how can i make my shoutbox so if in the textbox the name colin or Colin is put it requires a password to shout since people keep possing as me. if you guys need the code i can give it to you thanx + rep to everyone who helps.
Moved by Matty. from Website designing
Results 1 to 10 of 10
Thread: securing a flat file shoutbox
-
securing a flat file shoutbox
Last edited by Matt.; 05-11-2006 at 09:21 PM.
.:.:#14:.:. .:.: Impossible Is Nothing :.:. .:.: 845 Rep:.:.
.:.: Stand up for what is right, even if you stand alone:.:.
-
What you need to do is incorporate a login. This'll then pick up the $logged[username] and only let you post as that. Also flatfile ain't exactly secure =/
You don't like me
Chances are I don't like you.
-
Add the following code near something like this:
if ($_GET['do] == "post") { << Im guessing its like that im not sure (im not gd at php)
--
Then add:
$user = $_POST[form_name_of_the_username_form];
$user = strtolower($user);
if($_POST[$user] == "colin") {
die(SOZ! ya cnt use dis pas lOLOl!)
}
Then have a clone of this file without the above stuff for you to post using.
NOTE: This is the most LAZY way to do it, you can do it much better but I just cba doing that now x)Last edited by Invent; 05-11-2006 at 08:25 PM.
-
i would do it minimans way but it be a pain ill look into mysql..$user = $_POST[form_name_of_the_username_form];
$user = strtolower($user);
if($_POST[$user] == "colin") {
echo(Please enter your pass form here then it checks form against a text file to see if correct pass and if is continues)
}Last edited by Colin-Roberts; 05-11-2006 at 08:27 PM.
.:.:#14:.:. .:.: Impossible Is Nothing :.:. .:.: 845 Rep:.:.
.:.: Stand up for what is right, even if you stand alone:.:.
-
Right. Ive tried to expand on my code, but as I said I dont really know PHP so I bet it wont work.
Anyway, here we go:
Probs needs altering, etcCode:$user = $_POST[form_name_of_the_username_form]; $user = strtolower($user); if($_POST[$user] == "colin") { echo("<form method="POST" action="?do=login">user:<input type="text" name="user"><br>pass:<input type="password" name="pass"><br><br><input type="submit" value="Login"></form>"); die(); } if($_GET['do'] == "login") { $user = $_POST[user]; $pass = $_POST[pass]; $usermain = "put user here"; $passmain = "put pass here"; if($user == $usermain) && if($pass == $passmain) { // continue with script } else { die(LoL!¬ did ya rly think ya cud gess teh l33tage pas!?); } // continue with script
Last edited by Invent; 05-11-2006 at 08:40 PM.
-
ill check it out miniman thanx
and can anyone fix the errors in minimans script
or would i put it in the file that has the form.
Edit were in this would i put it:
PHP Code:<?php
$name = $_POST['name'];
$website = $_POST['website'];
$message = $_POST['message'];
if(empty($name) OR empty($message))
{
echo "
<script language='javascript'>
alert('You need to fill out both of the form fields...');
</script>
";
}
else
{
echo "
";
$name = htmlspecialchars($name);
$message = htmlspecialchars($message);
$tag = ("<font size=\"1\" face=\"Verdana\">
<b>$name</b>: $message </font><br><br>");
function filter($tag)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$tag = eregi_replace($naughty, "****", $tag);
}
return $tag;
}
function filter2($contents)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" );
foreach ($bad_words as $naughty)
{
$contents = eregi_replace($naughty, "****", $contents);
}
return $contents;
}
$read = fopen("content.txt", "r");
$contents = fread($read, filesize('content.txt'));
fclose($read);
$write = fopen("content.txt", "w");
fwrite($write, "$tag $contents");
fclose($write);
}
$input = $contents;
$output = filter($input);
echo $output;
$input = $tag;
$output = filter($input);
echo $output;
print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">";
// Copyright 2006 - 2007 Colin-Roberts.net
?>Last edited by Colin-Roberts; 05-11-2006 at 08:49 PM.
.:.:#14:.:. .:.: Impossible Is Nothing :.:. .:.: 845 Rep:.:.
.:.: Stand up for what is right, even if you stand alone:.:.
-
Try that?..Code:
<?php $name = $_POST['name']; $website = $_POST['website']; $message = $_POST['message']; if(empty($name) OR empty($message)) { echo " <script language='javascript'> alert('You need to fill out both of the form fields...'); </script> "; } $user = $_POST[name]; $user = strtolower($user); ifelse($user == "colin") { echo("<form method="POST" action="?do=login">user:<input type="text" name="user"><br>pass:<input type="password" name="pass"><br><br><input type="submit" value="Login"></form>"); die(); } else { echo " "; $name = htmlspecialchars($name); $message = htmlspecialchars($message); $tag = ("<font size=\"1\" face=\"Verdana\"> <b>$name</b>: $message </font><br><br>"); function filter($tag) { $bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" ); foreach ($bad_words as $naughty) { $tag = eregi_replace($naughty, "****", $tag); } return $tag; } function filter2($contents) { $bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" ); foreach ($bad_words as $naughty) { $contents = eregi_replace($naughty, "****", $contents); } return $contents; } $read = fopen("content.txt", "r"); $contents = fread($read, filesize('content.txt')); fclose($read); $write = fopen("content.txt", "w"); fwrite($write, "$tag $contents"); fclose($write); } $input = $contents; $output = filter($input); echo $output; $input = $tag; $output = filter($input); echo $output; print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">"; // Copyright 2006 - 2007 Colin-Roberts.net ?> <?php if($_GET['do'] == "login") { $user = $_POST[user]; $pass = $_POST[pass]; $usermain = "put user here"; $passmain = "put pass here"; if($user == $usermain) && if($pass == $passmain) { echo " "; $name = htmlspecialchars($name); $message = htmlspecialchars($message); $tag = ("<font size=\"1\" face=\"Verdana\"> <b>$name</b>: $message </font><br><br>"); function filter($tag) { $bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" ); foreach ($bad_words as $naughty) { $tag = eregi_replace($naughty, "****", $tag); } return $tag; } function filter2($contents) { $bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pea" ); foreach ($bad_words as $naughty) { $contents = eregi_replace($naughty, "****", $contents); } return $contents; } $read = fopen("content.txt", "r"); $contents = fread($read, filesize('content.txt')); fclose($read); $write = fopen("content.txt", "w"); fwrite($write, "$tag $contents"); fclose($write); } $input = $contents; $output = filter($input); echo $output; $input = $tag; $output = filter($input); echo $output; print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">"; // Copyright 2006 - 2007 Colin-Roberts.net } else { die(LoL!¬ did ya rly think ya cud gess teh l33tage pas!?); } ?>
EDIT: If it doesnt work, please PM me the files or something and I will make it workLast edited by Invent; 05-11-2006 at 08:56 PM.
-
files:
content.txt cmod to 777
content.php
addtag.php<html>
<head>
<style type="text/css"> body { background-color: #fffffff; font-family: verdana; font-size: 10px; color: #000000; } </style>
<!--END WORD FILTER JAVASCRIPT-->
</head>
<body>
<left>
<META HTTP-EQUIV="refresh" CONTENT="20">
<?php include('content.txt'); ?>
</left>
</body>
</html>
and shout.htm<?php
$name = $_POST['name'];
$website = $_POST['website'];
$message = $_POST['message'];
if(empty($name) OR empty($message))
{
echo "
<script language='javascript'>
alert('You need to fill out both of the form fields...');
</script>
";
}
else
{
echo "
";
$name = htmlspecialchars($name);
$message = htmlspecialchars($message);
$tag = ("<font size=\"1\" face=\"Verdana\">
<b>$name</b>: $message </font><br><br>");
function filter($tag)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pe a" );
foreach ($bad_words as $naughty)
{
$tag = eregi_replace($naughty, "****", $tag);
}
return $tag;
}
function filter2($contents)
{
$bad_words = explode(',', "tomato,lettuce,carrot,potato,broccoli,cucumber,pe a" );
foreach ($bad_words as $naughty)
{
$contents = eregi_replace($naughty, "****", $contents);
}
return $contents;
}
$read = fopen("content.txt", "r");
$contents = fread($read, filesize('content.txt'));
fclose($read);
$write = fopen("content.txt", "w");
fwrite($write, "$tag $contents");
fclose($write);
}
$input = $contents;
$output = filter($input);
echo $output;
$input = $tag;
$output = filter($input);
echo $output;
print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">";
// Copyright 2006 - 2007 Colin-Roberts.net
?>
<html>
<head>
<title></title>
</head>
<body>
<center>
<form name="shout" action="http://www.colin.connect-hosting.com/v2/shoutbox%20v2/addtag.php" method="post" onsubmit="return wordFilter('form1',['name','email','subject','message']);"><font size="1"><font face="Verdana"><font size="1" face="verdana">
Your Name:
<br>
<input type="text" name="name" size="10">
<br>
<br>
Your Message:
<br> <textarea name="message" cols="10" rows="1"></textarea>
<br>
<br>
<input type="submit" name="submit" value="Shout" size="20"></font>
<br></font></font></form>
</center>
</body>
</html>.:.:#14:.:. .:.: Impossible Is Nothing :.:. .:.: 845 Rep:.:.
.:.: Stand up for what is right, even if you stand alone:.:.
-
Okay thanks, working on it now. Shouldnt be long
-
ok thankz man.
.:.:#14:.:. .:.: Impossible Is Nothing :.:. .:.: 845 Rep:.:.
.:.: Stand up for what is right, even if you stand alone:.:.
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts