Posts by christophfreyer

    Thank you all. So there is no doubt. I have only to empty the folders where the mails dropped in. It was my first attack. This site is not high-traffic so my personal account gets more spam than this exhibition-site.
    thanks to Drew’s wise programming the db stays safe.

    How save are perch forms against SQL-attacks. A website I built had an attack. In 10 minutes about more than 1300 attemps. Many of them had code like (select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/ or 0bIujEq' OR 960=(SELECT 960 FROM PG_SLEEP(15))-- or 1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15) and variations. It looks for me like an attempt of SQL-injection - but I'm not a prgrammer. Is this the work of script-kiddies or is it real bad? Can they have broken in? They tried it at the contact form - there it was treated as spam and was put in the spam-file, but in the mebership-form where they also tried it I had forgotten the honeypot. The hoster closed the mailaccount after the limit was reached (because of the answering mails). Is in the forms app a built-in defense for SQL-injections? Is there possibility to check if data is copied?
    Thanks for any help.

    This works fine, but in the moment I change the date to the following:

    and in the template to:

    Code
    1. <perch:content type="date" id="date" label="Datum" time="local" format="d.m.Y, H:i" label="Event date" order="1">

    I also changed the config.php to:

    Code
    1. define('PERCH_TZ', 'Europe/Vienna'); setlocale(LC_ALL, 'de_AT.UTF-8');

    unfortunally it doesn't work. It displays all entries again.

    T tried a version without the blocks and I got still the same issue.
    my php:

    and here is my template (eventtest.html):

    I try to filter by date, so that all future dates would be shown. I tried a couple of solutions but it always shows all my entries.
    my code part of the page: eventtest.php - (I am not using the events app)

    and in the template eventtest.html I'm using this simplified Code:


    I would be glad about any suggestions because I am really stuck.

    these are my configs in Perch:

    Code
    1. define('PERCH_EMAIL_FROM', 'bureau@christoph-freyer.at');
    2. define('PERCH_EMAIL_FROM_NAME', 'Christoph Freyer');
    3. define('PERCH_EMAIL_METHOD', 'smtp');
    4. define('PERCH_EMAIL_HOST', 'smtp.world4you.com');
    5. define('PERCH_EMAIL_AUTH', true);
    6. //define('PERCH_EMAIL_SECURE', 'ssl');
    7. define('PERCH_EMAIL_PORT', 587);
    8. define('PERCH_EMAIL_USERNAME', 'bureau@christoph-freyer.at');
    9. define('PERCH_EMAIL_PASSWORD', 'XXXXX');

    I tried the settings from control panel. Only if I shut off the ssl I could send e-mails from Perch to the ouside of the system. These are all the configurations which I got from the hoster.

    Yes I'm using it - the latest version.

    I think I managed it for the moment.

    I wrote in the configs the e-mail-configs of one account. These I took at the first form in the form Options and in the second form I wrote the different address into the form options. I don't know if this is the correct way. I can't receive the automated answer to the sending person. And I also had to turn off the ssl in the configs.