SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2009
    Location
    Netherlands
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Validating input

    Hi all,
    I have a simple guestbook written to txt file with this html page
    HTML Code:
    <?php
    //error_reporting(E_ALL);
      $amount=15;
        $file=fopen('gast.txt','a');
        $start=(isset($_GET['start'])?$_GET['start']:0);
      $gastenboek=Array();
      $gastenboek=file('gast.txt');
     ?>
     
    <SCRIPT language="JavaScript">
        function validate(form) 
      {
          if (form.name.value=="") 
        {
          alert("Vul je naam in");
          return false;
        } 
        else if (form.message.value=="") 
        {
          alert("Vul je bericht in");
          return false;
        } 
        else if (form.url.value=="") 
        {
          return true;
        } 
        else 
        {
         return false;
        }
      }
    </SCRIPT>
                  </p>
    <TABLE width="100%" cellspacing="0" cellpadding="0">
      <TR>
          <TD class="side"> Berichten <? echo $start+1; ?> tot en met <? echo min($start+$amount,sizeof($gastenboek)); ?>.
            <HR> <TABLE width="100%" >
              <?
              $gastenboek=array_reverse($gastenboek);
              for ($i=$start;$i<$start+$amount && $i<sizeof($gastenboek);$i++) {
                list($name,$email,$date,$url,$message)=explode('|||',$gastenboek[$i]);
                $message=str_replace('{{',"\n",$message);
                echo '<TR><TD><B>'.($email!=""?'<A href="mailto:'.$email.'">'.$name.'</A>':$name).'</B></TD><TD align="right"><B>'.$date.'</B></TD></TR>'."\n";
                echo ($url!=""?'<TR><TD colspan="2"><A href="'.$url.'" target="_blank">'.$url.'</A></TD></TR>':'')."\n";
                echo '<TR><TD colspan="2"><SPAN>'.str_replace("\n",'<BR>',htmlspecialchars($message)).'</SPAN></TD></TR>'."\n";
                echo '<TR><TD colspan="2"><HR></TD></TR>'."\n";
              }
            ?>
            </TABLE>
            <CENTER>
              <?
              if ($start>0) echo '<A href="gastentest.php?start='.max(0,$start-$amount).'"><<<</A> ';
              if ($start+$amount<sizeof($gastenboek)) echo ' <A href="gastentest.php?start='.($start+$amount).'">>>></A>';
            ?>   </CENTER></TD>
        </TR>
    </TABLE>
      <TABLE width="100%" cellspacing="0" cellpadding="0" >
        <TR>
          <TD class="side">Nieuw bericht</TD>
        </TR>
      </TABLE>
      <TABLE width="100%" cellspacing="0" cellpadding="0" >
        <TR>
          <TD class="side"> <TD class="side"> <FORM action="actiontest.php" method="POST" onSubmit="return validate(this);">
              <INPUT type="hidden" name="action" value="write">
               <TABLE class="side">
                <TR>
                  <TD>Naam:</TD>
                  <TD><INPUT type="text" name="name" size="30"></TD>
                </TR>
                <TR>
                  <TD>E-Mail:</TD>
                  <TD><INPUT type="text" name="email" size="30">
                    (optioneel)</TD>
                </TR>
                <TR>
                  <TD><p class="antispam">Leave this empty:
                <br /><input name="url"/></p></TD>
                </TR>
                <TR>
                  <TD>Bericht:</TD>
                  <TD><TEXTAREA name="message" cols="50" rows="5"></TEXTAREA></TD>
                </TR>
              </TABLE>
              <INPUT type="submit" value="Verstuur" form onsubmit="document.form.name.value=''; document.form.message.value=''; ">
              <input type="hidden" name="return" value="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'] ?>" /> 
            </FORM>
              </TD>
        </TR>
      </TABLE>
    The action.php file:
    PHP Code:
    <?php
    //error_reporting(E_ALL);
      
    $amount=15;
      if (
    $_POST['action']=='write') {
        
    $file=fopen('gast.txt','a');

        
    $message=$_POST['message'];
        
    $message=str_replace("\r",''$message);
        
    $message=str_replace("\n",'{{',$message);
        
    fwrite($file,$_POST['name'].'|||'.$_POST['email'].'|||'.date('d-m-Y').'|||'.$_POST['url'].'|||'.$message."\n");
        
    fclose($file);
      }
      
    $start=(isset($_POST['start'])?$_POST['start']:0);
      
    $gastenboek=Array();
      
    $gastenboek=file('gast.txt');
      
    header('location: '.$_POST['return']);
    ?>
    The URL field isn't visible for a user, therefor must remain empty. If something is in the URL field, must be a spambot so no posting..
    You see the javascript validation, but the first spambot has already entered something in the guestbook so this isn't working the way it's supposed to.
    How can the javascript validation be replaced by php code?

    Thanks

  2. #2
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,508
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    In action.php, just like you check the value of $_POST['action'], check the value of $_POST['url'].

  3. #3
    SitePoint Enthusiast
    Join Date
    Mar 2009
    Location
    Netherlands
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oke, not sure how to write the code..

  4. #4
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,508
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    You could change this
    Code PHP:
    if ($_POST['action']=='write') {
    into
    Code PHP:
    if ($_POST['action'] == 'write' && $_POST['url'] == '') {

  5. #5
    SitePoint Enthusiast
    Join Date
    Mar 2009
    Location
    Netherlands
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Super !
    Working just fine.. thnx m8 !!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •