SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    Git-R-Done
    Join Date
    Nov 2001
    Posts
    1,194
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Can Somebody Please Review My Form?

    I would appreciate it if someone could look over my script and tell me if anything should be added, changed, or deleted to it. One thing I am having a hard time with is getting it to display the form and text at the top that says, "Please fill out the form below", then after the form has been submitted to only display the text "Received".

    The code below is stripped from my actual page so I could just show the important parts. I need to have the form and part that shows "Received" to show up inside of my main template (within the same page). I think I know how to do this if I add a \ before each " but in inital page that contains the form there's probably over 2,000 "s so it would take forever to insert all the \s.

    PHP Code:
    <?php
    /* connect to mysql server */
    include("connect.php");

    /* expire headers to prevent browser caching */
    header("Cache-Control: no-cache, must-revalidate");
    header("Pragma: no-cache");
    header("Expires: Mon,26 Jul 1997 05:00:00 GMT");

    /* turn off error reporting */
    error_reporting(0); 

    /* valid referrers */
    $referers = array ('domain.com');

    /* verify that the script is being called from a valid referrer */
    function check_referer($referers) {
        if (
    count($referers)) {
        
    $found false;
        
    $temp explode("/",getenv("HTTP_REFERER"));
        
    $referer $temp[2];
        
        for (
    $x=0$x count($referers); $x++) {
        
        if (
    eregi ($referers[$x], $referer)) {
        
    $found true;
        }
        
        }
        
        if (!
    getenv("HTTP_REFERER"))
        
    $found false;
        
        if (!
    $found){
        
    $error '<span class="error">You are coming from an unauthorized domain.</span>';
            
    error_log("[index.php] Illegal Referer. (".getenv("HTTP_REFERER").")"0);
        }
        
        return 
    $found;
        
        } else {
        
        return 
    true;
        }
    }
    ?>
    <html>
    <head>
    <title>John's Form</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>
    <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
    <p>Please fill out the form below:</p>
    <p class="note">* is a required field.</p>
    <?php        
                
    /* class containing form validations */
                
    class fvalid {
                
                
    /* verify that some info is entered */
                
    function exists($var '') {
                    if(
    trim($var)) {
                        return 
    true;
                    } else {
                        return 
    false;
                    }
                }
                
                
    /* verify that the e-mail address is valid */
                
    function email($var '') {
                    
    $pattern "/^([a-zA-Z0-9])+([.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(.[a-zA-Z0-9_-]+)+/";
                    if(
    preg_match($pattern$var)) {
                        return 
    true;
                    } else {
                        return 
    false;
                    }
                }
                
                }

                unset(
    $err);
                unset(
    $mailed);

                
    /* arrays of fields to be validated...note that the $val array 
                corresponds to the validation class method */
                
    $val[exists]=array('username','name');
                
    $val[email]=array('email');

                
    /* error messages */
                
    $errs[exists]='<span class="error">Please enter your ';
                
    $errs[email]='<span class="error">Please enter a valid ';

                
    /* change the background of form fields containing errors */
                
    while(list($method,$array)=each($val)){
                foreach(
    $array as $r){
                       
    $rs=addslashes(htmlentities(strip_tags($_POST[$r])));
                if(eval(
    "return(fvalid::$method('$rs'));")==false){
                    ${
    $r."_error"}='style="background-color:#CC0000; color:#FFFFFF;"';
                    
    $rets[]=$errs[$method].$r
                    
    $err=1;
                
                } else {
                
                
    $_POST[$r]=stripslashes($rs);
                }
                }
                }
                
                
    /* if no errors are found insert data into database */
                
                
    if(!isset($err)){
                
                
    /* connect to mysql server */
                
    dbConnect('sessions');
            
                
    /* check to see if username exists before recording data */
                
    $sql "SELECT COUNT(*) FROM users WHERE username = '$username'";
                
    $result mysql_query($sql);
                
                if (!
    $result) {    
                    echo(
    "A database error occurred in processing your submission.");
                    exit();
                }
                
                if (
    mysql_result($result,0,0)>0) {
                    echo(
    "A user already exists with your chosen username. Please try another.");
                    exit();
                }
        
                
    $new_password substr(md5(time()),0,6);
        
                
    $sql "INSERT INTO users SET
                username = '
    $username',
                password = PASSWORD('
    $new_password'),
                email = '
    $email',
                name = '
    $name'";

                
    /* print error if there's a problem connecting to the mysql database */
                
    if (!isset($result))
                {
                echo(
    "A database error occurred in processing your submission.");
                exit();
                }
            
                
    /* print confirmation */
                
    $mailed .="<p>Received!</p>";
                
                
    /* Email the new password to the person */
                
    $message "\nDear $name:\n\n";
                
    $message .= "Thank you for your submission\!\n\n\n";
                
    $message .= "Sincerely,\n\n";
                
    $message .= "John\n";

                
    mail($email,"Thank You for Your Submission!",
                
    $message"From:john@hotmail.com");
                
                } else {
                
                
    /* print error messages */
                
    foreach($rets as $r){
                    
    $print_error .= $r "</span><br>";
                }
                }
                
    ?>
    <?php 
    if (isset($mailed)) { echo $mailed; } ?>
    <?php 
    if (isset($err) || !isset($_POST['submit'])) { ?>
    <?php 
    if (isset($err)) { echo "<span class=\"error\">The following errors were found:</span><br><br>"; } ?>
    <?php 
    if (isset($err)) { print ($print_error);} ?>
    <form method="post" action="<?=$PHP_SELF?>" name="register">
      <table width="550" border="0" cellspacing="4" cellpadding="0">
        <tr> 
          <td width="550" height="30" colspan="3" class="section">Login Information</td>
        </tr>
        <tr> 
          <td width="10" height="20" align="right" class="body">&nbsp;</td>
          <td width="160" height="20" class="body">Username:<span class="note">*</span></td>
          <td width="380" height="20"><input name="username" type="text" size="20" <?=$username_error;?> value="<?=$username;?>"></td>
        </tr>
        <tr> 
          <td height="10" align="right" class="body">&nbsp;</td>
          <td height="160" class="body">E-mail Address:<span class="note">*</span></td>
          <td height="380"><input name="email" type="text" size="30" <?=$email_error;?> value="<?=$email;?>"></td>
        </tr>
        <tr> 
          <td width="10" height="22" align="right" class="body">&nbsp;</td>
          <td width="160" height="22" class="body">Name:<span class="note">*</span></td>
          <td width="380" height="22"><input name="name" type="text" size="20" <?=$name_error;?> value="<?=$name;?>"></td>
        </tr>
        <tr> 
          <td width="550" height="40" colspan="3" align="left"><input name="submit" type="submit" value="Register" class="register"></td>
        </tr>
      </table>
    </form>
    <?php
    }
    ?>
    </body>
    </html>
    Any advice would be greatly appreciated.


    Best Regards,

    John

  2. #2
    SitePoint Evangelist
    Join Date
    Oct 2001
    Location
    Texas
    Posts
    598
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i have many form pages that do exactly what you mention. Here is how many php form pages are setup.

    if isset submit then I go thru
    Database manipulations/ add/ delete etc
    if complete then i set a variable ($registered) = to yes.

    if $registered = yes -> dispaly "Registered"
    else -> display "Please register etc..." and display form


    summary, I have all the php at the top and the html at the bottom and display what i want depending if they have registered or not.

  3. #3
    Git-R-Done
    Join Date
    Nov 2001
    Posts
    1,194
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply. In the section in your HTML where you display info dpending on whether they registered or not, do you have a \before every "? If so, is there a way to do this without having to add this? I probably have about 2,000 "s in this section and it would be MUCH easier if I don't have to add the \s.

    If this is possible, can you please give me an example on how to do this? I have another form that uses this method but it has the \s before the quotes.


    John

  4. #4
    SitePoint Evangelist
    Join Date
    Oct 2001
    Location
    Texas
    Posts
    598
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i tend to break out of php.

    i usually use if after someone doesnt complete all the required fields.

    here's how i might modify your arrangement

    PHP Code:
    <? if ($registered == "yes") {?> <p>Please fill out the form below:<? } else {?><p>Thank you for registering.<? ?>
    you could also not break out going along these lines
    PHP Code:
    <? if ($registered == "yes") {echo "<p>Please fill out the form below:"; } else { echo "<p>Thank you for registering."; } ?>


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •