Guestbook with security code

6 posts by 4 authors in: Forums > CMS Builder
Last Post: January 21, 2011   (RSS)

By videopixel - May 16, 2010 - edited: May 16, 2010

Because of the lack of guestbook/forms in CMSBuilder i started to create one with the addForm.php template found in this forum.

Everything works!!! :-)

Only the security code not... whatever i type inside that box it will send the form...

Any solution or hint?

<?php header('Content-type: text/html; charset=utf-8'); ?>
<?php
$libraryPath = 'admin/lib/viewer_functions.php';
$dirsToCheck = array('blablabla path to my server...');
foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }

// submit form
if (@$_REQUEST['submit']) {

// error checking
$errorsAndAlerts = "";
$randomNumber = $_REQUEST['randomNumber'];
if (!@$_REQUEST['name']) { $errorsAndAlerts .= "Please specify Name!<br/>\n"; }
if (!@$_REQUEST['e_mail_address']){ $errorsAndAlerts .= "Please specify E-mail address!<br/>\n"; }
if (!@$_REQUEST['comment']) { $errorsAndAlerts .= "Please specify Comment!<br/>\n"; }
if (!@$_REQUEST['randomNumber']) { $errorsAndAlerts .= "Please specify/verify the Security Code!\n"; }

// turn off strict mysql error checking for: STRICT_ALL_TABLES
mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)

// add record
// if (!@$errorsAndAlerts) {
if (!@$errorsAndAlerts) {
mysql_query("INSERT INTO `{$TABLE_PREFIX}guestbook` SET
name = '".mysql_escape( $_REQUEST['name'] )."',
e_mail_address = '".mysql_escape( $_REQUEST['e_mail_address'] )."',
comment = '".mysql_escape( $_REQUEST['comment'] )."',

createdDate = NOW(),
updatedDate = NOW(),
createdByUserNum = '0',
updatedByUserNum = '0'")
or die("MySQL Error Creating Record:<br/>\n". htmlspecialchars(mysql_error()) . "\n");
$recordNum = mysql_insert_id();

// display thanks message and clear form
$errorsAndAlerts = "Thank You for signing my guestbook!";
$_REQUEST = array();
}

}

list($guestbookRecords, $guestbookMetaData) = getRecords(array(
'tableName' => 'guestbook',
'perPage' => '10',
));

?>

<?php $randomNumber = rand(100000,999999); ?>



In the body:


<form method="post" action="">
<input type="hidden" name="submit" value="1" />
<div><input name="name" type="text" value="<?php echo htmlspecialchars(@$_REQUEST['name']) ?>" size="40" /></div>
<div><input name="e_mail_address" type="text" value="<?php echo htmlspecialchars(@$_REQUEST['e_mail_address']) ?>" size="40" /></div>
<div><textarea name="comment" cols="65" rows="6"><?php echo htmlspecialchars(@$_REQUEST['comment']) ?></textarea></div>
<div><?php echo $randomNumber; ?></div>
<div><input name="randomNumber" type="text" id="randomNumber" size="10" /></div>
<div><input type="submit" name="add" value="Sign" id="form_button" class="color" /></div>

<?php if (@$errorsAndAlerts): ?>
<div id="form_status"><?php echo $errorsAndAlerts; ?></div>
<?php endif ?>
<input type="hidden" id="check" name="check" value="<?php echo $randomNumber;?>" />
</form>


Thanks
[:)][:)]

Re: [videopixel] Guestbook with security code

By Jason - May 17, 2010

Hi

Currently, the script is only checking to see if something was entered in the random number box, but is not checking to see if it matches the number the server generated. Try adding this line to your error checking:

if (@$_REQUEST['randomNumber']!=@$_REQUEST['check']) { $errorsAndAlerts .= "Please specify/verify the Security Code!\n"; }

Other than that, everything looks good. Nice solution!

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Guestbook with security code

By videopixel - May 17, 2010

Hi Jason,

Thanks man it worked...

Re: [Jason] Guestbook with security code

It seems that this way is not secure anymore... [:(]
(got a lot of spam lately)

Any other way to do this?

http://www.dirkbeckers.be

Re: [videopixel] Guestbook with security code

Hi Videopixel

Try using CAPTCHA http://code.google.com/apis/recaptcha/docs/php.html

There are other postings in this forum on how to integrate CAPTCHA with CMSB. Also the "CMSB Cookbook" has a section, if I remember correctly.

Ragi
--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke