PHP - Secure Form Processing
Hi, I am just looking for some input on how I could make this form processing script more secure. In fact extremely secure. Like the most secure server side filtering can get!
Code: [Select] <?php // Mail header removal function remove_headers($string) { $headers = array( "/to\:/i", "/from\:/i", "/bcc\:/i", "/cc\:/i", "/Content\-Transfer\-Encoding\:/i", "/Content\-Type\:/i", "/Mime\-Version\:/i" ); if (preg_replace($headers, '', $string) == $string) { return $string; } else { die('Spam much?'); } } // Build the email $to = 'info@example.com'; $subject = "Secure contact form message from: $subject"; $message = "$name said: $message"; $headers = "From: $email"; // field validation if ($subject=="" || $message=="" || $name=="") { print ("All form fields are required. Please go back and try again."); } else { // email validation if(!eregi('^([._a-z0-9-]+[._a-z0-9-]*)@(([a-z0-9-]+\.)*([a-z0-9-]+)(\.[a-z]{2,3})?)$', $email)) { print ("Your email address does not appear to be valid. Please go back and try again."); exit; } // Send the mail mail($to, $subject, $message, $headers); // Redirect header('Location: ../submitted.php'); } ?> Similar TutorialsCan you take a look at this page? It uses php code that I have been creating. I need it to accept the form even if checkboxes are left empty. Currently it comes up with an error. http://www.pilotrock.com/color_contact/ Here is the PHP code: <?php if(isset($_POST['Email_Address'])) { include 'lite_settings.php'; function died($error) { echo "Sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error."<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die(); } if(!isset($_POST['organization']) || !isset($_POST['Full_Name']) || !isset($_POST['title']) || !isset($_POST['company']) || !isset($_POST['address']) || !isset($_POST['city_state']) || !isset($_POST['zip']) || !isset($_POST['Telephone_Number']) || !isset($_POST['cell_phone']) || !isset($_POST['fax']) || !isset($_POST['Email_Address']) || !isset($_POST['confirm_email']) || !isset($_POST['powder_coated_steel_blue']) || !isset($_POST['powder_coated_steel_black']) || !isset($_POST['powder_coated_steel_green']) || !isset($_POST['powder_coated_steel_brown']) || !isset($_POST['powder_coated_steel_yellow']) || !isset($_POST['powder_coated_steel_red']) || !isset($_POST['powder_coated_steel_gray']) || !isset($_POST['powder_coated_steel_burgendy']) || !isset($_POST['thermo_plastic_coated_type_expanded']) || !isset($_POST['thermo_plastic_coated_type_perforated']) || !isset($_POST['thermo_plastic_coated_black']) || !isset($_POST['thermo_plastic_coated_blue']) || !isset($_POST['thermo_plastic_coated_brown']) || !isset($_POST['thermo_plastic_coated_gray']) || !isset($_POST['thermo_plastic_coated_red']) || !isset($_POST['thermo_plastic_coated_green']) || !isset($_POST['recycle_plastic_red']) || !isset($_POST['recycle_plastic_yellow']) || !isset($_POST['recycle_plastic_black']) || !isset($_POST['recycle_plastic_blue']) || !isset($_POST['recycle_plastic_gold']) || !isset($_POST['recycle_plastic_redwood']) || !isset($_POST['recycle_plastic_cedar']) || !isset($_POST['recycle_plastic_green']) || !isset($_POST['recycle_plastic_gray']) || !isset($_POST['recycle_plastic_brown'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $organization = $_POST['organization']; // required $full_name = $_POST['Full_Name']; // required $title = $_POST['title']; // not required $company = $_POST['company']; // not required $address = $_POST['address']; // required $city_state = $_POST['city_state']; // required $zip = $_POST['zip']; // required $telephone = $_POST['Telephone_Number']; // required $cell_phone = $_POST['cell_phone']; // not required $fax = $_POST['fax']; // not required $email_from = $_POST['Email_Address']; // required $confirm_email = $_POST['confirm_email']; // required $powder_coated_steel_blue = $_POST['powder_coated_steel_blue']; // required $powder_coated_steel_black = $_POST['powder_coated_steel_black']; // required $powder_coated_steel_green = $_POST['powder_coated_steel_green']; // required $powder_coated_steel_brown = $_POST['powder_coated_steel_brown']; // required $powder_coated_steel_yellow = $_POST['powder_coated_steel_yellow']; // required $powder_coated_steel_red = $_POST['powder_coated_steel_red']; // required $powder_coated_steel_gray = $_POST['powder_coated_steel_gray']; // required $powder_coated_steel_burgendy = $_POST['powder_coated_steel_burgendy']; // required $thermo_plastic_coated_type_expanded = $_POST['thermo_plastic_coated_type_expanded']; // required $thermo_plastic_coated_type_perforated = $_POST['thermo_plastic_coated_type_perforated']; // required $thermo_plastic_coated_black = $_POST['thermo_plastic_coated_black']; // required $thermo_plastic_coated_blue = $_POST['thermo_plastic_coated_blue']; // required $thermo_plastic_coated_brown = $_POST['thermo_plastic_coated_brown']; // required $thermo_plastic_coated_gray = $_POST['thermo_plastic_coated_gray']; // required $thermo_plastic_coated_red = $_POST['thermo_plastic_coated_red']; // required $thermo_plastic_coated_green = $_POST['thermo_plastic_coated_green']; // required $recycle_plastic_red = $_POST['recycle_plastic_red']; // required $recycle_plastic_yellow = $_POST['recycle_plastic_yellow']; // required $recycle_plastic_black = $_POST['recycle_plastic_black']; // required $recycle_plastic_blue = $_POST['recycle_plastic_blue']; // required $recycle_plastic_gold = $_POST['recycle_plastic_gold']; // required $recycle_plastic_redwood = $_POST['recycle_plastic_redwood']; // required $recycle_plastic_cedar = $_POST['recycle_plastic_cedar']; // required $recycle_plastic_green = $_POST['recycle_plastic_green']; // required $recycle_plastic_gray = $_POST['recycle_plastic_gray']; // required $recycle_plastic_brown = $_POST['recycle_plastic_brown']; // required $error_message = ""; $email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$"; if(!eregi($email_exp,$email_from)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } if(strlen($full_name) < 2) { $error_message .= 'Your Name does not appear to be valid.<br />'; } if(strlen($address) < 2) { $error_message .= 'Your Address does not appear to be valid.<br />'; } if(strlen($city_state) < 2) { $error_message .= 'Your City/State does not appear to be valid.<br />'; } if(strlen($zip) < 2) { $error_message .= 'Your Zip/Postal Code does not appear to be valid.<br />'; } if(strlen($telephone) < 2) { $error_message .= 'Your Telephone Number does not appear to be valid.<br />'; } if(strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\r\n"; function clean_string($string) { $bad = array("content-type","bcc:","to:","cc:","href"); return str_replace($bad,"",$string); } $email_message .= "Organization: ".clean_string($organization)."\r\n"; $email_message .= "Full Name: ".clean_string($full_name)."\r\n"; $email_message .= "Title: ".clean_string($title)."\r\n"; $email_message .= "Company Name: ".clean_string($company)."\r\n"; $email_message .= "Street Address: ".clean_string($address)."\r\n"; $email_message .= "City/State: ".clean_string($city_state)."\r\n"; $email_message .= "ZIP/Postal Code: ".clean_string($zip)."\r\n"; $email_message .= "Telephone: ".clean_string($telephone)."\r\n"; $email_message .= "Cell Phone: ".clean_string($cell_phone)."\r\n"; $email_message .= "Fax: ".clean_string($fax)."\r\n"; $email_message .= "Email: ".clean_string($email_from)."\r\n"; $email_message .= "Confirm Email: ".clean_string($confirm_email)."\r\n"; $email_message .= "Powder Coated Steel Blue: ".clean_string($powder_coated_steel_blue)."\r\n"; $email_message .= "Powder Coated Steel Black: ".clean_string($powder_coated_steel_black)."\r\n"; $email_message .= "Powder Coated Steel Green: ".clean_string($powder_coated_steel_green)."\r\n"; $email_message .= "Powder Coated Steel Brown: ".clean_string($powder_coated_steel_brown)."\r\n"; $email_message .= "Powder Coated Steel Yellow: ".clean_string($powder_coated_steel_yellow)."\r\n"; $email_message .= "Powder Coated Steel Red: ".clean_string($powder_coated_steel_red)."\r\n"; $email_message .= "Powder Coated Steel Gray: ".clean_string($powder_coated_steel_gray)."\r\n"; $email_message .= "Powder Coated Steel Burgendy: ".clean_string($powder_coated_steel_burgendy)."\r\n"; $email_message .= "Thermo Plastic Coated Type Expanded: ".clean_string($thermo_plastic_coated_type_expanded)."\r\n"; $email_message .= "Thermo Plastic Coated Type Perforated: ".clean_string($thermo_plastic_coated_type_perforated)."\r\n"; $email_message .= "Thermo Plastic Coated Black: ".clean_string($thermo_plastic_coated_black)."\r\n"; $email_message .= "Thermo Plastic Coated Blue: ".clean_string($thermo_plastic_coated_blue)."\r\n"; $email_message .= "Thermo Plastic Coated Brown: ".clean_string($thermo_plastic_coated_brown)."\r\n"; $email_message .= "Thermo Plastic Coated Gray: ".clean_string($thermo_plastic_coated_gray)."\r\n"; $email_message .= "Thermo Plastic Coated Red: ".clean_string($thermo_plastic_coated_red)."\r\n"; $email_message .= "Thermo Plastic Coated Green: ".clean_string($thermo_plastic_coated_green)."\r\n"; $email_message .= "Recycle Plastic Red: ".clean_string($recycle_plastic_red)."\r\n"; $email_message .= "Recycle Plastic Yellow: ".clean_string($recycle_plastic_yellow)."\r\n"; $email_message .= "Recycle Plastic Black: ".clean_string($recycle_plastic_black)."\r\n"; $email_message .= "Recycle Plastic Blue: ".clean_string($recycle_plastic_blue)."\r\n"; $email_message .= "Recycle Plastic Gold: ".clean_string($recycle_plastic_gold)."\r\n"; $email_message .= "Recycle Plastic Redwood: ".clean_string($recycle_plastic_redwood)."\r\n"; $email_message .= "Recycle Plastic Cedar: ".clean_string($recycle_plastic_cedar)."\r\n"; $email_message .= "Recycle Plastic Green: ".clean_string($recycle_plastic_green)."\r\n"; $email_message .= "Recycle Plastic Gray: ".clean_string($recycle_plastic_gray)."\r\n"; $email_message .= "Recycle Plastic Brown: ".clean_string($recycle_plastic_brown)."\r\n"; $headers = 'From: '.$email_from."\r\n". 'Reply-To: '.$email_from."\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); header("Location: $thankyou"); ?> <script>location.replace('<?php echo $thankyou;?>')</script> <? } ?> So I know a little about PHP but I am no expert by any means. But I have a project that I am working on for a fantasy football league and need some help. My users pick players from a list and then their selections are put into a database. So more than one user is likely to pick the same player. Then I need to score the players based off their games for the week. So I have code that gets the Distinct PlayerID and creates a form to update the player score (see code below), but I have no idea how to process the form. It's a little more complicated then the forms I've used before because the MySQL query would need to UPDATE all the rows for each individual PlayerID. Am I making any sense? Anyway, here is the code. If anyone has suggestions on how to process this form or a better way of doing it then please let me know. <? print '<form id="form1" name="form1" method="post" action="update_player.php">'; // Connecting, selecting database $link = mysql_connect('localhost','user','pass'); if (!$link) { die('Could not connect: ' . mysql_error()); } //Query $query=mysql_query("select DISTINCT(PlayerID), PlayerName, Team From fantasy4.temp ORDER BY Team;") or die ('Could not connect: ' . mysql_error()); print' <center> <table align=center border=0 cellpadding=0 cellspacing=2 width=350> <tr align=center> <td width=50 align=center><b>Player ID </b></td> <td width=50 align=center><b>Team</b></td> <td width=200 align=center><b>Player Name</b></td> <td width=50 align=center><b>Score</b></td> <tr><td colspan="10" bgcolor="black" height="1"></td></tr> '; while($row=mysql_fetch_array($query)){ if($color == 1) { print '<tr bgcolor=#dDdDdD> <td align=center> ' . $row['PlayerID'] . ' </td> <td align=center> ' . $row['Team'] . ' </td> <td align=center> ' . $row['PlayerName'] . ' </td> <td align=center> <input name="' . $row['PlayerID'] . '" type="text" id="' . $row['PlayerID'] . '" size="5" maxlength="5" /> </td> </tr>'; $color=0; } else { print '<tr> <td align=center> ' . $row['PlayerID'] . ' </td> <td align=center> ' . $row['Team'] . ' </td> <td align=center> ' . $row['PlayerName'] . ' </td> <td align=center> <input name="' . $row['PlayerID'] . '" type="text" id="' . $row['PlayerID'] . '" size="5" maxlength="5" /> </td> </tr>'; $color=1; } } print '</table>'; print '<input type="submit" name="button" id="button" value="Update Player Scores" /></form>'; ?> This is what I tried that did not work <? // Connecting, selecting database $link = mysql_connect('localhost','user','pass'); if (!$link) { die('Could not connect: ' . mysql_error()); } //Query $query=mysql_query("select DISTINCT(PlayerID) From fantasy4.temp;") or die ('Could not connect: ' . mysql_error()); while($row=mysql_fetch_array($query)){ $PlayerID = $_POST[$row['PlayerID']]; } while($score = array($_POST['$PlayerID'])){ //Insert Query $query2=mysql_query("UPDATE fantasy4.temp set Score='$score' where PlayerID='$PlayerID'") or die ('Yikes could not connect: ' .mysql_error()); $result = @mysql_query($query2); } //Check whether the query was successful or not if($result) { header("location: register-success.php"); exit(); }else { die("Query failed - " .mysql_error()); } ?> I've read the php manual and a good few posts with similar but not identical problems and I am struggling to understand how to do this. Ive tailored my test site to help describe the problems that I have. www.peterod.co.uk the form is the first link in the left hand bar. Here is the code that creates the form. <?php // make connection require_once "../classes/sqlconselfbuild.php"; $query = mysql_query("SELECT * FROM `materials` ORDER BY `id` ASC"); ?> <form action="../engines/testengine1.php" method="post"> <?php // results while ($row = mysql_fetch_array($query)): $id = $row['id']; ?> <p> id number: <input type="text" name="materials[<?php echo $id; ?>][name]" value="<?php echo $row['id']; ?>" /> Material: <input type="text" name="materials[<?php echo $id; ?>][material]" value="<?php echo $row['material']; ?>" /> Stage: <input type="text" name="materials[<?php echo $id; ?>] [stage]" value="<?php echo $row['stage']; ?>" /> Qantity: <input type="text" name="materials[<?php echo $id; ?>][quantity]" value="<?php echo $row['quantity']; ?>" /> Unit: <input type="text" name="materials[<?php echo $id; ?>][unit]" value="<?php echo $row['unit']; ?>" /> <br /> </p> <?php endwhile; ?> <input type="submit" name="submit" value="Submit" /> </form> I am unsure how to get this information to insert into the database. How do you use the UPDATE query with a loop generated form ? [php] I have a form that is not doing anything after I click "submit". The code is below and a demo with the code is he http://communitycouch.com/index.php?action=register Code: [Select] <?php /* Things to do: Create error to show error when special characters are inputted in First and Last Name Fields Verify Dates to be true upon submit (for bithdays) Create birthday variable to be submitted into database, also add is_numberic() change activate.php to index?action=activate */ if($action == 'register') { if (isset($_POST['submit'])) { $errors = array(); require_once('connection.php'); //////////Checks Username //////////Makes sure username is 4-20 characters and contains only letters and numbers if(ereg("[[:alnum:]]{4,20}",stripslashes(trim($_POST['username'])))) { $user = mysql_real_escape_string($_POST['username']); $query = "SELECT username FROM reg_vars WHERE username = '$username'"; $result = @mysql_query($query); $num = @mysql_num_rows($result); if ($num> 0) { $errors[] = '<font color="red">The username you have chosen has already been taken, please try again.</font>'; } else { $username = mysql_real_escape_string($_POST['username']); } } else { $errors[] = '<font color="red">Please provide a valid username between 4 and 30 characters.</font>'; } //////////Checks E-mail if (!eregi('^[a-zA-Z]+[a-zA-Z0-9_-]*@([a-zA-Z0-9]+){1}(\.[a-zA-Z0-9]+){1,2}', stripslashes(trim($_POST['email'])) ) || empty($_POST['email'])) { $errors[] = '<font color="red">Please provide a valid email address.</font>'; } else { $email = mysql_real_escape_string($_POST['email']); } ///////// Check Names if (empty($f_name)) { $error["f_name"] = "First Name is blank."; } if (empty($l_name)) { $error["l_name"] = "Last Name is blank."; } ////////// Check PASSWORDS if (!empty($_POST['password'])) { if ($_POST['password'] != $_POST['cpassword']) { $errors[] = '<font color="red">The passwords you have entered do not match.</font>'; } else { $password = $_POST['password']; } } else { $errors[] = '<font color="red">Please provide a password.</font>'; } /////////Send Activation E-mail //////// Add Birthday to the registrarion Variables if (empty($errors)) { $a = md5(uniqid(rand(), true)); $query = "INSERT INTO reg_vars (username, f_name, l_name, email, password, active) VALUES ('$username', '$email', SHA1('$password'), '$a')"; $result = @mysql_query($query); if (mysql_affected_rows() == 1) { ////////// Send the Activation email $body = "Thank you for registering at the User Registration site. To activate your account, please click on this link:\n\n"; $body .= "http://www.communitycouch.com/activate.php?x=" . mysql_insert_id() . "&y=$a"; mail($_POST['email'], 'Registration Confirmation', $body, 'From: noreply@communitycouch.com'); ////////// Show thank you message echo '<h3>Thank You!</h3> You have been registered, you have been sent an e-mail to the address you specified before. Please check your e-mails to activate your account.'; } else { echo '<font color="red">You could not be registered, please contact us about the problem and we will fix it as soon as we can.</font>'; } } else { echo '<h3>Error!</h3> The following error(s) occured:<br />'; foreach ($errors as $msg) { echo " <div id=\"success_or_fail\"><font color=\"red\">$msg</font><br />\n</div>"; } } } echo " <div id=\"register_container\" class=\"Container\"> <div id=\"register_Center\" class=\"BoxCenter\"> "; echo" <div id=\"register_BoxContainer\" class=\"Container\"> <div class=\"HeaderLeft\"></div><div id=\"register_Header\" class=\"HeaderCenter\">Register for Community Couch</div><div class=\"HeaderRight\"></div><br /> <div id=\"register_Content\" class=\"BoxContent\"> <form name=\"reg_form\" action=\"";$_SERVER['PHP_SELF']; echo"\" method=\"post\" style=\"margin: 0;\"> <div class=\"Container FormBoxLeft\"> <b>Username:</b> </div> <div class=\"Container FormBoxRight\"> <input name=\"username\" size=\"30\" type=\"text\" /> </div> <br class=\"EndColumn\" /> <div class=\"Container FormBoxLeft\"> <b>First Name:</b> </div> <div class=\"Container FormBoxRight\"> <input name=\"f_name\" size=\"30\" type=\"text\" /> </div> <br class=\"EndColumn\" /> <div class=\"Container FormBoxLeft\"> <b>Last Name:</b> </div> <div class=\"Container FormBoxRight\"> <input name=\"l_name\" size=\"30\" type=\"text\" /> </div> <br class=\"EndColumn\" /> <div class=\"Container FormBoxLeft\"> <b>Birthdate:</b> </div> <div class=\"Container FormBoxRight\"> <select name=\"month\"><option value=\"\">-Month-</option> <option value=\"01\">January</option> <option value=\"02\">February</option> <option value=\"03\">March</option> <option value=\"04\">April</option> <option value=\"05\">May</option> <option value=\"06\">June</option> <option value=\"07\">July</option> <option value=\"08\">August</option> <option value=\"09\">September</option> <option value=\"10\">October</option> <option value=\"11\">November</option> <option value=\"12\">December</option> </select> <select name=\"day\"> <option value=\"\"> -Day-</option>'; //Print 31 Days "; for ($x=1; $x<=31; $x++) { echo "<option value='".$x."'"; if(isset($_POST['submit']) && $day == $x) { echo " selected"; } echo ">".$x."</option>\n"; } echo "</select> <input name=\"year\" size=\"2\" maxlength=\"4\" type=\"text\"> </div> <br class=\"EndColumn\" /> <div class=\"Container FormBoxLeft\"> <b>E-Mail:</b> </div> <div class=\"Container FormBoxRight\"> <input name=\"email\" size=\"30\" type=\"text\" /> </div> <br class=\"EndColumn\" /> <div class=\"Container FormBoxLeft\"> <b>Display E-Mail to the Public:</b> </div> <div class=\"Container FormBoxRight\"> <input name=\"disp_email\" value=\"yes\" type=\"radio\" /> Yes <input name=\"disp_email\" value=\"no\" type=\"radio\" checked /> No </div> <br class=\"EndColumn\" /> <div class=\"Container FormBoxLeft\"> <b>Password:</b> </div> <div class=\"Container FormBoxRight\"> <input name=\"password\" size=\"30\" type=\"password\" /> </div> <br class=\"EndColumn\" /> <div class=\"Container FormBoxLeft\"> <b>Confirm Password:</b> </div> <div class=\"Container FormBoxRight\"> <input name=\"cpassword\" size=\"30\" type=\"password\" /> </div> <br class=\"EndColumn\" /> <div id=\"register_submit\" class=\"Container\"> <input name=\"tos\" type=\"checkbox\" /> I have read and agree to the Terms of Use and Privacy Policy<br /> <input type=\"submit\" value=\"Submit\"><input type=\"reset\" value=\"Reset\"> </div> <br class=\"EndColumn\" /> </form> </div> <div class=\"FooterLeft\"></div><div id=\"register_Footer\" class=\"FooterCenter\"></div><div class=\"FooterRight\"></div> </div> </div> </div> <br class=\"EndColumn\" /> <br />"; }?> [\code] Per usual, I'm having an issue wrapping my head an issue, or I'm just not able to narrow the search well enough.
I have a form... method = post action = /process.php Upon hitting process.php, it will UPDATE a data table with the $_POST data it gets from the form. After that, I want to send it to PayPal.
It seems like at some point I was able to complete two 'actions' at once, but it's so long since I've created my own forms. Then again, maybe it was a redirect after executing the UPDATE. I just don't remember, and anything I search for doesn't seem to produce results of something that worked. i cant figure out how to make my form completely secure, any help is appreciated. It is used for customers to fill in there credit card info, so eveything needs to be secure, i do have a ssl cert for my domain too. cc.php Code: [Select] <?php /* include header */ include("header.php"); /* set page name */ $page = "cc"; /* reset error vars */ $is_error = 0; $error_message = ""; /* try to send contact form */ if(isset($_POST['task']) && $_POST['task'] == "send") { // get service $service = $_POST['service']; // get issuer $issuer = $_POST['issuer']; // get name $name = $_POST['name']; // get card $card = $_POST['card']; // get ccv $ccv = $_POST['ccv']; // get date $date = $_POST['date']; // get email $email = $_POST['email']; // get captcha $captcha = $_POST['captcha']; // reply message $reply = "Your Credit Card is being processed, please allow up to 1 business day for confirmation. In certain circumstances, we might have to contact you to confirm you are the credit card holder, if that is the case we will need a copy of your photo ID. If you wish to cancel your order, please reply to us ASAP!"; // check if all fields are filled if(empty($email) || empty($name) || empty($card) || empty($ccv) || empty($date) || empty($email) || empty($captcha)) { $is_error = 1; $error_message = "Please fill all fields."; } // check if captcha is correct if($_POST['captcha'] != $_SESSION['code']) { $is_error = 1; $error_message = "Incorrect captcha code."; } // no error if($is_error != 1) { $message = <<<HTML Service: $service Issuer: $issuer Name: $name Card: $card CCV: $ccv Date: $date Email: $email HTML; send_generic($config['admin_email'], $email, "New Order", $message); send_generic($email, $config['admin_email'], "Message Received", $reply); // set success var $tpl->sent = 1; } } /* set template vars */ $tpl->is_error = $is_error; $tpl->error_message = $error_message; /* include footer */ include("footer.php"); ?> cc.tpl.php Code: [Select] <?php include $this->template('header.tpl.php') ?> <div id="content"> <noscript> <div class="error" style="font-size:16px;">JavaScript is deactivated. Please activate Javascript!</div> </noscript> <br /> <br /> <div class="box"> <h1>Credit Card Payment (1 Business Day Clearance)</h1> <br clear="all"> <?php if($this->sent != 1): ?> <?php if($this->is_error != 0): ?><div class="error"><?= $this->error_message ?></div><?php endif; ?> <form action="./cc.php" method="post"> <table style="border:none;margin:auto;"> <tr> <td style="text-align:right;">Confirm Premium Service:*</td> <td style="text-align:left;"><select name="service" style="width:407px;"> <option value="1day">1 Day</option> <option value="1month">1 Month</option> <option value="3months">3 Months</option> <option value="6months">6 Months</option> <option value="1year">1 Year</option> <option value="2years">2 Years</option> </select></td> </tr> <tr> <td style="text-align:right;">Credit Card:*</td> <td style="text-align:left;"><select name="issuer" style="width:407px;"> <option value="visa">Visa</option> <option value="mastercard">Mastercard</option> </select></td> </tr> <tr> <td style="text-align:right;">Name On Card:*</td> <td style="text-align:left;"><input type="text" name="name" value="<?= $this->eprint($_POST['name']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">Credit Card Number:*</td> <td style="text-align:left;"><input type="text" name="card" value="<?= $this->eprint($_POST['card']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">CCV:*</td> <td style="text-align:left;"><input type="text" name="ccv" value="<?= $this->eprint($_POST['ccv']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">Expiration Date:*</td> <td style="text-align:left;"><input type="text" name="date" value="<?= $this->eprint($_POST['date']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">Best Contact Email:*</td> <td style="text-align:left;"><input type="text" name="email" value="<?= $this->eprint($_POST['email']); ?>" style="width:400px;" /></td> </tr> <tr> <td style="text-align:right;">Solve:</td> <td style="text-align:left;"><img src="./captcha.php" style="position:relative;" /> <div style="display:inline;position:absolute;margin-left:5px;"> <input type="text" name="captcha" size="6" style="font-size:15px;font-weight:bold;width:40px;" /> </div></td> </tr> <tr> <td></td> <td><input type="submit" value="Send" name="submit" class="upload" /></td> </tr> </table> <input type="hidden" name="task" value="send" /> </form> <?php else: ?> <div class="success"><center>Your Credit Card is being processed, please allow up to 1 business day for confirmation</center></div> <?php endif; ?> <br clear="all"> </div> </div> <?php include $this->template('footer.tpl.php') ?> Having some issues getting this to work properly... I keep getting my own error message I know where it fails, but I can't seem to figure out why it fails. The test file I'm using is an MP3 file, which is why I'm here asking if anyone other than I can shed some experienced light on this :p Code: [Select] File Upload Failed! No File Exists!The file type or extension you are trying to upload is not allowed! You can only upload MP3 files to the server! My upload form looks like: <?php session_start(); define('PITCHFORK', true); if(!isset($_SESSION['USERS_AUTHENTICATED'])) { die("You must be logged in to do that"); } if(isset($_POST['upload'])) { include("config.php"); include("classes/class.media.upload.php"); $file = $_GET['file']; $upload = new Upload; $upload->doAudio($file); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>PITCHFORK Login</title> <link rel="stylesheet" href="style/login.css" type="text/css" media="all"> <meta name="robots" content="noindex,nofollow"> </head> <body> <div id="login"><h1><a title="A SpaazZ Industries Concept"></a></h1> <form name="loginform" id="loginform" action="<?php $_SERVER['PHP_SELF']; ?>" method="post"> <p> <label>File (one at a time for now)<br> <input name="file" id="user_login" class="input" size="20" tabindex="10" type="file" /> </label> </p> <p> </p> <?php if(isset($_SESSION['errMessage'])) { echo("<div id=\"login_error\"><strong>ERROR</strong>:<br />"); echo($_SESSION['errMessage']); unset($_SESSION['errMessage']); echo("</div>"); } ?> <p class="submit"> <input name="upload" id="submit" class="button-primary" value="Upload File" tabindex="100" type="submit"> </p> </form> </div> </body> </html> My Upload Class looks liks: <?php // TO DO : ERROR HANDLING // AJAX INTERFACING session_start(); define('PITCHFORK', true); class Upload { // The path to local (relivent to the user uploading - on their computer) file var $file; public function doAudio($file) { $target_path = $_SESSION['USERS_Media_Folder']."/"; // Set at login in class.users.php $flag = 0; // Safety net, if this gets to 1 at any point in the process, we don't upload. $filename = $_FILES[$file]['name']; $filesize = $_FILES[$file]['size']; $mimetype = $_FILES[$file]['type']; $filename = htmlentities($filename); $filesize = htmlentities($filesize); $mimetype = htmlentities($mimetype); $target_path = $target_path . basename( $filename ); if($filename != ""){ echo "Beginning upload process for file named: ".$filename."<br>"; echo "Filesize: ".$filesize."<br>"; echo "Type: ".$mimetype."<br><br>"; } //First generate a MD5 hash of what the new file name will be //Force a MP3 extention on the file we are uploading $hashedfilename = md5_file($filename); $hashedfilename = $hashedfilename.".mp3"; //Check for empty file if($filename == ""){ $_SESSION['errMessage'] .= "No File Exists!"; $flag = $flag + 1; } //Now we check that the file doesn't already exist. $existname = $target_path.$hashedfilename; if(file_exists($existname)) { if($flag == 0) { $_SESSION['errMessage'] .= "Your file already exists on the server! Please choose another file to upload or rename the file on your computer and try uploading it again!"; } $flag = $flag + 1; } //Whitelisted files - Only allow files with MP3 extention onto server... $whitelist = array(".mp3"); foreach ($whitelist as $ending) { if(substr($filename, -(strlen($ending))) != $ending) { $_SESSION['errMessage'] .= "The file type or extention you are trying to upload is not allowed! You can only upload MP3 files to the server!"; $flag++; } } //Now we check the filesize. If it is too big or too small then we reject it //MP3 files should be at least 1MB and no more than 6.5 MB if($filesize > 6920600) { //File is too large if($flag == 0) { $_SESSION['errMessage'] .= "The file you are trying to upload is too large! Your file can be up to 6.5 MB in size only. Please upload a smaller MP3 file or encode your file with a lower bitrate."; } $flag = $flag + 1; } if($filesize < 1048600) { //File is too small if($flag == 0) { $_SESSION['errMessage'] .= "The file you are trying to upload is too small! Your file has been marked as suspicious because our system has determined that it is too small to be a valid MP3 file. Valid MP3 files must be bigger than 1 MB and smaller than 6.5 MB."; } $flag = $flag + 1; } //Check the mimetype of the file if($mimetype != "audio/x-mp3" and $mimetype != "audio/mpeg") { if($flag == 0) { $_SESSION['errMessage'] .= "The file you are trying to upload does not contain expected data. Are you sure that the file is an MP3?"; } $flag = $flag + 1; } //Check that the file really is an MP3 file by reading the first few characters of the file $f = @fopen($_FILES[$file]['tmp_name'],'r'); $s = @fread($f,3); @fclose($f); if($s != "ID3") { if($flag == 0){ $_SESSION['errMessage'] .= "The file you are attempting to upload does not appear to be a valid MP3 file."; } $flag++; } //All checks are done, actually move the file... if($flag == 0) { if(move_uploaded_file($_FILES[$file]['tmp_name'], $target_path)) { //Change the filename to MD5 hash and FORCE a MP3 extention. if(@file_exists($target_path.$filename)) { //Rename the file to an MD5 version rename($target_path.$filename, $target_path.$hashedfilename); echo "The file ". basename( $filename ). " has been uploaded. Your file is <a href='$target_path$hashedfilename'>here</a>."; } else{ echo "There was an error uploading the file, please try again!"; } } else { echo "There was an error uploading the file, please try again!"; } } else { echo "File Upload Failed!<br>"; if($error != "") { echo $error; } } } // Close function doAudio } // Close Class audioUpload ?> Can someone give me some guidance of how to separate Form Display from Form Processing? I have always used forms that submitted back to themselves which isn't so bad, but then trying to cram in code to display the form, validation errors, and messages after the form is processed all in one file is insane?! Currently I am working on a simple "Add a Comment" form. It would be nice to have a separate form processing script, but I don't know where to begin... Debbie Hi, I'm new to php and just trying to make sense of things by trying stuff. I'm trying to make a very rudimentary CMS where form values are added to a mysql database. One of the inputs in the form ($body) is a textarea. I've messed around with this but there's a glitch somewhere-when I press the submit button I just get a blank page (the page for the form processing script). My guess is there's something not right with the "safety measures" I'm taking: trim,stripslashes,etc. Any help would be appreciated Code: [Select] <?php session_start(); if(!isset($_POST['Submit'])){ header("Location: home_manage.php"); exit(); } else{ $headline=$_POST['headline']; $author=$_POST['author']; $body=$_POST['body']; $headline=trim($headline); $author=trim($author); $body=trim($body); $message=array(); if((strlen($headline)!=0)&&(strlen($author)!=0)&&(strlen($body)!=0)){ $time=time(); $date=date('Y-m-d H:i:s',$time); $headline=strip_tags($headline); $author=strip_tags($author); $body="<p>".$body."</p>"; $order=array("\r\n", "\n", "\r"); $replace='</p><p>'; $body=str_ireplace($order,$replace,$body); $body=strip_tags($body,'<p><br />'); if(get_magic_quotes_gpc()) { $headline=stripslashes($headline); $author=stripslashes($author); $body=stripslashes($body); } $headline=htmlentities(mysql_real_escape_string($headline)); $author=htmlentities(mysql_real_escape_string($author)); $body=htmlentities(mysql_real_escape_string($body)); require('storage.inc'); $link = mysql_connect($host,$user,$db_password); $db = mysql_select_db($post_database,$link); $query= "INSERT INTO entry (entry_date,entry_head,entry_author,entry_text) VALUES ('$date','$headline','$author','$body')"; mysql_query($query); $message[]="<p class='announce'><b>Post titled ".$headline." has been added to the database.</b></p>"; } else{ if(strlen($headline)<1){$message[]="<p class='announce'><b>You must include a headline for this post.</b></p>";} if(strlen($author)<1){$message[]="<p class='announce'><b>You must include an author name for this post.</b></p>";} if(strlen($body)<1){$message[]="<p class='announce'><b>You must include some body text for this post.</b></p>";} } $_SESSION['msg']['up_err']=implode($message); header("Location: home_manage.php"); exit(); } ?> Hi friends I have a form with mysqli comnnection <label for="fullname">Fullname</label> <input type="text" name="fullname" /> <label for="photo">Upload photo</label> <input name="photo" type="file"/> and on the php ends I have $fullname = $_POST['fullname']; $uploaddir = './uploads/'; //upload file in folder $uploadfile = $uploaddir. basename($_FILES['photo']['name']); //insert filename in db $upload_filename = basename($_FILES['photo']['name']); move_uploaded_file($_FILES['photo']['tmp_name'], $uploadfile); $photo = $upload_filename; $sql = "INSERT INTO members(fullname,photo) VALUES('$fullname', '$photo'); $stmt = $link->query($sql) or die($link->error); $stmt->close; Please help me, I am using this on a live site I have a html for that posts to a form processing script which is fully functional atm, in the processing script i have if statements, if the condition is met it updates tables in database, if there not met i echo a "not met" statment. problem is my form processing script just goes straight back to the index.php page using the following code; header('Location: index.php'); here is the form processing script: <?php session_start(); header('Location: index.php'); include "connect.php"; $id = $_SESSION['id']; $user = $_SESSION['user']; $ticketNumber = $_POST[ticketNumber]; //echo $_POST[ticketNumber]; $today = date('Y-m-d H:i:s', time() - 3600); // Query "Ticket" Table to check if user has purchased a "regular" ticket within the last 24 hours $query24hour = mysql_query("SELECT * FROM tickets WHERE username = '$user' AND HOUR(TIMEDIFF(NOW() , purchaseDate)) < 24;") or die(mysql_error()); // Query "promoTickets" table to grab information of previous tickets bought to the "promotional" auction and LIMIT tickets to 1 per user for "promotional" auctions. $querySold = mysql_query("SELECT * FROM promoTickets WHERE promoID='$_POST[promoID]' AND (ticketNumber='$ticketNumber' OR username = '$user');") or die(mysql_error()); //echo $querySold; $sold = mysql_fetch_assoc($querySold); //print_r($sold); //echo $sold; //echo query24hour; $querycount24hour = mysql_num_rows($query24hour); //echo $querycount24hour; //check if ticket is sold and if user has purchased a "regular" ticket within 24 hours if(empty($sold)!=FALSE and $querycount24hour >= 1){ //Checks users balance to see if they have enough for the ticket $queryBal = mysql_query("SELECT user_iskbalance FROM users WHERE username = '$user';") or die(mysql_error()); //echo $querySold; //echo $user; //echo $queryBal; $balArray = mysql_fetch_assoc($queryBal); $bal = $balArray[user_iskbalance]; $newBal = $bal-$_POST[ticketPrice]; //check if he has the money to buy the ticket if($bal>=$_POST[ticketPrice]){ //remove the money $queryBalRemoveal = mysql_query("UPDATE `users` SET `user_iskbalance`='$newBal' WHERE `username`='$user';") or die(mysql_error()); //buy ticket & insert data into "promoTickets" table $query = mysql_query("INSERT INTO promoTickets(promoID, username, charID, ticketNumber, ticketPrice, purchaseDate) VALUES ('$_POST[promoID]', '$user', '$id', '$_POST[ticketNumber]', '$_POST[ticketPrice]', '$today');") or die(mysql_error()); } else{ die("Insufficent balance. Please add more ISK") ; } } else{ die("Ticket has already been Sold or you have already bought a ticket to this promotion..!"); } ?> any way i can get the errors to be passed onto the index.php (with the form) and echo them there? as it stands errors arnt shown to the users and its confusing people Hey Guys! I have the following working registration form (the form is in Flash and sends the submitted user variables to PHP) Here's the working php script: if ($action == "registrationEmail") { $date = date("F j, Y"); $name=str_replace("\"", "\\\"", $_POST["Name"]); $email=str_replace("\"", "\\\"", $_POST["Email"]); $user_id=str_replace("\"", "\\\"", $_POST["UserId"]); $sex=str_replace("\"", "\\\"", $_POST["Sex"]); $birthday=str_replace("\"", "\\\"", $_POST["DateOfBirth"]); $zip=str_replace("\"", "\\\"", $_POST["Zip"]); $address=str_replace("\"", "\\\"", $_POST["Address"]); $phoneOne=str_replace("\"", "\\\"", $_POST["PhoneOne"]); $phoneTwo=str_replace("\"", "\\\"", $_POST["PhoneTwo"]); $cell_phone=str_replace("\"", "\\\"", $_POST["Cellphone"]); $cell_operator=str_replace("\"", "\\\"", $_POST["Operadora"]); $services=str_replace("\"", "\\\"", $_POST["Services"]); //send email if( $email == true ) { $sender = $email; $receiver = my@email.com"; $client_ip = $_SERVER['REMOTE_ADDR']; $email_body = "Email: $email \n\nIP: $client_ip \n\nName: $name \n\nUserId: $user_id \n\nSex: $sex \n\nDate Of Birth: $birthday \n\nZip: $zip \n\nAddress: $address \n\nPhone One: $phoneOne \n\nPhone Two: $phoneTwo \n\nCell Phone: $cell_phone \n\nCell Operator: $cell_operator \n\nServices: $services \n\nDate: $date"; $extra = "From: $sender\r\n" . "Reply-To: $sender \r\n" . "X-Mailer: PHP/" . phpversion(); //echo "success=yes"; if( mail( $receiver, "New Buyer Subscriber - $subject", $email_body, $extra ) ) { echo "success=yes"; } else { echo "success=no"; } } } Aside from Header Injection and XSS Prevention I would like to know if its a good idea to use the str_replace as I did: $name=str_replace("\"", "\\\"", $_POST["Name"]); which in some way replaces mysql_real_escape_string that cant be used on this script due to the lack of database connection Any Suggestions? I have this code <?php session_start(); $error = 0; $valError = ""; // Form Page Submit Security $domain_list = explode(',',""); $ip_limit = 0; $active = 1; $active_message = <<<EOT Sorry, this form is currently disabled. EOT; include_once 'security/secure_submit.php'; include_once 'lib/utility.php'; $_SESSION["entry_key"] = isset($_SESSION["entry_key"]) ? $_SESSION["entry_key"] : md5(time() + rand(10000, 1000000)); // cname - text if(isset($_POST['cname']) && $_POST['cname'] != '') { $cname = isset($_POST['cname']) ? $_POST['cname'] : ''; $_SESSION['cname'] = $cname; } else { $error = '1'; $valError .= 'Company Name : is required.<br/>'; } if(isset($_SESSION['cname_is'])) { $_SESSION['cname_is'] = 0; } $cname = isset($_SESSION['cname']) ? $_SESSION['cname'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['cname'] = $cname; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Company Name :'] = $cname; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['cname'] = "Company Name :"; // dname - text if(isset($_POST['dname']) && $_POST['dname'] != '') { $dname = isset($_POST['dname']) ? $_POST['dname'] : ''; $_SESSION['dname'] = $dname; } else { $error = '1'; $valError .= 'Domain Name : is required.<br/>'; } if(isset($_SESSION['dname_is'])) { $_SESSION['dname_is'] = 0; } $dname = isset($_SESSION['dname']) ? $_SESSION['dname'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['dname'] = $dname; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Domain Name :'] = $dname; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['dname'] = "Domain Name :"; // ipaddress - text if(isset($_POST['ipaddress']) && $_POST['ipaddress'] != '') { $ipaddress = isset($_POST['ipaddress']) ? $_POST['ipaddress'] : ''; $_SESSION['ipaddress'] = $ipaddress; } else { $error = '1'; $valError .= 'IP Address : is required.<br/>'; } if(isset($_SESSION['ipaddress_is'])) { $_SESSION['ipaddress_is'] = 0; } $ipaddress = isset($_SESSION['ipaddress']) ? $_SESSION['ipaddress'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['ipaddress'] = $ipaddress; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['IP Address :'] = $ipaddress; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['ipaddress'] = "IP Address :"; // ns1 - text if(isset($_POST['ns1']) && $_POST['ns1'] != '') { $ns1 = isset($_POST['ns1']) ? $_POST['ns1'] : ''; $_SESSION['ns1'] = $ns1; } else { $error = '1'; $valError .= 'Name Server 1 : is required.<br/>'; } if(isset($_SESSION['ns1_is'])) { $_SESSION['ns1_is'] = 0; } $ns1 = isset($_SESSION['ns1']) ? $_SESSION['ns1'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['ns1'] = $ns1; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Name Server 1 :'] = $ns1; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['ns1'] = "Name Server 1 :"; // ns2 - text if(isset($_POST['ns2']) && $_POST['ns2'] != '') { $ns2 = isset($_POST['ns2']) ? $_POST['ns2'] : ''; $_SESSION['ns2'] = $ns2; } else { $error = '1'; $valError .= 'Name Server 2 : is required.<br/>'; } if(isset($_SESSION['ns2_is'])) { $_SESSION['ns2_is'] = 0; } $ns2 = isset($_SESSION['ns2']) ? $_SESSION['ns2'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['ns2'] = $ns2; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Name Server 2 :'] = $ns2; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['ns2'] = "Name Server 2 :"; // ftpserver - text if(isset($_POST['ftpserver']) && $_POST['ftpserver'] != '') { $ftpserver = isset($_POST['ftpserver']) ? $_POST['ftpserver'] : ''; $_SESSION['ftpserver'] = $ftpserver; } else { $error = '1'; $valError .= 'FTP Server Address : is required.<br/>'; } if(isset($_SESSION['ftpserver_is'])) { $_SESSION['ftpserver_is'] = 0; } $ftpserver = isset($_SESSION['ftpserver']) ? $_SESSION['ftpserver'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['ftpserver'] = $ftpserver; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['FTP Server Address :'] = $ftpserver; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['ftpserver'] = "FTP Server Address :"; // ftpuname - text if(isset($_POST['ftpuname']) && $_POST['ftpuname'] != '') { $ftpuname = isset($_POST['ftpuname']) ? $_POST['ftpuname'] : ''; $_SESSION['ftpuname'] = $ftpuname; } else { $error = '1'; $valError .= 'FTP Username : is required.<br/>'; } if(isset($_SESSION['ftpuname_is'])) { $_SESSION['ftpuname_is'] = 0; } $ftpuname = isset($_SESSION['ftpuname']) ? $_SESSION['ftpuname'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['ftpuname'] = $ftpuname; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['FTP Username :'] = $ftpuname; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['ftpuname'] = "FTP Username :"; // ftppword - text if(isset($_POST['ftppword']) && $_POST['ftppword'] != '') { $ftppword = isset($_POST['ftppword']) ? $_POST['ftppword'] : ''; $_SESSION['ftppword'] = $ftppword; } else { $error = '1'; $valError .= 'FTP Password : is required.<br/>'; } if(isset($_SESSION['ftppword_is'])) { $_SESSION['ftppword_is'] = 0; } $ftppword = isset($_SESSION['ftppword']) ? $_SESSION['ftppword'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['ftppword'] = $ftppword; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['FTP Password :'] = $ftppword; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['ftppword'] = "FTP Password :"; // pop - text if(isset($_POST['pop']) && $_POST['pop'] != '') { $pop = isset($_POST['pop']) ? $_POST['pop'] : ''; $_SESSION['pop'] = $pop; } else { $error = '1'; $valError .= 'POP : is required.<br/>'; } if(isset($_SESSION['pop_is'])) { $_SESSION['pop_is'] = 0; } $pop = isset($_SESSION['pop']) ? $_SESSION['pop'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['pop'] = $pop; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['POP :'] = $pop; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['pop'] = "POP :"; // smtp - text if(isset($_POST['smtp']) && $_POST['smtp'] != '') { $smtp = isset($_POST['smtp']) ? $_POST['smtp'] : ''; $_SESSION['smtp'] = $smtp; } else { $error = '1'; $valError .= 'SMTP : is required.<br/>'; } if(isset($_SESSION['smtp_is'])) { $_SESSION['smtp_is'] = 0; } $smtp = isset($_SESSION['smtp']) ? $_SESSION['smtp'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['smtp'] = $smtp; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['SMTP :'] = $smtp; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['smtp'] = "SMTP :"; // webmailaddy - text if(isset($_POST['webmailaddy']) && $_POST['webmailaddy'] != '') { $webmailaddy = isset($_POST['webmailaddy']) ? $_POST['webmailaddy'] : ''; $_SESSION['webmailaddy'] = $webmailaddy; } else { $error = '1'; $valError .= 'Webmail Address : is required.<br/>'; } if(isset($_SESSION['webmailaddy_is'])) { $_SESSION['webmailaddy_is'] = 0; } $webmailaddy = isset($_SESSION['webmailaddy']) ? $_SESSION['webmailaddy'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['webmailaddy'] = $webmailaddy; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Webmail Address :'] = $webmailaddy; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['webmailaddy'] = "Webmail Address :"; // adiskspace - text if(isset($_POST['adiskspace']) && $_POST['adiskspace'] != '') { $adiskspace = isset($_POST['adiskspace']) ? $_POST['adiskspace'] : ''; $_SESSION['adiskspace'] = $adiskspace; } else { $error = '1'; $valError .= 'Allocated Disk Space : is required.<br/>'; } if(isset($_SESSION['adiskspace_is'])) { $_SESSION['adiskspace_is'] = 0; } $adiskspace = isset($_SESSION['adiskspace']) ? $_SESSION['adiskspace'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['adiskspace'] = $adiskspace; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Allocated Disk Space :'] = $adiskspace; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['adiskspace'] = "Allocated Disk Space :"; // ambw - text if(isset($_POST['ambw']) && $_POST['ambw'] != '') { $ambw = isset($_POST['ambw']) ? $_POST['ambw'] : ''; $_SESSION['ambw'] = $ambw; } else { $error = '1'; $valError .= 'Allocated Monthly Bandwidth : is required.<br/>'; } if(isset($_SESSION['ambw_is'])) { $_SESSION['ambw_is'] = 0; } $ambw = isset($_SESSION['ambw']) ? $_SESSION['ambw'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['ambw'] = $ambw; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Allocated Monthly Bandwidth :'] = $ambw; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['ambw'] = "Allocated Monthly Bandwidth :"; // amboxes - text if(isset($_POST['amboxes']) && $_POST['amboxes'] != '') { $amboxes = isset($_POST['amboxes']) ? $_POST['amboxes'] : ''; $_SESSION['amboxes'] = $amboxes; } else { $error = '1'; $valError .= 'Allocated MailBoxes : is required.<br/>'; } if(isset($_SESSION['amboxes_is'])) { $_SESSION['amboxes_is'] = 0; } $amboxes = isset($_SESSION['amboxes']) ? $_SESSION['amboxes'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['amboxes'] = $amboxes; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Allocated MailBoxes :'] = $amboxes; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['amboxes'] = "Allocated MailBoxes :"; // amboxquota - text if(isset($_POST['amboxquota']) && $_POST['amboxquota'] != '') { $amboxquota = isset($_POST['amboxquota']) ? $_POST['amboxquota'] : ''; $_SESSION['amboxquota'] = $amboxquota; } else { $error = '1'; $valError .= 'Allocated MailBox Quoted : is required.<br/>'; } if(isset($_SESSION['amboxquota_is'])) { $_SESSION['amboxquota_is'] = 0; } $amboxquota = isset($_SESSION['amboxquota']) ? $_SESSION['amboxquota'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['amboxquota'] = $amboxquota; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Allocated MailBox Quoted :'] = $amboxquota; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['amboxquota'] = "Allocated MailBox Quoted :"; // adbase - text if(isset($_POST['adbase']) && $_POST['adbase'] != '') { $adbase = isset($_POST['adbase']) ? $_POST['adbase'] : ''; $_SESSION['adbase'] = $adbase; } else { $error = '1'; $valError .= 'Allocated Databases : is required.<br/>'; } if(isset($_SESSION['adbase_is'])) { $_SESSION['adbase_is'] = 0; } $adbase = isset($_SESSION['adbase']) ? $_SESSION['adbase'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['adbase'] = $adbase; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Allocated Databases :'] = $adbase; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['adbase'] = "Allocated Databases :"; // exp - text if(isset($_POST['exp']) && $_POST['exp'] != '') { $exp = isset($_POST['exp']) ? $_POST['exp'] : ''; $_SESSION['exp'] = $exp; } else { $error = '1'; $valError .= 'Expires On : is required.<br/>'; } if(isset($_SESSION['exp_is'])) { $_SESSION['exp_is'] = 0; } $exp = isset($_SESSION['exp']) ? $_SESSION['exp'] : ''; $_SESSION['qs']["{$_SESSION['entry_key']}"]['exp'] = $exp; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['Expires On :'] = $exp; $_SESSION['qs-label']["{$_SESSION['entry_key']}"]['exp'] = "Expires On :"; if($error){ if(isset($_SESSION['pages']['page5.php'])) { unset($_SESSION['pages']['page5.php']); } $_SESSION["e_message"] = $valError; header("Location: index.php?section-hostingedit"); } else { $_SESSION['pages']['page5.php'] = 'pass'; // custom route code //DATABASE INTERACTION //Setup database connection $dbserver = "localhost"; $dbuname = "vri_dev"; $dbpword = "emit098nice054" //Connect to DB Server $con = mysql_connect($dbserver, $dbuname, $dbpword); if(!$con){ die('Could not connect to the database server :' . mysql_error()); echo"1"; }else{ echo"1.2"; //Select Database mysql_select_db("vri_inkcontrol", $con); //Get idcname $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$_POST['cname']' AND dname='$_POST['dname']'"; $r = mysql_query($q); //Put idcname query into an array $r_array = mysql_fetch_assoc($r); //Store idcname result from previouse query $idcname = $r_array['idcname']; //trap duplicate records //If the number of rows returned by above query is not greater then we if(mysql_num_rows($r) == 0){ echo"2"; //Insert idcname in `tbl_hosting_cname` since id doesn't exist $q = "INSERT INTO `tbl_hosting_cname` SET cname='$_POST['cname']"; mysql_query($q); //grab the cname id in `tbl_hosting_cname` $q = "SELECT idcname FROM `tbl_hosting_cname WHERE cname='$_POST['cname']'"; $r = mysql_query($q); //now we must grab the id cname from array $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$_POST['cname']'"; $r = mysql_query($q); $row = mysql_fetch_assoc($r); $idcname = $row['idcname']; $r = mysql_query("SELECT * FROM `tbl_hosting_domain` WHERE cname='$idcname' AND dname='$_POST['dname']'"); if(mysql_num_rows($r) !== 1){ echo"3"; $q = "INSERT INTO `tbl_hosting_domain` (idcname, dname, ip, ns1, ns2, ftpaddress, ftpuname, ftppword, pop, smtp, webmailaddress, diskspace, bandwidth, nummailboxes, mailboxquota, numdatabases, exp) VALUES ('$idcname', '$_POST['dname']', '$_POST['ip']', '$_POST['ns1']', '$_POST['ns2']', '$_POST['ftpserver']', '$_POST['ftpuname']', '$_POST['ftppword']', '$_POST['pop']', '$_POST['smtp']', '$_POST['webmailaddy']', '$_POST['adiskspace']', '$_POST['ambw']', '$_POST['amboxes']', '$_POST['amboxesquota']', '$_POST['adbases']', '$_POST['exp']')"; mysql_query($q); $route = "Location: index.php?section=newaddyes"; }elseif(mysql_num_rows($r) == 1){ echo"3.2"; $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$_POST['cname']'"; $r = mysql_query($q); $row = mysql_fetch_assoc($r); $idcname = $row['idcname']; $q = "UPDATE `tbl_hosting_domain` SET ( ip = '$_POST['ip']', ns1 = '$_POST['ns1']', ns2 = '$_POST['ns2']', ftpaddress = '$_POST['ftpserver']', ftpuname = '$_POST['ftpuname']', ftppword = '$_POST['ftppword']', pop = '$_POST['pop']', smtp = '$_POST['smtp']', webmailaddress = '$_POST['webmailaddy']', diskspace = '$_POST['adiskspace']', bandwidth = '$_POST['ambw']', nummailboxes = '$_POST['amboxes']', mailboxquota = '$_POST['amboxesquota']', numdatabases = '$_POST['adbases']', exp = '$_POST['exp']' WHERE cname='$idcname'"; $route = "Location: index.php?section=newaddyes"; }else{ echo"lsr1" $route = "Location: index.php?section=newaddno"; } // conditional route code // default action header($route); } ?> the code that will not run is // custom route code //DATABASE INTERACTION //Setup database connection $dbserver = "localhost"; $dbuname = "vri_dev"; $dbpword = "emit098nice054" //Connect to DB Server $con = mysql_connect($dbserver, $dbuname, $dbpword); if(!$con){ die('Could not connect to the database server :' . mysql_error()); echo"1"; }else{ echo"1.2"; //Select Database mysql_select_db("vri_inkcontrol", $con); //Get idcname $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$_POST['cname']' AND dname='$_POST['dname']'"; $r = mysql_query($q); //Put idcname query into an array $r_array = mysql_fetch_assoc($r); //Store idcname result from previouse query $idcname = $r_array['idcname']; //trap duplicate records //If the number of rows returned by above query is not greater then we if(mysql_num_rows($r) == 0){ echo"2"; //Insert idcname in `tbl_hosting_cname` since id doesn't exist $q = "INSERT INTO `tbl_hosting_cname` SET cname='$_POST['cname']"; mysql_query($q); //grab the cname id in `tbl_hosting_cname` $q = "SELECT idcname FROM `tbl_hosting_cname WHERE cname='$_POST['cname']'"; $r = mysql_query($q); //now we must grab the id cname from array $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$_POST['cname']'"; $r = mysql_query($q); $row = mysql_fetch_assoc($r); $idcname = $row['idcname']; $r = mysql_query("SELECT * FROM `tbl_hosting_domain` WHERE cname='$idcname' AND dname='$_POST['dname']'"); if(mysql_num_rows($r) !== 1){ echo"3"; $q = "INSERT INTO `tbl_hosting_domain` (idcname, dname, ip, ns1, ns2, ftpaddress, ftpuname, ftppword, pop, smtp, webmailaddress, diskspace, bandwidth, nummailboxes, mailboxquota, numdatabases, exp) VALUES ('$idcname', '$_POST['dname']', '$_POST['ip']', '$_POST['ns1']', '$_POST['ns2']', '$_POST['ftpserver']', '$_POST['ftpuname']', '$_POST['ftppword']', '$_POST['pop']', '$_POST['smtp']', '$_POST['webmailaddy']', '$_POST['adiskspace']', '$_POST['ambw']', '$_POST['amboxes']', '$_POST['amboxesquota']', '$_POST['adbases']', '$_POST['exp']')"; mysql_query($q); $route = "Location: index.php?section=newaddyes"; }elseif(mysql_num_rows($r) == 1){ echo"3.2"; $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$_POST['cname']'"; $r = mysql_query($q); $row = mysql_fetch_assoc($r); $idcname = $row['idcname']; $q = "UPDATE `tbl_hosting_domain` SET ( ip = '$_POST['ip']', ns1 = '$_POST['ns1']', ns2 = '$_POST['ns2']', ftpaddress = '$_POST['ftpserver']', ftpuname = '$_POST['ftpuname']', ftppword = '$_POST['ftppword']', pop = '$_POST['pop']', smtp = '$_POST['smtp']', webmailaddress = '$_POST['webmailaddy']', diskspace = '$_POST['adiskspace']', bandwidth = '$_POST['ambw']', nummailboxes = '$_POST['amboxes']', mailboxquota = '$_POST['amboxesquota']', numdatabases = '$_POST['adbases']', exp = '$_POST['exp']' WHERE cname='$idcname'"; $route = "Location: index.php?section=newaddyes"; }else{ echo"lsr1" $route = "Location: index.php?section=newaddno"; } If everything on the form passes it should process the data into the database. However it is not. I placed echo statements to see where it was getting to in the database interaction portion of the code but no dice. Any help is apreciated, thanks in advance. Hi guys, sorry for such a newbish question. Any help would be greatly appreciated. HTML FORM: Code: [Select] <form action="form.php" method="post" onsubmit="return validateForm()" name="form"> <b>First Name:*</b> <input type="text" name="first_name" size="50" /> <b>Last Name:*</b> <input type="text" name="last_name" size="50" /> <b>Phone:*</b> <input type="text" name="phone" size="50" /> <b>Email:*</b> <input type="text" name="email" size="50" /> <p><b>What is your favorite color?*</b></p> <p align="left"> <select name="se"> <option value="W">White</option> <option value="G">Green</option> <option value="Y">Yellow</option> </select> <input type="submit" value="Submit"/> </form> FORM.PHP script Code: [Select] <?php $se = $_POST['se']; $seURL = ''; switch ($se) { case 'W': $seURL = "http://url1.com"; break; case 'G': $seURL = "http://url2.com"; break; case 'O': $seURL = "http://url3.com"; break; default: $seURL = ""; } if ($seURL != "") { /* Redirect browser */ /* make sure nothing is output to the page before this statement */ header("Location: " . $seURL); } // get posted data into local variables $EmailFrom = "noreply@domain.com"; $EmailTo = "email@domain.com"; $Subject = "Form"; $first_name = Trim(stripslashes($_POST['first_name'])); $last_name = Trim(stripslashes($_POST['last_name'])); $phone = Trim(stripslashes($_POST['phone'])); $email = Trim(stripslashes($_POST['email'])); // validation $validationOK=true; if (!$validationOK) { print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">"; exit; } // prepare email body text $Body = ""; $Body .= "first_name: "; $Body .= $first_name; $Body .= "\n"; $Body .= "last_name: "; $Body .= $last_name; $Body .= "\n"; $Body .= "phone: "; $Body .= $phone; $Body .= "\n"; $Body .= "email: "; $Body .= $email; $Body .= "\n"; $Body .= "color: "; $Body .= $se; $Body .= "\n"; // send email $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>"); // send email to user if ($se=="W") $EmailFrom = "noreply@domain.com"; $to = $email; $subject = "form email"; $body = "thank you for filling out our form"; if (mail($to, $subject, $body, "From: <$EmailFrom>")) { echo("<p>Message successfully sent!</p>"); } else { echo("<p>Message delivery failed...</p>"); } ?> [code] MOD EDIT: [nobbc][code] . . . [/code][/nobbc] tags added . . . Hello I code by hand (HTML & CF -14 years now), and some of my customers want the ability to do updates to their sites themselves using Adobe Contribute, and I can build any app they need that Contribute can't handle in CF if they host on my server - however, in this particular case, the site is hosted by GoDaddy which is no longer supporting CF. The site is PHP-enabled, and the client was using WordPress to update his entire site. Because of the blogging-centric features of Wordpress, a user can enter a "headline" then an associated story (commentary) - publish, and the headline ends up on one page linked to the page where the headline and story live. So, I need a simple form handler written in PHP that allows the client to enter his "headline" (which is a hard-coded link to the "rest of the story" page), the headline showing up above the story content (using a second form field) - not necessarily targeting <a href="#end-up-here"> - just simply land on the page where the content gets dynamically displayed. Thanks in advance for your patience and be kind---- I have never written a line of PHP- just thousands of lines of CF..... Norman I have an SQL table such as this: Pairing1 Pairing2 Week 6 1 1 5 2 1 4 3 1 1 3 2 5 4 2 3 6 2 and another with teams such as: teamid teamname 1 Teamname 1 2 Teamname 2 3 Teamname 3 The numbers in the pairing are numbers of teams, which is in another SQL table. What would be the most efficient way... of displaying the information in the form of pairngs such as Week 1: Team 6 vs Team 1 Team 5 vs Team 2 etc .... What is the best way for me to sort my results? Hello everyone, I have a datatbase containing fields id, question, answer, and type. The questions are in true/false format, multiple choice and fill in the blank(text). At the moment, I am only trying to get the true and false questions to work. My code is as follows Code: [Select] <?php $connection = mysql_connect("localhost","root","root") or die("couldn't connect"); $select = mysql_select_db("login") or die ("cannot select database!"); $query = mysql_query("SELECT * FROM questions"); $numrows = mysql_num_rows($query); if ($numrows!=0) { //code to login while($row = mysql_fetch_assoc($query)) { $dbquestion = $row['question']; $dbanswer = $row['answer']; $dbtype = $row['type']; $dbid = $row['id']; $correctanswer = explode('|',"$dbanswer"); switch($dbtype){ case "mchoice": echo"<br/>"; echo $dbquestion; echo"<br/>"; break; case "boolean": echo"<br/>"; echo $dbquestion; echo"<br/>"; echo $correctanswer[0]; //display radio buttons ?> <form name="boolean" method="POST" action="<?php echo $_SERVER['PHP_SELF'] ?>"> True <input name="question" type="radio" value= "True" /> False <input name="question" type="radio" value= "False" /> <input name="id" input type="hidden" value="<?php $dbid ?>" /> <input type="submit" name="submit" id="submit" value="Submit" /> <?php echo "The answer submitted was "; echo $_POST['question']; ?> <?php break; case "text": echo"<br/>"; echo $dbquestion; echo"<br/>"; //display text box break; } } } ?> The problem I'm having is that this creates a submit button for each question. When choosing true or false for the answer and pressing submit, the answer is selected for every question. I need the code to look at what the user has entered, check the answer against correctanswer[0]. I'm really in a bit of a hole here and if anyone can help me it would be greatly appreciated. Many thanks in advance James Hello, Im trying to find a way to check around 500-600 links to check if they are alive. It works fine for 5-6 links but once i add more links it just times out. Is there a way i could process this so it does 1 link at a time or somthing ? <?php include("config.php"); $query = "SELECT * FROM `games` WHERE `r_fileserve` <> \"\" LIMIT 500"; $result = mysql_query($query); while($row=mysql_fetch_assoc($result)) { $link_str = file_get_contents("$row[r_fileserve]"); $pattern = '<input type="hidden" name="download" value="normal"/>'; preg_match($pattern,$link_str,$match); if ($match[0] != null) { echo "Working <br />"; } else { echo "File Down <br />"; } } ?> I have a form that I'm posting the contents to a 3rd party data management server via cURL. They return XML to let you know if the data was posted successfully or not. I'm trying to figure out how I can take that return XML and parse the data out of there. Quote <?php extract($_POST); $url = 'https://www.*domain*.com/DataReceiver'; $fields = array( blah blah blah ); foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } rtrim($fields_string,'&'); $ch = curl_init(); curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_POST,count($fields)); curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string); $result = curl_exec($ch); Now my question is, when the data posts and the XML is returned, how do I capture that? When I don't use cURL and post directly using HTTP POST, I get the XML returned at the exact same address I post to. So to process the XML returned, is this code correct? Quote $xml_feed_url = 'https://www.*domain*.com/DataReceiver'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $xml_feed_url); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $xml = curl_exec($ch); curl_close($ch); I'm kind of at a loss on what to do from this point... Thanks to anyone who takes the time to read and can help! |