|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
Boby Smarty Rookie
Joined: 21 Jan 2006 Posts: 21
|
Posted: Fri Dec 08, 2006 5:20 pm Post subject: SmartyValidate - Fails even if not initialized |
|
|
Hello all,
I just tried to submit some data using a regular form on one server to a script using SmartyValidate on another server.
Let's say we have this:
Server#1 has just a simple form
Server#2 has the PHP script using SmartyValidate
A regular user would access the PHP script on Server#2 and the validation would run fine. But after many spam entries, I tought somehow they are using another way to submit data.
A simple test, building a very basic form on Server#1 and submitting it to Server#2 would bypass the validation with no problems. Sure, if the values are correct.
Code: | <form method="post" action="http://Server#2/contact.php">
...
</form> |
My questions is now, why does it validate even if the form was not previously registered on Server#2?
Is there a smart way to make the submition invalid if it was not first registered?
I've tried a different PHP approach by checking if the current server host is the same as the one used in the referrer. It works good in most cases, but on some servers it seems to fail or the spammers have found a better way and can fool this too.
Has anyone and ideea?
I don't mind altering some of the SmartyValidate code, but I'd need some help and I would like to know if there's a more simple way.
I am using the latest SmartyValidate version 2.8
This is a simplified code I'm using:
Code: | <?php
if (empty ($_POST))
{
SmartyValidate::connect($smarty, true);
SmartyValidate::register_form('submit', true);
SmartyValidate::register_validator('v_name' , 'name' , 'notEmpty', false, false, 'submit');
SmartyValidate::register_validator('v_email', 'email', 'isEmail' , false, false, 'submit');
}
else
{
SmartyValidate::connect($smarty);
if (SmartyValidate::is_valid($_POST, 'submit'))
{
//Success - Write to database and do other stuff
SmartyValidate::disconnect();
}
else
{
//Error
$smarty->assign($_POST);
}
}
$smarty->display('mypage.tpl');
?> |
Thank you very much!
Boby _________________ My Homepage: www.frozenminds.com |
|
Back to top |
|
Boby Smarty Rookie
Joined: 21 Jan 2006 Posts: 21
|
Posted: Tue Dec 12, 2006 10:49 am Post subject: Please, I'd need a bit of help |
|
|
Sorry for this, but I'd need a bit of help if someone could provide it.
[BUMP] _________________ My Homepage: www.frozenminds.com |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Tue Dec 12, 2006 3:01 pm Post subject: |
|
|
try this:
Code: | if(empty($_POST) || !SmartyValidate::is_registered_form())
{
...
} |
That way the form will not validate if it has not been registered yet. |
|
Back to top |
|
Boby Smarty Rookie
Joined: 21 Jan 2006 Posts: 21
|
Posted: Wed Dec 13, 2006 11:56 am Post subject: |
|
|
Thank you mohrt for the reply
Unfortunatly it is not working you can still submit.
Just to make sure I've understood your suggestion, my form is registered as 'submit' so I've used this: Code: | if(empty($_POST) || !SmartyValidate::is_registered_form('submit'))
{
...
} | !SmartyValidate::is_registered_form('submit')
Is it correct? Do you have other suggestions?
Thank you!
Boby _________________ My Homepage: www.frozenminds.com |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|