•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 391,802 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,420 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 1347 | Replies: 1
 |
•
•
Join Date: Aug 2006
Posts: 2
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
I have a tell a friend page done in PHP adnd I'd like to have it so that they can't edit/change the message only add their email & friend email...and not be able to add spam to it.
and I'm pretty new at PHP so Thanks in advance for any help!
here's the code I'm using for the Tell a Friend
[php]<?php
$FriendName = $_POST['FriendName'];
$FriendEmail = $_POST['FriendEmail'];
$Name = $_POST['Name'];
$Email = $_POST['Email'];
$emailtext = $_POST['emailtext'];
$string = "http://www.americanconsumerinstitute.org";
?>
<html><head>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_validateForm() { //v4.0
var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
//-->
</script>
</head>
<body>
<?php
if (!$FriendEmail) {
?>
<br>
<form name="form1" onSubmit="MM_validateForm('Name','','R','Email','','RisEmail','FriendName','','R','FriendEmail','','RisEmail');return document.MM_returnValue" action="" method="POST">
<div align="center">
<table width="427" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="69" align="right" valign="top"> </td>
<td width="5"><font face="Verdana" size="2"> </font></td>
<td width="113"><font face="Verdana" size="2">Name: </font> </td>
<td width="216"> <font face="Verdana" size="2">E-mail:</font></td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>You:</b></font></td>
<td> </td>
<td>
<font face="Verdana">
<input type="text" name="Name" size="15"><font size="2"> </font></font>
</td>
<td>
<font face="Verdana">
<input type="text" name="Email" size="20"><font size="2"> </font></font>
</td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>Friend:</b></font></td>
<td> </td>
<td>
<font face="Verdana">
<input type="text" name="FriendName" size="15"><font size="2"> </font>
</font>
</td>
<td>
<font face="Verdana">
<input type="text" name="FriendEmail" size="20"><font size="2"> </font>
</font>
</td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>Message:</b></font></td>
<td> </td>
<td colspan="2">
<font face="Verdana">
<textarea name="emailtext" cols="38" rows="6" style="font-family: Trebuchet MS; font-size: 10pt">
I found this great website and I believe you would be interested in it.
Here is the link to that page: <?php echo $string ?>
</textarea><font size="2"> </font></font>
</td>
</tr>
<tr>
<td align="right"> </td>
<td><font face="Verdana" size="2"> </font> </td>
<td>
<font face="Verdana">
<input type="submit" value="Send" name="Submit"><font size="2"> </font>
</font>
</td>
<td> </td>
</tr>
</table>
</div>
</form>
<?php
}
else {
if ($FriendEmail) { mail( $FriendEmail, "Message from $Name", "$FriendName, \n\n".$emailtext ."\n\n$Name", "From: $Email");
}
echo "<center><br><br><font face=Verdana size=2>Thank you <font color=red>$Name</font>. The email has been sent to <font color=red>$FriendName</font>. <br><br><a href='javascript:window.close();'>Close this window</a></font><p>
<font face=Verdana size=2>powered by: <a href=http://www.americanconsumerinstitute.org/ target=new>Tell A Friend</a></font></p>";
}
?>
<p> </p>
</body>
</html> [/php]
and I'm pretty new at PHP so Thanks in advance for any help!
here's the code I'm using for the Tell a Friend
[php]<?php
$FriendName = $_POST['FriendName'];
$FriendEmail = $_POST['FriendEmail'];
$Name = $_POST['Name'];
$Email = $_POST['Email'];
$emailtext = $_POST['emailtext'];
$string = "http://www.americanconsumerinstitute.org";
?>
<html><head>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_validateForm() { //v4.0
var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
//-->
</script>
</head>
<body>
<?php
if (!$FriendEmail) {
?>
<br>
<form name="form1" onSubmit="MM_validateForm('Name','','R','Email','','RisEmail','FriendName','','R','FriendEmail','','RisEmail');return document.MM_returnValue" action="" method="POST">
<div align="center">
<table width="427" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="69" align="right" valign="top"> </td>
<td width="5"><font face="Verdana" size="2"> </font></td>
<td width="113"><font face="Verdana" size="2">Name: </font> </td>
<td width="216"> <font face="Verdana" size="2">E-mail:</font></td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>You:</b></font></td>
<td> </td>
<td>
<font face="Verdana">
<input type="text" name="Name" size="15"><font size="2"> </font></font>
</td>
<td>
<font face="Verdana">
<input type="text" name="Email" size="20"><font size="2"> </font></font>
</td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>Friend:</b></font></td>
<td> </td>
<td>
<font face="Verdana">
<input type="text" name="FriendName" size="15"><font size="2"> </font>
</font>
</td>
<td>
<font face="Verdana">
<input type="text" name="FriendEmail" size="20"><font size="2"> </font>
</font>
</td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>Message:</b></font></td>
<td> </td>
<td colspan="2">
<font face="Verdana">
<textarea name="emailtext" cols="38" rows="6" style="font-family: Trebuchet MS; font-size: 10pt">
I found this great website and I believe you would be interested in it.
Here is the link to that page: <?php echo $string ?>
</textarea><font size="2"> </font></font>
</td>
</tr>
<tr>
<td align="right"> </td>
<td><font face="Verdana" size="2"> </font> </td>
<td>
<font face="Verdana">
<input type="submit" value="Send" name="Submit"><font size="2"> </font>
</font>
</td>
<td> </td>
</tr>
</table>
</div>
</form>
<?php
}
else {
if ($FriendEmail) { mail( $FriendEmail, "Message from $Name", "$FriendName, \n\n".$emailtext ."\n\n$Name", "From: $Email");
}
echo "<center><br><br><font face=Verdana size=2>Thank you <font color=red>$Name</font>. The email has been sent to <font color=red>$FriendName</font>. <br><br><a href='javascript:window.close();'>Close this window</a></font><p>
<font face=Verdana size=2>powered by: <a href=http://www.americanconsumerinstitute.org/ target=new>Tell A Friend</a></font></p>";
}
?>
<p> </p>
</body>
</html> [/php]
Last edited by cscgal : Aug 28th, 2006 at 9:40 pm. Reason: Added [php] tags
•
•
Join Date: Aug 2006
Posts: 32
Reputation:
Rep Power: 2
Solved Threads: 2
Light Poster
You will need to filter all your variables. Start with add_slashes() and strip _tags()
Also there is a big problem with PHP sending spam by users injecting the bcc field and sending spam to multiple users. I suspect most times its bots. To combat this I use the eregi() function
I usually don't let the user know, I just let them go on thinking they sent out their spam.
You can also filter out the URLs the same way, which can be from a normal user so you would need to let the user know in this case, then after the check you can append the url of the page to the end of the $message var
You can also use str_replace to replace obscene words and such in the message
StatiX
Also there is a big problem with PHP sending spam by users injecting the bcc field and sending spam to multiple users. I suspect most times its bots. To combat this I use the eregi() function
if (eregi('bcc', $email)) {
// Email field contains bcc header. Kill
// The script, this is probably an attack
die();
}I usually don't let the user know, I just let them go on thinking they sent out their spam.
You can also filter out the URLs the same way, which can be from a normal user so you would need to let the user know in this case, then after the check you can append the url of the page to the end of the $message var
$message .= "The URL is http://www.site.com";
You can also use str_replace to replace obscene words and such in the message
StatiX
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
Linear Mode
Similar Threads
- Table Adapters (Visual Basic 4 / 5 / 6)
- cannot get the sendmail to actualy send an email with the form selections (PHP)
- Centering a form in VB.NET (VB.NET)
- CAPS LOCK Key (Visual Basic 4 / 5 / 6)
- Scrolling MDI Child form (Visual Basic 4 / 5 / 6)
- Windows ME Keyboard lock up (Windows 9x / Me)
Other Threads in the PHP Forum
- Previous Thread: script which will automatic startup for virtual machines under Microsoft Virtual Serv
- Next Thread: cPanel: email account creation. I need help making a PHP script.
