R0CKY
-
Posts
39 -
Joined
-
Last visited
Posts posted by R0CKY
-
-
Hi
Im hoping I can get some help with this - as it is a big problem for me.
I am trying to add googles recaptcha code to my existing php page with a comment form...
This is the code I have to place before the submit button<buttonclass="g-recaptcha"data-sitekey="---deleted----"data-callback="YourOnSubmitFn">Submit</button>And This is my current form code from a php file (I've stripped out table layout tags for clarity)<form action="{$settings.dburl}/index.php?act=comments&c=post&file={$file.file_id}" method="post">{#post_comment#}{#poster#<input type="text" name="subject" id="subject" size="40" maxlength="150" /><textarea name="comment" id="comment" rows="12" style="width: 95%"></textarea><input type="submit" value="{#post_comment#}" onclick="postComment({$file.file_id}); return false;" /></form>I am confused about what I should replace the YourOnSubmitFn with?Any help would be greatly appreciated. -
DO please enlighten us. How many websites do you run, how many databases, and how long since you had a security incident?
Entirely irrelevant. YouFailAsAnAdmin is correct in what he says. Yeh, it might hurt a little, but he is correct.
Not impressed at all with the postings from this site's Admins in this thread.
In short, this is a non-commercial venture with limited resources. Of course I could point out that large enterprises with millions of dollars of security hardware and networking infrastructure to support it, as well as entire security staffs have been compromised, but I'm sure you know better than them.The minute you start putting banners on the forum, the "we are not commercial" argument fails. You are earning adsense commision off your members, so please don't plead poverty.
You contradict yourself when you correctly point out that even with massive resources, a dedicated hacker will still get in.
They were able to access the admin tools via a normal login. In short, it appears that this is a case where there was simply a compromised password used.So, that would be an Admin password then, and your IPB admin logs will reveal exactly which admin did this?
It's looking awfully like your own Admins didn't take your own advice.
While the passwords are hashed, someone who is highly motivated to do so, may be able to derive your original password, especially if you did not use good password practices.I run a busy forum and have had my share of headaches so you have my sympathy, for what it's worth - but I really hope this is not an #Admin password being so weak it was brute forced, because that is what you have described,
-
Thanks for your helps guys, it's great to finally have this sorted out.
-
Yeh I am asking the user to type "recon" to verify they are human.
I did the !+ thing and it worked, many thanks!
-
Ah, okay so I changed it to this...
//Make sure the spam response is validif ($_POST['spamcheck']=="recon") {
smarty_error(lang('emptyfield'));
}
So basically if it fails antispam check, it does the same thing as if there was an empty field and rejects the form.
The thing is, I tried it, and it's working the opposite way, if the spam check passes, it is rejecting the form, and if the spam check fails, it is accepting the form!
Sorry, I am not very good at this and am just trying to bluff my way through! thanks.
-
@ Edwin, I'll add the text once I get it working, thanks.
@ Pika, if true it continues through the code and sends the form data in an e-mail (isn't that how it works... unsure....)... I'll post the entire code for the page below so you can see...
//Check if reporting is disabled if ($settings[0]['enable_report'] == 0) { smarty_error(lang('feature_disabled')); } //Get file info $file = $db->GetArray("SELECT * FROM ".$dbPrefix."files WHERE file_id = ".intval($_GET['id'])); if (count($file) == 0) { smarty_error(lang('file_exist')); } $file = $file[0]; //Send the mail if (isset($_GET['process'])) { if (!check_input($_POST, array('message'))) { smarty_error(lang('emptyfield')); } //Make sure the spam response is valid if ($_POST['spamcheck']=="recon") { } //Make sure the "from" address is valid if (!eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $_POST['fromemail'])) { smarty_error(lang('emailinvalid')); } $usermessage = trim($_POST['message']); $message .="BROKEN DOWNLOAD REPORT FOR website.NET\n"; $message = $_POST['fromname'].' ('.$_SERVER['REMOTE_ADDR'].') has reported a broken link at '.$settings[0]['dbname'].".\n"; if (!empty($usermessage)) { // $message .= $_POST['fromname']." has included this message:\n"; $message .= $usermessage."\n\n"; } $message .= "File: ".$file['file_name']."\n"; $message .= "URL: ".$file['file_dlurl']."\n\n"; $message .= "Please visit the following link to view the file:\n"; $message .= $settings[0]['dburl'].'/index.php?act=view&id='.$_GET['id']."\n\n"; // $message.= "If you have verified that the link is broken, you may edit the download URL in the paFileDB admin center at ".$settings[0]['dburl']."/admin.php\n\n"; // $message .= "The IP address of the person who reported the broken link is: ".$_SERVER['REMOTE_ADDR']."\n\n"; $message .= "To report abuse of this feedback system, please visit ".$settings[0]['dburl']; $to = array(); $admins = $db->GetArray("SELECT user_username, user_email FROM ".$dbPrefix."users"); foreach ($admins as $a) { $to[] = array("name" => $a['user_username'], "address" => $a['user_email']); } pafiledb_mail($_POST['fromname'], $_POST['fromemail'], $to, 'Broken link reported at '.$settings[0]['dbname'], $message); smarty_redirect(lang('report_sent'), 'index.php?act=view&id='.$_GET['id']); } $smarty->assign('id', $_GET['id']); //Fetch the category info from the database // Generate the navbar. We're using the dropdown cache to save // system resources. $navbar = array(); $navbar[] = array('name' => lang('report_broken'), 'url' => ''); $navbar[] = array('name' => $file['file_name'], 'url' => '?act=view&id='.intval($_GET['id'])); $allcats = unserialize($settings[0]['dropdown']); $tempcat = $file['file_catid']; $templvl = -1; // 0 = start. We need to identify that this hasn't been set so -1 works for($x = count($allcats)-1; $x >= 0; $x--) { // Step #1 - Determine the level of the current category // and then work our way down. if ($templvl == -1 && $allcats[$x]['id'] == $tempcat) { $navbar[] = array('name' => $allcats[$x]['name'], 'url' => '?act=category&id='.$allcats[$x]['id']); $templvl = $allcats[$x]['sub']-1; } else if ($templvl != -1 && $allcats[$x]['sub'] == $templvl) { $navbar[] = array('name' => $allcats[$x]['name'], 'url' => '?act=category&id='.$allcats[$x]['id']); $templvl--; if ($templvl == -1) { break; } } } $navbar[] = array('name' => $settings[0]['dbname'], 'url' => ''); // And then we reverse it for paFileDB $navbar = array_reverse($navbar); $smarty->assign('navbar', $navbar); // We already handled the recursion so let's cheat and use it like a cache for the titlebar. $title = array(); foreach ($navbar as $c) { $title[] = $c['name']; } $smarty->assign('title', implode(' » ', $title)); ?> -
I'm using a now unsupported PHP download system that has a public front end where the visitor can send a message when a file download is broken.
The problem is now I need some kind of anti spam measure to stop robots sending me rubbish through the form.
Here's is a part of the php page....
//Send the mail if (isset($_GET['process'])) { if (!check_input($_POST, array('message'))) { smarty_error(lang('emptyfield')); } //Make sure the spam response is valid if ($_POST['spamcheck']=="recon") { } //Make sure the "from" address is valid if (!eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $_POST['fromemail'])) { smarty_error(lang('emailinvalid')); }The //Make sure the spam response is valid part was inserted by me, but it is not working. The visitor can type anything he likes in the spamcheck form field and the form is still being accepted.
Any hints, please?
Thanks in advance.
-
It's getting to confusing for me as a php n00b to follow, I found that there are apparently two form processors in this downloads system, one called ajax.php and one called ajax.js :-\
I think I am going to have to give up on this and find another way to stop the spammers.
-
Yeh I tried that but I don't see the echo anywhere, the page refreshes really quick, the comment appears posted and there is no echo in sight. I think I need to try and stop the code somewhere (somehow) so I get time to see the echo.
I just know that it won't display the spam field, but you are right we need to see, I'm going to dig a bit deeper.
-
Hi thanks for the suggestion, but it made no difference.
-
I have a script installed that has a comment form that I want to protect from spam with a simple math question.
I added a new field into the form called antispam, and in the form processor page I added a check for the answer to be correct. I can't get it to work though.
By a process of trial and error though I discovered I can get a condition check to work if I use one of the existing fields. For example if I change the condition check to only proceed if the subject field is "PASS", then it will work. But as soon as I try and use the new antispam field, it does not work, whether the answer is correct or wrong, it still pasts the comment. This confuses me.
Here's the code I am using. I have commented in <!-- ANTI SPAM ROW --> to show the only 4 lines of code I inserted into this form.
The form
<form action="{$settings.dburl}/index.php?act=comments&c=post&file={$file.file_id}" method="post"> <table width="75%" border="1" align="center" cellpadding="3" cellspacing="0" class="border"> <tr class="sectionheader"> <td width="100%" colspan="2"> {#post_comment#} </td> </tr> <tr> <td width="50%">{#poster#}:</td> <td width="50%"><input type="text" name="subject" id="subject" size="40" maxlength="150" /></td> </tr> <tr> <td align="center" colspan="2"> <textarea name="comment" id="comment" rows="12" style="width: 95%"></textarea> </td> </tr> <!-- ANTI SPAM ROW --> <tr> <td width="50%">Anti Spam : What is 2 + 2?</td> <td width="50%"><input type="text" name="antispam" id="antispam" size="1" maxlength="1" /></td> </tr> <tr> <td align="center" colspan="2"> <input type="submit" value="{#post_comment#}" onclick="postComment({$file.file_id}); return false;" /><br /> <div id="status" style="font-weight: bold"></div> </td> </tr> </table> </form>The Form Processor
In this page I added a simple check
if ($_POST['antispam'] == "4") $enableComments = true;
This does not work though. However if I was (just for testing purposes) to do a check on the subject field (as follows) it works!
if ($_POST['subject'] == "SPAM") $enableComments = false;
So I have figured out the problem is with the new antispam field I added - but what is the problem?
Many thanks for any advice on this one.
-
Thank you.
-
I have a line of code that selects from the dbase ordered by the date of the entry, like this :
$result = $db->GetArray("SELECT * FROM ".$dbPrefix."files ORDER BY file_time DESC");I would like to exclude from that result though when a specific field (ID) is a specific value (40)
So in plain English it would be "select from the dbase ordered by time, excluding all files where the ID = 40.
How would I alter the above code to achieve this?
Many thanks!
-
Thanks Premiso
I did some more digging and found that the comment system calls a page called PHP Input Filter
and at the end of that is the expression you mention...
function escapeString($string, &$connection) {// depreciated function
if (version_compare(phpversion(),"4.3.0", "<")) mysql_escape_string($string);
// current function
else mysql_real_escape_string($string);
return $string;
So it looks like it should already be working, but isn't for some reason ???
-
Whenever someone posts a comment on my site that includes an apostrophe, it breaks the page and an error occurs, an extract of the start of the error is shown here.
')' at line 1] in EXECUTE("INSERT INTO .........
I think this is something to do with the way apostrophes are being handled...? Is there something I can do at the point of input to properly handle the apostrophes entered by visitors?
I've invested a huge amount of resources on this system but unfortunately the developer is no longer supporting the php script so I am hoping someone here can tell me how to properly deal with apostrophes entered in comment fields.
Please speak slowly.
Many thanks.
-
Sorry no I can't because the check happens after the form is submitted and the webpage refreshes, here's that section..
if (strpos(xhtml_convert($_POST['comment']), "http") === false) { if (strpos(xhtml_convert($_POST['comment']), "www") === false) { $db->Execute("INSERT INTO ".$dbPrefix."comments (comment_userid, comment_fileid, comment_time, comment_poster, comment_ip, comment_text) VALUES (".$userinfo[0]['user_userid'].", ".intval($_GET['file']).", ".time().", '".xhtml_convert($_POST['poster'])."', '".$_SERVER['REMOTE_ADDR']."', '".smart_slashes(str_replace("\n", "<br />", $commentText))."')"); -
I'm looking to return false for any form submitted comment that was a url in it. I thought the following code would do it, but apparently not...?
if (strpos(xhtml_convert($_POST['comment']), "http") === false)
-
Thank you both, I pasted in Barand's code and it worked first time.
You can see it in action at http://www.ghostrecon.net/, scroll down, right hand side "Latest Mods" boxout.
Many thanks!
-
Well, that'll be that then!
Thanks you very much for the detailed reply, much appreciated.
-
I have a database filled with records, each one of which has a file_time field that is stored in a format like this "1101765599" - I assume that's some kind of standard time code that can be changed into a standard date.
What I'd like to do is have php count how many records were added in the last 7 days. Each file has a sequntial File_ID field so that could help...?
So to break it down, I think this would be the steps.
Assign the most recent File_ID to variable A
Assign the current date to variable B
Subtract seven days and assign that date to variable C
Find the first record with File_time matching variable C
Subtract the File_ID of that record from variable A - and that would be the count.
I think that's the best logic, but I would need pointers with the php.... anyone start me off please?
-
I got it working, mainly by copy pasting simlar code from the same script, I have no idea what it means (especially the 3 ===), but it works ;)
[code] if (strpos(xhtml_convert($_POST['com']['text']), "http") === false)
{
if (strpos(xhtml_convert($_POST['com']['text']), "www") === false)
{[/code] -
It's a comments field, anything can go in it, but to weed out spam I want to use the aboce check to prevent any comments that contain a URL.
-
No help? ???
-
I have been trying all evening to get a couple of condition checks inserted into an existing php page, but I am not having much luck.
What I am tying to do is ensure that no URLs are accepted in a form field $text, the conditions I planned on using were..
[code]if (strpos($text, "http") === false)
if (strpos($text, "com") === false) [/code]
The part of the code that inserts the data into the database follows, can anyone help my apply my two conditions so that the data will only be inserted into the database if the the $text is not a url?
[code]if ($expostprotect != 0 AND $_GET['comments'] == 'add')
{
smarty_redirect(lang('minuteprotection'), 'index.php?act=view&id='.$_GET['id'].'');
}
elseif ($nopostallowed < $max AND $_GET['comments'] == 'add')
{
if ($_POST['com']['text'] == TRUE AND $_POST['com']['name'] == TRUE AND $_POST['com']['title'] == TRUE)
{
$db->insert('comments', array(
array('file_id', xhtml_convert($_GET['id'])),
array('news_id', ''),
array('comments_text', xhtml_convert($_POST['com']['text'])),
array('comments_poster', xhtml_convert($_POST['com']['name'])),
array('comments_ip', xhtml_convert($_SERVER['REMOTE_ADDR'])),
array('comments_title', xhtml_convert($_POST['com']['title'])),
array('comments_time', time())
));
smarty_redirect(lang('comment_p'), 'index.php?act=view&id='.$_GET['id'].'');
}
else
{
smarty_redirect('The <b>'.lang('comment_title').'</b>, <b>'.lang('comment_name').'</b> or the <b>comment itself</b> is not filled in.', 'index.php?act=view&id='.$_GET['id'].'');
}
}
elseif ($nopostallowed != 0 AND $_GET['comments'] == 'add')
{
smarty_redirect(lang('comment_flood'), 'index.php?act=view&id='.$_GET['id'].'');
}[/code]
Many thanks for any help, I have been going mad over this.
Help to incorporate recaptcha to existing form
in PHP Coding Help
Posted
This is the difficulty I have, I have no php or javascript experience and as you have spotted, I am using a rather old script. I usually muddle through with trial and error, however I am struggling now.
I'll figure it out though.
Thanks for the pointers.