Update with info about version 3 of the fork

README.md

@@ -4,23 +4,25 @@ This is a fork of the fanlisting PHP script [BullaBuffs](https://github.com/jemj
 
 ## Description
 
-BellaBuffs includes the optional features to email new members after submitting the join form, email the fanlisting admin when a new member joins or email new members when their applications were approved. The original BellaBuffs script achieved this by using PHP's built-in `mail()` feature.
+BellaBuffs includes the optional features to email new members after submitting the join form, email the fanlisting admin when a new member joins or email new members when their applications were approved. The original BellaBuffs script achieved this by using PHP's built-in `mail()` function.
 
 This fork replaces the PHP `mail()` functions from BellaBuffs with PHPMailer, allowing a fanlisting to send out emails with SMTP, provided the fanlisting owner chooses to enable them, even if the hosting server does not support the PHP `mail()` function.
 
 The PHPMailer script that is incorporated in this fork is based on [InfinityFree](https://www.infinityfree.com/)'s [PHPMailer contact form script](https://github.com/InfinityFreeHosting/contactform). As InfinityFree's free hosting plan [does not support PHP `mail()` function](https://forum.infinityfree.com/t/sending-email-from-your-website-php-mail/49242), InfinityFree has provided their contact form script as an alternative.
 
-This BellaBuffs fork has been tested with PHP 8.2 on InfinityFree's free hosting.
+This BellaBuffs fork has been tested with PHP 8.2 on InfinityFree's free hosting and PHP 8.3 on Hostinger's Premium Shared Hosting.
 
 ## New Features
-* Integrate PHPMailer for the email sending features, should the fanlisting owner enables these features
-* Email sending features are enabled by default, but can be disabled in `prefs.php`
-* HTML5 form validation, including E-mail and URL input types and the `required` attribute
-* Update list of countries
-* Add a buttons folder (with a placeholder file to enable the folder to be pushed via Git), so users do not need to manually create the folder to store uploaded buttons
-* Allows fnalisting members to change their favourites with the update form if favourites field is enabled
+* Integrate PHPMailer for the email sending features, should the fanlisting owner enables these features.
+* Email sending features are enabled by default, but can be disabled in `prefs.php`.
+* HTML5 form validation, including E-mail and URL input types and the `required` attribute.
+* Update list of countries.
+* Add a buttons folder (with a placeholder file to enable the folder to be pushed via Git), so users do not need to manually create the folder to store uploaded buttons.
+* Allows fanlisting members to change their favourites with the update form if the favourites field is enabled.
+* Check for `https://` in addition to `http://` for potential spam in the comment fields.
 
 ## Usage Instructions
+1. Download the [latest release pf BellaBuffs-PHPMailer](https://github.com/helenclx/BellaBuffs-PHPMailer/releases/latest) from the GitHub repository.
 1. Customise your preferences in `prefs.php`
 1. Configure your email SMTP settings in `contactform/config.php`
 1. Upload all files of this fork to a directory where you want your fanlisting to be located

contact.php

@@ -24,7 +24,11 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 		)
 			$points += 2;
 
-	if (strpos($_POST['comments'], "http://") !== false || strpos($_POST['comments'], "www.") !== false)
+	if (
+		strpos($_POST['comments'], "https://") !== false ||
+		strpos($_POST['comments'], "http://") !== false ||
+		strpos($_POST['comments'], "www.") !== false
+	)
 		$points += 2;
 	if (isset($_POST['nojs']))
 		$points += 1;

join.php

@@ -34,7 +34,10 @@ if (isset($_POST['submit'])) {
 	if (isBot() !== false)
 		$error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'] . "\r\n";
 
-	if (substr_count($_POST['comments'], 'http://') > 1)
+	if (
+		substr_count($_POST['comments'], 'https://') > 1 ||
+		substr_count($_POST['comments'], 'http://') > 1
+	)
 		$error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n";
 
 	$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";

update.php

@@ -40,7 +40,10 @@ if (isset($_POST['submit'])) {
 	if (isBot() !== false)
 		$error_msg .= "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT'] . "\r\n";
 
-	if (substr_count($_POST['comments'], 'http://') > 1)
+	if (
+		substr_count($_POST['comments'], 'https://') > 1 ||
+		substr_count($_POST['comments'], 'http://') > 1
+	)
 		$error_msg .= "Too many URLs; we've assumed you're spam and 'lost' your application. Please try again without any extra URLs if you're a geniune person :)\r\n";
 
 	$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";