Coding Help! {Comment box}

IMP_TWI

So I've been trying to make a comment box for quite awhile now.. but no matter what I do it doesn't seem to work at all with my server. So I tried using a free one from a site which was similar to the one I was writing. To cut this short, It's sort of like a discussion comment box where you don't need to be registered in order to comment. It displays the comment box properly where you would post your comment, but does not input data and ends up displaying a completely blank page where it would supposedly display comments linked to it. I will paste the script below.


<?




$COM_CONF['full_path'] = dirname(__FILE__);

include("{$COM_CONF['full_path']}/config2.php");
if (! $COM_CONF['dbhost']) {
	echo 'Comment scripts are not installed properly.';
}

require("{$COM_CONF['full_path']}/lang/lang_{$COM_CONF['lang']}.php");


$comments_db_link = mysql_connect($COM_CONF['dbhost'],$COM_CONF['dbuser'],$COM_CONF['dbpassword']);
mysql_select_db($COM_CONF['dbname'], $comments_db_link);

smcom_main();

function smcom_main()
{
	if ($_REQUEST['action'] == 'add'){
		smcom_add();
	}
	elseif ($_REQUEST['action'] == 'unsub'){
		smcom_unsub();
	}
	elseif (1) {
		smcom_view();
	}
}

function smcom_check_for_errors() {

global $comments_db_link, $COM_CONF, $COM_LANG;

$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
$result = mysql_query("SELECT ip FROM {$COM_CONF['dbbannedipstable']} WHERE ip='$ip'", $comments_db_link);

if (mysql_num_rows($result)>0) {
	$error_message.=$COM_LANG['not_allowed'] . "<br />";
}
if ($_REQUEST['disc_name'] == '') {
	$error_message.=$_REQUEST['r_disc_name'] . "<br />";
}
if ($_REQUEST['disc_body'] == '') {
	$error_message.=$_REQUEST['r_disc_body'] . "<br />";
}
if ($_REQUEST['disc_email'] != '') {
	if (!smcom_is_email($_REQUEST['disc_email'])) {
		$error_message.="Invalid email address" . "<br />";
	}
}

return $error_message;

}

function smcom_flood_protection($INPUT) {

global $comments_db_link, $COM_CONF, $COM_LANG;

$result = mysql_query("select time from {$COM_CONF['dbmaintable']} where ip='{$_SERVER['REMOTE_ADDR']}' AND  (UNIX_TIMESTAMP( NOW( ) ) - UNIX_TIMESTAMP( time )) < {$COM_CONF['anti_flood_pause']}", $comments_db_link);
if (mysql_num_rows($result)>0) {
	$error_message="Flood detected";
	return $error_message;
}
$result = mysql_query("select ID from {$COM_CONF['dbmaintable']} where text='{$INPUT['disc_body']}' AND author='{$INPUT['disc_name']}' AND href='{$INPUT['href']}'", $comments_db_link);
if (mysql_num_rows($result)>0) {
	$error_message="Flood detected";
	return $error_message;
}

return "";
}



function smcom_add()
{
	global $comments_db_link, $COM_CONF, $COM_LANG;

foreach ($_REQUEST as $key => $value) {
	if ($key == 'disc_body') {
		$comment_text=stripslashes($value);
	}
	$_REQUEST[$key] = str_replace('<', '&lt;', $_REQUEST[$key]);
	$_REQUEST[$key] = str_replace('>', '&gt;', $_REQUEST[$key]);
	if (get_magic_quotes_gpc()) {
		$_REQUEST[$key] = stripslashes($_REQUEST[$key]);
	}
	$_REQUEST[$key] = mysql_escape_string($_REQUEST[$key]);
}

$_REQUEST['href'] = str_replace('%2F', '/', $_REQUEST['href']);
$_REQUEST['href'] = str_replace('%3F', '?', $_REQUEST['href']);
$_REQUEST['href'] = str_replace('%26', '&', $_REQUEST['href']);
$_REQUEST['href'] = str_replace('%3D', '=', $_REQUEST['href']);

if ($_REQUEST['dont_show_email'] != '') { $dont_show="1"; }
else { $dont_show="0"; }


$error_message = smcom_check_for_errors();
$error_message .= smcom_flood_protection($_REQUEST);


if ($COM_CONF['ckeck_for_spam']) {
	if (!$error_message) {
		$spam_check_result = smcom_spam_check($_REQUEST['disc_email'], $_REQUEST['disc_name'], "", $comment_text, $_REQUEST['href'], "");
		if ($spam_check_result == 1) {
			$error_message .= "<br>Your comment suspected as spam.";

			mysql_query("INSERT INTO {$COM_CONF['dbjunktable']} VALUES (NULL, NOW(), '{$_REQUEST['href']}', '{$_REQUEST['disc_body']}', '{$_REQUEST['disc_name']}', '{$_REQUEST['disc_email']}', '$dont_show', '{$_SERVER['REMOTE_ADDR']}')", $comments_db_link);
		}
		if ($spam_check_result == 2) {
			$error_message .= "<br>Invalid WordPress API key";
		}
		if ($spam_check_result == 3) {
			$error_message .= "<br>Could not connect to the Akismet server";
		}
	}
}


if ($error_message) {
	print "The following errors occured:<br>$error_message<br><br>
		Please <a href=\"javascript:history.go(-1)\">get back</a> and try again.";
	return 0;
}


mysql_query("INSERT INTO {$COM_CONF['dbmaintable']} VALUES (NULL, NOW(), '{$_REQUEST['href']}', '{$_REQUEST['disc_body']}', '{$_REQUEST['disc_name']}', '{$_REQUEST['disc_email']}', '$dont_show', '{$_SERVER['REMOTE_ADDR']}')", $comments_db_link);

if ($_REQUEST['email_me'] != '' && $_REQUEST['disc_email'] != '') {
	$result = mysql_query("select COUNT(*) from {$COM_CONF['dbemailstable']} where href='{$_REQUEST['href']}' AND email='{$_REQUEST['disc_email']}'", $comments_db_link);
	list ($count) = mysql_fetch_row($result);
	if ($count == 0) {
		$hash=md5($email . $COM_CONF['copy_random_seed']);
		mysql_query("INSERT INTO {$COM_CONF['dbemailstable']} VALUES (NULL, '{$_REQUEST['disc_email']}', '{$_REQUEST['href']}', '$hash')", $comments_db_link);
	}
}

if ($COM_CONF['email_admin']) {
	smcom_notify_admin($_REQUEST['href'], $_REQUEST['disc_name'], $_REQUEST['disc_email'], $comment_text, "{$_SERVER['REMOTE_ADDR']}, {$_SERVER['HTTP_USER_AGENT']}");
}
smcom_notify_users($_REQUEST['href'], $_REQUEST['disc_name'], $_REQUEST['disc_email']);

header("HTTP/1.1 302");
header("Location: {$COM_CONF['site_url']}{$_REQUEST['href']}");
print "<a href=\"{$COM_CONF['site_url']}{$_REQUEST['href']}\">Click here to get back.</a>";

}

function smcom_notify_admin($href, $name, $email, $text, $ip)
{
	global $comments_db_link, $COM_CONF, $COM_LANG;

$headers = "From: Comments <{$COM_CONF['email_from']}>\r\n";
$text_of_message="
{$COM_LANG['email_new_comment']} {$COM_CONF['site_url']}$href
{$COM_LANG['email_from']}: $name <$email>

$text

$ip
		";

mail($COM_CONF['email_admin'], "{$COM_LANG['email_new_comment']} $href", $text_of_message, $headers);
}

function smcom_notify_users($href, $name, $email_from)
{
	global $comments_db_link, $COM_CONF, $COM_LANG;

$headers = "From: Comments <{$COM_CONF['email_from']}>\n";

$result=mysql_query("select email, hash from {$COM_CONF['dbemailstable']} where href='$href'", $comments_db_link);
while (list($email, $hash) = mysql_fetch_row($result)) {
	if ($email != $email_from) {
		$text_of_message="
{$COM_LANG['email_new_comment']} {$COM_CONF['site_url']}$href
{$COM_LANG['email_from']}: $name

{$COM_LANG['email_to_unsubscribe']}
{$COM_CONF['site_url']}{$COM_CONF['script_url']}?action=unsub&page=$href&id=$hash

		";
		mail($email, "{$COM_LANG['email_new_comment']} $href",$text_of_message, $headers);
	}
}


}

function smcom_unsub()
{
	global $comments_db_link, $COM_CONF, $COM_LANG;

$id=mysql_escape_string($_REQUEST['id']);
$href=mysql_escape_string($_REQUEST['page']);

mysql_query("delete from {$COM_CONF['dbemailstable']} where href='$href' AND hash='$id'", $comments_db_link);

if (mysql_affected_rows() > 0) {
	print "{$COM_LANG['unsubscribed']}";
}
else {
	print "{$COM_LANG['not_unsubscribed']}";
}
}

function smcom_view()
{
	global $comments_db_link, $COM_CONF, $COM_LANG;

$request_uri = mysql_escape_string($_SERVER['REQUEST_URI']);
$result = mysql_query("select time, text, author, email, dont_show_email from {$COM_CONF['dbmaintable']} where href='$request_uri' order by time {$COM_CONF['sort_order']}", $comments_db_link);

$comments_count=0;
$time=$text=$author=$email=$dont_show_email=array();
while (list($time[$comments_count], $text[$comments_count], $author[$comments_count], $email[$comments_count], $dont_show_email[$comments_count])=mysql_fetch_array($result)) {
	$text[$comments_count] = wordwrap($text[$comments_count], 75, "\n", 1);
	$time[$comments_count] = smcom_format_date($time[$comments_count]);
	$comments_count++;
}

require("{$COM_CONF['full_path']}/templates/{$COM_CONF['template']}.php");

}

function smcom_format_date($date)
{
	global $COM_LANG;

$year = substr($date, 0, 4);
$month = intval(substr($date, 5, 2)) - 1;
$day = substr($date, 8, 2);
$hour = substr($date, 11, 2);
$min = substr($date, 14, 2);

return "$day {$COM_LANG['months'][$month]} $year, $hour:$min";
}

function smcom_is_email($Addr)
{
	$p = '/^[a-z0-9!#$%&*+-=?^_`{|}~]+(\.[a-z0-9!#$%&*+-=?^_`{|}~]+)*';
	$p.= '@([-a-z0-9]+\.)+([a-z]{2,3}';
	$p.= '|info|arpa|aero|coop|name|museum)$/ix';
	return preg_match($p, $Addr);
}

?>

ixalmida

It displays the comment box properly where you would post your comment, but does not input data

Based on your description I don't think you've posted the code that's giving you the problem. It sounds like you can't get data into the box.

Some observations on the code you posted...

One thing that screams out for correction (at least to me) is the use of $_REQUEST. According to the manual page:

Note: The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and therefore could be modified by the remote user and cannot be trusted.

You really should stick to a single input method (ideally, POST) if you want to protect your database from malicious code. The major advantage of a text box is that you can limit the length of the input and eliminate certain keystrokes using Javascript.

Once you've put limitations on the input box, you could simplify your text filtering. The majority of my filtering occurs in one line of code:

// Plain-text Comment -- eliminate undesirable text...
$comment = htmlspecialchars(strip_tags(stripslashes($comment)));

If I need to accept HTML input, I generally use the following:

// HTML Comment -- eliminate undesirable text...
$comment = preg_replace("/(\r\n|\n|\r)/", "", htmlentities(nl2br($comment)));

scrupul0us

are things writing to the database? any errors?

IMP_TWI

That script was giving me to many problems so I went back to an older script I use to use on an old site I owned prior. Though it wasn't writing to DB (the first script) so it was probably just an incomplete file.. The script I'm using now I think it a lot better and secure.

I have a question which I do need a lot of help addressing though.. I want to stop users from being able to refresh a comment (IE so they can't flood the DB by using firefox's auto refresh or just use f5 and continuously post the same message over and over) .. So how would I do this? How would I make it so they'd be able to post but not be able to refresh their post when they refresh the page.. and how would I limit them from posting within a time span (say 10 seconds).

Any help would be appreciated.

scrupul0us

have a table that collects the users IP address and timestamp upon submission... everytime a submission is made check that table for the distance of time being whatever you want (e.g. 5 minutes)... if they are within the 5 mins either just deny the post or deny the post and update the stamp... if they are outside the 5 mins, delete the previous timestamp or update the current one (this helps prevent inflating the size of your D😎..

a little rough around the edges i know but you get the idea

IMP_TWI

Is there a way to drop the cookie/session of information after they submit it so that they can't refresh the page but remain logged in?

scrupul0us

well yea, after you run the submit routine to the database just empty or unset the session vars that hold that specific information and then redirect to another page

IMP_TWI

So if this is my page.. how would I do that?

<?php
if(!isset($tools))
	die("You may not do that!");
	echo "<table align=center width=95%><tr><td bgcolor=#11111 align=center class=style1><font color=#FFFFFF face=arial><b>Black Book</b></font></td><tr><td bgcolor=#222222 class=style2>";
//settings--------------
$minamount="100000"; // min amount for any contract
//------------------------
switch($action) 
{
	default: 
	{
		print '<table width=450 align=center bgcolor=#333333 cellpadding=0>
			<tr bgcolor=#000000 valign=top>
			<td><div align="center" class="hithead"><strong><font color=red>Target</font></strong></div></td>
   			   <td><div align="center" class="hithead"><strong><font color=red>Reward</font></strong></div></td>
    		   <td><div align="center" class="hithead"><strong><font color=red># of Contractors</font></strong></div></td>
    		   <td><div align="center" class="hithead"><strong><font color=red>Contractors</font></strong></div></td>
			   <td><div align="center">&nbsp;</div></td>
 			   </tr>';
		$sql="SELECT * FROM $prefix.hitlist ORDER BY money DESC";
		$db=mysql_query($sql);
		if(mysql_num_rows($db)==0) 
		{
			print "<tr><td colspan=5 align=center>No hits currently active</td></tr>";
		}
		else 
		{
			$a=0;
			while($hit=mysql_fetch_array($db)) 
			{
				if($a==0) 
				{
					print '<tr bgcolor=#333333>';
					$a=1;
				}
				else 
				{
					print '<tr bgcolor=#444444>';
					$a=0;
				}
				print '<td align=center><a href=driver.php?x=profile&u='.$hit['target'].'>'.$hit['target'].'</a></td><td align=center>$'.number_format($hit['money']).'</td><td align=center>'.$hit['donors'].'</td><td align=center><a href=driver.php?x=hitlist&action=donors&hid='.$hit['hid'].'>view list</a></td>
				<td align=center><form method=post action=driver.php?x=hitlist&action=donate><input type=text name=money><br><input type=submit name=submit value="Add to Reward"><input type=hidden name=hid value='.$hit['hid'].'></form></td>';
				print '</tr>';
			}
		}
		print '</table>';
		print "<div align=center><a href=driver.php?x=hitlist&action=addnew>Add new hit contract</a></div>";
	}
	break;
	case "donors": 
	{
		$sql="SELECT * FROM $prefix.hitlist_donors WHERE hid='$hid' ORDER BY money DESC";
		$db=mysql_query($sql);
		print "<table width=400 align=center bgcolor=#333333 cellpadding=0>
			<tr bgcolor=#000000 valign=top><td align=center><div align=center class=hithead><strong><font color=red>Contractor</font></strong></div></td><td align=center><div align=center class=hithead><strong><font color=red>AMOUNT</font></strong></div></td></tr>";
		$a=0;
		while($donor=mysql_fetch_array($db)) {
			if($a==0) {
				print '<tr bgcolor=#333333>';
				$a=1;
			}
			else {
				print '<tr bgcolor=#444444>';
				$a=0;
			}
			print "<td><a href=driver.php?x=profile&u=".$donor['donor'].">".$donor['donor']."</a></td><td>$".number_format($donor['money'])."</td></tr>";	
		}
		print "</table>";
		print "<a href=driver.php?x=hitlist>BACK</a>";
	}
	break;
	case "donate": 
	{
		settype($money,'int');
		if($money==NULL  || $money==0 || $money<0) 
		{
			print "You must enter an amount to donate";
		} 
		elseif ($money < $minamount) 
		{
			print "Your contract must be greater then $".number_format($minamount)."";
		}
		else 
		{
			if($stats_array['cash']<$money) 
			{
				print "You don't have that much money";
			}
			else 
			{
				$res = mysql_query("SELECT * FROM $prefix.hitlist_donors WHERE hid=$hid AND donor='".$player->nickname."'");
				$num = mysql_num_rows($res);
				if($num == 0)
				{
					$sql="UPDATE $prefix.hitlist SET donors=donors+1, money=money+$money WHERE hid=$hid";
					mysql_query($sql);
					$sql="INSERT INTO $prefix.hitlist_donors VALUES ('','$hid','$stats_array[nickname]','$money')";
					mysql_query($sql);
				}
				else 
				{
					$sql="UPDATE $prefix.hitlist SET money=money+$money WHERE hid=$hid";
					mysql_query($sql);
					$sql = "UPDATE $prefix.hitlist_donors SET money=money+$money WHERE hid=$hid AND donor='".$player->nickname."'";
					mysql_query($sql);
				}
				$sql="UPDATE $prefix.user_characters SET cash=cash-$money WHERE email='".$_SESSION['user_email']."'";
				mysql_query($sql);
				print "Congrats your donation was added";
			}
		}
	}
	break;
	case "addnew": 
	{
		if($conf != 1) 
		{
			$sql="SELECT * FROM $prefix.user_characters ORDER BY nickname";
			$db=mysql_query($sql);
			print "<form method=post action=driver.php?x=hitlist&action=addnew><table><tr align=center><td colspan=2>Add a hit</td></tr>";
			print "<tr><td>Target: </td><td><select name=target>";
			while($user=mysql_fetch_array($db)) 
			{
				print "<option value=".$user['nickname'].">".$user['nickname']."</option>";
			}
			print "</select></td></tr>";
			print "<tr><td>Ammount: </td><td><input type=text name=money></td></tr>";
			print "<tr align=center><td colspan=2><input type=hidden name=conf value=1><input type=submit name=Submit value=\"Add Hit\"></td></tr>";
			print "</table>";
		}
		else 
		{
			settype($money,'int');
			$sql="SELECT * FROM $prefix.hitlist WHERE target='$target'";
			$db=mysql_query($sql);
			if(mysql_num_rows($db)>0) 
			{
				print "Sorry that person already has a hit on them";
			}
			else if($money==NULL || $money==0 || $money<0) 
			{
				print "Sorry you must enter an ammount for the hit";
			} 
			elseif ($money < $minamount) 
			{
				print "Your contract must be greater then $".number_format($minamount)."";
			}
			else 
			{
				if($stats_array['cash'] < $money) 
				{
					print "You don't have that much money";
				}
				else 
				{
					$sql="INSERT INTO $prefix.hitlist VALUES ('','$target','$money','1')";
					mysql_query($sql);
					$sql="SELECT * FROM $prefix.hitlist WHERE target='$target'";
					$db=mysql_query($sql);
					$hit=mysql_fetch_array($db);
					$sql="INSERT INTO $prefix.hitlist_donors VALUES ('','".$hit['hid']."','$stats_array[nickname]','$money')";
					mysql_query($sql);
					$sql="UPDATE $prefix.user_characters SET cash=cash-$money WHERE email='$stats_array[email]'";
					mysql_query($sql);
					print "Hit added<br>";
					print "<a href=driver.php?x=hitlist>BACK</a>";
				}
			}
		}
	}
}
print"</td></table>";
?>