Validation using Strcmp

Hi All - I’m somewhat clueless and trying to modify some code and can’t get it right. From another form I’m collecting a variable ‘Chkword’ and I want to make sure the user has typed in a specific word (in this case ‘caboose’). If the user doesn’t type ‘caboose’ I want it to error out, otherwise I want it to fall through. I can’t manage to compose the strcmp test correctly. Can anyone help? Thanks, BB



  if( strcmp(($_POST['Chkword']), 'caboose' ) != 0)
    {
        ## So if we're here it's because the user didn't type the right thing in...
        $T['Message'] = $GLOBALS['L_RUSPAMBOT'];
        include_once("{$GLOBALS['CDIR']}/index_error.tpl");
        exit;
    }
    
    ## If we're here it's because Chkword correctly is 'caboose'

<?php if (!strcmp($_POST['Chkword'], 'caboose')): // error handling else: word matches endif; ?>

Why not just use:

if ($_POST['Chkword'] == 'caboose') { // your code }

Thank you both, Zyppora and Lord Frikk - I used Lord Frikk’s solution because its style best fits the existing form of the rest of the code.

The code runs without vomiting up all these parsing errors now - but still the user input test doesn’t seem to work (it currently thinks any string is fine, always falling past the error code).

I think at this point I’d like to see what the ‘inputted’ data is that I’m testing against. Is there a way to print the variable ‘Chkword’?

This form doesn’t seem to print whatever the user has input:


print $_POST['Chkword'];

Other slight variations don’t seem to work either. Thanks for any help you can offer.

Tom

If print $_POST[‘Chkword’]; doesn’t work, then the value is probably not carried over to the PHP script. Could you show us your form?

This is the form code - it’s a *.tpl file extension - I think the package uses Smarty templates. I’ve put empty lines in front and behind the code segment I added.


<html>
<head>
  <title>Comment on This Article</title>
<style type="text/css">
<?PHP readfile('./templates/index.css'); ?></style>
</head>
<body>

<div align="center">

<table width="90%" cellspacing="4" cellpadding="0" border="0">
  <tr>
    <td width="100%">

    <div style="text-align: right; font-weight: bold; margin-bottom: 10px">
    <a href="index.php" style="font-weight: bold;">Knowledge Base</a>
    :
    <a href="glossary.php" style="font-weight: bold;">Glossary</a>
    :
    <a href="suggest.php" style="font-weight: bold;">Suggest a Question</a>
    </div>

    <div class="titleBar" style="margin-bottom: 5px;">
    Comment on This Article
    </div>

    <br />

    <b>Article # <?PHP echo $T['Article_ID'] ?><br />
    <?PHP echo $T['Topic'] ?></b>

    <br />
    <br />

    <div style="width: 500px;">
    <a href="index.php?a=<?PHP echo $T['Article_ID'] ?>" style="font-weight: bold">Back To the Article</a>

    <br />
    <br />

    To add a comment to this article, please fill in the form below.  Both of the form fields must be filled in to submit
    your comment.  The comment you submit may not contain HTML code, please use only plain text for your message.
    </div>

    <br />

    <form action="comment.php" method="POST">
    
    <table>
      <tr>
        <td align="right">
        <b>Your Name</b>
        </td>
        <td>
        <input type="text" name="Name" size="40">
        </td>
      </tr>
      <tr>
        <td align="right" valign="top">
        <b>Comment</b>
        </td>
        <td>
        <textarea name="Message" rows="5" cols="70"></textarea>
        </td>
      </tr>



       ## Added below segment
      <tr>
        <td align="right">
        <b>What's the last car on <br>a train called? Type it Here</b>
        </td>
        <td>
        <input type="text" name="Chkword" size="40">
        </td>
      </tr>




      <tr>
        <td>
        </td>
        <td>
        <input type="submit" value="Add Comments">
        </td>
      </tr>
    </table>

    <input type="hidden" name="a" value="<?PHP echo $T['Article_ID'] ?>">

    </form>

    </td>
  </tr>
</table>

</div>

<!-- Removing this code will result in immediate license termination --><div align="center" style="font-family: Sans-Serif; font-size: 8pt;">Powered By <a href="http://www.jmbsoft.com/" target="_blank">AutoKB</a></div>
</body>
</html>

The complete common.php handler file is below - as above I’ve put empty lines in front and behind any code segments I added or moddified:


<?PHP
## http://www.jmbsoft.com/license.php
## Please make sure you type the word caboose in the last field - otherwise I will assume your are a spambot and ignore your message

include_once('common.php');


$L_TOO_LONG  = 'The comment you have entered is too long.  We allow a maximum of ' . $GLOBALS['MAX_COMMENT'] . ' characters';
$L_REQUIRED  = 'Please fill in all of the required fields';
$L_BADWORD   = 'A restricted word was found in your comment which cannot be added to the database';
$L_NOARTICLE = 'Invalid article ID number';
$L_DUPLICATE = 'Please only post one comment per article';


## Added below line
$L_RUSPAMBOT = 'Posting Failed - Please make sure you type the word caboose in the last field - otherwise I will assume your are a spambot and ignore your message';


$DB = new DB($GLOBALS['HOSTNAME'], $GLOBALS['USERNAME'], $GLOBALS['PASSWORD'], $GLOBALS['DATABASE'], $GLOBALS['PREFIX']);
$DB->Connect();


if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
    AddComment();
}
else
{
    DisplayComment();
}



function AddComment()
{
    global $DB, $T;
  

     ## Added below segment
    if (!strcmp($_POST['Chkword'], 'caboose'))
    {
        $T['Message'] = $GLOBALS['L_RUSPAMBOT'];
        include_once("{$GLOBALS['CDIR']}/index_error.tpl");
        exit;
    }
    




    if( IsEmptyString($_POST['Name']) || IsEmptyString($_POST['Message']) )
    {
        $T['Message'] = $GLOBALS['L_REQUIRED'];
        include_once("{$GLOBALS['CDIR']}/index_error.tpl");
        exit;
    }

    if( strlen($_POST['Message']) > $GLOBALS['MAX_COMMENT'] )
    {
        $T['Message'] = $GLOBALS['L_TOO_LONG'];
        include_once("{$GLOBALS['CDIR']}/index_error.tpl");
        exit;
    }

    $commented = array();

    if( isset($_COOKIE['kb_commented']) )
    {
        $commented = explode(',', $_COOKIE['kb_commented']);
    }

    if( in_array($_POST['a'], $commented) )
    {
        $T['Message'] = $GLOBALS['L_DUPLICATE'];
        include_once("{$GLOBALS['CDIR']}/index_error.tpl");
        exit;
    }

    $now  = DSTTime();




    ## Modified below segment to include 'Chekword'
    foreach( array('Message', 'Name', 'Chekword') as $key )
    {
        $word = CheckBadWords($_POST[$key]);
        
        if( $word !== 0 )
        {
            $T['Message'] = $GLOBALS['L_BADWORD'] . ": '$word'";
            include_once("{$GLOBALS['CDIR']}/index_error.tpl");
            exit;
        }
    }

    $_POST['Name']    = htmlspecialchars($_POST['Name']);
    $_POST['Message'] = htmlspecialchars($_POST['Message']);
    $_POST['Chkword'] = htmlspecialchars($_POST['Chekword']);
    
 


    
    
    ArrayAddSlashes($_POST);    

    $DB->Insert("INSERT INTO ZZPRE_Comments VALUES ( " .
                "NULL, " .
                "'{$_POST['a']}', " .
                "'{$_POST['Name']}', " .
                "'{$_SERVER['REMOTE_ADDR']}', " .
                "'$now', " .
                "'{$GLOBALS['O_AUTO_APPROVE']}', " .
                "'1', " .
                "'{$_POST['Message']}')");

    $T = array_merge($_POST, $DB->Row("SELECT * FROM ZZPRE_Articles WHERE Article_ID='{$_POST['a']}'"));

    $T['Approved'] = $GLOBALS['O_AUTO_APPROVE'];
    $T['Message']  = nl2br($T['Message']);

    ArrayStripSlashes($T);

    $commented[] = $T['Article_ID'];

    setcookie('kb_commented', join(',', $commented), time() + 86400);

    include_once("{$GLOBALS['CDIR']}/comment_added.tpl");
}



function DisplayComment()
{
    global $DB, $T;

    ArrayAddSlashes($_GET);

    $T = $DB->Row("SELECT * FROM ZZPRE_Articles WHERE Article_ID='{$_GET['a']}'");

    if( $T === FALSE )
    {
        $T['Message'] = $GLOBALS['L_NOARTICLE'];
        include_once("{$GLOBALS['CDIR']}/index_error.tpl");
        exit;
    }

    include_once("{$GLOBALS['CDIR']}/comment_main.tpl");
}


?>
Sponsor our Newsletter | Privacy Policy | Terms of Service