Welcome to Dagon Design. In addition to free scripts, WordPress plugins, and articles, we offer a variety of services including custom theme design, plugin creation, and PHP scripting. Contact me for more information.

Version 2.45 Updated Wednesday, July 1st, 2009 at 7:19pm

Secure Guestbook Script with Image Verification

This is the latest version of my secure PHP guestbook script. A lot of new features have been added since the last release including support for entry moderation, separate configuration and language files, improved code and session handling, and much more. The purpose of this script is to provide an easy to use, yet secure guestbook which features image verification to keep out spam bots as well as other security measures. It uses a flat-file storage method so that it will work for users without database access and contains many other features not found in most standard guestbook scripts.

Download

ddgb.zip

If you have found this page useful, please consider donating. Thanks!

Included Languages

The script current includes files for the following languages: English, Dutch, Formal German, French, Italian, Norwegian, Portuguese, Romanian, Spanish, Swedish, Turkish

See it in action

I have a demo guestbook here: Demo guestbook

Installation

Download ddgb.zip and uncompress
Upload all files into a directory of your choosing
Give write-access to /dat/.entries and /dat/.banlist (chmod 666 or 777)
Configure the options in config.php
Run the script by calling ddgb.php

Changelog

07-01-09 – Not a version update, but the spanish language file has been updated, and the missing header.php file (when used in stand-alone mode) has been restored.
02-22-09 v2.45 – Several new features from contributor Hans Nordhaug, including: alt attributes added for valid xhtml, increased spam protection (honeypot field), made page navigation translateable, various visual changes.
07-27-07 Vv2.44 – PHP short-tag bug fixed. Italian language file added.
06-20-07 v2.43 – File locking feature is now an option (disabled by default), instead of automatically enabled
06-13-07 v2.42 – Security update
04-04-07 – Spanish language file has been added
03-24-07 – Romanian language file has been added
01-14-07 v2.41 – Fixed bug related to display of entries
11-01-06 v2.4 – Moderation/display issues 100% resolved – Smilies are now clickable – Various bug fixes
10-22-06 v2.31 – Further improvements to the session code – Should work better on Windows servers now
10-21-06 v2.3 – Fixed bug with display of entries when moderating – Improved session code – Dutch language file has been added
10-17-06 – Not a version update – Swedish and Portuguese language files have been added
09-07-06 v2.2 – Bug fixed (verification problems in non-standalone mode)
09-01-06 v2.1 – Various minor fixes – Added Norwegian language file
08-24-06 v2.0 – This is a very big update. Because of this, almost all of this page has been rewritten. Unfortunately, previous data files will not work with this release because of the new data structure. The advantage is that new fields can be added in the future without loosing the old data! The new data file is also simple enough that you should be able to manually add your old entries into it. New features include:
- Separate config and language files
- Option to require manual approval/moderation of entries
- Improved session handling (no more separate verification file!)
- Option to run as stand-alone script, or through another page
- Secure data file storage method already implemented
- Now supports basic smilies
- Can disable image verification if not supported
- New option to protect email addresses
- And more – read below
05-17-06 – Not a version update, but I added instructions on making the guestbook even more secure.
05-03-06 v1.31 – Fixed a bug when editing entries – Name, website, and email fields can now be modified on existing entries.
03-16-06 v1.3 – Revised layout a tiny bit – Now checks for GD support and gives error if missing – Adds http:// prefix if not entered in web address – IP addresses of posters shown in admin box – Can now ban posters by IP (removes all of their posts too) – Added confirmation before deleting and banning
02-16-06 v1.2 – Added option to allow or disallow html in posts – Fixed a magic quotes bug
02-06-06 v1.1 – Added option to prevent search engine robots from following links posted by visitors (using the nofollow tag)
02-02-06 v1.0 – First public release!

Some of the features

Flat-file storage with precautions in place to prevent data files from being viewed.
Various security measures to prevent abuse.
Separate config and language files.
Image verification support (can be disabled if your server does not support the GD library).
Administrative interface to edit and delete entries, ban IPs (and automatically remove entries from that IP), and an option to enable manual approval of entries.
Implements ‘nofol’ tag to prevent search engine spiders from following links in entries (discourages some spammers).
HTML in posts disabled by default – you can enable this if you like, but it is a big risk.
Option to run as stand-alone script or included through another page.
Smilies are supported (either enter in the code, or click to add!)

Notes

If you want to include this script inside another page, be sure to set the proper ’stand alone’ setting in the config file. You may also need to include the session_start function at the very top of the PHP file you are including the script from:

<?php session_start(); ?>

Then just include the script in your file like this:

<?php include 'ddgb.php'; ?>

Overview of the options

These options can be set in config.php file

Path to ddgb.php

This needs to be set to the full url of the ddgb.php file on your server. Example: http://www.yoursite.com/ddgb/ddgb.php

Path to ddgb-verify.php

This needs to be set to the full url of the ddgb-verify.php file on your server. Example: http://www.yoursite.com/ddgb/ddgb-verify.php

Locale Setting

This allows you to choose the language file the script will use. The current version includes English and Formal German. You can also create your own by using one of the existing files as a template. Just set this option to the name of the file (without the .php) that you want to use.

Administrator Password

This is the password used to perform the administrative functions – editing, deleting, banning, and moderating. Be sure to change the default password.

Administrator Email

Used for new entry notification, if the feature is enabled.

Send Notifications of New Entries

If enabled, admin will receive email for all new entries.

Run as Stand-Alone Script

If you plan to run this script by itself, leave this option set to TRUE. If you want to include it in another page, set it to FALSE, and take a look at the information above under the ‘Notes’ section.

Title Tag

This is the title of the page when the script is used in stand-alone mode.

Path to Data File

This is the location of the data file used to store entries. Be sure to give it write-access (chmod 666 or 777).

Path to Ban File

This is the location of the data file used to store banned IPs. Be sure to give it write-access (chmod 666 or 777).

Requre Manually Entry Approval

If enabled, this will require that the admin manually approve posts. To do this, simply log in using the admin link and you will see all of the posts (including the ones not yet approved). Just click the appropriate link to approve them, or delete them instead if you wish.

Enable Smiles

If enabled, this option will convert text-smilies into images. It will also show the available smilies on the ‘new entry’ page.

Show Introduction Text

This is an optional intro which can be shown above the guestbook. The text it uses can be found in the language file you are using. This is disabled by default.

Disable Image Verification

If this script tells you that your server does not support image verification because you do not have access to the GD library, or you simply wish to disable image verification, set this to TRUE.

Image Verification Colors

This allows you to easily change the colors of the verification image. You can enter either 3 or 6 character hex color codes.

Path to CSS File

This is the location of the script’s CSS file, which controls the look of the guestbook.

Entries Per Page

Determines how many entries will be shown on each page. If there are more entries than this number, the guestbook will be split up into multiple pages.

Allow HTML in Messages

This option is dangerous because it allows visitors to enter HTML, which is a big security risk. It is disabled by default.

Protect Email Addresses

With this option enabled, email addresses will be shown in the following format instead of as traditional links: someone [at] somewhere [dot] net.

Enable File Locking

File locking is not supported by all servers. If you would like to use this feature, set this to TRUE.

Email Notification of Posts

For those of you who would like to receive email notification anytime someone adds a new entry, here is a simple mod. First, find this line in the main script file (ddgb.php):

echo '<p>' . _ADDED_THX . '</p>';

Right after it, add the following:

mail('user@domain.com', 'New Guestbook Entry', 'A New Guestbook Entry was added!');

Be sure to set your email address. The second parameter is the subject, and the third parameter is the message.

You can also use the following variables for your email’s subject or message: $fm_name $fm_website $fm_email $fm_location $fm_message. For example:

mail('user@domain.com', 'New Guestbook Entry', 'A New Guestbook Entry was added by' . $fm_name);

If this method does not work for you, it may have to do with the way your server is configured. Some hosts require that you manually configure the sendmail parameters for the PHP mail function to work properly. If you think this might be the case, you can try the following code instead:

$to = "user@domain.com";
$from = "user@domain.com";
$subject = "New Guestbook Entry";
$body = "A new guestbook entry has been added to your site.";
ini_set("SMTP","localhost");
ini_set("sendmail_from",$from);
$result = mail($to, $subject, $body, "From: $from");

Changing the timezone

If you would like to change the timezone setting for the script, edit config.php and find the following line:

// *** START OF OPTIONS ***

After it, add the following:

date_default_timezone_set('TIMEZONE');

Where TIMEZONE is a valid timezone identifier.

Troubleshooting

If you are having trouble getting the verification code to display, one thing to try is setting the $verify_path option to the filename of the verfication file, instead of the full URL to it. Example:

$verify_path = "ddgb-verify.php";

Topic: PHP Scripts | RSS Feed

657 Comments on “Secure Guestbook Script with Image Verification”

Pages: « 44 … 24 23 22 21 20 [19] 18 17 16 15 14 … 1 » Show All

285

Dave

1-7-07 5:46PM

Hi admin,
I’d found something interesting. I guess i think…
On that particulair guestbook i was talking about, i added myself the first entry. This one didn’t show up in the guestbook. I added a second entry and the second entry did show up in the book.
After placing those two entries i logged in as an admin and there i saw the first entry too.
I deleted the first entry and logged out.
Went back to the guestbook and nothing showed up!
I went back to the by clicking the Previous button on my browser to the admin section, to the page where i placed the second entry. All field were still filled like i did by adding the second entry. So i only pushed the Submit button and the entry is placed again. I logged out again, went to the front and the entry is shown. For verification i logged in again and there it was. Both entries are there. Now… conclusion is: When i delete the first entry (wich is NOT shown on the front page) no entry is shown. So i have to leave the first entry in the .entries file.
This is weird, don’t you think?
If you’re curious i could give you the logg data for the guestbook, so you can look by your self.
This is a very strange issue…
284

Robert

1-7-07 3:04PM

Hi.
I have installed the DDGB but I have a problem.
When I enter an entry in my guestbook it does not appear. Only when I login as admin I can see the message.

Entry approval is NOT enabled

Can someone help me?
283

Ken

1-7-07 11:52AM

We have had problems with spamming our feedback page. I would like to require image verification instead of required fields like it is set up now in order to stop the spamming. But I do not understand where I am supposed to give write-access to /dat/.entries and /dat/.banlist (chmod 666 or 777)? Is this somehow done in config.php?
I am using Front Page 2000 and I understand how to create the directory with your files and upload them to the site. Do I edit config.php with these chmod commands somehow and then upload it?
Sorry if I sound stupid but I am lost. If someone with expertise could explain that to me I would be very grateful. I am by no means proficient in this.
Thanks in advance.
282

Admin

1-2-07 11:11PM

Dave: Glad that version is working for you at least. Interesting situation though. Perhaps I will think of something next time I work on it I will also take your suggestions into consideration. The session issue (www vs no www) is something I certainly want to figure out as my form mailer scripts also use the system.
281

Dave

1-2-07 5:39AM

This is not spam, but i forgot to include the url to the guestbook wich i was struggeling with. Here it is [url=http://www.caritalanina.com/] website [/url}
280

Dave

1-2-07 5:37AM

*Back.
Admin…
Shoot me! Right now!
…i downed the entries file and yes, the entries were stored in .entries But it just would’nt appear on the guestbook.
So, i deleted everything including the guestbook directory. I made a new folder and placed all original from your ddgb.zip
I changed the config, chmod the .entries and .banlist to 777 and went to my browser to view the guestbook.
I added an entrie myself and it wont show up on the guestbook.
I included the guestbook into a page on the website so i had to change some config settings. For instance: guestbook/.entries
guestbook/.banlist etc
Still the entries wont show on the front.
I had a customized ddgb.php i used earlier and i copied this one again and overwrite your original one… and gues what?
The entries are readable. I definately don’t understand what was the problem and where i might have been or in wich file.
I am a bit sad that this discussion doesn’t have the sollution we discovered. The guestbook wich i’m talking about is located here. Maybe you wanna have a look and maybe you can find some code errors or something. But for now, it seems that the guestbook is working.
I want to thank you for your time and being helpfull.
Maybe for the future… some features:
the www and without www problem solved for the caption image. Easier coding for friendly including in pages.
Option to give reaction as admin and that the reaction appears below the entry in a different table with a different text color for instance.

Sorry for the long message

It’s a very nice script though.
Happy new year!
279

Dave

1-2-07 4:17AM

I’m glad you found some time to answer…
I’ll check it right now… but… i think their in it.
Be right back to give report…
278

Admin

1-1-07 10:15PM

Dave: Are the entries still in the actual data file? You might want to try downloading and re-uploading the data file in ASCII mode.
277

Dave

12-28-06 4:50AM

Hi Admin,
I was just finishing a website wich contains your GB also, then suddenly i discovered that the entries are not visible anymore.
When i login all entries appears and after i logout all entries disappear again on the front-end. The only thing is shown is ‘No entries yet…’
The rights on .entries and .banlist are 777.
Is there a way to solve this soon? Because the site must be online tomorrow and it seems that this is the only thing that needs an answer.
Thanks.

Dave
276

Admin

12-16-06 4:32PM

Bart: There is no background color set for the main script – only a few form elements, so technically it should be transparent and just use whatever your page background is set to. As far as semi-transparency on form elements, not all browsers support opacity levels, and even some of the ones that do, will not always apply it properly to form elements, as often times form elements are defined more by the browser/OS than the CSS, which is why it can be difficult to make forms always look exactly the same. So no, there is nothing currently in the CSS for this script that should be doing this.

Leon: One possible issue I see, is that when viewing your site with the ‘www’ prefix, the image will usually not show, because the path to the verification image does not have the www in it. On most servers, http://www.example.com and example.com are seen as two different domains, and sessions will generally not work across domains. If this is not the cause of all your errors, you might want to look through your error logs to see if any errors are being generated.
275

Bart

12-16-06 1:22AM

Very nice piece of PHP. I have a question though. Is it possible to get the background 100% transparant and the commentboxes 50% transparant? I assume it is somewhere in the CSS file, but I can’t fond it anywhere.
274

Leon

12-15-06 10:18PM

Nice script, it’s just that it’s tempremental, one minute it works, next minute it doesn’t, it of course could and most probably be server side stuff, but ……the image verification works when I initially set it up then later on it doesn’t show up ? and no-one can post.

Tried it with Safari, Firefox and Camino same problem with all browsers, strange !

Unix Server, Mac Panther (10.3.9)

Here: http://www.eyepl.co.uk/danny/guest/ddgb.php

Leon
273

trQ

12-14-06 3:52PM

thxx. now we r waiting for new features form you
272

Admin

12-8-06 8:16PM

This script now includes a Turkish language file
271

Admin

12-6-06 6:52PM

trQ: I am always happy to get new translations. Glad you like the script

Pages: « 44 … 24 23 22 21 20 [19] 18 17 16 15 14 … 1 » Show All