Page 1 of 1

Form problem

Posted: Tue Aug 21, 2007 10:46 pm
by kkonline
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Below is the code for post.php a processing part of the form. To whatever i post i get a blank page for post.php when testing on server.
Parse error: parse error in c:\program files\easyphp1-8\www\valid\post.php on line 34
CURRENTLY VALIDATING FOR NAME AND SECCODE ONLY, rest are dummy in index.php

POST.PHP

Code: Select all

<?php
require_once('../../includes/clean.inc.php');
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 5)
 	  {//token correct but timeout
	echo "Sorry Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate nameand other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
			     {
			      $name=clean($_POST['name']);
				echo $name;
			     }
			   else {
			     // $n is not valid
                     echo "Hoptic recommends you to fill your name properly.";
			        } 	
			else {
				//name not set
			   echo "Hoptic detected that you left the name field blank.";
			     } 	
    			}
			    else {
		      // security code is invalid
			echo "Hoptic detected that you filled the wrong code";
			exit;    }
  }
else	
    {
echo "Wrong data!";
exit;
    }

?>

Content of index.php

Code: Select all

<?php
session_start(); 
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
$_SESSION['token_time'] = time();
?>

<html>
<body>
<form action="post.php" method="post">
<table border="0" cellspacing="0" cellpadding="4">
<tr><td>Title: </td><td><input type="text" name="title" size="20" /></td></tr>
<tr><td>Contributed By: </td><td>
<input type="text" name="contributed_by" size="20" /></td></tr>
<tr><td>Name: </td><td><input type="text" name="name" size="20" /></td></tr>
<tr><td>Content: </td><td><TEXTAREA NAME="content" ROWS="10", COLS="30">Your data</TEXTAREA></td></tr>
<tr><td>Moral: </td><td><input type="text" name="moral" size="20" /></td></tr>
<tr><td>Category: </td><td><select name="category">

<option value="Chocolate Pie">Chocolate Pie</option>
<option value="It's Him">It's Him</option>
<option value="Mixed Bag">Mixed Bag</option>
<option value="Director's Cut">Director's Cut</option>
<option value="Tickle Your Bone">Tickle Your Bone</option>
<option value="The Living Legends">The Living Legends</option>
<option value="Rhythm n Blue">Rhythm n Blue</option>
<option value="Tiny Thoughts">Tiny Thoughts</option>
</select></td></tr>

<tr><td>Choose The Mood: </td><td> 
<input type="radio" name="mood" value="Cheerful" checked> Cheerful <input type="radio" name="mood" value="Confused"> Confused <input type="radio" name="mood" value="Sad"> Sad <input type="radio" name="mood" value="Anxious"> Anxious <input type="radio" name="mood" value="Laughing"> Laughing
<input type="radio" name="mood" value="Surprised"> Surprised</td></tr>
<tr> <td>Code: </td>
    <td>
    <input type="text" name="secCode" maxlength="6" style="width:50px" size="20"> <b>&laquo;</b>
    <img src="../../includes/seccode.inc.php" width="71" height="21" align="absmiddle"></td>
    </tr>
<?php
$date = mktime(date("G"), date("i"), date("s"), date("m"), date("d"), date("Y"));
?>
<tr><td><input type="submit" /></td></tr></table>
<input type="hidden" name="date" value="<?php echo date("d/m/Y", $date);?>" />
<input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR'];?>" />
</form>
</body>
</html>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Aug 21, 2007 11:15 pm
by iknownothing
I don't believe "clean" is a function

and you can't have 2 ELSE's to the 1 IF statement (Looks like you've missed a few closing curly braces etc)

Posted: Tue Aug 21, 2007 11:20 pm
by kkonline
iknownothing wrote: and you can't have 2 ELSE's to the 1 IF statement (Looks like you've missed a few closing curly braces etc)
which part of the code are you pointing to. specify the line number

Ya i missed one cury bracket closing i have corrected it, but to whatever i post it just pints wrong data on the test localhost server and blank page on actual server.

The corrected code is

Code: Select all

<?php
require_once('clean.inc.php');
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 5)
 	  {//token correct but timeout
	echo "Sorry Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate nameand other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
			     {
			      $name=clean($_POST['name']);
				echo $name;
			     }
			   else {
			     // $n is not valid
                     echo "Hoptic recommends you to fill your name properly.";
			        } 
}	
			else {
				//name not set
			   echo "Hoptic detected that you left the name field blank.";
			     } 	
    			}
			    else {
		      // security code is invalid
			echo "Hoptic detected that you filled the wrong code";
			exit;    }
  }
else	
    {//token is correct
echo "Wrong data!";
exit;
    }

?>

Posted: Tue Aug 21, 2007 11:34 pm
by iknownothing
I think its right.

But "clean" still isn't a function, and its on the line your error is coming from.

Posted: Tue Aug 21, 2007 11:54 pm
by kkonline
I am just getting wrong data for post.php to whatever i submit.

correct and modified contents of post.php

Code: Select all

<?php
require_once('../../includes/clean.inc.php');
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 5)
 	  {//token correct but timeout
	echo "Sorry Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate nameand other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
			     {
	   $name = trim($_POST['name']);
	   $name = mysql_real_escape_string($_POST['name']);
				echo $name;
			     }
			   else {
			     // $n is not valid
                     echo "Hoptic recommends you to fill your name properly.";
			        }
                   } 	
			else {
				//name not set
			   echo "Hoptic detected that you left the name field blank.";
			     } 	
    			}
			    else {
		      // security code is invalid
			echo "Hoptic detected that you filled the wrong code";
			exit;    }
  }
else	
    {
echo "Wrong data!";
exit;
    }

?>
index.php

Code: Select all

<?php
session_start(); 
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
$_SESSION['token_time'] = time();
?>

<html>
<body>
<form action="post.php" method="post">
<table border="0" cellspacing="0" cellpadding="4">
<tr><td>Name: </td><td><input type="text" name="name" size="20" /></td></tr>
<tr> <td>Code: </td>
    <td>
    <input type="text" name="secCode" maxlength="6" style="width:50px" size="20"> <b>&laquo;</b>
    <img src="../../includes/seccode.inc.php" width="71" height="21" align="absmiddle"></td>
    </tr>
<?php
$date = mktime(date("G"), date("i"), date("s"), date("m"), date("d"), date("Y"));
?>
<tr><td><input type="submit" /></td></tr></table>

</form>
</body>
</html>

Posted: Tue Aug 21, 2007 11:58 pm
by feyd
Blank pages typically mean parsing-type errors.. or for some reason the page doesn't actually echo anything. What does your error log say?

Posted: Wed Aug 22, 2007 12:02 am
by kkonline
I removed the usage of clean function and directly wrote

Code: Select all

$name = trim($_POST['name']);
	   $name = mysql_real_escape_string($_POST['name']);
Now to whatever i submit i prints "wrong data"
The current code code is

Code: Select all

<?php
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 5)
 	  {//token correct but timeout
	echo "Sorry Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate nameand other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
			     {
	   $name = trim($_POST['name']);
	   $name = mysql_real_escape_string($_POST['name']);
				echo $name;
			     }
			   else {
			     // $n is not valid
                     echo "Hoptic recommends you to fill your name properly.";
			        }
                   } 	
			else {
				//name not set
			   echo "Hoptic detected that you left the name field blank.";
			     } 	
    			}
			    else {
		      // security code is invalid
			echo "Hoptic detected that you filled the wrong code";
			exit;    }
  }
else	
    {
echo "Wrong data!";
exit;
    }

?>

SOLVED

Posted: Wed Aug 22, 2007 12:17 am
by kkonline
My fault... a very silly one, i forgot to send the token from index.php . But that's how newbies learn, don't they?