Found a Guestbook that works in oscmax

[spottedhaggis]

Hi all.

If you want a guestbook with admin control etc, instal this contrib from OSC.

http://www.oscommerce.com/community/...arch,guestbook

Use the bts templates version not the standard version.

Make all the required changes, import the sql tables (this will all work fine.

Minor modifications you will need to make in order to get it working include the following. (assume you are using fallback template in OSCMAX)

1. modify catalog/guestbook.php

Change this :

require(DIR_WS_TEMPLATES . TEMPLATE_NAME . '/' . TEMPLATENAME_MAIN_PAGE);

To this:

require(DIR_WS_TEMPLATES . '/' . TEMPLATENAME_MAIN_PAGE);

Then in Catalog/guestbook_sign.php

change this : (Line 81 I believe)

require(DIR_WS_TEMPLATES . TEMPLATE_NAME . '/' . TEMPLATENAME_MAIN_PAGE);

to this:

require(DIR_WS_TEMPLATES . '/' . TEMPLATENAME_MAIN_PAGE);

The above mods will aloow the guestbook to be visible in the main shop, and after you have completed the additional mods in the readme file within the contrib, you will find a link in the relevant folder within admin (I think it states to place the link in catalog, but I put mine in tools)

You should get a message regarding no right permissions.

To fix this (and I guess for any new pages you add)

Import this line into your database (modify the name of the file, and for every line you add, increase the number)

Please note, this number represents my last database entry for admin files, yours may differ if you have installed any OSC mods yourself, so please check the database table ADMIN_FILES for the last entry and the corresponding number value before you insert this line into your db file

Database sql import:

insert into admin_files (admin_files_id, admin_files_name, admin_files_is_boxes, admin_files_to_boxes, admin_groups_id) values ('124', 'guestbook.php', '0', '1', '1');

Thie above does work, but if you get stuck let me know.

For the record, the only bug I have found that should be a simple fix is that when viewing the guestbook it does not span the entire center of the shop, seems to have some 200 pixels on the left thats not used, as can be seen here

www.beadsneeds.co.uk/oscmax/guestbook.php

Anyone that can help me figure this out, thanks (every table is at 100%)???

[bdneuman]

Quote:

Originally Posted by spottedhaggis

Anyone that can help me figure this out, thanks (every table is at 100%)???

Looks like you figured out your problem on spacing...

I am using this contribution as well but the spam is killing it - I delete 700+ entries from spammers every couple of days...

I am going to attempt to insert gbook (www.phpjunkyard.com) or some other alternative with antispam measures into the site.

[jpf]

Quote:

Originally Posted by bdneuman

I am using this contribution as well but the spam is killing it - I delete 700+ entries from spammers every couple of days...

Have you thought about installing a human verification system?

Human confirmation V 1.0

"Human confirmation" checks if your osC shop is accessed
by human or by robot (script or some other software).
It is useful to prevent automated registrations.
I am sure you've seen it in the net (try to register
with yahoo.com or dot.tk). The script shows a randomly
generated picture with digits. The picture is a little
bit distorted to prevent automatic recognition.
If you're human you will recognize the number and type
it into a text box.

http://www.oscommerce.com/community/contributions,1476

or
Visual Verify Code (VVC) security
(much the same)
http://www.oscommerce.com/community/contributions,1560


With a little bit of modification it can be applied to any part of your store.

[bdneuman]

Quote:

Originally Posted by jpf

Quote:

Have you thought about installing a human verification system?

Human confirmation V 1.0

"Human confirmation" checks if your osC shop is accessed
by human or by robot (script or some other software).
It is useful to prevent automated registrations.
I am sure you've seen it in the net (try to register
with yahoo.com or dot.tk). The script shows a randomly
generated picture with digits. The picture is a little
bit distorted to prevent automatic recognition.
If you're human you will recognize the number and type
it into a text box.

http://www.oscommerce.com/community/contributions,1476

or
Visual Verify Code (VVC) security
(much the same)
http://www.oscommerce.com/community/contributions,1560


With a little bit of modification it can be applied to any part of your store.

Mmm...I'll check it out and see if I can figure out how to mod to work with the guestbook we're using - Thanks!

[bdneuman]

Quote:

Mmm...I'll check it out and see if I can figure out how to mod to work with the guestbook we're using - Thanks!

Well, I did it. I used the VVC contrib and modified it to work w/ the Guestbook for osC v1.0. Tested and working as it should, but the spam keeps rolling in. Are there robots out there capable of reading these codes now? If someone could take a look at my site and see if you can spot how they can get through or have any ideas on what to check I'd appreciate it. Here is modified guestbook_sign.php and a link to the page:

http://www.honeybeadjewelry.com/guestbook_sign.php

Code:

<?php
/*
  $Id: guestbook_sign.php,v 1.0 2003/07/15 Exp $

  Guestbook for osC(2.2MS2) v1.0

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2003 osCommerce

  Released under the GNU General Public License
*/

  require('includes/application_top.php');

  if (GUESTBOOK_SHOW == 'false') {
    $navigation->set_snapshot();
    tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));
  }

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_GUESTBOOK_SIGN);

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
    $gb_name = tep_db_prepare_input($HTTP_POST_VARS['gb_name']);
    $gb_email = tep_db_prepare_input($HTTP_POST_VARS['gb_email']);
    $gb_location = tep_db_prepare_input($HTTP_POST_VARS['gb_location']);
    $gb_text = tep_db_prepare_input($HTTP_POST_VARS['gb_text']);

    $error = false;
    if (strlen($gb_name) < GUESTBOOK_NAME_MIN_LENGTH) {
      $error = true;

      $messageStack->add('guestbook', JS_GUESTBOOK_NAME);
    }
    if (strlen($gb_text) < GUESTBOOK_TEXT_MIN_LENGTH) {
      $error = true;

      $messageStack->add('guestbook', JS_GUESTBOOK_TEXT);
    }

//VISUAL VERIFY CODE start
  require(DIR_WS_FUNCTIONS . 'visual_verify_code.php');

    $code_query = tep_db_query("select code from visual_verify_code where oscsid = '" . $HTTP_GET_VARS['osCsid'] . "'");
    $code_array = tep_db_fetch_array($code_query);
    $code = $code_array['code'];

    tep_db_query("DELETE FROM " . TABLE_VISUAL_VERIFY_CODE . " WHERE oscsid='" . $vvcode_oscsid . "'"); //remove the visual verify code associated with this session to clean database and ensure new results

    $user_entered_code = $HTTP_POST_VARS['visual_verify_code'];
    if (!(strcasecmp($user_entered_code, $code) == 0)) {    //make the check case insensitive
        $error = true;
        $messageStack->add('guestbook', VISUAL_VERIFY_CODE_ENTRY_ERROR);
    }
//VISUAL VERIFY CODE stop

    if (!empty($gb_email)) {
      if (!tep_validate_email($gb_email)) {
        $error = true;
        $messageStack->add('guestbook', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
      }
    }

    if ($error == false) {
	if (tep_validate_email($gb_email)) {
	  //mail to visitor
        $email_text = sprintf(EMAIL_VISITOR_GREET, $gb_name);
        $email_text .= EMAIL_VISITOR_MESSAGE;
        tep_mail($gb_name, $gb_email, EMAIL_VISITOR_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
	}

	//mail to store owner
      tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_OWNER_SUBJECT, $gb_text, $gb_name, $gb_email);

      tep_db_query("insert into " . TABLE_GUESTBOOK . " (visitors_name, visitors_email, visitors_location, date_added) values ('" . tep_db_input($gb_name) . "', '" . tep_db_input($gb_email) . "', '" . tep_db_input($gb_location) . "', now())");
      $insert_id = tep_db_insert_id();

      tep_db_query("insert into " . TABLE_GUESTBOOK_DESCRIPTION . " (entry_id, languages_id, entry_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($gb_text) . "')");

      tep_redirect(tep_href_link(FILENAME_GUESTBOOK, tep_get_all_get_params(array('action'))));
    }
  } elseif (tep_session_is_registered('customer_id')) {
    $account_query_one = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
    $account_one = tep_db_fetch_array($account_query_one);
	
	$account_query_two = tep_db_query("select a.entry_country_id, b.countries_id, b.countries_name from " . TABLE_ADDRESS_BOOK . " a, " . TABLE_COUNTRIES ." b where a.customers_id = '" . (int)$customer_id . "' and a.entry_country_id = b.countries_id");
    $account_two = tep_db_fetch_array($account_query_two);

    $gb_name = $account_one['customers_firstname'] . ' ' . $account_one['customers_lastname'];
    $gb_email = $account_one['customers_email_address'];
	$gb_location = $account_two['countries_name'];
  }

  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_GUESTBOOK, tep_get_all_get_params()));
  
  $content = 'guestbook_sign';

  require(DIR_WS_TEMPLATES . TEMPLATENAME_MAIN_PAGE);
  
  require(DIR_WS_INCLUDES . 'application_bottom.php');
?>

[jpf]

Tried your site.... DOES NOT VAILDATE the box.... I put NOTHING in the box and it posted...... ("please delete" posting.) Also forcing EMAIL and Location would slow it down!

[bdneuman]

Quote:

Originally Posted by jpf

Tried your site.... DOES NOT VAILDATE the box.... I put NOTHING in the box and it posted...... ("please delete" posting.) Also forcing EMAIL and Location would slow it down!

Ah-ha!

it's here:

Code:

    $code_query = tep_db_query("select code from visual_verify_code where oscsid = '" . $HTTP_GET_VARS['osCsid'] . "'");

If the bots (as you most likely did) access this page directly, there is no osCsid assigned yet...so do I need to do an if isset on the osCsid? How should I handle it if it is not set? Thanks in advance for the help...I'll keep working on it.

[bdneuman]

Quote:

If the bots (as you most likely did) access this page directly, there is no osCsid assigned yet...so do I need to do an if isset on the osCsid? How should I handle it if it is not set? Thanks in advance for the help...I'll keep working on it.

Update: The spam has slowed - as long as the guestbook_sign.php page is not accessed directly, it should work...

Question: I use Captcha on my blog page to filter comment spam and it works very well - what do you think about using it instead?[/quote]

[spottedhaggis]

any chance u making your modified version availabler, mine is now getting spammed to death

thanks

[bdneuman]

Quote:

Originally Posted by spottedhaggis

any chance u making your modified version availabler, mine is now getting spammed to death

thanks

Well, I wasn't smart enought to modify the code within the php file that generates the verification code, so I used the Human Verification contribution found here:

http://www.oscommerce.com/community/contributions,1476

Here is my guestbook_sign.php and guestbook_sign.tpl.php files for the required mod's (I assume your using oscMax, but if not and you don't hav the BTS template system, the modificaitons will both be inside of guestbook_sign.php).

Let me know if you have any problems...

guestbook_sign.php:

Code:

<?php
/*
  $Id: guestbook_sign.php,v 1.0 2003/07/15 Exp $

  Guestbook for osC(2.2MS2) v1.0

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2003 osCommerce

  Released under the GNU General Public License
*/

  require('includes/application_top.php');

  if (GUESTBOOK_SHOW == 'false') {
    $navigation->set_snapshot();
    tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));
  }

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_GUESTBOOK_SIGN);

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
    $gb_name = tep_db_prepare_input($HTTP_POST_VARS['gb_name']);
    $gb_email = tep_db_prepare_input($HTTP_POST_VARS['gb_email']);
    $gb_location = tep_db_prepare_input($HTTP_POST_VARS['gb_location']);
    $gb_text = tep_db_prepare_input($HTTP_POST_VARS['gb_text']);

    $error = false;

    if (strlen($gb_name) < GUESTBOOK_NAME_MIN_LENGTH) {
      $error = true;

      $messageStack->add('guestbook', JS_GUESTBOOK_NAME);
    }
    if (strlen($gb_text) < GUESTBOOK_TEXT_MIN_LENGTH) {
      $error = true;

      $messageStack->add('guestbook', JS_GUESTBOOK_TEXT);
    }

// BOF // Contrib: Human confirmation v1.2

    $thecode_okay = false;
    $noautomationcode = $HTTP_SESSION_VARS["noautamationcode"];

    // -> v1.1 // Changed to work w/ random image names
    $img_dir  = $HTTP_SESSION_VARS["noautamationdir"];
    $img_name = $HTTP_SESSION_VARS["noautamationname"];
    // Find and delete old images
    if (strlen($img_name) >= 6) {
      $dirHandle = dir($img_dir);
      while($fileHandle = $dirHandle->read()) {
        if (substr($fileHandle,0,strlen($img_name)) == $img_name)
          @unlink($img_dir.$fileHandle);
      }
      $dirHandle->close();
    }
    // <- v1.1 // Changed to work w/ random image names

    $thecode_okay = (isset($HTTP_POST_VARS['thecode']) && ($HTTP_POST_VARS['thecode'] == $noautomationcode ));

    if ($thecode_okay == false) {
      $error = true;
      $messageStack->add('guestbook', ENTRY_HUMANCHECK_ERROR);
    }
// EOF // Contrib: Human confirmation v1.2

    if (!empty($gb_email)) {
      if (!tep_validate_email($gb_email)) {
        $error = true;
        $messageStack->add('guestbook', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
      }
    }

    if ($error == false) {
	if (tep_validate_email($gb_email)) {
	  //mail to visitor
        $email_text = sprintf(EMAIL_VISITOR_GREET, $gb_name);
        $email_text .= EMAIL_VISITOR_MESSAGE;
        tep_mail($gb_name, $gb_email, EMAIL_VISITOR_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
	}

	//mail to store owner
      tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_OWNER_SUBJECT, $gb_text, $gb_name, $gb_email);

      tep_db_query("insert into " . TABLE_GUESTBOOK . " (visitors_name, visitors_email, visitors_location, date_added) values ('" . tep_db_input($gb_name) . "', '" . tep_db_input($gb_email) . "', '" . tep_db_input($gb_location) . "', now())");
      $insert_id = tep_db_insert_id();

      tep_db_query("insert into " . TABLE_GUESTBOOK_DESCRIPTION . " (entry_id, languages_id, entry_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($gb_text) . "')");

      tep_redirect(tep_href_link(FILENAME_GUESTBOOK, tep_get_all_get_params(array('action'))));
    }
  } elseif (tep_session_is_registered('customer_id')) {
    $account_query_one = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
    $account_one = tep_db_fetch_array($account_query_one);
	
	$account_query_two = tep_db_query("select a.entry_country_id, b.countries_id, b.countries_name from " . TABLE_ADDRESS_BOOK . " a, " . TABLE_COUNTRIES ." b where a.customers_id = '" . (int)$customer_id . "' and a.entry_country_id = b.countries_id");
    $account_two = tep_db_fetch_array($account_query_two);

    $gb_name = $account_one['customers_firstname'] . ' ' . $account_one['customers_lastname'];
    $gb_email = $account_one['customers_email_address'];
	$gb_location = $account_two['countries_name'];
  }

  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_GUESTBOOK, tep_get_all_get_params()));
  
  $content = 'guestbook_sign';

  require(DIR_WS_TEMPLATES . TEMPLATENAME_MAIN_PAGE);
  
  require(DIR_WS_INCLUDES . 'application_bottom.php');
?>

guestbook_sign.tpl.php:

Code:

<script language="javascript"><!--
function checkForm() {
  var error = 0;
  var error_message = "<?php echo JS_ERROR; ?>";
  
  var gb_name = document.guestbook_sign.gb_name.value;
  var gb_text = document.guestbook_sign.gb_text.value;
  
  if (gb_name.length < <?php echo GUESTBOOK_NAME_MIN_LENGTH; ?>) {
    error_message = error_message + "<?php echo JS_GUESTBOOK_NAME; ?>";
    error = 1;
  }

  if (gb_text.length < <?php echo GUESTBOOK_TEXT_MIN_LENGTH; ?>) {
    error_message = error_message + "<?php echo JS_GUESTBOOK_TEXT; ?>";
    error = 1;
  }
    
  if (error == 1) {
    alert(error_message);
    return false;
  } else {
    return true;
  }
}
//--></script>
<table border="0" width="100%" cellspacing="3" cellpadding="3">
  <tr>
    <td width="100%" valign="top"><?php echo tep_draw_form('guestbook_sign', tep_href_link(FILENAME_GUESTBOOK_SIGN, 'action=process'), 'post', 'onSubmit="return checkForm();"'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
            <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_contact_us.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
<?php
  if ($messageStack->size('guestbook') > 0) {
?>
      <tr>
        <td><?php echo $messageStack->output('guestbook'); ?></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
<?php
  }
?>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="2" cellpadding="2">
              <tr>
                <td class="main" width="30%"><?php echo ENTRY_NAME; ?></td>
                <td class="main"><?php echo tep_draw_input_field('gb_name'); ?></td>
              </tr>
              <tr>
                <td class="main"><?php echo ENTRY_EMAIL; ?></td>
                <td class="main"><?php echo tep_draw_input_field('gb_email') . ENTRY_HELP_OPTIONAL; ?></td>
              </tr>
              <tr>
                <td class="main"><?php echo ENTRY_LOCATION; ?></td>
                <td class="main"><?php echo tep_draw_input_field('gb_location') . ENTRY_HELP_OPTIONAL; ?></td>
              </tr>
<?PHP
// BOF // Contrib: Human confirmation v1.2

   if (!tep_session_is_registered('noautamationcode')) tep_session_register('noautamationcode');
   include('includes/human_confirmation.php');
   tep_session_close('noautamationcode');

// EOF // Contrib: Human confirmation v1.2
 ?>
              <tr>
                <td class="main"><?php echo ENTRY_ENQUIRY; ?></td>
              </tr>
              <tr>
                <td colspan="2"><?php echo tep_draw_textarea_field('gb_text', 'soft', 60, 15); ?></td>
              </tr>
              <tr>
                <td colspan="2" class="smallText" align="right"><?php echo TEXT_NO_HTML; ?></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                <td class="main"><?php echo '<a href="' . tep_href_link(FILENAME_GUESTBOOK, tep_get_all_get_params(array('entry_id', 'action'))) . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>
                <td class="main" align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>
    </table></form></td>
  </tr></table>

I also modified the html section of the includes/human_confirmation.php file to make it display right - here it is:

Code:

      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
      <tr>
        <td colspan="2" class="main"><b><?php echo CATEGORY_HUMANCHECK; ?></b></td>
      </tr>
      <tr>
        <td colspan="2"><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" cellspacing="2" cellpadding="2">
              <tr>
                <?php
                  echo '<td class=main align=center valign=middle width=' . $td_width . '>';
                  echo tep_image( $img_name );
                  echo '<br>';
                  echo tep_draw_input_field('thecode');
                ?>
                </td>
                <td class="main"><?php echo ENTRY_HUMANCHECK; ?></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>