diff options
Diffstat (limited to 'guestbook')
| -rwxr-xr-x | guestbook/submit.php | 67 |
1 files changed, 43 insertions, 24 deletions
diff --git a/guestbook/submit.php b/guestbook/submit.php index dfe22f7..1799dd7 100755 --- a/guestbook/submit.php +++ b/guestbook/submit.php @@ -17,34 +17,53 @@ <div id="pagebody"> <div id="content"> <?php + $banned_keywords = array("financial", "finance", "stymn", "world4news", "invest"); + $contains_keywords = array(); $name = strip_tags($_POST["name"]); $msg = strip_tags($_POST["message"]); - if ($msg === "" || $name === "" || strip_tags(htmlspecialchars_decode($msg)) === "") { - echo '<b>You must provide both a name and message!</b>'; + $prohibit = false; + foreach ($banned_keywords as $keyword) { + if (strpos(strtolower($msg), $keyword) !== false) { + $prohibit = true; + array_push($contains_keywords, $keyword); + } + if (strpos(strtolower($name), $keyword) !== false) { + $prohibit = true; + array_push($contains_keywords, $keyword); + } + } + if (!$prohibit) { + if ($msg === "" || $name === "" || strip_tags(htmlspecialchars_decode($msg)) === "") { + echo '<b>You must provide both a name and message!</b>'; + } else { + $db = new PDO("sqlite:/mnt/data1/webdata/floppydisk/guestbook.db"); + + $showinfo = isset($_POST["showinfo"]) ? true : false; + $showip = isset($_POST["showip"]) ? true : false; + $ip = $_SERVER['REMOTE_ADDR']; + $browser = get_browser(null, true); + $sys = $browser['parent'] . ' (' . $browser['platform_description'] . ' ' . $browser['platform_version'] . ')'; + + $data = array('name' => $name, 'message' => $msg, 'show_info' => $showinfo, 'show_ip' => $showip, 'ip' => $ip, 'submitted' => time(), 'sys' => $sys); + + $insert = "INSERT INTO Entries (name, message, show_info, show_ip, ip, submitted, browser_info) VALUES (:name, :message, :show_info, :show_ip, :ip, :submitted, :browser)"; + $stmt = $db->prepare($insert); + $stmt->bindParam(':name', $data['name'], PDO::PARAM_STR); + $stmt->bindParam(':message', $data['message'], PDO::PARAM_STR); + $stmt->bindParam(':show_info', $data['show_info'], PDO::PARAM_STR); + $stmt->bindParam(':show_ip', $data['show_ip'], PDO::PARAM_STR); + $stmt->bindParam(':ip', $data['ip'], PDO::PARAM_STR); + $stmt->bindParam(':submitted', $data['submitted'], PDO::PARAM_STR); + $stmt->bindParam(':browser', $data['sys'], PDO::PARAM_STR); + $stmt->execute(); + echo '<b>Success!</b>'; + } } else { - $db = new PDO("sqlite:/mnt/data1/webdata/floppydisk/guestbook.db"); - - $showinfo = isset($_POST["showinfo"]) ? true : false; - $showip = isset($_POST["showip"]) ? true : false; - $ip = $_SERVER['REMOTE_ADDR']; - $browser = get_browser(null, true); - $sys = $browser['parent'] . ' (' . $browser['platform_description'] . ' ' . $browser['platform_version'] . ')'; - - $data = array('name' => $name, 'message' => $msg, 'show_info' => $showinfo, 'show_ip' => $showip, 'ip' => $ip, 'submitted' => time(), 'sys' => $sys); - - $insert = "INSERT INTO Entries (name, message, show_info, show_ip, ip, submitted, browser_info) VALUES (:name, :message, :show_info, :show_ip, :ip, :submitted, :browser)"; - $stmt = $db->prepare($insert); - $stmt->bindParam(':name', $data['name'], PDO::PARAM_STR); - $stmt->bindParam(':message', $data['message'], PDO::PARAM_STR); - $stmt->bindParam(':show_info', $data['show_info'], PDO::PARAM_STR); - $stmt->bindParam(':show_ip', $data['show_ip'], PDO::PARAM_STR); - $stmt->bindParam(':ip', $data['ip'], PDO::PARAM_STR); - $stmt->bindParam(':submitted', $data['submitted'], PDO::PARAM_STR); - $stmt->bindParam(':browser', $data['sys'], PDO::PARAM_STR); - $stmt->execute(); - echo '<b>Success!</b>'; + echo '<b>Your message could not be submitted as it (or your username) contains the following prohibited keywords:</b><br>'.PHP_EOL; + echo ' <pre>'.join(', ', $contains_keywords).'</pre>'.PHP_EOL; } - ?><br><br> + ?> + <br><br> <a href="./">Back</a> </div> <!-- content --> |