Changeset 728099

Timestamp:

06/18/2013 11:35:41 PM (13 years ago)

Author:

DrandLomB

Message:

=Check in v0.95

Location:

dlbs-send-a-link/trunk

Files:

• dsl-captcha.php (added)
• dsl-page.html (modified) (5 diffs)
• dsl-templates.html (modified) (4 diffs)
• dsl.css (modified) (2 diffs)
• dsl.js (modified) (9 diffs)
• dsl.php (modified) (29 diffs)
• readme.txt (modified) (6 diffs)

dlbs-send-a-link/trunk/dsl-page.html

@@ -2 +2 @@
  * Page template for dlb's Send-A-Link (dsl)
  *
- * This file is based on page.php from the theme folder.
+ * This file should be based on the structure seen in file page.php from the theme folder.
  *
  * It includes the form in one div and the confirmation in a separate div.
- * The confirm div will initially be hidden with style display:none;.
- * Javascript later shows the confirm with style display:block; as it hides
- * the form with style display:none;.
+ * The confirm div is initially hidden with style display:none;.
+ * Later it is shown with style display:block as the form is hidden with style display:none;.
  *
- *  This file is used by dsl.php, and is expected to be found 
- *  in the same folder as dsl.php. To locate it elsewhere, change
- *  the DSL_OTHER_TEMPLATES definition in the configuration section of dsl.php. 
+ * This file is used by dsl.php, and is expected to be found 
+ * in the same folder as dsl.php.
  *
- * Placeholders available are as follows. To use, they must be enclosed in #'s:
+ * The following placeholders are available. To use, they must be enclosed in #'s:
  *  - dsl-post-title
  *  - dsl-recipient-name
@@ -39 +37 @@
     <div id="content">
 <!--*****************************************************
- *  The form template starts here
+ *  The form template starts here.
+    All the hidden fields are grouped in the first paragraph. 
+    The unusual label on the hidden "dsl_pid" field is to handle a general form-level error message.
+    The empty spans in the labels are to accept error messages specific to the corresponding inputs.
+    Although text can be customized, the arrangement of the markup is important, 
+    including the order of attributes within the tags.
 -->
         <div class="post" id="dsl-form-div">
@@ -48 +51 @@
                 <form id="dsl-form" action="" method="post" name="dsl-form" onsubmit="dslSend(this); return false;">
                     <p>
-                        <input type="hidden" name="dsl_nonce",          value="#wp-nonce#"       />
-                        <input type="hidden" name="dsl_pid"             value="#dsl-post-id#"    />
-                        <input type="hidden" name="dsl_secure",         value=""                 />
-                        <input type="hidden" name="dsl_captcha_random"  value="#captcha-random#" />
-                        <input type="hidden" name="dsl_back",           value="#dsl-back-link#"  />
+                       <input name="dsl_nonce"          type="hidden"   value="#wp-nonce#"       />
+                       <input name="dsl_secure"         type="hidden"   value=""                 />
+                       <input name="dsl_captcha_random" type="hidden"   value="#captcha-random#" />
+                       <input name="dsl_back"           type="hidden"   value="#dsl-back-link#"  />
+                       <label  for="dsl_pid"                       ><span class="dsl-error-field"></span></label>
+                      <input  name="dsl_pid"            type="hidden"   value="#dsl-post-id#"    />
                     </p>
-                    <p><label  for="dsl_rname"    >Recipient's name:</label><br />
-                      <input  name="dsl_rname"                                              type="text" maxlength="#max-name-chars#" /></p>
-                    <p><label  for="dsl_raddress" >Recipient's email address:</label><br />
-                      <input  name="dsl_raddress"                                           type="text" /></p>
-                    <p><label  for="dsl_sname"    >Your name:</label><br />
-                      <input  name="dsl_sname"                                              type="text" maxlength="#max-name-chars#" /></p>
-                    <p><label  for="dsl_saddress" >Your email address:</label><br />
-                      <input  name="dsl_saddress"                                           type="text" /></p>
-                    <p><label  for="dsl_comments" >Your comments (optional):</label><br />
-                    <textarea name="dsl_comments"                                                       maxlength="#max-comment-chars#" /></textarea></p>
+                    <p><label  for="dsl_rname"    >Recipient's name:<span class="dsl-error-field"></span></label><br />
+                      <input  name="dsl_rname"          type="text"     maxlength="#max-name-chars#" /></p>
+                    <p><label  for="dsl_raddress" >Recipient's email address:<span class="dsl-error-field"></span></label><br />
+                      <input  name="dsl_raddress"       type="text" /></p>
+                    <p><label  for="dsl_sname"    >Your name:<span class="dsl-error-field"></span></label><br />
+                      <input  name="dsl_sname"          type="text"     maxlength="#max-name-chars#" /></p>
+                    <p><label  for="dsl_saddress" >Your email address:<span class="dsl-error-field"></span></label><br />
+                      <input  name="dsl_saddress"       type="text" /></p>
+                    <p><label  for="dsl_comments" >Your comments (optional):<span class="dsl-error-field"></span></label><br />
+                    <textarea name="dsl_comments"                       maxlength="#max-comment-chars#" /></textarea></p>
                     <div id="dsl-captcha">
-                    <p><label  for="dsl_captcha"  >Security check:</label></p>
-                    <div>
-                        #captcha-image#
-                       <input name="dsl_captcha"                                            type="text" autocomplete="off" value="" />
+                    <p><label  for="dsl_captcha"  >Security check:<span class="dsl-error-field"></span></label></p>
+                    <div>#captcha-image#
+                       <input name="dsl_captcha"        type="text"     value="" autocomplete="off" />
                         <br />
                         <a href="javascript:captchas_image_reload('captchas.net')">Reload</a>
@@ -75 +78 @@
                     </div>
                     </div>
-                    <p class="button"><input type="submit" name="dsl_submit" value="#dsl-submit-button#" /></p>
+                    <p class="button">
+                       <label  for="dsl_submit"><span class="dsl-error-field"></span></label>
+                      <input  name="dsl_submit"         type="submit"   value="#dsl-submit-button#" /></p>
                 </form>
                 <p>Or, you can return to <a href="#dsl-back-link#">the article page</a> without sending a link.</p>
@@ -82 +87 @@
         </div>
         <script type="text/javascript">
-            // this allows the tab key to go from the comments field to the captcha entry field without stopping on the captcha image
+            // this Javascript statement llows the tab key to go from the comments field to the captcha entry field without stopping on the captcha image
             document.getElementById('dsl-captcha').getElementsByTagName('div')[0].getElementsByTagName('a')[0].tabIndex=10;
         </script>
 <!--*****************************************************
- *  The confirmation page template starts here 
+ * The confirmation page template starts here 
  *
- *  Javascript will insert the confirmation message
- *  it receives into div.postentry
+ * This is just an empty div that gets filled in later
+ * with the contents of the email message sent.
 -->
         <div class="post" id="dsl-confirm-div">

dlbs-send-a-link/trunk/dsl-templates.html

@@ -1 +1 @@
 <!--*****************************************************
- *  Templates for dlb's Send-A-Link (dsl)
+ *  Message and confirmation templates for dlb's Send-A-Link (dsl)
  *
  *  Contains templates in separate sections for:
- *  - Email send error message
  *  - Confirmation page
- *  - Confirmation page navigation links
  *  - Email message
  *
  *  This file is used by dsl.php, and is expected to be found 
- *  in the same folder as dsl.php. To locate it elsewhere, change
- *  the DSL_PAGE_TEMPLATE definition in the configuration section of dsl.php. 
+ *  in the same folder as dsl.php.
  *
- * Placeholders available are as follows. To use, they must be enclosed in #'s:
+ * The following placeholders are available. To use, they must be enclosed in #'s:
  *  - dsl-post-title
  *  - dsl-recipient-name
@@ -34 +31 @@
 -->
 <!--*****************************************************
- * Error template is shown if an unexplained error occurs
- * while sending the email message
--->
-<error>
-    <p>
-        Unfortunately, an error occurred while attempting to send the message.<br /> 
-        We apologize for the inconvenience and appreciate your patience.<br />
-        Please try again.
-    </p>
-</error>
-<!--*****************************************************
- * Confirm template is shown after successfully sending email
+ * Confirm template:
+ * shown after successfully sending email
 -->
 <confirm>
     <p> 
         Here is a copy of the message that was sent to 
-        #dsl-recipient-name# (#dsl-recipient-address#):
+        #dsl-recipient-name# at (#dsl-recipient-address#):
     </p>
     <div class="message">
@@ -56 +43 @@
         <p>#dsl-message-body#</p>
     </div>
-</confirm>
-<!--*****************************************************
- * Nav template is shown after both the error and confirm templates
--->
-<nav>
     <p>
         Now, you can <a href="" onclick="location.reload(); return false;">send another message</a>,<br />
         or, you can return to <a href="#dsl-back-link#">the article page</a>.
     </p>
-</nav>
+</confirm>
 <!--*****************************************************
- * Message template is used to construct the email message
+ * Message template:
+ * used to construct the email message
 -->
 <message>
@@ -90 +73 @@
     </html>
 </message>
-<!--*****************************************************
- * Error alert template is shown to tell user about errors
--->
-<error-alert>
-Please correct the highlighted error(s) and #dsl-submit-button# again
-</error-alert>

dlbs-send-a-link/trunk/dsl.css

@@ -6 +6 @@
  * to fit within 320 px wide.
  * This is currently expressed in pixels, but 
- * will be recast as rem or pct or em later.
+ * should be re-specified as a pct of the enclosing container.
  *
- *  This file is used by dsl.php, and is expected to be found 
- *  in the same folder as dsl.php. To locate it elsewhere, change
- *  the DSL_CSS_FILE definition in the configuration section of dsl.php. 
+ * This file is used by dsl.php, and is expected to be found 
+ * in the same folder as dsl.php.
+ *
+ * Additional styles to modify or override these can be 
+ * specified in a file of this same name located in the theme folder.
  *
  * See http://www.ajaxload.info/ to make a
@@ -79 +81 @@
 }
 #dsl-captcha input {
-    width:160px;
+    width:9em;
     margin:15px 0;
 }

dlbs-send-a-link/trunk/dsl.js

@@ -2 +2 @@
  *  Javascript for dlb's Send-A-Link (dsl)
  *
- *  Primarily handles AJAX communication of user input and 
- *  server response to eliminate need for re-sending entire page.
+ *  Handles AJAX communication of user input and 
+ *  server responses to eliminate need for re-sending entire page.
  *
  *  This file is used by dsl.php, and is expected to be found 
- *  in the same folder as dsl.php. To locate it elsewhere, change
- *  the DSL_JAVASCRIPT_FILE definition in the configuration section of dsl.php. 
+ *  in the same folder as dsl.php.
  *
  *  This is written with plenty of white-space and comments for clarity,
@@ -24 +23 @@
     // Create AJAX object 
     // See explanation of AJAX setup at http://www.tizag.com/ajaxTutorial/ajaxform.php
-    var ajax, params, testurl, realurl, url, out;
+    var ajax, params;
     try{
         ajax = new XMLHttpRequest(); // Opera 8.0+, Firefox, Safari
@@ -44 +43 @@
     ajax.onreadystatechange = function(){
         if(ajax.readyState == 4){ // indicates that response has been completely received from the server
-            // Send the form and the server's response to the function that does the work
+            // pass control to the function that does the work
             dslProcessResponse(form, ajax.response);
         }
     }
-    // Format the form input for sending to server as a POST request
+    // Collect inputs from the form input for sending to server as a POST request
     // Note that the global variable ajaxData was provided by the server via a wp_localize_script call
     params = 'action=' + ajaxData.action + '&' + dslGetFormData(form);
-    // Establish type of request (POST vs GET), and the URL to which the request will be sent,
-    // and headers to tell data format
+    // Establish type of request (i.e., using POST, not GET) and the URL
     ajax.open("POST", ajaxData.url, true); 
+    // Establish headers to tell data type
     ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
     // Send request to the server
@@ -73 +72 @@
     var i, params='';
     // loop through all elements of the form
+    // this simple routine works for text inputs
+    // but would have to be extended to handle checkboxes, radios, etc.
     for(i=0; i<form.elements.length; i++){ 
         if(form.elements[i].name && form.elements[i].value) {
@@ -93 +94 @@
     // convert the response from a JSON string to javascript objects
     response = JSON.parse(response);
-    // check if a 2nd nonce was received that says CAPTCHA was previously satisfied,
-    // and if so, store that nonce it in a form element, and hide the captcha div
-    if (typeof response.secure != 'undefined') {
-        form.elements["dsl_secure"].value = response.secure;
-        document.getElementById('dsl-captcha').style.display = 'none';
-    }
     // Either show errors or show confirmation
-    if (response.reset) {
+    if (typeof response.reset != 'undefined') {
         // server says to reset the page
-        dslDoReset();
+        // do so showing the form-level error message
+        dslDoReset(response.errors['dsl_pid']);
     } else if (typeof response.errors != 'undefined') {
         // got errors
         // show the messages
         dslShowErrors(form, response.errors);
+        // check if a 2nd nonce was received that says CAPTCHA was previously satisfied,
+        // and if so, store that nonce it in a form element, and hide the captcha div
+        if (typeof response.secure != 'undefined') {
+            form.elements["dsl_secure"].value = response.secure;
+            document.getElementById('dsl-captcha').style.display = 'none';
+        }
         // scroll top of form into view
         document.getElementById('dsl-form-div').scrollIntoView();
@@ -119 +121 @@
         // then select all of the DIVs within it via .getElementsByTagName,
         // then index to the first of them via [0]
-        // then access property innerHTML,
-        // and set it equal to the formatted response
+        // then access property innerHTML, and
+        // load the formatted response from server into it
         cDiv.getElementsByTagName('DIV')[0].innerHTML = response.confirms.body;
-        // show the confirmation div
+        // show the confirm div
         cDiv.style.display = 'block';
         // scroll top of page into view
-        document.getElementById('page').scrollIntoView();
+        document.getElementsByTagName('body')[0].scrollIntoView();
     } else {
-        // unexplained error, so reset
-        dslDoReset();
+        // unexplained error, so reset using error message from the global sent by the server
+        dslDoReset(ajaxData.errorGeneral);
     }
 }
@@ -136 +138 @@
  * Displays an alert for a processing error and reloads the page
  */
-function dslDoReset() {
+function dslDoReset(alertMsg) {
     // display message for a processing error
-    alert ('A general processing error occurred.\n\rWe apologize for the inconvenience and appreciate your patience.\n\rPlease try again.');
+    alert (alertMsg);
     // force a page reload from the server
     document.location.reload(true);
+}
+/********************************************************
+ * dslShowErrors()
+ *
+ * Shows each error message in the label element of the associated input element.
+ * Expects that the errors object contains "key":value pairs, 
+ * where key is the name given to each input element.
+ */
+function dslShowErrors(form, errors){
+    var field, spans;
+    // assocate labels to elements
+    dslAssociateLabels(form);
+    // loop through all of the error messages
+    for (field in errors){
+        // use the "key" for this error to select the form element
+        // then access its label attribute,
+        // then get all the spans within it
+        // then find one with the right class 
+        // and put the error message into its innerHTML
+        spans = form.elements[field].label.getElementsByTagName('span');
+        for (i=0; i<spans.length; i++) {
+            if(spans[i].className == 'dsl-error-field') {
+                spans[i].innerHTML = '<br />' + errors[field];
+                break;
+            }
+        }
+    }
 }
 /********************************************************
@@ -164 +193 @@
 }
 /********************************************************
- * dslShowErrors()
- *
- * Shows each error message in the label element of the associated input element.
- * Expects that the errors object contains "key":value pairs, 
- * where key is the name given to each input element.
- */
-function dslShowErrors(form, errors){
-    var field;
-    // assocate labels to elements
-    dslAssociateLabels(form);
-    // loop through all of the error messages
-    for (field in errors){
-        // use the "key" for this error to select the form element
-        // then access its label attribute,
-        // and set its innerHTML property to the error message
-        // the spans around the error message allow it to be identified for deletion
-        form.elements[field].label.innerHTML += '<span class="dsl-error-field"><br />' + errors[field] + '</span>';
-    }
-}
-/********************************************************
  * dslClearErrors()
  *
@@ -193 +202 @@
     // select all the span elements on the form
     errors = form.getElementsByTagName('SPAN');
-    // loop thru them in reverse order so that removal of one doesn't renumber the rest
-    for (i=errors.length-1; i>=0; i--){
+    // Loop thru them
+    for (i=0; i<errors.length; i++){
         // check each span to see if it is an error message
         if(errors[i].className == 'dsl-error-field') {
-            // this one is, so delete it by accessing it's parent 
-            // and using the remove method
-            errors[i].parentNode.removeChild(errors[i]);
-        }
-    }
-}
+            // this is one so clear its value
+            errors[i].innerHTML = '';
+        }
+    }
+}

dlbs-send-a-link/trunk/dsl.php

@@ -3 +3 @@
 Plugin Name: dlb's Send-A-Link
 Plugin URI: http://wordpress.org/plugins/dlbs-send-a-link/
-Description: Send-A-Link allows visitors to send someone an email containing a link to the post or page and some comments.
-Version: 1.0
+Description: dlb's Send-A-Link allows visitors to send someone an email containing a link to the post or page.
+Version: 0.95
 Author: Dave Bezaire
 Author URI: http://davebezaire.com/
@@ -27 +27 @@
  * Globals and constants that can be customized
  */
+    // Input validation: maximum number of characters in the comments
+    define ( 'DSL_MAX_COMMENT_CHARS', 250);
+    // Input validation: minimum number of characters in the name
+    define ( 'DSL_MIN_NAME_CHARS', 1);
+    // Input validation: maximum number of characters in the name
+    define ( 'DSL_MAX_NAME_CHARS', 30);
+    // Input validation: minimum interval between sends in seconds
+    define ( 'DSL_MIN_SEND_INTERVAL', 30 );
+    // The string shown in DSL_SUBMIT_BUTTON_VALUE is
+    // shown on and returned by the form's submit button.
+    // This is a global because it is a trigger used in an IF statement.
+    // Changing it in this definition will automatically insert it into the form template
+    // and in the corresponding IF statement so that changing it 
+    // will not require any other alteration in the program.
+    // It is also shown in the DSL_ERROR_ALERT message.
+    define ( 'DSL_SUBMIT_BUTTON_VALUE', 'Send it!' ); 
+    // Alert displayed to tell user that an error needs attention
+    define ( 'DSL_ERROR_ALERT', 'Please correct the highlighted error(s) and ' . DSL_SUBMIT_BUTTON_VALUE . ' again' );
+    // Message for an unexplained error
+    define ( 'DSL_GENERAL_ERROR_MESSAGE', 'Unfortunately, a general processing error occurred. We apologize for the inconvenience and appreciate your patience. Please try again.' );
+    // Message for an unexplained error while sending mail
+    define ( 'DSL_SENDING_ERROR_MESSAGE', 'Unfortunately, an error occurred while attempting to send the message. We apologize for the inconvenience and appreciate your patience. Please try again.' );
+    // Message for exceeding maximum characters
+    define ( 'DSL_MAX_CHARS_ERROR', 'Must be no more than %d characters' );
+    // Message for too few characters
+    define ( 'DSL_MIN_CHARS_ERROR', 'Must be at least %d character(s)' );
+    // Message for invalid email address
+    define ( 'DSL_INVALID_EMAIL_ERROR', 'Must be a valid email address' );
+    // Message for invalid characters in email address
+    define ( 'DSL_INVALID_EMAIL_CHARS', 'May not contain invalid characters' );
+    // Message for invalid characters in name
+    define ( 'DSL_INVALID_NAME_CHARS', 'Must contain only: A-Z, a-z, 0-9, . , _ - " \' %' );
+    // Message for invalid characters in comments
+    define ( 'DSL_INVALID_COMMENTS_CHARS', 'Must not contain invalid characters (only limited HTML is allowed)' );
+    // Message for invalid nonce
+    define ( 'DSL_INVALID_NONCE', 'Security check failed' );
+    // Message for incorrect CAPTCHA response
+    define ( 'DSL_INCORRECT_CAPTCHA_ERROR', 'Must match characters in image' );
+    // Message for internal CAPTCHA error
+    define ( 'DSL_INTERNAL_CAPTCHA_ERROR', 'Internal captcha error' );
+    // Message for violating minimum sending interval
+    define ( 'DSL_MIN_SEND_INTERVAL_MESSAGE', 'Must wait at least %d seconds between sends<br />' );
+    // Message for invalid show value
+    define ( 'DSL_INVALID_SHOW_VALUE', 'Invalid value for show in dslLink' );
+    // Default text for link
+    define ( 'DSL_DEFAULT_LINK_TEXT', ' Send a link to this article' );
+    // Default link icon file name
+    define ( 'DSL_DEFAULT_ICON_FILE', 'email.gif' );
+/********************************************************
+ * Globals and constants that should not be changed
+ */
+    //Global data array used throughout
+    $dslData = array();
     // The following four definitions use two pairs of WordPress functions
     // to produce references to the folder in which this plugin file is located, 
@@ -38 +91 @@
         // URL to the theme folder is used to load scripts and styles
         define ( 'DSL_THEME_URL', get_stylesheet_directory_uri() . '/' );
-    // We only look for the JS file in the plugin folder; it can not be empty
-    define ( 'DSL_JAVASCRIPT_FILE', 'dsl.js' ); 
-    // The following three definitions specify the names of the customization files.
+    // The following definitions specify the names of the customization files.
     // By default they are located relative to the plugin folder, 
-    // but they can be overridden by a copy in theme folder. 
+    // but they can be overridden by a copy in the theme folder. 
+        // filename for the captcha configuration parameters
+        define ( 'DSL_CAPTCHA_CONFIG', 'dsl-captcha.php' );
         // filename for form/confirm page template
         define ( 'DSL_PAGE_TEMPLATE', 'dsl-page.html' );
         // filename for other templates
         define ( 'DSL_OTHER_TEMPLATES', 'dsl-templates.html' ); 
-        // filename of styles; the can be the empty string (i.e. '') which might be appropriate
-        // if the styles are included in the themes's CSS file
+        // filename for CSS styles
         define ( 'DSL_CSS_FILE', 'dsl.css' ); 
-    // value that is shown on and returned by the form's submit button
-    define ( 'DSL_SUBMIT_BUTTON_VALUE', 'Send it!' ); 
-    // validation requirement for maximum number of characters in the comments
-    define ( 'DSL_MAX_COMMENT_CHARS', 250);
-    // validation requirement for minimum number of characters in the name
-    define ( 'DSL_MIN_NAME_CHARS', 1);
-    // validation requirement for maximum number of characters in the name
-    define ( 'DSL_MAX_NAME_CHARS', 30);
-    
-/********************************************************
- * dslMakeCaptcha()
- *
- * Returns a Captchas.Net object
- * Uses the web service at http://captchas.net
- * See Captcha comparisons at http://davebezaire.com/tst/captcha/captcha.html
- *
- * All Captchas.Net confirmation parameters are in this routine.
- */
-function dslMakeCaptcha(){
-    // load the library that was copied from http://captchas.net
-    require_once(DSL_PLUG_PATH .'CaptchasDotNet.php');
-    // ID provided in registration
-    $id = 'dcapltchba'; 
-    // private key provided in registration
-    $key = 'rConlz8OdN77va2jsYyOeW3VOJCACT4qgCJzZeoh'; 
-    // storage location for strings??? not really sure how this works
-    $store = '/tmp/captchasnet-random-strings'; 
-    // maximum time (seconds) that a captcha can be valid
-    $time = '3600'; 
-    // characters to use in the image
-    $alphabet = 'abcdghkmnpqrstvwyz345'; 
-    // number of characters in the image
-    $count = '4'; 
-    // size in pixels
-    $height = '80'; 
-    $width = '140';
-    // RGB hex value
-    $color = 'A0590A';
-    // create and return the object
-    return new CaptchasDotNet ($id, $key, $store, $time, $alphabet, $count, $width, $height, $color);
-}
-/********************************************************
- * Globals and constants that MUST NOT be customized
- */
-    //Global data array used throughout
-    $dslData = array();
-    // calculate location of other templates file
-    define ( 'DSL_OTHER_TEMPLATES_CALCULATED' , dslCustomized( 'PATH', DSL_OTHER_TEMPLATES ) );
-/********************************************************
- * dslShortcode()
- *
- * Adds shortcode "dsl-link" which produces the html tags to display a
- * link to the email request form. 
+    // filename for the Javascript; we only look for it in the plugin folder
+    define ( 'DSL_JAVASCRIPT_FILE', 'dsl.js' ); 
+    // Define our table name in the WordPress mySQL database
+    // using the site's table prefix that we get from the $wpdb global.
+    global $wpdb;
+    define ( 'DSL_LOG_TABLE' , $wpdb->prefix . 'dslLog' ); 
+    // Set plugin-database version
+    define ( 'DSL_DB_VERSION', 'dbv1' );
+    // Define the name used to store the db version in the database
+    define ( 'DSL_NAME_OF_DB_VERSION_SETTING', 'dsl_db_version');
+    // Set number of seconds to retain log records in database
+    // e.g., 60 * 60 & 24 is 24 hours
+    define ( 'DSL_LOG_KEEP_SECONDS', 60 * 60 * 24 );
+/********************************************************
+ * dslLink()
+ *
+ * Adds shortcode "dsl-link" and function dslLink()
+ * which produce the html tags to display a
+ * link to the email request form.
+ *
+ * The shortcode is used within the contents of a page or post.
+ * The function is used in templates. 
  * 
- * This link sends the ID of the post or page in which it is clicked.
+ * The resulting link sends the ID of the post or page in which it is clicked.
  * It also sends the URL of the page (which could be either a single post or a 
  * page of many posts) for use in a back link.
@@ -113 +134 @@
  * e.g., [dsl-link text="Link it!" iconfile="myIcon.gif" show="both"].
  */
-add_shortcode("dsl-link", "dslShortcode");
-function dslShortcode($atts){
+add_shortcode("dsl-link", "dslLink");
+function dslLink( $atts = array() ){
     // Establish parameter names and defaults.
     // These are the values that can be provided within the shortcode brackets,
     // and the default values used if they are not specified.
     $defaults = array(
-                        'show' => 'text',                       // one of 'icon', 'text', 'both', 'debug'
-                        'icon_file' => "email.gif",             // filename, including path if not same place as this script
-                        'text' => ' Send a link to this article'    // link text
+                        'show' => 'both',                       // one of 'icon', 'text', 'both'
+                        'icon_file' => DSL_DEFAULT_ICON_FILE,   // filename, including path if not same place as this script
+                        'text' => DSL_DEFAULT_LINK_TEXT         // link text
                     );
     // Merge the defaults with the inputs from the shortcode 
@@ -137 +158 @@
     // Next we add the current page URL to the query
     $query .= '&dsl_back=' . "http://" . $_SERVER['HTTP_HOST']  . $_SERVER['REQUEST_URI'];
-    // and build the anchor tag
-    $anchor = '<a href="' . $link_page . $query . '" title="' . $text . '">';
-    // Now we build the image tag
+    // Use WordPress esc_attr to be sure there are no invalid or dangerous characters in text
+    $text = esc_attr($text);
+    // Build the anchor tag
+    // Use the WordPress esc_url functions for extra safety against sending out invalid or dangerous characters
+    $anchor = '<a href="' . esc_url($link_page . $query) . '" title="' . $text . '">';
+    // Build the image tag
+    // Check that specified icon file exists by calling PHP function getimagesize()
+    // which returns an array with the size already formatted for an html tag at index 3
+    // or FALSE if file does not exist.
+    // If file doesn't exist, fall back to default.
+    if ( false === ( $imgsiz = getimagesize(DSL_PLUG_PATH . $icon_file) ) ) { 
+        $icon_file = $defaults['icon_file']; 
+        $imgsiz = getimagesize(DSL_PLUG_PATH . $icon_file);
+    }
     $imgurl = DSL_PLUG_URL . $icon_file;
-    // Next we use the PHP getimagesize function, which returns an array with the
-    // size already formatted for an html tag at index 3,
-    $imgsiz = getimagesize(DSL_PLUG_PATH . $icon_file);
-    // Here we put together the entire img tag
-    $img = '<img src="' . $imgurl . '" ' . $imgsiz[3] . ' />';
+    // Put together the entire img tag
+    // Escape the url for safety, but trust the output from getimagesize to be valid
+    $img = '<img src="' . esc_url($imgurl) . '" ' . $imgsiz[3] . ' />';
     // Now we use the value of the $show parameter to determine what to output
     switch ($show) {
-        case 'debug':
-            $output = "from my code";
-            $output .= ", the post id is " . $post_id;
-            $link_icon_text = $anchor . $img . $text . '</a>';
-            $link_icon_only = $anchor . $img . '</a>';
-            $link_text_only = $anchor . $text . '</a>';
-            $output .= " Here are the links: " . $link_icon_only . " and " . $link_icon_text. " and " . $link_text_only;
-            break;
+// special option for debug
+// comment this out for production
+// case 'debug':
+// $output = "from my code";
+// $output .= ", the post id is " . $post_id;
+// $link_icon_text = $anchor . $img . $text . '</a>';
+// $link_icon_only = $anchor . $img . '</a>';
+// $link_text_only = $anchor . $text . '</a>';
+// $output .= " Here are the links: " . $link_icon_only . " and " . $link_icon_text. " and " . $link_text_only;
+// break;
         case 'both':
             $output = $anchor . $img . $text . '</a>';
@@ -166 +198 @@
             break;
         default:
-            $output = "Invalid value for show";
+            $output = DSL_INVALID_SHOW_VALUE;
     }
     return $output;
@@ -173 +205 @@
  * dslMain()
  *
- * This is the entry point for all requests for a dlb's Send-A-Link.
+ * This is the entry point for all requests to dlb's Send-A-Link.
  *
  * WordPress calls this routine every time it outputs any page or post, 
@@ -179 +211 @@
  * WordPress also calls this routine whenever it receives an AJAX request that
  * specifies "action" equal to "dsl-form" because of the calls to add_action() 
- * with  'wp_ajax_nopriv' and 'wp_ajax'.
+ * with  'wp_ajax_nopriv' (called when a registered user is logged in) and 
+ * 'wp_ajax' (called for an unregistered visitor). 
  *
  * This routine checks for existance of parameters in the URL query and POST variables
- * that indicate a dsl page request and handles the page. It quickly determine if
+ * that indicate a dsl page request and handles the request. It quickly determines if
  * the requested page needs this routine or not, and simply returns if not needed.
  *
@@ -188 +221 @@
  * message, with the confirmation message initially hidden. When the AJAX request sends
  * the user input, this routine validates it sends an AJAX response which can
- * either be error message(s) or a confirmation message.
+ * either be error message(s) or a confirmation message. If the user does not have
+ * Javascript turned on, then the response is sent by the browser as a regular POST
+ * instead of an AJAX, so this routine will send its response as a new page.
  *
  * When there are no errors, this routine actually sends the email and records it in a log.
@@ -194 +229 @@
  * The trigger for this routine to take over is existance of query parameter 'dsl_pid'
  * which must contain the ID of a page or post, e.g., http://Bezaires.com?dsl_pid=1234
- *
  */
 add_action( 'template_redirect', 'dslMain' );
@@ -201 +235 @@
 function dslMain() {
     global $dslData;
-    // load the inputs into $dslData
+    // load the inputs into the $dslData array
     dslGetInputs();
     // quickly return if we do not handle this type of request
+    // return if we don't have a URL query parameter of 'dsl_pid'
     if( ! isset($dslData['dsl_pid']) ) return;
+    // insure received value is an integer,
+    $dslData['dsl_pid'] = filter_var($dslData['dsl_pid'], FILTER_SANITIZE_NUMBER_INT);
+    // get the post using it as a post id number
     $dslData['post'] = get_post($dslData['dsl_pid']);
-    // must be an accessible post or a page
+    // return if we did not find a post or a page
     if (NULL == $dslData['post'] || ('post' != $dslData['post']->post_type && 'page' != $dslData['post']->post_type) ) return;
-    // Value of the form's submit button tells us 
-    // whether to show the page or to process the inputs
-    switch ($dslData['dsl_submit']) {
-        case "":
+    // Now we know that request is of the type we handle
+    // Check value of back link
+    // Replace it with one pointing to the post if:
+    // - it was not provided at all
+    // - it contains invalid URL characters
+    // - it does not contain the URL of this blog
+    if (    
+            ( ! isset( $dslData['dsl_back'] ) )
+        ||  filter_var( $dslData['dsl_back'], FILTER_SANITIZE_URL ) != ( $dslData['dsl_back'] )
+        ||  ( false === strpos( $dslData['dsl_back'], home_url() ) ) 
+        ) {
+        // Replace by setting it to a URL that points to the post/page
+        $dslData['dsl_back'] = get_permalink( $dslData['post'] );
+    }
+    // setup array to accumulate the responses we'll send back
+    $msg = array();
+    // Check for security or structural errors that may impede later processing including
+    // the submit button, the WordPress nonce, and the IP address.
+    // If nonce fails, consider the entire request a suspect security risk.
+    // If an unknown submit button value, not sure what we have, so don't trust it.
+    // Not sure how we get an invalid IP address, but it's a bad thing if we do.
+    // For all of these cases, send a general error message and reset the form fields.
+    if (    ( $dslData['dsl_submit'] != '' && $dslData['dsl_submit'] != DSL_SUBMIT_BUTTON_VALUE )
+         || ( $dslData['dsl_submit'] != '' && ( ! wp_verify_nonce( $dslData['dsl_nonce'], 'dsl-form' ) ) )
+         || ( false === $dslData['ip'] )
+        )  {
+        // flag to force values to be reset
+        $msg['reset'] = true;
+        // the $errors array generally contains error messsages with the array key
+        // equal to the name of the form field that contains the error. to handle
+        // this form-level error, we put the message into the hidden post id field,
+        // which is at the top of the form, so that is where it will be displayed.
+        $errors['dsl_pid'] = DSL_GENERAL_ERROR_MESSAGE;
+    }
+    // If no errors yet, we know we have a valid request. 
+    // The driving parameters have been tested,
+    // and inputs have been recorded in the $dslData array.
+    // Use the submit button value to determine 
+    // whether to show the form or to process the inputs.
+    if (    ( count($errors) == 0 ) 
+        &&  ( $dslData['dsl_submit'] == '')
+        ) {
             // there was no submit button value, 
-            // so show a page with the form and confirmation sections.
-            // First tell WordPress to run the function that adds the scripts and styles to the page
-            add_action('wp_enqueue_scripts', 'dslEnq');
-            // read template from file
-            $input = file_get_contents( dslCustomized( 'PATH', DSL_PAGE_TEMPLATE ) );
-            // perform substitutions for placeholders
-            dslSubstitutePlaceholders(&$input);
-            // send page headers
-            get_header();
-            // send template
-            echo $input;
-            // send footers and sidebar
-            get_sidebar();
-            get_footer();
-            break;
-        case DSL_SUBMIT_BUTTON_VALUE: 
-            // submit button value says we got a response from the user
-            // check inputs for errors
-            $errors = dslValidateInputs(); 
-            // build array of responses to send via AJAX
-            $msg = array();
-            if (isset($errors['dsl_nonce'])) {
-                // major security breach was found
-                // send back a reset 
-                // to cause Javascript to report an internal error and generate a reload
-                $msg['reset'] = true;
-            } elseif (count($errors) > 0) {
-                // errors were found, so add the
-                // error messages to the response array
-                $msg['errors'] = $errors;
-                if (! isset($errors['dsl_captcha']) ) {
-                    // No error with CAPTCHA, so we believe we are dealing with a person.
-                    // Create a new nonce to use as a stand-in
-                    // so that user doesn't have to do CAPTCHA again when correcting other errors
-                    // and add it to the response array
-                    $msg['secure'] =  wp_create_nonce( 'dsl-form-noCaptcha' );
-                }
-            } else {
-                // no errors were found, so ready to send email
-                // format mail fields
-                dslPrepareMail(); 
-                // send the email
-                $dslData['mail-result'] = mail( $dslData['mail-to'], 
-                                                $dslData['mail-subject'], 
-                                                $dslData['mail-message'], 
-                                                $dslData['mail-headers']);
-                // add the confirms object to the response array
-                $msg['confirms'] = array(
-                                            'status'    => $dslData['mail-result'],
-                                            'body'      => dslFormatConfirm()
-                                        );
-            }
-            // add the received values to the response array for debugging
-            // comment this out for production
-            $msg['values'] = $dslData;
-            // convert all of the responses in the array into a JSON string
-            $msg = json_encode($msg);
-            // send header and response string
-            header( "Content-Type: application/json" ); 
-            echo $msg;
-            break;
-        default:
-            echo 'A general processing error occurred (i.e., received a dsl_submit value of |' . $dslData['dsl_submit'] . '|<br />' .
-                'We apologize for the inconvenience and appreciate your patience. Please try again.';
-            break;
+            // so show the blank form and then exit
+            dslShowPage('blank');
+            exit;
+    }
+    // If no errors yet, we know we have received inputs from the user
+    if (count($errors) == 0) {
+        // Insure the proper version of the database table is installed
+        dslSetupDatabase();
+        // get log record for this IP address
+        $dslData['log'] = dslReadLog( $dslData['ip'] );
+        // check inputs for errors
+        $errors = dslValidateInputs(); 
+    }
+    // If no errors yet, try to send the mail
+    // If fails, load an error message to the $errors array
+    // If succeeds, load confirm to the $msg array 
+    // and record in the log
+    if (count($errors) == 0) {
+        dslSendMail(); 
+        if ( TRUE !== $dslData['mail-result'] ) {
+            // the send failed for no known reason,
+            // so load a form-level error message
+            $errors['dsl_pid'] = DSL_SENDING_ERROR_MESSAGE;
+        } else {
+            // add the confirms object to the response array
+            $msg['confirms'] = array(
+                                        'status'    => $dslData['mail-result'],
+                                        'body'      => dslFormatConfirm()
+                                    );
+            // update log for IP with current time
+            dslUpdateLog( $dslData['ip'], time() );
+            // clear old records out of the log
+            // (this should really be a CRON job or a mySQL trigger someday)
+            dslFlushLog();
+        }
+    }
+    // At this point, we either have message(s) in the $error array,
+    // or we have successfully sent the email and noted it in the $msg array
+    // If there are errors, put them into $msg array 
+    // and turn off CAPTCHA
+    if (count($errors) > 0) {
+        $msg['errors'] = $errors;
+        if ( (! $msg['reset']) && (! isset($errors['dsl_captcha'])) ) {
+            // No reset errors and no CAPTCHA error, 
+            // so we believe we are dealing with a person.
+            // Create a new nonce to use as a stand-in
+            // so that user doesn't have to do CAPTCHA again when correcting other errors
+            // and add it to the response array
+            $msg['secure'] =  wp_create_nonce( 'dsl-form-noCaptcha' );
+        }
+    }
+    // At this point we have the $msg array containing all our responses
+// add the received values to the response array for debug
+// comment this out for production
+//$msg['values'] = $dslData;
+    // decide whether user has Javascript enabled and respond accordingly 
+    if ( isset($dslData['action']) && $dslData['action'] == 'dsl-form' ) {
+        // we received the response via AJAX, so send it back that way
+        // convert all of the responses in the array into a JSON string
+        $msg = json_encode($msg);
+        // send header and response string
+        header( "Content-Type: application/json" ); 
+        echo $msg;
+    } else {
+        // user doesn't have Javascript available, so resend entire page
+        dslShowPage('with-feedback', $msg);
     }
     exit();
@@ -284 +361 @@
  * dslGetInputs()
  *
- * Pulls all of the inputs received via URL query or POST values into an array
+ * Pulls all of the inputs received via URL query or POST into an array
  */
 function dslGetInputs(){
@@ -297 +374 @@
     $tmp = $_REQUEST;
     foreach ($tmp as $key => $value) {
-        if (substr($key, 0, 3) == 'dsl') {
+        if (substr($key, 0, 3) == 'dsl' || $key == 'action') {
             // All of our variables begin with "dsl", so we find and store them.
+            // We also need the "action" that WordPress uses with AJAX
             // It seems that stripslashes() is needed because WordPress apparently does an addslashes()
             // which puts a backslash before every apostrophe. This is similar to a vestigal
@@ -306 +384 @@
         } 
     }
+    // add the user's IP address
+    $dslData['ip'] = dslGetIP();
+}
+/********************************************************
+ * dslGetIP()
+ *
+ * Gets ip address from any of multiple locations,
+ * or returns FALSE if none can be found.
+ * Verifies against invalid IP formats or characters with 
+ * PHP function filter_var()
+ * 
+ * copied from http://www.stevekamerman.com/2006/06/storing-ip-addresses-in-mysql-with-php/
+ */
+function dslGetIP() {
+    if (filter_var($_SERVER["HTTP_CLIENT_IP"], FILTER_VALIDATE_IP)) {
+        return $_SERVER["HTTP_CLIENT_IP"];
+    }
+    foreach (explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"]) as $ip) {
+        if (filter_var(trim($ip), FILTER_VALIDATE_IP)) {
+            return $ip;
+        }
+    }
+    if (filter_var($_SERVER["HTTP_PC_REMOTE_ADDR"], FILTER_VALIDATE_IP)) {
+        return $_SERVER["HTTP_PC_REMOTE_ADDR"];
+    } elseif (filter_var($_SERVER["HTTP_X_FORWARDED"], FILTER_VALIDATE_IP)) {
+        return $_SERVER["HTTP_X_FORWARDED"];
+    } elseif (filter_var($_SERVER["HTTP_FORWARDED_FOR"], FILTER_VALIDATE_IP)) {
+        return $_SERVER["HTTP_FORWARDED_FOR"];
+    } elseif (filter_var($_SERVER["HTTP_FORWARDED"], FILTER_VALIDATE_IP)) {
+        return $_SERVER["HTTP_FORWARDED"];
+    } elseif (filter_var($_SERVER["REMOTE_ADDR"], FILTER_VALIDATE_IP)) {
+        return $_SERVER["REMOTE_ADDR"];
+    } else {
+        return false;
+    }
 }
 /********************************************************
  * dslValidateInputs()
  *
- *  Given an array of field values which has indices equal to the field names,
+ *  Given the global array of field values which has indices equal to the field names,
  *  check for valid inputs.
  *  Returns an array of error messages with indices equal to the field names.
@@ -316 +429 @@
 function dslValidateInputs(){
     global $dslData;
-    $errors = array();
-    
-    // Check the WordPress nonce
-    // If this fails, consider the entire request suspect
-    if ( ! wp_verify_nonce( $dslData['dsl_nonce'], 'dsl-form' ) ) {
-        $errors['dsl_nonce'] = 'was invalid';
-    }
-    
+        
     // Check security field (anti-bot)
-    if (isset($dslData['dsl_secure'])) {
+    if ( isset($dslData['dsl_secure']) && $dslData['dsl_secure'] != '' ) {
         // check the second nonce that was sent after a captcha was previously satisfied
         if (false === wp_verify_nonce( $dslData['dsl_secure'], 'dsl-form-noCaptcha' )) {
-            $errors[dsl_secure] = 'Security check failed';
+            $errors[dsl_secure] = DSL_INVALID_NONCE;
         }
     } else {
@@ -334 +440 @@
         $captcha = dslMakeCaptcha();
         if ( ! $captcha->validate($dslData['dsl_captcha_random']) ) {
-            $errors['dsl_captcha'] = 'Internal captcha error';
+            $errors['dsl_captcha'] = DSL_INTERNAL_CAPTCHA_ERROR;
         } elseif ( ! $captcha->verify($dslData['dsl_captcha']) ) {
-            $errors['dsl_captcha'] = 'Must match characters in image';
+            $errors['dsl_captcha'] = DSL_INCORRECT_CAPTCHA_ERROR;
         }
+    }
+    
+    // Check for sufficient time since last send by this IP address
+    if ( (time() - $dslData['log']->time) < DSL_MIN_SEND_INTERVAL ) {
+        $errors['dsl_submit'] = sprintf(DSL_MIN_SEND_INTERVAL_MESSAGE, DSL_MIN_SEND_INTERVAL );
     }
     
@@ -348 +459 @@
     dslCheckName('dsl_rname', $errors); // recipient's
     
-    // Check for valid comments
-    $invalidCommentChars = "/[<>]/";
+    // Check for valid comments using rules that WordPress applies to comments
     if (strlen(trim($dslData['dsl_comments'])) > DSL_MAX_COMMENT_CHARS ) {
-        $errors['dsl_comments'] = 'Must be no more than ' . DSL_MAX_COMMENT_CHARS . ' characters';
-    } elseif (1 === preg_match($invalidCommentChars, $dslData['dsl_comments'])) {
-        $errors['dsl_comments'] = 'Must not contain < or >';
+        $errors['dsl_comments'] = sprintf(DSL_MAX_CHARS_ERROR, DSL_MAX_COMMENT_CHARS);
+    } elseif ( $dslData['dsl_comments'] != wp_kses( $dslData['dsl_comments'], wp_kses_allowed_html( 'comment' ) ) ) {
+        $errors['dsl_comments'] = DSL_INVALID_COMMENTS_CHARS;
     }
     
@@ -369 +479 @@
     global $dslData;
     if ( $dslData[$fieldName] != filter_var($dslData[$fieldName], FILTER_SANITIZE_EMAIL)) {
-        $errors[$fieldName] = 'May not contain invalid characters';
+        $errors[$fieldName] = DSL_INVALID_EMAIL_CHARS;
     } elseif ( ! filter_var($dslData[$fieldName], FILTER_VALIDATE_EMAIL)) {
-        $errors[$fieldName] = 'Must be a valid email address';
+        $errors[$fieldName] = DSL_INVALID_EMAIL_ERROR;
     }
 }
@@ -384 +494 @@
 function dslCheckName($fieldName, &$errors){
     global $dslData;
-    $invalidNameChars = "/[^ a-zA-Z0-9._%-',]/"; // invalid chars are those NOT in the list
+    $invalidNameChars = "/[^ a-zA-Z0-9._%-',\"]/"; // invalid chars are those NOT in the list
     if (strlen(trim($dslData[$fieldName])) < DSL_MIN_NAME_CHARS) {
-        $errors[$fieldName] = 'Must be at least ' . DSL_MIN_NAME_CHARS . ' character(s)';
+        $errors[$fieldName] = sprintf( DSL_MIN_CHARS_ERROR, DSL_MIN_NAME_CHARS );
     } elseif (strlen(trim($dslData[$fieldName])) > DSL_MAX_NAME_CHARS) {
-        $errors[$fieldName] = 'Must be no more than ' . DSL_MAX_NAME_CHARS . ' characters';
+        $errors[$fieldName] = sprintf( DSL_MAX_CHARS_ERROR, DSL_MAX_NAME_CHARS );
     } elseif (1 === preg_match($invalidNameChars, $dslData[$fieldName])) {
-        $errors[$fieldName] = 'Must contain only: A-Z, a-z, 0-9, . , _ - \' %';
-    }
+        $errors[$fieldName] = DSL_INVALID_NAME_CHARS;
+    }
+}
+/********************************************************
+ * dslShowPage()
+ *
+ * Shows page with form and hidden confirmation 
+ * 
+ * Normally shows the blank form and then AJAX/Javascript
+ * handles responses and displaying feedback. 
+ * But, if no Javascript on client, this routine has to
+ * show the page with feedback.
+ *
+ * $type parameter can be either:
+ * - 'blank' to show the blank form
+ * - 'with-feedback' to show the form with error or confirmation 
+ */
+function dslShowPage($type, $msg = null){
+    global $dslData;
+    // First tell WordPress to run the function that adds the scripts and styles to the page
+    add_action('wp_enqueue_scripts', 'dslEnq');
+    // read template from file
+    $input = file_get_contents( dslCustomized( 'PATH', DSL_PAGE_TEMPLATE ) );
+    // perform substitutions for placeholders
+    dslSubstitutePlaceholders($input);
+    // if no Javascript, format the response into the template
+    if ($type == 'with-feedback') { dslFormatFeedback($input, $msg); }
+    // send page headers
+    get_header();
+    // send template
+    echo $input;
+    // send footers and sidebar
+    get_sidebar();
+    get_footer();
+}
+/********************************************************
+ * dslFormatFeedback()
+ *
+ * When there is no Javascript on the client, we need to do everthing
+ * here that dsl.js normally handles
+ *
+ * Accepts the array of responses that normally would have been sent via AJAX
+ * and a reference to the blank template, and modifies the template string directly
+ */
+function dslFormatFeedback(&$blank, $msg){
+    global $dslData;
+    if ( $msg['reset'] ) {
+        // perform reset, showing the form-level error
+        dslFormatReset($blank, $msg['errors']['dsl_pid']);
+    } elseif ( $msg['errors'] != null ) {
+        // redisplay the form with error messages 
+        // put error messages into label spans
+        foreach ($msg['errors'] as $field => $txt) {
+            $pattern = '#(<label.*?for="' . $field . '".*?>.*?<span.*?class="dsl-error-field".*?>).*?</span>#s';
+            $replacement = '$1<br />' . $txt . '</span>';
+            $blank = preg_replace($pattern, $replacement, $blank);
+        }
+        // put values into inputs
+        $fieldsToDo = array('dsl_rname', 'dsl_raddress', 'dsl_sname', 'dsl_saddress');
+        foreach ($fieldsToDo as $fld){
+            $pattern = '#<input([^>]*?name="' . $fld . '")#s';
+            $replacement = '<input value="' . htmlentities($msg['values'][$fld]) . '" $1';
+            $blank = preg_replace($pattern, $replacement, $blank);
+        }
+        // put value into textarea
+        $pattern = '#(<textarea[^>]*?name="dsl_comments"[^>]*?>)(</textarea>)#';
+        $replacement = '$1' . htmlentities($msg['values']['dsl_comments']) . '$2';
+        $blank = preg_replace($pattern, $replacement, $blank);
+        // turn off CAPTCHA is already satisfied
+        if ( $msg['secure'] != null ) {
+            // put value of secure into input value
+            $pattern = '#(<input[^>]*?name="dsl_secure"[^>]*?value=)"("[^>]*?>)#';
+            $replacement = '$1"' . $msg['secure'] . '$2';
+            $blank = preg_replace($pattern, $replacement, $blank);
+            // hide captcha div
+            $pattern = '#(<div[^>]*?id="dsl-captcha")([^>]*?>)#';
+            $replacement = '$1 style="display:none;" $2';
+            $blank = preg_replace($pattern, $replacement, $blank);
+        }
+    } elseif ( $msg['confirms'] != null ) {
+        // send the confirm page
+        // use display:none to hide the form
+        $pattern = '#(<div[^>]*?id="dsl-form-div")([^>]*?>)#';
+        $replacement = '$1 style="display:none;" $2';
+        $blank = preg_replace($pattern, $replacement, $blank);
+        // use display:block to show the confirm
+        $pattern = '#(<div[^>]*?id="dsl-confirm-div")([^>]*?>)#';
+        $replacement = '$1 style="display:block;" $2';
+        $blank = preg_replace($pattern, $replacement, $blank);
+        // put the confirm text into the div
+        $pattern = '#(<div[^>]*?id="dsl-confirm-div"[^>]*?>.*?<div [^>]*?>)#s';
+        $replacement = '$1' . $msg['confirms']['body'];
+        $blank = preg_replace($pattern, $replacement, $blank);
+    } else {
+        // general error reset
+        dslFormatReset( $blank, DSL_GENERAL_ERROR_MESSAGE );
+    }
+}
+/********************************************************
+ * dslFormatReset()
+ *
+ * do reset by not filling in values 
+ * and not showing errors other than
+ * the general processing error
+ */
+function dslFormatReset(&$blank, $txt) {
+    // do reset by not filling in values 
+    // and not showing errors other than
+    // the general processing error
+    $field = 'dsl_pid';
+    $pattern = '#(<label.*?for="' . $field . '".*?>.*?<span.*?class="dsl-error-field".*?>).*?</span>#s';
+    $replacement = '$1<br />' . $txt . '</span>';
+    $blank = preg_replace($pattern, $replacement, $blank);
 }
 /********************************************************
@@ -406 +627 @@
     global $dslData;
     // Each enqueue call causes WordPress to put the associated link or script
-    // tags into the <head> section of the page
-    // Always enqueue the base dsl styles from the plugin folder
+    // tags into the <head> section of the page. The first parameter is a handle so
+    // that task can be referred to later. 
+    // First enqueue the base dsl styles file from the plugin folder.
     wp_enqueue_style( 'dsl-css', DSL_PLUG_URL . DSL_CSS_FILE );
-    // Enqueue the style overrides from the theme folder
+    // Enqueue the style overrides from the theme folder.
+    // The 3rd parameter is the handle from the previous call, and thus insures
+    // that this one comes later.
     if ( file_exists(DSL_THEME_PATH . DSL_CSS_FILE) ) { 
         wp_enqueue_style( 'dsl-css-from-theme', DSL_THEME_URL . DSL_CSS_FILE, array('dsl-css') ); 
     }
-    wp_enqueue_script( 'dsl-js', DSL_PLUG_URL . DSL_JAVASCRIPT_FILE ); // js file
-    // The localize call puts a script into the <HEAD> section of the page
-    // that creates an object (ajaxData) containing an array of key:value pairs.
-    // Thus, in javascript ajaxData is a global variable that contains some
-    // values that the script needs in order to send a response via AJAX.
-    // Read templates from file to get the error-alert
-    $input = file_get_contents(DSL_OTHER_TEMPLATES_CALCULATED);
-    $input = dslGetSection($input, 'error-alert');
-    dslSubstitutePlaceholders(&$input);
+    // Enqueue the Javascript file
+    wp_enqueue_script( 'dsl-js', DSL_PLUG_URL . DSL_JAVASCRIPT_FILE );
+    // The localize call will put a script tag into the <HEAD> section of the page
+    // to create a Javascript object (ajaxData in this case) containing an array of key:value pairs.
+    // Thus, in the Javascript, ajaxData becomes a global variable that we use to send some data
+    // from the server.
     wp_localize_script( 'dsl-js', 'ajaxData', 
         array(
@@ -427 +648 @@
             'url' =>  admin_url( 'admin-ajax.php' ),
             // Javascript includes this 'action' to tell WordPress which routine
-            // will handle the response as defined in the add_action('wp-ajax_')
+            // will handle the AJAX response as defined in the add_action('wp-ajax_') call
             'action' => 'dsl-form',
             // this is text for the error alert
-            'errorAlert' => $input
+            'errorAlert' => sanitize_text_field( DSL_ERROR_ALERT ),
+            // this is text for an unexplained error
+            'errorGeneral' => sanitize_text_field( DSL_GENERAL_ERROR_MESSAGE ) 
         ) 
     ); 
@@ -437 +660 @@
  * dslCustomized()
  *
- * Given a path/filename relative to the theme or plugin folder,
- * Returns a reference to it in the theme folder if the file exists there, 
- * or to it in the plugin folder if file exists there, or
+ * Return URL or PATH to file in theme folder or plugin folder
+ *
+ * Given a filename with path relative to the plugin folder,
+ * returns a reference to it in the theme folder if the file exists there, 
+ * or to it in the plugin folder if it exists there, or
  * FALSE if it exists in neither place. 
+ *
  * $type can be either URL or PATH
  */
 function dslCustomized($type, $file){
+    // check in theme folder
     $tmp = DSL_THEME_PATH . $file;
     if ( file_exists($tmp) ) {
+        // found it, so return URL or PATH to it
         $tmp = ($type == 'PATH') ?  $tmp : DSL_THEME_URL . $file;
     } else {
+        // check in plugin folder
         $tmp = DSL_PLUG_PATH . $file;
         if ( file_exists($tmp) ) {
+            // found it, so return URL or PATH
             $tmp = ($type == 'PATH') ?  $tmp : DSL_PLUG_URL . $file;
         } else {
+            // not found, so return false
             $tmp = FALSE;
         }
@@ -458 +689 @@
 }
 /********************************************************
- * dslPrepareMail()
+ * dslMakeCaptcha()
+ *
+ * Returns a Captchas.Net object
+ *
+ * This routine reads in all of the CAPTCHA customization parameters
+ * from a configuration file.
+ * The $id and $key must be replaced with values received by registering
+ * at http://captchas.net.
+ *
+ * Uses the web service at http://captchas.net
+ * See Captcha comparisons at http://davebezaire.com/tst/captcha/captcha.html
+ */
+function dslMakeCaptcha(){
+    // load the configuration file, hopefully from the theme folder, 
+    // with fallback to that in the plugin folder
+    include ( dslCustomized( 'PATH', DSL_CAPTCHA_CONFIG ) );
+    // load the library that was copied from http://captchas.net
+    require_once(DSL_PLUG_PATH .'CaptchasDotNet.php');
+    // create and return the object
+    return new CaptchasDotNet ($id, $key, $store, $time, $alphabet, $count, $width, $height, $color);
+}
+/********************************************************
+ * dslSendMail()
+ *
+ * Sends email message
  *
  * Reads the email message template from an external file,
  * formats the various parts of the email message, and
- * returns them in the global array. The body of the message is
- * also returned separately so that it can be
- * displayed on the confirmation page.
- */
-function dslPrepareMail(){
-    global $dslData;
-    // read template from file
-    $input = file_get_contents(DSL_OTHER_TEMPLATES_CALCULATED);
+ * puts them in the global array. The body of the message is
+ * also included separately so that it can be
+ * displayed on the confirmation page. Then sends the email.
+ *
+ * Result of the mail send call is also put in the global array
+ */
+function dslSendMail(){
+    global $dslData;
+    // read templates from file
+    $input = file_get_contents(dslCustomized( 'PATH', DSL_OTHER_TEMPLATES ));
+    // get the message section from the templates
     $input = dslGetSection( $input, 'message');
     // perform substitutions for placeholders
+    // this puts in the names, receiver's address, sender's comments, post title, etc.
     dslSubstitutePlaceholders(&$input);
-    // remove comments paragraphs if no comments
-    if (trim($dslData['dsl_comments']) == '') {$input = preg_replace("#<p\s*?class=\"comment\".*?</p>#s", "", $input);}
+    // if no comments, remove comments paragraphs 
+    if (trim($dslData['dsl_comments']) == '') {
+        $input = preg_replace("#<p\s*?class=\"comment\".*?</p>#s", "", $input);
+    }
     // extract the body for display on confirmation page
     preg_match("#<body>(.*)</body>#s", $input, $tmp);
@@ -482 +743 @@
     $msgSubj = $tmp[1];
     // subject is plain text, so convert emphasis tags to quotes, and remove htmlentities()
+    // and sanitize as text
     $msgSubj = str_replace('<em>', '"', str_replace('</em>', '"', $msgSubj));
     $msgSubj = html_entity_decode($msgSubj);
+    $msgSubj = sanitize_text_field($msgSubj);
     // To send HTML mail, the Content-type headers must be set
-    // Note that the charset is also mentioned in the <HEAD> above
+    // Note that the charset is also mentioned in the <HEAD> in the template
     $hdrs  = 'MIME-Version: 1.0' . "\r\n";
     $hdrs .= 'Content-type: text/html; charset=utf-8' . "\r\n";
-    $hdrs .= 'From:' . $dslData['dsl_sname'] . ' <' . $dslData['dsl_saddress'] . '>' . "\r\n";
+    // add senders name and address in the headers
+    $hdrs .= 'From:' . sanitize_text_field($dslData['dsl_sname']) . ' <' . $dslData['dsl_saddress'] . '>' . "\r\n";
     // Store the results in the $dslData array
     $dslData['mail-to'] = $dslData['dsl_raddress'];
@@ -495 +759 @@
     $dslData['mail-message-body'] = $msgBody;
     $dslData['mail-headers'] = $hdrs;
+    // send the email
+    $dslData['mail-result'] = mail( $dslData['mail-to'], 
+                                    $dslData['mail-subject'], 
+                                    $dslData['mail-message'], 
+                                    $dslData['mail-headers']);
 }
 /********************************************************
@@ -504 +773 @@
     global $dslData;
     // read template from file
-    $input = file_get_contents(DSL_OTHER_TEMPLATES_CALCULATED);
-    // select either error or confirm section
-    $out .= dslGetSection( $input, ($dslData['mail-result'] !== true) ? 'error' : 'confirm');
-    // add on the navigation section
-    $out .= dslGetSection($input, 'nav');
+    $input = file_get_contents(dslCustomized( 'PATH', DSL_OTHER_TEMPLATES ));
+    // get the confirm section
+    $out .= dslGetSection( $input, 'confirm');
     // perform the substitutions
-    dslSubstitutePlaceholders(&$out);
+    dslSubstitutePlaceholders($out);
     return $out;
 }
@@ -516 +783 @@
  * dslGetSection()
  *
- * Returns the contents of a section of the template file
+ * Returns the contents of a section from the template file
  */
 function dslGetSection($str, $tag) {
@@ -522 +789 @@
     // the leading and trailing #'s are required delimiters
     // the trailing 's' after the last # says that dot should match newlines
-    // the \s* followed by \S consumes white space, including newlines, between the end and start
-    // of the tag brackets and included content
+    // the \s* followed by \S consumes white space, including newlines, 
+    // between the end and start of the tag brackets and included content
     $pattern = '#<' . $tag . '>\s*(\S.*\S)\s*</' . $tag . '>#s';
     preg_match($pattern, $str, $match); // stores the first capture group in $match[1]
@@ -547 +814 @@
     // Substitute current values for the placeholders
     $template = str_replace("#dsl-post-title#",         htmlentities($dslData['post']->post_title),     $template);
-    $template = str_replace("#dsl-recipient-name#",     $dslData['dsl_rname'],                          $template);
+    $template = str_replace("#dsl-recipient-name#",     sanitize_text_field($dslData['dsl_rname']),     $template);
     $template = str_replace("#dsl-recipient-address#",  $dslData['dsl_raddress'],                       $template);
-    $template = str_replace("#dsl-sender-name#",        $dslData['dsl_sname'],                          $template);
+    $template = str_replace("#dsl-sender-name#",        sanitize_text_field($dslData['dsl_sname']),     $template);
     $template = str_replace("#dsl-post-id#",            $dslData['dsl_pid'],                            $template);
     $template = str_replace("#dsl-post-author#",        $author,                                        $template);
     $template = str_replace("#dsl-post-date#",          $date,                                          $template);
-    $template = str_replace("#dsl-back-link#",          $dslData['dsl_back'],                           $template);
+    $template = str_replace("#dsl-back-link#",          esc_url($dslData['dsl_back']),                  $template);
     $template = str_replace("#dsl-comments#",           nl2br($dslData['dsl_comments']),                $template);
-    $template = str_replace("#dsl-message-subject#",    $dslData['mail-subject'],                       $template);
+    $template = str_replace("#dsl-message-subject#",    sanitize_text_field($dslData['mail-subject']),  $template);
     $template = str_replace("#dsl-message-body#",       $dslData['mail-message-body'],                  $template);
-    $template = str_replace("#dsl-submit-button#",      DSL_SUBMIT_BUTTON_VALUE,                            $template);
+    $template = str_replace("#dsl-submit-button#",      DSL_SUBMIT_BUTTON_VALUE,                        $template);
     $template = str_replace("#wp-nonce#",               wp_create_nonce('dsl-form'),                    $template);
     $template = str_replace("#captcha-random#",         $captcha->random (),                            $template);
     $template = str_replace("#captcha-image#",          $captcha->image(),                              $template);
     $template = str_replace("#captcha-audio#",          $captcha->audio_url (),                         $template);
-    $template = str_replace("#max-comment-chars#",      DSL_MAX_COMMENT_CHARS,                              $template);
-    $template = str_replace("#min-name-chars#",         DSL_MIN_NAME_CHARS,                                 $template);
-    $template = str_replace("#max-name-chars#",         DSL_MAX_NAME_CHARS,                                 $template);
+    $template = str_replace("#max-comment-chars#",      DSL_MAX_COMMENT_CHARS,                          $template);
+    $template = str_replace("#min-name-chars#",         DSL_MIN_NAME_CHARS,                             $template);
+    $template = str_replace("#max-name-chars#",         DSL_MAX_NAME_CHARS,                             $template);
+}
+/********************************************************
+ * dslSetupDatabase()
+ *
+ * Do one-time, initial setup tasks.
+ *
+ * WordPress calls this routine when the user presses the "Activate" link
+ * in the Administrator's Plugins menu due to the register_activation_hook() call.
+ * Since there is no hookable event when an upgraded version is installed,
+ * we also call this routine on every run of the script after 
+ * we know we will be handling the page request.
+ *
+ * This routine sets up a database table to log 
+ * the IP address and time of each send.
+ */
+register_activation_hook( __FILE__, 'dslSetupDatabase' );
+function dslSetupDatabase() {
+    global $wpdb;
+    // check if the currently installed database version 
+    // matches what will be installed by this routine,
+    // and if so, simply return
+    if ( get_option(DSL_NAME_OF_DB_VERSION_SETTING) == DSL_DB_VERSION ) return;
+    // Define the command that will tell WordPress to create our table.
+    // Note that this command is not strict SQL because the WordPress routines process it first.
+    // This table will be used to remember sends for just a very short time, a day at the most.
+    // It will store the user's IP address and the time of each send as follows:
+    // - idnum is a unique key for each record added to the table
+    // - ip is the address stored as a long integer by using PHP function ip2long()
+    // - time is the time of the last send stored as a UNIX time stamp which is in seconds
+    // - comment is for testing and learning about mySQL and myPhpAdmin
+    // idnum is used as the unique, primary index
+    // ip is indexed because it will be the search term on every query
+    // time is indexed because it will be the sort term on every query
+    $sqlCmd = "CREATE TABLE " . DSL_LOG_TABLE . " (
+                                            idnum int NOT NULL AUTO_INCREMENT,
+                                            ip int,
+                                            time int,
+                                            comment text,
+                                            UNIQUE KEY  idnum (idnum),
+                                            KEY ip (ip),
+                                            KEY time (time)
+                                            );";
+    // Load the WordPress upgrade module which knows how to deal with structuring tables.
+    // In particular, it handles a "create" query by analysing what is already in place
+    // and changing it as necessary.
+    require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
+    // the WordPress dbDelta function executes our command
+    $e = dbDelta ( $sqlCmd );
+    // Put a setting in the WordPress options table with the Plugin's database version number
+    add_option( DSL_NAME_OF_DB_VERSION_SETTING, $wpdb->escape(DSL_DB_VERSION) );
+}
+/********************************************************
+ * dslDeActivate()
+ *
+ * Deletes the plugin's database table and option.
+ *
+ * WordPress calls this routine when the user presses the "Deactivate" link
+ * in the Administrator's Plugins menu. 
+ */
+register_deactivation_hook( __FILE__, 'dslDeActivate' );
+function dslDeActivate() {
+    global $wpdb;
+    // delete options created by plugin
+    delete_option( DSL_NAME_OF_DB_VERSION_SETTING );
+    // define command that will tell MySQL to delete the table created by plugin
+    $sqlCmd = 'DROP TABLE IF EXISTS ' . DSL_LOG_TABLE .';';
+    // send command thru the WordPress query object
+    $e = $wpdb->query( $sqlCmd );
+}
+/********************************************************
+ * dslUpdateLog
+ *
+ * Adds a log record for IP address with time of last send
+ * and optional comment
+ * See http://stackoverflow.com/questions/2754340/inet-aton-and-inet-ntoa-in-php
+ * for info about storing an IP address in MySQL.
+ */
+function dslUpdateLog($ip, $time, $comment = '') {
+    global $wpdb;
+    // setup data to be stored
+    $fields = array(
+                    'ip'        => ip2long( $ip ), // IP address converted to long integer
+                    'time'      => $time, // current time as UNIX timestamp
+                    'comment'   => $wpdb->escape( $comment ) // optional comment
+                    );
+    // Tell WordPress to insert the record
+    $wpdb->insert( DSL_LOG_TABLE, $fields );
+}
+/********************************************************
+ * dslReadLog($ip)
+ *
+ * Returns a log object with:
+ *  - the most recent log record for the given IP address, or 
+ *  - if no existing record for that IP, a dummy record with time equal to zero.
+ */
+function dslReadLog($ip) {
+    global $wpdb;
+    // Define sql query to get all records for this IP and sort them
+    // by time descending
+    $sqlCmd =   ' SELECT * FROM ' . DSL_LOG_TABLE . 
+                ' WHERE ip = ' . ip2long($ip) .
+                ' ORDER BY time DESC'
+                ;
+    // Tell WordPress to execute the query and return the top row
+    $logRow = $wpdb->get_row( $sqlCmd );
+    // If row was found, convert IP back from integer to string
+    // If not found, create a dummy row with time of zero
+    if ( $logRow != null ) {
+        $logRow->ip = long2ip($logRow->ip);
+        return $logRow;
+    } else {
+        return (object)array('ip' => $ip, 'time' => 0, 'comment' => 'dummy');
+    }
+}
+/********************************************************
+ * dslFlushLog($ip)
+ *
+ * Deletes old records from the log
+ *
+ * Old are those earlier than the current time
+ * less the DSL_LOG_KEEP_SECONDS. 
+ */
+function dslFlushLog() {
+    global $wpdb;
+    // calculate the earliest time to be kept
+    $deleteTime = time() - DSL_LOG_KEEP_SECONDS;
+    // Define sql command to find earlier records and delete them
+    $sqlCmd =   ' DELETE FROM ' . DSL_LOG_TABLE . 
+                ' WHERE time < ' . $deleteTime
+                ;
+    // Tell WordPress to execute the query
+    $wpdb->query( $sqlCmd );
 }
 ?>

dlbs-send-a-link/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 3.5.1
 Tested up to: 3.5.1
-Stable tag: 0.45
+Stable tag: 0.95
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -12 +12 @@
 
 == Description ==
-*dlb's Send-A-Link* allows visitors to send someone an email containing a link to the post or page. This is a preliminary, developmental release, and will be replaced by the first full release no later than June 30, 2013. Key features include:
+*dlb's Send-A-Link* allows visitors to send someone an email containing a link to the post or page. This version, 0.95, is the final candidate for release, and will be superceded by version 1.0 after testing is complete, no later than June 25, 2013.
 
-- A shortcode can be put in your template(s) to show visitors an icon or text link to send an email.
+Key features include:
+
+- Show visitors a link (icon and/or text) to send an email by adding a function call to your templates or a shortcode to your pages/posts.
 - The input form, confirmation page, and email message are all based on easily modifiable HTML templates. 
+- Spam protection includes CAPTCHA verification and limiting any given IP address to two messages per minute.
 - *Send-A-Link* loads fast because code is compact and does not use jQuery.
-- *Send-A-Link* uses Javascript/AJAX for fast, inobtrusive form handling.
-- Built and tested on WordPress v3.5.1; although it might work on earlier versions, it has not been test on them.
+- *Send-A-Link* uses Javascript/AJAX for fast, inobtrusive form handling, but it degrades gracefully to provide full functionality to clients without Javascript.
+- Built and tested on WordPress v3.5.1; although it might work on earlier versions, it has not been tested on them.
 
-The *Send-A-Link* code is heavily commented, especially regarding WordPress plugin interfaces and AJAX features. This makes it a suitable starting point for novice developers to explore their own programming interests. I have attempted to make the code very understandable, but I do not claim this to be *model* code because I am not an experienced developer myself. In fact, I would greatly appreciate constructive criticism. 
-    
-In the future, I will release new versions with the following features, in approximately this order:
+*dlb's Send-A-Link* code is heavily commented, especially regarding WordPress plugin interfaces and AJAX features. This makes it a suitable starting point for novice developers to explore their own programming interests. I have attempted to make the code very understandable. However, I do not claim this to be *model* code because I am not an experienced developer myself. In fact, I would greatly appreciate constructive criticism.
+
+In the future, I plan to release new versions with the following features, in approximately this order:
 
 - Privacy reassurance that email addresses are not stored, but IP's are
-- Log mail sent with user's IP address to a file
-- Throttle sends to some number per time period from a given IP
-- Provide full functionality without Javascript
 - Localize to be ready for translation, including delivery of po and mo files and some instruction on how to use POEDIT to customize the wording, regardless of language. This could especially apply to the error messages.
+- Attempt to use PHP's DOM handling routines for more robust and reliable formatting of responses when client does not have Javascript available
+- Use a stored procedure to flush log daily to reduce number of times it is done
 - Rewrite using class construction
-- Add admin screens to modify things now defined as constants and templates
-- Move logging into database
+- Add admin screens to specify some things now defined in constants and templates
 - Make it easy to turn CAPTCHA off or on
 - Make it easy to use other CAPTCHAs
@@ -41 +42 @@
 The manual method requires several steps: (1) Download the zip file to your computer. (2) Unzip the file. (3) Upload the `dlbs-send-a-link` folder to your `wp-content/plugins` directory. (4) Go to `Plugins > Installed Plugins` in your blog's Administration menu and click the `Activate` link under *dlb's Send-A-Link*.
 
-Either way, you simply insert the shortcode `[dsl-link]` in your posts and pages wherever you want to show a link or icon to your visitors offering the opportunity for them to send a message. In your templates, you can insert the code: `if( function_exists('dslShortcode') ) { echo dslShortcode( array('show'=>'both') ); }`
+Customization of *dlb's Send-A-Link* is further described in the FAQ. Generally, it will be necessary to copy `dsl-page.html`, `dsl-templates.html`, and `dsl.css` from the plugin folder to your theme folder. Modify `dsl-page.html` to match the structure of your theme's `page.php` file. Modify `dsl-templates.html` to reflect the URL of your blog. Modify `dsl.css` to match the look & feel of your blog.
 
-Optionally, you can customize *dlb's Send-A-Link* as described in the FAQ.
+You need to register at http://captchas.net (It's free!) to obtain your own `Username` and `Secret Key`. Copy file `dsl-captcha.php` from the plugin folder to the theme folder. Change the values of `$id` and `$key` from "demo" and "secret" to your own `Username` and `Secret Key` respectively. 
+
+Finally, insert the shortcode `[dsl-link]` in your posts/pages wherever you want to show a link or icon to your visitors offering the opportunity to send a message. In your templates, insert the function `dslLink()`, typically as: `if( function_exists('dslLink') ) { echo dslLink(); }`. See FAQ to customize it.
+
 
 == Frequently Asked Questions ==
@@ -57 +61 @@
 = Can I change the icon and text in the link? =
 
-Yes, by using these parameters in the shortcode or in the template code: `[dsl-link show="both" iconfile="Your-Icon.gif" text="Your Text" ]`. The value of `show` can be one of "icon", "text", or "both" to display only the icon, only the text or both. The value of `iconfile` must be the name of your file with a path relative to the plugin folder. The value of `text` will be the title which is typically shown as a tooltip, and will be displayed if `show` is either "text" or "both". 
+Yes. The parameters for shortcode `[dsl-link]` and function `dslLink()` are as follows: `show` can be "icon", "text", or "both" to display only the icon, only the text or both; `iconfile` is the name of your icon file, with a path relative to the plugin folder; `text` is shown as a tooltip and on the link if `show` is either "text" or "both". In the shortcode, enter them like this: `[dsl-link show="both" text="Your Text" iconfile="myIcon.gif" ]`. In the function, enter them like this: `dslLink( array( "show" => "both" , "text" => "Your Text" , "iconfile" => "myIcon.gif" ) )`.
+
+= How can I change to wording on the form's submit button? =
+
+This can only be changed in file `dsl.php`. Search for the definition of `DSL_SUBMIT_BUTTON_VALUE`. This change will need to be made again after an upgrade to a new version.
+
+= How can I change the maximum number of characters allowed in names and comments? =
+
+This can only be changed in file `dsl.php`. Search for the definitions of `DSL_MAX_COMMENT_CHARS`, `DSL_MAX_NAME_CHARS`, and `DSL_MIN_NAME_CHARS`. These changes will need to be made again after an upgrade to a new version.
+
+= How can I change the minimum time between sends? =
+
+This can only be changed in file `dsl.php`. Search for the definition of `DSL_MIN_SEND_INTERVAL`. This change will need to be made again after an upgrade to a new version.
 
 = How can I change the wording in the error messages? =
 
-In this version the error messages must be changed by editing file `dsl.php`, which is heavily commented to make it easier to navigate and alter the code. A future release will make this easier by using the WordPress localization system.
+In this version of the plugin, the error messages must be changed by editing file `dsl.php`, which is heavily commented to make it easier to navigate and alter the code. A future release will make this easier by using the WordPress localization system. These changes will need to be made again after an upgrade to a new version.
 
 == Screenshots ==
@@ -69 +85 @@
 == Changelog ==
 
+= 1.0 =
+* Degrades gracefully to provide full functionality to users without Javascript
+* Loads CAPTCHA configuration file from theme folder
+
+= 0.5 =
+* Implements activate and deactivate routines to provide a database table for logging
+* Logs IP address and time for every mail sent
+* Flushes all log records more than one day old
+* Limits send rate from an IP address to one message every 30 seconds
+* Moved the last bit of visible text from Javascript file to template file
+
 = 0.45 =
-* Added to the WordPress.org Plugin Directory
-* Improved the installation instructions in readme.txt
+* Added *dlb's Send-A-Link* to the WordPress.org Plugin Directory
+* Improved the formatting and installation instructions in readme.txt
 
 = 0.4 =
-Initial release:
-
-* Allows visitors to send someone an email containing a link to the post or page.
+* Initial release
+* Allows visitors to send someone an email containing a link to the post/page.
 * Visitor can optionally include comments in the message.
-* Provides a shortcode to put into templates to show an icon or text link to send an email.
+* Provides a function  to put into templates and a shortcodeto to put into posts/pages to show an icon or text link to send an email.
 * The input form, confirmation page, and email message are based on HTML templates
-* Customized CSS styles and templates can be stored in the theme
+* Customized CSS styles and templates can be stored in the theme folder
 * Uses Javascript/AJAX for fast, inobtrusive form handling.
 * Loads fast, based on compact code that does not use jQuery.
@@ -88 +114 @@
 == Upgrade Notice ==
 
+= 0.95 =
+This is the final candidate for release, and will be superceded by version 1.0 after testing is complete, no later than June 25, 2013.
+
 = 0.45 =
 Minor testing and `readme.txt` changes only. No need to apply this upgrade.
 
 = 0.4 =
-Initial release.
+Initial developmental release.