Form problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

Form problem

Post by kkonline »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Below is the code for post.php a processing part of the form. To whatever i post i get a blank page for post.php when testing on server.
Parse error: parse error in c:\program files\easyphp1-8\www\valid\post.php on line 34
CURRENTLY VALIDATING FOR NAME AND SECCODE ONLY, rest are dummy in index.php

POST.PHP

Code: Select all

<?php
require_once('../../includes/clean.inc.php');
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 5)
 	  {//token correct but timeout
	echo "Sorry Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate nameand other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
			     {
			      $name=clean($_POST['name']);
				echo $name;
			     }
			   else {
			     // $n is not valid
                     echo "Hoptic recommends you to fill your name properly.";
			        } 	
			else {
				//name not set
			   echo "Hoptic detected that you left the name field blank.";
			     } 	
    			}
			    else {
		      // security code is invalid
			echo "Hoptic detected that you filled the wrong code";
			exit;    }
  }
else	
    {
echo "Wrong data!";
exit;
    }

?>

Content of index.php

Code: Select all

<?php
session_start(); 
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
$_SESSION['token_time'] = time();
?>

<html>
<body>
<form action="post.php" method="post">
<table border="0" cellspacing="0" cellpadding="4">
<tr><td>Title: </td><td><input type="text" name="title" size="20" /></td></tr>
<tr><td>Contributed By: </td><td>
<input type="text" name="contributed_by" size="20" /></td></tr>
<tr><td>Name: </td><td><input type="text" name="name" size="20" /></td></tr>
<tr><td>Content: </td><td><TEXTAREA NAME="content" ROWS="10", COLS="30">Your data</TEXTAREA></td></tr>
<tr><td>Moral: </td><td><input type="text" name="moral" size="20" /></td></tr>
<tr><td>Category: </td><td><select name="category">

<option value="Chocolate Pie">Chocolate Pie</option>
<option value="It's Him">It's Him</option>
<option value="Mixed Bag">Mixed Bag</option>
<option value="Director's Cut">Director's Cut</option>
<option value="Tickle Your Bone">Tickle Your Bone</option>
<option value="The Living Legends">The Living Legends</option>
<option value="Rhythm n Blue">Rhythm n Blue</option>
<option value="Tiny Thoughts">Tiny Thoughts</option>
</select></td></tr>

<tr><td>Choose The Mood: </td><td> 
<input type="radio" name="mood" value="Cheerful" checked> Cheerful <input type="radio" name="mood" value="Confused"> Confused <input type="radio" name="mood" value="Sad"> Sad <input type="radio" name="mood" value="Anxious"> Anxious <input type="radio" name="mood" value="Laughing"> Laughing
<input type="radio" name="mood" value="Surprised"> Surprised</td></tr>
<tr> <td>Code: </td>
    <td>
    <input type="text" name="secCode" maxlength="6" style="width:50px" size="20"> <b>&laquo;</b>
    <img src="../../includes/seccode.inc.php" width="71" height="21" align="absmiddle"></td>
    </tr>
<?php
$date = mktime(date("G"), date("i"), date("s"), date("m"), date("d"), date("Y"));
?>
<tr><td><input type="submit" /></td></tr></table>
<input type="hidden" name="date" value="<?php echo date("d/m/Y", $date);?>" />
<input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR'];?>" />
</form>
</body>
</html>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

I don't believe "clean" is a function

and you can't have 2 ELSE's to the 1 IF statement (Looks like you've missed a few closing curly braces etc)
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

Post by kkonline »

iknownothing wrote: and you can't have 2 ELSE's to the 1 IF statement (Looks like you've missed a few closing curly braces etc)
which part of the code are you pointing to. specify the line number

Ya i missed one cury bracket closing i have corrected it, but to whatever i post it just pints wrong data on the test localhost server and blank page on actual server.

The corrected code is

Code: Select all

<?php
require_once('clean.inc.php');
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 5)
 	  {//token correct but timeout
	echo "Sorry Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate nameand other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
			     {
			      $name=clean($_POST['name']);
				echo $name;
			     }
			   else {
			     // $n is not valid
                     echo "Hoptic recommends you to fill your name properly.";
			        } 
}	
			else {
				//name not set
			   echo "Hoptic detected that you left the name field blank.";
			     } 	
    			}
			    else {
		      // security code is invalid
			echo "Hoptic detected that you filled the wrong code";
			exit;    }
  }
else	
    {//token is correct
echo "Wrong data!";
exit;
    }

?>
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

I think its right.

But "clean" still isn't a function, and its on the line your error is coming from.
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

Post by kkonline »

I am just getting wrong data for post.php to whatever i submit.

correct and modified contents of post.php

Code: Select all

<?php
require_once('../../includes/clean.inc.php');
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 5)
 	  {//token correct but timeout
	echo "Sorry Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate nameand other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
			     {
	   $name = trim($_POST['name']);
	   $name = mysql_real_escape_string($_POST['name']);
				echo $name;
			     }
			   else {
			     // $n is not valid
                     echo "Hoptic recommends you to fill your name properly.";
			        }
                   } 	
			else {
				//name not set
			   echo "Hoptic detected that you left the name field blank.";
			     } 	
    			}
			    else {
		      // security code is invalid
			echo "Hoptic detected that you filled the wrong code";
			exit;    }
  }
else	
    {
echo "Wrong data!";
exit;
    }

?>
index.php

Code: Select all

<?php
session_start(); 
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
$_SESSION['token_time'] = time();
?>

<html>
<body>
<form action="post.php" method="post">
<table border="0" cellspacing="0" cellpadding="4">
<tr><td>Name: </td><td><input type="text" name="name" size="20" /></td></tr>
<tr> <td>Code: </td>
    <td>
    <input type="text" name="secCode" maxlength="6" style="width:50px" size="20"> <b>&laquo;</b>
    <img src="../../includes/seccode.inc.php" width="71" height="21" align="absmiddle"></td>
    </tr>
<?php
$date = mktime(date("G"), date("i"), date("s"), date("m"), date("d"), date("Y"));
?>
<tr><td><input type="submit" /></td></tr></table>

</form>
</body>
</html>
Last edited by kkonline on Tue Aug 21, 2007 11:59 pm, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Blank pages typically mean parsing-type errors.. or for some reason the page doesn't actually echo anything. What does your error log say?
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

Post by kkonline »

I removed the usage of clean function and directly wrote

Code: Select all

$name = trim($_POST['name']);
	   $name = mysql_real_escape_string($_POST['name']);
Now to whatever i submit i prints "wrong data"
The current code code is

Code: Select all

<?php
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 5)
 	  {//token correct but timeout
	echo "Sorry Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate nameand other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
			     {
	   $name = trim($_POST['name']);
	   $name = mysql_real_escape_string($_POST['name']);
				echo $name;
			     }
			   else {
			     // $n is not valid
                     echo "Hoptic recommends you to fill your name properly.";
			        }
                   } 	
			else {
				//name not set
			   echo "Hoptic detected that you left the name field blank.";
			     } 	
    			}
			    else {
		      // security code is invalid
			echo "Hoptic detected that you filled the wrong code";
			exit;    }
  }
else	
    {
echo "Wrong data!";
exit;
    }

?>
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

SOLVED

Post by kkonline »

My fault... a very silly one, i forgot to send the token from index.php . But that's how newbies learn, don't they?
Post Reply