Jump to content

Adjusting the time in php for a guestbook


music_fan01

Recommended Posts

I have a working guestbook, but adjusting the time is whats getting me. I am trying to get the time to change depending on the timezone. And I also trying to get the time in the format 1:00 PM, not 21:00.

 

Then on a different note, how can I stop spamming and injections.

 

 

Index page for guestbook


<HTML>
<HEAD>
<style type="text/css">
<!--
.style1 {font-size: 12px}
body,td,th {
font-size: 14px;
}
a {
font-size: 12px;
}
body {
background-color: #CCCCCC;
SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000
}
a:link {
color: #0066FF;
text-decoration: none;
}
a:visited {
text-decoration: none;
color: #0066FF;
}
a:hover {
text-decoration: underline;
color: #0066FF;
}
a:active {
text-decoration: none;
}
-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><BODY>
<form method="post" action="addguestbook.php">
<div align="center"></div>
<div align="center"></div>
<div align="center" class="style1"></div>
<div align="center"><span class="style1">Name:</span><br />
  <input name="name" type="text" size="30" maxlength="40" />
  <br />
  <span class="style1"><br />
  Email:</span><br />
<input name="email" type="text" size="30" maxlength="40" />
<br />
<br />
<span class="style1">Home Page:</span><br />
<input name="site" type="text" size="30" value="http://" maxlength="40" />
<br />
<br />
<span class="style1">Message:</span><br />
<textarea name="msg" cols="22" rows="6"></textarea>
<br />
<br />
<input type="reset" value="Reset" />
 
<input type="submit" value="Send" />
</div>
<div align="center">
  <p> </p>
<?php
$file = "guestbook.txt";

if (fopen($file, "r")) {
$fil = "guestbook.txt";
$fo = fopen ($fil, "r");
$con = fread ($fo,filesize ($fil));
fclose ($fo);
echo "$con";
} else {
echo "<h3>Sorry there was an error please contact us now<h3>";
}
?></div>
</BODY>
</HTML>

 

 

addguestbook.php




<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css">
<!--
body,td,th {
font-size: 12px;
color: #000000;
}
a:link {
text-decoration: none;
color: #0066FF;
}
a:visited {
text-decoration: none;
color: #0066FF;
}
a:hover {
text-decoration: underline;
color: #0066FF;
}
a:active {
text-decoration: none;
}
body {
background-color: #CCCCCC;
SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000
}
-->
</style>
</HEAD>
<BODY>

<?php

function is_leapyear($year = 2004) {
return ($year%4)==0;
}




$file           = "guestbook.txt";
$name		= $_POST['name'];
$email		= $_POST['email'];
$site   	= $_POST['site'];
$msg		= $_POST['msg'];
$site   = stripslashes($site);
$msg  = stripslashes($msg);
$email  = stripslashes($email);
$name = stripslashes($name);
$msg = str_replace ("<","<",$msg);
$msg = str_replace ("\n","<br>",$msg);
$site = str_replace ("<","<",$site);
$site = str_replace ("\n","<br>",$site);
$email = str_replace ("<","<",$email);
$email = str_replace ("\n","<br>",$email);
$name = str_replace ("<","<",$name);
$name = str_replace ("\n","<br>",$name);

if(empty($email) || empty($name) || empty($msg)) {
echo "<h3>Sorry all fields are required</h3>";
} else {

$fp = fopen($file,"a");

$timestamp=date("M/D/Y h:m:s");
fwrite($fp, '
<font size="3">
<BR><BR>
Posted: '.$timestamp.'<br />
Name: '.$name.'<BR>
Email: <a href="mailto:'.$email.'">'.$email.'</a><BR>
Home Page: <a href="'.$site.'">'.$site.'</a><BR>Message: '.$msg.'<BR>
');

fclose($fp);

echo '<font size="3"><p align="center">Thank you '.$name.' for singing my guestbook</p></font>'; 
}
?>
<div align="center"></div>
<div align="center"></div>
<div align="center"></div>
<div align="center"></div>
<p align="center"><a href="index.php">Back to GuestBook</a></p>
<div align="center"></div>
</BODY>
</HTML>

To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way.

 

This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php)

 

also, there is a PHP function for converting new lines into HTML lines breaks called nl2br

nl2br: http://php.net/manual/en/function.nl2br.php.

 

//old version
$msg = str_replace ("<","<",$msg);
$msg = str_replace ("\n","<br>",$msg);
$site = str_replace ("<","<",$site);
$site = str_replace ("\n","<br>",$site);
$email = str_replace ("<","<",$email);
$email = str_replace ("\n","<br>",$email);
$name = str_replace ("<","<",$name);
$name = str_replace ("\n","<br>",$name);

//can be replaced by
$msg = nl2br(htmlentities($msg));
$site = nl2br(htmlentities($site));
$email = nl2br(htmlentities($email));
$name = nl2br(htmlentities($name));

 

if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22

I am trying to get the time to change depending on the timezone.

date_default_timezone_set()

 

trying to get the time in the format 1:00 PM, not 21:00.

date()

 

For the timezone, do I need to put something in the function? I was reading the tutorial and there are some examples that do have something in the function.

To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way.

 

This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php)

 

also, there is a PHP function for converting new lines into HTML lines breaks called nl2br

nl2br: http://php.net/manual/en/function.nl2br.php.

 

//old version
$msg = str_replace ("<","<",$msg);
$msg = str_replace ("\n","<br>",$msg);
$site = str_replace ("<","<",$site);
$site = str_replace ("\n","<br>",$site);
$email = str_replace ("<","<",$email);
$email = str_replace ("\n","<br>",$email);
$name = str_replace ("<","<",$name);
$name = str_replace ("\n","<br>",$name);

//can be replaced by
$msg = nl2br(htmlentities($msg));
$site = nl2br(htmlentities($site));
$email = nl2br(htmlentities($email));
$name = nl2br(htmlentities($name));

 

if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22

 

 

To make sure that I am understanding how to build a database, would I go about it like:

 

SELECT * FROM user_table WHERE name=’$name’  email=’$email’ site="$site' AND msg="$msg"

 

Almost. The valid form of the query you posted would be

SELECT * FROM user_table WHERE name=’$name’ AND  email=’$email’ AND site="$site' AND msg="$msg"

 

You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc.

Almost. The valid form of the query you posted would be

SELECT * FROM user_table WHERE name=’$name’ AND  email=’$email’ AND site="$site' AND msg="$msg"

 

You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc.

 

Before I get into building the database anymore, I dont have to link an admin name or password into the database?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.