(NBBS) Reading Topic: Remote form to post on forum?

You are not enjoying the benefits offered by registering. To register click here...

Forums |

Prefs |

Your Messages |

Members |

Recent

New
Last Day
Last Week
Last Month

Quick Search

Advanced Search

Calendar |

Doc |

Dev' Blog! |

Chat (Alpha Version)

Guest, do not forget to login ( Register )
Top Forums This Software Support, FAQ, How-to's
Remote form to post on forum?

Skin Selection:

Viewing: Remote form to post on forum? -

(1 pages) 1

Posted on Mar 3, 2007, 12:08 am by Jasper

#5450

Jasper

Public Speaker
Group: Testers
Posts: 562
Reputation: 10

Posted on Mar 3, 2007, 12:08 am by Jasper Link to this Post \| #5450
Remote form to post on forum?

Is there a way to have a form on my site post to a forum on my board?

For example:

Form on siteA
Board on siteB

I fill out the form on siteA and it posts to siteB

Edit: Also, after the post is made, is it possible to have them redirect to another remote page (rather than go to the board)

Last edit by Jasper on Mar 3, 2007, 12:30 am

doesn't come here often, cause he has no free time ;_;

Posted on Mar 4, 2007, 5:53 am by chris

#5455

chris

The Culprit
Group: Admins
Posts: 1,541
Reputation: 38

Posted on Mar 4, 2007, 5:53 am by chris Link to this Post \| #5455

Yes. As a matter of fact, here is some sample code:

xml Code:

 
<form method="post" name="userform" action="http://www.yourboard.whatever.com/?do=handlemsg">
Your name <input type="text" name="nbbs_name" size="40" value=""><input type="hidden" name="desc_nbbs_name" value="Your name">
Your message <textarea name="nbbs_message" rows="6" cols="40"></textarea><input type="hidden" name="desc_nbbs_message" value="Your message">
<input type="hidden" name="act" value="form">
<input type="hidden" name="area" value="1">
<input type="hidden" name="whoami" value="fi">
<input type="hidden" name="FormTitle" value="Message From Some Dude">
<input type="hidden" name="mandatory" value="message">
<input type="hidden" name="goto" value="link_to_redirect_to">
<input type="hidden" name="redirecttext" value="">
<input type="submit" name="Submit" value="Submit">
</form>

Posted on Mar 4, 2007, 5:54 am by chris

#5456

chris

The Culprit
Group: Admins
Posts: 1,541
Reputation: 38

Posted on Mar 4, 2007, 5:54 am by chris Link to this Post \| #5456

Damn. html is still improperly escaped...grrr.

Posted on Mar 4, 2007, 10:23 am by Jasper

#5460

Jasper

Public Speaker
Group: Testers
Posts: 562
Reputation: 10

Posted on Mar 4, 2007, 10:23 am by Jasper Link to this Post \| #5460

Thanks chris

doesn't come here often, cause he has no free time ;_;

Posted on Mar 9, 2007, 4:47 pm by JakeH

#5475

JakeH

Public Speaker
Group: Moderators
Posts: 761
Reputation: 7

Posted on Mar 9, 2007, 4:47 pm by JakeH Link to this Post \| #5475

That actually seems usuful :O

Posted on Mar 11, 2007, 3:25 am by harmor

#5478

harmor

Story Teller
Group: Developers
Posts: 127
Reputation: 3

Posted on Mar 11, 2007, 3:25 am by harmor Link to this Post \| #5478

There should be a way to permit only certain sites from submitting the form.

Xen Web Hosting Offering ad-free hosting with features such as, cpanel, fantastico, PHP and MySQL support, and more -------------------------------------------------------------------------------------------------------

Chris

Let's hang on to Harmor, it's not everyday that you find people who walk the walk, not just talk the talk.

Posted on Mar 11, 2007, 7:22 am by chris

#5479

chris

The Culprit
Group: Admins
Posts: 1,541
Reputation: 38

Posted on Mar 11, 2007, 7:22 am by chris Link to this Post \| #5479

Agreed. This is a very ugly trick that leaves the site open to DoS attacks.
Unfortunately, HTTP_REFERER is unreliable at best and the trade-off is that people can not even submit a form.

Posted on Mar 11, 2007, 9:01 am by Jasper

#5480

Jasper

Public Speaker
Group: Testers
Posts: 562
Reputation: 10

Posted on Mar 11, 2007, 9:01 am by Jasper Link to this Post \| #5480

chris wrote:

Agreed. This is a very ugly trick that leaves the site open to DoS attacks.
Unfortunately, HTTP_REFERER is unreliable at best and the trade-off is that people can not even submit a form.

Well perhaps after post submission, the post can then be handled server side, stripping out all HTML and outputting a clean text-only post on the forums?

You could strip out the HTML with a foreach()

php Code:

foreach($_POST as $key => $value) {
$_POST[$key] = htmlspecialchars($value);
}

Last edit by Jasper on Mar 11, 2007, 9:01 am

doesn't come here often, cause he has no free time ;_;

Posted on Mar 11, 2007, 12:26 pm by harmor

#5482

harmor

Story Teller
Group: Developers
Posts: 127
Reputation: 3

Posted on Mar 11, 2007, 12:26 pm by harmor Link to this Post \| #5482

In the ACP have a text area where you type in sites you allow the form to post from. Somewhere on the code that handles the message get the HTTP_REFERRER from the incoming site and strip it with a regex so it will only display "domain.com".
Check if the domain in question is listed in the textarea the ACP.

Chris

Let's hang on to Harmor, it's not everyday that you find people who walk the walk, not just talk the talk.

Posted on Mar 11, 2007, 7:15 pm by Jasper

#5484

Jasper

Public Speaker
Group: Testers
Posts: 562
Reputation: 10

Posted on Mar 11, 2007, 7:15 pm by Jasper Link to this Post \| #5484

If someone disables referrals in their browser, then how can that work? That's why http referrals are unreliable.

It's the same reason why hotlink protection isn't foolproof, because people can disable referrals.

doesn't come here often, cause he has no free time ;_;

Posted on Mar 12, 2007, 12:54 am by harmor

#5485

harmor

Story Teller
Group: Developers
Posts: 127
Reputation: 3

Posted on Mar 12, 2007, 12:54 am by harmor Link to this Post \| #5485

How can you disable server side referrals?
Make a link to xenweb.net/http_referrer.php from a browser that has referrers turned off.

Chris

Let's hang on to Harmor, it's not everyday that you find people who walk the walk, not just talk the talk.

Posted on Mar 12, 2007, 4:24 am by chris

#5486

chris

The Culprit
Group: Admins
Posts: 1,541
Reputation: 38

Posted on Mar 12, 2007, 4:24 am by chris Link to this Post \| #5486

It's not the link that will have referrers turned off; it's the client browser itself.
There are firefox plugins that let you rewrite your own referer but it's only part of the problem: some versions of IE do not have a referrer at all.

Posted on Mar 12, 2007, 9:01 am by Jasper

#5488

Jasper

Public Speaker
Group: Testers
Posts: 562
Reputation: 10

Posted on Mar 12, 2007, 9:01 am by Jasper Link to this Post \| #5488

chris wrote:

Yes this is true

I usually keeps referrals turned off in my browser, but if I wanted to go further I could also rewrite them

Last edit by Jasper on Mar 12, 2007, 9:02 am

doesn't come here often, cause he has no free time ;_;

Posted on Mar 12, 2007, 11:22 pm by harmor

#5491

harmor

Story Teller
Group: Developers
Posts: 127
Reputation: 3

Posted on Mar 12, 2007, 11:22 pm by harmor Link to this Post \| #5491

I guess the only way to stop that is deny users from posting from an external site if they have referrals turned off.

Chris

Let's hang on to Harmor, it's not everyday that you find people who walk the walk, not just talk the talk.

Posted on Mar 13, 2007, 7:32 pm by chris

#5495

chris

The Culprit
Group: Admins
Posts: 1,541
Reputation: 38

Posted on Mar 13, 2007, 7:32 pm by chris Link to this Post \| #5495

You are correct. The flip side is alienating some IE users.

(1 pages) 1 - Flat Mode | Threaded Mode

Quick Jump:

Page generated in 0.04 seconds (Queries: 0.00) - Cpu: 0.00
Total DB [adodb:mysql] queries: 14
Total Strings Translated: 15