Reply to Re: In email form how do we say "must be equal to X"?

Your name:

Reply:


Posted by Jerry Stuckle on 11/10/06 19:47

Matthew Wilson wrote:
> "J.O. Aho" <user@example.net> wrote in message
> news:4rjiogFrvinbU1@mid.individual.net...
>
>
>>Just add another input of text type (you can name it what ever you want,
>>say fun), you random two values and make another input of hidden type (you
>>can call it what ever you want, but not the same as the previous, say
>>real), then on the script where you receive the form you compare the two
>>values
>
>
> That's great but a little complex for our needs. The actual capture form is
> HTML, only the receive script is PHP. Can you offer a simpler version which
> just expects the number "5" rather than random numbers?
>
> Here is the format we follow, and the relevant field that expects a 5 is
> "human":
>
> <?
> // ------------- CONFIGURABLE SECTION ------------------------
>
> // $mailto - set to the email address you want the form
> // sent to, eg
> //$mailto = "youremailaddress@example.com" ;
>
> $mailto =
>
> // $subject - set to the Subject line of the email, eg
> //$subject = "Feedback Form" ;
>
> $subject = "Feedback" ;
>
> // the pages to be displayed, eg
> //$formurl = "http://www.example.com/feedback.html" ;
> //$errorurl = "http://www.example.com/error.html" ;
> //$thankyouurl = "http://www.example.com/thankyou.html" ;
>
> $formurl =
> $errorurl =
> $thankyouurl =
>
> $uself = 0;
>
> // -------------------- END OF CONFIGURABLE SECTION ---------------
>
> $headersep = (!isset( $uself ) || ($uself == 0)) ? "\r\n" : "\n" ;
> $name = $_POST['name'] ;
> $email = $_POST['email'] ;
> $referee = $_POST['referee'] ;
> $human = $_POST['human'] ;
> $comments = $_POST['comments'] ;
> $http_referrer = getenv( "HTTP_REFERER" );
>
> if (!isset($_POST['email'])) {
> header( "Location: $formurl" );
> exit ;
> }
> if (empty($email) || empty($comments) || empty($human)) {
> header( "Location: $errorurl" );
> exit ;
> }
> if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
> header( "Location: $errorurl" );
> exit ;
> }
> if (get_magic_quotes_gpc()) {
> $comments = stripslashes( $comments );
> }
>
> $messageproper =
>
> "This message was sent from:\n" .
> "$http_referrer\n" .
> "------------------------------------------------------------\n" .
> "Name of sender: $name\n" .
> "Email of sender: $email\n" .
> "Referred by: $referee\n" .
> "2+3=$human\n" .
> "------------------------- COMMENTS -------------------------\n\n" .
> $comments .
> "\n\n------------------------------------------------------------\n" ;
>
> mail($mailto, $subject, $messageproper,
> "From: \"$name\" <$email>" . $headersep . "Reply-To: \"$name\" <$email>" .
> $headersep . "X-Mailer: chfeedback.php 2.07" );
> header( "Location: $thankyouurl" );
> exit ;
>
> ?>
>
>
> Thanks so much!
>
> Matt
>
>

Matt,

If you're always expecting the same number, your spambots will quickly
pick up on that and you're no longer secure.

Aho's response is good, and very easy to implement. The one thing I
should add, though, is to encrypt the hidden value some way. A one-way
hash would work, for instance. Then when they enter the value on the
form, encrypt it the same way and compare the results with what's in the
hidden field.

For instance:

<input type="text" name="real" value="<?PHP echo crypt($a+$b,
'oUrSeCrEt'); ?>">

And on the other end:

if(crypt($_REQUEST['fun'], 'oUrSeCrEt')!=$_REQUEST['real'] ...

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация