Guest Posted May 30, 2006 Posted May 30, 2006 is there currently a fix to disable people from sending just an email address via the osc contact form? all i'm able to find in the osc forums is regarding spam fixes and whatnot.
Guest Posted May 30, 2006 Posted May 30, 2006 you could check the $enquiry variable for string length like: $enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']); if( strlen($enquiry) < 50 ) tep_redirect(tep_href_link(FILENAME_CONTACT_US)); or add some sort of error to display. Still they can type garbage though, so I prefer to use the vvc at least to filter out bots and such.
yanarasod Posted May 30, 2006 Posted May 30, 2006 i tried this vvc , and it sends email to me via contact without even entering anything in the securoty box , no error. what is wrong
yanarasod Posted May 30, 2006 Posted May 30, 2006 ok can someone tell me how do i correctly remove/delete the visual_verify_code table from my database, i restored my last backup from admin, but i still see the table in my database. should i check them all and click on drop. is it right what i am going to do
Guest Posted May 31, 2006 Posted May 31, 2006 thanks for that :) is it possible to throw them an error instead of redirecting back to contact_us.php? i tried: $enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']); if( strlen($enquiry) < 50 ) tep_redirect(tep_href_link(FILENAME_CONTACT_US)); $error = true; $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); but of course it just sent through
Guest Posted May 31, 2006 Posted May 31, 2006 yes use the $messageStack variable to print error. The create_account.php support this so you can get a good example how to do it. Since your site is custom you may want to emit the html errors in the proper place. Here is where the default create_account.php does that. <?php if ($messageStack->size('create_account') > 0) { ?> <tr> <td><?php echo $messageStack->output('create_account'); ?></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <?php } ?> Use a different name like 'contact_us' When you want to include the error you do: $error = false; if( strlen($enquiry) < 50 ) { $messageStack->add('contact_us', 'Please type some more text to send this form'); $error = true; } if( $error == false ) { // send the mail here } i tried this vvc , and it sends email to me via contact without even entering anything in the securoty box , no error. what is wrong I cannot see why the vvc will not work. I tried it in many cases. There a couple of bugs I think were fixed with the latest version.
Guest Posted May 31, 2006 Posted May 31, 2006 can you spot what i'm doing wrong: require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US); $error = false; if( strlen($enquiry) < 50 ) { $messageStack->add('contact_us', 'Please type some more text to send this form'); $error = true; } if( $error == false ) { // send the mail here } $error = false; if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) { $name = tep_db_prepare_input($HTTP_POST_VARS['name']); $email_address = tep_db_prepare_input($HTTP_POST_VARS['email']); $enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']); if (tep_validate_email($email_address)) { tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry."\n\n".$_SERVER["REMOTE_ADDR"]."\n".$_SERVER["HTTP_USER_AGENT"], $name, $email_address); tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success')); } else { $error = true; $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } } $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US)); and in the body: <?php if ($messageStack->size('contact_us') > 0) { ?> <tr> <td><?php echo $messageStack->output('create_account'); ?></td> </tr> <?php } ?>
yanarasod Posted May 31, 2006 Posted May 31, 2006 ok hey thanks, but do you know how do i remove the vvc table from my database, should i click on "Drop" or Delete" afte selecting evrything under visual_verify_code table. thanks
Guest Posted May 31, 2006 Posted May 31, 2006 this part of the code if( strlen($enquiry) < 50 ) { $messageStack->add('contact_us', 'Please type some more text to send this form'); $error = true; } has to go right after this line $enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']); and the output should be <?php if ($messageStack->size('contact_us') > 0) { ?> <tr> <td><?php echo $messageStack->output('contact_us'); ?></td> </tr> <?php } ?> Also the error checking should be implemented so you should do if ( $error == false && tep_validate_email($email_address)) { ok hey thanks, but do you know how do i remove the vvc table from my database, should i click on "Drop" or Delete" afte selecting evrything under visual_verify_code table. thanks yea just drop the visual_verify_code table.
yanarasod Posted May 31, 2006 Posted May 31, 2006 hey i just ran into another problem, while adding the add quantity box to cart, i removed it and restored my backup, but now the quantity doesn't get updated if more than 1 , i tried but no luck, i dont know what has gone wrong, all of a sudden. how can i make it to update the quantity
yanarasod Posted May 31, 2006 Posted May 31, 2006 it is even more bigger, if i press , the button buy now under categories than it auto adds product to the shopping cart showing url something like this http://bhuratea.com/shopping_cart.php?sort=2a i dont have any idea but has gone wrong in the last minute.
Guest Posted June 1, 2006 Posted June 1, 2006 still not sure what i'm doing wrong, but here's what i got: $error = false; if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) { $name = tep_db_prepare_input($HTTP_POST_VARS['name']); $email_address = tep_db_prepare_input($HTTP_POST_VARS['email']); $enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']); if( strlen($enquiry) < 50 ) { $messageStack->add('contact_us', 'Please type some more text to send this form'); $error = true; } if (tep_validate_email($email_address)) { tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry."\n\n".$_SERVER["REMOTE_ADDR"]."\n".$_SERVER["HTTP_USER_AGENT"], $name, $email_address); tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success')); } else { $error = true; $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } } body: <?php if ($messageStack->size('contact_us') > 0) { ?> <tr> <td><?php echo $messageStack->output('contact_us'); ?></td> </tr> <?php } ?> and i'm not sure where i put: if ( $error == false && tep_validate_email($email_address)) { cause i already have an error check to validate the email address: if (tep_validate_email($email_address)) {
Guest Posted June 1, 2006 Posted June 1, 2006 you simply replace it this if (tep_validate_email($email_address)) { with this: if ( $error == false && tep_validate_email($email_address)) {
Guest Posted June 2, 2006 Posted June 2, 2006 excellent, thank you :D how difficult could it be to allow only letters, numbers, punctiation and dollar signs in the textarea box; in conjunction with this error check? would something like preg_match work? how exactly could i work that in. i've been battling with it for a few hours and nothing seems to work :( lastly... if i type something like "onsafo".. i get the "please type more" error, but i also get the "your email is invalid" error.. even though i'm using my real email address. is there any way to separate those?
Guest Posted June 2, 2006 Posted June 2, 2006 you could change this section } else { $error = true; $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } to this } elseif($error==false) { $error = true; $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } As of the filtering have you tried the contact us fixes from the contributions or the code of the later osc update?
Guest Posted June 6, 2006 Posted June 6, 2006 thank you enigma1 :) can you spot what i've done wrong here? i'm trying to check the data before form submission to allow only letters, punctuation and dollar signs (would filter out a LOT of the html spams regular people send through the contact form, not even bots).. in the source: $error = false; if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) { $name = tep_db_prepare_input($HTTP_POST_VARS['name']); $email_address = tep_db_prepare_input($HTTP_POST_VARS['email']); $enquiry = tep_db_prepare_input($HTTP_POST_VARS['preg_match(enquiry)']); if( strlen($enquiry) < 10 ) { $messageStack->add('contact_us', 'Please type some more text to send this form'); $error = true; } if (preg_match("/[a-zA-Z0-9_\-]+/",$enquiry)) { $messageStack->add('html_check', 'Illegal characters used'); $error = true; } if ( $error == false && tep_validate_email($email_address)) { tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry."\n\n".$_SERVER["REMOTE_ADDR"]."\n".$_SERVER["HTTP_USER_AGENT"], $name, $email_address); tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success')); } elseif($error==false) { $error = true; $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } } $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US)); body: <?php if ($messageStack->size('html_check') > 0) { ?> <tr> <td><?php echo $messageStack->output('html_check'); ?></td> </tr> <?php } ?>
Guest Posted June 6, 2006 Posted June 6, 2006 use the strip_tags function if you do not want html. so try replacing this if (preg_match("/[a-zA-Z0-9_\-]+/",$enquiry)) { $messageStack->add('html_check', 'Illegal characters used'); $error = true; } with this $enquiry = strip_tags($enquiry);
Guest Posted June 7, 2006 Posted June 7, 2006 such an easy fix and i've battled that piece for hours :blush: thanks!!
Guest Posted June 13, 2006 Posted June 13, 2006 is there any way to filter out foreign characters and stop the form from being sent until they use strictly a - z, 0-9, $ # @ ! ?, ;
Guest Posted June 13, 2006 Posted June 13, 2006 well depends you may have to add a bunch of code to check every different string and case. As the preg_match can turn out complicated. You only want to get some simple text with the email so the striptags should do that.
Guest Posted June 14, 2006 Posted June 14, 2006 i use the code you posted for me previously and today i got an email like this: ?ߵ????????????Լ??ߵ??????豸?? - so striptags is not stopping it i'm pretty sure it's supposed to be chinese lettering, but i do not have the character set (i don't speak chinese) this same person used to send me html & url's which translated into _ because of the filter, but because of striptags, they can no longer use > so instead they type their jibberish in plain chinese text, which of course i cannot read. they send using different ip's & emails all the time so i cannot block them
Guest Posted June 14, 2006 Posted June 14, 2006 ok yea I see but how different that would be for anyone typing some garbage asdflsdh;ng;salzfd] and submit the contact us form. I mean are you going to install a dictionary module to check the words? how about it adding a vvc there? maybe it will help.
Guest Posted June 14, 2006 Posted June 14, 2006 well the difference between the phrase i posted is it's a broken foreign characters.. what you posted is plain old letters & punctuation. i'd rather have someone sending me random keystrokes than jibberish in a language i can't (or have any interest in) speaking vvc i don't think would do much as it seems to be a legitimate person (they figured out sending html links no longer works) so they are spamming me another way now, doesn't seem to be a bot, unless it's a very sophisticated bot
Guest Posted June 14, 2006 Posted June 14, 2006 ok, I see, so we were here I think: $enquiry = strip_tags($enquiry); lets expand it a bit and see what happens. $enquiry = strip_tags($enquiry); $enquiry = preg_replace ('/([\x80-\xff])/se','',$enquiry); Also you check the length of the string I remember so do it after the filtering.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.