trying to trouble shoot this page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

trying to trouble shoot this page

Post by krraleigh »

I am using alerts, echos, and exit() to find some kind of feed back from my page but I don't seem to be getting any information from the validation page. What I am trying to do is create a validation page for registration of new members. I read the this url:
http://www.mySite.org/validate.php?id=163&code=FywX96

using get, query the db for names and record id.
If all is well I UPDATE the db to showing that my flag "confirmIDFlag" a boolean is now 1.

When I hit the submit button the page reloads and comes up as a blank page, no content.

Have I called the form correctly?


None of it is being processed. How is that possible? I have put in echo statements and exits and finished the page with an html hello world block
statement but nothing...


The form:

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div> 
</form> 
the code:

Code: Select all

<?php 
if (isset($_POST['Submit'])) { 
$userID = (int)$_GET['id'];// if you don't use quotes in your sql you must cast the input 
$secureID = (int)$_GET['code']; 

if (!get_magic_quotes_gpc()) { 
$userID = addslashes($_GET['id']); 
} 

$check = mysql_query("SELECT * FROM user WHERE id = $userID")or die(mysql_error()); 


//Gives error if user dosen't exist 
$check2 = mysql_num_rows($check); 
if ($check2 == 0) { 
die(mysql_error()); 
} 

while($info = mysql_fetch_array( $check )){ 
$dbSecureID = stripslashes($info[secureID]); 
$fName = stripslashes($info['fName']); 
$lName = stripslashes($info['lName']); 
//gives error if the password is wrong 
} 

// check out this code! 

$userName=''; 
if(!$userName = "$fName $lName"){ 
die("no value"); 
}else{ 
echo "hello world"; 
exit(); 
} 
// it never processes, what gives?? 
// then my email form is never sent 
// is there something wrong with the form submittion? 



if ($secureID != $dbSecureID) { 
die('This user has not registered yet!'); 
} else{ 
mysql_query("UPDATE user SET confirmIDFlag=1 WHERE id=$userID")or die(mysql_error()); 


require("php/class.phpmailer.php"); 
$mail = new PHPMailer(); 
// set mailer to use SMTP 
$mail->Host = "relay-hosting.secureserver.net"; 

$mail->From = "sermon8or@1purpose-bethel.org"; 
$mail->FromName = "Pastor Art Gorman"; 
$mail->AddAddress("kraleigh@sbcglobal.net", "$userName"); 
$mail->WordWrap = 50; 
$mail->IsHTML(true); 

// set email format to HTML 

$mail->Subject = "Welcome $userName"; 
$mail->Body = "This email is to inform $userName<br/> that you have been added to our mailing list"; 
$mail->AltBody = "This email is to inform $userName<br/> that you have been added to our mailing list"; 

if(!$mail->Send()) 
{ 
echo "Message could not be sent. <p>"; 
echo "Mailer Error: " . $mail->ErrorInfo; 
exit; 
} 
} 
?> 
<html><body><h1>Hello world</h1></body></html> 
<?php 
}else{ 

my html forms page... 
<?php 
} 
?>
insight always appreciated
thank you
Kevin Raleigh


Moderator Edit (HawleyJR):
Hello Kevin, Welcome to the forum. Please read our rules regarding posting with the proper code tags.
ianhull
Forum Contributor
Posts: 310
Joined: Tue Jun 14, 2005 10:04 am
Location: Hull England UK

Post by ianhull »

Use form method GET not POST

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="[color=red]post[/color]"> 
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div> 
</form> 
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

You are posting vars but looking for get:

Code: Select all

if (isset($_POST['Submit'])) {
$userID = (int)$_GET['id'];// if you don't use quotes in your sql you must cast the input
$secureID = (int)$_GET['code'];
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

changes made but still

Post by krraleigh »

I made the changes you suggested and when I submit the page my url states:

http://www.1purpose-bethel.org/validate ... d+New+User

I'm not sure where the add + new + user comes from but I still am not getting any feed back from the page.
The echo's, exit; and html still don't display.
I placed the comments in the code where action should be taking place and failures are occuring

Can you advise?

Code: Select all

<?php
if (isset($_GET['Submit'])) {
	$userID = (int)$_GET['id'];
	$secureID = (int)$_GET['code'];

	if (!get_magic_quotes_gpc()) {
	   $userID = addslashes($_GET['id']);
	}

	$check = mysql_query("SELECT * FROM user WHERE id = $userID")or die(mysql_error());


	//Gives error if user dosen't exist
	$check2 = mysql_num_rows($check);
	if ($check2 == 0) {
	   die(mysql_error());
	}
	
	while($info = mysql_fetch_array( $check )){
	   $dbSecureID = stripslashes($info[secureID]);
        $fName =     stripslashes($info['fName']);
        $lName =     stripslashes($info['lName']);
       //gives error if the password is wrong
	
//***************************************************
//I should get some feed back here but no response
$userName='';
	if(!$userName = "$fName $lName"){
	die("no value");
	}else{
	echo "hello world";
	exit;
	}
    }
//***************************************************

//***************************************************
// I should be updating the DB for the userID but it never updates
//
//***************************************************	
	if ($secureID != $dbSecureID) {
		  die('This user has not registered yet!');
	   } else{
  	        mysql_query("UPDATE user SET confirmIDFlag=1 WHERE id=$userID")or die(mysql_error());
            
//*********************************************
// the mail was working now ....
//**************************
            require("php/class.phpmailer.php");
                $mail = new PHPMailer();
            	// set mailer to use SMTP
            	$mail->Host = "relay-hosting.secureserver.net";

            	$mail->From = "sermon8or@1purpose-bethel.org";
            	$mail->FromName = "Pastor Art Gorman";
            	$mail->AddAddress("kraleigh@sbcglobal.net", "$userName");
            	$mail->WordWrap = 50;
            	$mail->IsHTML(true);

            	// set email format to HTML

            	$mail->Subject = "Welcome $userName";
            	$mail->Body    = "This email is to inform $userName<br/> that you have been added to our mailing list";
            	$mail->AltBody = "This email is to inform $userName<br/> that you have been added to our mailing list";

            	if(!$mail->Send())
            	{
            	   echo "Message could not be sent. <p>";
            	   echo "Mailer Error: " . $mail->ErrorInfo;
            	   exit;
            	}
	   }
	   ?>
	   <html><body><h1>Hello world</h1></body></html>
	   <?php
	   
	   
}  else {
?>
some html here...

insight appreciated
thank you
Kevin
WorldCom
Forum Commoner
Posts: 45
Joined: Sat Jun 24, 2006 8:14 am
Location: Ontario, Canada

Re: trying to trouble shoot this page

Post by WorldCom »

The form:

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div> 
</form> 
Since you are using 'GET', all form inputs will be shown.
The submit button value is 'Add+New+User'.
Do you have inputs for 'id' and 'code' in your form?

eg

Code: Select all

<INPUT TYPE='text' NAME='id'>
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

trouble shooting this page

Post by krraleigh »

I am pulling the value for id, and code directly from the url.
Would this make a difference?

kevin
WorldCom
Forum Commoner
Posts: 45
Joined: Sat Jun 24, 2006 8:14 am
Location: Ontario, Canada

Post by WorldCom »

That's fine kevin, but the URL you posted did not show any other values other than the Submit Button's value.
It should show something like this:
http://www.1purpose-bethel.org/validate ... d+New+User

If it's not something like the above, then for some reason those variables are not in the form.

Above, you only posted a snipplet of your form, maybe if you post the whole form it might help. ;)
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

troubleshooting this page

Post by krraleigh »

Here is the complete code for the validation page:

The url I click to get to the page:
http://www.mysite.org/validate?id=161&code=a5SLx2

The url changes to this when clicked:
http://www.1purpose-bethel.org/validate ... d+New+User

The form that I use:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div>
</form>

The code:

Code: Select all

<?php
if (isset($_GET['Submit'])) {
	$userID = (int)$_GET['id'];
	$secureID = (int)$_GET['code'];

	if (!get_magic_quotes_gpc()) {
	   $userID = addslashes($_GET['id']);
	}

	$check = mysql_query("SELECT * FROM user WHERE id = $userID")or die(mysql_error());


	//Gives error if user dosen't exist
	$check2 = mysql_num_rows($check);
	if ($check2 == 0) {
	   die(mysql_error());
	}
	
	while($info = mysql_fetch_array( $check )){
	   $dbSecureID = stripslashes($info[secureID]);
        $fName =     stripslashes($info['fName']);
        $lName =     stripslashes($info['lName']);
       //gives error if the password is wrong
	$userName='';
	if(!$userName = "$fName $lName"){
	die("no value");
	}else{
	echo "hello world";
	exit;
	}
    }
	
	if ($secureID != $dbSecureID) {
		  die('This user has not registered yet!');
	   } else{
  	        mysql_query("UPDATE user SET confirmIDFlag=1 WHERE id=$userID")or die(mysql_error());
            

            require("php/class.phpmailer.php");
                $mail = new PHPMailer();
            	// set mailer to use SMTP
            	$mail->Host = "relay-hosting.secureserver.net";

            	$mail->From = "sermon8or@1purpose-bethel.org";
            	$mail->FromName = "Pastor Art Gorman";
            	$mail->AddAddress("kraleigh@sbcglobal.net", "$userName");
            	$mail->WordWrap = 50;
            	$mail->IsHTML(true);

            	// set email format to HTML

            	$mail->Subject = "Welcome $userName";
            	$mail->Body    = "This email is to inform $userName<br/> that you have been added to our mailing list";
            	$mail->AltBody = "This email is to inform $userName<br/> that you have been added to our mailing list";

            	if(!$mail->Send())
            	{
            	   echo "Message could not be sent. <p>";
            	   echo "Mailer Error: " . $mail->ErrorInfo;
            	   exit;
            	}
	   }
	   ?>
	   <html><body><h1>Hello world</h1></body></html>
	   <?php
	   
	   
}  else {
?>
My html code follows here:


Any insight would be appreciated
Thank you
Kevin
WorldCom
Forum Commoner
Posts: 45
Joined: Sat Jun 24, 2006 8:14 am
Location: Ontario, Canada

Post by WorldCom »

Ok a bit clearer ......
You need to bring the first variables into the form.

This form wont do it:

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div>
</form>
Let me try

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<div align="center">
<input type="text" name="id" value="<?php  echo $_GET['id']; ?>" />
<input type="text" name="code" value="<?php  echo $_GET['code']; ?>" />
<input type="submit" name="Submit" value="Add New User" /></div>
</form>
From the first URL you now will bring the variables into the form.
When you click the form, it should work ;)

I'm not worrying about your other code ..... just trying to get the variables to it.
Please note there is no cleaning in here.

PS .. my spelling was terrible ..... and only 2 drinks at the pub lol
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Security note: steer clear of using PHP_SELF.
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

PHP SELF

Post by krraleigh »

1) How do I work around PHP_SELF
2) What are my security issues
3) Can I use PHP_SELF and resolve my security issues?

I am building a site for a church so security is a big issue?

Thank You
Kevin Raleigh :lol:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Re: PHP SELF

Post by feyd »

krraleigh wrote:1) How do I work around PHP_SELF
2) What are my security issues
3) Can I use PHP_SELF and resolve my security issues?

I am building a site for a church so security is a big issue?

Thank You
Kevin Raleigh :lol:
Search the forums/web for the name. You should fine a lot of information.
Post Reply