Page 1 of 1

trying to trouble shoot this page

Posted: Tue Jul 17, 2007 3:03 pm
by krraleigh
I am using alerts, echos, and exit() to find some kind of feed back from my page but I don't seem to be getting any information from the validation page. What I am trying to do is create a validation page for registration of new members. I read the this url:
http://www.mySite.org/validate.php?id=163&code=FywX96

using get, query the db for names and record id.
If all is well I UPDATE the db to showing that my flag "confirmIDFlag" a boolean is now 1.

When I hit the submit button the page reloads and comes up as a blank page, no content.

Have I called the form correctly?


None of it is being processed. How is that possible? I have put in echo statements and exits and finished the page with an html hello world block
statement but nothing...


The form:

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div> 
</form> 
the code:

Code: Select all

<?php 
if (isset($_POST['Submit'])) { 
$userID = (int)$_GET['id'];// if you don't use quotes in your sql you must cast the input 
$secureID = (int)$_GET['code']; 

if (!get_magic_quotes_gpc()) { 
$userID = addslashes($_GET['id']); 
} 

$check = mysql_query("SELECT * FROM user WHERE id = $userID")or die(mysql_error()); 


//Gives error if user dosen't exist 
$check2 = mysql_num_rows($check); 
if ($check2 == 0) { 
die(mysql_error()); 
} 

while($info = mysql_fetch_array( $check )){ 
$dbSecureID = stripslashes($info[secureID]); 
$fName = stripslashes($info['fName']); 
$lName = stripslashes($info['lName']); 
//gives error if the password is wrong 
} 

// check out this code! 

$userName=''; 
if(!$userName = "$fName $lName"){ 
die("no value"); 
}else{ 
echo "hello world"; 
exit(); 
} 
// it never processes, what gives?? 
// then my email form is never sent 
// is there something wrong with the form submittion? 



if ($secureID != $dbSecureID) { 
die('This user has not registered yet!'); 
} else{ 
mysql_query("UPDATE user SET confirmIDFlag=1 WHERE id=$userID")or die(mysql_error()); 


require("php/class.phpmailer.php"); 
$mail = new PHPMailer(); 
// set mailer to use SMTP 
$mail->Host = "relay-hosting.secureserver.net"; 

$mail->From = "sermon8or@1purpose-bethel.org"; 
$mail->FromName = "Pastor Art Gorman"; 
$mail->AddAddress("kraleigh@sbcglobal.net", "$userName"); 
$mail->WordWrap = 50; 
$mail->IsHTML(true); 

// set email format to HTML 

$mail->Subject = "Welcome $userName"; 
$mail->Body = "This email is to inform $userName<br/> that you have been added to our mailing list"; 
$mail->AltBody = "This email is to inform $userName<br/> that you have been added to our mailing list"; 

if(!$mail->Send()) 
{ 
echo "Message could not be sent. <p>"; 
echo "Mailer Error: " . $mail->ErrorInfo; 
exit; 
} 
} 
?> 
<html><body><h1>Hello world</h1></body></html> 
<?php 
}else{ 

my html forms page... 
<?php 
} 
?>
insight always appreciated
thank you
Kevin Raleigh


Moderator Edit (HawleyJR):
Hello Kevin, Welcome to the forum. Please read our rules regarding posting with the proper code tags.

Posted: Tue Jul 17, 2007 3:12 pm
by ianhull
Use form method GET not POST

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="[color=red]post[/color]"> 
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div> 
</form> 

Posted: Tue Jul 17, 2007 3:13 pm
by hawleyjr
You are posting vars but looking for get:

Code: Select all

if (isset($_POST['Submit'])) {
$userID = (int)$_GET['id'];// if you don't use quotes in your sql you must cast the input
$secureID = (int)$_GET['code'];

changes made but still

Posted: Tue Jul 17, 2007 4:17 pm
by krraleigh
I made the changes you suggested and when I submit the page my url states:

http://www.1purpose-bethel.org/validate ... d+New+User

I'm not sure where the add + new + user comes from but I still am not getting any feed back from the page.
The echo's, exit; and html still don't display.
I placed the comments in the code where action should be taking place and failures are occuring

Can you advise?

Code: Select all

<?php
if (isset($_GET['Submit'])) {
	$userID = (int)$_GET['id'];
	$secureID = (int)$_GET['code'];

	if (!get_magic_quotes_gpc()) {
	   $userID = addslashes($_GET['id']);
	}

	$check = mysql_query("SELECT * FROM user WHERE id = $userID")or die(mysql_error());


	//Gives error if user dosen't exist
	$check2 = mysql_num_rows($check);
	if ($check2 == 0) {
	   die(mysql_error());
	}
	
	while($info = mysql_fetch_array( $check )){
	   $dbSecureID = stripslashes($info[secureID]);
        $fName =     stripslashes($info['fName']);
        $lName =     stripslashes($info['lName']);
       //gives error if the password is wrong
	
//***************************************************
//I should get some feed back here but no response
$userName='';
	if(!$userName = "$fName $lName"){
	die("no value");
	}else{
	echo "hello world";
	exit;
	}
    }
//***************************************************

//***************************************************
// I should be updating the DB for the userID but it never updates
//
//***************************************************	
	if ($secureID != $dbSecureID) {
		  die('This user has not registered yet!');
	   } else{
  	        mysql_query("UPDATE user SET confirmIDFlag=1 WHERE id=$userID")or die(mysql_error());
            
//*********************************************
// the mail was working now ....
//**************************
            require("php/class.phpmailer.php");
                $mail = new PHPMailer();
            	// set mailer to use SMTP
            	$mail->Host = "relay-hosting.secureserver.net";

            	$mail->From = "sermon8or@1purpose-bethel.org";
            	$mail->FromName = "Pastor Art Gorman";
            	$mail->AddAddress("kraleigh@sbcglobal.net", "$userName");
            	$mail->WordWrap = 50;
            	$mail->IsHTML(true);

            	// set email format to HTML

            	$mail->Subject = "Welcome $userName";
            	$mail->Body    = "This email is to inform $userName<br/> that you have been added to our mailing list";
            	$mail->AltBody = "This email is to inform $userName<br/> that you have been added to our mailing list";

            	if(!$mail->Send())
            	{
            	   echo "Message could not be sent. <p>";
            	   echo "Mailer Error: " . $mail->ErrorInfo;
            	   exit;
            	}
	   }
	   ?>
	   <html><body><h1>Hello world</h1></body></html>
	   <?php
	   
	   
}  else {
?>
some html here...

insight appreciated
thank you
Kevin

Re: trying to trouble shoot this page

Posted: Tue Jul 17, 2007 7:42 pm
by WorldCom
The form:

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div> 
</form> 
Since you are using 'GET', all form inputs will be shown.
The submit button value is 'Add+New+User'.
Do you have inputs for 'id' and 'code' in your form?

eg

Code: Select all

<INPUT TYPE='text' NAME='id'>

trouble shooting this page

Posted: Tue Jul 17, 2007 9:41 pm
by krraleigh
I am pulling the value for id, and code directly from the url.
Would this make a difference?

kevin

Posted: Wed Jul 18, 2007 7:10 am
by WorldCom
That's fine kevin, but the URL you posted did not show any other values other than the Submit Button's value.
It should show something like this:
http://www.1purpose-bethel.org/validate ... d+New+User

If it's not something like the above, then for some reason those variables are not in the form.

Above, you only posted a snipplet of your form, maybe if you post the whole form it might help. ;)

troubleshooting this page

Posted: Wed Jul 18, 2007 4:20 pm
by krraleigh
Here is the complete code for the validation page:

The url I click to get to the page:
http://www.mysite.org/validate?id=161&code=a5SLx2

The url changes to this when clicked:
http://www.1purpose-bethel.org/validate ... d+New+User

The form that I use:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div>
</form>

The code:

Code: Select all

<?php
if (isset($_GET['Submit'])) {
	$userID = (int)$_GET['id'];
	$secureID = (int)$_GET['code'];

	if (!get_magic_quotes_gpc()) {
	   $userID = addslashes($_GET['id']);
	}

	$check = mysql_query("SELECT * FROM user WHERE id = $userID")or die(mysql_error());


	//Gives error if user dosen't exist
	$check2 = mysql_num_rows($check);
	if ($check2 == 0) {
	   die(mysql_error());
	}
	
	while($info = mysql_fetch_array( $check )){
	   $dbSecureID = stripslashes($info[secureID]);
        $fName =     stripslashes($info['fName']);
        $lName =     stripslashes($info['lName']);
       //gives error if the password is wrong
	$userName='';
	if(!$userName = "$fName $lName"){
	die("no value");
	}else{
	echo "hello world";
	exit;
	}
    }
	
	if ($secureID != $dbSecureID) {
		  die('This user has not registered yet!');
	   } else{
  	        mysql_query("UPDATE user SET confirmIDFlag=1 WHERE id=$userID")or die(mysql_error());
            

            require("php/class.phpmailer.php");
                $mail = new PHPMailer();
            	// set mailer to use SMTP
            	$mail->Host = "relay-hosting.secureserver.net";

            	$mail->From = "sermon8or@1purpose-bethel.org";
            	$mail->FromName = "Pastor Art Gorman";
            	$mail->AddAddress("kraleigh@sbcglobal.net", "$userName");
            	$mail->WordWrap = 50;
            	$mail->IsHTML(true);

            	// set email format to HTML

            	$mail->Subject = "Welcome $userName";
            	$mail->Body    = "This email is to inform $userName<br/> that you have been added to our mailing list";
            	$mail->AltBody = "This email is to inform $userName<br/> that you have been added to our mailing list";

            	if(!$mail->Send())
            	{
            	   echo "Message could not be sent. <p>";
            	   echo "Mailer Error: " . $mail->ErrorInfo;
            	   exit;
            	}
	   }
	   ?>
	   <html><body><h1>Hello world</h1></body></html>
	   <?php
	   
	   
}  else {
?>
My html code follows here:


Any insight would be appreciated
Thank you
Kevin

Posted: Wed Jul 18, 2007 5:20 pm
by WorldCom
Ok a bit clearer ......
You need to bring the first variables into the form.

This form wont do it:

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<div align="center"><input type="submit" name="Submit" value="Add New User" /></div>
</form>
Let me try

Code: Select all

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<div align="center">
<input type="text" name="id" value="<?php  echo $_GET['id']; ?>" />
<input type="text" name="code" value="<?php  echo $_GET['code']; ?>" />
<input type="submit" name="Submit" value="Add New User" /></div>
</form>
From the first URL you now will bring the variables into the form.
When you click the form, it should work ;)

I'm not worrying about your other code ..... just trying to get the variables to it.
Please note there is no cleaning in here.

PS .. my spelling was terrible ..... and only 2 drinks at the pub lol

Posted: Wed Jul 18, 2007 8:36 pm
by feyd
Security note: steer clear of using PHP_SELF.

PHP SELF

Posted: Wed Jul 18, 2007 11:45 pm
by krraleigh
1) How do I work around PHP_SELF
2) What are my security issues
3) Can I use PHP_SELF and resolve my security issues?

I am building a site for a church so security is a big issue?

Thank You
Kevin Raleigh :lol:

Re: PHP SELF

Posted: Thu Jul 19, 2007 4:53 am
by feyd
krraleigh wrote:1) How do I work around PHP_SELF
2) What are my security issues
3) Can I use PHP_SELF and resolve my security issues?

I am building a site for a church so security is a big issue?

Thank You
Kevin Raleigh :lol:
Search the forums/web for the name. You should fine a lot of information.