zepouss | Bonjour à tout le monde.
Après avoir installer un livre d'or assez basique (mais difficile pour moi qui suis novice), je viens de me faire spammer, même en effaçant les messages dans ma bdd, j'ai l'impression que les spams arrivent au fur et à mesure, j'ai effacé 300 messages et il y en a toujours et il me semble que se sont les mêmes qui reviennent (même emails utilisés et même message)
Voici donc mon problème, j'aimerais insérer un captcha ou tout autre artifice pour stopper net les bots de spam.
Ma question est idiote : que dois-je insérer dans le code ci-dessous et que faire sur mon PHPmyAdmin ? Merci d'avance.
Voilà ci dessous le code de mon livre d'or :
Code :
- <?
-
- /* connect to the database */
- mysql_pconnect("$host","$user","$password" ) or die("Can't connect to the SQL-server" );
- mysql_select_db("$database" );
- /* action=view : retrieve data from the database and show it to the user */
- if($action == "view" ) {
- /* function for showing the data */
- function search_it($name) {
-
- /* some vars */
- global $offset,$total,$lpp,$dir,$records;
- global $table,$html_mail,$admin_name,$admin_mail;
-
- /* select the data to get out of the database */
- $query = "SELECT * FROM $table ORDER BY ID DESC";
- $result = mysql_query($query);
- $total= mysql_numrows($result);
-
- print "<CENTER><FONT FACE=\"Verdana\" SIZE=\"-2\"><A HREF=\"$scriptname?action=add\" onMouseOver=\"window.status='Add your name';return true\" onMouseOut=\"window.status='';return true\" TITLE=\"Add your name\">(Add your name)</A></FONT></CENTER><br><br>";
-
- if ($total== 0) {
- print "<CENTER>At the moment there are no persons in the guestbook.</CENTER><br><br>"; }
- elseif ($total> 0) {
-
- /* default */
- $counter=0;
- if ($dir=="" ) $dir="Next";
- $lpp = $records;
-
- if ($offset==0) $offset=0;
-
- if ($dir=="Next" ) {
-
- if ($total > $lpp) {
-
- $counter=$offset;
- $offset+=$lpp;
- $num=$offset;
- if ($num > $total) {
- $num=$total; } }
- else {
- $num=$total; } }
- elseif ($dir=="Previous" ) {
- if ($total > $lpp) {
- $offset-=$lpp;
-
- if ($offset < 0) {
- $offset=0; }
-
- $counter=$offset-$lpp;
- if ($counter < 0)
- $counter=0;
- $num=$counter+$lpp; }
- else {
- $num=$total; } }
- while ($counter < $num) {
- $j=0;
- $j=$counter + 1;
- /* now really grab the data */
- $i1=mysql_result($result,$counter,"name" );
- $i2=mysql_result($result,$counter,"email" );
- $i3=mysql_result($result,$counter,"job" );
- $i4=mysql_result($result,$counter,"comments" );
- $i4 = stripslashes ("$i4" );
-
- /* print it in a nice layout */
- print "<CENTER>\n";
- print "<TABLE WIDTH=400 BORDER=0 ALIGN=CENTER VALIGN=TOP><TR><TD><FONT FACE=\"Verdana\" SIZE=\"-2\">\n";
- print "<HR>\n";
- print "<B>Name:</B> <A HREF=\"mailto:$i2\" onMouseOver=\"window.status='Email $i1';return true\" onMouseOut=\"window.status='';return true\" TITLE=\"Email $i1\">$i1</A>\n";
- print "<BR><B>Job:</B> $i3\n";
- print "<BR><B>Comment:</B>\n";
- print "<BR>$i4\n";
- print "</FONT></TD></TR></TABLE>\n";
- print "</CENTER>\n";
- $counter++;
- }
- }
- mysql_close();
- }
-
- /* execute the function */
- search_it($name);
-
- /* See if we need to put on the NEXT or PREVIOUS buttons */
- if ($total > $lpp) {
- echo("<form action=\"$scriptname?action=view\" method=\"POST\">\n" );
-
- /* See if we need a PREVIOUS button */
- if ($offset > $lpp) {
- echo("<input type=\"submit\" value=\"Previous\" name=dir>\n" ); }
-
- /* See if we need a NEXT button */
- if ($offset < $total) {
- echo("<input type=\"submit\" value=\"Next\" name=dir>\n" ); }
-
- echo("<input type=hidden name=\"offset\" value=\"$offset\">\n" );
- echo("<input type=hidden name=\"name\" value=\"$name\">\n" );
- echo("</form>" );
- }
- }
- /* action=add : show a form where the user can enter data to add to the database */
- elseif($action == "add" ) { ?>
- <FORM ACTION="<?php echo $scriptname; ?>?action=send" METHOD="POST">
- <TABLE CELLSPACING="2" ALIGN="CENTER">
- <TR>
- <TD COLSPAN="3" ALIGN="LEFT">
- <B>Please take your time to enter something<BR>
- <CENTER><SMALL>[required fields are marked with *]</SMALL></CENTER></B><BR>
- </TD>
- </TR>
- <TR>
- <TD ALIGN="LEFT">Name</TD>
- <TD ALIGN="LEFT"><B>*</B></TD>
- <TD ALIGN="LEFT" NOWRAP>
- <INPUT TYPE="TEXT" NAME="form[name]">
- </TD>
- </TR>
- <TR>
- <TD ALIGN="LEFT">Job</TD>
- <TD ALIGN="LEFT"><B>*</B></TD>
- <TD ALIGN="LEFT" NOWRAP>
- <INPUT TYPE="TEXT" NAME="form[job]">
- </TD>
- </TR>
- <TR>
- <TD ALIGN="LEFT">Email</TD>
- <TD ALIGN="LEFT"><B>*</B></TD>
- <TD ALIGN="LEFT" NOWRAP>
- <INPUT TYPE="TEXT" NAME="form[email]">
- </TD>
- </TR>
- <TR>
- <TD ALIGN="LEFT">Comments</TD>
- <TD ALIGN="LEFT"><B>*</B></TD>
- <TD ALIGN="LEFT" NOWRAP>
- <TEXTAREA NAME="form[comments]" COLS="23" ROWS="8" WRAP="VIRTUAL"></TEXTAREA>
- </TD>
- </TR>
- <TR ALIGN="CENTER">
- <TD COLSPAN="3">
- <INPUT TYPE="SUBMIT" VALUE="Submit"> <INPUT TYPE="RESET" VALUE="Reset">
- </TD>
- </TR>
- </TABLE>
- </FORM>
- <?
- }
- /* action=send : add the data from the user into the database */
- elseif($action == "send" ) {
- $reset = reset($required);
- while (list($key, $value) = each($required)) {
- if($form[$value] == "" ) {
- $count++;
- }
- }
- if($count > 0) {
- ?>
- <FORM ACTION="<?php echo $scriptname; ?>?action=send" METHOD="POST">
- <TABLE CELLSPACING="2" ALIGN="CENTER">
- <TR>
- <TD COLSPAN="3" ALIGN="LEFT">
- <B>Please take your time to enter something<BR>
- <CENTER><SMALL>[<FONT COLOR="red">you forgot some fields (marked with *)</FONT>]</SMALL></CENTER></B><BR>
- </TD>
- </TR>
- <TR>
- <TD ALIGN="LEFT">Name</TD>
- <TD ALIGN="LEFT"><B>*</B></TD>
- <TD ALIGN="LEFT" NOWRAP>
- <INPUT TYPE="TEXT" NAME="form[name]" VALUE="<?php echo $form[name]; ?>">
- </TD>
- </TR>
- <TR>
- <TD ALIGN="LEFT">Job</TD>
- <TD ALIGN="LEFT"><B>*</B></TD>
- <TD ALIGN="LEFT" NOWRAP>
- <INPUT TYPE="TEXT" NAME="form[job]" VALUE="<?php echo $form[job]; ?>">
- </TD>
- </TR>
- <TR>
- <TD ALIGN="LEFT">Email</TD>
- <TD ALIGN="LEFT"><B>*</B></TD>
- <TD ALIGN="LEFT" NOWRAP>
- <INPUT TYPE="TEXT" NAME="form[email]" VALUE="<?php echo $form[email]; ?>">
- </TD>
- </TR>
- <TR>
- <TD ALIGN="LEFT">Comments</TD>
- <TD ALIGN="LEFT"><B>*</B></TD>
- <TD ALIGN="LEFT" NOWRAP>
- <TEXTAREA NAME="form[comments]" COLS="23" ROWS="8" WRAP="VIRTUAL"><?php echo $form[comments]; ?></TEXTAREA>
- </TD>
- </TR>
- <TR ALIGN="CENTER">
- <TD COLSPAN="3">
- <INPUT TYPE="SUBMIT" VALUE="Submit"> <INPUT TYPE="RESET" VALUE="Reset">
- </TD>
- </TR>
- </TABLE>
- </FORM>
- <? }
- else {
- if(!$form[email]) {
- $form[email] = "n/a"; }
- if(!$form[subject]) {
- $form[subject] = "n/a"; }
- if(!$form[name]) {
- $form[name] = "n/a"; }
- /* check if a HTML-mail should be send or a plain/text mail */
- if($html_mail == "yes" ) {
- mail("$admin_name <$admin_mail>","PHP3 Guestbook Addition","<HTML><BODY><FONT FACE=\"Century Gothic\"><TABLE BORDER=\"0\" WIDTH=\"100%\" CELLSPACING=\"4\"><TR>$form[name] ($form[email]) wrote the following message in the guestbook :</TR><TR><TD ALIGN=\"LEFT\"> </TD><TD ALIGN=\"LEFT\" NOWRAP> </TD></TR><TR><TD ALIGN=\"LEFT\">$form[comments]</TD><TD ALIGN=\"LEFT\" NOWRAP> </TD></TR><TR><TD ALIGN=\"LEFT\"> </TD><TD ALIGN=\"LEFT\" NOWRAP> </TD></TR><TR><TD ALIGN=\"LEFT\">Name:</TD><TD ALIGN=\"LEFT\" NOWRAP>$form[name]</TD></TR><TR><TD ALIGN=\"LEFT\">Beroep:</TD><TD ALIGN=\"LEFT\" NOWRAP>$form[job]</TD></TR><TR><TD ALIGN=\"LEFT\">Email:</TD><TD ALIGN=\"LEFT\" NOWRAP>$form[email]</TD></TR></TABLE></BODY></FONT></HTML>", "From: $form[name] <$form[email]>\nReply-To: $form[name] <$form[email]>\nContent-type: text/html\nX-Mailer: PHP/" . phpversion());
- }
- else {
- mail("$admin_mail","PHP3 Guestbook Addition","$form[name] ($form[email]) wrote the following message in the guestbook : \n\n $form[comments]\n\n Name: $form[name] \n Job: $form[job] \n Email: $form[email] \n", "From: $form[name] <$form[email]>\nReply-To: $form[name] <$form[email]>\nContent-type: text/plain\nX-Mailer: PHP/" . phpversion());
- }
- /* MySQL really hates it when you try to put things with ' or " characters into a database, so strip these...*/
- $form[comments] = addslashes ("$form[comments]" );
- $query = "INSERT INTO $table VALUES('','$form[name]', '$form[email]', '$form[job]', '$form[comments]')";
- $result = MYSQL_QUERY($query);
- ?>
- <BR><P ALIGN = CENTER>Thank you, <?php echo $form[name]; ?>, for adding your name to our guestbook.
- <BR><P ALIGN = CENTER><A HREF="<?php echo $scriptname; ?>?action=view" onMouseOver="window.status='View your comment now';return true" onMouseOut="window.status='';return true" TITLE="View your comment now">View your comment now.</A><BR><BR>
- <?
- }
- }
- /* if there's no action given, then we must show the main page */
- else {
- /* get the number of entries written into the guestbook*/
- $query = "SELECT name from $table";
- $result = MYSQL_QUERY($query);
- $number = MYSQL_NUMROWS($result);
-
- if ($number == "" ) {
- $entry = "At the moment there are no persons"; }
- elseif ($number == "1" ) {
- $entry = "At the moment there is 1 person"; }
- else {
- $entry = "At the moment there are $number persons"; }
- echo "<CENTER><BR>";
- echo "<P>$entry in the guestbook.<BR>";
- echo "<H4><FONT FACE=\"Verdana\" SIZE=\"-2\"><A HREF=\"$scriptname?action=add\" onMouseOver=\"window.status='Add your name to our guestbook';return true\" onMouseOut=\"window.status='';return true\" TITLE=\"Add your name to our guestbook\">Add your name to our guestbook</A></FONT></H4>";
- if ($number > "" ) {
- echo "<H4><FONT FACE=\"Verdana\" SIZE=\"-2\"><A HREF=\"$scriptname?action=view\" onMouseOver=\"window.status='View the names in our guestbook';return true\" onMouseOut=\"window.status='';return true\" TITLE=\"View the names in our guestbook\">View the names in our guestbook</A></FONT></H4>"; }
- echo "</P></CENTER>";
- }
- ?>
|
|