PHP - I need to validate textarea from the server .. any help? [closed]

Question

PHP - I need to validate textarea from the server .. any help? [closed]

Navigation

#1 by (2 votes)
#2 by (1 votes)
#3 by (-2 votes)

-3

I have a form in which there is a person who bothers entering the web, enters the debugger, selects the form in edit mode, edit the form changing a input for a textarea and paste a text which includes unpleasant things .

How do I prevent them from manipulating the form?

More information Sorry for not being so specific. I will try to explain and show them what I have, to see .. while I try to get the answer by myself. If I find it I will expose it here ... to see what they think. Well without more words these are my codes. "For now examples"

My form codes form.html

<form id="reCaptchaForm" action="/signup.php" method="POST" autocomplete="off">
<input class="contact-form-name" id="ContactForm1_contact-form-name" name="nombre" placeholder="Su nombre" size="30" type="text" value="" ondrop="return false" oncopy="return false" onpaste="return false" oncontextmenu="return false" onkeyup="this.value = this.value.replace(/[&/:*<>]/g, '')" required><br />
<input class="contact-form-email" id="ContactForm1_contact-form-email" name="email" placeholder="Su Email" size="30" type="email" value="" ondrop="return false" oncopy="return false" onpaste="return false" oncontextmenu="return false" required><br />
<textarea class="contact-form-email-message" cols="25" id="ContactForm1_contact-form-email-message" name="mensaje" placeholder="Su mensaje" rows="5" onkeyup="this.value = this.value.replace(/[&/:*<>]/g, '')" ondrop="return false" oncopy="return false" onpaste="return false" oncontextmenu="return false" draggable="false" required></textarea><br />
<b>Para qué fecha desea el tour?</b><br />
<input class="contact-form-email" type="date" name="fecha" ondrop="return false" oncopy="return false" onpaste="return false" oncontextmenu="return false" required><br />
<label for="country"><b>¿Desde dónde nos visitarás?</b></label><br />
<select id="country" name="pais" placeholder="Su Email" ondrop="return false" oncopy="return false" onpaste="return false" oncontextmenu="return false" required><br />
<option value="" disabled selected hidden>Selecciona tu país...</option>
<option value="Argentina">Argentina</option><br />
<option value="Bolivia">Bolivia</option><br />
<option value="Brasil">Brasil</option><br />
<option value="Chile">Chile</option><br />
<option value="Colombia">Colombia</option><br />
<option value="Costa Rica">Costa Rica</option><br />
<option value="Cuba">Cuba</option><br />
<option value="Ecuador">Ecuador</option><br />
<option value="El Salvador">El Salvador</option><br />
<option value="España">España</option><br />
<option value="Guatemala">Guatemala</option><br />
<option value="Honduras">Honduras</option><br />
<option value="México">México</option><br />
<option value="Nicaragua">Nicaragua</option><br />
<option value="Paraguay">Paraguay</option><br />
<option value="Panamá">Panamá</option><br />
<option value="Perú">Perú</option><br />
<option value="Puerto Rico">Puerto Rico</option><br />
<option value="República Dominicana">República Dominicana</option><br />
<option value="Uruguay">Uruguay</option><br />
<option value="Venezuela">Venezuela</option><br />
<option value="Estados Unidos">Estados Unidos</option><br />
<option value="Otro">Otro..</option><br />
</select><br />
<label class="nospam" for="nospam">¡Si ves esto, pasa de él!</label><br />
<input class="nospam" name="nospam"><br />
<div id='recaptcha' class="g-recaptcha" 
data-sitekey="6LdmtoQUAAAAAD9NYaBmZGJhy5ZqQeMbFwDCL4MS" 
data-callback="onCompleted" 
data-size="invisible"></div> 
<button class="sp-button sp-button2" id='submit'>ENVIAR MENSAJE</button> 
</form>
</div>
<script>$("#myForm").submit(function(e){console.log("validation completed."),e.preventDefault(),grecaptcha.execute()}),onCompleted=function(){console.log("captcha completed.")};</script>

My server php codes signup.php

<?php
function get_ip_address() {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} else {
    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}}
return $ip;
}
function check_input($data)
 {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
 }
 if ($_POST['nospam'] != ""){
 // Es un SPAMbot
 exit("Imposible enviar la solicitud, cierre la ventana.");
} else {
 // Es un usuario real, proceder a enviar el formulario.
}

 $destino = "[email protected]";
 $nombre = check_input($_POST['nombre']);
 $email = check_input($_POST['email']);
 $fecha = check_input($_POST['fecha']);
 $pais = check_input($_POST['pais']);
 $mensaje = check_input($_POST['mensaje']);
 $ip   = ' '.get_ip_address();
 $cont = "Enviado desde:\n https://www.tour-moscu.tours/p/contacto.html";
 $headers .= "Content-Type: text/html; charset = UTF-8 \n";
 $contenido = "CONSULTA de formulario de contacto
 IP:" . $ip . "\n

 Su nombre:\n " . $nombre . "\n
 Su email:\n " . $email . "\n
 Para qué fecha:\n " . $fecha . "\n
 Desde donde nos escribes:\n " . $pais . "\n
 Mensaje del turista:\n " . $mensaje;

 mail($destino,"Consulta", $contenido, $cont);
 header("Location:https://www.tour-moscu.tours/p/muchas-gracias.html");

//only run when form is submitted
if(isset($_POST['g-recaptcha-response'])) {
    $secretKey = '6LdmtoQUAAAAAGTxNKpBWMv3IFNqWZm_wdIKdp-0';
    $response = $_POST['g-recaptcha-response'];     
    $remoteIp = $_SERVER['REMOTE_ADDR'];


    $reCaptchaValidationUrl = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$response&remoteip=$remoteIp");
    $result = json_decode($reCaptchaValidationUrl, TRUE);

    //get response along side with all results
    print_r($resul);

    if($result['success'] == 1) {
        //True - What happens when user is verified
        $userMessage = '<div>Muchas gracias por tu mensaje! en breve contactaremos contigo.</div>';
    } else {
        //False - What happens when user is not verified
        $userMessage = '<div>Fail: please try again :(</div>';
    }
}
?>

I need to know that I have to add signup.php to validate the form and not to manipulate it from the debugger. If it is not possible totally ... then I need to know how to restrict the content in textarea .. for example URL, bad sounding words "sex, porn, etc ...", maximum number of words .. Thanks for the time and help!

ADDED

I need to validate the textarea from the server. That you can not enter URLs or special characters. Some help? Thanks in advance and thanks for the answers so far!

formularios web

asked by Miguel Gonzalez 26.12.2018 в 20:02

source

3 answers

Freeze headers sharepoint lists IDENTIFY CHAIN IN Internet Explorer FROM MACRO VBA

score 2 · Answer 1

You can not avoid form manipulation

If you use things like POSTMAN you will notice that you can even totally replace your form with other things. That is the correct way to operate the web.

There are development tools, javasscript grabbers / cancellers or even the simple curl can load any garbage that a malicious user wants.

Try better to validate the accepted length, or put word filters on the server that receives the data when doing POST.

Update

Now that you have improved the question I see that you have The Problem XY , your problem is to validate data and you think that it is done on the client's side, then you ask how to solve it on the client, but it is an error. The reality is that data validation is done on the server side. Change your question to answer it properly and all the junk solutions that you have given will make sense when you request it in PHP.

Finally the solution is:

Truncates the received value to NN characters y,

Take the input value and create a word filter.

If the answer does not pass, you can:

Return an error 403 Forbidden or
Accept but save already filtered

score 1 · Answer 2

1

does not help you blocking the right click?

    <script type="text/javascript">
      document.oncontextmenu = function(){return false;}
    </script>

answered by 26.12.2018 в 21:13

score -2 · Answer 3

You could override the submit event of the form with javascript, validate that the fields are what they should be and then submit:

form.onsubmit = function(event) {
   var error = 0;
   event.preventDefault();
   var elements = document.forms[formName].elements;
   if(elements[0].tagName != "input u objeto que debería ser"){  
     error = 1;
   }
   ... //resto de validaciones
   if(error == 0){
      form.submit();
   }else{
      alert("Formulario alterado");
   }
   return false;
}

In the same way you can not prevent the DOM from being manipulated but if you put some validation in a .js min, I think it could support you to achieve what you are looking for.