Hi,
I'm browsing the web for a few days now in finding a solution for my issue. I hope you guys can help me out.
I am running a Usenet reader written in PHP and people visiting this will be able to post they're own message on the newsgroup (i'm using crons to keep everything synchronized).
Since a few days, SPAMbots found they're way to this page and i am trying to add a CAPTCHA validation to prevent bots to post on usenet through my website.
Now i was trying to use the guide on the website of recaptcha, but i am getting stuck with everything i do. The source code is a mess and the PHP-file that handles the postings is +1000 rows long (so kinda hard to post here).
Now, i am quite a noob here, so if there are any suggestions, i would be glad to hear it.
I guess this is the part where i need to be:
function postMessage($replyto, $group = "")
{
//we are not adding to a database so please do not add magic quotes
if (get_magic_quotes_gpc())
while (list ($key, $val) = each($_POST))
$_POST[$key] = stripslashes($val);
$errorString = "";
if (trim($_POST["subject"]) == "")
$errorString .= $this->_getString("missing_subject")."<br/>";
if (trim($_POST["name"]) == "")
$errorString .= $this->_getString("missing_name")."<br/>";
if (trim($_POST["email"]) == "")
$errorString .= $this->_getString("missing_email")."<br/>";
else
{
if ($this->config->validateEmails)
if (!validEmail($_POST["email"]))
$errorString .= $this->_getString("invalid_email")."<br/>";
}
if (trim($_POST["body"]) == "")
$errorString .= $this->_getString("missing_message")."<br/>";
if ($errorString != "")
{
echo "<b style=\"color:red\">$errorString</b><hr/>";
$this->displayForm($_POST["groups"]);
}
else
{
//post the message
$article = new Article();
$article->subject = $_POST["subject"];
$article->authorName = $_POST["name"];
$article->authorEmail = $_POST["email"];
$article->body = $_POST["body"];
$references = str_replace(" ", ",", $_POST["ref"]);
$article->references = csvToArray($references);
$article->group = $this->_groupName($_POST["groups"]);
$factory = new MessageFactory($this->config);
$message = $factory->createMessage($article);
$group = $this->config->getGroup($_POST["groups"]);
if ($group["type"]==USENET)
{
$newsServer = new NewsServer();
$newsServer->open($this->config->nntpServer, $this->config->nntpPort,
$this->config->nntpUsername, $this->config->nntpPassword);
$newsServer->postArticle($message);
$newsServer->close();
echo $this->config->msgPostedMessage;
}
else
{
$article = ArticleFactory::createFromRawText($message);
$article->date = time();
$article->messageId = "<".uniqid(rand())."@phpheadliner.local>";
if (is_string($this->config>persistArticleHook) && trim($this->config->persistArticleHook)!="")
call_user_func($this->config->persistArticleHook, $article);
$persistence = $this->config->getPersistenceManager($_POST["groups"]);
$persistence->persistArticle($article);
echo $this->config->msgPostedMessageNonUsenet;
}
echo "<br/><br/>".$this->_getString("previous_message", "<a href=\"".$_POST["page"]."\">", "</a>");
}
}
function displayForm($group, $replyto="")
{
$subject = $references = $body = $groups = "";
$page = $_GET["page"];
$persistence = $this->config->getPersistenceManager($group);
$credentials = $this->config->getCredentials();
if ($_POST["groups"])
{
$subject = $_POST["subject"];
$references = $_POST["ref"];
$body = $_POST["body"];
$groups = $_POST["groups"];
$name = $_POST["name"];
$email = $_POST["email"];
$page = $_POST["page"];
}
else if ($replyto != "")
{
$article = $persistence->getArticle($replyto);
if ($article !== false)
{
while (list (, $reference) = each($article->references))
{
//obtain the Message-ID for each reference
$referenceId = $persistence->getMessageId($reference);
$references .= ($references == "" ? "" : " ") . $referenceId;
}
//append the id of the message we are replying to
$references .= ($references == "" ? "" : " ") . $article->messageId;
$groups = $article->group;
//create a subject
$subject = $article->subject;
if (strtolower(substr($subject, 0, 3)) != "re:")
$subject = "Re: " . $subject;
$body = $article->body;
//extract the signature block
$body = preg_replace("/\n-- [\s\w\W\d\D]*/","", $body);
//quote previous message
$body = str_replace("\n", "\n> ", $body);
//highlight the previous message
$body = ($article->authorName=="" ? $article->authorEmail : $article->authorName)
. " wrote:\n> " . $body . "\n\n";
}
}
else
{
$groups = $group;
}
?>
<form name="message" action="<? echo $_SERVER["PHP_SELF"]; ?>" method="post">
<input value="<? echo htmlspecialchars($references) ?>" readonly name="ref" type="hidden">
<input value="<? echo htmlspecialchars($groups) ?>" readonly name="groups" type="hidden">
<input value="<? echo $page ?>" readonly name="page" type="hidden">
<table>
<tr>
<td width=220><? echo $this->_getString("form_name"); ?></td>
<td>
<? if ($this->config->getCredentials() !== false) {?>
<input value="<? echo htmlspecialchars($credentials["name"]) ?>" name="name" readonly size="40" maxlength="50">
<?} else {?>
<input value="<? echo htmlspecialchars($name) ?>" name="name" size="40" maxlength="50">
<? } ?>
</td>
</tr>
<tr>
<td width=220><? echo $this->_getString("form_email"); ?></td>
<td>
<? if ($this->config->getCredentials() !== false) {?>
<input value="<? echo htmlspecialchars($credentials["email"]) ?>.nospam.com" name="email" readonly size="40" maxlength="50">
<?} else {?>
<input value="<? echo htmlspecialchars($email) ?>" name="email" size="40" maxlength="50">
<? } ?>
</td>
</tr>
<tr>
<td width=220><? echo $this->_getString("form_subject"); ?><br></td>
<td><input value="<? echo htmlspecialchars($subject) ?>" name="subject" size="40" maxlength="80"></td>
</tr>
<tr>
<td colspan=2 valign="top"><? echo $this->_getString("form_message"); ?></td>
</tr>
<tr>
<td colspan=2><textarea name="body" rows="20" cols="79" wrap="physical"><? echo htmlspecialchars($body) ?></textarea>
</td>
</tr>
<tr align="right">
<td colspan=2>
<input name="submitbtn" type="submit" value="<? echo $this->_getString("form_submit"); ?>"
onClick="document.message.submit();document.message.submitbtn.disabled=true;document.message.submitbtn.value='<? echo $this->_getString("form_processing"); ?>'">
</td>
</tr>
</table>
</form>
I really hope someone can help, else i am forced to take the script offline.
Thanks in advance.