Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Form Processor issues

  1. #1
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Question Form Processor issues

    I have an awesome form processor that a good friend of mine wrote that worked on my other host, but the strlen checks began to fail once I moved my sites here. I was hoping someone may be able to give me some ideas on how to resolve this.

    Or tell me what to add to the bare script so I can strip html and prevent some spammers.

    There are two hidden input fields in the form itself, one for redirect and one for recipient.

    Here's the bare code which still works:
    <?php
    /**
    * Form Processing Script
    * Version 0.1a
    * @DATE November 29, 2006
    * @author Genesis Font
    * @copyright 2006 prolinuxwebhosting.com
    * Form must have the following hidden fields: recipient (should be the email address that will eceive the emailed message) and redirect (full url including http:// to the thankyou page)
    */

    $datetime = date("l dS of F Y H:i:s");
    $message = "On $datetime\n";
    $message .= "<br />Here are the details of the form submission:\n";

    while (list($key, $val) = each($_POST)) {
    if ($key == 'redirect') {
    $redirect = $val;
    }
    if ($key == 'recipient') {
    $to = $val;
    }

    if (($key != 'redirect') and ($key != 'recipient')) {
    $val = trim($val);
    $message .= "<br />$key: $val\n";
    }
    //echo "$key: $val<br />";//debugging info
    $lcval = strtolower($val);
    $pos = strpos($lcval,"http://");

    }

    $ServerName = $_SERVER["HTTP_HOST"];
    $message .= "<br /> Site: $ServerName \n";
    $visitorip = $_SERVER['REMOTE_ADDR'] ;
    $message .= "<br /> IP: $visitorip \n";

    //Format Email
    $email = $to;
    $subject = "New Form Submission";
    $headers = "From: $email\r\n";
    $headers .= "Content-type: text/html\r\n";
    //Send Email
    mail($to,$subject,$message,$headers);

    //redirect
    header("Location: $redirect");

    ?>


    Here's the code with the strlen which doesn't work and gives an error about the header already being sent:

    <?php
    /**
    * Form Processing Script
    * Version 0.1a
    * @DATE November 29, 2006
    * @author Genesis Font
    * @copyright 2006 prolinuxwebhosting.com
    * Form must have the following hidden fields: recipient (should be the email address that will receive the emailed

    message) and redirect (full url including http:// to the thankyou page)
    */


    $datetime = date("l dS of F Y H:i:s");
    $message = "On $datetime\n";
    $message .= "<br />Here are the details of the form submission:\n";

    while (list($key, $val) = each($_POST)) {
    if ($key == 'redirect') {
    $redirect = $val;
    }
    if ($key == 'recipient') {
    $to = $val;
    }

    if (($key != 'redirect') and ($key != 'recipient')) {
    $val = trim($val);
    $message .= "<br />$key: $val\n";
    }
    }

    echo "$key: $val<br />";//debugging info
    $lcval = strtolower($val);
    $pos = strpos($lcval,"http://");


    //Genesis' code//
    $ServerName = $_SERVER["HTTP_HOST"];
    $message .= "<br /> Site: $ServerName \n";
    $visitorip = $_SERVER['REMOTE_ADDR'] ;
    $message .= "<br /> IP: $visitorip \n";

    //new code
    // Validation
    if (strlen($first_name) <1)
    {
    header("Location: error.php");
    exit;
    }
    if (strlen($first_name) >25)
    {
    header("Location: error.php");
    exit;
    }

    if (strlen($last_name) <1)
    {
    header("Location: error.php");
    exit;
    }
    if (strlen($last_name) >25)
    {
    header("Location: error.php");
    exit;
    }

    if (! ereg('[A-Za-z0-9_-]+\@[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+', $vis_email))
    {
    header("Location: error.php");
    exit;
    }

    if (strlen($vis_email) == 0 )
    {
    header("Location: error.php");
    exit;
    }


    //end new code

    //Format Email
    $email = $to;
    $subject = "New Form Submission";
    $headers = "From: $vis_email\r\n";
    $headers .= "Content-type: text/html\r\n";
    //Send Email
    mail($to,$subject,$message,$headers);

    //redirect
    header("Location: $redirect");


    ?>

    Thanks in advance!
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  2. #2
    Dmitriy is offline Nearly a Master Glow Jedi
    Join Date
    Feb 2007
    Location
    Ukraine
    Posts
    124

    Default

    Hey

    Just comment-out the line
    //echo "$key: $val<br />";//debugging info

    The script can send HTTP headers only before any output. This should help.

    It worked on your previous host because default PHP error level was not showing all script errors. However on GlowHost servers PHP will show all errors, unless specified other option. This is good, because you can debug your scripts & see all errors they're causing.

  3. #3
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    I originally did have that commented out...but thank you. What was happening is no matter what was input in the form, it went to the error page.
    Any thoughts?
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  4. #4
    Dmitriy is offline Nearly a Master Glow Jedi
    Join Date
    Feb 2007
    Location
    Ukraine
    Posts
    124

    Default

    Looks like $first_name, $last_name, $vis_email etc comes from form via POST request. You should always referrer to these variables as $_POST['key'] - $_POST['last_name'], $_POST['first_name'] etc. Refering to $_POST['last_name'] as $last_name will return PHP error & empty string in this variable. This code works:
    if (strlen($first_name) <1)
    {
    header("Location: error.php");
    exit;
    }

    This is another bad security example. On some hosts register_globals PHP option is enabled. Disabling register_globals gives more security to your scripts - this is PHP team recommendation. This is done on GlowHost servers to gain better security level for PHP scripts.

  5. #5
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    Thank you Dmitriy!

    Can you give me a full block example?
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  6. #6
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    This is what he means
    PHP Code:
    if (strlen($_POST['first_name']) 

    header("Location: error.php"
    exit; 

    Last edited by jmarcv; 08-13-2007 at 09:57 PM.

  7. #7
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    John_Marc -
    I understand the code that you sent - thank you so much!

    But, what I don't get is: how come the formprocessor works fine until I start checking for strlen or ereg?

    This processor was cool because no matter what field you had in the form, it processed it and submitted all fields to the recipient.
    Doesn't the code specify here:
    while (list($key, $val) = each($_POST)) {
    that it's a $_POST?
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  8. #8
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    Yes it is, but .... it ONLY looks for redirect and recipient and ignores the rest. Something tells me wht he meant to do was this line: $val = trim($val); is a typo and he meant: ${$key} = trim($val); which essentially bypasses the register globals off setting. Not recommended. So what you end up with is a bunch of empty PHP vars, all with a strlen of 0 - hence the error triggering. Best, as Dmitriy points out is to just refer to the var in its POST format and be done with it. PHP 4 is almost dead. PHP 6 will not allow overriding this like your old host did, and when that happens, there will be a lot of companies scrambling.

  9. #9
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    Thanks for clearing that up for me....
    I guess I am back to the drawing board on this one.

    Thanks so much for both of your help!
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  10. #10
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    >I guess I am back to the drawing board on this one

    Really? I thought you were getting it.
    I'll rewrite it for you if its that much of an issue.
    Last edited by jmarcv; 08-13-2007 at 11:34 PM.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16