Recent Topics

Hack: Send Post to Friend

Started by on Jul 05, 2004 – Contents updated: Jul 05, 2004

Jul 05, 2004 01:19    

Here's a major hack for creating over-simplified Send2Friend functionality. No security has been provided in this example.

########
# Create new database table called "friends"
# for storing and auditing proper usage

CREATE TABLE friends (
  id int(10) unsigned NOT NULL auto_increment,
  fromemail varchar(255) default NULL,
  fromname varchar(255) default NULL,
  toemail mediumtext,
  message mediumtext,
  post_id int(10) unsigned NOT NULL default '0',
  createdate datetime default NULL,
  PRIMARY KEY  (id)
) TYPE=MyISAM;

########
# Add the following to your conf/hacks.conf file
# Be sure to edit variables to suit

function send2friend($postnum,$sendtitle,$sendurltitle) {
  echo "<a href=\"/index.php?disp=send2friend&postnum=$postnum&sendtitle=$sendtitle&sendurltitle=$sendurltitle\">Send To Friend</a> &nbsp;";
}

function sendpost($disp,$postnum,$sendtitle,$sendurltitle,$fromname,$fromemail,$toemail,$message) {
  global $DB, $DataObject;
  if($postnum&&$toemail) {
    $fromname=htmlspecialchars($fromname);
    $fromemail=htmlspecialchars($fromemail);
    $toemail=htmlspecialchars($toemail);
    $message=htmlspecialchars($message);

    $insertsend_sql  = "insert into friends set post_id='$postnum',fromname='$fromname',fromemail='$fromemail',toemail='$toemail',message='$message'";

    $insertsend_exec = $DB->query($insertsend_sql);

    $sendmessage = "Hello,

Your friend: $fromname $fromemail thought you might find this post interesting:
$sendtitle
http://YOURURL/index.php?title=$sendurltitle&more=1&c=1&tb=1&pb=1
";

    if($message) {
      $sendmessage.= "
Your friend also had this to say:
$message
";
    }

    if($fromemail) {
      mail($toemail,"Recommended Post: $sendtitle",$sendmessage,"From: $fromemail\r\n");
    } else {
      mail($toemail,"Recommended Post: $sendtitle",$sendmessage,"From: YOUREMAIL\r\n");
    }

    echo "Message sent to your friend $toemail. <br /><br /><a href=\"/index.php\">Go Back Home</a>.";

  } elseif($postnum) {

    echo "You are sending <b>$sendtitle</b> to a friend.<br />
          <form name=\"send2friend\" method=\"post\" action=\"/index.php\">
          <input type=\"hidden\" name=\"postnum\" value=\"$postnum\">
          <input type=\"hidden\" name=\"disp\" value=\"send2friend\">
          <input type=\"hidden\" name=\"sendtitle\" value=\"$sendtitle\">
          <input type=\"hidden\" name=\"sendurltitle\" value=\"$sendurltitle\">
          <table>
          <tr><td>From Name:</td><td><input type=\"text\" name=\"fromname\"></td></tr>
          <tr><td>From Email:</td><td><input type=\"text\" name=\"fromemail\"></td></tr>
          <tr><td>To Email:</td><td><input type=\"text\" name=\"toemail\"></td></tr>
          <tr><td>Message:</td><td><textarea name=\"message\" cols=\"30\" rows=\"5\"></textarea></td></tr>
          <tr><td></td><td><input type=\"submit\" name=\"submit\" value=\"submit\"></td></tr>
          </table>
    ";

  } else {
    echo "an error has occured, please try back soon.";
  }
}

########
# Edit your skins/*/_main.php file
# Be sure to edit variables to suit

# within your <div class="feedback"> section add the following:

<?php send2friend("$Item->ID","$Item->title","$Item->urltitle"); ?>

# within your includes for "LAST COMMENTS, STATS ETC."
# add the following case

case 'send2friend':
sendpost($disp,$postnum,$sendtitle,$sendurltitle,$fromname,$fromemail,$toemail,$message);
break;

For an example of how this works, go to http://www.sickjokes.net

Thanks,
Risda
http://www.internetdj.com

Jul 06, 2004 18:42

It works! That's a funny site.

I added the [code] markup to make your post more readable.

Jul 07, 2004 04:34

Thanks... needs email address format checking and should have the option to check HTTP_REFERRER variable for added security, but its good enough for now. A great way to let people spread the word of your blog.

Jul 11, 2004 16:01

Please can explain where to edit the code or the first code

Thanks in advance

Oct 05, 2005 18:14

What is

######## 
# Add the following to your conf/hacks.conf file 
# Be sure to edit variables to suit 

conf/hacks.conf <== can´t find this file.

Kind regards
joe

Oct 05, 2005 18:49

That should say "conf/hacks.php" and you won't find that file unless you create it. If you create it b2evolution will read it, but upgrading b2evolution will never over-write it. It's a trick b2evolution provides to let your hacks survive upgrading.

Oct 08, 2005 08:58

alright! just created conf/hacks.conf

# Be sure to edit variables to suit 


I only fit this to my URL:

$sendtitle 
http://YOURURL/index.php?title=$sendurltitle&more=1&c=1&tb=1&pb=1 


Any other variables to change?
kind regards a nice weekend
joachim

Oct 11, 2005 10:41

I tried to handle it again. any other variable to change than the mentioned above?

Oct 11, 2005 15:10

As EdB said, it should be hacks.php, not hacks.conf.

Oct 12, 2005 12:00

Fatal error: Call to undefined function: send2friend() in /srv/www/htdocs/web25/html/sniglesde/skins/kubrick2evo/_main.php on line 236

this is my _main.php

[removed]

any idea?

thanks you joe

Oct 12, 2005 16:16

joachim, ive edited your post to remove that whole page post because its not necessary. in the future i recommend reading your errors...


Fatal error: Call to undefined function: send2friend() in /srv/www/htdocs/web25/html/sniglesde/skins/kubrick2evo/_main.php on line 236

Its telling you the problem, and exactly where it is (line 236).

Youre using some form of


<?php send2friend("$Item->ID","$Item->title","$Item->urltitle"); ?>


but it cannot find the function inside any of your files. Go back and re-read the directions in the thread starting with :

########
# Add the following to your conf/hacks.conf file
# Be sure to edit variables to suit

function send2friend($postnum,$sendtitle,$sendurltitle) {
echo "<a href=\"/index.php?disp=send2friend&postnum=$postnum&sendtitle=$sendtitle&sendurltitle=$sendurltitle\">Send To Friend</a> &nbsp;";
}

and so on .....

and make sure you have added the correct code to the correct file.

Oct 13, 2005 15:01

just had one simple error. anyway, it works now! does anybody wants to have this hack in GERMAN? I translated it into german.

regards
joachim

Oct 21, 2005 08:39

:'( just have this error:
an error has occured, please try back soon.
an I don´t know why :(

Nov 11, 2005 10:43

this works much better and is "safer" :-)

$_GET['Name']
and
$_POST['Name']

Regards
Joachim

Nov 11, 2005 10:47

risda wrote:

Thanks... needs email address format checking and should have the option to check HTTP_REFERRER variable for added security, but its good enough for now. A great way to let people spread the word of your blog.

See here for an email checking function:

Nov 16, 2005 11:41

risda wrote:

# within your includes for "LAST COMMENTS, STATS ETC."
# add the following case

case 'send2friend':
sendpost($disp,$postnum,$sendtitle,$sendurltitle,$fromname,$fromemail,$toemail,$message);
break;[/code]

Had just problems with this last line ,i use a other skin Kubrik reloaded
Get all time some pars failers ,coude be that some code is missing
iam quite naked on php coding
Thanks for your help
the first thing is working (have to add the variabels)

Jan 23, 2006 14:39

I know this is a dumb question but what should I do with the first bit of code for creating the table?

Jan 23, 2006 14:57

Never Mind.
I got the table figured out.

May 31, 2006 06:23

Hi,

anybodey out there who has problems with spammers using the Send2friend hack to send out spam mails?

I save all data if anybody is using the script and I can see that spammers are using it.

Any idea what I can do here? If not I think I have to disable the function ....

Thanks
Michael

Jun 05, 2006 20:13

jtanner wrote:

I know this is a dumb question but what should I do with the first bit of code for creating the table?

I really hate it wend programmer send code without saying where it go.
We should all guest what to do, programmer speaking with programmer and don't care about non-programmer. arggggg!


Form is loading...

Photo albums software – This forum is powered by b2evolution CMS, a complete engine for your website.