Jump to content

Adjusting the time in php for a guestbook

music_fan01

By music_fan01
in PHP Coding Help

 Share

Recommended Posts

music_fan01 Member

music_fan01

Posted
Posted

I have a working guestbook, but adjusting the time is whats getting me. I am trying to get the time to change depending on the timezone. And I also trying to get the time in the format 1:00 PM, not 21:00.

 

Then on a different note, how can I stop spamming and injections.

 

 

Index page for guestbook


<HTML>
<HEAD>
<style type="text/css">
<!--
.style1 {font-size: 12px}
body,td,th {
font-size: 14px;
}
a {
font-size: 12px;
}
body {
background-color: #CCCCCC;
SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000
}
a:link {
color: #0066FF;
text-decoration: none;
}
a:visited {
text-decoration: none;
color: #0066FF;
}
a:hover {
text-decoration: underline;
color: #0066FF;
}
a:active {
text-decoration: none;
}
-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><BODY>
<form method="post" action="addguestbook.php">
<div align="center"></div>
<div align="center"></div>
<div align="center" class="style1"></div>
<div align="center"><span class="style1">Name:</span><br />
  <input name="name" type="text" size="30" maxlength="40" />
  <br />
  <span class="style1"><br />
  Email:</span><br />
<input name="email" type="text" size="30" maxlength="40" />
<br />
<br />
<span class="style1">Home Page:</span><br />
<input name="site" type="text" size="30" value="http://" maxlength="40" />
<br />
<br />
<span class="style1">Message:</span><br />
<textarea name="msg" cols="22" rows="6"></textarea>
<br />
<br />
<input type="reset" value="Reset" />
 
<input type="submit" value="Send" />
</div>
<div align="center">
  <p> </p>
<?php
$file = "guestbook.txt";

if (fopen($file, "r")) {
$fil = "guestbook.txt";
$fo = fopen ($fil, "r");
$con = fread ($fo,filesize ($fil));
fclose ($fo);
echo "$con";
} else {
echo "<h3>Sorry there was an error please contact us now<h3>";
}
?></div>
</BODY>
</HTML>

 

 

addguestbook.php




<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css">
<!--
body,td,th {
font-size: 12px;
color: #000000;
}
a:link {
text-decoration: none;
color: #0066FF;
}
a:visited {
text-decoration: none;
color: #0066FF;
}
a:hover {
text-decoration: underline;
color: #0066FF;
}
a:active {
text-decoration: none;
}
body {
background-color: #CCCCCC;
SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000
}
-->
</style>
</HEAD>
<BODY>

<?php

function is_leapyear($year = 2004) {
return ($year%4)==0;
}




$file           = "guestbook.txt";
$name		= $_POST['name'];
$email		= $_POST['email'];
$site   	= $_POST['site'];
$msg		= $_POST['msg'];
$site   = stripslashes($site);
$msg  = stripslashes($msg);
$email  = stripslashes($email);
$name = stripslashes($name);
$msg = str_replace ("<","<",$msg);
$msg = str_replace ("\n","<br>",$msg);
$site = str_replace ("<","<",$site);
$site = str_replace ("\n","<br>",$site);
$email = str_replace ("<","<",$email);
$email = str_replace ("\n","<br>",$email);
$name = str_replace ("<","<",$name);
$name = str_replace ("\n","<br>",$name);

if(empty($email) || empty($name) || empty($msg)) {
echo "<h3>Sorry all fields are required</h3>";
} else {

$fp = fopen($file,"a");

$timestamp=date("M/D/Y h:m:s");
fwrite($fp, '
<font size="3">
<BR><BR>
Posted: '.$timestamp.'<br />
Name: '.$name.'<BR>
Email: <a href="mailto:'.$email.'">'.$email.'</a><BR>
Home Page: <a href="'.$site.'">'.$site.'</a><BR>Message: '.$msg.'<BR>
');

fclose($fp);

echo '<font size="3"><p align="center">Thank you '.$name.' for singing my guestbook</p></font>'; 
}
?>
<div align="center"></div>
<div align="center"></div>
<div align="center"></div>
<div align="center"></div>
<p align="center"><a href="index.php">Back to GuestBook</a></p>
<div align="center"></div>
</BODY>
</HTML>

mikesta707 Member

mikesta707

Posted
Posted

To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way.

 

This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php)

 

also, there is a PHP function for converting new lines into HTML lines breaks called nl2br

nl2br: http://php.net/manual/en/function.nl2br.php.

 

//old version
$msg = str_replace ("<","<",$msg);
$msg = str_replace ("\n","<br>",$msg);
$site = str_replace ("<","<",$site);
$site = str_replace ("\n","<br>",$site);
$email = str_replace ("<","<",$email);
$email = str_replace ("\n","<br>",$email);
$name = str_replace ("<","<",$name);
$name = str_replace ("\n","<br>",$name);

//can be replaced by
$msg = nl2br(htmlentities($msg));
$site = nl2br(htmlentities($site));
$email = nl2br(htmlentities($email));
$name = nl2br(htmlentities($name));

 

if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22

music_fan01 Member

music_fan01

Posted
  • Author
Posted

I am trying to get the time to change depending on the timezone.

date_default_timezone_set()

 

trying to get the time in the format 1:00 PM, not 21:00.

date()

 

For the timezone, do I need to put something in the function? I was reading the tutorial and there are some examples that do have something in the function.

music_fan01 Member

music_fan01

Posted
  • Author
Posted

To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way.

 

This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php)

 

also, there is a PHP function for converting new lines into HTML lines breaks called nl2br

nl2br: http://php.net/manual/en/function.nl2br.php.

 

//old version
$msg = str_replace ("<","<",$msg);
$msg = str_replace ("\n","<br>",$msg);
$site = str_replace ("<","<",$site);
$site = str_replace ("\n","<br>",$site);
$email = str_replace ("<","<",$email);
$email = str_replace ("\n","<br>",$email);
$name = str_replace ("<","<",$name);
$name = str_replace ("\n","<br>",$name);

//can be replaced by
$msg = nl2br(htmlentities($msg));
$site = nl2br(htmlentities($site));
$email = nl2br(htmlentities($email));
$name = nl2br(htmlentities($name));

 

if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22

 

 

To make sure that I am understanding how to build a database, would I go about it like:

 

SELECT * FROM user_table WHERE name=’$name’  email=’$email’ site="$site' AND msg="$msg"

 

mikesta707 Member

mikesta707

Posted
Posted

Almost. The valid form of the query you posted would be

SELECT * FROM user_table WHERE name=’$name’ AND  email=’$email’ AND site="$site' AND msg="$msg"

 

You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc.

music_fan01 Member

music_fan01

Posted
  • Author
Posted

Almost. The valid form of the query you posted would be

SELECT * FROM user_table WHERE name=’$name’ AND  email=’$email’ AND site="$site' AND msg="$msg"

 

You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc.

 

Before I get into building the database anymore, I dont have to link an admin name or password into the database?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.