sicurezza form antispam sistema domande risposte

[ale.mazzini]

Originariamente inviato da jcsnake
usare recaptcha

prima di quello vorrei verificare questo

http://www.mtxweb.ch/php_learn/?p=1061


io questo codice

codice:

<?
include("config.php");

$temput= $_SESSION['temput'];
$temppass= $_SESSION['temppass'];

//parametri
$obj=new sast1com();
$obj->connessione();
$result = mysql_query("select * from configurazione");
while($array=mysql_fetch_array($result)){
$titolosito=$array[nome];
$logosito=$array[logo];
$linksito=$array[link];
$emailsito=$array[email];
$isreg=$array[isreg];
}

$id_cat=$_GET['id_cat'];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title><?echo $titolosito;?> registrati</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link rel="stylesheet" type="text/css" media="all" href="css.css" />
</head>

<body ><center>
<table width="830" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td>
    <table width="100%"  border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="52%" align="left">[img]files/<?echo $logosito;?>[/img]</td>
        <td width="48%" align="right" valign="bottom"><span class="smalltext"><font color="#666666"><?$today = date("j F Y, g:i a");echo $today;?></font></span> </td>
      </tr>
    </table>
    </td>
</tr>
</table>

<table width="830" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td>
    <table width="100%"  border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td height="2" bgcolor="#3894E5">[img]images/space.gif[/img]</td>
      </tr>
      <tr>
        <td height="6" bgcolor="#83BFF5">[img]images/space.gif[/img]</td>
      </tr>
      <tr>
        <td height="5" bgcolor="#C3E3FF">[img]images/space.gif[/img]</td>
      </tr>
    </table>
    </td>
</tr>
</table>

<table width="830" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td><table width="100%"  border="0" cellspacing="0" cellpadding="2">
      <tr>
        <td align="left" valign="top" class="smalltext"><font color="#707070">Centro di Supporto <?echo $titolosito;?></font>
         <?if(strlen($temput)>0 && strlen($temppass)>0){?>
         - Benvenuto <?echo $temput;?> - Esci
         <?}else{?>
         - (Accedi oppure Registrati)</td>
         <?}?>
      </tr>
          <tr>
        <td height="5" bgcolor="#FFFFFF">[img]images/space.gif[/img]</td>
      </tr>
    </table></td>
</tr>
</table>



<table width="830" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<?
$obj->connessione();
if($_POST['op']=="ins"){
//cattura i dati dal modulo
$nome =$_POST['nome'];
$cognome =$_POST['cognome'];
$email =$_POST['email'];
$password =$_POST['password'];
$today = date("j F Y, g:i a");
//li inserisce nella tabella

if(strlen($nome)>0 && strlen($cognome)>0 && strlen($email)>0 && strlen($password)>0){

$result = mysql_query ("insert into utenti(nome,cognome,email,password,data) values('$nome','$cognome','$email','$password','$today')");
if($result){

        echo"<table border=\"0\" cellpadding=\"3\" cellspacing=\"1\" width=\"100%\">";
        echo"<tr>";
        echo"<td width=\"16\" align=\"left\" valign=\"middle\"><img src=\"images/icon_info.gif\" border=\"0\" />";
        echo"</td>";
        echo"<td align=\"left\">";
        echo"<span class=\"smalltext\">Registrazione effettuata con Successo</span>";
        echo"</td>";
        echo"</tr>";
        echo"</table>";

        $testo="";
        $testo.="Gentile utente,\n";
        $testo.="Ti sei registrayto in modo corretto al nostro help desk.\n";
        $testo.="\n";
        $testo.="Puoi visitare il nostro desk all'indirizzo:\n";
        $testo.="$linksito\n\n";
        $testo.="Nome e cognome: $nome $cognome\n";
        $testo.="Email: $email\n";
        $testo.="Password: $password\n\n";
        $testo.="\n";
        $testo.="Rimaniamo a sua disposizione per ulteriori chiarimenti.\n";
        $testo.="\n";
        $testo.="$nomesito";

        $oggettox="Registrazione Attivata per $titolosito Centro di supporto";

        //uno
        $extra_hdr_str = "From: $titolosito <$emailsito>";
        $formsent = mail($email,$oggettox,$testo,$extra_hdr_str);
        if($formsent)echo"K";
        else echo"N";

        //due
        //$nomesito
        $extra_hdr_str = "From: $nome $cognome <$email>";
        $formsent = mail($emailsito,$oggettox,$testo,$extra_hdr_str);
        if($formsent)echo"K";
        else echo"N";


}
else{
        echo"<table border=\"0\" cellpadding=\"3\" cellspacing=\"1\" width=\"100%\">";
        echo"<tr class=\"errorbox\">";
        echo"<td width=\"16\" align=\"left\" valign=\"middle\"><img src=\"images/icon_error.gif\" border=\"0\" />";
        echo"</td>";
        echo"<td align=\"left\">";
        echo"<span class=\"smalltext\">Registrazione NON effettuata</span>";
        echo"</td>";
        echo"</tr>";
        echo"</table>";
}

}else echo"Tutti i campi sono obbligatori. Compila correttamente il modulo.";

}
?>
</td>
</tr>
</table>


<table width="830" border="0" cellspacing="0" cellpadding="0">
 <tr>
                        <td>
Ti preghiamo i compilare il modulo qui sotto per registrare un nuovo account. </tr>
</table>



<?if($isreg==1){?>
<table width="830" border="0" cellspacing="0" cellpadding="0">
                      <tr>
                        <td colspan="2">
                         <fieldset class="swiftfieldset">
         <form method="post" action="registrati.php">
         <input type="hidden" value="ins" name="op">
        <legend>Dettagli Generali</legend>
        <table width="100%"  border="0" cellspacing="1" cellpadding="2">
          <tr>
                <td width="30%" align="left" valign="top" class="row2"><span class="smalltext">Nome: </span></td>
                <td width="70%"><input name="nome" type="text" size="25" class="swifttext" value=""></td>
          </tr>
          <tr>
                <td width="30%" align="left" valign="top" class="row2"><span class="smalltext">Cognome: </span></td>
                <td width="70%"><input name="cognome" type="text" size="25" class="swifttext" value=""></td>
          </tr>
          <tr>
                <td align="left" valign="top" class="row2"><span class="smalltext">Email: </span></td>

                <td><input name="email" type="text" size="25" class="swifttext" value=""></td>
          </tr>
          <tr>
                <td align="left" valign="top" class="row2"><span class="smalltext">Password: </span></td>
                <td><input name="password" type="password" size="20" class="swifttext"></td>
          </tr>
          </table>
          <input type="submit" value="Registrati">
          </form>
          </fieldset>
                        </td>
                      </tr>
</table>
<?}else{
echo"<table width=\"830\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
echo"<tr><td>";
  echo"<table border=\"0\" cellpadding=\"3\" cellspacing=\"1\" width=\"100%\">";
        echo"<tr class=\"errorbox\">";
        echo"<td width=\"16\" align=\"left\" valign=\"middle\"><img src=\"images/icon_error.gif\" border=\"0\" />";
        echo"</td>";
        echo"<td align=\"left\">";
        echo"<span class=\"smalltext\">Registrazione NON abilitata</span>";
        echo"</td>";
        echo"</tr>";
        echo"</table>";
echo"</td>";
echo"</tr> ";
echo"</table>";
}?>


<table width="830" border="0" cellspacing="0" cellpadding="0">
  <tr bgcolor="#707070"><td height="24">Home | Controlla Tickets | Apri un Nuovo Ticket | Knowledgebase | Avvisi | Downloads</td>
</table>
</center>
</body>
</html>

<?
function totale($idcat){
$obj=new sast1com();
$obj->connessione();
$result = mysql_query("select * from downloads where d_cat=$idcat");
$tot=mysql_num_rows($result);
return $tot;
}

function nome($idcat){
$obj=new sast1com();
$obj->connessione();
$result = mysql_query("select * from downloads_cat where id=$idcat");
if(strlen($idcat)>0){
while($array=mysql_fetch_array($result)){
$nome=$array[nome];
}
return $nome;
}
}
?>