Page 1 of 2
Email Validation Error
Posted: Sat Mar 08, 2008 5:11 pm
by nootkan
Hello, I've been trying to get this form script to validate the email addresses with a script I got from another website, but keep getting a parse error and cannot figure out what is wrong as I cant see any white spaces etc.
Code: Select all
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /removed for security/ on line 10
Code: Select all
<?php
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
session_start();
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) ) {
mail("removed for security","Battle of the Brands Question","Form data:
" . $mail_message . "Form Submitted by IP Address: ".$_SERVER['REMOTE_ADDR']."\n
if (ereg(^([a-zA-Z0-9_-.]+)@(([[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.)|(([a-zA-Z0-9-]+.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(]?)$, $_POST['email'])) {
echo "<br>Please enter a valid e-mail address.";
}
Question: " . $_POST['field_1'] . "
Your email address: " . $_POST['field_2'] . "
");
include("confirm.html");
}
else {
echo "Invalid Captcha String.";
}
?>
PHP Version: 4.4.8
Display Errors: On
Error Level: Not E_ALL
Register Globals: Off
Nootkan
Re: Email Validation Error
Posted: Sat Mar 08, 2008 5:33 pm
by Ambush Commander
Your ereg expression needs to be wrapped in quotes. PHP does not have native support for regexps.
Re: Email Validation Error
Posted: Fri Mar 14, 2008 2:37 am
by nootkan
Unfortunately I don't understand what you're talking about.
Nootkan
Re: Email Validation Error
Posted: Fri Mar 14, 2008 8:20 am
by bertfour
I use this:
Code: Select all
$Pattern = "^([0-9a-z]+)([ 0-9a-z\.-_\-]+)@([0-9a-z\.-_\-]+)\.([0-9a-z]+)";
Seems to work...
Re: Email Validation Error
Posted: Fri Mar 14, 2008 11:43 am
by nootkan
I appreciate your reply and I apologise for my impatience, but I've been trying to get this to work for over a month now with no luck. I've tried various combinations of all kinds but still either get error messages or the code shows up in the form page generated when sent to email address.
Your solution returns this error;
Code: Select all
Parse error: syntax error, unexpected '[' in removed for security on line 10
I tried removing some of the '[' in the script, but it generated even more errors.
Here's how I placed your code into the processor.php file:
Code: Select all
<?php
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
session_start();
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) ) {
mail("removed for security","Battle of the Brands Question","Form data:
" . $mail_message . "Form Submitted by IP Address: ".$_SERVER['REMOTE_ADDR']."\n
$Pattern = "^([0-9a-z]+)([ 0-9a-z\.-_\-]+)@([0-9a-z\.-_\-]+)\.([0-9a-z]+)";
Question: " . $_POST['field_1'] . "
Your email address: " . $_POST['field_2'] . "");
include("confirm.html");
}
else {
echo "Invalid Captcha String.";
}
?>
Re: Email Validation Error
Posted: Sat Mar 15, 2008 3:32 am
by bertfour
Because you forgot a quote on the previous line.
And you still have to use the "Pattern" to validate the email address....
Re: Email Validation Error
Posted: Sat Mar 22, 2008 12:28 am
by nootkan
I didn't create this code so I'm not sure where the quote is missed. Also I did add the "pattern" on line 10. Sorry for my ignorance, but I just cannot figure this out. Trying to read a book on php to see if that will help. Most of the online tutorials that I've read two or three times each haven't helped me at all.
Thanks anyway for your help at least someone is trying to help me understand. Tough job though, I'm not the brightest candle in the box.
Nootkan
Re: Email Validation Error
Posted: Sat Mar 22, 2008 2:04 am
by Mordred
Email addresses are notoriously hard to validate, you'll be "guaranteed" to either let an invalid one pass through, or you'll stop one that's valid.
(
http://www.abcdefghijklmnopqrstuvwxyzab ... ghijk.com/)
Actually, there's no way of checking if an email address is valid(*) besides sending an email to that address.
You just have to make sure it's one address, not two or two thousand.
(*) for the only value of "valid" that matters.
P.S. I'm not telling you how to fix that code, because it's buggy, insecure, and as I already said - solving a non-problem.
Re: Email Validation Error
Posted: Sat Mar 22, 2008 4:24 pm
by nootkan
Mordred, that's an interesting website link. I didn't realize that email was so hard to validate. I guess there's no way to stop spammers manually entering garbage into the forms I use (instead of email addresses) on my websites. I was hoping I could somehow validate the unending bad email addresses they use all the time. As for sending a reply, I'd be too afraid that some of them might be legit thereby increasing my spam load by confirming my email address to them. Oh well, thanks for the help and input, I guess I'll have to keep deleting the garbage. I won't stop trying to learn php either it may just take me longer than I first thought.
Nootkan
Re: Email Validation Error
Posted: Sun Mar 23, 2008 1:48 pm
by Mordred
Oh... you should have said what your problem is, not what you think the solution might be

In *your* case, form spamming, try to implement a CAPTCHA, this will filter out the bots.
Edit: if they *manually* enter the spam (how do you know?), you're left with very few options - something like the anti-spam plugins of wordpress - akismet and spamkarma2 (non-trivial to reimplement, or even - I suspect - to integrate), or just manual delete.
Re: Email Validation Error
Posted: Sun Mar 23, 2008 11:03 pm
by nootkan
Mordred, figures I even get the question wrong.

I already have a captcha with the forms that's how I know they're manually doing this. I have spam karma 2 on my wordpress blog and really like it. I guess my next project after I try and learn php will be to try and integrate it into my "phpformgenerator" forms. One thing at a time though as I sometimes try to learn too many things at once.
Are you familar with this form generation tool? And if so, is it very secure in your opinion? I was told it was, but hey what do I know? Been researching some of the links provided on php security in this forum to try and learn a bit. I'd provide a link to the demo form tool, but not sure if that would be considered spamming.
Thanks again for your help.
Nootkan
Re: Email Validation Error
Posted: Mon Mar 24, 2008 4:10 am
by deadoralive
Mordred, figures I even get the question wrong.

I already have a captcha with the forms that's how I know they're manually doing this.
Not necessarily. Some captcha's have been defeated by bots using image recognition software. It may just be that the captcha used on your form is one that has been broken.
Having said that if someone is manually entering your form as Mordred said i'm not sure what you can do about that, apart from delete the spam yourself.
Re: Email Validation Error
Posted: Wed Mar 26, 2008 8:14 pm
by nootkan
deadoralive, thanks for your input, is there a way to determine whether my captcha image has been broken or better yet how would I make it unbreakable?
Nootkan
Re: Email Validation Error
Posted: Thu Mar 27, 2008 6:43 am
by matthijs
I think the captcha is not the most important issue here, if the rest of the code is buggy and insecure (as Mordred pointed out). Someone manually entering some spam in an otherwise "secure" form script is not that bad. A spambot misusing your form script to send 1000's of spammails to others is a whole different story. So maybe you should repost your entire form script code (within php tags) so that people here can have a good look. Otherwise you could try and find other existing (and hopefully better) scripts.
Re: Email Validation Error
Posted: Sat Mar 29, 2008 9:58 pm
by nootkan
Matthijs, sorry for the delay in responding, but in my regular life, I'm a long haul truck driver and have been away for a few days.
In any case here are the scripts as requested:
Form script
Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Purchase Status - created by phpFormGenerator</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"><link href="style.css" rel="stylesheet" type="text/css">
<!-- calendar stuff -->
<link rel="stylesheet" type="text/css" href="calendar/calendar-blue2.css" />
<script type="text/javascript" src="calendar/calendar.js"></script>
<script type="text/javascript" src="calendar/calendar-en.js"></script>
<script type="text/javascript" src="calendar/calendar-setup.js"></script>
<!-- END calendar stuff -->
<!-- expand/collapse function -->
<SCRIPT type=text/javascript>
<!--
function collapseElem(obj)
{
var el = document.getElementById(obj);
el.style.display = 'none';
}
function expandElem(obj)
{
var el = document.getElementById(obj);
el.style.display = '';
}
//-->
</SCRIPT>
<!-- expand/collapse function -->
<!-- expand/collapse function -->
<SCRIPT type=text/javascript>
<!--
// collapse all elements, except the first one
function collapseAll()
{
var numFormPages = 1;
for(i=2; i <= numFormPages; i++)
{
currPageId = ('mainForm_' + i);
collapseElem(currPageId);
}
}
//-->
</SCRIPT>
<!-- expand/collapse function -->
<!-- validate -->
<SCRIPT type=text/javascript>
<!--
function validateField(fieldId, fieldBoxId, fieldType, required)
{
fieldBox = document.getElementById(fieldBoxId);
fieldObj = document.getElementById(fieldId);
if(fieldType == 'text' || fieldType == 'textarea' || fieldType == 'password' || fieldType == 'file' || fieldType == 'phone' || fieldType == 'website')
{
if(required == 1 && fieldObj.value == '')
{
fieldObj.setAttribute("class","mainFormError");
fieldObj.setAttribute("className","mainFormError");
fieldObj.focus();
return false;
}
}
else if(fieldType == 'menu' || fieldType == 'country' || fieldType == 'state')
{
if(required == 1 && fieldObj.selectedIndex == 0)
{
fieldObj.setAttribute("class","mainFormError");
fieldObj.setAttribute("className","mainFormError");
fieldObj.focus();
return false;
}
}
else if(fieldType == 'email')
{
if((required == 1 && fieldObj.value=='') || (fieldObj.value!='' && !validate_email(fieldObj.value)))
{
fieldObj.setAttribute("class","mainFormError");
fieldObj.setAttribute("className","mainFormError");
fieldObj.focus();
return false;
}
}
}
function validate_email(emailStr)
{
apos=emailStr.indexOf("@");
dotpos=emailStr.lastIndexOf(".");
if (apos<1||dotpos-apos<2)
{
return false;
}
else
{
return true;
}
}
function validateDate(fieldId, fieldBoxId, fieldType, required, minDateStr, maxDateStr)
{
retValue = true;
fieldBox = document.getElementById(fieldBoxId);
fieldObj = document.getElementById(fieldId);
dateStr = fieldObj.value;
if(required == 0 && dateStr == '')
{
return true;
}
if(dateStr.charAt(2) != '/' || dateStr.charAt(5) != '/' || dateStr.length != 10)
{
retValue = false;
}
else // format's okay; check max, min
{
currDays = parseInt(dateStr.substr(0,2),10) + parseInt(dateStr.substr(3,2),10)*30 + parseInt(dateStr.substr(6,4),10)*365;
//alert(currDays);
if(maxDateStr != '')
{
maxDays = parseInt(maxDateStr.substr(0,2),10) + parseInt(maxDateStr.substr(3,2),10)*30 + parseInt(maxDateStr.substr(6,4),10)*365;
//alert(maxDays);
if(currDays > maxDays)
retValue = false;
}
if(minDateStr != '')
{
minDays = parseInt(minDateStr.substr(0,2),10) + parseInt(minDateStr.substr(3,2),10)*30 + parseInt(minDateStr.substr(6,4),10)*365;
//alert(minDays);
if(currDays < minDays)
retValue = false;
}
}
if(retValue == false)
{
fieldObj.setAttribute("class","mainFormError");
fieldObj.setAttribute("className","mainFormError");
fieldObj.focus();
return false;
}
}
//-->
</SCRIPT>
<!-- end validate -->
</head>
<body onLoad="collapseAll()">
<div id="mainForm">
<div id="formHeader">
<h2 class="formInfo">Purchase Status</h2>
<p class="formInfo"></p>
</div>
<BR/><!-- begin form -->
<form method=post enctype=multipart/form-data action=processor.php onSubmit="return validatePage1();"><ul class=mainForm id="mainForm_1">
<li class="mainForm" id="fieldBox_1">
<label class="formFieldQuestion">Purchase Status * <a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>Type your question here. Provide as much detail as you can to aid in tracking down your order.</span></a></label><textarea class=mainForm name=field_1 id=field_1 rows=7 cols=20></textarea></li>
<li class="mainForm" id="fieldBox_2">
<label class="formFieldQuestion">Email Address * <a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>Type your email address here so we may further correspond with you to determine your purchase status.</span></a></label><input class=mainForm type=email name=field_2 id=field_2 size=20 value="" style="background-image:url(imgs/email.png); background-repeat: no-repeat; padding: 2px 2px 2px 25px;"></li>
<!-- end of this page -->
<!-- page validation -->
<SCRIPT type=text/javascript>
<!--
function validatePage1()
{
retVal = true;
if (validateField('field_1','fieldBox_1','textarea',1) == false)
retVal=false;
if (validateField('field_2','fieldBox_2','email',1) == false)
retVal=false;
if(retVal == false)
{
alert('Please correct the errors. Fields marked with an asterisk (*) are required');
return false;
}
return retVal;
}
//-->
</SCRIPT>
<!-- end page validaton -->
<!-- next page buttons --><li class="mainForm">
<label class="formFieldQuestion">
Type the following: <a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>For security purposes, please type the letters in the image.</span></a><BR><img src="CaptchaSecurityImages.php" />
</label>
<input id="captchaForm" name="security_code" class="mainForm" type="text"/>
</li><li class="mainForm">
<input id="saveForm" class="mainForm" type="submit" value="Submit" />
</li>
</form>
<!-- end of form -->
<!-- close the display stuff for this page -->
</ul></div><div id="footer"><p class="footer"><a class=footer href=http://phpformgen.sourceforge.net>Generated by phpFormGenerator</a></p></div>
</body>
</html>
Processor script
Code: Select all
<?php
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
session_start();
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) ) {
mail("email@yourdomain.com","Status of my Order","Form data:
" . $mail_message . "Form Submitted by IP Address: ".$_SERVER['REMOTE_ADDR']."
" . $mail_message . "Time Form Submitted: " . date('Y-m-d h:i:s') . "\n
Purchase Status: " . $_POST['field_1'] . "
Email Address: " . $_POST['field_2'] . "
");
include("confirm.html");
}
else {
echo "Invalid Captcha String.";
}
?>
There is also a CaptchaSecurityImages.php file, some php files for the calendar feature that I don't use and a stylesheet for the form if you'd like to see the code for them.
The creator of the captcha script for this form demo tool has some hacks (
http://www.white-hat-web-design.co.uk/a ... m-spam.php) that add security to the captcha script that I've been trying to figure out.
Nootkan