Hack: Send Post to Friend

1 risda Jul 05, 2004 01:19

Here's a major hack for creating over-simplified Send2Friend functionality. No security has been provided in this example.

########
# Create new database table called "friends"
# for storing and auditing proper usage

CREATE TABLE friends (
  id int(10) unsigned NOT NULL auto_increment,
  fromemail varchar(255) default NULL,
  fromname varchar(255) default NULL,
  toemail mediumtext,
  message mediumtext,
  post_id int(10) unsigned NOT NULL default '0',
  createdate datetime default NULL,
  PRIMARY KEY  (id)
) TYPE=MyISAM;

########
# Add the following to your conf/hacks.conf file
# Be sure to edit variables to suit

function send2friend($postnum,$sendtitle,$sendurltitle) {
  echo "<a href=\"/index.php?disp=send2friend&postnum=$postnum&sendtitle=$sendtitle&sendurltitle=$sendurltitle\">Send To Friend</a> &nbsp;";
}

function sendpost($disp,$postnum,$sendtitle,$sendurltitle,$fromname,$fromemail,$toemail,$message) {
  global $DB, $DataObject;
  if($postnum&&$toemail) {
    $fromname=htmlspecialchars($fromname);
    $fromemail=htmlspecialchars($fromemail);
    $toemail=htmlspecialchars($toemail);
    $message=htmlspecialchars($message);

    $insertsend_sql  = "insert into friends set post_id='$postnum',fromname='$fromname',fromemail='$fromemail',toemail='$toemail',message='$message'";

    $insertsend_exec = $DB->query($insertsend_sql);

    $sendmessage = "Hello,

Your friend: $fromname $fromemail thought you might find this post interesting:
$sendtitle
http://YOURURL/index.php?title=$sendurltitle&more=1&c=1&tb=1&pb=1
";

    if($message) {
      $sendmessage.= "
Your friend also had this to say:
$message
";
    }

    if($fromemail) {
      mail($toemail,"Recommended Post: $sendtitle",$sendmessage,"From: $fromemail\r\n");
    } else {
      mail($toemail,"Recommended Post: $sendtitle",$sendmessage,"From: YOUREMAIL\r\n");
    }

    echo "Message sent to your friend $toemail. <br /><br /><a href=\"/index.php\">Go Back Home</a>.";

  } elseif($postnum) {

    echo "You are sending <b>$sendtitle</b> to a friend.<br />
          <form name=\"send2friend\" method=\"post\" action=\"/index.php\">
          <input type=\"hidden\" name=\"postnum\" value=\"$postnum\">
          <input type=\"hidden\" name=\"disp\" value=\"send2friend\">
          <input type=\"hidden\" name=\"sendtitle\" value=\"$sendtitle\">
          <input type=\"hidden\" name=\"sendurltitle\" value=\"$sendurltitle\">
          <table>
          <tr><td>From Name:</td><td><input type=\"text\" name=\"fromname\"></td></tr>
          <tr><td>From Email:</td><td><input type=\"text\" name=\"fromemail\"></td></tr>
          <tr><td>To Email:</td><td><input type=\"text\" name=\"toemail\"></td></tr>
          <tr><td>Message:</td><td><textarea name=\"message\" cols=\"30\" rows=\"5\"></textarea></td></tr>
          <tr><td></td><td><input type=\"submit\" name=\"submit\" value=\"submit\"></td></tr>
          </table>
    ";

  } else {
    echo "an error has occured, please try back soon.";
  }
}

########
# Edit your skins/*/_main.php file
# Be sure to edit variables to suit

# within your <div class="feedback"> section add the following:

<?php send2friend("$Item->ID","$Item->title","$Item->urltitle"); ?>

# within your includes for "LAST COMMENTS, STATS ETC."
# add the following case

case 'send2friend':
sendpost($disp,$postnum,$sendtitle,$sendurltitle,$fromname,$fromemail,$toemail,$message);
break;

For an example of how this works, go to http://www.sickjokes.net

Thanks,
Risda
http://www.internetdj.com

2 isaac Jul 06, 2004 18:42

It works! That's a funny site.

I added the [code] markup to make your post more readable.

3 risda Jul 07, 2004 04:34

Thanks... needs email address format checking and should have the option to check HTTP_REFERRER variable for added security, but its good enough for now. A great way to let people spread the word of your blog.

4 ladybird Jul 11, 2004 16:01

Please can explain where to edit the code or the first code

Thanks in advance

5 joachim Oct 05, 2005 18:14

What is

######## 
# Add the following to your conf/hacks.conf file 
# Be sure to edit variables to suit

conf/hacks.conf <== can´t find this file.

Kind regards
joe

6 edb Oct 05, 2005 18:49

That should say "conf/hacks.php" and you won't find that file unless you create it. If you create it b2evolution will read it, but upgrading b2evolution will never over-write it. It's a trick b2evolution provides to let your hacks survive upgrading.

7 joachim Oct 08, 2005 08:58

alright! just created conf/hacks.conf

# Be sure to edit variables to suit

I only fit this to my URL:

$sendtitle 
http://YOURURL/index.php?title=$sendurltitle&more=1&c=1&tb=1&pb=1

Any other variables to change?
kind regards a nice weekend
joachim

8 joachim Oct 11, 2005 10:41

I tried to handle it again. any other variable to change than the mentioned above?

9 nate Oct 11, 2005 15:10

As EdB said, it should be hacks.php, not hacks.conf.

10 joachim Oct 12, 2005 12:00

Fatal error: Call to undefined function: send2friend() in /srv/www/htdocs/web25/html/sniglesde/skins/kubrick2evo/_main.php on line 236

this is my _main.php

[removed]

any idea?

thanks you joe

11 village_idiot Oct 12, 2005 16:16

joachim, ive edited your post to remove that whole page post because its not necessary. in the future i recommend reading your errors...


Fatal error: Call to undefined function: send2friend() in /srv/www/htdocs/web25/html/sniglesde/skins/kubrick2evo/_main.php on line 236

Its telling you the problem, and exactly where it is (line 236).

Youre using some form of


<?php send2friend("$Item->ID","$Item->title","$Item->urltitle"); ?>

but it cannot find the function inside any of your files. Go back and re-read the directions in the thread starting with :

########
# Add the following to your conf/hacks.conf file
# Be sure to edit variables to suit

function send2friend($postnum,$sendtitle,$sendurltitle) {
echo "<a href=\"/index.php?disp=send2friend&postnum=$postnum&sendtitle=$sendtitle&sendurltitle=$sendurltitle\">Send To Friend</a>  ";
}

and so on .....

and make sure you have added the correct code to the correct file.

12 joachim Oct 13, 2005 15:01

just had one simple error. anyway, it works now! does anybody wants to have this hack in GERMAN? I translated it into german.

regards
joachim

13 joachim Oct 21, 2005 08:39

:'( just have this error:
an error has occured, please try back soon.
an I don´t know why :(

14 joachim Nov 11, 2005 10:43

this works much better and is "safer" :-)

$_GET['Name']
and
$_POST['Name']

Regards
Joachim

15 kwa Nov 11, 2005 10:47

risda wrote:

Thanks... needs email address format checking and should have the option to check HTTP_REFERRER variable for added security, but its good enough for now. A great way to let people spread the word of your blog.

See here for an email checking function:

http://forums.b2evolution.net/viewtopic.php?t=5448]Improved

16 mohab Nov 16, 2005 11:41

risda wrote:

# within your includes for "LAST COMMENTS, STATS ETC."
# add the following case

case 'send2friend':
sendpost($disp,$postnum,$sendtitle,$sendurltitle,$fromname,$fromemail,$toemail,$message);
break;[/code]

Had just problems with this last line ,i use a other skin Kubrik reloaded
Get all time some pars failers ,coude be that some code is missing
iam quite naked on php coding
Thanks for your help
the first thing is working (have to add the variabels)

17 jtanner Jan 23, 2006 14:39

I know this is a dumb question but what should I do with the first bit of code for creating the table?

18 jtanner Jan 23, 2006 14:57

Never Mind.
I got the table figured out.

19 m0urs May 31, 2006 06:23

Hi,

anybodey out there who has problems with spammers using the Send2friend hack to send out spam mails?

I save all data if anybody is using the script and I can see that spammers are using it.

Any idea what I can do here? If not I think I have to disable the function ....

Thanks
Michael

20 ginocote1 Jun 05, 2006 20:13

jtanner wrote: