I would appreciate it if someone could look over my script and tell me if anything should be added, changed, or deleted to it. One thing I am having a hard time with is getting it to display the form and text at the top that says, "Please fill out the form below", then after the form has been submitted to only display the text "Received".
The code below is stripped from my actual page so I could just show the important parts. I need to have the form and part that shows "Received" to show up inside of my main template (within the same page). I think I know how to do this if I add a \ before each " but in inital page that contains the form there's probably over 2,000 "s so it would take forever to insert all the \s.
Any advice would be greatly appreciated.PHP Code:<?php
/* connect to mysql server */
include("connect.php");
/* expire headers to prevent browser caching */
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Expires: Mon,26 Jul 1997 05:00:00 GMT");
/* turn off error reporting */
error_reporting(0);
/* valid referrers */
$referers = array ('domain.com');
/* verify that the script is being called from a valid referrer */
function check_referer($referers) {
if (count($referers)) {
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++) {
if (eregi ($referers[$x], $referer)) {
$found = true;
}
}
if (!getenv("HTTP_REFERER"))
$found = false;
if (!$found){
$error = '<span class="error">You are coming from an unauthorized domain.</span>';
error_log("[index.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true;
}
}
?>
<html>
<head>
<title>John's Form</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<p>Please fill out the form below:</p>
<p class="note">* is a required field.</p>
<?php
/* class containing form validations */
class fvalid {
/* verify that some info is entered */
function exists($var = '') {
if(trim($var)) {
return true;
} else {
return false;
}
}
/* verify that the e-mail address is valid */
function email($var = '') {
$pattern = "/^([a-zA-Z0-9])+([.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(.[a-zA-Z0-9_-]+)+/";
if(preg_match($pattern, $var)) {
return true;
} else {
return false;
}
}
}
unset($err);
unset($mailed);
/* arrays of fields to be validated...note that the $val array
corresponds to the validation class method */
$val[exists]=array('username','name');
$val[email]=array('email');
/* error messages */
$errs[exists]='<span class="error">Please enter your ';
$errs[email]='<span class="error">Please enter a valid ';
/* change the background of form fields containing errors */
while(list($method,$array)=each($val)){
foreach($array as $r){
$rs=addslashes(htmlentities(strip_tags($_POST[$r])));
if(eval("return(fvalid::$method('$rs'));")==false){
${$r."_error"}='style="background-color:#CC0000; color:#FFFFFF;"';
$rets[]=$errs[$method].$r;
$err=1;
} else {
$_POST[$r]=stripslashes($rs);
}
}
}
/* if no errors are found insert data into database */
if(!isset($err)){
/* connect to mysql server */
dbConnect('sessions');
/* check to see if username exists before recording data */
$sql = "SELECT COUNT(*) FROM users WHERE username = '$username'";
$result = mysql_query($sql);
if (!$result) {
echo("A database error occurred in processing your submission.");
exit();
}
if (mysql_result($result,0,0)>0) {
echo("A user already exists with your chosen username. Please try another.");
exit();
}
$new_password = substr(md5(time()),0,6);
$sql = "INSERT INTO users SET
username = '$username',
password = PASSWORD('$new_password'),
email = '$email',
name = '$name'";
/* print error if there's a problem connecting to the mysql database */
if (!isset($result))
{
echo("A database error occurred in processing your submission.");
exit();
}
/* print confirmation */
$mailed .="<p>Received!</p>";
/* Email the new password to the person */
$message = "\nDear $name:\n\n";
$message .= "Thank you for your submission\!\n\n\n";
$message .= "Sincerely,\n\n";
$message .= "John\n";
mail($email,"Thank You for Your Submission!",
$message, "From:john@hotmail.com");
} else {
/* print error messages */
foreach($rets as $r){
$print_error .= $r . "</span><br>";
}
}
?>
<?php if (isset($mailed)) { echo $mailed; } ?>
<?php if (isset($err) || !isset($_POST['submit'])) { ?>
<?php if (isset($err)) { echo "<span class=\"error\">The following errors were found:</span><br><br>"; } ?>
<?php if (isset($err)) { print ($print_error);} ?>
<form method="post" action="<?=$PHP_SELF?>" name="register">
<table width="550" border="0" cellspacing="4" cellpadding="0">
<tr>
<td width="550" height="30" colspan="3" class="section">Login Information</td>
</tr>
<tr>
<td width="10" height="20" align="right" class="body"> </td>
<td width="160" height="20" class="body">Username:<span class="note">*</span></td>
<td width="380" height="20"><input name="username" type="text" size="20" <?=$username_error;?> value="<?=$username;?>"></td>
</tr>
<tr>
<td height="10" align="right" class="body"> </td>
<td height="160" class="body">E-mail Address:<span class="note">*</span></td>
<td height="380"><input name="email" type="text" size="30" <?=$email_error;?> value="<?=$email;?>"></td>
</tr>
<tr>
<td width="10" height="22" align="right" class="body"> </td>
<td width="160" height="22" class="body">Name:<span class="note">*</span></td>
<td width="380" height="22"><input name="name" type="text" size="20" <?=$name_error;?> value="<?=$name;?>"></td>
</tr>
<tr>
<td width="550" height="40" colspan="3" align="left"><input name="submit" type="submit" value="Register" class="register"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Best Regards,
John
Bookmarks