Forum Moderators: coopster
My php form page has something like this:
<form action="formokinsc.php" method="post" target="okinsc" onSubmit="YY_checkform('inscripcion','nombre','#q','0','Field \'nombre\' is not valid.','email','#S','2','Field \'email\' is not valid.','telefono','#q','0','Field \'telefono\' is not valid.','comonosencontro','#q','1','Field \'comonosencontro\' is not valid.');return document.MM_returnValue" value=Inscribirme>
My "Ok" page has something like this:
<?
//mime
foreach ( $_POST as $key => $value ) {
$postVars .= $value;
}
if(eregi("MIME-Version:",$postVars)) {
die('Your message containts the words
"MIME-Version:" this is considerd as spam!');
}
$sploited = 0;
foreach($_POST as $key=>$value){
if(preg_match("!bcc:.+@!" , $value , $sploit_matches)){
$sploited = 1;
}
}
// If the form has been exploited, return a 404
if($sploited){
header("HTTP/1.0 404 Not Found");
echo "<h1>404 - Not Found</h1>";
exit();
}
else{
//PROCESS VALID FORM DATA HERE
$formulario = "Title";
$emailreceptor = "mi@email.here";
$receptor .= "E-mail: $email\n";
$receptor .= "\n";
$receptor .= "name: $nombre\n";
$receptor .= "\n";
$receptor .= "Suscribir al newsletter: $suscribiranewsletter\n";
$receptor .= "\n";
$receptor .= "----------Información Remota----------\n";
$receptor .= "$HTTP_USER_AGENT\n";
$receptor .= "$REMOTE_ADDR\n";
mail("$emailreceptor", "$formulario", $receptor, "From: $email");
}
?>
May anybody suggestme some code line for my form page, and my ok page?
Firstly, generate two random numbers and store them in hidden vars:
<?php
$one = rand [uk.php.net](1,99);
$two = rand [uk.php.net](11,55);
?>
<input type="hidden" name="one" value="<?php echo $one;?>">
<input type="hidden" name="two" value="<?php echo $two;?>">
Then add a third field asking for user input:
<?php echo $one;?>+<?php echo $two;?> =<br />
<input type="text" name="sum">
Then when you process:
if ($_POST['one']+$_POST['two']!=$_POST['sum'])
{
//error
}
Hope that helps.
dc
Do I understand correctly if I assume all that code goes in form page and the final part on ok page: if ($_POST['one']+$_POST['two']!=$_POST['sum'])
{
//error
}
dc
If I put that code in my form page (.htm page)
<?php
$one = rand(1,99);
$two = rand(11,55);
?>
<input type="hidden" name="one" value="<?php echo $one;?>">
<input type="hidden" name="two" value="<?php echo $two;?>">
Then add a third field asking for user input:
<?php echo $one;?>+<?php echo $two;?> =<br />
<input type="text" name="sum">
And this in formokinsc.php
if ($_POST['one']+$_POST['two']!=$_POST['sum'])
{
//error
}
Would work?
I guess there isn't any tag to insert a piece of php code into an html page. Do I assume right?
What code should I add to .htaccess in order to parse my form.htm page as form.php page?
To parse your form.htm as form.php, add the following to your .htaccess file:
AddType application/x-httpd-php .php .htm
That should be fine assuming your server supports .htaccess
dc
I don't know if is there something like <script language="JavaScript" type="text/JavaScript"></script> but for php scripts...
So added this to the ok php page:
if ($_POST['one']+$_POST['two']!=$_POST['sum'])
{
//error
header("HTTP/1.0 404 Not Found");
echo "<h1>Error</h1>";
}
But that's the ok page, so what I'm saying is "error" but showind the success page... that's bad
How do I stop the ok page to show if they don't put the right security code?
