Gå til innhold

PHP og validering

Patience

Av Patience
i Programmering og webutvikling

Anbefalte innlegg

Patience

Patience

Skrevet
Skrevet (endret)

Kan noen hjelpe meg med å validere denne? Og er den noen av dere som vet av en god php-validator som ikke er så altfor avansert?

 

Skriptet fungerer ypperlig. Men er en sånn html-fil indikator nede i hjørnet på explorer..

 

<?
if (!eregi("modules.php", $PHP_SELF)) {
 die ("You can't access this file directly...");
}

include("$module_folder/functions_form.php");

switch ($act) {
 case "send":	gbSendMessage(); break;
 default:  gbWriteMessage(); break;
}

function gbWriteMessage() {
if( can_write() ) {
 global $gb_config, $module_link, $module_folder, $user, $bgcolor1;

 header_gb();
?>
<a href="<? echo $module_link ?>"><b><? echo _egREADGUES ?></b></a>
<center>
<?
 CloseTable();

 if(is_user($user)) {
  global $prefix, $cookie;

  cookiedecode($user);
  $username = $cookie[1];

list($gb_name, $gb_email, $gb_url, $gb_uin, $gb_country, $gb_aim, $gb_yim, $gb_msm) = mysql_fetch_row(mysql_query("SELECT username, user_email, user_website, user_icq, user_from, user_aim, user_yim, user_msnm FROM ".$prefix."_users WHERE username='$username'"));
 }
 OpenTable();
?>
<table border="0" cellspacing="3" cellpadding="0" align="center">
<form name="guestbook" method="post" action="<? echo $module_link ?>&mode=w_send">
<?
 form_name($gb_name);
 form_email($gb_email);
 form_country($gb_country, $gb_city);
 form_homepage($gb_url);
 form_aim($gb_aim);
 form_icq($gb_uin);
 form_msm($gb_msm);
 form_yim($gb_yim);
 form_message($gb_message);
 form_bbcode('mes');
 form_manner('blk');
 form_option(1);
 form_button();
?>
<tr>
<td> </td>
<td><b>*</b><? echo _egMUSTFILL ?></td>
</tr>
</form>
</table>
<?
 CloseTable();
}
}

function gbSendMessage() {
if( can_write() ) {
 $gb_error = gbCheckError();

 if(!sizeof($gb_error)) {
  gbWriteMessageAdd();
 } else {
  gbWriteMessageError($gb_error);
 }
}
}

function gbWriteMessageAdd() {
global $gb_config, $adminmail, $module_link, $gb_name, $gb_email, $gb_country, $gb_city, $gb_url, $gb_aim, $gb_uin, $gb_msm, $gb_yim, $gb_message, $gb_manner, $hide_email;

if( !$gb_config['enahtml'] ) { $gb_message = nohtml($gb_message); }

$gb_message = str_replace("\n", "<br>\n", $gb_message);
$gb_message = str_replace("\r", "", $gb_message);

if($gb_config['ebbcode']) { $gb_message = bbencode($gb_message); }
if(!ereg("^http://",$gb_url)) { $gb_url = "http://".$gb_url; }

( $gb_country != "")?( $gb_country = "'$gb_country'"):( $gb_country = "NULL" );
( $gb_city != "")?( $gb_city = "'$gb_city'"):( $gb_city = "NULL" );
( $gb_url != '')?( $gb_url = "'$gb_url'"):( $gb_url = "NULL" );
( $gb_aim != '')?( $gb_aim = "'$gb_aim'"):( $gb_aim = "NULL" );
( $gb_uin != '')?( $gb_uin = "'$gb_uin'"):( $gb_uin = "NULL" );
( $gb_msm != '')?( $gb_msm = "'$gb_msn'"):( $gb_msm = "NULL" );
( $gb_yim != '')?( $gb_yim = "'$gb_uin'"):( $gb_yim = "NULL" );

if(mysql_query("INSERT INTO ".$gb_config['dbtable']." VALUES('', '$gb_name', $gb_country, $gb_city, '$gb_email', $gb_url, $gb_aim, $gb_uin, $gb_msm, $gb_yim, '$gb_message', '$gb_manner', '".date("Y-m-d H:i:s")."', NULL, '".get_ip()."', '$hide_email')")) {
 setcookie("cookie_gbook", "1", time() + $gb_config['ttwrite']);

 if($gb_config['sndmail']) {
  $header =
   "Return-Path: $gb_name<$gb_email>\n"
  ."From: $gb_name<$gb_email>\n"
  ."MIME-Version: 1.0\n"
  ."Content-Type: text/html; charset=\""._CHARSET."\"\n"
  ."X-Mailer: PHP/".phpversion()."\n\n";

  mail($adminmail, _egMAILSUBJ, $gb_message, $header);
 }

 header_gb();
 CloseTable();
 OpenTable();
?>
<br>
<div align="center">
<b><? echo _egADDEDMES ?></b>
<br><br>
<a href="<? echo $module_link ?>"><? echo _egBACKTORE ?></a>
<br><br>
</div>
<?
 CloseTable();
} else {
 header_gb();
 CloseTable();
 OpenTable();
?>
<br>
<div align="center">
<b><? echo _egCANTADDM ?></b>
<br><br>
<a href="<? echo $module_link ?>&mode=w_main"><? echo _egTRYAGAIN ?></a>
<br><br>
</div>
<?
 CloseTable();
}
}

function gbWriteMessageError($gb_error) {
global $module_link, $module_folder, $gb_name, $gb_email, $gb_country, $gb_city, $gb_url, $gb_aim, $gb_uin, $gb_msm, $gb_yim, $gb_message, $gb_manner, $hide_email;

header_gb();
CloseTable();
OpenTable();
?>
<table border="0" cellspacing="3" cellpadding="0" align="center">
<tr>
<td> </td>
<td>
<b><? echo _egERRORMES ?></b><br><br>
<?
if($gb_error['message'] == 3) {
 echo _egLONGWORD."<br><br>";
}
?>
</td>
</tr>
<form name="guestbook" method="post" action="<? echo $module_link ?>&mode=w_send">
<?
form_name($gb_name, $gb_error['name']);
form_email($gb_email, $gb_error['mail']);
form_country($gb_country, $gb_city, $gb_error['country'], $gb_error['city']);
form_homepage($gb_url, $gb_error['url']);
form_aim($gb_aim, $gb_error['aim']);
form_icq($gb_uin, $gb_error['uin']);
form_msm($gb_msm, $gb_error['msm']);
form_yim($gb_yim, $gb_error['yim']);
form_message($gb_message, $gb_error['message']);
form_bbcode('mes');
form_manner($gb_manner);
form_option($hide_email);
form_button();
?>
<tr>
<td> </td>
<td>
<font color="red"><b>*</b></font><? echo _egMUSTFILL ?><br>
<font color="red"><b>**</b></font><? echo _egINVALIDI ?>
</td>
</tr>
</form>
</table>
<?
CloseTable();
}
?>

Endret av Patience
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
????????

????????

Skrevet
Skrevet

Validere?

Du mener se over hele scriptet ditt for å sjekke at det er sikkert nok ol.? Tror neppe at det er noen som har spesielt lyst til det.

 

Zend Studio har noen ok funksjoner for å se over et script, men det er kun programmereren som vet hvordan scriptet fungerer likevel.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...