SitePoint Sponsor

User Tag List

Results 1 to 15 of 15
  1. #1
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    733
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Contact Form - Show answers on page

    This Contact Form code works successfully, however when a user doesn't check the checkbox a blank page appears with the words: "If you agree with the terms, check the Agree check box". Or if the user doesn't provide the right answer "hot" a blank page appears with the words: "Wrong Answer".

    Can you help me change this so the "words" appear on the Contact Form page instead on a blank page?

    Thanks.

    Code:
    <?php
    $mailto     = 'email@email.com';
    $mailsubj   = "Contact Form submission";
    $mailhead   = "From:Contact\n";
    $mailbody   = "--- Contact form results ---\n";
    foreach($_REQUEST as $key => $value)
    	{
    	if($key != 'PHPSESSID')
    	{
    	$mailbody .= $key.": ".$value."\n";
    	}
    }
    $continue = true;
    if(isset($_POST['ans']) && $_POST['ans']!='hot')
    {
    echo 'Wrong answer!';
    $continue = false;
    }
    // if the check box is not checked it will not appear in the $_POST values, it's better to use isset rather than empty
    if(!isset($_POST['agree']))
    {
    	echo "If you agree with the terms, check the Agree check box";
    	$continue = false;
    }
    if($continue)
    {
    
    $mailbody .= date('Y-m-d H:i:s',strtotime("now"));
    mail($mailto, $mailsubj, $mailbody, $mailhead);
    echo "<h2>Thanks!</h2>";
    //print_r($_REQUEST);
    }
    ?>

  2. #2
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Something like this?

    PHP Code:
    <?php
    // create an empty error array to hold any error messages
    $error = array();

    $mailto     'email@email.com';
    $mailsubj   "Contact Form submission";
    $mailhead   "From:Contact\n";
    $mailbody   "--- Contact form results ---\n";
    foreach(
    $_REQUEST as $key => $value)
        {
        if(
    $key != 'PHPSESSID')
        {
        
    $mailbody .= $key.": ".$value."\n";
        }
    }

    if(isset(
    $_POST['ans']) && $_POST['ans']!='hot')
    {
        
    // add error to error array
        
    $error[] = 'Wrong answer!';

    }
    // if the check box is not checked it will not appear in the $_POST values, it's better to use isset rather than empty
    if(!isset($_POST['agree']))
    {
        
    // add error to error array
        
    $error[] = "If you agree with the terms, check the Agree check box";
    }
    // if no errors are set, continue
    if(empty($error))
    {

    $mailbody .= date('Y-m-d H:i:s',strtotime("now"));
    mail($mailto$mailsubj$mailbody$mailhead);
    echo 
    "<h2>Thanks!</h2>";
    //print_r($_REQUEST);
    }

    // print error messages if available
    if(!empty($error)){
        foreach(
    $error as $err) {
            echo 
    $err.'<br>';
        }
    }
    ?>

  3. #3
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    733
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your code, I uploaded it, however, nothing has changed.
    All words appear on blank page still.
    Any additional help will be appreciated

  4. #4
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There's most likely something in the code you haven't posted that's causing this. Do you have a redirection somewhere?

  5. #5
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    733
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply.
    All i have is that form-handler code and this html form code:

    Code:
    <form action='form_handle.php' method='post' name='myform' >
    	<table border='0' padding='0' spacing='20' >
    	<tr>
    	<td>Company Name:&nbsp;&nbsp;&nbsp;</td>
    	<td><input type='text' size='45' name='company_name'><br /></td>
    	</tr>
    	<tr>
    	<td>Address:</td>
    	<td><input type='text' size='45' name='address'>
    	<br /><br/>
    	</td>
    	</tr>
    	<tr>
    	<td>City:</td>
    	<td><input type='text' size='45' name='city'>
    	<br/>
    	</td>
    	</tr>
    	<tr>
    	<td>State:</td>
    	<td><input type='text' size='20' name='state'>
    	<br />
    	</td>
    	</tr>
    	<tr>
    	<td>Zip:</td>
    	<td><input type='text' size='20' name='zip'>
    	<br /><br/>
    	</td>
    	</tr>
    	<tr>
    	<td>Contact Name:</td>
    	<td><input type='text' size='20' name='contact_name'>
    	<br /><br/>
    	</td>
    	</tr>
    	<tr>
    	<td>Phone Number:</td>
    	<td><input type='text' size='20' name='phone_number'>
    	<br />
    	</td>
    	</tr>
    	<tr>
    	<td>Email Address:</td>
    	<td><input type='text' size='20' name='email_address'>
    	<br /><br/>
    	</td>
    	</tr>
    	<td><input type="checkbox" name="agree" id="agree" value="agree" /> <label for='agree'>Check here to agree to these terms.</label></td>
    	<tr>
    	<td>
    	<p style="color:black; font-size:10px;"> By answering the simple question correctly (below)<br />
    	we'll know that you're a human being and<br />
    	not a spam-bot:</p></td>
    	<tr>
    	<td>Is fire hot or cold?</td>
    	<td><input type="text" name="ans"required pattern="hot"/>
    	<br />
    	</td>
    	<tr>
    	<td colspan='2' align='right'><input type='submit' value = 'Save'></td>
    	</tr>
    	</table>
    	</form>
    Any additional help will be appreciated

  6. #6
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Using your supplied code I tested this out in FF 6 and Safari 5 and it displayed the error messages and success message on the same page, just as it should.

    Is this all of the code on the page? Where's the header HTML? Is there a base href somewhere, or something in a config file or a browser setting that could be causing this issue?

  7. #7
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    733
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for asking for the entire page code. I don't know if any of this is causing an issue, but here it is. Any help will be GREATLY appreciated.


    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
    	<head>
    		<title></title>
    		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    		<script type="text/javascript" src="js/swfobject.js"></script>
    		<link href="/css/main.css" rel="stylesheet" type="text/css"/>
    
    	</head>
    	<body bgcolor="#ffffff">
    	<div id="generic-container2">
    	<div class="col_a1">
    	<img src="images/Bubbles.jpg" alt="" />
    	</div>
    	<div class="col_a2">
    	<div id="player"></div>
    
      	<div class="form">
    	<form action='form_handle.php' method='post' name='myform' >
    	<table border='0' padding='0' spacing='20' >
    	<tr>
    	<td>Company Name:&nbsp;&nbsp;&nbsp;</td>
    	<td><input type='text' size='45' name='company_name'><br /></td>
    	</tr>
    	<tr>
    	<td>Address:</td>
    	<td><input type='text' size='45' name='address'>
    	<br /><br/>
    	</td>
    	</tr>
    	<tr>
    	<td>City:</td>
    	<td><input type='text' size='45' name='city'>
    	<br/>
    	</td>
    	</tr>
    	<tr>
    	<td>State:</td>
    	<td><input type='text' size='20' name='state'>
    	<br />
    	</td>
    	</tr>
    	<tr>
    	<td>Zip:</td>
    	<td><input type='text' size='20' name='zip'>
    	<br /><br/>
    	</td>
    	</tr>
    	<tr>
    	<td>Contact Name:</td>
    	<td><input type='text' size='20' name='contact_name'>
    	<br /><br/>
    	</td>
    	</tr>
    	<tr>
    	<td>Phone Number:</td>
    	<td><input type='text' size='20' name='phone_number'>
    	<br />
    	</td>
    	</tr>
    	<tr>
    	<td>Email Address:</td>
    	<td><input type='text' size='20' name='email_address'>
    	<br /><br/>
    	</td>
    	</tr>
    	<td><input type="checkbox" name="agree" id="agree" value="agree" /> <label for='agree'>Check here to agree to these terms.</label></td>
    	<tr>
    	<td>
    	<p style="color:black; font-size:10px;"> By answering the simple question correctly (below)<br />
    	we'll know that you're a human being and<br />
    	not a spam-bot:</p></td>
    	<tr>
    	<td>Is fire hot or cold?</td>
    	<td><input type="text" name="ans"required pattern="hot"/>
    	<br />
    	</td>
    	<tr>
    	<td colspan='2' align='right'><input type='submit' value = 'Save'></td>
    	</tr>
    	</table>
    	</form>
    </div>
    
    <script type="text/javascript">
    		var my_filename	= get_parm('filename');
    
    		var file		= document.getElementById("form_filename");
    		file.value 		= my_filename;
    
    document.write("<div id='rerecord'><form action='index.html?filename="+my_filename+"' method='POST'><input type='submit' name='record' value='Return' id='record_button' /></form></div>");
    //document.write("<p><a href='index.html?filename="+my_filename+"'>Return</a><br><br>");//
    
    		var flashvars = {
    			source: my_filename,
    			server: "rtmp://67.xxx.xxx.xxx",
    			type: "video",
    			streamtype: "rtmp",
    			poster: "poster.png",
    			autostart: "false",
    			logo: "logo.png",
    			logoposition: "top left",
    			logoalpha: "30",
    			logowidth: "130",
    			logolink: "http://j.sourceforge.net",
    			hardwarescaling: "false",
    			darkcolor: "000000",
    			brightcolor: "4c4c4c",
    			controlcolor: "FFFFFF",
    			hovercolor : "67A8C1"
    		};
    		var params = {
    			allowFullscreen: "true",
    			allowScriptAccess: "always",
    			bgcolor: "#000000",
    			quality: "high",
    			scale: "noscale",
    			wmode: "opaque",
    			seamlesstabbing: "false"
    		};
    		var attributes = {};
    
    		swfobject.embedSWF("player.swf", "player", "500", "340", "9.0.0","expressInstall.swf", flashvars, params, attributes);
    
    		function get_parm(name)
    			{
    			name 		= name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
    			var regexS	= "[\\?&]"+name+"=([^&#]*)";
    			var regex	= new RegExp( regexS );
    			var results	= regex.exec( window.location.href );
    			if( results == null )
    				{
    				return "";
    				}
    			else
    				{
    				return results[1];
    				}
    			}
    	</script>
    <div>
           </body>
    
    </html>

  8. #8
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Every time I click submit it stays on the same page. I see the error messages and the form. What browser are you testing this in?

    When you say "blank page" is the browser opening a new window?

  9. #9
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    733
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply.
    I am using IE8 browser.

    When I select "Save" I go from /player.html page to /form-handle.php page that has a white background with only this text showing:

    "Wrong Answer"

    or

    "If you agree with the terms, check the Agree check box"

  10. #10
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ChrisjChrisj View Post
    Thanks for your reply.
    I am using IE8 browser.

    When I select "Save" I go from /player.html page to /form-handle.php page that has a white background with only this text showing:

    "Wrong Answer"

    or

    "If you agree with the terms, check the Agree check box"
    I was under the impression that you were doing everything on ONE page, and you're not, you're doing it on two. Your script is behaving exactly as it's supposed to because, when you submit the form you are redirecting the user FROM player.html TO form-handle.php where it shows the error message. What else is it supposed to show? The form is back on player.html, so you can't show it again unless you redirect the user back to player.html, or include player.html into form-handler.php.

    If you want everything to stay on one page, the easiest way is to put all of the PHP code at the top of the page and change the form action to the same page. For instance, if you change the name of the page to player.php you can do everything on that page.

    Code:
    <?php // put your php code here to process the form ?>
    <html>
    <body>
    <form action="player.php" >
    <!-- do your form stuff -->
    </form>
    </body>
    </html>
    Here's all of it together (this needs to be tested!)

    EDIT: notice that I used <?php echo $_SERVER['PHP_SELF']; ?> in the form action. This tells PHP to use the same page the form is on. This way you don't need to remember to change the page name in the form if you decide to change the page name later.

    PHP Code:
    <?php
    // create an empty error array to hold any error messages
    $error = array();
    if(isset(
    $_POST['posted'])) {
        
    $mailto     'email@email.com';
        
    $mailsubj   "Contact Form submission";
        
    $mailhead   "From:Contact\n";
        
    $mailbody   "--- Contact form results ---\n";
        foreach(
    $_REQUEST as $key => $value)
            {
            if(
    $key != 'PHPSESSID')
            {
            
    $mailbody .= $key.": ".$value."\n";
            }
        }
        
        if(isset(
    $_POST['ans']) && $_POST['ans']!='hot')
        {
            
    // add error to error array
            
    $error[] = 'Wrong answer!';
        
        }
        
    // if the check box is not checked it will not appear in the $_POST values, it's better to use isset rather than empty
        
    if(!isset($_POST['agree']))
        {
            
    // add error to error array
            
    $error[] = "If you agree with the terms, check the Agree check box";
        }
        
    // if no errors are set, continue
        
    if(empty($error))
        {
        
        
    $mailbody .= date('Y-m-d H:i:s',strtotime("now"));
        
    $sent mail($mailto$mailsubj$mailbody$mailhead);
        
        if(
    $sent) {
            echo 
    "<h2>Thanks!</h2>";
        }
        
    //print_r($_REQUEST);
        
    }
        
        
    // print error messages if available
        
    if(!empty($error)){
            foreach(
    $error as $err) {
                echo 
    $err.'<br>';
            }
        }
    }
    ?>
    <?php 
    if(!isset($sent)) { // hide the form if email has been sent ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
        <head>
            <title></title>
            <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
            <script type="text/javascript" src="js/swfobject.js"></script>
            <link href="/css/main.css" rel="stylesheet" type="text/css"/>

        </head>
        <body bgcolor="#ffffff">
        <div id="generic-container2">
        <div class="col_a1">
        <img src="http://www.sitepoint.com/forums/images/Bubbles.jpg" alt="" />
        </div>
        <div class="col_a2">
        <div id="player"></div>

          <div class="form">
        <form action='<?php echo $_SERVER['PHP_SELF']; ?>' method='post' name='myform' >
        
        <!-- add this so we can check for the form's submission (line 4) -->
        <input type="hidden" name="posted" value="posted" />
        
        <table border='0' padding='0' spacing='20' >
        <tr>
        <td>Company Name:&nbsp;&nbsp;&nbsp;</td>
        <td><input type='text' size='45' name='company_name'><br /></td>
        </tr>
        <tr>
        <td>Address:</td>
        <td><input type='text' size='45' name='address'>
        <br /><br/>
        </td>
        </tr>
        <tr>
        <td>City:</td>
        <td><input type='text' size='45' name='city'>
        <br/>
        </td>
        </tr>
        <tr>
        <td>State:</td>
        <td><input type='text' size='20' name='state'>
        <br />
        </td>
        </tr>
        <tr>
        <td>Zip:</td>
        <td><input type='text' size='20' name='zip'>
        <br /><br/>
        </td>
        </tr>
        <tr>
        <td>Contact Name:</td>
        <td><input type='text' size='20' name='contact_name'>
        <br /><br/>
        </td>
        </tr>
        <tr>
        <td>Phone Number:</td>
        <td><input type='text' size='20' name='phone_number'>
        <br />
        </td>
        </tr>
        <tr>
        <td>Email Address:</td>
        <td><input type='text' size='20' name='email_address'>
        <br /><br/>
        </td>
        </tr>
        <td><input type="checkbox" name="agree" id="agree" value="agree" /> <label for='agree'>Check here to agree to these terms.</label></td>
        <tr>
        <td>
        <p style="color:black; font-size:10px;"> By answering the simple question correctly (below)<br />
        we'll know that you're a human being and<br />
        not a spam-bot:</p></td>
        <tr>
        <td>Is fire hot or cold?</td>
        <td><input type="text" name="ans"required pattern="hot"/>
        <br />
        </td>
        <tr>
        <td colspan='2' align='right'><input type='submit' value = 'Save'></td>
        </tr>
        </table>
        </form>
    </div>

    <script type="text/javascript">
            var my_filename    = get_parm('filename');

            var file        = document.getElementById("form_filename");
            file.value         = my_filename;

    document.write("<div id='rerecord'><form action='index.html?filename="+my_filename+"' method='POST'><input type='submit' name='record' value='Return' id='record_button' /></form></div>");
    //document.write("<p><a href='index.html?filename="+my_filename+"'>Return</a><br><br>");//

            var flashvars = {
                source: my_filename,
                server: "rtmp://67.xxx.xxx.xxx",
                type: "video",
                streamtype: "rtmp",
                poster: "poster.png",
                autostart: "false",
                logo: "logo.png",
                logoposition: "top left",
                logoalpha: "30",
                logowidth: "130",
                logolink: "http://j.sourceforge.net",
                hardwarescaling: "false",
                darkcolor: "000000",
                brightcolor: "4c4c4c",
                controlcolor: "FFFFFF",
                hovercolor : "67A8C1"
            };
            var params = {
                allowFullscreen: "true",
                allowScriptAccess: "always",
                bgcolor: "#000000",
                quality: "high",
                scale: "noscale",
                wmode: "opaque",
                seamlesstabbing: "false"
            };
            var attributes = {};

            swfobject.embedSWF("player.swf", "player", "500", "340", "9.0.0","expressInstall.swf", flashvars, params, attributes);

            function get_parm(name)
                {
                name         = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
                var regexS    = "[\\?&]"+name+"=([^&#]*)";
                var regex    = new RegExp( regexS );
                var results    = regex.exec( window.location.href );
                if( results == null )
                    {
                    return "";
                    }
                else
                    {
                    return results[1];
                    }
                }
        </script>
    <div>
    <?php // if($sent) ?>
    </body>

    </html>

  11. #11
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    733
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply.

    The reason it's on two pages instead of one page, is that it keeps the email address (where the contact info is sent)(upon "Save"/submit) undisclosed.

    If I put it all on one page, won't the email address be disclosed?

    If so, is there a solution using two pages?

    Thanks again for any additional assistance.

  12. #12
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ChrisjChrisj View Post
    Thanks for your reply.

    The reason it's on two pages instead of one page, is that it keeps the email address (where the contact info is sent)(upon "Save"/submit) undisclosed.

    If I put it all on one page, won't the email address be disclosed?

    If so, is there a solution using two pages?
    PHP is server side, it doesn't get sent to the browser unless you print it to the browser. So no, the email address will not be disclosed unless you do something like <?php echo $email; ?>

    You can certainly do it on two pages, but it's a lot easier if you don't.

  13. #13
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't use $_SERVER['PHP_SELF'] like that for your form's action, it's vulnerable to XSS.

  14. #14
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by the182guy View Post
    Don't use $_SERVER['PHP_SELF'] like that for your form's action, it's vulnerable to XSS.
    I wasn't aware of that. Thanks for the heads up.

    I've read that htmlentities($_SERVER['PHP_SELF']); will solve the XSS problem.

  15. #15
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by tgavin View Post
    I wasn't aware of that. Thanks for the heads up.

    I've read that htmlentities($_SERVER['PHP_SELF']); will solve the XSS problem.
    No problem, htmlentities() should plug the hole but I think you're still going to get the hacker's evil input into your HTML (though will be htmlentitied).

    I believe basename($_SERVER['PHP_SELF']) or just $_SERVER['SCRIPT_FILENAME'] will also solve it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •