Guestbook with security code

6 posts by 4 authors in: Forums > CMS Builder
Last Post: January 21, 2011 (RSS)

Archived
Reply
Reply

By videopixel - May 16, 2010 - edited: May 16, 2010

Because of the lack of guestbook/forms in CMSBuilder i started to create one with the addForm.php template found in this forum.

Everything works!!! :-)

Only the security code not... whatever i type inside that box it will send the form...

Any solution or hint?

<?php header('Content-type: text/html; charset=utf-8'); ?>
<?php
  $libraryPath = 'admin/lib/viewer_functions.php';
  $dirsToCheck = array('blablabla path to my server...');
  foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
  if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
  
  // submit form
  if (@$_REQUEST['submit']) {

  // error checking
  $errorsAndAlerts = "";
  $randomNumber = $_REQUEST['randomNumber'];
  if (!@$_REQUEST['name'])          { $errorsAndAlerts .= "Please specify Name!<br/>\n"; }
  if (!@$_REQUEST['e_mail_address']){ $errorsAndAlerts .= "Please specify E-mail address!<br/>\n"; }
  if (!@$_REQUEST['comment'])       { $errorsAndAlerts .= "Please specify Comment!<br/>\n"; }
  if (!@$_REQUEST['randomNumber']) 	{ $errorsAndAlerts .= "Please specify/verify the Security Code!\n"; }

  // turn off strict mysql error checking for: STRICT_ALL_TABLES
  mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)

  // add record
  // if (!@$errorsAndAlerts) {
  if (!@$errorsAndAlerts) {
    mysql_query("INSERT INTO `{$TABLE_PREFIX}guestbook` SET
                      name             = '".mysql_escape( $_REQUEST['name'] )."',
		      e_mail_address   = '".mysql_escape( $_REQUEST['e_mail_address'] )."',
                      comment          = '".mysql_escape( $_REQUEST['comment'] )."',

                      createdDate      = NOW(),
                      updatedDate      = NOW(),
                      createdByUserNum = '0',
                      updatedByUserNum = '0'")
    or die("MySQL Error Creating Record:<br/>\n". htmlspecialchars(mysql_error()) . "\n");
    $recordNum = mysql_insert_id();

    // display thanks message and clear form
    $errorsAndAlerts = "Thank You for signing my guestbook!";
    $_REQUEST = array();
  }

}

 list($guestbookRecords, $guestbookMetaData) = getRecords(array(
    'tableName'   => 'guestbook',
    'perPage'     => '10',
  ));

?>

<?php $randomNumber = rand(100000,999999); ?>

In the body:

<form method="post" action="">
<input type="hidden" name="submit" value="1" />
<div><input name="name" type="text" value="<?php echo htmlspecialchars(@$_REQUEST['name']) ?>" size="40" /></div>
<div><input name="e_mail_address" type="text"  value="<?php echo htmlspecialchars(@$_REQUEST['e_mail_address']) ?>" size="40" /></div>
<div><textarea name="comment" cols="65" rows="6"><?php echo htmlspecialchars(@$_REQUEST['comment']) ?></textarea></div>
<div><?php echo $randomNumber; ?></div>
<div><input name="randomNumber" type="text" id="randomNumber" size="10" /></div>
<div><input type="submit" name="add" value="Sign" id="form_button" class="color" /></div>

<?php if (@$errorsAndAlerts): ?>
<div id="form_status"><?php echo $errorsAndAlerts; ?></div>
<?php endif ?>
<input type="hidden" id="check" name="check" value="<?php echo $randomNumber;?>" />
</form>

Thanks
[:)][:)]

Re: [videopixel] Guestbook with security code

Archived
Reply
Reply

By Jason - May 17, 2010

Hi

Currently, the script is only checking to see if something was entered in the random number box, but is not checking to see if it matches the number the server generated. Try adding this line to your error checking:

if (@$_REQUEST['randomNumber']!=@$_REQUEST['check']) 	{ $errorsAndAlerts .= "Please specify/verify the Security Code!\n"; }

Other than that, everything looks good. Nice solution!

Hope this helps.

---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Guestbook with security code

Archived
Reply
Reply

By videopixel - May 17, 2010

Hi Jason,

Thanks man it worked...

Re: [Jason] Guestbook with security code

Archived
Reply
Reply

By videopixel - January 13, 2011

It seems that this way is not secure anymore... [:(]
(got a lot of spam lately)

Any other way to do this?

http://www.dirkbeckers.be

Re: [videopixel] Guestbook with security code

Archived
Reply
Reply

By northernpenguin - January 13, 2011

Hi Videopixel

Try using CAPTCHA http://code.google.com/apis/recaptcha/docs/php.html

There are other postings in this forum on how to integrate CAPTCHA with CMSB. Also the "CMSB Cookbook" has a section, if I remember correctly.

Ragi

--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke

Re: [northernpenguin] Guestbook with security code

Archived
Reply
Reply

By gkornbluth - January 21, 2011

Sorry, I didn't see this post until today.

You're right Ragi,

There are detailed instruction on how to implement Captcha code in the CMSB Cookbook http://www.thecmsbcookbook.com

I personally like Captcha Creator because it's a bit more flexible to restyle, but ReCaptcha is good also.

Best,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!

Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php