Form vaildation not working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ashebrian
Forum Contributor
Posts: 103
Joined: Sat Feb 02, 2008 8:01 pm

Form vaildation not working

Post by ashebrian »

Hi guys,

Here is my php code. what i am trying to do is send an order email with either plain text or with my logo. The form seems to work no prob but only for the form validation at seems to keep getting me stuck. I've been going around in circles trying to understand this is not work. I seem to only have one hair left on my head now, after they were all pulled out trying to sort this. Can you please help. Code is:

Code: Select all

require_once('recaptchalib.php');
$privatekey = "***";
$resp = recaptcha_check_answer ($privatekey,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]);
            if( isset($_POST['submit'])) {
                if ($resp->is_valid) {      
            ?>
            <?php if ($_POST) { // CURLY BRACKET (Open): After Clicking Submit
                foreach ($_POST as $field => $value) {
                            $value = trim($value);
                }// Creating Variables
// Creating Email Variables
$to = "***";
$inquiry = $_POST['inquiry'];
$first_name = $_POST['first_name'];
$email = $_POST['email'];
$getcopy = $_POST['getcopy'];
$headers = $_POST['email'];
$header2="From: " . $email . "\r\n" .
"Customer Order: " . $_POST['inquiry'] . "\r\n" .
"First Name: " . $_POST['first_name'] . "\r\n" .
"E-mail: " . $_POST['email'];
$random_hash = md5(date('r', time()));
//define the headers we want passed. Note that they are separated with \r\n
$headers = "From: \r\nReply-To: ";
//add boundary string and mime type specification
$headers .= "\r\nContent-Type: multipart/mixed; boundary=\"PHP-mixed-".$random_hash."\"";
 
// Creating Add-On Variables
$username = $_POST['username'];
$password = $_POST['password'];
$domain = $_POST['domain'];
$domprefix = $_POST['domprefix'];
// Creating cPanel main account Variables
// cPanel username
$cpanel_user = "***";
// cPanel password
$cpanel_password = "***";
// cPanel host
$cpanel_host = "***";
// cPanel theme/skin, usually "x"
$cpanel_skin = "x3";
// Path to cURL on your server
$curl_path = "/usr/bin/curl";
 
// Set Up The Customer's Web Hosting Account
$database = exec("$curl_path 'http://$cpanel_user:$cpanel_password@$cpanel_host:2082/frontend/$cpanel_skin/sql/adddb.html?db=$username'");
$adduser = exec("$curl_path 'http://$cpanel_user:$cpanel_password@$cpanel_host:2082/frontend/$cpanel_skin/sql/adduser.html?user=$username&pass=$password'");
$asignuser = exec("$curl_path 'http://$cpanel_user:$cpanel_password@$cpanel_host:2082/frontend/$cpanel_skin/sql/addusertodb.html?user=$cpanel_user_$username&db=$cpanel_user_$username&ALL=ALL'");
$dom = exec("$curl_path 'http://$cpanel_user:$cpanel_password@$cpanel_host:2082/frontend/$cpanel_skin/addon/doadddomain.html?domain=$domain.$domprefix&user=$domain&pass=$password'");
$ftp = exec("$curl_path 'http://$cpanel_user:$cpanel_password@$cpanel_host:2082/frontend/$cpanel_skin/ftp/doaddftp.html?login=$username&password=$password&homedir=$subdomain&quota=500'");
$popmail = exec("$curl_path 'http://$cpanel_user:$cpanel_password@$cpanel_host:2082/frontend/$cpanel_skin/mail/doaddpop.html?email=$username&domain=$subdomain.your primary domain&password=$password&quota=20'");
 
//define the body of the message.
ob_start(); //Turn on output buffering
?>
 
--PHP-mixed-<?php echo $random_hash; ?> 
Content-Type: multipart/alternative; boundary="PHP-alt-<?php echo $random_hash; ?>"
 
--PHP-alt-<?php echo $random_hash; ?> 
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
 
Dear <?php echo $_POST['first_name'];?>,
If you haven't already paid for the order, please now pay:
 
--PHP-alt-<?php echo $random_hash; ?> 
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
 
<body style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #ffffff; color:#ffffff; margin:0; padding:0">
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0" style="border-left: ridge #60EA23 1px; border-right: ridge #C20201 1px">
    <tr>
        <td style="padding-left:40px; padding-right:40px; color:#6f746c; font-size:12px">
<h2>Dear <?php echo $_POST['first_name'];?>,</h2>
<p>If you haven't already paid for the order, please now pay:</p><br>
<br>
</td>
    </tr>
    <tr>
        <td style="background:#BE0201; font-size:1px; height:10px">&nbsp;</td>
    </tr>
</table>
 
--PHP-alt-<?php echo $random_hash; ?>--
 
--PHP-mixed-<?php echo $random_hash; ?>--
<?php
 
// Create empty ERROR variables
$error = ""; // for fields left BLANK
$errorflag = ""; // for fields with INVALID data entered
 
// Check for field/fields that is/are left BLANK
if (($first_name == "") || ($email == "")) { // CURLY BRACKET (Open): For Validating if fields are left blank
$error = "<p><span class='colorTextBlue'>Please fill in all fields!</span></p>";
} // CURLY BRACKET (Close): For Validating if fields are left blank
 
else { // CURLY BRACKET (Open): Form Validation
// Validate First Name (including ERRORS such as (1) field left BLANK (2) field with INVALID data entered
if (ctype_alpha($first_name) == FALSE) {
$error = "<p><span class='colorTextBlue'>Please enter a valid First Name <span class='italic'>(Alphabets only)</span></span></p>";
$errorflag="first_name";
}
// Validate E-mail (including ERRORS such as (1) field left BLANK (2) field with INVALID data entered
else if ((strpos($email, "@") == FALSE) || (strpos($email, ".") == FALSE) || (strpos($email, " ") != FALSE)) {
$error = "<p><span class='colorTextBlue'>Please enter a valid E-mail</span></p>";
$errorflag="email";
}
} // CURLY BRACKET (Close): Form Validation
 
// Confirmation Message seen AFTER filling the form and pressing "Submit" button (whether there's an error or not)
// If there's an error along with displaying the list of flagged error/errors
if ($error != "") { // CURLY BRACKET (Open): For Error
echo "<p><b><span class='colorTextRed'>Error Occured: </b>" . $error."</span></p>" ;
} // CURLY BRACKET (Close): For Error
 
 
// If there's NO error at all, along with displaying the filled fields
else if (mail($to, $inquiry, $header2))
{
echo "<p><span class='colorTextBlue'>Order Settings:</span></p><br/>";
echo "<p>Following are the details of your order.<br/> Please use the <b>Buy Now</b> button to buy:<br/><br/></p>";
echo "<table border=\"0\" width=\"98%\" cellpadding=\"4\" cellspacing=\"1\" class=\"table_layout\">";
echo "<tbody>";
echo "<tr>";
echo "<th width=\"35%\"><b>Order Details:</b></th>";
echo "<td width=\"65%\">" . $inquiry . "</td>";
echo "</tr>";
echo "<tr>";
echo "<th width=\"35%\"><b>E-mail:</b></th>";
echo "<td width=\"65%\">" . $email . "</td>";
echo "</tr>";
echo "</tbody>";
echo "</table>";
} 
 
 
else {
$error = "<p><span class='colorTextRed'>&nbsp;&nbsp;&nbsp;There was an error in your order. Please go back and fix this error.</span></p>";
}
if ($getcopy=="1") {
    $message = ob_get_clean();
    mail($email, $inquiry, $message, $headers);
    echo "<p><span class='colorTextBlue'>Order Settings:</span></p><br/>";
    echo "<p>Following are the details of your order.<br/> Please use the <b>Buy Now</b> button to buy:<br/><br/></p>";
    echo "<table border=\"0\" width=\"98%\" cellpadding=\"4\" cellspacing=\"1\" class=\"table_layout\">";
    echo "<tbody>";
    echo "<tr>";
    echo "<th width=\"35%\"><b>Order Details:</b></th>";
    echo "<td width=\"65%\">" . $inquiry . "</td>";
    echo "</tr>";
    echo "<tr>";
    echo "<th width=\"35%\"><b>E-mail:</b></th>";
    echo "<td width=\"65%\">" . $email . "</td>";
    echo "</tr>";
    echo "</tbody>";
    echo "</table>";
}
} // CURLY BRACKET (Close): After Clicking Submit
 
// Displays the Empty variables i.e. when the Contact Form appears completely blank for the VERY FIRST time with all blank fields
else {
    $inquiry = "";
$first_name = "";
$email = "";
$errorflag = "";
}
} else {
        if (!$resp->is_valid) {
  die ("<p>The Security Code wasn't entered correctly. Please go back and try it again. " . "(Security Code: " . $resp->error . ")");
   }
}}
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Form vaildation not working

Post by requinix »

Help with... what? What's the question? What are you trying to do?
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Re: Form vaildation not working

Post by jayshields »

That is one awful script. You should probably start from scratch or undergo some serious refactoring.

If all you're really trying to do is send an email with validation then you have way too much unnecessary code in there, and many security holes. One of the biggest ones being executing commands on your system containing user submitted data.
ashebrian
Forum Contributor
Posts: 103
Joined: Sat Feb 02, 2008 8:01 pm

Re: Form vaildation not working

Post by ashebrian »

ok.....it is an awful script. However,
1) i have been trying to get a script to send an email with my logo which was difficult to do....but is now working
2) get an email to myself as well.....which is also working
3) and validate the form for errors (when the customer types in the amount of characters or number or symbols) which i am unable to do as no error is posted back. It only works if i use javascript.

also this script add's an addon domain to cpanel account. What i need is to try and make the error validation work. How do i do this? am i clear enough?

If you can't seem to help with this script. is there a better way to do all of the above? and not with mailing lists or phpmail etc.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Re: Form vaildation not working

Post by jayshields »

Basically your script is very hard to fully comprehend because of how poorly it's written.

You should really write it again from scratch to incorporate proper validation, and never use user-submitted data for anything without sanitizing it fully first.

Functions you should check out for validation are isset(), is_empty(), is_numeric(), etc., it's all in the manual and you can find it via Google.
ashebrian
Forum Contributor
Posts: 103
Joined: Sat Feb 02, 2008 8:01 pm

Re: Form vaildation not working

Post by ashebrian »

ok.....will this code be much better?

Code: Select all

require_once('recaptchalib.php');
                            $privatekey = "****";
                            $resp = recaptcha_check_answer ($privatekey,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]);
            if( isset($_POST['submit'])) {
                if ($resp->is_valid) {    
            ?>  <?php // If the form has been posted, analyse it:
            if ($_POST) { // CURLY BRACKET (Open): After Clicking Submit
                foreach ($_POST as $field => $value) {
                            $value = trim($value);
                }// Creating Variables
                $to="****";
                $today = date("D M d Y");
                $inquiry=$_POST['inquiry'];
                $first_name = $_POST['first_name'];
                $last_name = $_POST['last_name'];
                $company = $_POST['company'];
                $telephone = $_POST['telephone'];
                $email=$_POST['email'];
                $getcopy=$_POST['getcopy'];
                $headers=$_POST['email'];
                $header2="From: " . $email . "\r\n" .
                "Customer Inquiry: " . $_POST['inquiry'] . "\r\n" . 
                "Name: " . $_POST['first_name'] . " " . $_POST['last_name'] . "\r\n" .
                "Company: " . $_POST['company'] . "\r\n" .
                "Telephone: " . $_POST['telephone'] . "\r\n" .
                "E-mail: " . $_POST['email'] . "\r\n" .
                $random_hash = md5(date('r', time()));
//define the headers we want passed. Note that they are separated with \r\n
$headers = "From: ****\r\nReply-To: ****";
//add boundary string and mime type specification
$headers .= "\r\nContent-Type: multipart/mixed; boundary=\"PHP-mixed-".$random_hash."\"";
 
//define the body of the message.
ob_start(); //Turn on output buffering
?>
 
--PHP-mixed-<?php echo $random_hash; ?> 
Content-Type: multipart/alternative; boundary="PHP-alt-<?php echo $random_hash; ?>"
 
--PHP-alt-<?php echo $random_hash; ?> 
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
 
Dear <?php echo $_POST['first_name'];?>,
 
<p>Following are the details you filled in:
-------------------------------------------------------------------------
INFORMATION:
-------------------------------------------------------------------------
Inquiry:   <?php echo $_POST['inquiry']?> 
First Name:        <?php echo $_POST['first_name']?>
Last Name:         <?php echo $_POST['last_name']?>
Company:           <?php echo $_POST['company']?>
Telephone:         <?php echo $_POST['telephone']?>
E-mail:            <?php echo $_POST['email']?>
 
--PHP-alt-<?php echo $random_hash; ?> 
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
 
<body style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #ffffff; color:#ffffff; margin:0; padding:0">
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0" style="border-left: ridge #60EA23 1px; border-right: ridge #C20201 1px">
    <tr>
        <td style="padding-left:40px; padding-right:40px; color:#6f746c; font-size:12px">
        <p><?php echo $today?></p>
<h2>Dear <?php echo $_POST['first_name'];?>,</h2>
 
<p>Following are the details you filled in:</p>
 
<p style="color:#C20201"><u><b>INFORMATION:</b></u></p>
 
<table border="0" width="700" align="center" cellpadding="4" cellspacing="1" style="background-color: #ddd">
    <tbody>
        <tr>
            <th width="35%" style="text-align: left; font-weight: normal; color: #000; background-color: #E8FAE1"><b>Nature of Inquiry:</b></th>
            <td width="65%" style="background-color: #fff; color:#000000"><b><?php echo $_POST['inquiry']?></b></td>   
        </tr>
        <tr>
            <th width="35%" style="text-align: left; font-weight: normal; color: #000; background-color: #E8FAE1"><b>First Name:</b></th>
            <td width="65%" style="background-color: #fff; color:#000000"><b><?php echo $_POST['first_name']?></b></td>   
        </tr>
        <tr>
            <th width="35%" style="text-align: left; font-weight: normal; color: #000; background-color: #E8FAE1"><b>Last Name:</b></th>
            <td width="65%" style="background-color: #fff; color:#000000"><b><?php echo $_POST['last_name']?></b></td>   
        </tr>
        <tr>
            <th width="35%" style="text-align: left; font-weight: normal; color: #000; background-color: #E8FAE1"><b>Company:</b></th>
            <td width="65%" style="background-color: #fff; color:#000000"><b><?php echo $_POST['company']?></b></td>   
        </tr>
        <tr>
            <th width="35%" style="text-align: left; font-weight: normal; color: #000; background-color: #E8FAE1"><b>Telephone:</b></th>
            <td width="65%" style="background-color: #fff; color:#000000"><b><?php echo $_POST['telephone']?></b></td>   
        </tr>
        <tr>
            <th width="35%" style="text-align: left; font-weight: normal; color: #000; background-color: #E8FAE1"><b>E-mail:</b></th>
            <td width="65%" style="background-color: #fff; color:#000000"><b><?php echo $_POST['email']?></b></td>   
        </tr>
    </tbody>
</table>
<br>
</td>
    </tr>
    <tr>
        <td style="background:#BE0201; font-size:1px; height:10px">&nbsp;</td>
    </tr>
</table>
 
--PHP-alt-<?php echo $random_hash; ?>--
 
--PHP-mixed-<?php echo $random_hash; ?>--
<?php
                // Create empty ERROR variables
                $error = ""; // for fields left BLANK
                $errorflag = ""; // for fields with INVALID data entered
                // Check for field/fields that is/are left BLANK
                if (($first_name == "") || ($last_name == "") || ($company == "") || ($telephone == "") || ($email == "")) { // CURLY BRACKET (Open): For Validating if fields are left blank
                $error = "<span class='colorTextBlue'>Please fill in all fields!</span>";
                    }
                    // CURLY BRACKET (Close): For Validating if fields are left blank
                else { // CURLY BRACKET (Open): Form Validation
                // Validate First Name (including ERRORS such as (1) field left BLANK (2) field with INVALID data entered
                    if (ctype_alpha($first_name) == FALSE) {
$error = "<p><span class='colorTextBlue'>Please enter a valid First Name <span class='italic'>(Alphabets only)</span></span></p>";
$errorflag="first_name";
}
// Validate Last Name (including ERRORS such as (1) field left BLANK (2) field with INVALID data entered
else if (ctype_alpha($last_name) == FALSE) {
$error = "<p><span class='colorTextBlue'>Please enter a valid Surname <span class='italic'>(Alphabets only)</span></span></p>";
$errorflag="last_name";
}
// Validate Company (including ERRORS such as (1) field left BLANK (2) field with INVALID data entered
else if (ctype_alpha($company) == FALSE) {
$error = "<p><span class='colorTextBlue'>Please enter a valid Company Name <span class='italic'>(Alphabets only)</span></span></p>";
$errorflag= "company";
}
else if(strlen($telephone) <=8) { //phone number is either too big or too small
    $error = "<p><span class='colorTextBlue'>Please enter a valid Telephone Number <span class='italic'>(Numbers only)</span></span></p>";
    $errorflag= "telephone";
}
                    // Validate E-mail (including ERRORS such as (1) field left BLANK (2) field with INVALID data entered
                    else if ((strpos($email, "@") == FALSE) || (strpos($email, ".") == FALSE) || (strpos($email, " ") != FALSE)) {
                            $error = "<span class='colorTextBlue'>Please enter a valid E-mail</span>";
                            $errorflag="email";
                    }
                    } // CURLY BRACKET (Close): Form Validation
                    // Confirmation Message seen AFTER filling the form and pressing "Submit" button (whether there's an error or not)// If there's an error along with displaying the list of flagged error/errors
                    if ($error != "") { // CURLY BRACKET (Open): For Error
                    echo "<br/>&nbsp;&nbsp;&nbsp;<b><span class='colorTextRed'>Error Occured: </b>" . $error."</span>";
                    }// CURLY BRACKET (Close): For Error
                    
                    // If there's NO error at all, along with displaying the filled fields
                    else if (mail($to, $inquiry, $header2)){
                        echo "<p><span class='colorTextBlue'></span></p><br/>";
                        echo "<p>An email has been sent:<br/></p>";
                        echo "<table border=\"0\" width=\"98%\" cellpadding=\"4\" cellspacing=\"1\" class=\"table_layout\">";
                        echo "<tbody>";
                        echo "<tr>";
                        echo "<th width=\"35%\"><b>Nature of Inquiry:</b></th>";
                        echo "<td width=\"65%\">" . $inquiry . "</td>";
                        echo "</tr>";
                        echo "<tr>";
                        echo "<th width=\"35%\"><b>Date:</b></th>";
                        echo "<td width=\"65%\">" . $today . "</td>";
                        echo "</tr>";
                        echo "<tr>";
                        echo "<th width=\"35%\"><b>E-mail:</b></th>";
                        echo "<td width=\"65%\">" . $email . "</td>";
                        echo "</tr>";
                        echo "</tbody>";
                        echo "</table>";
                        }  
                        else {
                            $error = "<span class='colorTextRed'>&nbsp;&nbsp;&nbsp;E-mail NOT sent</span>";
                        }
                        if ($getcopy=="1") {
                            $message = ob_get_clean();
                            mail($email, $inquiry, $message, $headers);
                            echo "<p><span class='colorTextBlue'></span></p><br/>";
                            echo "<p>An email has been sent:<br/></p>";
                            echo "<table border=\"0\" width=\"98%\" cellpadding=\"4\" cellspacing=\"1\" class=\"table_layout\">";
                            echo "<tbody>";
                            echo "<tr>";
                            echo "<th width=\"35%\"><b>Nature of Inquiry:</b></th>";
                            echo "<td width=\"65%\">" . $inquiry . "</td>";
                            echo "</tr>";
                            echo "<tr>";
                            echo "<th width=\"35%\"><b>Date:</b></th>";
                            echo "<td width=\"65%\">" . $today . "</td>";
                            echo "</tr>";
                            echo "<tr>";
                            echo "<th width=\"35%\"><b>E-mail:</b></th>";
                            echo "<td width=\"65%\">" . $email . "</td>";
                            echo "</tr>";
                            echo "</tbody>";
                            echo "</table>";
                        }
                        } // CURLY BRACKET (Close): After Clicking Submit
                            // Displays the Empty variables i.e. when the Contact Form appears completely blank for the VERY FIRST time with all blank fields
                            else {
                            $inquiry = "";
                            $first_name = "";
                            $last_name = "";
                            $company = "";
                            $telephone = "";
                            $email = "";
                            $errorflag= "";
                            }?>
                            <?php 
                            } else {
                                if (!$resp->is_valid) {
                                    die ("<p>The Security Code wasn't entered correctly. Please go back and try it again. " .
       "(Security Code: " . $resp->error . ")</p>")
}}}
what happens is that if i move the form validation above the

Code: Select all

ob_start();
then the form validation will work and display the error message.....but it also sends the mail to the customer via this code:

Code: Select all

$message = ob_get_clean();
                            mail($email, $inquiry, $message, $headers);
how do i sort this to make it not send that mail if the error message is displayed.
Post Reply