looking for study partner/s to learn PHP!

[greyhat]

*UPDATE
Aliens Abducted Me - Report an Abduction
now with reCAPTCHA

Form:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "[URL]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/URL]">
<html xmlns="[URL="http://www.w3.org/1999/xhtml"]XHTML namespace[/URL]" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Aliens Abducted Me - Report an Abduction</title>
  <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<script>
var RecaptchaOptions = {
   theme : 'blackglass',
   tabindex : 2
};
</script>
  <h2>Aliens Abducted Me - Report an Abduction</h2>
  <p>Share your story of alien abduction:</p>
  <form method="post" action="report.php">
    <label for="firstname">First name:</label>
    <input type="text" id="firstname" name="firstname" /><br />
    <label for="lastname">Last name:</label>
    <input type="text" id="lastname" name="lastname" /><br />
    <label for="email">What is your email address?</label>
    <input type="text" id="email" name="email" /><br />
    <label for="whenithappened">When did it happen?</label>
    <input type="text" id="whenithappened" name="whenithappened" /><br />
    <label for="howlong">How long were you gone?</label>
    <input type="text" id="howlong" name="howlong" /><br />
    <label for="howmany">How many did you see?</label>
    <input type="text" id="howmany" name="howmany" /><br />
    <label for="aliendescription">Describe them:</label>
    <input type="text" id="aliendescription" name="aliendescription" size="32" /><br />
    <label for="whattheydid">What did they do to you?</label>
    <input type="text" id="whattheydid" name="whattheydid" size="32" /><br />
    <label for="fangspotted">Have you seen my dog Fang?</label>
    Yes <input id="fangspotted" name="fangspotted" type="radio" value="yes" />
    No <input id="fangspotted" name="fangspotted" type="radio" value="no" /><br />
    <img src="fang.jpg" width="100" height="175"
      alt="My abducted dog Fang." /><br />
    <label for="other">Anything else you want to add?</label>
    <textarea id="other" name="other"></textarea><br /><br />
    <label>Enter the text to continue.</label>
 
  <!--reCAPTCHA-->
  <?php
  require_once('recaptchalib.php');
  $publickey = "6Le1KLoSAAAAAFZOSVgSnnjq24s5wmIKA5NieuDq";
  echo recaptcha_get_html($publickey);
  ?>
  <!--end reCAPTCHA-->
 
 <br />
    <input type="submit" value="Report Abduction" name="submit" class="submit" />
  </form>
   <br /> <br /> <br /> <br />  <!--Bit of whitespace-->
</body>
</html>

Script:

<html>
<head>
<title>Aliens Abducted Me - Report an Abduction</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<h2>Aliens Abducted Me - Report an Abduction</h2>
<?php
 
//reCAPTCHA
require_once('recaptchalib.php');
$privatekey = "6Le1KLoSAAAAAAbgabcGj6m8cL2R-6D9AcaPImPx"; 
$resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
  die ("The reCAPTCHA wasn't entered correctly. Get the fuck off!." . //lol
       "(reCAPTCHA said: " . $resp->error . ")");
}
 
// script varaibles
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$email = $_POST['email'];
$when_it_happened = $_POST['whenithappened'];
$how_long = $_POST['howlong'];
$how_many = $_POST['howmany'];
$alien_description = $_POST['aliendescription'];
$what_they_did = $_POST['whattheydid'];
$fang_spotted = $_POST['fangspotted'];
$other = $_POST['other'];
 
//email variables
$to = 'leedswebsolutions@googlemail.com';  //dont spam me
$subject = 'Aliens Abducted Me - Abduction Report';
 
//email message string variable
$msg = "$first_name $last_name was abducted on $when_it_happened and was gone for $how_long\n" .
 "Number of aliens: $how_many\n" .
 "Describe them: $alien_description\n" .
 "What they did: $what_they_did\n" .
 "Was Fang there? $fang_spotted\n" .
 "Other comments: $other\n";
 
//HTML response
echo 'Thanks for submitting the form.<br />';
echo $first_name . ' ' . $last_name .', you were abducted ' . $when_it_happened . ' and gone for ' .  $how_long . '.<br />';
echo 'Number of aliens: ' . $how_many . '.<br />';
echo 'Describe them: ' . $alien_description . '.<br />';
echo 'What they did: ' . $what_they_did . '.<br />';
echo 'Was Fang there? ' . $fang_spotted . '.<br />';
echo 'Other comments: ' . $other . '.<br />';
echo 'Your email address is ' . $email;
 
//send email
mail($to, $subject, $msg, 'From:' . $email);
?>
</body>
</html>

reCAPTCHA: Stop Spam, Read Books

 

[DewChugr]

I've tried to avoid captchas because I HATE them, especially when they are used on forum searches.

What I have done that has worked pretty well is to create a hidden form field, it is a (long) randomly generated number tat is passed as a session variable to the processing script. It needs to be generated each time the page loads, not a random number you hard code into your form. In the processing script you can verify the random number from the form matches the random number session variable.

echo '<type="hidden" name="check" value="'.echo mt_rand(123456789,987654321);.'" />';

Also send a timestamp as a session variable, but not as a hidden field. In your processing script check the current time against the session variable and limit the amount of time between when the form was used to when it was actually submitted to the processing script.

In your processing script check your referrer and make sure the form was submitted from your site. The referrer can be altered so you can not rely on it, but if it has a value other than from your site you know it is not a real user.

This helps insure that the form was sent from a real user from your website.

Also, on your hosting account never create an email address such as webmaster, admin, administrator, contact, etc. It doesn't matter if it is on your website or not, you will get spammed. Instead if your site is dogfood.com create an email like dfcontact@dogfood.com or dfwebmaster@dogfood.com. This will reduce email spam you get.

 

[DewChugr]

*UPDATE
Aliens Abducted Me - Report an Abduction
now with reCAPTCHA
.
.
.
</html>[/CODE]reCAPTCHA: Stop Spam, Read Books

I know you are working on exercises here, but I thought I would mention this. Before you display a message thanking the user for contacting you check the returned value of mail. It will return TRUE if the mail was sent. If you don't get a TRUE return val display an error message or something.

Something like this

//send email
$sent = mail($to, $subject, $msg, 'From:' . $email);

if ($sent === TRUE) {
//HTML response
echo 'Thanks for submitting the form.<br />';
echo $first_name . ' ' . $last_name .', you were abducted ' . $when_it_happened . ' and gone for ' .  $how_long . '.<br />';
echo 'Number of aliens: ' . $how_many . '.<br />';
echo 'Describe them: ' . $alien_description . '.<br />';
echo 'What they did: ' . $what_they_did . '.<br />';
echo 'Was Fang there? ' . $fang_spotted . '.<br />';
echo 'Other comments: ' . $other . '.<br />';
echo 'Your email address is ' . $email;
}

 

[dchuk]

I've tried to avoid captchas because I HATE them, especially when they are used on forum searches.

What I have done that has worked pretty well is to create a hidden form field, it is a (long) randomly generated number tat is passed as a session variable to the processing script. It needs to be generated each time the page loads, not a random number you hard code into your form. In the processing script you can verify the random number from the form matches the random number session variable.

echo '<type="hidden" name="check" value="'.echo mt_rand(123456789,987654321);.'" />';

Also send a timestamp as a session variable, but not as a hidden field. In your processing script check the current time against the session variable and limit the amount of time between when the form was used to when it was actually submitted to the processing script.

In your processing script check your referrer and make sure the form was submitted from your site. The referrer can be altered so you can not rely on it, but if it has a value other than from your site you know it is not a real user.

This helps insure that the form was sent from a real user from your website.

This would be the easiest thing in the world to bot. DON'T DO THIS.

At least use a captcha system of some sort.

 

[greyhat]

echo '<type="hidden" name="check" value="'.echo mt_rand(123456789,987654321);.'" />';

This would be the easiest thing in the world to bot. DON'T DO THIS.

I know you are working on exercises here, but I thought I would mention this. Before you display a message thanking the user for contacting you check the returned value of mail. It will return TRUE if the mail was sent. If you don't get a TRUE return val display an error message or something.

Thanks for the input. The mail test will come in handy. I suppouse the other trick is open to debate but people are used to capchta's now so...

 

[puroz]

Hey Greyhat, thanks for that book "tip" i finally had some time to check it out and it looks just like what i needed to actually learn some php. I should catch up with you guys soon.(on the exercises)

 

[riddarhusetgal]

.... i want the freedom to be able to think of a website and just build it.

It's called MONEY. Monetize what you're good at and you can hire the best people in the world to go and create anything you want in an hour or less...

Money+International Labor Arbitrage (aka Offshore Outsourcing) +"Smart" Automation (know the difference) = This

 

[greyhat]

It's called MONEY. Monetize what you're good at and you can hire the best people in the world to go and create anything you want in an hour or less...

Money+International Labor Arbitrage (aka Offshore Outsourcing) +"Smart" Automation (know the difference) = This

Yeah well, i wanna be good at building slick websites and monetize that!! Then i will only need to pay for elite stuff!!
But yeah you are right.
I could kick back on tht yatch.

 

[Mike]

Couple people attempted the first "assignment" I posted, but one thing I noticed on the two that I tested: if you don't enter a name and hit submit nothing happens. Where's the reminder to enter a name?

Hmmmmmm.........

 

[greyhat]

Couple people attempted the first "assignment" I posted, but one thing I noticed on the two that I tested: if you don't enter a name and hit submit nothing happens. Where's the reminder to enter a name?

Hmmmmmm.........

(mine again:http://electrohousedownloads.com/learn-php/greyhat/ex1.php)
So you mean it needs to recongnise that an empty form has been submitted then dynamically remind the user? Mine just stays there...

 

[Mike]

(mine again:http://electrohousedownloads.com/learn-php/greyhat/ex1.php)
So you mean it needs to recongnise that an empty form has been submitted then dynamically remind the user? Mine just stays there...

Yep, the reminder was part of it. It should recognize that the field is empty (upon submission) and say "Hey, WTF dumbass, enter your name" or something.

 

[greyhat]

Lol ok.. back to the drawing board!

 

[greyhat]

Couple people attempted the first "assignment" I posted, but one thing I noticed on the two that I tested: if you don't enter a name and hit submit nothing happens. Where's the reminder to enter a name?

Hmmmmmm.........

http://electrohousedownloads.com/learn-php/greyhat/ex1.php

Done! Will post source when ppl have had a go.

 

[dchuk]

Lol ok.. back to the drawing board!

Just to help out here a bit with this part of Mike's assignment:

Whenever you're doing form validation, make sure to never rely just on Javascript. There's a bunch of really cool JQuery plugins out there that make validation as easy as adding some classes to the different fields, but someone can straight post to the form processor with whatever they want and that, depending on the project, can seriously screw things up for you.

So if you want to use JS to spice things up and make it all AJAXy and shit, by all means, go for it. But make sure your PHP script is checking those inputs and chucking the user back to the form with the appropriate errors printed to the screen, just to cover your own ass.

The simplest validation will just check for empty form fields. The next step is regex-ing phone and email fields. The final step will be sanitizing inputs to make sure you don't get a SQL injection or any other nasty bits hitting you.

 

[greyhat]

OK thanks.

 

[John__N]

Count me in. I have the head first book and done with the first chapter.

 

[greyhat]

Count me in. I have the head first book and done with the first chapter.

Good to have you! Can we see your work? I can sort you out a folder/database on my shared acoount if you dont have access to a server.

 

[Taraqil]

stackoverflow.com is kind of microsoft centric in its technologies but do php too. The people on that board is as good as they come. language spec ppl, senior developers, cream of the crop answers if your questions are good (they are not your personal army however).

you can learn a lot of anything there from just reading questions and answers when you have the basics.

 

[dchuk]

Also, every language should have a Google Group/Mailing List. Join it. Lot's of good guys to answer questions, half the time the creators of said language/plugin will talk to you directly.

stackoverflow.com is kind of microsoft centric in its technologies but do php too. The people on that board is as good as they come. language spec ppl, senior developers, cream of the crop answers if your questions are good (they are not your personal army however).

you can learn a lot of anything there from just reading questions and answers when you have the basics.

 

[totesmagotes]

Guys im trying to do the seo mike test, and everything works but when I try to put a button for "Go Back" after they get told they are an asshole for not entering their name in getting errors.

Im trying

echo "<a href="www.sitename.com/">Go Back</a>" ;

Apparently your not allowed to do this, so any tips on how to enter a URL instead?