Guestbook script question

*McDuff* · 03-15-2008, 05:06 PM

Our guestbook on czechfriends org is an adaptation of the standard FQ guestbook, with a private and public section. We got a heads-up it did not work, turned out to be a simple } in the wrong place (just before the } else { statement, Bob,

thanks for pointing me in the right direction). Last time we tried it worked, but I was wondering why we did not get any messages. No idea how this corrupt version got there and how long

.

People have the option to only give private input, using it as a contact form to us. However, even if all public fields are empty, the script still prints the “new message” followed by empty space and the date.

foreach $line (@lines) {

if ($line =~ //) {

print GUEST ("\n");

print GUEST ("New message:");

if ($INPUT{'pubcom'}) {

$INPUT{'comments'} =~ s/\cM\n/ \n/g;

$mailcomments = $INPUT{'comments'};

$mailcomments =~ s/ //g;

print GUEST ("$INPUT{'pubcom'} ");

}

print GUEST ("This message was posted by $INPUT{'alias'} on $date<hr>\n\n");

} else {

print GUEST ("$line");

}

Any simple script line I can add to the cgi file so that if the public fields are empty, the script does not print anything in the visitors book but still follows all the other commands?

If anybody is interested in how we adapted the script, be glad to share it, just let me know.

*McDuff* · 03-19-2008, 03:49 PM

Got something up and working, sort of, looks like, maybe

Added two lines at the beginning of the "open (GUEST)" section:

Old
foreach $line (@lines) {
if ($line =~ //) {

New
foreach $line (@lines) {
if ($INPUT{'url'}) {
exit;
}
if ($INPUT{'website'}) {
exit;
}
if ($line =~ //) {

As result, if in the new form anything is entered in the fields name="url" or name="website", that returns an Internal Server Error

, and nobody is the wiser why. The fields are not hidden but in plain sight, with at the beginning of the form a remark not to fill those fields. Unfortunately, I do not get info on who was hammering at my door through the file, but I worry about that later.

As extra, I remade the guestbook.htm and sign.htm in what.php and where.php, and renamed the functional guest.cgi script as well

. I left copies of the old files with the old names, still mentioned in the index.php, but not linked or visible on the site.

Hopefully, the bots will spent their time on the old guestbook routine (which nobody ever sees) and not on the protected one.

Question: I also have a bot-trap installed. Why do these bots not fall in the trap

but go for the guestbook? Very smart ones?

*McDuff* · 03-24-2008, 09:41 AM

Quote:

Originally Posted by McDuff

Got something up and working, sort of, looks like, maybe

Sorry, forget that one,

it did not work as it should.

Thanks to the help from another forum on webmasterworld it now works as should by adding two new sections. http://www.webmasterworld.com/perl/3605241.htm

Quite at the beginning of the script is the string

&noname unless $INPUT{'name'};

I added these four lines directly below it:

## new string for stopping botfields
if (($INPUT{'url'} ne '') or ($INPUT{'website'} ne '')) {
&bot_fields;
}

Anywhere would do, put I put the next lines below the sub noname routine:

# new bot field error message

sub bot_fields {

print "content-type: text/html\n\n";
print "Unexpected input, exiting program";
exit 0;

}

It stops them dead. Only thing is you will not get info on your spammer, but also not flood your logs with error messages.

The contact form is on czechfriends org//?act=23

For the bot trap: try czechfriends org/dugout/index.php

Don't forget to enter the code if you ever want to revisit our site.