Ultimate Guestbook Tutorial: How to build a Guestbook with a honeypot, error checking, IP banning, pagination, e-mail notification and smilies with PHP and mySQL

By VoiDeT on April 26, 2008, 47,482 views
Ultimate Guestbook Tutorial: How to build a Guestbook with a honeypot, error checking, IP banning, pagination, e-mail notification and smilies with PHP and mySQL

This last part is simple. We want to receive an e-mail notification when someone successfully submits a guestbook entry. To do this open up index.php and:

Under:

$postentry = @mysql_query("INSERT INTO `entries` (name, email, website, message, date, ip) VALUES ('".addslashes($_POST['name'])."', '".addslashes($_POST['email'])."', '".addslashes($_POST['website'])."', '".addslashes($_POST['message'])."', now(), '".$_SERVER['REMOTE_ADDR']."')");

Add:

$message = "Hey there!\n\r You're popular today!\n Someone gave you a guestbook entry:\n\r";
				$message .= "From: ".stripslashes($_POST['name'])."\n";
				$message .= "E-mail: ".stripslashes($_POST['email'])."\n";
				$message .= "Website: ".stripslashes($_POST['website'])."\n\r";
				$message .= "Message:\n".stripslashes($_POST['message'])."\n";
				mail($email, 'New GuestBook Entry!', $message);

Next open up config.php and under the $dbname line add:

$email = 'mymail@mail.com';

Obviously change the e-mail address to the one you want to receive the notifications from! This will send you an e-mail everytime someone fills out the guestbook correctly!

On the topic of e-mail, we need to change something on our interface so that our loving users dont get sucked up by the spam e-mail sucker bots trawling the internet! Last thing i promise!!

Open up entries.php and:

Find:

<td valign="bottom" width="100%"><?php echo stripslashes($row['email']); ?></td>

Replace it with:

<td valign="bottom" width="100%"><?php
							$email = explode('@',stripslashes($row['email']));
							echo $email[0].' *at* '.$email[1];
							 ?></td>

This breaks up the e-mail string by the @ symbol, and stores the parts into an array. Where we then join them back together but instead of with an @ symbol we add our own in. That way those pesky little sucker bots won’t get your guests e-mails!

Lastly :P
Lets clean up index.php quickly.

Make a new file in the includes folder called actions.php. Then cut out everything in the index.php file so that you only have the 3 includes statements, and paste the rest into the actions.php file. Make sure it starts with Save and close it. Your actions.php file should now look like:

<?php
$query = mysql_query("SELECT * FROM `spam` WHERE `ip`='".$_SERVER['REMOTE_ADDR']."' LIMIT 1");
	$spamip = mysql_num_rows($query);

	if($spamip == 0){
		if(isset($_POST['submit']) && strlen($_POST['message2']) == 0){

			if(strlen($_POST['name']) == 0){
				$error['name'] = 'Please enter your name';
			}

			if(strlen($_POST['email']) == 0){
				$error['email'] = 'Please enter an e-mail address';
			} else {
				if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])){
					$error['email'] = 'Please enter a correct e-mail address';
				}
			}

			if(strlen($_POST['message']) < 2){
				$error['message'] = 'Please enter a message';
			}	

			if(!isset($error)){
				$postentry = @mysql_query("INSERT INTO `entries` (name, email, website, message, date, ip) VALUES ('".addslashes($_POST['name'])."', '".addslashes($_POST['email'])."', '".addslashes($_POST['website'])."', '".addslashes($_POST['message'])."', now(), '".$_SERVER['REMOTE_ADDR']."')");

				$message = "Hey there!\n\r You're popular today!\n Someone gave you a guestbook entry:\n\r";
				$message .= "From: ".stripslashes($_POST['name'])."\n";
				$message .= "E-mail: ".stripslashes($_POST['email'])."\n";
				$message .= "Website: ".stripslashes($_POST['website'])."\n\r";
				$message .= "Message:\n".stripslashes($_POST['message'])."\n";
				mail($email, 'New GuestBook Entry!', $message);

				if($postentry == true){
					unset($_POST);
				}
			}

		} else if(isset($_POST['submit']) && strlen($_POST['message2']) > 0){
			$spamentry = @mysql_query("INSERT INTO `spam` (ip) VALUES ('".$_SERVER['REMOTE_ADDR']."')");
		}
	} else {
		$error['spam'] = 'Your IP: '.$_SERVER['REMOTE_ADDR'].' is banned!';
	}
?>

Next under the line in your index.php file:

include('includes/functions.php');

Add:

include('includes/actions.php');

So that your index.php file looks like:

<?php
	include('includes/config.php');
	include('includes/functions.php');
	include('includes/actions.php');
	include('templates/skin.php');
?>

Much neater!

**Update**

People can post HTML, which you may or may not like? Anyways, you can fix this easily. Open up entries.php and:

Find:

<td valign="top" colspan="2"><?php echo smilies(stripslashes($row['message'])); ?></td>

Replace with:

<td valign="top" colspan="2"><?php echo smilies(htmlspecialchars(stripslashes($row['message']))); ?></td>

Find:

<td valign="bottom" width="100%"><a href="<?php echo stripslashes($website); ?>" target="_blank"><?php echo substr($website,0,30); ?></a></td>

Replace with:

<td valign="bottom" width="100%"><a href="<?php echo stripslashes($website); ?>" target="_blank"><?php echo htmlspecialchars(substr($website,0,30)); ?></a></td>

Find:

<td valign="bottom" width="100%"><?php echo stripslashes($row['name']); ?></td>

Replace with:

<td valign="bottom" width="100%"><?php echo htmlspecialchars(stripslashes($row['name'])); ?></td>

htmlspecialchars() is a built in php function that escapes any html tags within a string! That way the text is treated a literal and not formatted by the browser as standard HTML.

Done! *clap clap clap*

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13

Posted by VoiDeT

Tagged as , , , , , , , ,
Categorised under PHP
Bookmark the permalink or leave a trackback.

Other Posts

Less
More

60 Comments

  1. CGar

    Hello VOIDET

    I spent last night going through this tutorial and it was great and informative.

    One question I have is that I see your guestbook example has had some spambot action. Is this because there are new techniques that your tutorial doesn’t cover? I’d like to keep this kind of crap off my guest book if possible.

    Thanks for your great tutorial and your feedback.

    Best,
    CGar

    Permalink
    August 3, 2009 @ 3:43 am
  2. VoiDeT

    Hey Cgar,

    This is both true and unfortunate.
    I only taught one spam catching technique.
    However more can be applied if need be. Generating a captcha form, or having an ip-ban with 30 day cool off period. Running known ip blocking from black lists.
    The honey pot technique is just one! Surprisingly, it rejects quite alot!

    Let me know if i can help you out further!
    VoiDeT

    Permalink
    August 3, 2009 @ 4:48 pm
  3. Dennis van Duinen

    Hi there,

    A great tut! Im trying to put it on my site.

    But there is one little problem. The honeypot.. when is add this link:

    a new text field appears on my guestbook, while you where saying that it was hidden?

    How is that possible?

    Dennis

    Permalink
    November 12, 2009 @ 10:40 pm
  4. Iceaangel

    Hi there. Thanks for the great tut. Sorry…forgot to read the last side, as I didn’t used all of the tut for my guestbook at the moment. So I implemented the guestbook in my website without asking you first. And…I’m not completly ready, still working on some things as the honeypot and the pagination.

    Permalink
    December 6, 2009 @ 8:39 am
  5. Zime

    Hello VOIDET,

    This is the best tutorial on the internet so far! :D

    I’m stuck at stage 7 – 10,
    it looked fine until stage 7 then the succes-message never showed up. :(

    The IP thing didin’t work for me :/ so I jumped that part and now I’m trying to get the entries to work out, but it show me this message:
    Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\guestbook\templates\entries.php on line 6

    do you have a idea of what’s wrong?
    I would be happy for any help, just contact my email!

    Regards Zime

    Permalink
    December 20, 2009 @ 11:02 pm
  6. VoiDeT

    @Zime:
    Thanks a lot for the kind words.
    That’s a shame that you can’t get the guestbook working. It looks as though your data isn’t being insert correctly. What you can do however is check your database for any records. If they aren’t in there then check what’s going on with data you’re inserting, and the insert commands.
    If you do see the data in there, then check what’s happening when you try and retrieve the records.

    I’m thinking i might rewrite this tutorial to use OOP with PHP5.
    Or maybe save that for a whole new tutorial.

    Permalink
    December 21, 2009 @ 1:45 pm
  7. PHP Beginner

    Hi
    First great thanks to the author of this tutorial/workshop

    Its working great. But there is only a single problem with the website links in the db entrys they re not working.

    The link includes the hole file path i.e.(http://htdocs/mywebsite/www.pcsh.it) whats wrong?

    thx in advance and best regards
    Oli

    Permalink
    January 29, 2010 @ 4:37 am
  8. Robin

    THX a lot

    love this tut

    Permalink
    March 31, 2010 @ 11:22 pm
  9. ome tony

    hey, where can i find the turtorial?

    greetings

    Permalink
    June 1, 2010 @ 10:55 pm
  10. hieronymus

    Dude, many thanks for this nice and clean tutorial. Took me about an hour to read it all up and add own commands.

    Permalink
    July 12, 2010 @ 12:13 am

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

or