added honeypot to guestbook and changed path for scripts and stylesheets

diff --git a/guestbook.php b/guestbook.php
index b3ec37ec4c95901f0ece163893328b3f72b826f8..8085e52aef8cfccd9015ecd7820f1681f34b7123 100644 (file)
--- a/guestbook.php
+++ b/guestbook.php
@@ -4,7 +4,8 @@ head([
        "title" => "guestbook",
        "meta" => [
                ["name" => "description", "content" => "sign my guestbook"]
-       ]
+       ],
+       "css" => ["/stylesheet/guestbook.css"]
 ]);
 ?>
 
@@ -16,9 +17,6 @@ head([
                                        <center><img src="/image/gif/guestbook.gif" width="200"></center>
                                        
                                        <?php
-                                               error_reporting(E_ALL);
-                                               ini_set("display_errors", 1);
-                                       
                                                // load database config
                                                $config = parse_ini_file(__DIR__ . '/../config/config.ini', true);
                                                
@@ -34,12 +32,19 @@ head([
                                                $conn->query("SET time_zone='+08:00';");
                                                
                                                // check connection
-                                               if($conn->connect_error){
+                                               if($conn->connect_error) {
                                                        die("Connection failed: {$conn->connect_error}");
                                                }
                                                
                                                // entry submission
-                                               if ($_SERVER["REQUEST_METHOD"] == "POST"){
+                                               if ($_SERVER["REQUEST_METHOD"] == "POST") {
+                                                       
+                                                       // honeypot check
+                                                       if(!empty($_POST['honeypot'])) {
+                                                               header("Location: " . $_SERVER["PHP_SELF"]);
+                                                               die();
+                                                       };
+                                                       
                                                        $name = htmlspecialchars($_POST['name'], ENT_QUOTES, "UTF-8");
                                                        $country = htmlspecialchars($_POST['country'], ENT_QUOTES, "UTF-8");
                                                        $website = htmlspecialchars($_POST['website'], ENT_QUOTES, "UTF-8");
@@ -52,13 +57,13 @@ head([
                                                                                        VALUES (?, ?, ?, ?, ?, ?);";
                                                        
                                                        $stmt = $conn->prepare($sql);
-                                                       if(!$stmt){
+                                                       if(!$stmt) {
                                                                die("Prepare failed: {$conn->error}");
                                                        }
                                                        
                                                        // s = string
                                                        $stmt->bind_param("ssssss", $name, $country, $website, $email, $comment, $ip_addr);
-                                                       if(!$stmt->execute()){
+                                                       if(!$stmt->execute()) {
                                                                die("Execute failed: {$stmt->error}");
                                                        }
                                                        
@@ -84,6 +89,7 @@ head([
                                                        <br>
                                                        <label for="website">My website: </label><input type="text" name="website" placeholder="optional">
                                                        <br>
+                                                       <input type="text" class="honeypot" name="honeypot">
                                                        <label for="email">My e-mail: </label><input type="email" name="email" placeholder="only me can see, optional">
                                                        <br>
                                                        <label for="comment">Comment: </label><br><textarea name="comment" rows="10" cols="35" placeholder="..." required></textarea>

diff --git a/part/head.php b/part/head.php
index 31786668947d193f81c060c7926f700d8c52f3bd..763c9a799d46a701c3aa4f613441f5d560e732fc 100644 (file)
--- a/part/head.php
+++ b/part/head.php
@@ -44,7 +44,7 @@ function head(array $head = []) {
        ?>
 
        <!-- stylesheets -->
-       <link rel="stylesheet" href="/part/stylesheet/root.css?v=<?= filemtime("{$_SERVER['DOCUMENT_ROOT']}/part/stylesheet/root.css");?>">
+       <link rel="stylesheet" href="/stylesheet/root.css?v=<?= filemtime("{$_SERVER['DOCUMENT_ROOT']}/stylesheet/root.css");?>">
        <?php foreach($css as $file):?>
                <?php
                        $filepath = $_SERVER['DOCUMENT_ROOT'] . $file;
@@ -55,7 +55,7 @@ function head(array $head = []) {
        <?php endforeach;?>
        
        <!-- scripts -->
-       <script src="/part/script/root.js?v=<?= filemtime("{$_SERVER['DOCUMENT_ROOT']}/part/script/root.js");?>"></script>
+       <script src="/script/root.js?v=<?= filemtime("{$_SERVER['DOCUMENT_ROOT']}/script/root.js");?>"></script>
        <?php foreach($js as $file):?>
                <?php
                        $filepath = $_SERVER['DOCUMENT_ROOT'] . $file;

diff --git a/part/script/root.js b/part/script/root.js
deleted file mode 100644 (file)
index 7a661c2..0000000
--- a/part/script/root.js
+++ /dev/null
@@ -1 +0,0 @@
-console.log("hello, world!");

diff --git a/part/stylesheet/.htaccess b/part/stylesheet/.htaccess
deleted file mode 100644 (file)
index e8ad090..0000000
--- a/part/stylesheet/.htaccess
+++ /dev/null
@@ -1,2 +0,0 @@
-#Forbidden access
-Options -Indexes

diff --git a/part/stylesheet/root.css b/part/stylesheet/root.css
deleted file mode 100644 (file)
index b5ed499..0000000
--- a/part/stylesheet/root.css
+++ /dev/null
@@ -1,12 +0,0 @@
-@font-face {
-       font-family: EBGaramond;
-       src: url('/font/EBGaramond08-Regular.ttf');
-}
-body {
-       font-family: EBGaramond;
-       font-size: 16px;
-       line-height: 1.2;
-}
-a {
-       color: darkblue;
-}

diff --git a/script/root.js b/script/root.js
new file mode 100644 (file)
index 0000000..7a661c2
--- /dev/null
+++ b/script/root.js
@@ -0,0 +1 @@
+console.log("hello, world!");

diff --git a/stylesheet/.htaccess b/stylesheet/.htaccess
new file mode 100644 (file)
index 0000000..e8ad090
--- /dev/null
+++ b/stylesheet/.htaccess
@@ -0,0 +1,2 @@
+#Forbidden access
+Options -Indexes

diff --git a/stylesheet/guestbook.css b/stylesheet/guestbook.css
new file mode 100644 (file)
index 0000000..9b880bf
--- /dev/null
+++ b/stylesheet/guestbook.css
@@ -0,0 +1,3 @@
+.honeypot {
+       display: none;
+}

diff --git a/stylesheet/root.css b/stylesheet/root.css
new file mode 100644 (file)
index 0000000..b5ed499
--- /dev/null
+++ b/stylesheet/root.css
@@ -0,0 +1,12 @@
+@font-face {
+       font-family: EBGaramond;
+       src: url('/font/EBGaramond08-Regular.ttf');
+}
+body {
+       font-family: EBGaramond;
+       font-size: 16px;
+       line-height: 1.2;
+}
+a {
+       color: darkblue;
+}