PDA

View Full Version : Eliminate String - Discard Data Silently



trochia
02-21-2009, 01:59 PM
I hope I am able to describe this properly, but I inherited a form that is js and passes to a php mail() function. I'm pretty new to javascript also. I usually do all my forms in php tossing into mysql.

1) I have one field which is for "phone number", and due to the fact that this site deals with international numbers, country codes and people that possibly enter with a different syntax, I need to keep it as a "text box" entry.

2) There is one user ( or bot ) that keeps entering a certain value of 123456 and this adds up to 50+ per day.

3) Below is the only checking that is being done:
/*if name is blank or less than two characters
if ($_POST['phone-number']=='' || strlen($_POST['phone-number'])<2 || $_POST['phone-number']=='phone number' )
{
$errors[] = 'Phone Number is required.';
}*/


The person that wrote this is just looking for any entry of characters that is >2, and the only validation of this whole form is below, in which he is looking for the @ sign, to get an e-mail address.


<?php

function alpha_numeric($str)
{
return ( ! preg_match("/^([-a-z0-9])+$/i", $str)) ? FALSE : TRUE;
}

function valid_email($str)
{
return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
}

?>


4) What I would like to do, and this is what I am not sure about and asking for help is to just let this person/bot to keep doing what is being done...but I would just like to Silently Discard and entry that contains the: 123456 from passing thru the mail() function, yet make it look like it was successful to the user (bot) in which this would keep them happy, thinking it is doing it.

Thank-you in advance, and any help for a newbie appreciated !!

bluewalrus
02-21-2009, 04:46 PM
maybe


if ($PHONENUMBERVALUE == "1233456") {
} else
{
What ever normally happens {
}

trochia
02-21-2009, 04:58 PM
Thx for the reply, and yes... I know I can "trap it" that way, but I guess I am confused on how to make it just "silently get tossed/discarded"...in the PHP process...

So that it "does not" get mailed ??

Here is the end of the php... Maybe somehow create a varibable assigned to it? This is where I am lost..


/*strip the variables of anything ugly*/
$message = stripslashes($message);
$user_message = stripslashes($user_message);

/*send the message to the admin*/
mail("info@thewebsite.com","Contact Form",$message,"From:".$_POST['email']);
mail("admin@thewebsite.com","Contact Form",$message,"From:".$_POST['email']);

/*send the message to the user*/
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From:info@thewebsite.com\r\n";
mail( $_POST['email'],"HEADER MESSAGE",$user_message,$headers);
//mail( $_POST['email'],"Thank you for contacting us",$user_message,"From:info@thewebsite.com");


/*also print out that they have successfully sent mail*/
echo '<h3 class="success">Success!</h3>';
echo '<p class="success_text">Your message was successfully sent.</p>';
echo '<h3 class="success"><a href="http://www.thewebsite.com/thankyou.php"><font color="#0000FF">Click Here</font> to continue !!</a>';

JasonDFR
02-21-2009, 07:15 PM
Maybe you can put the conditional in the section of code that executes the mail()? Keep everything the same, except if phone number == 123456, don't send yourself a mail about it.

Good luck,

J

trochia
02-21-2009, 07:31 PM
I agree...lol...But how Is my question..

The present form has 17 fileds, many with drop downs.. It also doesn't connect to a DB either... It's working well except for this problem.

I just thought I'd ask up here for a "simple solution" if anyone new...and hope one shows up.

My last resort will be to re-write so that it taps into a DB, the thing now it is just in "thin air", and no "client side" can be done ( That I can think of ).

But if I do toss it into the server, then just run a function to delete it....but as mentioned.. I would think someone with more knowledge of js error checking, and spam etc...would have a simpler soultuion...to be able to "not send" and pretend it did...

lol

Thx again for the reply!!

JasonDFR
02-22-2009, 07:45 AM
if ( phone number != '123456') {
mail("info@thewebsite.com","Contact Form",$message,"From:".$_POST['email']);
mail("admin@thewebsite.com","Contact Form",$message,"From:".$_POST['email']);
}



This really isn't a great solution. A db would be better. A db and phone number validation would be best.

Good luck,

J

trochia
02-22-2009, 12:58 PM
Thx for the effort, (reply)...did not work at all.

Broke it somewhere else...for some reason..in the middle of an HTML output into the e-mail.

Unless I needed to also insert something in this area?

/*if name is blank or less than two characters */
if ($_POST['phone-number']=='' || strlen($_POST['phone-number'])<2 || $_POST['phone-number']=='phone number' )
{
$errors[] = 'Phone Number is required.';
}


I'm lost...and not having fun...(smile)

JasonDFR
02-22-2009, 01:58 PM
mail("info@thewebsite.com","Contact Form",$message,"From:".$_POST['email']);
mail("admin@thewebsite.com","Contact Form",$message,"From:".$_POST['email']);

These are the two lines of code that alert you about your form being submitted, right?


if ( the phone number entered in the form != '1233456' ) { // phone # NOT EQUAL to 1233456

// mail your information to thewebsite.com

mail("info@thewebsite.com","Contact Form",$message,"From:".$_POST['email']);
mail("admin@thewebsite.com","Contact Form",$message,"From:".$_POST['email']);

// And everything else happens exactly the same way. It "pretends" to have been sent off.

}

That is as simple as it gets.

What do you mean by this: "Thx for the effort, (reply)...did not work at all."

If you are saying that I didn't make an effort, well, this is the last time I'll try.

Also you said: "I would think someone with more knowledge of js error checking..."

Javascript can do nothing to stop people spamming your form.

trochia
02-22-2009, 02:45 PM
Jason, no...sorry if you took it wrong. ( Guess I should have added Smilies) ( I can't stand them).. And I should have reread what I wrote, but it was 4.30area when I got up...and toasted mentally over this.

Doing what you reco'd, give me a parse error, on line 521, and no mail gets sent.

Line 521, is a "blank line"...stuck in the middle of HTML, that "creates" tables/etc...of populated (garbage) (laugh)...of things, the site owner wants the person filling in the form...to see in e-mail. (Don't ask me why)..haha

IF ?? I increase the <2 to <7, The error prints... and use the 123456

$errors[] = 'Phone Number is required.';

I have tried // $errors[] = 'Phone Number is required.';

But this didn't stop the error from showing, but NO FORM does get mailed, but more than 6 characters, mails fine... But? The spammer will just INCREASE 6 to 7 etc.

Again, sorry if you took me wrong...as mentioned...WHAT looks simple, and placing in position...just isn't doing it for some reason...(at that location) in the code.

So maybe I need to somehow trap/modify at the top of code:
/*if name is blank or less than two characters */
if ($_POST['phone-number']=='' || strlen($_POST['phone-number'])<7 || $_POST['phone-number']=='phone number' )
{
$errors[] = 'Phone Number is required.';
}