 |  |  |  |  |  |  |  |
'Lock Down' a form
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
I have a tell a friend page done in PHP adnd I'd like to have it so that they can't edit/change the message only add their email & friend email...and not be able to add spam to it.
and I'm pretty new at PHP so Thanks in advance for any help!
here's the code I'm using for the Tell a Friend
[php]<?php
$FriendName = $_POST['FriendName'];
$FriendEmail = $_POST['FriendEmail'];
$Name = $_POST['Name'];
$Email = $_POST['Email'];
$emailtext = $_POST['emailtext'];
$string = "http://www.americanconsumerinstitute.org";
?>
<html><head>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_validateForm() { //v4.0
var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
//-->
</script>
</head>
<body>
<?php
if (!$FriendEmail) {
?>
<br>
<form name="form1" onSubmit="MM_validateForm('Name','','R','Email','','RisEmail','FriendName','','R','FriendEmail','','RisEmail');return document.MM_returnValue" action="" method="POST">
<div align="center">
<table width="427" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="69" align="right" valign="top"> </td>
<td width="5"><font face="Verdana" size="2"> </font></td>
<td width="113"><font face="Verdana" size="2">Name: </font> </td>
<td width="216"> <font face="Verdana" size="2">E-mail:</font></td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>You:</b></font></td>
<td> </td>
<td>
<font face="Verdana">
<input type="text" name="Name" size="15"><font size="2"> </font></font>
</td>
<td>
<font face="Verdana">
<input type="text" name="Email" size="20"><font size="2"> </font></font>
</td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>Friend:</b></font></td>
<td> </td>
<td>
<font face="Verdana">
<input type="text" name="FriendName" size="15"><font size="2"> </font>
</font>
</td>
<td>
<font face="Verdana">
<input type="text" name="FriendEmail" size="20"><font size="2"> </font>
</font>
</td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>Message:</b></font></td>
<td> </td>
<td colspan="2">
<font face="Verdana">
<textarea name="emailtext" cols="38" rows="6" style="font-family: Trebuchet MS; font-size: 10pt">
I found this great website and I believe you would be interested in it.
Here is the link to that page: <?php echo $string ?>
</textarea><font size="2"> </font></font>
</td>
</tr>
<tr>
<td align="right"> </td>
<td><font face="Verdana" size="2"> </font> </td>
<td>
<font face="Verdana">
<input type="submit" value="Send" name="Submit"><font size="2"> </font>
</font>
</td>
<td> </td>
</tr>
</table>
</div>
</form>
<?php
}
else {
if ($FriendEmail) { mail( $FriendEmail, "Message from $Name", "$FriendName, \n\n".$emailtext ."\n\n$Name", "From: $Email");
}
echo "<center><br><br><font face=Verdana size=2>Thank you <font color=red>$Name</font>. The email has been sent to <font color=red>$FriendName</font>. <br><br><a href='javascript:window.close();'>Close this window</a></font><p>
<font face=Verdana size=2>powered by: <a href=http://www.americanconsumerinstitute.org/ target=new>Tell A Friend</a></font></p>";
}
?>
<p> </p>
</body>
</html> [/php]
and I'm pretty new at PHP so Thanks in advance for any help!
here's the code I'm using for the Tell a Friend
[php]<?php
$FriendName = $_POST['FriendName'];
$FriendEmail = $_POST['FriendEmail'];
$Name = $_POST['Name'];
$Email = $_POST['Email'];
$emailtext = $_POST['emailtext'];
$string = "http://www.americanconsumerinstitute.org";
?>
<html><head>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_validateForm() { //v4.0
var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
//-->
</script>
</head>
<body>
<?php
if (!$FriendEmail) {
?>
<br>
<form name="form1" onSubmit="MM_validateForm('Name','','R','Email','','RisEmail','FriendName','','R','FriendEmail','','RisEmail');return document.MM_returnValue" action="" method="POST">
<div align="center">
<table width="427" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="69" align="right" valign="top"> </td>
<td width="5"><font face="Verdana" size="2"> </font></td>
<td width="113"><font face="Verdana" size="2">Name: </font> </td>
<td width="216"> <font face="Verdana" size="2">E-mail:</font></td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>You:</b></font></td>
<td> </td>
<td>
<font face="Verdana">
<input type="text" name="Name" size="15"><font size="2"> </font></font>
</td>
<td>
<font face="Verdana">
<input type="text" name="Email" size="20"><font size="2"> </font></font>
</td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>Friend:</b></font></td>
<td> </td>
<td>
<font face="Verdana">
<input type="text" name="FriendName" size="15"><font size="2"> </font>
</font>
</td>
<td>
<font face="Verdana">
<input type="text" name="FriendEmail" size="20"><font size="2"> </font>
</font>
</td>
</tr>
<tr>
<td align="right" valign="top"><font face="Verdana" size="2"><b>Message:</b></font></td>
<td> </td>
<td colspan="2">
<font face="Verdana">
<textarea name="emailtext" cols="38" rows="6" style="font-family: Trebuchet MS; font-size: 10pt">
I found this great website and I believe you would be interested in it.
Here is the link to that page: <?php echo $string ?>
</textarea><font size="2"> </font></font>
</td>
</tr>
<tr>
<td align="right"> </td>
<td><font face="Verdana" size="2"> </font> </td>
<td>
<font face="Verdana">
<input type="submit" value="Send" name="Submit"><font size="2"> </font>
</font>
</td>
<td> </td>
</tr>
</table>
</div>
</form>
<?php
}
else {
if ($FriendEmail) { mail( $FriendEmail, "Message from $Name", "$FriendName, \n\n".$emailtext ."\n\n$Name", "From: $Email");
}
echo "<center><br><br><font face=Verdana size=2>Thank you <font color=red>$Name</font>. The email has been sent to <font color=red>$FriendName</font>. <br><br><a href='javascript:window.close();'>Close this window</a></font><p>
<font face=Verdana size=2>powered by: <a href=http://www.americanconsumerinstitute.org/ target=new>Tell A Friend</a></font></p>";
}
?>
<p> </p>
</body>
</html> [/php]
Last edited by cscgal; Aug 28th, 2006 at 10:40 pm. Reason: Added [php] tags
You will need to filter all your variables. Start with add_slashes() and strip _tags()
Also there is a big problem with PHP sending spam by users injecting the bcc field and sending spam to multiple users. I suspect most times its bots. To combat this I use the eregi() function
I usually don't let the user know, I just let them go on thinking they sent out their spam.
You can also filter out the URLs the same way, which can be from a normal user so you would need to let the user know in this case, then after the check you can append the url of the page to the end of the $message var
You can also use str_replace to replace obscene words and such in the message
StatiX
Also there is a big problem with PHP sending spam by users injecting the bcc field and sending spam to multiple users. I suspect most times its bots. To combat this I use the eregi() function
PHP Syntax (Toggle Plain Text)
You can also filter out the URLs the same way, which can be from a normal user so you would need to let the user know in this case, then after the check you can append the url of the page to the end of the $message var
PHP Syntax (Toggle Plain Text)
StatiX
|
Similar Threads
- Table Adapters (Visual Basic 4 / 5 / 6)
- cannot get the sendmail to actualy send an email with the form selections (PHP)
- Centering a form in VB.NET (VB.NET)
- CAPS LOCK Key (Visual Basic 4 / 5 / 6)
- Scrolling MDI Child form (Visual Basic 4 / 5 / 6)
- Windows ME Keyboard lock up (Windows 95 / 98 / Me)
Other Threads in the PHP Forum
| Thread Tools | Search this Thread |
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for PHP
.htaccess access ajax apache api array beginner binary broken cakephp checkbox class cms code cron curl database date directory display download dynamic echo email encode error fcc file files folder form forms function functions google howtowriteathesis href htaccess html image images include insert integration ip java javascript joomla ldap limit link login loop mail menu mlm mod_rewrite multiple multipletables mysql oop open parse paypal pdf php problem provider query radio random recursion regex remote script search server sessions sms soap source space sql strip_tags structure syntax system table template tutorial update upload url validation validator variable video web xml youtube
