Hi, i have a problem with the posting from the form. I have recommendation form with captcha, wich i think there is no problem with. Once i press submit, php take action in another if else condition with out passing variable, i quite can figure it out why is like this. Take a look the code, please .... if(isset($_GET['cat'])) // when looking at selected category { } //problematic submit goes here ... else if(isset($_POST['submit'])||isset($_POST['search'])||isset($_GET['search'])) // when search button is pressed { } else //when looking at the root of the aplication { $myemail = "aaaa@bbbbb.com"; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $messagehtml = str_replace("\r", '<br/>', $message); $thanks = " <p align='left' class='info2'><span class='info2'> Thank you !. Your recomendation has sucessfuly been sent!<br> <br></span></p>"; $subject = "New Movie Recomendation from $Name"; $messagetoemail = "New movie recomendation. Name: $name E-mail: $email Recomendation: $messagehtml "; if($_POST['submitform']) // problematic submit expected to start here.... { $yourcode=$_POST['yourcode']; $thevalue1=$_POST['thevalue']; if($yourcode=$thevalue1) { mail($myemail,$subject,$messagetoemail,$name); mysql_query ("INSERT INTO moviesreco (id, name, email, message) VALUES ('', '$name', '$email', '$messagehtml')"); echo "$thanks"; } else { echo "You verification code is not right. Please go back and try again."; } } else { //this is recomandation form echo " <table width='100%' border='0' cellspacing='0' cellpadding='10'> <tr> <td> <form action='$PHP_SELF' method='post'> <table width='444' align='left' class='info4'> <tr> <td valign='top' align='right'><b>Name:</b></td> <td valign='top'> <input name='name' size='30'> </td> </tr> <tr> <td valign='top' align='right'><b>E-mail:</b></td> <td valign='top'> <input name='email' size='30'> </td> </tr> <tr> <td valign='top' align='right'><b>Recomendation:</b></td> <td valign='top'> <textarea name='message' rows='10' cols='30'></textarea> </td> </tr> <tr> <td>"; $im = ImageCreate(60, 20); //create image $white = ImageColorAllocate($im, 0,0, 0); $black = ImageColorAllocate($im, 120, 200, 68); $md5 = md5(microtime() * mktime()); $string = substr($md5,0,5); $verification = $string; $thevalue= $string; ImageFill($im, 0, 0, $black); ImageString($im, 4, 10, 3, $verification, $white); Imagejpeg($im, "inc/verify.jpeg"); ImageDestroy($im); echo " <img src='inc/verify.jpeg' border='0'> <input type='hidden' value='$thevalue' name='thevalue'> </td> <td> <input type='text' name='yourcode' size='5' maxlength='5'> </td> </tr> <td valign='top' align='right'></td> <td valign='top' align='left'> <input class='button1' type='submit' value='Send' name='submitform'> <input class='button1' type='reset' value='Reset' name='reset'> </td> </tr> </table> </form> </td> </tr> </table><br>"; } // some more code PHP: I need some help on this one, please !!! thank you in advance. Nita
i fixed code a bit but still php take different then needed action new code... if(isset($_GET['cat'])) // when looking at selected category { } //problematic submit goes here ... else if(isset($_POST['submit'])||isset($_POST['search'])||isset($_GET['search'])) // when search button is pressed { } else //when looking at the root of the aplication { // some code if($_POST['submitform']) // problematic submit expected to start here.... { $yourcode=$_POST['yourcode']; $thevalue1=$_POST['thevalue']; if($yourcode=$thevalue1) { mail($myemail,$subject,$messagetoemail,$name); mysql_query ("INSERT INTO moviesreco (id, name, email, message) VALUES ('', '$name', '$email', '$messagehtml')"); echo "$thanks"; } else { echo "You verification code is not right. Please go back and try again."; } } else { //this is recomandation form echo " <form action='$PHP_SELF' method='post'> <input name='name' size='30'> <input name='email' size='30'> <textarea name='message' rows='10' cols='30'></textarea> "; $im = ImageCreate(60, 20); //create image $white = ImageColorAllocate($im, 0,0, 0); $black = ImageColorAllocate($im, 120, 200, 68); $md5 = md5(microtime() * mktime()); $string = substr($md5,0,5); $verification = $string; $thevalue= $string; ImageFill($im, 0, 0, $black); ImageString($im, 4, 10, 3, $verification, $white); Imagejpeg($im, "inc/verify.jpeg"); ImageDestroy($im); echo " <img src='inc/verify.jpeg' border='0'> <input type='hidden' value='$thevalue' name='thevalue'> <input type='text' name='yourcode' size='5' maxlength='5'> <input class='button1' type='submit' value='Send' name='submitform'> <input class='button1' type='reset' value='Reset' name='reset'> </form> "; } // some more code } PHP: need some help please .. nita
go to http://www.nita-on-line.com/movies.php scroll down to movie recomendation, test it and you will see what i'm about, the rest of the aplication work with no problems. thank for your help nita
this line is incorrect: if($yourcode=$thevalue1) PHP: You're assigning the value of $thevalue1 to $yourcode. You need to use double =, like this: if($yourcode==$thevalue1) PHP: Apart from that: your code is very vulnerable, i can easily delete data from your database by using subqueries. You will have to make sure no one can run a subquery. For starters you have to escape the submitted text, because if i enter a single quote in the text, your query will break up, and mysql will return an error. Here's a very simple code that will take care of it: $name = addslashes($_POST['name']); PHP: if magic_quote_gpc is set to on in the php.ini file, you don't need to use the addslashes function as this is allready done when the user submits the form. So if you want to be sure the slashes are added, use this code: $name = (get_magic_quotes_gpc())? $_POST['name'] : addslashes($_POST['name']); PHP: Next i think it would be best if you use a regular expression to check if no SQL queries are entered, nothing serious, just the basic commands: if (preg_match('#(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER)\s+(INTO\s)?\w+#i', $name)) { echo "SQL Injection found: you bastard :) "; } PHP: you will have to do the same for the other entered values of course As you're passing the $_POST['name'] value as an additional header of the mail function (don't know why actually, cause that is not what the additional header is for), you have to check if the words "cc", "bcc", "to", and some mail headers aren't in the entered text. If you don't check fr those headers, i will be able to send spam mails throughout the world using your server. Consider the following entered "name": bcc: a@foo.bar; b@foo.bar; c@foo.bar Code (markup): if i enter this, this mail will be sent to you, and those three persons as well. As you're checking for the those special headers, make sure to check for their html encoded equivalent. The PHP mail function has a "bug" which allows you to enter html encoded strings as message, subject and headers. So when i enter: %62%63%63%3A%20a%40foo.bar%3B%20b%40foo.bar%3B%20c%40foo.bar Code (markup): which is exactly the same as the bcc i posted above, the mail will still be sent to all those persons in the bcc list.
Thanks for all that advice, i will take it all in consideration while developing this form, im at very begging of it i had chenge this line still, the same think if($yourcode==$thevalue1) PHP: the problem is that form is taking action as if i will use search form ... thanks again and looking forward to some further advice. nita
add this to the top of your page: print_r($_POST); PHP: and post what you see. I can't see anything wrong when i look at your html code (thought there might be a problem with the forms)
part of the code where i did put it ... print_r($_POST); if($_POST['submitform']) { PHP: thank you with your help to see what i mean go to http://www.nita-on-line.com/movies.php nita
when i test it on your website, this is what i get: Array ( [name] => UnrealEd [email] => edunreal [at] gmail [dot] com [message] => Test [thevalue] => d0688 [yourcode] => d0688 [submitform] => Send ) Code (markup): which is exactly what i filled in, and it displays a message that the recommendation has been sent
i fixed some things in this code but there is a problem - browser is not displaying form first anymore - is showing confirmation insead. i have to aplay some changes to this code any sugesstions, code if(!isset($_POST['submitform'])) { $myemail = "kris@nita-on-line.com"; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $messagehtml = str_replace("\r", '<br/>', $message); $thanks = " <p align='left' class='info2'><span class='info2'> Thank you !. Your recomendation has sucessfuly been sent!<br> <br></span></p>"; $subject = "New Movie Recomendation from $Name"; $messagetoemail = "Hi Kris. You recived a new movie recomendation. Name: $name E-mail: $email Recomendation: $messagehtml "; $yourcode=$_POST['yourcode']; $thevalue1=$_POST['thevalue1']; if($yourcode==$thevalue1) { echo "$thanks"; } else { echo "You verification code is not right. Please go back and try again."; } } else { <form action='$PHP_SELF' method='post'> <input name='name' size='30'> <input name='email' size='30'> <textarea name='message' rows='10' cols='30'></textarea> $im = ImageCreate(60, 20); //create image $white = ImageColorAllocate($im, 0,0, 0); $black = ImageColorAllocate($im, 120, 200, 68); $md5 = md5(microtime() * mktime()); $string = substr($md5,0,5); $verification = $string; $thevalue= $string; ImageFill($im, 0, 0, $black); ImageString($im, 4, 10, 3, $verification, $white); Imagejpeg($im, "inc/verify.jpeg"); ImageDestroy($im); echo " <img src='inc/verify.jpeg' border='0'> <input type='hidden' value='$thevalue' name='thevalue1'> <input type='text' name='yourcode' size='5' maxlength='5'> <input class='button1' type='submit' value='Send' name='submitform'> <input class='button1' type='reset' value='Reset' name='reset'> } } PHP: thanku you nita
you are missing an echo statement, and you're missing a double quote at the end of your script, it should be: echo "<form action='$PHP_SELF' method='post'> <input name='name' size='30'> <input name='email' size='30'> <textarea name='message' rows='10' cols='30'></textarea>"; $im = ImageCreate(60, 20); //create image $white = ImageColorAllocate($im, 0,0, 0); $black = ImageColorAllocate($im, 120, 200, 68); $md5 = md5(microtime() * mktime()); $string = substr($md5,0,5); $verification = $string; $thevalue= $string; ImageFill($im, 0, 0, $black); ImageString($im, 4, 10, 3, $verification, $white); Imagejpeg($im, "inc/verify.jpeg"); ImageDestroy($im); echo " <img src='inc/verify.jpeg' border='0'> <input type='hidden' value='$thevalue' name='thevalue1'> <input type='text' name='yourcode' size='5' maxlength='5'> <input class='button1' type='submit' value='Send' name='submitform'> <input class='button1' type='reset' value='Reset' name='reset'>"; PHP:
Problem - when i press submit button php is taking action as if i will press submit button of search form.... and goes to search else if part of code Current code. if(isset($_GET['cat'])) // when looking at selected category of movies { } // when i press submit button on the recomendation form php goes here else if(isset($_POST['submit'])||isset($_POST['search'])||isset($_GET['search'])) // when search button is pressed { } else //when looking at the root of the aplication { if ($_POST['submitform']) { $myemail = "kris@nita-on-line.com"; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $messagehtml = str_replace("\r", '<br/>', $message); $thanks = " <p align='left' class='info2'><span class='info2'> Thank you !. Your recomendation has sucessfuly been sent!<br> <br></span></p>"; $subject = "New Movie Recomendation from $Name"; $messagetoemail = "Hi Kris. You recived a new movie recomendation. Name: $name E-mail: $email Recomendation: $messagehtml "; $yourcode=$_POST['yourcode']; $thevalue1=$_POST['thevalue1']; if($yourcode==$thevalue1) { echo "$thanks"; } else { echo "You verification code is not right. Please go back and try again."; } } else { // recomendation form <form action='movies.php' method='post'> <input name='name' size='30'> <input name='email' size='30'> <textarea name='message' rows='10' cols='30'></textarea> $im = ImageCreate(60, 20); //create image $white = ImageColorAllocate($im, 0,0, 0); $black = ImageColorAllocate($im, 120, 200, 68); $md5 = md5(microtime() * mktime()); $string = substr($md5,0,5); $verification = $string; $thevalue= $string; ImageFill($im, 0, 0, $black); ImageString($im, 4, 10, 3, $verification, $white); Imagejpeg($im, "inc/verify.jpeg"); ImageDestroy($im); <img src='inc/verify.jpeg' border='0'> <input type='hidden' value='$thevalue' name='thevalue1'> <input type='text' name='yourcode' size='5' maxlength='5'> <input class='button1' type='submit' value='Send' name='submitform'> <input class='button1' type='reset' value='Reset' name='reset'> } } PHP: i'm well stuck on this. i have to say that once i keep this recomendation seaperate ( not beetween else { } ) is working with no problem, i don't understand why php is moving to search part of the code... i need some help .... nita
i had altered some code .. so this is latest version of the scrip i worked out, no changes in results, still, once submit button pressed php is moving to search else if part of the code (as if i press submit button on search form) go to http://www.nita-on-line.com/movies.php and test recomendation form, and see what is happenig your self ... please i test it without any other if else stament and its ok .... go to http://www.nita-on-line.com/test.php I have no qlue why, i suspect some mistake in if else structre of the application, i need some suggestions .... thank you a lot in advance nita if(isset($_GET['cat'])) // when looking at selected category of movies { // display by chosen category } // so when i press submit button on my recomendation form php is // moving to this else if .. why? else if(isset($_POST['search'])||isset($_GET['search'])) // when search button is pressed { // some code (display results when search button pressed) // code for search form below ... <form method='post' action='movies.php'> <input class='input1' type='text' name='search' size=15 maxlength=50> <input class='button1' type='submit' name='submit' value='Search' </form> } else //when looking at the root of the aplication { // some code if (isset($_POST['submitreco'])) { $myemail = "kris@nita-on-line.com"; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $messagehtml = str_replace("\r", '<br/>', $message); $thanks = " <p align='left' class='info2'><span class='info2'> Thank you !. Your recomendation has sucessfuly been sent!<br> <br></span></p>"; $subject = "New Movie Recomendation from $Name"; $messagetoemail = "Hi Kris. You recived a new movie recomendation. Name: $name E-mail: $email Recomendation: $messagehtml "; $yourcode=$_POST['yourcode']; $thevalue1=$_POST['thevalue1']; if($yourcode==$thevalue1) { echo "$thanks"; } else { echo "You verification code is not right. Please go back and try again."; } } else { $PHP_SELF = $_SERVER['PHP_SELF']; //this is recomandation form echo " <table width='100%' border='0' cellspacing='0' cellpadding='10'> <tr> <td> <form action='$PHP_SELF' method='post'> <table width='444' align='left' class='info4'> <tr> <td valign='top' align='right'><b>Name:</b></td> <td valign='top'> <input name='name' size='30'> </td> </tr> <tr> <td valign='top' align='right'><b>E-mail:</b></td> <td valign='top'> <input name='email' size='30'> </td> </tr> <tr> <td valign='top' align='right'><b>Recomendation:</b></td> <td valign='top'> <textarea name='message' rows='10' cols='30'></textarea> </td> </tr> <tr> <td>"; $im = ImageCreate(60, 20); //create image $white = ImageColorAllocate($im, 0,0, 0); $black = ImageColorAllocate($im, 120, 200, 68); $md5 = md5(microtime() * mktime()); $string = substr($md5,0,5); $verification = $string; $thevalue= $string; ImageFill($im, 0, 0, $black); ImageString($im, 4, 10, 3, $verification, $white); Imagejpeg($im, "inc/verify.jpeg"); ImageDestroy($im); echo " <img src='inc/verify.jpeg' border='0'> <input type='hidden' value='$thevalue' name='thevalue1'> </td> <td> <input type='text' name='yourcode' size='5' maxlength='5'> </td> </tr> <td valign='top' align='right'></td> <td valign='top' align='left'> <input class='button1' type='submit' value='Send' name='submitreco'> <input class='button1' type='reset' value='Reset' name='reset'> </td> </tr> </table> </form> </td> </tr> </table><br>"; } } PHP:
I tested your code, filled in UnrealEd as Name, my email address, and the text "This is just a test" as message and hit the "send" button; this is what came up on the page: So this is what your script has to output when it succeeded, right? It's working just fine. Can you tell me exactly what you do?
yes its working on test.php, but is not working on movies.php and i have no qlue why? script, at the moment is displaying confirmation and in the futre once form more secure will add posted information to mysql database, thats all, simple. need some help on this .. thanks nita
I tested it on movies.php, on your actual website. It's working just fine. I did notice a minor html error in your source code somewhere, maybe that's causing the problem (i doubt that). Search for this html code: <input class='button1' type='submit' name='submit' value='Search' HTML: you forgot to close it. So in theory, all the code posted below is part of the button. Just add /> to the end, and see what happens
you are unreal UnrealED what a shot ! i have been sitting on this one for 3 days and now is fixed code for fixed part else if(isset($_POST['search'])||isset($_GET['search'])) // when search button is pressed <form method='post' action='movies.php'> <input class='input1' type='text' name='search' size=15 maxlength=50> <input class='button1' type='submit' name='submit' value='Search'> // here ther is a bug </form>} PHP: > - closing tag to input was missing thank you very much, now everything waorks just fine and as expected, nita