php - Spam i gæstebog - Udvikleren.dk - Programmering, webdesign og grafik

Tags: php

Bruger #9822 @ 10.04.06 17:53

Ja, ja, ja! Jeg har set, at der er et utal af mennesker herinde der har oprettet spørgsmål der ligner mit - og ja, jeg har afprøvet mange af jeres løsningsforslag ...uden held! Så nu prøver jeg selv, og håber, at der sidder en person med meget forstand på php der kan hjælpe mig...

Min gæstebog har været (er stadig) udsat for massive spam-angreb. Jeg har fundet en løsning på nettet (http://php.webmaster-kit.com) som jeg gerne vil benytte - men kan ikke finde ud af at få koderne sat rigtigt ind på mit site...

Er der nogen der vil/kan hjælpe!

Cd'ere og t-shirts til den der får skidtet til at virke!

Lokke, lokke, lokke!

Her er koden:

Kode


<?php
//-||-> Guestbook Script <-||-\\\/* Gets the required file used for mysql and login */
require("info.php");

/* Starts up the session */
session_start();
session_register("sessionlogin");

/* Connects to the database server*/
if (!mysql_connect($db_host, $db_user, $db_pass)) { die ("Cannot cannot to database server."); }
if (!mysql_select_db($db_name)) { die ("Cannot cannot to the database."); }

/* Prevents showing errors which aren't revelant */
error_reporting(0);

/* Gets general settings */
$settings = mysql_fetch_array(mysql_query("SELECT * FROM $prefix" . "settings"));

/* Formats the date to the preferred style */
$currentdate = date("d/m/Y h:i:s a");
?>

<link href="style.css" type="text/css" rel="stylesheet">

<style type="text/css">
<!--
	A:link {text-decoration:none; color:#000000;}
	A:visited {text-decoration:none; color:#000000;}
	A:active {text-decoration:none; color:#000000;}
	A:hover{color:white;background-color:black}
	-->
</style>


<body>
<title><?php echo $settings['title']; ?></title>
<font>

<?php
/* Sets mode to the mode on the url */
$mode = $HTTP_GET_VARS['mode'];

/* Checks to see if the user selected to add an entry */
if ($mode == "add") {

	/* Function used to check to see if a variable is empty */
	function check_variable($variablename) {
		if ($variablename == "") {
			echo "Error! ...Please type something in all the boxes.";
			exit;
		}
	}

	/* Just shows the header for adding an entry, can be removed w/o affecting script */
	?>

	
<img src="../../images/design/storlinie3.gif" width="530" height="3" border="0"><br>
<font color="#000000" size="-2" face="verdana"><b>POST A MESSSAGE</b><br>
<img src="../../images/design/storlinie3.gif" width="530" height="3" border="0"><br>
		</font><br>
	

	<?php
	/* Sets variables for whatever */
	$submitform = $HTTP_POST_VARS['submitform'];
	$yourname = $HTTP_POST_VARS['yourname'];
	$youremail = $HTTP_POST_VARS['youremail'];
	$entrybody = $HTTP_POST_VARS['entrybody'];
	$submit = $HTTP_GET_VARS['submit'];

	/* Checks to see if the user submitted the form */
	if ($submit == "yes" && $submitform == "Okidoki") {

		/* Checks to make sure all the variables have content */
		check_variable($yourname);
		check_variable($youremail);
		check_variable($entrybody);

		/* Gets the query ready to be used */
		$sql = "INSERT INTO $prefix" . "entries SET name='$yourname', email='$youremail', date='$currentdate', body='$entrybody'";
		
		/* Does the inserting and if it doesnt work, it returns the error */
		if (!mysql_query($sql)) {
			echo mysql_error();
		}
		
		/* Actual HTML used for displaying the message that the entry has been added */
		?>

			<br>
			<font color="#000000" size="-2" face="verdana">
				
					<b>Your message is now added!</b><br>
					Return to the guestbook ...click <a href="index.php">here</a>.<br>
					
				
			</font>
			

		<?php
		exit;
	}

	/* Actual HTML used for displaying the form */
	?>

	<br>
	<form action="index.php?mode=add&submit=yes" method="post">
  <font color="#000000" size="-2" face="verdana"><b>Name</b><br>
  <input type="text" name="yourname" maxlength="50">
  <br>
  <br>
  <b>E-mail</b><br>
  <input type="text" name="youremail" maxlength="50">
  <br>
  <br>
  <b>Message</b><br>
  <textarea name="entrybody" cols="50" rows="10"></textarea>
  <br><br>
 <input type="submit" class="submit" value="Okidoki" name="submitform" style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; border: 1px #000000 solid; background-color: #CC3300; color: #ffffff">
</font>
	</form>
	<?php
	exit;
}

/* Creates the function display_entries() */
function display_entries($settings) {
	/* Gets the required file used for mysql and login */
	require("info.php");
	
	/* Connects to the DB */
	if (!mysql_connect($db_host, $db_user, $db_pass)) { die ("Cannot cannot to database server."); }
	if (!mysql_select_db($db_name)) { die ("Cannot cannot to the database."); }
	
	/* Makes a variable called xentries */
	$xentries = "";
	
	/* Gets all of the entries out of the database */
	$entries = mysql_query("SELECT * FROM $prefix" . "entries ORDER by id DESC");
	while ($row = mysql_fetch_array($entries)) {
		$entryname = $row["name"];
		$entryemail = $row["email"];
		$entrydate = $row["date"];
		$entrybody = $row["body"];
		$entryid = $row["id"];

		/* Sets elayout to the entry layout */
		$elayout = $settings['entrylayout'];
		
		/* Does the formatting */
		$elayout = str_replace("[name]", $entryname, $elayout);
		$elayout = str_replace("[email]", $entryemail, $elayout);
		$elayout = str_replace("[date]", $entrydate, $elayout);
		$elayout = str_replace("[body]", $entrybody, $elayout);
		
		/* Displays the entry */
		$xentries .= $elayout;
	}
	
	/* Returns xentries */
	return $xentries;
}

/* Gets the add url in a variable */
$add = "<a href=\\"index.php?mode=add\\"><img src=\\"postmessage.gif\\" border=\\"0\\"></a>";

/* Gets the delete url in a variable */
if (($_COOKIE['userlogged'] == "yes") || ($_SESSION['sessionlogin'] == "yes")) {
	$del = "<a href=\\"admin.php?mode=delete\\">Delete</a>";
}else{
	$del = NULL;
}

/* Sets layout to the mysql layout thing */
$layout = $settings['layout'];

/* Formats layout */
$layout = str_replace("[entries]", display_entries($settings), $layout);
$layout = str_replace("[title]", $settings['title'], $layout);
$layout = str_replace("[add]", $add, $layout);
$layout = str_replace("[delete]", $del, $layout);

/* Shows *everything* */
echo $layout . "<left><br><br>";

// The following line is required to stay intact.
//-||-> Copyright © 2003 HotSkripts.com <-||-\\\\?>

Indlæg senest redigeret d. 12.04.2006 14:40 af Bruger #9822

Bruger #3491 @ 10.04.06 19:00

315

Hvis vi kan ordne det over forumet her vil jeg gerne hjælpe.

Jeg har lige kigget på den side du linker til og det ser ikke ud til at være svært at implementere. Jeg har dog behov for koden til gæstebogen hvis jeg skal indsætte det

Bruger #7494 @ 10.04.06 21:36

130

Du kunne vælge at bruge hvis antal min./sek. før personen kan skrive en besked igen. Du kan også bruge alle felter skal udfyldelse og en tilfældig kode skal skrives. Du kunne også bruge ban ip.

Indlæg senest redigeret d. 10.04.2006 21:38 af Bruger #7494

Bruger #1742 @ 11.04.06 17:48

114

Ja altså vil os enten sige en begrænset tid mellem bekseder... eller tilfældig kode... ehm ip ban er en dårlig ide da mange har dynamisk ip

Bruger #7494 @ 11.04.06 18:46

130

Ved det, men den skifter jo ikke hele tiden...
Man kan også bruge cookie, men den kan de også slette..

Bruger #9822 @ 12.04.06 12:45

Jamen altså! Tak!
Du er meget velkommen til at forsøge...

Her er koden:

Kode


<?php
//-||-> Guestbook Script <-||-\\\
/* Gets the required file used for mysql and login */
require("info.php");

/* Starts up the session */
session_start();
session_register("sessionlogin");

/* Connects to the database server*/
if (!mysql_connect($db_host, $db_user, $db_pass)) { die ("Cannot cannot to database server."); }
if (!mysql_select_db($db_name)) { die ("Cannot cannot to the database."); }

/* Prevents showing errors which aren't revelant */
error_reporting(0);

/* Gets general settings */
$settings = mysql_fetch_array(mysql_query("SELECT * FROM $prefix" . "settings"));

/* Formats the date to the preferred style */
$currentdate = date("d/m/Y h:i:s a");
?>

<link href="style.css" type="text/css" rel="stylesheet">

<style type="text/css">
<!--
	A:link {text-decoration:none; color:#000000;}
	A:visited {text-decoration:none; color:#000000;}
	A:active {text-decoration:none; color:#000000;}
	A:hover{color:white;background-color:black}
	-->
</style>


<body>
<title><?php echo $settings['title']; ?></title>
<font>

<?php
/* Sets mode to the mode on the url */
$mode = $HTTP_GET_VARS['mode'];

/* Checks to see if the user selected to add an entry */
if ($mode == "add") {

	/* Function used to check to see if a variable is empty */
	function check_variable($variablename) {
		if ($variablename == "") {
			echo "Error! ...Please type something in all the boxes.";
			exit;
		}
	}

	/* Just shows the header for adding an entry, can be removed w/o affecting script */
	?>

	
<img src="../../images/design/storlinie3.gif" width="530" height="3" border="0"><br>
<font color="#000000" size="-2" face="verdana"><b>POST A MESSSAGE</b><br>
<img src="../../images/design/storlinie3.gif" width="530" height="3" border="0"><br>
		</font><br>
	

	<?php
	/* Sets variables for whatever */
	$submitform = $HTTP_POST_VARS['submitform'];
	$yourname = $HTTP_POST_VARS['yourname'];
	$youremail = $HTTP_POST_VARS['youremail'];
	$entrybody = $HTTP_POST_VARS['entrybody'];
	$submit = $HTTP_GET_VARS['submit'];

	/* Checks to see if the user submitted the form */
	if ($submit == "yes" && $submitform == "Okidoki") {

		/* Checks to make sure all the variables have content */
		check_variable($yourname);
		check_variable($youremail);
		check_variable($entrybody);

		/* Gets the query ready to be used */
		$sql = "INSERT INTO $prefix" . "entries SET name='$yourname', email='$youremail', date='$currentdate', body='$entrybody'";
		
		/* Does the inserting and if it doesnt work, it returns the error */
		if (!mysql_query($sql)) {
			echo mysql_error();
		}
		
		/* Actual HTML used for displaying the message that the entry has been added */
		?>

			<br>
			<font color="#000000" size="-2" face="verdana">
				
					<b>Your message is now added!</b><br>
					Return to the guestbook ...click <a href="index.php">here</a>.<br>
					
				
			</font>
			

		<?php
		exit;
	}

	/* Actual HTML used for displaying the form */
	?>

	<br>
	<form action="index.php?mode=add&submit=yes" method="post">
  <font color="#000000" size="-2" face="verdana"><b>Name</b><br>
  <input type="text" name="yourname" maxlength="50">
  <br>
  <br>
  <b>E-mail</b><br>
  <input type="text" name="youremail" maxlength="50">
  <br>
  <br>
  <b>Message</b><br>
  <textarea name="entrybody" cols="50" rows="10"></textarea>
  <br><br>
 <input type="submit" class="submit" value="Okidoki" name="submitform" style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; border: 1px #000000 solid; background-color: #CC3300; color: #ffffff">
</font>
	</form>
	<?php
	exit;
}

/* Creates the function display_entries() */
function display_entries($settings) {
	/* Gets the required file used for mysql and login */
	require("info.php");
	
	/* Connects to the DB */
	if (!mysql_connect($db_host, $db_user, $db_pass)) { die ("Cannot cannot to database server."); }
	if (!mysql_select_db($db_name)) { die ("Cannot cannot to the database."); }
	
	/* Makes a variable called xentries */
	$xentries = "";
	
	/* Gets all of the entries out of the database */
	$entries = mysql_query("SELECT * FROM $prefix" . "entries ORDER by id DESC");
	while ($row = mysql_fetch_array($entries)) {
		$entryname = $row["name"];
		$entryemail = $row["email"];
		$entrydate = $row["date"];
		$entrybody = $row["body"];
		$entryid = $row["id"];

		/* Sets elayout to the entry layout */
		$elayout = $settings['entrylayout'];
		
		/* Does the formatting */
		$elayout = str_replace("[name]", $entryname, $elayout);
		$elayout = str_replace("[email]", $entryemail, $elayout);
		$elayout = str_replace("[date]", $entrydate, $elayout);
		$elayout = str_replace("[body]", $entrybody, $elayout);
		
		/* Displays the entry */
		$xentries .= $elayout;
	}
	
	/* Returns xentries */
	return $xentries;
}

/* Gets the add url in a variable */
$add = "<a href=\\"index.php?mode=add\\"><img src=\\"postmessage.gif\\" border=\\"0\\"></a>";

/* Gets the delete url in a variable */
if (($_COOKIE['userlogged'] == "yes") || ($_SESSION['sessionlogin'] == "yes")) {
	$del = "<a href=\\"admin.php?mode=delete\\">Delete</a>";
}else{
	$del = NULL;
}

/* Sets layout to the mysql layout thing */
$layout = $settings['layout'];

/* Formats layout */
$layout = str_replace("[entries]", display_entries($settings), $layout);
$layout = str_replace("[title]", $settings['title'], $layout);
$layout = str_replace("[add]", $add, $layout);
$layout = str_replace("[delete]", $del, $layout);

/* Shows *everything* */
echo $layout . "<left><br><br>";

// The following line is required to stay intact.
//-||-> Copyright © 2003 HotSkripts.com <-||-\\\?>

Spam i gæstebog

Karma barometer (30 dage)

Modtaget

Givet

Favorit hos
Forum tråde
Artikler