Need help with an email blocker for a guessbook

lang79james

I am new with php and here is a simple guessbook page but I am being hit with spam from a group of the same email. I know I need to do an IF statement but I am kinda foggy on how to do the code.
What I want to do is make an file that has email address that I want to block and code to call it up to make sure the people that are signing it is not one of the spamers.

Here is my code for the page. Just need help on where to nest the code to call up the blocked email to stop them from posting.

Also if any one knows how to disable html coding from being displayed as well would be helpful.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>Feed Back</title>
  <? include "data/head.php"; ?>
<body>
<center>
<table width="700" border=".01" cellspacing="0" cellpadding="0">
<tr>
<td height="182" align="center" valign="bottom">
<P ALIGN=CENTER><P ALIGN=CENTER><IMG SRC="Images/title/feedback2.gif" NAME="graphics10" ALT="About Me" ALIGN=BOTTOM WIDTH=500 HEIGHT=100 BORDER=0>

   <br>
    </p>
   <?php include "data/menu.php"; ?>
</td></tr>
<tr>
<td height="1050" align="left" valign="top">
        <center><h2>Feedback Form</h2></center>

  <p>Share your feedback with me.</p>
  <form method="post" action="feedback.php">
    <label for="firstname">First name:</label>
    <input type="text" name="firstname" /><br />
    <label for="lastname">Last name:</label>
    <input type="text" name="lastname" /><br />
    <label for="email">What is your email address?</label>
    <input type="text" name="email" /> Required<br />
    <label for="like">Do you like my website, if no please tell me why?</label><br> 
    Yes <input name="like" type="radio" value="does" />
    No <input name="like" type="radio" value="does not" /><br />
    <label for="message">Your Feed Back</label>
    <textarea rows="8" cols="40" wrap="virtual" name="message"></textarea><br />
    <input type="submit" value="Submit Feedback" name="submit" />
  </form>
  <br />    

  <?php
      $first_name = $_POST['firstname'];
      $last_name = $_POST['lastname'];
      $email = $_POST['email'];
      $like = $_POST['like'];
      $message = $_POST['message'];

  $dbc = mysqli_connect('172.23.50.3', 'username', 'password', 'website')
  or die('Error connecting to MySQL server.');

if (!empty($email))  {

 $query = "INSERT INTO feedback (first_name, last_name, email, `like`, message) " .
      "VALUES ('$first_name', '$last_name', '$email', '$like', '$message')"; 

 $result = mysqli_query($dbc, $query)
  or die('Error querying database.');
}
else {
   }



// Retrieve data base 
    $query = "SELECT * FROM feedback" ;
    $data = mysqli_query($dbc, $query);

// Loop through the array of payment data

while ($row = mysqli_fetch_array($data)) {

// Display the payment data 

   echo '<strong>' .$row['last_name'] . ' ' . $row['first_name'] . '</strong><br />' ;
   echo 'This person ' . $row['like'] . ' like this site. <br />';
   echo '<strong>What this person had to say:</strong>' . '<br />'; 
   echo  $row['message'] . '<br />';
   echo '<br />' ;
}


 mysqli_close($dbc);


?> 

</td>
</tr>
 <tr>
    <td colspan="2" height="280"valign="top"><p align="center">

  <?php include "data/footer.php";?>


  </td> 
  </tr>
</table>
</body>
</html>

Thanks in advance.

Neville1985

For the html problem just do this, it will remove all HTML tags from the string


$message = strip_tags($_POST['message']);

For the email problem I suggest you make a new table in your database name it whatever you want. Within it have. banned_id(Primary, auto inc), banned_email(varchar), banned_reason(text)

now create a form that allows you to add said user into that database, you should know how to do this already.

Its untested but it should work.

if (!empty($email))  { 

$select = "SELECT banned_email FROM banned_users WHERE banned_email = $email";
$result = mysqli_query($dbc, $select);

if (mysqli_num_rows($result) <= 0 ) {
	//pass
	$select = "INSERT INTO feedback (first_name, last_name, email, `like`, message) " . 
      "VALUES ('$first_name', '$last_name', '$email', '$like', '$message')"; 

 	$result = mysqli_query($dbc, $query) or die('Error querying database.');

} else {
	//fail
	unset($select,$result);
} 
} else {

}

Ok i'll run you through it.
- $select var is your query string that selects the col banned_email from your banned_users database
- $result is obvious
- First conditional takes the $result var and counts the number of rows returned, if there is a banned email in that database it will return atleast 1.

When it goes to your conditional the two vars $select and $result are overwritten with new values so dont worry about that.

If it fails the script releases the vars used to be used elsewhere, just incase.

This script is in NO WAY perfect or secure. You should research how to validate user input via forms, and php security. Because by the sounds of your problem you've been hit by a bot or something.

Also think about learning about captchas.

Hope this helps.

lang79james

Thanks for the help. Now comes the fun part on making a page that I can use to make field in the data base..... should it be simple or should it be advanced....:p