Rockonmetal
08-27-2007, 08:52 PM
Ok, I was wondering if PHP can do this...
I have a form and there is a hidden input with a secret number to prevent people from submitting fakes.
I was wondering if PHP can read a file take the numbers in the file and check to see if the hidden input and the file are the same, if they are then allow the rest of the script to check * or to let the user upload files, if they are not the same then the form upload doesn't show...
Here is the script for both pages...
*NOTE THE HIDDEN NUMBER IS THE FIRST FORM ELEMENT*
HTML:
<html>
<head>
<script type="text/javascript" src="script.js" /></script>
<style type="text/css">
.input{
background: url(input.png) no-repeat;
width: 184px;
color: #000000;
font-family: Tahoma;
height: 24px;
border: none;
padding: 4px 4px 4px 4px;
font-size: 12px;
}
.textarea{
background: url(textarea.png) no-repeat;
border: none;
width: 250px;
height: 200px;
padding: 3px 3px 3px 3px;
overflow: hidden;
font-family: Tahoma;
font-size: 11px;
}
.progress{
width: 50px;
height: 24px;
color: white;
font-size: 12px;
font-family: Tahoma;
background: #000000 url(loader.gif) x-repeat;
overflow: hidden;
padding-left: 5px;
}
</style>
<script type="text/JavaScript" src="textprogress.js"></script>
</style>
</head>
<body>
<form action="uploader.php" method="post">
<input type="hidden" name="3p42r3ad3a4than32" value="329r8g" />
<div class="pureadd">
<br>
<br>Your Name:
<br><input type="text" name="Name" class="input" />
<br>Your Email:
<br><input type="text" name="Email" class="input"/>
<br>
<script type="text/javascript">
var d = new Date()
document.write("<input type='hidden' value='"+Date()+"' name='time' />")
</script>
<br>
<br>Agree To Terms of Service
<br><input type="checkbox" name="TermsOfService" value="Agreed" /> Yes I Agree To the Terms of Service
<br>
File Description:
<br>
<textarea rows="5" cols="40" name="description" id="maxcharfield" onKeyDown="textCounter(this,'progressbar1',200)" onKeyUp="textCounter(this,'progressbar1',200)"
onFocus="textCounter(this,'progressbar1',200)" class="textarea"></textarea><br />
<div id="progressbar1" class="progress"></div>
<input type="submit" class="input">
</div>
</form>
</body>
</html>
Here is the php page uploader.php
<?php
$filename = 'data.html';
$input1 = $_SERVER['REMOTE_ADDR'];
$input2 = $_POST["Name"];
$input3 = $_POST["Email"];
$input4 = $_POST["time"];
$input5 = $_POST["3p42r3ad3a4than32"];
$input6 = $_POST["Description"];
$data = "<table border='1'><tr><td>User IP Address:</td><td>$input1</td></tr><tr><td>Name:</td><td>$input2</td></tr><tr><td>Email
Address:<td>$input3</td></tr><tr><td>Date Submitted:</td><td>$input4</td></tr><tr><td>Description</td><td><textarea cols='50'
rows='5'>$input6</textarea></td></tr></table>";
if (is_writable($filename)) {
if (!$handle = fopen($filename, 'a')) {
echo "Cannot open file ($filename)";
exit;
}
// Write $somecontent to our opened file.
if (fwrite($handle, $data) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
echo "Success your information has been submitted! Now please submit your files...";
fclose($handle);
} else {
echo "The file $filename is not writable";
}
?>
<?php
$upload_dir = "submitions/";
$num_files = 2;
//the file size in bytes.
$size_bytes =20480000; //51200 bytes = 50KB.
//Extensions you want files uploaded limited to.
$limitedext = array(".gif",".jpg",".jpeg",".png",".bmp",".mov",".mpg",".mpeg");
//check if the directory exists or not.
if (!is_dir("$upload_dir")) {
die ("Error: The directory <b>($upload_dir)</b> doesn't exist because we are in the process of the weekly upload.");
}
//check if the directory is writable.
if (!is_writeable("$upload_dir")){
die ("Error: The directory <b>($upload_dir)</b> is NOT writable, Please click contact and then contact technical support to tell them this problem.");
}
//if the form has been submitted, then do the upload process
//infact, if you clicked on (Upload Now!) button.
if (isset($_POST['upload_form'])){
echo "<h3>Upload results:</h3>";
//do a loop for uploading files based on ($num_files) number of files.
for ($i = 1; $i <= $num_files; $i++) {
//define variables to hold the values.
$new_file = $_FILES['file'.$i];
$file_name = $new_file['name'];
//to remove spaces from file name we have to replace it with "_".
$file_name = str_replace(' ', '_', $file_name);
$file_tmp = $new_file['tmp_name'];
$file_size = $new_file['size'];
#-----------------------------------------------------------#
# this code will check if the files was selected or not. #
#-----------------------------------------------------------#
if (!is_uploaded_file($file_tmp)) {
//print error message and file number.
echo "File $i: Not selected.<br>";
}else{
$ext = strrchr($file_name,'.');
if (!in_array(strtolower($ext),$limitedext)) {
echo "File $i: ($file_name) Wrong file extension. <br>";
}else{
if ($file_size > $size_bytes){
echo "File $i: ($file_name) Faild to upload. File must be <b>". $size_bytes / 1024 ."</b> KB. <br>";
}else{
if(file_exists($upload_dir.$file_name)){
echo "File $i: ($file_name) already exists.<br>";
}else{
if (move_uploaded_file($file_tmp,$upload_dir.$file_name)) {
echo "File $i: ($file_name) Uploaded.<br>";
}else{
echo "File $i: Faild to upload.<br>";
}#end of (move_uploaded_file).
}#end of (file_exists).
}#end of (file_size).
}#end of (limitedext).
}#end of (!is_uploaded_file).
}#end of (for loop).
# print back button.
echo "»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
////////////////////////////////////////////////////////////////////////////////
//else if the form didn't submitted then show it.
}else{
echo " <h3>Select files to upload!.</h3>
Max file size = ". $size_bytes / 1024 ." KB";
echo " <form method=\"post\" action=\"$_SERVER[PHP_SELF]\" enctype=\"multipart/form-data\">";
// show the file input field based on($num_files).
for ($i = 1; $i <= $num_files; $i++) {
echo "File $i: <input type=\"file\" name=\"file". $i ."\"><br>";
}
echo " <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"$size_bytes\">
<input type=\"submit\" name=\"upload_form\" value=\"Upload Now!\">
</form>";
}
?>
</body>
</html>
I wrote the first <? php ?> tag but not the second... That I simply editted by following directions... but it works... I just need it to validate...
Thanks!
I think it would be something like
if $input5 value = 3p42r3ad3a4than32
else echo "YOUR REQUEST IS INVALID WE WILL BLOCK YOU FROM OUR SITE!";
but i don't know how to do that.
I have a form and there is a hidden input with a secret number to prevent people from submitting fakes.
I was wondering if PHP can read a file take the numbers in the file and check to see if the hidden input and the file are the same, if they are then allow the rest of the script to check * or to let the user upload files, if they are not the same then the form upload doesn't show...
Here is the script for both pages...
*NOTE THE HIDDEN NUMBER IS THE FIRST FORM ELEMENT*
HTML:
<html>
<head>
<script type="text/javascript" src="script.js" /></script>
<style type="text/css">
.input{
background: url(input.png) no-repeat;
width: 184px;
color: #000000;
font-family: Tahoma;
height: 24px;
border: none;
padding: 4px 4px 4px 4px;
font-size: 12px;
}
.textarea{
background: url(textarea.png) no-repeat;
border: none;
width: 250px;
height: 200px;
padding: 3px 3px 3px 3px;
overflow: hidden;
font-family: Tahoma;
font-size: 11px;
}
.progress{
width: 50px;
height: 24px;
color: white;
font-size: 12px;
font-family: Tahoma;
background: #000000 url(loader.gif) x-repeat;
overflow: hidden;
padding-left: 5px;
}
</style>
<script type="text/JavaScript" src="textprogress.js"></script>
</style>
</head>
<body>
<form action="uploader.php" method="post">
<input type="hidden" name="3p42r3ad3a4than32" value="329r8g" />
<div class="pureadd">
<br>
<br>Your Name:
<br><input type="text" name="Name" class="input" />
<br>Your Email:
<br><input type="text" name="Email" class="input"/>
<br>
<script type="text/javascript">
var d = new Date()
document.write("<input type='hidden' value='"+Date()+"' name='time' />")
</script>
<br>
<br>Agree To Terms of Service
<br><input type="checkbox" name="TermsOfService" value="Agreed" /> Yes I Agree To the Terms of Service
<br>
File Description:
<br>
<textarea rows="5" cols="40" name="description" id="maxcharfield" onKeyDown="textCounter(this,'progressbar1',200)" onKeyUp="textCounter(this,'progressbar1',200)"
onFocus="textCounter(this,'progressbar1',200)" class="textarea"></textarea><br />
<div id="progressbar1" class="progress"></div>
<input type="submit" class="input">
</div>
</form>
</body>
</html>
Here is the php page uploader.php
<?php
$filename = 'data.html';
$input1 = $_SERVER['REMOTE_ADDR'];
$input2 = $_POST["Name"];
$input3 = $_POST["Email"];
$input4 = $_POST["time"];
$input5 = $_POST["3p42r3ad3a4than32"];
$input6 = $_POST["Description"];
$data = "<table border='1'><tr><td>User IP Address:</td><td>$input1</td></tr><tr><td>Name:</td><td>$input2</td></tr><tr><td>Email
Address:<td>$input3</td></tr><tr><td>Date Submitted:</td><td>$input4</td></tr><tr><td>Description</td><td><textarea cols='50'
rows='5'>$input6</textarea></td></tr></table>";
if (is_writable($filename)) {
if (!$handle = fopen($filename, 'a')) {
echo "Cannot open file ($filename)";
exit;
}
// Write $somecontent to our opened file.
if (fwrite($handle, $data) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
echo "Success your information has been submitted! Now please submit your files...";
fclose($handle);
} else {
echo "The file $filename is not writable";
}
?>
<?php
$upload_dir = "submitions/";
$num_files = 2;
//the file size in bytes.
$size_bytes =20480000; //51200 bytes = 50KB.
//Extensions you want files uploaded limited to.
$limitedext = array(".gif",".jpg",".jpeg",".png",".bmp",".mov",".mpg",".mpeg");
//check if the directory exists or not.
if (!is_dir("$upload_dir")) {
die ("Error: The directory <b>($upload_dir)</b> doesn't exist because we are in the process of the weekly upload.");
}
//check if the directory is writable.
if (!is_writeable("$upload_dir")){
die ("Error: The directory <b>($upload_dir)</b> is NOT writable, Please click contact and then contact technical support to tell them this problem.");
}
//if the form has been submitted, then do the upload process
//infact, if you clicked on (Upload Now!) button.
if (isset($_POST['upload_form'])){
echo "<h3>Upload results:</h3>";
//do a loop for uploading files based on ($num_files) number of files.
for ($i = 1; $i <= $num_files; $i++) {
//define variables to hold the values.
$new_file = $_FILES['file'.$i];
$file_name = $new_file['name'];
//to remove spaces from file name we have to replace it with "_".
$file_name = str_replace(' ', '_', $file_name);
$file_tmp = $new_file['tmp_name'];
$file_size = $new_file['size'];
#-----------------------------------------------------------#
# this code will check if the files was selected or not. #
#-----------------------------------------------------------#
if (!is_uploaded_file($file_tmp)) {
//print error message and file number.
echo "File $i: Not selected.<br>";
}else{
$ext = strrchr($file_name,'.');
if (!in_array(strtolower($ext),$limitedext)) {
echo "File $i: ($file_name) Wrong file extension. <br>";
}else{
if ($file_size > $size_bytes){
echo "File $i: ($file_name) Faild to upload. File must be <b>". $size_bytes / 1024 ."</b> KB. <br>";
}else{
if(file_exists($upload_dir.$file_name)){
echo "File $i: ($file_name) already exists.<br>";
}else{
if (move_uploaded_file($file_tmp,$upload_dir.$file_name)) {
echo "File $i: ($file_name) Uploaded.<br>";
}else{
echo "File $i: Faild to upload.<br>";
}#end of (move_uploaded_file).
}#end of (file_exists).
}#end of (file_size).
}#end of (limitedext).
}#end of (!is_uploaded_file).
}#end of (for loop).
# print back button.
echo "»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
////////////////////////////////////////////////////////////////////////////////
//else if the form didn't submitted then show it.
}else{
echo " <h3>Select files to upload!.</h3>
Max file size = ". $size_bytes / 1024 ." KB";
echo " <form method=\"post\" action=\"$_SERVER[PHP_SELF]\" enctype=\"multipart/form-data\">";
// show the file input field based on($num_files).
for ($i = 1; $i <= $num_files; $i++) {
echo "File $i: <input type=\"file\" name=\"file". $i ."\"><br>";
}
echo " <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"$size_bytes\">
<input type=\"submit\" name=\"upload_form\" value=\"Upload Now!\">
</form>";
}
?>
</body>
</html>
I wrote the first <? php ?> tag but not the second... That I simply editted by following directions... but it works... I just need it to validate...
Thanks!
I think it would be something like
if $input5 value = 3p42r3ad3a4than32
else echo "YOUR REQUEST IS INVALID WE WILL BLOCK YOU FROM OUR SITE!";
but i don't know how to do that.