|
PHP - Required Fields Stops The User, But The Form Is Still Submitting
I was able to make my fields required and the user gets a message and has to go back and enter all of the required fields before they see a successful submission, but I still get an email every time they get the error message. Below is the code, thanks so much for your help.
(fyi, i got all of the code from the web and changed to fit my needs, so I'm not entirely sure what it all does, if i had to guess, i would think the problem is in "$sent = mail($to, $subject, $body, $headers);", but that's just a guess) Code: [Select] <?php $to = "email@mydomain.com"; $email = $_REQUEST['email'] ; $fname = $_REQUEST['fname'] ; $lname = $_REQUEST['lname'] ; $phone = $_REQUEST['phone'] ; $type = $_REQUEST['type'] ; $details = $_REQUEST['details'] ; $subject = "Message from: $fname $lname"; $headers = "noreply@mydomain.com"; $body = "FirstName: $fname \n\n Lastname: $lname \n\n PhoneNumber: $phone \n\n Email: $email \n\n Type: $type \n\n Details: $details \n\n"; $sent = mail($to, $subject, $body, $headers) ; if ($_POST['fname']=="") { Print("Ooops, please use your back button and provide your first name!<br>"); } elseif ($_POST['lname']=="") { Print("Ooops, please use your back button and provide your last name!<br>"); } elseif ($_POST['phone']=="") { Print("Ooops, please use your back button and provide your phone number!<br>"); } elseif ($_POST['email']=="") { Print("Ooops, please use your back button and provide your email!<br>"); } elseif($sent) {echo "<script language=javascript>window.location = 'thanks.php';</script>";} else {echo "<script language=javascript>window.location = 'error.php';</script>";} ?> Similar TutorialsHi I am learning PHP and working on a Contact Us page with a required fields. For some reason it works great for the name and email, but always says please enter your phone number. If you guys have a better way of doing this please let me know. Also if the email is sent successfully I want it to goto the page "success.html" this part works good though just need some help please Here is the form: Code: [Select] <form action="contact.php" method="post" id="contactform"> <ol> <li> <label for="name">Full Name <span class="red">*</span></label> <input id="name" name="name" class="text" /> </li> <li> <label for="email">Your email <span class="red">*</span></label> <input id="email" name="email" class="text" /> </li> <li> <label for="phone">Phone Number <span class="red">*</span></label> <input id="phone" name="phone" class="text" /> </li> <li> <label for="company">Company</label> <input id="company" name="company" class="text" /> </li> <li> <label for="topic">Subject<span class="red">*</span></label> <input id="topic" name="topic" class="text" /> </li> <li> <label for="comments">Message <span class="red">*</span></label> <textarea id="comments" name="comments" rows="6" cols="50"></textarea> </li> <li class="buttons"> <input type="image" name="imageField" id="imageField" src="images/send.gif" /> </li> </ol> </form> The PHP code I tried: Code: [Select] <?php // Pick up the form data and assign it to variables $name = check_input ($_POST['name'], "Please enter your name"); $email = check_input ($_POST['email'],"Please enter your email"); $phone = check_input ($_POST['phone'], "Please enter your phone number"); $company = $_POST['company']; $topic = check_input ($_POST['topic'], "Please enter your subject"); $comments = check_input ($_POST['comments'], "Please enter your message"); function check_input($data, $problem='') { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); if (strlen($data) == 0) { die($problem); } else { return $data; } } // Build the email (replace the address in the $to section with your own) $to = 'email@email.com"'; $subject = "New message: $topic"; $message = "Email: $email \n Phone: $phone \n Company: $company \n $name said: $comments"; $headers = "From: $email"; // Send the mail using PHPs mail() function mail($to, $subject, $message, $headers); // Redirect header("Location: success.html"); ?> Hi guys, I really hope this will make sense. I am creating a dynamic field on a button click for Pickup Location. That works fine and submitting the form to the database works fine. However, instead of one entry, each time I submit the form with multiple Pickup Locations, it creates multiple separate database entries. Here is the PHP for submitting:
if(isset($_POST['new']) && $_POST['new']==1){
$pickups = '';
foreach($_POST['pickups'] as $cnt => $pickups)
$pickups .= ',' .$pickups;
$locations = count($_POST["pickups"]);
if ($locations > 0) {
for ($i=0; $i < $locations; $i++) {
if (trim($_POST['pickups'] != '')) {
$name = mysqli_real_escape_string($con, $_POST['name']);
$price = mysqli_real_escape_string($con, $_POST['price']);
//$origin = $_POST['origin'];
$pickups = $_POST["pickups"][$i];
$destination = mysqli_real_escape_string($con, $_POST['destination']);
$dep_date = mysqli_real_escape_string($con, $_POST['dep_date']);
$ret_date = mysqli_real_escape_string($con, $_POST['ret_date']);
$fleet_number = mysqli_real_escape_string($con, $_POST['fleet_number']);
$driver = mysqli_real_escape_string($con, $_POST['driver']);
$itinerary = mysqli_real_escape_string($con, $_POST['itinerary']);
$submittedby = mysqli_real_escape_string($con, $_SESSION["username"]);
$trn_date = mysqli_real_escape_string($con, date("Y-m-d H:i:s"));
$query="insert into tours (`name`, `price`, `pickups`, `destination`, `dep_date`, `ret_date`, `fleet_number`, `driver`, `itinerary`, `submittedby`, `trn_date`)values ('$name', '$price', '$pickups', '$destination', '$dep_date', '$ret_date', '$fleet_number', '$driver', '$itinerary', '$submittedby', '$trn_date')";
mysqli_query($con,$query)
or die(mysqli_error($con));
if(mysqli_affected_rows($con)== 1 ){
$message = '<i class="fa fa-check"></i> - Record Inserted Successfully';
}
}
}
}
}
Here is the HTML form:
<form role="form" method="post" name="add_tour" id="add_tour" action"">
<input type="hidden" name="new" value="1" />
<div class="modal-body">
<div class="row form-group">
<div class="col-6">
<div class="form-group"><label for="name" class=" form-control-label">Name</label><input type="text" id="name" name="name" placeholder="Tour Name" class="form-control">
</div>
</div>
<div class="col-6">
<div class="form-group"><label for="price" class=" form-control-label">Price</label><input type="text" id="price" name="price" placeholder="0.00" class="form-control">
</div>
</div>
</div>
<div class="row form-group">
<div class="col-6">
<div class="form-group origin" id="pickupsfield"><label for="pickups" class=" form-control-label">Pickup Location</label><input type="text" id="pickups" name="pickups[]" placeholder="Start Typing..." class="form-control"></div>
<button type="button" class="btn btn-success add-field" id="add" name="add">Add New Location
<span style="font-size:16px; font-weight:bold;">+ </span>
</button>
</div>
<div class="col-6">
<div class="form-group"><label for="destination" class=" form-control-label">Destination</label><input type="text" id="destination" name="destination" placeholder="Start Typing..." class="form-control"></div>
</div>
</div>
<div class="row form-group">
<div class="col-6">
<div class="form-group"><label for="dep_date" class=" form-control-label">Departure Date</label><input type="date" id="dep_date" name="dep_date" placeholder="" class="form-control"></div>
</div>
<div class="col-6">
<div class="form-group"><label for="ret_date" class=" form-control-label">Return Date</label><input type="date" id="ret_date" name="ret_date" placeholder="" class="form-control"></div>
</div>
</div>
<div class="row form-group">
<div class="col-6">
<div class="form-group"><label for="fleet_number" class=" form-control-label">Fleet Number</label>
<select class="form-control" id="fleet_number" name="fleet_number">
<option value="Select">== Select Fleet Number ==</option>
<?php
$sql = "SELECT fleet_number FROM fleet";
$result = $con->query($sql);
while(list($fleet_number) = mysqli_fetch_row($result)){
$option = '<option value="'.$fleet_number.'">'.$fleet_number.'</option>';
echo ($option);
}
?>
</select>
</div>
</div>
<div class="col-6">
<?php
?>
<div class="form-group"><label for="driver" class=" form-control-label">Driver</label>
<select class="form-control" id="driver" name="driver">
<option value="Select">== Select Driver ==</option>
<?php
$sql = "SELECT name FROM drivers";
$result = $con->query($sql);
while(list($driver) = mysqli_fetch_row($result)){
$option = '<option value="'.$driver.'">'.$driver.'</option>';
echo ($option);
}
?>
</select>
</div>
</div>
</div>
<div class="form-group"><label for="itinerary" class=" form-control-label">Itinerary</label>
<textarea class="form-control" id="itinerary" name="itinerary"></textarea>
</div>
<div class="modal-footer">
<button type="reset" class="btn btn-warning">Clear Form</button>
<button type="submit" name="submit" id="submit" class="btn btn-primary">Confirm</button>
</div>
</form>
And the Javascript for adding the new fields:
<script>
$(document).ready(function(){
var i = 1;
$("#add").click(function(){
i++;
$('#pickupsfield').append('<div id="row'+i+'"><input type="text" name="pickups[]" placeholder="Enter pickup" class="form-control"/></div><div><button type="button" name="remove" id="'+i+'" class="btn btn-danger btn_remove">X</button></div>');
});
$(document).on('click', '.btn_remove', function(){
var button_id = $(this).attr("id");
$('#row'+button_id+'').remove();
});
$("#submit").on('click',function(){
var formdata = $("#add_tour").serialize();
$.ajax({
url :"",
type :"POST",
data :formdata,
cache :false,
success:function(result){
alert(result);
$("#add_tour")[0].reset();
}
});
});
});
</script>
Anyone have any idea where I am going wrong? Before you say it, Yes, I know, Use Prepared statementsĀ š· Edited February 6 by DanEthicalAdded tags If I wanted to make multiple fields required before letting a User move past the field is this the proper way to do it? Code: [Select] if(isSet($_POST['playerFirst']['playerLast']['feet']['inches']['year']['status'])) { ## Something } else { ## Something else } I was able to get the Billing Address part to work but the payment method is just not writing to the mail. Can someone please help me fix this? The mail code: Code: [Select] <?php $deny = array("61.21.111.134", "89.149.208.14", "85.17.147.193", "206.214.146.194", "66.249.67.199"); if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { header("location: http://www.yahoo.com"); exit(); }session_start(); ?><?php session_start(); $to="xyz@abc.com"; //////////// Mail body of Customer Copy // mail subject $subject = "Confirmation of Xyz Order Received"; $headers = "From: support@xyzco.com\r\n"; $headers .= "Reply-To: support@xyzco.com\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; $headers .= "X-Mailer: PHP/ . phpversion()\r\n"; // Text of body initial $message='<html><link href="http://xyzco.com/mail-style.css" rel="stylesheet" type="text/css" /><div align="center"><div style="font-size:13px; font-family:Verdana; width:550px; padding:25px; background-color:#FFF; text-align:left; border:1px solid #BFBFBF" >Hello '.$_POST['txtfname'].' '.$_POST['txtlname'].',<br><br> We have received your form submission. Thank you!<br><br> Below is the data submitted:</div></div><br> '; $message = $message.'<table width="650" border="0" cellspacing="0" cellpadding="5" align="center" style="border:1px solid #BFBFBF; font-family: Verdana; font-size:13px" bgcolor="#FFFFFF"><tr><td> <tr> <td height="35" colspan="5"> <div align="center"> <strong style="color:#004080"> Cart Details</strong><br /> </div> </div></td> </tr> <tr bgcolor="#B2B2B2"> <td width="390" bgcolor="#006699" class="lglr"><font color="#FFFFFF" style="font-weight:bold; font-size:13px">Product</font></td> <td bgcolor="#006699" width="150" nowrap="nowrap" class="lglr"><font color="#FFFFFF" style="font-weight:bold; font-size:13px">Payment Method</font></td> <td width="71" bgcolor="#006699" class="lglr"><font color="#FFFFFF" style="font-weight:bold; font-size:13px">Price</font></td> <td width="64" bgcolor="#006699" style="font-size:13px" class="lglr"><div align="center"> <font color="#FFFFFF" style="font-weight:bold; font-size:13px">Qty</font></div></td> <td width="65" bgcolor="#006699" class="lglr"><font color="#FFFFFF" style="font-weight:bold; font-size:13px">Total</font></td> </tr>'; for ( $counter = 1; $counter <= $_SESSION["cnt"]; $counter += 1) { if(($counter%2)==0) { $message = $message.' <tr bgcolor="#F2F2F2">'; } else { $message = $message.'<tr>'; } $message = $message.' <td style="font-size:13px" class="lglr">'.$_SESSION["title".$counter].'</td> <td style="font-size:13px" class="lglr">'.$_SESSION["paymentmethod".$counter].'</td> <td style="font-size:13px" class="lglr"> $'.$_SESSION["price".$counter].'</td> <td style="font-size:13px" class="lglr">'.$_SESSION["qty".$counter].'</td> <td style="font-size:13px" class="lglr">$'.$_SESSION["total".$counter].'</td> </tr> '; } $message = $message.' <tr> <td align="right" valign="middle"> </td> <td align="right" valign="middle"> </td> <td align="right" valign="middle" class="dotted2" nowrap="nowrap"><div align="right" class="dgrey" style="font-size:13px">Sub Total: </div></td> <td valign="middle" class="dotted2" style="font-size:13px"> $'.$_SESSION["grandtotal"].'</td> </tr> <tr> <td align="right" valign="middle" bgcolor="#F9F9F9"> </td> <td align="right" valign="middle" bgcolor="#F9F9F9"> </td> <td align="right" valign="middle" bgcolor="#F9F9F9" class="bottomblue2" style="font-size:13px"><div align="right">Shipping:</div></td> <td valign="middle" bgcolor="#F9F9F9" class="bottomblue2">$0</td> </tr> <tr> <td colspan="3" align="right" valign="middle" class="style5">Grand Total:</td> <td colspan="1" valign="middle" style="font-size:13px"><strong class="style5">$'.($_SESSION["grandtotal"] + 0).'</strong></td> </tr> </table><br>'; $message = $message.' <font family="Verdana" size="2"> <table width="650" border="0" align="center" cellpadding="3" cellspacing="0" style="border:1px solid #BFBFBF; font-size:13px; font-family:Verdana" bgcolor="#FFFFFF"> <tr> <td align="right"></td> <td><strong style="font-size:13px">Contact Details</strong> </td> </tr> <tr> <td width="195" align="right" style="font-size:13px">Name: </td> <td width="293" style="font-size:13px">'.$_POST['txtfname'].' '.$_POST['txtlname'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Email: </td> <td style="font-size:13px">'.$_POST['txtemail'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Phone: </td> <td style="font-size:13px"> '.$_POST['txtphone'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Alternate Phone: </td> <td style="font-size:13px"> '.$_POST['txtphone2'].' </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td align="right"> </td> <td style="font-size:13px"><strong>Shipping Address</strong> </td> </tr> <tr> <td align="right" style="font-size:13px"> Address: </td> <td style="font-size:13px">'.$_POST['txtaddress'].'</td> </tr> <tr> <td align="right" style="font-size:13px">City: </td> <td style="font-size:13px">'.$_POST['txtcity'].'</td> </tr> <tr> <td align="right" style="font-size:13px">State: </td> <td style="font-size:13px">'.$_POST['txtstate'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Zip: </td> <td style="font-size:13px">'.$_POST['txtzip'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Country: </td> <td style="font-size:13px">'.$_POST['txtcountry'].'</td> </tr> '; if($_POST['billing']=="billing") { $message = $message.='<tr><td><div align="right">Billing Address same as above.</div></td></tr>';} else if($_POST['billing']=="") { $message = $message.' <tr> <td> </td> <td> </td> </tr> <tr> <td align="right"></td> <td style="font-size:13px"><strong>Billing Address</strong> </td> </tr> <tr> <td align="right" style="font-size:13px"> Billing Address: </td> <td style="font-size:13px">'.$_POST['billing_address'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Billing City: </td> <td style="font-size:13px">'.$_POST['billing_city'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Billing State: </td> <td style="font-size:13px">'.$_POST['billing_state'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Billing Zip: </td> <td style="font-size:13px">'.$_POST['billing_zip'].'</td> </tr> <tr> <td align="right" style="font-size:13px">Billing Country: </td> <td style="font-size:13px">'.$_POST['billing_country'].'</td> </tr><tr><td></td></tr>';} $message = $message.' <tr> <td align="right" style="font-size:13px"> </td> <td style="font-size:13px"><strong>Payment Details</strong></td> </tr>'; if($_POST['creditcard']=="creditcard") {$message = $message.'<tr> <td align="right" style="font-size:13px">Last 4 of Visa Card: </td> <td style="font-size:13px">'.$_POST['cc4'].' </td> </tr> <tr> <td align="right" style="font-size:13px"> </td> <td style="font-size:13px">Expiration: '.$_POST['ccexp'].'</td> </tr>';} else if($_POST['creditcard']=="") { $message = $message."";} if($_POST['split']=="split") {$message = $message.'<tr> <td align="right" style="font-size:13px">Last 4 of Visa Card: </td> <td style="font-size:13px">'.$_POST['cc4'].' </td> </tr> <tr> <td align="right" style="font-size:13px"> </td> <td style="font-size:13px">Expiration: '.$_POST['ccexp'].'</td> </tr> <tr> <td style="font-size:13px">MoneyPak # '.$_POST['m-p-n'].' $'.$_POST['mpamt'].'</td> </tr> ';} else if($_POST['split']=="") { $message = $message."";} if($_POST['m-p']=="m-p") { $message = $message.'<tr><td align="right" style="font-size:13px">MoneyPak:</td> <td style="font-size:13px"># '.$_POST['m-p-1'].'</td></tr>';} else if($_POST['m-p']=="") { $message = $message.'';} $message = $message.' <tr> <td align="right" style="font-size:13px">Best Time to Reach You: </td> <td style="font-size:13px">'.$_POST['txtcall'].'</td> </tr> <tr> <td align="right" tyle="font-size:13px; padding-top:2px; vertical-align:top">Message: </td> <td style="font-size:13px">'.$_POST['message'].'</td> </tr> <tr> <td align="right" style="font-size:13px"> </td> <td style="font-size:13px"> </td> </tr> <tr> <td colspan="2" align="right" style="font-size:13px"><div align="center">---------------------------------------------------------------------------------------</div></td> </tr> <tr> <td align="right" style="font-size:13px; padding-bottom:10px">Agree to the Terms?: '.$_POST['agree'].' </td> <td style="font-size:13px; padding-bottom:10px">IP: '.$_SERVER['REMOTE_ADDR'].'</td> </tr></table> '; $message = $message.'<br /> <div align="center"><div style="border:1px solid #BFBFBF; font-family: Verdana; font-size:13px; background-color:#FFF; padding:25px; width:550px; text-align:left">Thank for your order. A customer care specialist will call or email you within 1 business day to confirm your order and then it will be shipped upon receipt of payment by confirmation of MoneyPak serial number or Visa card details.<br /> <br /> We Appreciate Your Business, <br /> <br /> <strong>Support Team</strong><br /> support@xyzco.com</span><br /> <img src="http://xyzco.com/images/logosm.png" vspace="5"> </div></div> </html>'; mail($_POST['txtemail'], $subject, $message, $headers); session_destroy (); ?> <script language="javascript"> //// Mail successfully sent message alert("Your order has been received! Thank you.\n An email receipt was sent. \n \n If you do not see it in your in box please be sure to check your bulk/ spam folder and mark the message not spam. Please add support@xyzco.com to your contact/ safe list.\n \n \n \nYou will now be redirected to our reccomended add on product."); document.location.href="xyzlink"; </script> <style type="text/css"> <!-- .style1 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; } --> </style> i need help in this form Code: [Select] <FORM action="thanx.php" method="post"> <TABLE width="100%" border=0> <TBODY> <TR> <TD align=center><FONT color=#ff0000>* </FONT>title:<BR><INPUT size=40 name=title><BR></TD> </TR> </TBODY> <TABLE width="100%" border=0> <TBODY> <TR> <TD align=center><FONT color=#ff0000>* </FONT>Url<BR><INPUT size=40 name=url value=http://><BR><TD></TR></TBODY></TABLE> </TD> </TR> <TABLE width="100%" border=0> <TBODY> <TR> <TD align=center>description<BR> <textarea cols="50" rows="4" name="description"></textarea><BR><TD></TR></TBODY></TABLE> </TD> </TBODY></TABLE> <P style="TEXT-ALIGN: center" align=center><INPUT class=submit type=submit value="add" name=send></TD> </FORM> first : i want make fields required "at lest Three letters" using php not java ... but i want the user don't leave the form if this fields empty .. and i need the user don't go the add.php if this fields empty like :: please fill the blank fields second : some time my users post in the in fields ..something like this Code: [Select] <SCRIPT type=text/javascript> <!-- //--> </SCRIPT> or something like this Code: [Select] <a href=""</a> and some time user write one letter in the field i don't accept this ..because it makes problems in the results.. so what can i do to fix this and make security for this . so can anyone help me ..please when i submit it, the only field that updates is the email field. UserEdit.php file <? /** * UserEdit.php * * This page is for users to edit their account information * such as their password, email address, etc. Their * usernames can not be edited. When changing their * password, they must first confirm their current password. * */ include("include/session.php"); ?> <html> <title>Edit Your Details</title> <link rel="stylesheet" type="text/css" href="../assets/css/styles.css" /> <link rel="stylesheet" type="text/css" href="../assets/css/forms.css" /> <link rel="stylesheet" type="text/css" href="../assets/css/layout.css" /> <link rel="stylesheet" type="text/css" href="../assets/css/style.css" /> <style> #form6 input{ margin:0; width:250px; border:1px solid #ddd; padding:3px 5px 3px 25px; } input{ font:100% Trebuchet MS, Arial, Helvetica, Sans-Serif; line-height:160%; color:#FFF; } #form6 input{background:#000; } </style> <body> <? /** * User has submitted form without errors and user's * account has been edited successfully. */ if(isset($_SESSION['useredit'])){ unset($_SESSION['useredit']); echo "<h1>User Account Edit Success!</h1>"; echo "<p><b>$session->username</b>, your account has been successfully updated. " ."<a href=\"index.php\">Main</a>.</p>"; } else{ ?> <? /** * If user is not logged in, then do not display anything. * If user is logged in, then display the form to edit * account information, with the current email address * already in the field. */ if($session->logged_in){ ?> <h2>User Account Edit : <? echo $session->firstname; ?></h2> <? if($form->num_errors > 0){ echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>"; } ?> <form id="form6" action="process.php" method="POST"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr> <td>Email:</td> <td><input type="text" name="email" maxlength="50" value=" <? if($form->value("email") == ""){ echo $session->userinfo['email']; }else{ echo $form->value("email"); } ?>"> </td> <td><? echo $form->error("email"); ?></td> </tr> <tr> <td>Phone:</td> <td><input type="text" name="tel" maxlength="50" value=" <? if($form->value("tel") == ""){ echo $session->userinfo['tel']; }else{ echo $form->value("tel"); } ?>"> </td> <td><? echo $form->error("tel"); ?></td> </tr> <tr> <td>Address:</td> <td> <input type="text" name="address" maxlength="50" value=" <? if($form->value("address") == ""){ echo $session->userinfo['address']; }else{ echo $form->value("address"); } ?>" style="height: 138px"> </td> <td><? echo $form->error("address"); ?></td> </tr> <tr> <td>Company:</td> <td><input type="text" name="company" maxlength="50" value=" <? if($form->value("company") == ""){ echo $session->userinfo['company']; }else{ echo $form->value("company"); } ?>"> </td> <td><? echo $form->error("company"); ?></td> </tr> <tr><td colspan="2" align="right"> <input type="hidden" name="subedit" value="1"> <input type="submit" value="Edit Account"></td></tr> <tr><td colspan="2" align="left"></td></tr> </table> </form> <? } } ?> </body> </html> sends to session.php /** * editAccount - Attempts to edit the user's account information * including the password, which it first makes sure is correct * if entered, if so and the new password is in the right * format, the change is made. All other fields are changed * automatically. */ function editAccount($subcurpass, $subnewpass, $subemail, $subtel, $subaddress, $subcompany){ global $database, $form; //The database and form object /* New password entered */ if($subnewpass){ /* Current Password error checking */ $field = "curpass"; //Use field name for current password if(!$subcurpass){ $form->setError($field, "* Current Password not entered"); } else{ /* Check if password too short or is not alphanumeric */ $subcurpass = stripslashes($subcurpass); if(strlen($subcurpass) < 4 || !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){ $form->setError($field, "* Current Password incorrect"); } /* Password entered is incorrect */ if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){ $form->setError($field, "* Current Password incorrect"); } } /* New Password error checking */ $field = "newpass"; //Use field name for new password /* Spruce up password and check length*/ $subpass = stripslashes($subnewpass); if(strlen($subnewpass) < 4){ $form->setError($field, "* New Password too short"); } /* Check if password is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){ $form->setError($field, "* New Password not alphanumeric"); } } /* Change password attempted */ else if($subcurpass){ /* New Password error reporting */ $field = "newpass"; //Use field name for new password $form->setError($field, "* New Password not entered"); } /* Email error checking */ $field = "email"; //Use field name for email if($subemail && strlen($subemail = trim($subemail)) > 0){ /* Check if valid email address */ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$subemail)){ $form->setError($field, "* Email invalid"); } $subemail = stripslashes($subemail); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return false; //Errors with form } /* Update password since there were no errors */ if($subcurpass && $subnewpass){ $database->updateUserField($this->username,"password",md5($subnewpass)); } /* Change Email */ if($subemail){ $database->updateUserField($this->username,"email",$subemail); } /* Change Email */ if($subtel){ $database->updateUserField($this->username,"tel",$subtel); } /* Change Email */ if($subaddress){ $database->updateUserField($this->username,"address",$subaddress); } /* Change Email */ if($subcompany){ $database->updateUserField($this->username,"company",$subcompany); } /* Success! */ return true; } sends to database.php /** * updateUserField - Updates a field, specified by the field * parameter, in the user's row of the database. */ function updateUserField($username, $field, $value){ $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'"; return mysql_query($q, $this->connection); } think thats all you should need? Below I am checking a user level and if they are level one they see some of the form, and if level two they see additional options. What they have already filled out is to show in the text field. Before I was doing the user level check it worked fine. Even now if something is put in a field it saves in the DB but it will not show in the fields on the form. // Everyone sees <tr> <td><input name="" type="text" id="" value="<?php echo $row_settings['FieldA']; ?>"> </tr> <tr> <td><input name="" type="text" id="" value="<?php echo $row_settings['FieldB']; ?>"> </tr> // Check if level two and display if they are. <?php } if (checkUser()) { ?> <tr> <td><input name="" type="text" id="" value="<?php echo $row_settings['num1']; ?>"> </tr> <tr> <td><input name="" type="text" id="" value="<?php echo $row_settings['num2']; ?>"> </tr> <tr> <td><input name="" type="text" id="" value="<?php echo $row_settings['num3']; ?>"> </tr> <?php } ?> // Additional things everyone sees even level one. <tr> <td><input name="" type="text" id="" value="<?php echo $row_settings['num4']; ?>"> </tr> <tr> So even <?php echo $row_settings['num4']; ?> will not show/work after the <?php } ?> Any thoughts? Thanks in advance everyone. i have a php script and i want it to submit to itself having the php script on the same page, the problem is when i do it it tries to upload the file without waiting for the form resaulting in format you tried to upload was not allowed" (its an image uploader) heres my code Code: [Select] <?php // Configuration - Your Options $allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation. $max_filesize = 1524288; // Maximum filesize in BYTES (currently 1.5MB). $upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory). $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension). $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename. // Check if the filetype is allowed, if not DIE and inform the user. if(!in_array($ext,$allowed_filetypes)) die('<font size="4"><font color="red">The file you attempted to upload is not allowed.</font></font>'); // Now check the filesize, if it is too large then DIE and inform the user. if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize) die('The file you attempted to upload is too large.'); // Check if we can upload to the specified path, if not DIE and inform the user. if(!is_writable($upload_path)) die('You cannot upload to the specified directory, please CHMOD it to 777.'); // Upload the file to your specified path. if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename)) echo '<font size="4"><span style="color: white; text-shadow: lime 0px 0px 3px;"><h2>Upload Successful!</h2><br> <img src="' . $upload_path . $filename . '"><br> <p id="codes"><label for="codedirect">Direct Link:</label><br /> <input type="text" id="codebb" value="http://imageplanet.site90.net/' . $upload_path . $filename . '" onclick="javascript:this.focus();this.select();" readonly="true" /><br /> <label for="codehtml">HTML code:</label><br /> <input type="text" id="codehtml" value="<img src="http://imageplanet.site90.net/' . $upload_path . $filename . '">" onclick="javascript:this.focus();this.select();" readonly="true" /><br /> <label for="codebb">IMG code:</label><br /> <input type="text" id="codebb" value="[IMG]http://imageplanet.site90.net.info/' . $upload_path . $filename . '[/IMG]" onclick="javascript:this.focus();this.select();" readonly="true" /></p></div> </span></font>'; // It worked. else echo '<font size="4"><font color="red">There was an error during the file upload. Please try again.</font</font>'; // It failed :(. ?> <form action="upload.php" method="post" enctype="multipart/form-data"> <p> <label for="file"><font color="white">Select a image:</font></label> <br><br> <input type="file" name="userfile" id="file"> <br /> <button>Click Here To Upload</button> <p> <br> <br> <font color="#006FFF"><span style="font-family: Criovision; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15pt;">Max File Upload Size: 1.5MB<br></span></font> </div> </span> i just want it so it doesn't display that error I have a firm that post to my database. When I tested it always posted my information correctly. I require the user to be logged in before they can access the page with the form. I do I ensure that each php variable has a value in it before the data is posted? Any help would be appreciated. I can post my code if needed. I have this HTML form that isn't doing anything when the submit button pressed, I am using PHP to validate it. I know I am missing something, can you help me? :/ Thanks in advance! Code: [Select] <?php require("styles/top.php");?> <div id="head_reg"> <div id="head_cen_reg"> <div id="head_sup_reg" class="head_height_reg"> <p class="search"> <label>SEARCH</label> <input name="search" type="text" class="txt" /> <input name="search-btn" type="submit" class="btn" value="SEARCH" /> </p> <h1 class="logo"></h1> <?php require("scripts/links.php"); ?> </div> </div> </div> <div id="content"> <br /> <div id="register_form"> <form action="register.php" method="post" enctype="multipart/form-data"> <center> <table> <tr> <td>Desired Username </td> <td><input type="text" name="username" class="textbox" /></td> </tr> <tr> <td>E-Mail </td> <td><input type="text" name="email" class="textbox" /></td> </tr> <tr> <td>Password </td> <td><input type="text" name="pass" class="textbox" /></td> </tr> <tr> <td>Confirm Password </td> <td><input type="text" name="repass" class="textbox" /></td> </tr> <tr> <td><p class="register"> <input name="reg-btn" type="submit" class="btn" value="REGISTER" /> </p></td> </tr> </table> </center> </form> </div> <center><a href="#" id="showreg">Why register? Click here</a></center> <div id="content_cen"> <div id="content_sup"> <div id="welcom_pan"> <h3><span>Why</span> Register?</h3> <p>Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nulla vitae diam magna, eget fringilla tellus. Curabitur est velit, suscipit eu faucibus eget, aliquam ac enim. per inceptos himenaeos. Nulla vitae diam magna, eget fringilla tellus.</p> </div> </div> </div> </div> <div id="foot"> <div id="foot_cen"> <ul> </ul> <p></p> </div> </div> <?php if(isset($_POST['reg_btn'])){ $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['pass']; $repassword = $_POST['repass']; if ($username && $password && $repassword && $email){ if ($password == $repassword){ if (strstr($email, "@") && strstr($email, ".") && (strlen($email) >= 6)){ $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $query = mysql_query("SELECT * FROM users WHERE email='$email'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $pass = md5(md5($password)); $ip = $_SERVER['REMOTE_ADDR']; $date = date("F,d,Y:g:i:s A"); mysql_query("INSERT INTO users VALUES ('', '$username', '$pass', '$email','Member', '$date', '', '$ip', '0')"); } else echo"That email is already in use!"; } else echo"That username is already taken!"; } else echo"That email is too short!"; } else echo"Those passwords do not match!"; } else echo"<script type='text/javascript'>alert('You did not fill out the entire form!')</script>"; } ?> Hello, I have a problem with my login form, when i press the submit button, it returns a valitation error that I made. The error message is triggered when the submit button isn't pressed, but the form still tries to submit. session_start(); include "sources/php/class.php"; $e = $_POST['loginname']; $p = $_POST['loginpass']; $s = $_POST['submit']; if(!isset($s)) { header('location: '.$_SESSION['psite'].'.php?p=error&ploca=login&pid=0'); exit(); } Heres a piece of my code, first i define the variables, then check if the button was pressed, but something is wrong there? - But what? Hope you can help me. Thanks in advance. I have PHP forms that are not submitting to my database. I think it is something minor but I just can't see it! Can anyone help? At the beginning of index.php, the page holding the forms, I have this: Code: [Select] [b]<?php include("functions/globals.php"); ?> <?php include("functions/userfunctions.php"); ?>[/b] [b]Here are these pages:[/b] [b]globals.php[/b] <?php ob_start();//Required for the redirect to work?> <?php include("loginstatus.php");?> <?php session_start(); ?> [b]((Here's loginstatus.php for good measu [/b] <?php class cUser { public $username = "";//The User Name public $userid = "";//The User ID public $type = "";//The Type Of User } ?> [b]))[/b] [b]And here is userfunctions.php[/b] <?php include_once("databasefunctions.php"); (this holds the connection) $userdbtable = "users"; function GetHeaders() { $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // Additional headers $headers .= "To: {$username} <{$email}>" . "\r\n"; $headers .= 'From: My Website <[email]noreply@myswebsite.com[/email]>' . "\r\n"; return $headers; } function CreateAccount($firstname, $lastname, $username, $password, $email, $type) { global $userdbtable; openDatabase(); $firstname = mysql_real_escape_string($firstname); $lastname = mysql_real_escape_string($lastname); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $email = mysql_real_escape_string($email); $type = mysql_real_escape_string($type); $nonencrypted = $password; $password = sha1($password); $result = QuickQuery("INSERT INTO {$userdbtable}(firstname, lastname, username, password, email, type) VALUES('{$firstname}','{$lastname}','{$username}','{$password}','{$email}',{$type}')"); if($result) { $headers = GetHeaders(); $message = "\"Welcome to my website!\"<br /> <br /> Your username is: {$username}<br /> Your password is: {$nonencrypted}<br /> <br /> Signed,<br /> <br /> Me "; mail($email, "Account Creation", $message, $headers); mail("[email]myemailaddress@me.com[/email]", "Account Created", "{$username} has created a new account", $headers); } } function ValidateUser($username, $password) { global $userdbtable; openDatabase(); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $result = QuickQuery("SELECT * FROM {$userdbtable} WHERE username = '{$username}'"); closeDatabase(); if(!mysql_result($result,0,"username"))//Make sure the user exists return "User Does Not Exist"; $temppwd=mysql_result($result,0,"password");//Make sure the passwords match if(sha1($password) != $temppwd) return "Password Does Not Match"; return 1; } function GetUserID($username) { global $userdbtable; openDatabase(); $username = mysql_real_escape_string($username); $result = QuickQuery("SELECT id FROM {$userdbtable} WHERE username = '{$username}'"); closeDatabase(); if($result) return(mysql_result($result,0,"id"));//Get the user id else return 0; return(mysql_result($result,0,"id"));//Get the UserID } function GetUserType($username) { global $userdbtable; openDatabase(); $username = mysql_real_escape_string($username); $result = QuickQuery("SELECT type FROM {$userdbtable} where username = '{$username}'"); closeDatabase(); return(mysql_result($result,0,"type"));//Get the user type } function GetUserEmail($username) { global $userdbtable; openDatabase(); $username = mysql_real_escape_string($username); $result = QuickQuery("SELECT email FROM {$userdbtable} WHERE username = '{$username}'"); closeDatabase(); return(mysql_result($result,0,"email"));//Get the user email } function ConfirmPassword($id, $password) { global $userdbtable; openDatabase(); $password = mysql_real_escape_string($password); $password = sha1($password); $result = QuickQuery("SELECT * FROM {$userdbtable} WHERE id = '{$id}' AND password = '{$password}'"); closeDatabase(); if(!$result) return 0; else return 1; } function ChangePassword($id, $password) { global $userdbtable; openDatabase(); $password = mysql_real_escape_string($password); $password = sha1($password); return QuickQuery("UPDATE {$userdbtable} SET password='{$password}' WHERE id={$id}"); } function ResetPassword($email) { global $userdbtable; openDatabase(); $email = mysql_real_escape_string($email); $result = QuickQuery("SELECT * FROM {$userdbtable} WHERE email = '{$email}'"); $num = mysql_numrows($result); if(!$num) return 0; $user = mysql_result($result, 0, "username"); $email = mysql_result($result, 0, "email"); $randompwd = RandomPwd(); $temp = sha1($randompwd); $headers = GetHeaders(); mail($email, "Blah blah blah. Your newusername is: {$user}, and your new password is: {$randompwd}. ", $headers); if(QuickQuery("UPDATE {$userdbtable} SET password='{$temp}' WHERE email='{$email}'")) return 1; } function RandomPwd() { $length = 10; $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; $string = ""; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } return $string; } ?> [b]Here is the info on index.php for login and registration[/b] [b]Login:[/b] <?php if($_GET['logout'] == 'logout') { session_destroy(); Redirect("index.php"); } if($_POST['submitted'] == "login") { // echo ValidateUser("Jimmy", "password"); //CreateAccount($name, $password, $email, $type); if(ValidateUser($_POST['username'], $_POST['password']) == 1) { $_SESSION['user'] = new cUser; $_SESSION['user']->username = $_POST['username']; $_SESSION['user']->usertype = GetUserType($_POST['username']); $_SESSION['user']->userid = GetUserID($_POST['username']); Redirect("index.php"); } // CreateAccount("test", "test", "[email]me@website.com[/email]", "user"); } ?> [b]Registration[/b] <?php if($_POST['submitted'] == "register") { $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['password']; $confirmpwd = $_POST['confirmpwd']; if(!$firstname) $error = "Invalid First Name"; else if(!$lastname) $error = "Invalid Last Name"; else if(!$username) $error = "Invalid User Name"; else if(!$email) $error = "Invalid Email"; else if(!$password) $error = "Invalid Password"; } ?> <?php if($_POST['submitted'] && !$error) { $result = QuickQuery("SELECT username FROM users WHERE username='{$username}'"); if(mysql_numrows($result) > 0) $error = "Be More Creative. Someone Already is Using That Username."; else { $result = QuickQuery("SELECT email FROM users WHERE email='{$email}'"); if(mysql_numrows($result) > 0) $error = "Email Already Being Used. Maybe you already registered."; else if($confirmpwd != $password) $error = "Matching passwords means the second password must be exactly like this first."; else { CreateAccount($firstname, $lastname, $username, $password, $email, "user"); } } } ?> [b]Both forms are here[/b] <div class="btn-show"> <p>Login</p> </div> <div class="pushup-form"> <div class="btn-close"> Close </div> <div class="clear"> </div> <form action="index.php" method="post"> <p style="font-size:14px">Login</p> <p>Username:<input type="text" name="username" style="font-size:12px;"/></p> <p>Password:<input type="password" name="password" style="font-size:12px;"/></p> <p><input class="login" type="submit" name="submitted" value="login" /></p> <p><a href="pwd.php?pwd=lostpwd" style="font-size:10px">Forgot Username or Password?</a></p> </form> <div class="panel"> <form action="index.php" method="post"> <p>First Name:<input type="text" name="firstname" value="<?php echo $firstname;?>" /></p> <p>Last Name:<input type="text" name="lastname" value="<?php echo $lastname;?>" /></p> <p>Username:<input type="text" name="username" value="<?php echo $username;?>" /></p> <p>Email:<input type="text" name="email" class="clear" value="<?php echo $email;?>" /></p> <p>Password:<input type="password" name="password" value="<?php echo $password;?>" /></p> <p>Confirm Password:<input type="password" name="confirmpwd" value="<?php echo $confirmpwd;?>" /></p> <p class="clear"> <p><input class="register" type="submit" name="submitted" value="register"/></p> </p> </form> </div> <p style="text-align:center;" class="flip">Need to Register?</p> </div> [code] These forms open from the right side of my website by clicking "Register." The top of the form has an option for login and by clicking "Need to Register?" The rest of the form expands. Any ideas? My database is set up correctly. MOD EDIT: code tags added. Hi - I have a form which is populated with values from a DB. This is done by looping through the DB values using a foreach. It works fine. I populate my form with those values. However, I want to be able to amend those values, and then submit the new values back to the DB with 1 single submit button. I don't want a separate submit button for each row of my form. The problem is that because the form is built with a foreach, as the it loops through the variables on each pass of the DB, only the final row of DB are present in the form variables. Question: My 'foreach' approach must be faulty. What is the mechanism or approach I need to use to update the values from the whole form ?? MANY THANKS for all your help !! Hi there, If a form was submitted without any proper method , how can we grab that particular information on the other side ? For example : index.php Code: [Select] <form action="process.php" method=""> Userame: <input type="text" name="userName" /> Password: <input type="password" name="pass" /> <input type="submit" name="submit" value="submit" </form> process.php $userName = $_REQUEST['userName']; $password = $_REQUEST['pass']; echo ("Welcome " . $username . " to our page."); Now what if a user deliberately alters the method, and uses "$_POST or $_GET or Leaves it blank. How can I can make it fool proof on the server side without using the $_REQUEST Global Variable? Is there any other way to grab that submitted information like in $_SERVER Global Variable ? *For those who think the form will not submit without disclosing the method, then they must try this after disabling their Java-script. I hope you understand my question and would reply me in as detail as possible. Thanks I am trying to learn how to program in PHP. For a long time i was using WAMP and my localhost. When i ran into trouble i searched the web, watched videos and eventually find a solution.
Trying to upload my scripts into a shared hosting web server i had some difficulties in basic things, like using $_SESSION superglobal variable.
What i want to do is to use a hidden field with a value inside a form, and after submitting the form, to compare the $_SESSION variable to the $_POST variable in order to check for CSRF.
<?php
//call all custom functions
require_once('Custom_Functions/functions.php');
//session must be send before HTML headers
secure_session_start();
?>
<!DOCTYPE html>
<html lang="en">
<body>
<?php
if(isset($_POST['submit']))
{
$postvalue = $_POST['input1'];
$sessionvalue = $_SESSION['hashed_token'];
echo '<br />==========================<br />';
echo '<br />AFTER PRESSING SUBMIT<br />';
echo '<br />==========================<br />';
echo 'Value of $_POST["hashed_token"] = '.$postvalue.'<br />';
echo 'Value of $_SESSION["hashed_token"] = '.$sessionvalue.'<br />';
}
$hashed_token = hash('sha256', uniqid(mt_rand(), TRUE));
$_SESSION['hashed_token'] = $hashed_token;
echo '<br />==========================<br />';
echo '<br />BEFORE PRESSING SUBMIT<br />';
echo '<br />==========================<br />';
echo '<br />Value of $_SESSION["hashed_token"] = '.$hashed_token.'<br />';
?>
<form action="" method="POST">
<input type="hidden" name="input1" value="<?php echo $hashed_token; ?>" />
<p><input type="submit" name="submit" /></p>
</form>
</body>
</html>
In this script i have 1 custom function:
a) secure_session_start()
function secure_session_start(){
//Set a custom session name
$session_name = 'TESTSESSID';
ini_set('session.use_only_cookies', 1);
ini_set('session.entropy_file', '/dev/urandom');
if (in_array('sha512', hash_algos())) {
ini_set('session.hash_function', 'sha256');
}
ini_set('session.use_trans_sid', 0);
ini_set('session.hash_bits_per_character', 5);
ini_set('session.cookie_secure', 1);
$secure = TRUE;
$httponly = TRUE;
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly);
session_name($session_name);
ini_set("session.save_path", "/home/SESSIONS");
session_start();
}
The procedure goes as follows:
FIRST COMMUNICATION WITH THE SERVER:
The superglobal variable $_SESSION['hashed_token'] is assigned the random hash value, which is then passed to the hidden input field. I then echo it.
RESULT:
==========================BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc SECOND COMMUNICATION WITH THE SERVER: The user press the submit button, the script then checks if the submit button is pressed, and gets in the if statement(because is TRUE). Then i collect the $_POST and $_SESSION values and echo them. New random hash is assigned to the $_SESSION superglobal variable. RESULT: ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc Value of $_SESSION["hashed_token"] = 8f176aeb3a09a1b30e0ea862c78625d7c11743da933d366cface3fa238388e57 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = c3442382b146f03394ad86911018247c57fa19d4a653d0bf6bb9bc7506e88ca0 For me this is very weird. The random hash is assigned to the $_SESSION variable, but when i try to call it after the submit is pressed its giving me a complete different value. If i remove the function secure_session_start() and just use session_start() it works: RESULT (using session_start() ) ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 Value of $_SESSION["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = e2d4acc239a747217860d71a80553abd41142dbeb8f6fafab511caff8a081fc4 Any ideas why this is happening? The problem is inside the secure_session_start() function but i cant find out why. Also, when i use the secure_session_start() function and more specifically the ini_set("session.save_path", "/home/SESSIONS"); i am forcing the session to be stored inside the /home/SESSIONS folder. But when i only use the session_start() the session i still gets stored inside that path. I checked my .htaccess and there is nothing storing the sessions in that folder. Why is that? One last thing: When using FIREBUG-->Cookies is see 2 names: the custom one (TESTSESSID) and PHPSESSID(which is the default). Shouldnt i only see the custom session name only? Thanks in advance. Got this page, a player clicks the "accept challenge" button, then it is recorded in the database that the challenge as been started and once the form has been self submitted, the button is disabled. It does what I expect, but I have to refresh the page again for the button to be displayed as disabled. How can I do it so the page is changed once the form has been submitted? Code: [Select] <?php session_start();what but after clicking a button I have to refresh the page again, before the button is displayed as disabled include('functions.php'); connect(); ?> <!DOCTYPE html> <html> <head> <title>University Crusade</title> <link rel="stylesheet" href="css/style.css" type="text/css" media="screen"> <meta name="viewport" content="width=device-width, minimum-scale=1,maximum-scale=1, user-scalable=no"> </head> <body> <?php if (isset($_SESSION['userid'])) { include('safe.php'); if (isset($_POST['start1'])) { mysql_query("UPDATE chal1 SET start1=1 WHERE userid='".$_SESSION['userid']."'") or die ("Could not update start1"); } if (isset($_POST['start2'])) { mysql_query("UPDATE chal1 SET start2=1 WHERE userid='".$_SESSION['userid']."'") or die ("Could not update start2"); } if (isset($_POST['start3'])) { mysql_query("UPDATE chal1 SET start3=1 WHERE userid='".$_SESSION['userid']."'") or die ("Could not update start3"); } ?> <ul id="tab-nav"> <li><a href="stats.php" id="tab-character">Character</a></li> <li><a href="games.php" class="active" id="tab-games">Games</a></li> <li><a href="account.php" id="tab-account">Account</a></li> </ul> <div id="wrapper"> <h2 id="name">Select a Challenge</h2> <ul id="table-view"> <li> <fieldset> <legend>"Easter Egg" Challenge</legend> <div id="rewards"> <p class="instructions"> Find each of the 4 "Easter Egg" barcodes around the university campus. </p> <p> Rewards: Every egg is worth <span class="stat">50</span> XP and <span class="stat">35</span> gold coins. </p> </div> <form action="games.php" method="POST"> <?php if ($start1 == 1) { echo "<br />The value is 1"; echo "<button class=\"buttons\" type=\"submit\" name=\"start1\" disabled=\"disabled\">Accept challenge</button>"; } elseif ($start1 == 0) { echo "<br />The value is 0"; echo "<button class=\"buttons\" type=\"submit\" name=\"start1\">Accept challenge</button>"; } ?> </form> </fieldset> </li> <li class="even"> <fieldset> <legend>Increase Strength</legend> <div id="rewards"> <p class="instructions"> You'll find the barcode in the Sports Centre. </p> <p> Rewards: Every time you visit the Sports Centre you'll receive <span class="stat">2</span> Str. points. </p> </div> <form action="games.php" method="POST"> <?php if ($start2 == 1) { echo "<br />The value is 1"; echo "<button class=\"buttons\" type=\"submit\" name=\"start2\" disabled=\"disabled\">Accept challenge</button>"; } elseif ($start2 == 0) { echo "<br />The value is 0"; echo "<button class=\"buttons\" type=\"submit\" name=\"start2\">Accept challenge</button>"; } ?> </form> </fieldset> </li> <li> <fieldset> <legend>Increase Intelligence</legend> <div id="rewards"> <p class="instructions"> You'll find the barcode in the university Library. </p> <p> Rewards: Every time you visit the Library you'll receive <span class="stat">2</span> Int. points. </p> </div> <form action="games.php" method="POST"> <?php if ($start3 == 1) { echo "<br />The value is 1"; echo "<button class=\"buttons\" type=\"submit\" name=\"start3\" disabled=\"disabled\">Accept challenge</button>"; } elseif ($start3 == 0) { echo "<br />The value is 0"; echo "<button class=\"buttons\" type=\"submit\" name=\"start3\">Accept challenge</button>"; } ?> </form> </fieldset> </li> </ul> </div> <div id="footer"> <a class="buttons" href="logout.php">log me out</a> </div> <?php } else { die (" <div id=\"wrapper\"> <p>Opps! You don't seem to be logged in...</p> <a class=\"buttons\" href=\"index.php\">login now</a><br /> <p>Don't have an account? No worries, just <a class=\"buttons\" href=\"register.php\">register for one.</a></p> </div> "); } ?> Thanks This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=316807.0 |
|||||||