This Contact Form code works successfully, however when a user doesn’t check the checkbox a blank page appears with the words: “If you agree with the terms, check the Agree check box”. Or if the user doesn’t provide the right answer “hot” a blank page appears with the words: “Wrong Answer”.
Can you help me change this so the “words” appear on the Contact Form page instead on a blank page?
Thanks.
<?php
$mailto = 'email@email.com';
$mailsubj = "Contact Form submission";
$mailhead = "From:Contact\
";
$mailbody = "--- Contact form results ---\
";
foreach($_REQUEST as $key => $value)
{
if($key != 'PHPSESSID')
{
$mailbody .= $key.": ".$value."\
";
}
}
$continue = true;
if(isset($_POST['ans']) && $_POST['ans']!='hot')
{
echo 'Wrong answer!';
$continue = false;
}
// if the check box is not checked it will not appear in the $_POST values, it's better to use isset rather than empty
if(!isset($_POST['agree']))
{
echo "If you agree with the terms, check the Agree check box";
$continue = false;
}
if($continue)
{
$mailbody .= date('Y-m-d H:i:s',strtotime("now"));
mail($mailto, $mailsubj, $mailbody, $mailhead);
echo "<h2>Thanks!</h2>";
//print_r($_REQUEST);
}
?>
<?php
// create an empty error array to hold any error messages
$error = array();
$mailto = 'email@email.com';
$mailsubj = "Contact Form submission";
$mailhead = "From:Contact\
";
$mailbody = "--- Contact form results ---\
";
foreach($_REQUEST as $key => $value)
{
if($key != 'PHPSESSID')
{
$mailbody .= $key.": ".$value."\
";
}
}
if(isset($_POST['ans']) && $_POST['ans']!='hot')
{
// add error to error array
$error[] = 'Wrong answer!';
}
// if the check box is not checked it will not appear in the $_POST values, it's better to use isset rather than empty
if(!isset($_POST['agree']))
{
// add error to error array
$error[] = "If you agree with the terms, check the Agree check box";
}
// if no errors are set, continue
if(empty($error))
{
$mailbody .= date('Y-m-d H:i:s',strtotime("now"));
mail($mailto, $mailsubj, $mailbody, $mailhead);
echo "<h2>Thanks!</h2>";
//print_r($_REQUEST);
}
// print error messages if available
if(!empty($error)){
foreach($error as $err) {
echo $err.'<br>';
}
}
?>
Using your supplied code I tested this out in FF 6 and Safari 5 and it displayed the error messages and success message on the same page, just as it should.
Is this all of the code on the page? Where’s the header HTML? Is there a base href somewhere, or something in a config file or a browser setting that could be causing this issue?
I was under the impression that you were doing everything on ONE page, and you’re not, you’re doing it on two. Your script is behaving exactly as it’s supposed to because, when you submit the form you are redirecting the user FROM player.html TO form-handle.php where it shows the error message. What else is it supposed to show? The form is back on player.html, so you can’t show it again unless you redirect the user back to player.html, or include player.html into form-handler.php.
If you want everything to stay on one page, the easiest way is to put all of the PHP code at the top of the page and change the form action to the same page. For instance, if you change the name of the page to player.php you can do everything on that page.
<?php // put your php code here to process the form ?>
<html>
<body>
<form action="player.php" >
<!-- do your form stuff -->
</form>
</body>
</html>
Here’s all of it together (this needs to be tested!)
EDIT: notice that I used <?php echo $_SERVER[‘PHP_SELF’]; ?> in the form action. This tells PHP to use the same page the form is on. This way you don’t need to remember to change the page name in the form if you decide to change the page name later.
<?php
// create an empty error array to hold any error messages
$error = array();
if(isset($_POST['posted'])) {
$mailto = 'email@email.com';
$mailsubj = "Contact Form submission";
$mailhead = "From:Contact\
";
$mailbody = "--- Contact form results ---\
";
foreach($_REQUEST as $key => $value)
{
if($key != 'PHPSESSID')
{
$mailbody .= $key.": ".$value."\
";
}
}
if(isset($_POST['ans']) && $_POST['ans']!='hot')
{
// add error to error array
$error[] = 'Wrong answer!';
}
// if the check box is not checked it will not appear in the $_POST values, it's better to use isset rather than empty
if(!isset($_POST['agree']))
{
// add error to error array
$error[] = "If you agree with the terms, check the Agree check box";
}
// if no errors are set, continue
if(empty($error))
{
$mailbody .= date('Y-m-d H:i:s',strtotime("now"));
$sent = mail($mailto, $mailsubj, $mailbody, $mailhead);
if($sent) {
echo "<h2>Thanks!</h2>";
}
//print_r($_REQUEST);
}
// print error messages if available
if(!empty($error)){
foreach($error as $err) {
echo $err.'<br>';
}
}
}
?>
<?php if(!isset($sent)) { // hide the form if email has been sent ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="js/swfobject.js"></script>
<link href="/css/main.css" rel="stylesheet" type="text/css"/>
</head>
<body bgcolor="#ffffff">
<div id="generic-container2">
<div class="col_a1">
<img src="http://www.sitepoint.com/forums/images/Bubbles.jpg" alt="" />
</div>
<div class="col_a2">
<div id="player"></div>
<div class="form">
<form action='<?php echo $_SERVER['PHP_SELF']; ?>' method='post' name='myform' >
<!-- add this so we can check for the form's submission (line 4) -->
<input type="hidden" name="posted" value="posted" />
<table border='0' padding='0' spacing='20' >
<tr>
<td>Company Name: </td>
<td><input type='text' size='45' name='company_name'><br /></td>
</tr>
<tr>
<td>Address:</td>
<td><input type='text' size='45' name='address'>
<br /><br/>
</td>
</tr>
<tr>
<td>City:</td>
<td><input type='text' size='45' name='city'>
<br/>
</td>
</tr>
<tr>
<td>State:</td>
<td><input type='text' size='20' name='state'>
<br />
</td>
</tr>
<tr>
<td>Zip:</td>
<td><input type='text' size='20' name='zip'>
<br /><br/>
</td>
</tr>
<tr>
<td>Contact Name:</td>
<td><input type='text' size='20' name='contact_name'>
<br /><br/>
</td>
</tr>
<tr>
<td>Phone Number:</td>
<td><input type='text' size='20' name='phone_number'>
<br />
</td>
</tr>
<tr>
<td>Email Address:</td>
<td><input type='text' size='20' name='email_address'>
<br /><br/>
</td>
</tr>
<td><input type="checkbox" name="agree" id="agree" value="agree" /> <label for='agree'>Check here to agree to these terms.</label></td>
<tr>
<td>
<p style="color:black; font-size:10px;"> By answering the simple question correctly (below)<br />
we'll know that you're a human being and<br />
not a spam-bot:</p></td>
<tr>
<td>Is fire hot or cold?</td>
<td><input type="text" name="ans"required pattern="hot"/>
<br />
</td>
<tr>
<td colspan='2' align='right'><input type='submit' value = 'Save'></td>
</tr>
</table>
</form>
</div>
<script type="text/javascript">
var my_filename = get_parm('filename');
var file = document.getElementById("form_filename");
file.value = my_filename;
document.write("<div id='rerecord'><form action='index.html?filename="+my_filename+"' method='POST'><input type='submit' name='record' value='Return' id='record_button' /></form></div>");
//document.write("<p><a href='index.html?filename="+my_filename+"'>Return</a><br><br>");//
var flashvars = {
source: my_filename,
server: "rtmp://67.xxx.xxx.xxx",
type: "video",
streamtype: "rtmp",
poster: "poster.png",
autostart: "false",
logo: "logo.png",
logoposition: "top left",
logoalpha: "30",
logowidth: "130",
logolink: "http://j.sourceforge.net",
hardwarescaling: "false",
darkcolor: "000000",
brightcolor: "4c4c4c",
controlcolor: "FFFFFF",
hovercolor : "67A8C1"
};
var params = {
allowFullscreen: "true",
allowScriptAccess: "always",
bgcolor: "#000000",
quality: "high",
scale: "noscale",
wmode: "opaque",
seamlesstabbing: "false"
};
var attributes = {};
swfobject.embedSWF("player.swf", "player", "500", "340", "9.0.0","expressInstall.swf", flashvars, params, attributes);
function get_parm(name)
{
name = name.replace(/[\\[]/,"\\\\\\[").replace(/[\\]]/,"\\\\\\]");
var regexS = "[\\\\?&]"+name+"=([^&#]*)";
var regex = new RegExp( regexS );
var results = regex.exec( window.location.href );
if( results == null )
{
return "";
}
else
{
return results[1];
}
}
</script>
<div>
<?php } // if($sent) ?>
</body>
</html>
PHP is server side, it doesn’t get sent to the browser unless you print it to the browser. So no, the email address will not be disclosed unless you do something like <?php echo $email; ?>
You can certainly do it on two pages, but it’s a lot easier if you don’t.
No problem, htmlentities() should plug the hole but I think you’re still going to get the hacker’s evil input into your HTML (though will be htmlentitied).
I believe basename($_SERVER[‘PHP_SELF’]) or just $_SERVER[‘SCRIPT_FILENAME’] will also solve it.
