Codice PHP:
<?
// Show form to add your site
if(!isset($_POST['submit']))
{
?>
<center>
<table style="margin-top: 30px;" border="1" cellpadding="2" cellspacing="0" width="50%" class="content" align="center">
<tr class="title">
<form method="POST" name=form>
<input type="hidden" name="submit" value="1">
<td width="100%" colspan="2">
<p align="center"><? echo $text['73'] ?></td>
</tr>
<tr>
<td width="50%"><? echo $text['36'] ?> :</td>
<td width="50%"><input type="text" name="sitename" size="24" maxlength="50"></td>
</tr>
<tr>
<td width="50%"><? echo $text['37'] ?> :</td>
<td width="50%"><input type="text" name="url" size="24" maxlength="100"></td>
</tr>
<tr>
<td width="50%"><? echo $text['38'] ?> [ 88 x 31 ] :</td>
<td width="50%"><input type="text" name="buttonurl" size="24" maxlength="125"></td>
</tr>
<tr>
<td width="50%"><? echo $text['39'] ?> :</td>
<td width="50%"><input type="text" name="email" size="24" maxlength="75"></td>
</tr>
<tr>
<td width="50%"><? echo $text['137'] ?> :</td>
<td width="50%"><select name="country" onChange="showimage()"><?
// Selecting different flags directory 'images/flags'
$handle = opendir('images/flags');
while(false!==($file = readdir($handle)))
{
if($file != "." AND $file != "..")
{
if($file == "flag_oth.gif")
{
$selected = " selected";
}
else
{
$selected = " ";
}
echo "<option value=\"" . $file . "\"" . $selected . ">" . $file . "</option>\n";
}
}
closedir($handle);
?>
</select>[img]images/flags/flag_oth.gif[/img]</td>
</tr>
<tr>
<td width="50%" valign="top"><? echo $text['40'] ?> :</td>
<td width="50%"><textarea rows="7" name="description" cols="26"></textarea></td>
</tr>
<tr>
<td width="50%" valign="top"><? echo $text['22'] ?> :</td>
<td width="50%"><input type="password" name="pssw" size="12" maxlength="25"></td>
</tr>
<tr>
<td width="50%" valign="top"><? echo $text['22'] ?> [ <? echo $text['59'] ?> ]:</td>
<td width="50%"><input type="password" name="pssw2" size="12" maxlength="25"></td>
</tr>
<tr>
<td width="100%" valign="top" colspan="2">
<p align="center"><input type="submit" value="<? echo $text['72'] ?>"></td>
</tr>
</table>
</center>
<?
}
// Form has been submitted
if(isset($_POST['submit']))
{
// Checking if email isn't used before to register a website
$query = mysql_query("SELECT COUNT(1) FROM " . $table . "_sites WHERE email = '" . $_POST['email'] . "'");
$result = mysql_result($query,0);
// If email has been registered, give error
if(!empty($result))
{
?>
<table border="1" cellpadding="2" cellspacing="0" width="50%" class="content" align="center">
<tr class="title">
<td width="100%"><p align="center"><? echo $text['73'] ?></td>
</tr>
<tr>
<td width="100%"><? echo $text['74'] ?> ...
[url="javascript:history.go(-1)"]<< <? echo $text['20'] ?>[/url]</td>
</tr>
</table>
<?
}
else
{ // If email hasn't been registered, run script to add site
?>
<table border="1" cellpadding="2" cellspacing="0" width="50%" align="center">
<tr class="title">
<td width="100%"><p align="center"><? echo $text['73'] ?></td>
</tr>
<tr class="content">
<td width="100%">
<?
// If sitename wasn't filled in
if(empty($_POST['sitename']))
{
?>
<? echo $text['75'] ?>
[url="javascript:history.go(-1)"]<< <? echo $text['20'] ?>[/url]
<?
}
// If URL wasn't filled in
elseif(empty($_POST['url']))
{
?>
<? echo $text['76'] ?>
[url="javascript:history.go(-1)"]<< <? echo $text['20'] ?>[/url]";
<?
}
// If email wasn't filled in
elseif(empty($_POST['email']))
{
?>
<? echo $text['77'] ?>
[url="javascript:history.go(-1)"]<< <? echo $text['20'] ?>[/url]
<?
}
// If description wasn't filled in
elseif(empty($_POST['description']))
{
?>
<? echo $text['78'] ?>
[url="javascript:history.go(-1)"]<< <? echo $text['20'] ?>[/url]
<?
}
// If password / confirm password weren't filled in
elseif(empty($_POST['pssw']) OR empty($_POST['pssw2']))
{
?>
<? echo $text['79'] ?>
[url="javascript:history.go(-1)"]<< <? echo $text['20'] ?>[/url]
<?
}
else
{
// If passwords are not the same
if($_POST['pssw'] != $_POST['pssw2'] OR empty($_POST['pssw']) OR empty($_POST['pssw2']))
{
?>
<? echo $text['61'] ?> ...
[url="javascript:history.go(-1)"]<< <? echo $text['20'] ?>[/url]
<?
}
else
{
// Not encrypted version of password
$pssw = $_POST['pssw'];
// Encrypted version of password
$pssw_encrypted = md5($_POST['pssw']);
$_POST['country'] = str_replace("flag_","", $_POST['country']);
$_POST['country'] = str_replace(".gif","", $_POST['country']);
$date = date("dmY");
// Insert data of website into database
mysql_query("INSERT INTO " . $table . "_sites (sitename,url,buttonurl,email,description,password,hitsin,clicksin,hitsout,hitstotal,hitstoday,date,register_date,country,rank,ip) VALUES ('" . $_POST['sitename'] . "','" . $_POST['url'] . "','" . $_POST['buttonurl'] . "','" . $_POST['email'] . "','" . $_POST['description'] . "','" . $pssw_encrypted . "','0','0','0','0','" . $date . " | 0','" . $date . " | 1',NOW(),'" . $_POST['country'] . "','-','" . $_SERVER['REMOTE_ADDR'] . "')") or die (mysql_error());
$query = mysql_query("SELECT * FROM " . $table . "_sites WHERE email = '" . $_POST['email'] . "' AND url = '" . $_POST['url'] . "'") or die(mysql_error());
while($row = mysql_fetch_assoc($query))
{
$memberid = $row['memberid'];
}
// Creating row for ratings for this website
mysql_query("INSERT INTO " . $table . "_rate VALUES ('$memberid','0','0')") or die (mysql_error());
$sitename = htmlspecialchars($_POST['sitename']);
$email = htmlspecialchars($_POST['email']);
$url = htmlspecialchars($_POST['url']);
$buttonurl = htmlspecialchars($_POST['buttonurl']);
$description = htmlspecialchars($_POST['description']);
$message = "<font style=\"font-family: verdana; font-size: 8pt\">
Hai fatto richiesta alla top100: " . $webmaster_url . ",
Ecco perchè vi inviamo il riepilogo dei vostri dati. La preghiamo di conservare questa e-mail. La password sottostante è decriptata ma nei nostri server è criptata per proteggervi da hacker.!
INFORMAZIONI ACCOUNT " . $memberid . "
ID: " . $memberid . "
Nome Sito : " . $sitename . "
URL : " . $url . "
Button URL : " . $buttonurl . "
Descrizione : " . $description . "
Password : " . $pssw . "
Grazie,
Webmaster di " . $webmaster_url . "</font>";
mail("$email","Ti Sei Iscritto a: " . $topsite_name . " !!!","$message","From: Ti Sei Iscritto a: " . $topsite_name . " !!!<" . $webmaster_email . ">\nContent-Type: text/html; charset=iso-8859-1");
if($webmaster_sendmail)
{
$message = "<font style=\"font-family: verdana; font-size: 8pt\">
Un nuovo membro si è iscritto alla tua top100, ecco i suoi dati:
INFORMAZIONI ACCOUNT " . $memberid . "
ID: " . $memberid . "
Nome Sito : " . $sitename . "
URL : " . $url . "
Button URL : " . $buttonurl . "
Descrizione : " . $description . "
Password : " . $pssw . "
Grazie,
Webmaster di " . $webmaster_url . "</font>";
mail("$webmaster_email","Nuovo Membro Nella TOP100", "$message","From: Nuovo Membro Nella TOP100<" . $webmaster_email . ">\nContent-Type: text/html; charset=iso-8859-1");
}
?>
<? echo $text['80'] ?>
<? echo $text['81'] ?>:
<center>
<textarea cols="45" rows="5" onClick="this.select()">[url="<? echo $script_url ?>/index.php?id=<? echo $memberid ?>"][img]<? echo $script_url ?>/img.php?id=<? echo $memberid ?>[/img][/url]</textarea>
[url="index.php"]<< <? echo $text['82'] ?>[/url]</center>
<?
In quale punto del Php script devo applicare le protezioni? (Forse l'ho intuito) Mi fareste un breve esempio? 
Rispondi quotando