music_fan01 Posted October 4, 2011 Share Posted October 4, 2011 I have a working guestbook, but adjusting the time is whats getting me. I am trying to get the time to change depending on the timezone. And I also trying to get the time in the format 1:00 PM, not 21:00. Then on a different note, how can I stop spamming and injections. Index page for guestbook <HTML> <HEAD> <style type="text/css"> <!-- .style1 {font-size: 12px} body,td,th { font-size: 14px; } a { font-size: 12px; } body { background-color: #CCCCCC; SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000 } a:link { color: #0066FF; text-decoration: none; } a:visited { text-decoration: none; color: #0066FF; } a:hover { text-decoration: underline; color: #0066FF; } a:active { text-decoration: none; } --> </style> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><BODY> <form method="post" action="addguestbook.php"> <div align="center"></div> <div align="center"></div> <div align="center" class="style1"></div> <div align="center"><span class="style1">Name:</span><br /> <input name="name" type="text" size="30" maxlength="40" /> <br /> <span class="style1"><br /> Email:</span><br /> <input name="email" type="text" size="30" maxlength="40" /> <br /> <br /> <span class="style1">Home Page:</span><br /> <input name="site" type="text" size="30" value="http://" maxlength="40" /> <br /> <br /> <span class="style1">Message:</span><br /> <textarea name="msg" cols="22" rows="6"></textarea> <br /> <br /> <input type="reset" value="Reset" /> <input type="submit" value="Send" /> </div> <div align="center"> <p> </p> <?php $file = "guestbook.txt"; if (fopen($file, "r")) { $fil = "guestbook.txt"; $fo = fopen ($fil, "r"); $con = fread ($fo,filesize ($fil)); fclose ($fo); echo "$con"; } else { echo "<h3>Sorry there was an error please contact us now<h3>"; } ?></div> </BODY> </HTML> addguestbook.php <HTML> <HEAD> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css"> <!-- body,td,th { font-size: 12px; color: #000000; } a:link { text-decoration: none; color: #0066FF; } a:visited { text-decoration: none; color: #0066FF; } a:hover { text-decoration: underline; color: #0066FF; } a:active { text-decoration: none; } body { background-color: #CCCCCC; SCROLLBAR-FACE-COLOR: #0066FF; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #0066FF; SCROLLBAR-SHADOW-COLOR: #0066FF; SCROLLBAR-3DLIGHT-COLOR: #0066FF; SCROLLBAR-ARROW-COLOR: #51B0F2; SCROLLBAR-TRACK-COLOR: #51B0F2; Courier New; SCROLLBAR-DARKSHADOW-COLOR: #000000 } --> </style> </HEAD> <BODY> <?php function is_leapyear($year = 2004) { return ($year%4)==0; } $file = "guestbook.txt"; $name = $_POST['name']; $email = $_POST['email']; $site = $_POST['site']; $msg = $_POST['msg']; $site = stripslashes($site); $msg = stripslashes($msg); $email = stripslashes($email); $name = stripslashes($name); $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); if(empty($email) || empty($name) || empty($msg)) { echo "<h3>Sorry all fields are required</h3>"; } else { $fp = fopen($file,"a"); $timestamp=date("M/D/Y h:m:s"); fwrite($fp, ' <font size="3"> <BR><BR> Posted: '.$timestamp.'<br /> Name: '.$name.'<BR> Email: <a href="mailto:'.$email.'">'.$email.'</a><BR> Home Page: <a href="'.$site.'">'.$site.'</a><BR>Message: '.$msg.'<BR> '); fclose($fp); echo '<font size="3"><p align="center">Thank you '.$name.' for singing my guestbook</p></font>'; } ?> <div align="center"></div> <div align="center"></div> <div align="center"></div> <div align="center"></div> <p align="center"><a href="index.php">Back to GuestBook</a></p> <div align="center"></div> </BODY> </HTML> Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 4, 2011 Share Posted October 4, 2011 I am trying to get the time to change depending on the timezone. date_default_timezone_set() trying to get the time in the format 1:00 PM, not 21:00. date() Quote Link to comment Share on other sites More sharing options...
marcus Posted October 4, 2011 Share Posted October 4, 2011 date('h:i:s a') 11:24:15 pm Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted October 4, 2011 Share Posted October 4, 2011 To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way. This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php) also, there is a PHP function for converting new lines into HTML lines breaks called nl2br nl2br: http://php.net/manual/en/function.nl2br.php. //old version $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); //can be replaced by $msg = nl2br(htmlentities($msg)); $site = nl2br(htmlentities($site)); $email = nl2br(htmlentities($email)); $name = nl2br(htmlentities($name)); if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22 Quote Link to comment Share on other sites More sharing options...
music_fan01 Posted October 4, 2011 Author Share Posted October 4, 2011 I am trying to get the time to change depending on the timezone. date_default_timezone_set() trying to get the time in the format 1:00 PM, not 21:00. date() For the timezone, do I need to put something in the function? I was reading the tutorial and there are some examples that do have something in the function. Quote Link to comment Share on other sites More sharing options...
music_fan01 Posted October 5, 2011 Author Share Posted October 5, 2011 To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way. This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php) also, there is a PHP function for converting new lines into HTML lines breaks called nl2br nl2br: http://php.net/manual/en/function.nl2br.php. //old version $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); //can be replaced by $msg = nl2br(htmlentities($msg)); $site = nl2br(htmlentities($site)); $email = nl2br(htmlentities($email)); $name = nl2br(htmlentities($name)); if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22 To make sure that I am understanding how to build a database, would I go about it like: SELECT * FROM user_table WHERE name=’$name’ email=’$email’ site="$site' AND msg="$msg" Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted October 5, 2011 Share Posted October 5, 2011 Almost. The valid form of the query you posted would be SELECT * FROM user_table WHERE name=’$name’ AND email=’$email’ AND site="$site' AND msg="$msg" You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc. Quote Link to comment Share on other sites More sharing options...
music_fan01 Posted October 5, 2011 Author Share Posted October 5, 2011 Almost. The valid form of the query you posted would be SELECT * FROM user_table WHERE name=’$name’ AND email=’$email’ AND site="$site' AND msg="$msg" You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc. Before I get into building the database anymore, I dont have to link an admin name or password into the database? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.