473,320 Members | 2,109 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Eliminate String - Discard Data Silently

18
I hope I am able to describe this properly, but I inherited a form that is js and passes to a php mail() function. I'm pretty new to javascript also. I usually do all my forms in php tossing into mysql.

1) I have one field which is for "phone number", and due to the fact that this site deals with international numbers, country codes and people that possibly enter with a different syntax, I need to keep it as a "text box" entry.

2) There is one user ( or bot ) that keeps entering a certain value of 1233456 and this adds up to 50+ per day.

3) Below is the only checking that is being done:
Expand|Select|Wrap|Line Numbers
  1. /*if name is blank or less than two characters
  2.     if ($_POST['phone-number']=='' || strlen($_POST['phone-number'])<2 || $_POST['phone-number']=='phone number' )
  3.     {
  4.         $errors[] = 'Phone Number is required.';
  5.     }*/
The person that wrote this is just looking for any entry of characters that is >2, and the only validation of this whole form is below, in which he is looking for the @ sign, to get an e-mail address.
Expand|Select|Wrap|Line Numbers
  1. <?php
  2.  
  3.     function alpha_numeric($str)
  4.     {
  5.         return ( ! preg_match("/^([-a-z0-9])+$/i", $str)) ? FALSE : TRUE;
  6.     }
  7.  
  8.     function valid_email($str)
  9.     {
  10.         return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
  11.     }
  12.  
  13. ?>
4) What I would like to do, and this is what I am not sure about and asking for help is to just let this person/bot to keep doing what is being done...but I would just like to Silently Discard and entry that contains the: 123456 from passing thru the mail() function, yet make it look like it was successful to the user (bot) in which this would keep them happy, thinking it is doing it.

Thank-you in advance, and any help for a newbie appreciated !!
Feb 21 '09 #1
10 1920
gits
5,390 Expert Mod 4TB
this is obviously a php-question? so should i move that to the appropriate forum for you? you could do some validation with javascript here ... but when the user/bot just disables it then the data are passed to the server ... so it should be checked there in any case ...

kind regards
Feb 21 '09 #2
trochia
18
Yes, please do...and sorry..

jim
Feb 21 '09 #3
gits
5,390 Expert Mod 4TB
no problem ... done ;)
Feb 21 '09 #4
Atli
5,058 Expert 4TB
Hi.

Have you considered using something like Captcha to prevent the bot from successfully submitting the form?

Anyways... to answer your question.

You make it sound like the bot always enters the same value. Is this true?
If that is the case, you could simply add a if clause that checks for this value and takes the appropriate action.
Feb 21 '09 #5
trochia
18
Alti, thank-you for the reply.

1) yes, captcha considered...but site owner does not want it.. And he would like it kept as simply as possible.

It is an international site presence, dealing with languages and such...and therefore "error correction" must be kept to a minimum, as you know syntax's etc..

People type (or think) in different ways...just like any type of "open source" coding, the same thing with "different words" (code) will still do the same thing, unlike C/C++ where one must follow specs.

I guess where I am lost is, I know I am able to "trap" the 123456 is I just need to create a TEMP VARIABLE?? in php, and then DELETE it, or with the "else" statement...toss it into a blackhole situation?

So that they "think" it has went thru, and leave the site alone?

So that it "does not" get mailed ??

Here is the end of the php... Maybe somehow create a varibable assigned to it? This is where I am lost..

Expand|Select|Wrap|Line Numbers
  1. PHP Code:
  2. /*strip the variables of anything ugly*/ 
  3. $message = stripslashes($message); 
  4. $user_message = stripslashes($user_message); 
  5.  
  6. /*send the message to the admin*/ 
  7. mail("info@thewebsite.com","Contact Form",$message,"From:".$_POST['email']); 
  8. mail("admin@thewebsite.com","Contact Form",$message,"From:".$_POST['email']); 
  9.  
  10. /*send the message to the user*/ 
  11. $headers  = "MIME-Version: 1.0\r\n"; 
  12.             $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
  13.             $headers .= "From:info@thewebsite.com\r\n"; 
  14. mail( $_POST['email'],"HEADER MESSAGE",$user_message,$headers); 
  15. //mail( $_POST['email'],"Thank you for contacting us",$user_message,"From:info@thewebsite.com"); 
  16.  
  17.  
  18. /*also print out that they have successfully sent mail*/ 
  19. echo '<h3 class="success">Success!</h3>'; 
  20. echo '<p class="success_text">Your message was successfully sent.</p>'; 
  21. echo '<h3 class="success"><a href="http://www.thewebsite.com/thankyou.php"><font color="#0000FF">Click Here</font> to continue !!</a>';  
Feb 21 '09 #6
Markus
6,050 Expert 4TB
This sounds like a very strange bot. What I would like to know is: how does this bot know whether it's evil plan was successful? They're not that smart. You don't have to worry about assigning the value to a variable, etc. Just use a conditional statement to compare the values, if it matches the naughty string, skip it. Simple.

Sounds like you're making a mountain out of a molehill, or am I not seeing the issue?
Feb 21 '09 #7
trochia
18
??? (laugh)

This is my Statement in original

2) There is one user ( or bot ) that keeps entering a certain value of 1233456 and this adds up to 50+ per day.

Match it, and skip it...yes, but I am lost on how/where etc... as if I "check for it" and ALERT the ??Human??, or ask for (7) Characters, it will continue ( they will try another schema)

The only problem is this issue, I just want to make it look like they ARE successfull, and just toss it away.

Then? They will never know... :-) And think they ARE doing something.

Trust me, (laugh) there is a method...to this madness of what I need to do :-)

And what I mean by that, is I have told the site owner...who used to let one of his employees do the site work ( simple mods etc), but now is no longer allowed site access...

See where I am coming from? He has a guy within his organization...getting paid by owner...that has "lost his toy"...and is causing the BOSS a lot of headaches ( creating bogus entries)

The only problem? Is this.. trapping this...and not creating an ALERT (invalid entry)...and just let it "flow" to thank-you page, while deleting (not sending the e-mail)...

And he will still think he is doing damage...
Feb 21 '09 #8
Markus
6,050 Expert 4TB
Ok, you should maybe take up some action on this annoyance.. perhaps.

Anyway, to check for it, like has been mentioned before, compare the values.

Expand|Select|Wrap|Line Numbers
  1. $naughty = "1928472";
  2.  
  3. if ( ! $_POST['phone_number'] == $naughty && $_POST['phone_number'] != "" )
  4. {
  5.     // do whatever you do
  6. }
  7. else
  8. {
  9.     // let the user think the data was used, when we, the smarter group, now it isn't being used.
  10. }
  11.  
Catch the drift?
Feb 21 '09 #9
Atli
5,058 Expert 4TB
Ahh ok. So the boss pissed of one of the IT staff.
A very dangerous thing to do :)

As an alternative to Markus' example, if you already have a procedural page set up to do all the work and you don't want to mess with that to much, you could simply test for the value at the start and use a die or exit statement to bail out.

Like:
Expand|Select|Wrap|Line Numbers
  1. if($_GET['phone-number'] == "123456") {
  2.   echo "Thank you for whatever you just did!";
  3.   exit; // Script ends here without doing anything.
  4. }
  5.  
  6. // Do whatever the script is supposed to do here.
  7. mail(...);
  8.  
  9. echo "Thank you for whatever you just did!";
  10.  
Feb 22 '09 #10
trochia
18
Yes Alti, and the amazing thing? The "pissed off guy, about an hour ago" just sent a test e-mail .. as I am danged sure, he's the one doing it.. :-(

No, he's not the IT staff...lol... He was just the bosses 2nd in command guy, (total employees of 16) that said he could do it.. He ended up screwing things up, and then behind the bosses back...started "outsourcing to TEAMS in India"...<laugh> And I think was "billing the boss" on the side also...while pocketing some $$$

Now, the "hired help" [the teams] screwed it up (actually took down a cart also) it had been 4+ months of ongoing hell (prior to me running across this guy...)...and he contated me thru a friend of mine, and I am really just doing favors in a way... But someone elses code, screws with my head many times.

They actually were using AJAX, (and this form presently is NOT connected to a DB) just to get the little spinning thing ;-)

1) The procedural is set up, and I don't want to "change what they see"

The form itself has at least 17 entry fileds, and 4-5 of them...populated for drop downs... (too much to mess with to recreate at the moment), but he does want all this eventually into a database.

2) For now, I just increased the <2 (15 minutes ago, before your reply) as the "gruntled party" I saw, was testing it.

3) for now, I just <7 [if less than seven characters] to see what happens in the next few hours.

4) I thank-you...as you expalnation and example...makes more sense to me (my logic)

I was thinking of justting this as a function, (another dir call in the code-page) so IF? The 123456 guy, look at the php code, he'd over look the outside call to the function located elswhere.

Thx again,

jim
Feb 22 '09 #11

Sign in to post your reply or Sign up for a free account.

Similar topics

3
by: David Sharp | last post by:
I'm working with some long standing VB/SQL Server applications and for the second time we've suffered from having the parameters to a stored procedure call get silently truncated now that the data...
1
by: Luke Airig | last post by:
I have an xsl stylesheet that merges data from two files based upon a common date/time field. Right now, one of the file names is hard-coded in the xsl file. Is there any way to make this...
9
by: Henrik | last post by:
In Java you can write something like this. Does anyone know how to do this in javascript? "byte b=Integer.parseInt(int value or String).byteValue;"
3
by: Nimmy | last post by:
Hi, I have code like this to read strings and integers from an input file.... FILE *FileRead, *FileWrite; char lcBIC, lcIBAN; int lcAccNumber, lcAmount; int i, total_records; FileRead ...
18
by: Radith | last post by:
HI all; I have created a program just to get an understanding of strcpy. (still an amateur developer). I use scanf("%s", &first) in order to get the input to the variable first (which is char...
6
by: bugnthecode | last post by:
I'm writing a program to send data over the serial port. I'm using pyserial, and I'm on WindowsXP. When I use literals I can get the data accross how I want it for example: 1 2 3 4...
5
by: kutty | last post by:
Hi All, I am loading data to a child table from a text file. the text files also contains data not referenced by parent key. while loading the data if one row fails to satisfies the constraint...
6
by: Mark Chimes | last post by:
Hi All, I need to search thru some strings and discard them if they canot be converted to a decimal or interger value. What is the best way to do this? cheers, Mark Chimes
34
by: Umesh | last post by:
I want to extract a string abc*xyz from a text file. * indicates arbitrary no. of characters. I'm only able to do it when the string has definite no. of characters or the string length is...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.