View Full Version : securing a flat file shoutbox
Colin-Roberts
05-11-2006, 08:17 PM
how can i make my shoutbox so if in the textbox the name colin or Colin is put it requires a password to shout since people keep possing as me. if you guys need the code i can give it to you thanx + rep to everyone who helps.
Moved by Matty. from Website designing
YouFail
05-11-2006, 08:19 PM
What you need to do is incorporate a login. This'll then pick up the $logged[username] and only let you post as that. Also flatfile ain't exactly secure =/
Invent
05-11-2006, 08:23 PM
Add the following code near something like this:
if ($_GET['do] == "post") { << Im guessing its like that im not sure (im not gd at php)
--
Then add:
$user = $_POST[form_name_of_the_username_form];
$user = strtolower($user);
if($_POST[$user] == "colin") {
die(SOZ! ya cnt use dis pas lOLOl!)
}
Then have a clone of this file without the above stuff for you to post using.
NOTE: This is the most LAZY way to do it, you can do it much better but I just cba doing that now x)
Colin-Roberts
05-11-2006, 08:25 PM
i would do it minimans way but it be a pain ill look into mysql..$user = $_POST[form_name_of_the_username_form];
$user = strtolower($user);
if($_POST[$user] == "colin") {
echo(Please enter your pass form here then it checks form against a text file to see if correct pass and if is continues)
}
Invent
05-11-2006, 08:39 PM
Right. Ive tried to expand on my code, but as I said I dont really know PHP so I bet it wont work.
Anyway, here we go:
$user = $_POST[form_name_of_the_username_form];
$user = strtolower($user);
if($_POST[$user] == "colin") {
echo("<form method="POST" action="?do=login">user:<input type="text" name="user"><br>pass:<input type="password" name="pass"><br><br><input type="submit" value="Login"></form>");
die();
}
if($_GET['do'] == "login") {
$user = $_POST[user];
$pass = $_POST[pass];
$usermain = "put user here";
$passmain = "put pass here";
if($user == $usermain) && if($pass == $passmain) {
// continue with script
}
else {
die(LoL!¬ did ya rly think ya cud gess teh l33tage pas!?);
}
// continue with script
Probs needs altering, etc <3
Colin-Roberts
05-11-2006, 08:42 PM
ill check it out miniman thanx
and can anyone fix the errors in minimans script
or would i put it in the file that has the form.
Edit were in this would i put it:
<?php
$name = $_POST['name'];
$website = $_POST['website'];
$message = $_POST['message'];
if(empty($name) OR empty($message))
{
echo "
<script language='javascript'>
alert('You need to fill out both of the form fields...');
</script>
";
}
else
{
echo "
";
$name = htmlspecialchars($name);
$message = htmlspecialchars($message);
$tag = ("<font size=\"1\" face=\"Verdana\">
<b>$name</b>: $message </font><br><br>");
function filter($tag)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$tag = eregi_replace($naughty, "****", $tag);
}
return $tag;
}
function filter2($contents)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$contents = eregi_replace($naughty, "****", $contents);
}
return $contents;
}
$read = fopen("content.txt", "r");
$contents = fread($read, filesize('content.txt'));
fclose($read);
$write = fopen("content.txt", "w");
fwrite($write, "$tag $contents");
fclose($write);
}
$input = $contents;
$output = filter($input);
echo $output;
$input = $tag;
$output = filter($input);
echo $output;
print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">";
// Copyright 2006 - 2007 Colin-Roberts.net
?>
Invent
05-11-2006, 08:55 PM
<?php
$name = $_POST['name'];
$website = $_POST['website'];
$message = $_POST['message'];
if(empty($name) OR empty($message))
{
echo "
<script language='javascript'>
alert('You need to fill out both of the form fields...');
</script>
";
}
$user = $_POST[name];
$user = strtolower($user);
ifelse($user == "colin") {
echo("<form method="POST" action="?do=login">user:<input type="text" name="user"><br>pass:<input type="password" name="pass"><br><br><input type="submit" value="Login"></form>");
die();
}
else
{
echo "
";
$name = htmlspecialchars($name);
$message = htmlspecialchars($message);
$tag = ("<font size=\"1\" face=\"Verdana\">
<b>$name</b>: $message </font><br><br>");
function filter($tag)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$tag = eregi_replace($naughty, "****", $tag);
}
return $tag;
}
function filter2($contents)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$contents = eregi_replace($naughty, "****", $contents);
}
return $contents;
}
$read = fopen("content.txt", "r");
$contents = fread($read, filesize('content.txt'));
fclose($read);
$write = fopen("content.txt", "w");
fwrite($write, "$tag $contents");
fclose($write);
}
$input = $contents;
$output = filter($input);
echo $output;
$input = $tag;
$output = filter($input);
echo $output;
print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">";
// Copyright 2006 - 2007 Colin-Roberts.net
?>
<?php
if($_GET['do'] == "login") {
$user = $_POST[user];
$pass = $_POST[pass];
$usermain = "put user here";
$passmain = "put pass here";
if($user == $usermain) && if($pass == $passmain) {
echo "
";
$name = htmlspecialchars($name);
$message = htmlspecialchars($message);
$tag = ("<font size=\"1\" face=\"Verdana\">
<b>$name</b>: $message </font><br><br>");
function filter($tag)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$tag = eregi_replace($naughty, "****", $tag);
}
return $tag;
}
function filter2($contents)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$contents = eregi_replace($naughty, "****", $contents);
}
return $contents;
}
$read = fopen("content.txt", "r");
$contents = fread($read, filesize('content.txt'));
fclose($read);
$write = fopen("content.txt", "w");
fwrite($write, "$tag $contents");
fclose($write);
}
$input = $contents;
$output = filter($input);
echo $output;
$input = $tag;
$output = filter($input);
echo $output;
print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">";
// Copyright 2006 - 2007 Colin-Roberts.net
}
else {
die(LoL!¬ did ya rly think ya cud gess teh l33tage pas!?);
}
?>
Try that?..
EDIT: If it doesnt work, please PM me the files or something and I will make it work
Colin-Roberts
05-11-2006, 09:03 PM
files:
content.txt cmod to 777
content.php
<html>
<head>
<style type="text/css"> body { background-color: #fffffff; font-family: verdana; font-size: 10px; color: #000000; } </style>
<!--END WORD FILTER JAVASCRIPT-->
</head>
<body>
<left>
<META HTTP-EQUIV="refresh" CONTENT="20">
<?php include('content.txt'); ?>
</left>
</body>
</html>
addtag.php
<?php
$name = $_POST['name'];
$website = $_POST['website'];
$message = $_POST['message'];
if(empty($name) OR empty($message))
{
echo "
<script language='javascript'>
alert('You need to fill out both of the form fields...');
</script>
";
}
else
{
echo "
";
$name = htmlspecialchars($name);
$message = htmlspecialchars($message);
$tag = ("<font size=\"1\" face=\"Verdana\">
<b>$name</b>: $message </font><br><br>");
function filter($tag)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$tag = eregi_replace($naughty, "****", $tag);
}
return $tag;
}
function filter2($contents)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$contents = eregi_replace($naughty, "****", $contents);
}
return $contents;
}
$read = fopen("content.txt", "r");
$contents = fread($read, filesize('content.txt'));
fclose($read);
$write = fopen("content.txt", "w");
fwrite($write, "$tag $contents");
fclose($write);
}
$input = $contents;
$output = filter($input);
echo $output;
$input = $tag;
$output = filter($input);
echo $output;
print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">";
// Copyright 2006 - 2007 Colin-Roberts.net
?>
and shout.htm
<html>
<head>
<title></title>
</head>
<body>
<center>
<form name="shout" action="http://www.colin.connect-hosting.com/v2/shoutbox%20v2/addtag.php" method="post" onsubmit="return wordFilter('form1',['name','email','subject','message']);"><font size="1"><font face="Verdana"><font size="1" face="verdana">
Your Name:
<br>
<input type="text" name="name" size="10">
<br>
<br>
Your Message:
<br> <textarea name="message" cols="10" rows="1"></textarea>
<br>
<br>
<input type="submit" name="submit" value="Shout" size="20"></font>
<br></font></font></form>
</center>
</body>
</html>
Invent
05-11-2006, 09:10 PM
Okay thanks, working on it now. Shouldnt be long
Colin-Roberts
05-11-2006, 09:25 PM
ok thankz man.
Want to hide these adverts? Register an account for free!
Powered by vBulletin® Version 4.2.5 Copyright © 2025 vBulletin Solutions Inc. All rights reserved.