Hi all,
I have a simple guestbook written to txt file with this html page
<?php
//error_reporting(E_ALL);
$amount=15;
$file=fopen('gast.txt','a');
$start=(isset($_GET['start'])?$_GET['start']:0);
$gastenboek=Array();
$gastenboek=file('gast.txt');
?>
<SCRIPT language="JavaScript">
function validate(form)
{
if (form.name.value=="")
{
alert("Vul je naam in");
return false;
}
else if (form.message.value=="")
{
alert("Vul je bericht in");
return false;
}
else if (form.url.value=="")
{
return true;
}
else
{
return false;
}
}
</SCRIPT>
</p>
<TABLE width="100%" cellspacing="0" cellpadding="0">
<TR>
<TD class="side"> Berichten <? echo $start+1; ?> tot en met <? echo min($start+$amount,sizeof($gastenboek)); ?>.
<HR> <TABLE width="100%" >
<?
$gastenboek=array_reverse($gastenboek);
for ($i=$start;$i<$start+$amount && $i<sizeof($gastenboek);$i++) {
list($name,$email,$date,$url,$message)=explode('|||',$gastenboek[$i]);
$message=str_replace('{{',"\
",$message);
echo '<TR><TD><B>'.($email!=""?'<A href="mailto:'.$email.'">'.$name.'</A>':$name).'</B></TD><TD align="right"><B>'.$date.'</B></TD></TR>'."\
";
echo ($url!=""?'<TR><TD colspan="2"><A href="'.$url.'" target="_blank">'.$url.'</A></TD></TR>':'')."\
";
echo '<TR><TD colspan="2"><SPAN>'.str_replace("\
",'<BR>',htmlspecialchars($message)).'</SPAN></TD></TR>'."\
";
echo '<TR><TD colspan="2"><HR></TD></TR>'."\
";
}
?>
</TABLE>
<CENTER>
<?
if ($start>0) echo '<A href="gastentest.php?start='.max(0,$start-$amount).'"><<<</A> ';
if ($start+$amount<sizeof($gastenboek)) echo ' <A href="gastentest.php?start='.($start+$amount).'">>>></A>';
?> </CENTER></TD>
</TR>
</TABLE>
<TABLE width="100%" cellspacing="0" cellpadding="0" >
<TR>
<TD class="side">Nieuw bericht</TD>
</TR>
</TABLE>
<TABLE width="100%" cellspacing="0" cellpadding="0" >
<TR>
<TD class="side"> <TD class="side"> <FORM action="actiontest.php" method="POST" onSubmit="return validate(this);">
<INPUT type="hidden" name="action" value="write">
<TABLE class="side">
<TR>
<TD>Naam:</TD>
<TD><INPUT type="text" name="name" size="30"></TD>
</TR>
<TR>
<TD>E-Mail:</TD>
<TD><INPUT type="text" name="email" size="30">
(optioneel)</TD>
</TR>
<TR>
<TD><p class="antispam">Leave this empty:
<br /><input name="url"/></p></TD>
</TR>
<TR>
<TD>Bericht:</TD>
<TD><TEXTAREA name="message" cols="50" rows="5"></TEXTAREA></TD>
</TR>
</TABLE>
<INPUT type="submit" value="Verstuur" form onsubmit="document.form.name.value=''; document.form.message.value=''; ">
<input type="hidden" name="return" value="<?php echo 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'] ?>" />
</FORM>
</TD>
</TR>
</TABLE>
The action.php file:
<?php
//error_reporting(E_ALL);
$amount=15;
if ($_POST['action']=='write') {
$file=fopen('gast.txt','a');
$message=$_POST['message'];
$message=str_replace("\\r",'', $message);
$message=str_replace("\
",'{{',$message);
fwrite($file,$_POST['name'].'|||'.$_POST['email'].'|||'.date('d-m-Y').'|||'.$_POST['url'].'|||'.$message."\
");
fclose($file);
}
$start=(isset($_POST['start'])?$_POST['start']:0);
$gastenboek=Array();
$gastenboek=file('gast.txt');
header('location: '.$_POST['return']);
?>
The URL field isn’t visible for a user, therefor must remain empty. If something is in the URL field, must be a spambot so no posting…
You see the javascript validation, but the first spambot has already entered something in the guestbook so this isn’t working the way it’s supposed to.
How can the javascript validation be replaced by php code?
Thanks