Hello,
This is my first post, and any help would be greatly appreciated.
I create online memorials which contain guestbooks which have been the subject of computer generated spam. I have been able to modify the php script to eliminate posts containing www and http which solved the problem for a while, but the spammers are back in full force.
I need to add a security measure to eliminate the spam, but I don't want it to bee too obtrusive. I thought if I added a field to the form with a required field that was constant (with a line describing that the viewer must enter the text "VXPTO132" in order to complete the post, this would work.
Unfortunately, I don't know php enough to know how to add that string into the code. Could anyone please tell me the line(s) I need to add? Thank you in advance.
Here's the code:
<html><head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<META HTTP-EQUIV="Content-Language" CONTENT="En">
<META NAME="Keywords" CONTENT="none">
<META NAME="revisit-after" CONTENT="31 days">
<title>Precious Memories & More ~ Personal Tributes</title>
</HEAD><body>
<center>
<h2><b><font face="arial">Personal Tribute</b></h2></font><br>
</center>
<?php
/*+---------------------------------------------------------------+
| PHP GuestBook Version 1.5.0
| Copyright 1999-2000 All Rights Reserved.
| TELEMATICS SOFTWARE
| E-Mail:mr.shifter@hosted.uklinux.net
| Script License: GPL
| Script Archive at:
| http://www.hosted.uklinux.net/php/freescripts/index.php
| Upload both guestbook.php and guestbook.html, chmod 666
| to guestbook.html read/write for all. Call the html page in
| your browser and you now have a simple guestbook script.
|
+--------------------------------------------------------------+*/
/*-------------- Set Necessary Variables ----------- */
$GUEST_LIST = "guestbook.htm";
// Absolute path to guestbook.htm file.
// chmod 666 to this html file
$PLACE_HOLDER = "<!--Add_Comments-->";
//Position of new messages in html document.
$REFERERS = array('www.preciousmemoriesandmore.com' ,'www.goodbyes.org', 'preciousmemoriesandmore.com','goodbyes.org');
// use without http://
// URL(s) of servers who are authorised to use this script.
/*------- End Variables section ---------- */
function error($error_message) {
echo $error_message."<BR>";
exit;
}
function check_referer () {
global $REFERERS, $HTTP_REFERER;
if ($HTTP_REFERER != "")
while (list($val, $ref) = each($REFERERS))
if (preg_match("/^http:\/\/$ref/", $HTTP_REFERER))
return;
error("Unauthorized access to: $HTTP_REFERER");
}
check_referer();
if ($action == 'write') {
$date = date("d/m/Y");
$file_array = file($GUEST_LIST) or die("Sorry...can not open $GUEST_LIST");
$file = join ("", $file_array);
$name = htmlspecialchars(stripslashes($name));
$email = htmlspecialchars(stripslashes($email));
$title = htmlspecialchars(stripslashes($title));
$comment = htmlspecialchars(stripslashes($comment));
//if the comment contains "www." then stop execution of script
if(strstr($comment, "www."))
{
die("Sorry, but you cannot post URLs in a message. Please try again");
}
//if the comment contains "www." then stop execution of script
if(strstr($comment, "http:"))
{
die("Sorry, but you cannot post URLs in a message. Please try again");
}
$add = $PLACE_HOLDER;
$add .= "\n<DL><DT><A HREF=\"mailto:$email\">$name</A><DD><BR>$comment<BR><BR>Tribute added on $date</DL>\n";
$file = preg_replace("/$PLACE_HOLDER/", $add, $file);
$fp = fopen("$GUEST_LIST", "w") or die ("Sorry...can not write to $GUEST_LIST");
flock($fp, 1);
fputs($fp, $file);
flock($fp, 3);
fclose($fp);
echo("<center><p> You have entered the following tribute,<br></p><table><tr><td>");
echo ("$add<BR>");
echo("</td</tr></table></center>");
echo("<center><p>Thanks for adding your personal tribute</p></font></center>");
}
?>
<br>
<center><font face="arial" size="2" color"FFFFFF">
Return to <A HREF="guestbook.htm">the Tribute Page</A> to view your message<br>
(If your message is not displayed, click on the REFRESH button)
<hr>
</font>
</center>
</body></html>