|
Posted by DrTebi on 09/28/05 16:19
On Mon, 19 Sep 2005 16:51:41 -0400, Andy wrote:
> I made a script to write all posted data by a form in CSV file. I did also a
> script to ban spammers IP Addresses. When banned spammer wants to use my
> form ito send a letter he gets a warning message. Unfortunately all spammers
> data he tried to send is recorded in CSV file. Please tell me how to modify
> my script so the spammer will get a warning message but his data will not be
> recorded after he press a send button. Thank you.
>
> This is a script to record data to CSV file (letters.CSV).
>
>
> $filename = "letters.csv";
> touch ("$filename");
> $fpc = fopen($filename, "a") or die ("Couldn't open $filename");
> fputs($fpc,"\n\"$_POST[from],\"
> $_POST[email],\"$_POST[message],");fclose($fpc);
>
>
> This is a script to ban IP Addresses :
>
> $ban_ip_on = "yes";
>
> $ban_ip_list = "111.222.33.55,
> 11.33.777.99,";
>
> if($ban_ip_on == "yes") {
>
> if(strstr($ban_ip_list, $HTTP_SERVER_VARS[REMOTE_ADDR])) {
> echo "<div align='center'><span class='contact6'> Error - Banned
> IP</span><br><br><span class='cbull'>•
> </span><span class='contact5'>
> You cannot use this form because your IP address has been banned by the
> administrator.</span><br><br><input type=button value='> > Close
> Window < <'
> onClick=javascript:closewindow(); name='button'></div>";
> $error = "yes";
> }
> }
>
>
> if($error == "yes") {
> exit();
> }
Well,
I am not sure in what order you are running those scripts. However, you
could probably put them just in one script, and make sure the banning
stuff gets executed first:
$ban_ip_on = true;
$ban_ip_list = array('111.222.33.55', '11.33.777.99');
if($ban_ip_on === true) {
if(in_array($_SERVER['REMOTE_ADDR'], $ban_ip_list)) {
// IP is banned, show error page and exit
echo '<div align="center">';
echo '<span class="contact6">Error - Banned IP</span>';
echo '<br><br>';
echo '<span class="cbull">•</span>';
echo '<span class="contact5">
You cannot use this form because your IP
address has been banned by the administrator.
</span>';
echo '<br><br>';
echo '<input type="button" value="> > Close Window < <" onClick="javascript:closewindow();" name="button">';
echo '</div>';
exit();
} else {
// IP is not banned, write stuff to CSV file
$filename = 'letters.csv';
touch ($filename);
$fpc = fopen($filename, 'a') or die ("Couldn't open $filename");
fputs($fpc, "\n\"$_POST[from],\"$_POST[email],\"$_POST[message],");
fclose($fpc);
// if you need to send out a mail now,
// you would put that necessary code
// for it here
}
}
Here is a couple notes on this:
- don't use double-quotes unless you really have a variable inside. It
will speed up your code, since with single quotes PHP does not have to
search for variables to translate in your strings
- use $_SERVER instead of $_HTTP_SERVER_VARS. That's the new way... it's
shorter to write. Also, quote your keys inside this as in
$_SERVER['REMOTE_ADDR']
- use an array for the ips, and search it with
in_array(). - use some indenting and don't write all HTML stuff on one
line, it just makes things easier to read and edit ;-) - you really should
check your POST variables before writing them to a file. People could post
dangerous things to your file otherwise.
I don't want to be a smart ass... just trying to help you write clean code :)
Cheers,
DrTebi
[Back to original message]
|