-family: Sans-Serif; font-size: 8pt;">Powered By <a href="http://www.jmbsoft.com/" target="_blank">AutoKB</a></div>
</body>
</html>
The complete common.php handler file is below - as above I’ve put empty lines in front and behind any code segments I added or moddified:
<?PHP
## http://www.jmbsoft.com/license.php
## Please make sure you type the word caboose in the last field - otherwise I will assume your are a spambot and ignore your message
include_once('common.php');
$L_TOO_LONG = 'The comment you have entered is too long. We allow a maximum of ' . $GLOBALS['MAX_COMMENT'] . ' characters';
$L_REQUIRED = 'Please fill in all of the required fields';
$L_BADWORD = 'A restricted word was found in your comment which cannot be added to the database';
$L_NOARTICLE = 'Invalid article ID number';
$L_DUPLICATE = 'Please only post one comment per article';
## Added below line
$L_RUSPAMBOT = 'Posting Failed - Please make sure you type the word caboose in the last field - otherwise I will assume your are a spambot and ignore your message';
$DB = new DB($GLOBALS['HOSTNAME'], $GLOBALS['USERNAME'], $GLOBALS['PASSWORD'], $GLOBALS['DATABASE'], $GLOBALS['PREFIX']);
$DB->Connect();
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
AddComment();
}
else
{
DisplayComment();
}
function AddComment()
{
global $DB, $T;
## Added below segment
if (!strcmp($_POST['Chkword'], 'caboose'))
{
$T['Message'] = $GLOBALS['L_RUSPAMBOT'];
include_once("{$GLOBALS['CDIR']}/index_error.tpl");
exit;
}
if( IsEmptyString($_POST['Name']) || IsEmptyString($_POST['Message']) )
{
$T['Message'] = $GLOBALS['L_REQUIRED'];
include_once("{$GLOBALS['CDIR']}/index_error.tpl");
exit;
}
if( strlen($_POST['Message']) > $GLOBALS['MAX_COMMENT'] )
{
$T['Message'] = $GLOBALS['L_TOO_LONG'];
include_once("{$GLOBALS['CDIR']}/index_error.tpl");
exit;
}
$commented = array();
if( isset($_COOKIE['kb_commented']) )
{
$commented = explode(',', $_COOKIE['kb_commented']);
}
if( in_array($_POST['a'], $commented) )
{
$T['Message'] = $GLOBALS['L_DUPLICATE'];
include_once("{$GLOBALS['CDIR']}/index_error.tpl");
exit;
}
$now = DSTTime();
## Modified below segment to include 'Chekword'
foreach( array('Message', 'Name', 'Chekword') as $key )
{
$word = CheckBadWords($_POST[$key]);
if( $word !== 0 )
{
$T['Message'] = $GLOBALS['L_BADWORD'] . ": '$word'";
include_once("{$GLOBALS['CDIR']}/index_error.tpl");
exit;
}
}
$_POST['Name'] = htmlspecialchars($_POST['Name']);
$_POST['Message'] = htmlspecialchars($_POST['Message']);
$_POST['Chkword'] = htmlspecialchars($_POST['Chekword']);
ArrayAddSlashes($_POST);
$DB->Insert("INSERT INTO ZZPRE_Comments VALUES ( " .
"NULL, " .
"'{$_POST['a']}', " .
"'{$_POST['Name']}', " .
"'{$_SERVER['REMOTE_ADDR']}', " .
"'$now', " .
"'{$GLOBALS['O_AUTO_APPROVE']}', " .
"'1', " .
"'{$_POST['Message']}')");
$T = array_merge($_POST, $DB->Row("SELECT * FROM ZZPRE_Articles WHERE Article_ID='{$_POST['a']}'"));
$T['Approved'] = $GLOBALS['O_AUTO_APPROVE'];
$T['Message'] = nl2br($T['Message']);
ArrayStripSlashes($T);
$commented[] = $T['Article_ID'];
setcookie('kb_commented', join(',', $commented), time() + 86400);
include_once("{$GLOBALS['CDIR']}/comment_added.tpl");
}
function DisplayComment()
{
global $DB, $T;
ArrayAddSlashes($_GET);
$T = $DB->Row("SELECT * FROM ZZPRE_Articles WHERE Article_ID='{$_GET['a']}'");
if( $T === FALSE )
{
$T['Message'] = $GLOBALS['L_NOARTICLE'];
include_once("{$GLOBALS['CDIR']}/index_error.tpl");
exit;
}
include_once("{$GLOBALS['CDIR']}/comment_main.tpl");
}
?>