This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
When the bots attack!
My free classified portal is coded in php. Now am facing sequence of ads which seems to be posted by tools like auto submitter. So I need to detect and avoid these type of ads by an automation which is done in any ways.
Have you considered using a "Captcha"?
http://www.captcha.net/
They are pretty easy to integrate and look like this:
There are several ways.
A simple one is to place a text box on the input form that says
Type the word "human": [ ]
If the trimmed uppercased version of that input != "HUMAN", then you either have a dumb human, or a dumb bot.
Obviously, this is super-easy for someone to defeat, but only if they take the time to code something for your site. In other words, it helps but is not foolproof.
On a more advanced level, integrate a recaptcha system, such as http://www.google.com/recaptcha
One of the simplest solutions would be honeypots, the idea is to include some fields with common names like email, address etc and hide them from user and use something less common for original names. If one of hidden fields aren't empty it was submitted by bot.
To make it more complicate you can dynamically encrypt every field names using md5 example:
$encodedFieldName = md5('email_address' . session_id());
Of course you need to create array with allowed fields and retrieve them back before submitting results to database.
Related
I'm trying to create an system that can calculate all input given for invoice related calculating.
What I'm trying to achieve is when I have multiple text fields (Yes I want to use text fields otherwise I would have used the build in validator for the number field)
So when I click out of a text box it needs to validate live if the input is numeric. and when its not it should show some message above it that it isn't and make the field red like an error. BEFORE submitting the form
And yes I know this is easily done with jQuery/ajax/php setups but I want to only use PHP. So IS there some kind of way to do this pure PHP or not because I can't seem to find some way or tutorial that does this.
Sorry if this question is shit but I'm at wits end now searched for 2 hours straight and cant even come close to finding some way that uses only PHP.
I'm using an hidden div and going to use style tags that only show when input is wrong so the errors/red colors are already done now I just need some kind of validator
Thanks in advance and again I'm sorry if this is a shitty question
If you want the validation on server-side in PHP you need to use either a ajax request on each click and send the data, or do the following before you echo or output anything, for example if your model or controller...Iterate on your data and run this regex rule on each of your values:
if( preg_match('/^[1-9]\d*(\,\d+)?$/', $inputValue ) ) {
// It is numeric
}
else{
// It is not numeric
}
I assume you use . as your decimal operator? If no, the rule should be:
preg_match(^[1-9]\d*(\,\d+)?$)
This will tell you if it's numeric.
Note that the $inputValue is the variable you are testing.
Because you want to validate a text box live on the browser (which is the client side), you cannot use PHP which is server side language to accomplish this. Sorry but you cannot.
I use php to manage html and now I have problem with input date in mysql.
All with my input in MySQL or update or delete in MySQL is ok but how I can make security for input data in mysql because if some one open to see my html source code with browser he can see my predefined inputs and he can change thats in html and after that enter wronk inputs in mysql.
This is my code:
Options Value: <select name="extend">
<option value="<?php $_end1;$newDate = date('Y-m-d', strtotime($_end. " + 1 month"));echo $newDate;?>">1 Month</option>
Now when if someone open browser and see my code he can replease 1 month with several month and that in MySQL.
How can I this secure and or hide that in HTML.
Thx
If you're wanting to have fields or input that can't be edited by the user, such as the current date that the form was submitted on or something along the lines of that, you need to do do all of that on the server side (not the client side). Any data that is submitted from the client side can (and you should treat it like it will) be changed.
Instead of having form fields with preset values, fields that are hidden, fields that are disabled, data that is rendered with JavaScript, or any other way you could think of storing data on the client side, do those things on the server side. You can use a PHP script to do this, seeing as you're already making use of PHP. When you submit the form it has to go to some sort of a server side script, do that logic there and submit that logic to a database.
filter all your received user input. This might be clear for free text inputs, but should be done as well for predefined values.
Easiest for extending might be to only accept a certain number. For example 1, 2 or 3.
$extend = filter_input(INPUT_POST, 'extend', FILTER_VALIDATE_INT); is the first step, but you should also check if $extend is not equal to an illegal number.
if(in_array($extend, range(1,3)){ }
input like numbers is a lot more simple to check than a range of dates.
But even when that would be needed: it is possible to make your own validation function.
It is not possible to limit the browser or the user to only send certain data in a form. Either they could use a tool in the browser to change the habits of a form element, or they could rebuild the form completely in their own htmlpage or other tool
There is very simple answer to your question - you can NOT secure html and you should not even try. Every browser is equipped with developer tools and even without browser anyone can send to your server whatever they want. This is how Internet works.
What you SHOULD do is to verify your input data on server side where user has no access. In your case you should have array of allowed inputs or function assessing if input from user is valid.
More, if you know what will be the algorithm eg. ($_end + 1month) than you do not need to get from user result but only value of $_end. You can calculate $newDate just before inserting data to database - this way user will have no way of changing it.
First of all, please be carefull with your writing, it is pretty hard to understand your problem.
Secondly, if you want to "hide" PHP code to the user, you could write your code in a different way :
You create a form in which users will be able to fill some informations, and for example a date, like in your example. If this date is an option, it can have some value, as the one you show.
Then when the user submit the file, you make a checking on the variables. If you want this form to show a price, to add some data to a database, or whatever, you do some checking to be sure that the values are correct. For example, if you want to calculate a price, you will check the date the user selected, and calculate the price from this date. With this method, even if user changed the code, they will not be able to change the checking (at least not easily).
And to conclude you show a page asking the user for confirmation. This way, he will check if the informations are correct, and you can ask to re-fill some fields if you detected some invalids values
That's hard to show some concrete code, since I don't really know what you want to do, but I hope this explanation was clear. Don't hesitate to ask some questions, I'll try to answer.
darling brother:
you have 3 method:
1: define a variables instead of 1 month
2: use encryption method for php enciding that provide encryption php cides to unformatted charachters (ionCube )
3: usin my sql encryption : MD5
This question already has answers here:
Prevent user from editing checkbox value with something like FireBug?
(2 answers)
Can HTML checkboxes be set to readonly?
(48 answers)
Closed 7 years ago.
As I've found no other answer over the web, I'm asking here :
I'd like to find a way to prevent people from changing the checkboxes' values.
I'm using serialize() and unserialize() to set and get checkboxes data over my database, and the problem is if someone changes the value of the checkbox (using Chrome or Firefox dev tools by exemple) it messes my retrieved values. So I'd like to know if it is possible via PHP.
It is a bit unclear what you ask: php can only handle data on the server side. If you do not want some specific attribute of a dataset you read / write to / from a database to be modified, then just don't do it. No one forces you to consider data you get, for example inside the $_POST values you get from a form submission.
However the checkboxes themselves are only presented at the client side. Only there users can modify the values. php does not have any control over that, since it is running on the server side.
What you could do is try to prevent changes to the checkboxes by means of javascript which can be used on the client side. This works by suppressing or better swallowing the click events raised by the user. But actually there is no need for that: html itself allows to declare a checkbox as disabled which prevents any modification.
If that is not what you looking for, maybe because of optical reasons, you might want to overwrite the value of the checkboxes on html level by adding a hidden field holding the same name and value. That way it is irrelevant what modifications users make.
This is kinda confusing, so forgive me if you don't understand what I am asking. I'm trying to develop my skills and I wanted to move onto images as a next step. I did a bit of searching and I thought a good way to try this would maybe be to generate military ribbon racks depending on the options the user selects.
(See something like this as an example: http://www.ribbon-rack-builder.com/ribbons/build/4)
Now, from looking at the source code I can see that the creator of that website creates a form with all of the different ribbons and allows the user to select the ones they want with checkboxes. This form is then posted to some PHP on the page somewhere.
Being new to the image concept I have no idea what kind of PHP this would be. Could anyone give me an idea of how this website could do this and where I should start should I want to create something similar?
Thanks very much!
First, you'll need to get which checkboxes were checked:
Set the name in the form to check_list[] and you will be able to
access all the checkboxes as an array($_POST['check_list'][])
Second, you'll most likely want to use the GD and Image Functions built into PHP.
There is a lot there, and it can be confusing, so I suggest you do some reading through questions on SO on the subject: https://stackoverflow.com/search?q=merge+image+[php]
I need to create a 10 page quiz for a mobile browser. It is only a mobile webpage, so no considerations need to be taken for other browsers.
Here's the problem I'm having: I can't use JavaScript, because not every mobile browser supports it. I'm not very skilled in other languages, but I thought perhaps something could be done in PHP as it is server-side.
If my first URL is domain and I enter the correct quiz answer, the URL to the next page could be domain/?p=1. The URL doesn't need to do anything but hold a count of the number of correct results.
As for the actual code, I was thinking it could be included in the HTML itself, as I'm not very concerned about people viewing the source on their mobile phones.
Is it possible to write a line of code that increments the 'p=' attribute in the URL by one when clicked and only attach it to the correct answers?
Here's an image of what I mean: http://i.imgur.com/HbJ5U.jpg
And, what's to stop me from manually incrementing the "correct answer" counter in my address bar?
Do you not want to use a database because you don't have one available to you in your hosting, or because you don't know how?
I'm not a fan of the idea, but you can get the number of "correct answers" with the following code.
<?php
/* Gets current correct answer Count */
$answer_count = $_GET["p"];
/* checks to see if the submitted answer is the same as the correct answer */
if ($_POST["submitted-answer"] == "correct-answer") {
$answer_count++;
}
?>
Now, you just add the modified answer count to the link to the next question.
Next Question
If this is "just for fun" I don't see why you couldn't do it like this. It's definitely a simple way to solve the problem.
The standard way to do this is to store things in hidden form variables. Of course, if there is anything riding on this, that's a terrible way to do it, because it's really easy for the end user to put his own values in those hidden form values.
Aren't file-based sessions the obvious answer here?