Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 12 of 12 Posts

·
Registered
Joined
·
941 Posts
Discussion Starter · #1 ·
Ok, i'm having a problem, basically what I'm trying to do is, if the correct 'code' is posted, it gives me, or the admin special prevliges.

PHP:
<?php
$raw_url = $_POST['url']; // converts the post field into a var
$disc = $_POST['disc']; // converts the post field into a var

$clean_url = htmlentities($raw_url, ENT_NOQUOTES); // cleans out the url field, to make sure no malaciose code gets through
$clean_disc = htmlentities($disc, ENT_NOQUOTES); // cleans out the description field, to make sure no malaciose code gets through
$cleaner_url = stripslashes($clean_url); // removes the \ before single and double quotes in the url
$cleaner_disc = stripslashes($clean_disc); // removes the \ before single and double quotes in the url
$no_cache = ' ';

$pass = "test";

$codes = "NG75" || "B1C2" || "DR21" || "KJG4" || "387C" || "HK47" || "K21B" || "92DK" || "H542" || "FJ521"; //these are all the codes used, not very efficient, but it should stop some bots.

$url = "" . $no_cache . "[CENTER][URL]$cleaner_url[/URL]

[B]Link Description:[/B]
$cleaner_disc[/CENTER]"; // displays the URL in large text

$no_disc = "[CENTER][URL]$cleaner_url[/URL]"; // displays the description if one is added

$admin_code = "" . $no_cache . "[CENTER][URL]$raw_url[/URL]

[B]Link Description:[/B]
$disc[/CENTER]"; // this is for an admin posting only!

if ($_POST['Submit'] && $_POST['inc'] == "inc" && $_POST['code'] == $codes) // this is what happens if the user hits submit AND a description is added AND the code is correct
{
$file = "site.html";
    $create = fopen($file, 'w') or die("Hm... There seems to be a problem, I hope you didn't break anything!"); // creates the new file, or gives an error message if something goes wrong
    fwrite($create, $url); // adds $url to the newly created file
    fclose($create); // closes
	echo ''; // redirects back to the home page
}
else if ($_POST['Submit'] && $_POST['code'] == $codes) // this is what happens if the user hits submit, AND the code is correct. notice how no description is added in this
{
$file = "site.html";
    $create = fopen($file, 'w') or die("Hm... There seems to be a problem, I hope you didn't break anything!");
    fwrite($create, $no_disc);
    fclose($create);
	echo '';
}
else if ($_POST['Submit'] && $_POST['inc'] == "inc" && $_POST['code'] == $pass)
{
$file = "site.html";
    $create = fopen($file, 'w') or die("Hm... There seems to be a problem, I hope you didn't break anything!");
    fwrite($create, $admin_code);
    fclose($create);
	echo '';
}
else
{
echo "Sorry, you've entred the wrong code, please go back and try again";
}

?>
the problem is in the last "else if". If I enter test into the code field, it SHOULD include html code in my $disc, and NOT clean it out, like it does by default, but it's not, does anyone know why??

thanks.
 

·
Registered
Joined
·
14,681 Posts
What is the last elseif doing right now? Not writing to the file, or writing the wrong values?

Also, $codes is always going to equal true, so your first elseif probably isn't doing what you want either.
 

·
Registered
Joined
·
447 Posts
like brendandonhu said fix the $codes problem first.

Change

Code:
$codes = "NG75" || "B1C2" || "DR21" || "KJG4" || "387C" || "HK47" || "K21B" || "92DK" || "H542" || "FJ521");
into

Code:
$codes = array("NG75" ,"B1C2" ,"DR21", "KJG4", "387C", "HK47" , "K21B", "92DK","H542", "FJ521";
and change

Code:
$_POST['code'] == $codes
To

Code:
in_array($_POST['code'], $codes) 
//in_array function desc:  http://ca.php.net/in_array
Try fixing that and see what happens.
 

·
Registered
Joined
·
941 Posts
Discussion Starter · #4 ·
brendandonhu said:
What is the last elseif doing right now? Not writing to the file, or writing the wrong values?

Also, $codes is always going to equal true, so your first elseif probably isn't doing what you want either.
How is $codes always going to equal true???

You can test it out here www.knight47.com/link_sharer ,(click on replace with your link, and test out the code thing), it seems to be working fine. I just don't understand how it's always going to equal true.

All this script does is advertise a given URL, one at a time. So if I come along and submit google.com, then that url link is on the main page, along with a description. To make it safer, I null all html code so nothing bad goes through. But I want to be able to add html to it, in case I want to bold something, or italicize, ONLY if the correct password is given. So if the correct password is given, it does NOT null the html, leaving it in place. And obviously the password would only be known by me or whoever is running the script. So nothing bad would go through.
 

·
Registered
Joined
·
14,681 Posts
A non-empty string is always true. Whatever code is entered, it's going to run the first elseif and not the second one. Also, the point of a CAPTCHA is that they have to correctly enter the code displayed in the image. It's not really doing anything if you can enter the same code over and over again.
 

·
Registered
Joined
·
941 Posts
Discussion Starter · #6 ·
I could have sworn that the capatcha was working, I don't know why it's not now... I know it's not the ideal capatcha, but i'm still working on that.

I don't understand what you mean when a string is true, can't you compare a string to another string? and if they don't equal than you do X, and if they equal then you do Y??
 

·
Registered
Joined
·
14,681 Posts
$codes isn't a string there, it's a boolean.
This:
Code:
$codes = "NG75" || "B1C2" || "DR21" || "KJG4" || "387C" || "HK47" || "K21B" || "92DK" || "H542" || "FJ521";
is equivalent to:
Code:
$codes = true;
 

·
Registered
Joined
·
14,681 Posts
If you put it into an array, then it's an array. I really don't see the point of your CAPTCHA though. It's not going to stop any bots since it doesn't check whether they entered the right code or not.
 

·
Registered
Joined
·
14,681 Posts
First you need to store a value for the image that was actually displayed, then you can use == to check if they are the same.

Take a search on google or phpclasses.org, there is lots of sample code for CAPTCHAs.
 

·
Registered
Joined
·
941 Posts
Discussion Starter · #12 ·
Thanks, i know the captcha isn't the greatest, and it's really not supposed to be, I'm just trying to learn, with a bunch of baby steps.. I did turn $codes into an array, and searched it with in_array(), and it did work, thank you both! :)
 
1 - 12 of 12 Posts
Status
Not open for further replies.
Top