Mailing list problem

Hi, I am new to this forum and hopefully u guys can help me solve the problem i have in this first post! :slight_smile:

so I could some problems with this mailing list script and it is not doing exactly wut i expect it to do

here’s the manage_start.html script:



<html>
<head>
<title>Sub/Unsub</title>
</head>
<body>

<h3> Subscribe or unsubscribe update mailing list</h3>
<p>Cannot find the results you are looking for? You are then welcomed to subscribe this update mailing list, in which you would receive a notificaiton email once the entry, which has the data you are looking for, is updated. <br><br>
        You could also unsubscribe the update mailing list through here if you have previously subscribed.</p>

        <form method=POST action="/php/manage.php">

        <p><b>Your E-mail address:</b></br><br>
        <input type=text name="email" size=40 maxlength=150>
       
        <br><br>
        <input type=radio name="action" value="sub" checked>Subscrbie
        <input type=radio name="action" value="unsub">Unsubscribe
       
        <input type = "hidden" name = "op" value = "ds">
       
        <br><br><input type=submit name="submit" value="Submit form">
        </form>
       

</body>
</html>



and this is the manage.php script:



<?php

//set up a couple of functions

include('connect.php');

function emailChecker($email){
        global $connect, $check_result;
        //check mail is not already in list
        $check = "select id from users where email = '$email'";
        $check_result = mysqli_query($connect, $check) or die(mysqli_error($connect));
       
}

//Determine if they need to see the form or not
if ( ($_POST[op] == "ds" && ($_POST[action] == 'sub'))){
        //Try to subscribe, so validate email
        echo $_POST[op];
        echo $_POST[action];
        if($_POST[email]=""){
       
        echo $_POST[email];
        hearder("Location: manage_start.php");
        exit();
        }
        //connect to database
        db();
       
        //check if email is on the list
       
        emailChecker($_POST[email]);
       
        echo emailChecker($_POST[email]);
        //check the number of results to look for duplicates
        if (mysqli_num_rows($check_result)<1){

                //since no records detected, so add this new email
                echo mysqli_num_rows($check_result);
                $sql="INSERT into users (email) values('$_POST[email]')";
                $result = mysqli_query($connect, $sql) or die(mysqli_error($connect));
                echo "<p>Thanks for signing up!!</p>";

        } else {       
       
                //print failure message
                echo mysqli_num_rows($check_result);
                echo "<p>You have already subscribed!</p>";
        }
       
} else if (($_POST[op] == 'ds') && ($_POST[action] == "unsub")){

        //trying to unsubscribe and validate address
        if ($_POST[email] == "") {
        header ("Location: manage_start.html");
        exit();
        }
       
        db();
       
        emailChecker($_POST[email]);
       
        if (mysqli_num_rows($check_result) <1) {
                //print failure message
                echo mysqli_num_rows($check_result);
                echo "<p>Cannot find your address!</p>
                <p>No action is taken</p>";
               
        } else {
                //unsubscribe address
                echo mysqli_num_rows($check_result);
                $id = mysqli_real_escape_string($connect, $_POST['id']);
                $sql = "DELETE from users where id = '$id'";
                $result = mysqli_query($connect, $sql) or die(mysqli_error($connect));
                echo mysqli_num_rows($check_result);
                echo "<p>You have unsubscribed!</p>";
        }
}

?>


i have tried inserting echo mysqli_num_rows($check_result); right after if (mysqli_num_rows($check_result)<1); for both positive and negative results.

For subscribe, it doesn’t matter if i type in a random email address or the one that’s actually in the database, the following result always shows up:

dssub8

You have already subscribed!

What is this “dssub8” coming from ? is it related to the “ds” value i assigned?

As for the unsubscribe, it works ok if i type a random email, the result would be:

0

Cannot find your address!

No action is taken

and of coz the “0” is the result of echo mysqli_num_rows($check_result); right after if (mysqli_num_rows($check_result) <1)

but if i wanna delete the actual email address, which is from database, echo shows this:

11

You have unsubscribed!

And the number “11” keeps showing up when I try several DISTINCT emails even tho all the email addresses in database are DISTINCT.

please help me out i am so confused :sick:

Hi, Welcome to sitepoint.

I will check over the code you have, but for now…check this:


<?php

if ( ($_POST[op] == "ds" && ($_POST[action] == 'sub'))){

?>

Needs to be changed to:


<?php

if ( ($_POST[op] == "ds") && ($_POST[action] == 'sub') ) {

?>

I have made some changes, if any is incorrect…please let me know.




<?php



//set up a couple of functions



include('connect.php');

$email = $_POST['email'];

function emailChecker($email){

        global $connect, $check_result;

        //check mail is not already in list

        $check = "select id from users where email = '$email'";

        $check_result = mysqli_query($connect, $check) or die(mysqli_error($connect));

      

}



//Determine if they need to see the form or not

if ( ($_POST['op'] == "ds") && ($_POST['action'] == 'sub')) {

        //Try to subscribe, so validate email
        
        
        //when you use the echo below you are creating whitespace above the header() and it will error.
        // echo $_POST['op'];

        // echo $_POST['action'];

                if(!$email) {
                //when you use the echo below you are creating whitespace above the header() and it will error.
                // echo $_POST['email'];
                header("Location: manage_start.php");
                exit();

                }

        //connect to database

        db();

      

        //check if email is on the list

      

        emailChecker($_POST['email']);

      

        echo emailChecker($_POST['email']);

        //check the number of results to look for duplicates

        if (mysqli_num_rows($check_result)<1){



                //since no records detected, so add this new email

                echo mysqli_num_rows($check_result);

                $sql="INSERT into users (email) values('$email')";

                $result = mysqli_query($connect, $sql) or die(mysqli_error($connect));

                echo "<p>Thanks for signing up!!</p>";



        } else {      

      

                //print failure message

                echo mysqli_num_rows($check_result);

                echo "<p>You have already subscribed!</p>";

        }

      

} elseif (($_POST['op'] == 'ds') && ($_POST['action'] == "unsub")){



        //trying to unsubscribe and validate address

        if (!$email) {
        header("Location: manage_start.html");
        exit();
        }

      

        db();

      

        emailChecker($_POST['email']);

      

        if (mysqli_num_rows($check_result) <1) {

                //print failure message

                echo mysqli_num_rows($check_result);

                echo "<p>Cannot find your address!</p>

                <p>No action is taken</p>";

              

        } else {

                //unsubscribe address

                echo mysqli_num_rows($check_result);

                $id = mysqli_real_escape_string($connect, $_POST['id']);

                $sql = "DELETE from users where id = '$id'";

                $result = mysqli_query($connect, $sql) or die(mysqli_error($connect));

                echo mysqli_num_rows($check_result);

                echo "<p>You have unsubscribed!</p>";

        }

}



?>


Also, I can’t find $_POST[‘id’] .

as for the: “11 You have unsubscribed!” when you unsub and try to delete…it’s actually two ones put together from the echo here:

<?php
else {

                //unsubscribe address

                echo mysqli_num_rows($check_result); // the first "1"

                $id = mysqli_real_escape_string($connect, $_POST['id']);

                $sql = "DELETE from users where id = '$id'";

                $result = mysqli_query($connect, $sql) or die(mysqli_error($connect));

                echo mysqli_num_rows($check_result); // the second "1"

                echo "<p>You have unsubscribed!</p>";

        }


?>

Again, please let me know if I am off here.

Thanks,
Kevin

I think I have fixed the php for you. Just check the while in the unsubscribe area in the bottom:




<?php

include('connect.php');

$email  = $_POST['email'];
$op     = $_POST['op'];
$action = $_POST['action'];

function emailChecker($email){

        global $connect, $check_result;

        //check mail is not already in list

        $check = "select id from users where email = '$email'";

        $check_result = mysqli_query($connect, $check) or die(mysqli_error($connect));

      

}



//Determine if they need to see the form or not

if ( ($op == "ds") && ($action == 'sub')) {

        //Try to subscribe, so validate email


                if(!$email) {
                header("Location: manage_start.php");
                exit();
                }

        //connect to database

        db();

      

        //check if email is on the list

      

        emailChecker($email);

      

        echo emailChecker($email);

        //check the number of results to look for duplicates

        if (mysqli_num_rows($check_result)<1){



                //since no records detected, so add this new email

                echo mysqli_num_rows($check_result);

                $sql="INSERT into users (email) values('$email')";

                $result = mysqli_query($connect, $sql) or die(mysqli_error($connect));

                echo "<p>Thanks for signing up!!</p>";



        } else {      

      

                //print failure message

                echo mysqli_num_rows($check_result);

                echo "<p>You have already subscribed!</p>";

        }

      

} elseif (($op == 'ds') && ($action == "unsub")){



        //trying to unsubscribe and validate address

        if (!$email) {
        header("Location: manage_start.html");
        exit();
        }

      

        db();

      

        emailChecker($email);

      

        if (mysqli_num_rows($check_result) <1) {

                //print failure message

                echo mysqli_num_rows($check_result);

                echo "<p>Cannot find your address!</p> <p>No action is taken</p>";
        
        } else {

                //unsubscribe address
                
                // Fix this while statement to suit your needs
                
                    while ($row = mysqli_fetch_array($check_result)) {

                    extract($row);
                    
                    $id = $row["id"];
                    
                    }

                $sql = "DELETE from users where id = '$id'";

                $result = mysqli_query($connect, $sql) or die(mysqli_error($connect));

                echo mysqli_num_rows($check_result);

                echo "<p>You have unsubscribed!</p>";

        }

}



?>


Thanks,
Kevin

Kevin u r one life-saving-php-guru !!!

MANY THXXXXXXXX :cool:

You’re welcome. I am going to rework the code and add a captcha so that spam bots and such can’t add or remove email addresses.
Thanks,
Kevin

Almost have it done. Need to tweak a few more times to make sure it works 100%
Thanks,
Kevin

Tommy168,

I have it so it works. You just need to work on the function part. I have it working without it. The form and the php are on the same page.

manage.php


&lt;?php
    session_start();
    if ($_POST['form_submitted'] != '1') {
?&gt;
&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;
&lt;html&gt;
&lt;head&gt;

&lt;title&gt;Sub/Unsub&lt;/title&gt;
&lt;/head&gt;

&lt;body&gt;
&lt;div style="width:650px;border-left:1px solid black;border-right:1px solid gray;margin:0px auto;overflow:hidden;"&gt;

&lt;h3 style="background-color:#1c5665;color:white;padding:5px;text-align:center;margin-top:0px;"&gt;Subscribe or unsubscribe update mailing list&lt;/h3&gt;
&lt;p style="background-color:#1c5665;color:white;padding:5px;text-align:center;margin-top:0px;"&gt;Cannot find the results you are looking for? You are then welcomed to subscribe this update mailing list, in which you would receive a notificaiton email once the entry, which has the data you are looking for, is updated.&lt;br&gt;&lt;br&gt;You could also unsubscribe the update mailing list through here if you have previously subscribed.&lt;/p&gt;


  &lt;div style="float:left;width:214px;border-right:1px solid gray;padding:5px;background-color:#f6f8f9;height:100%;"&gt;
    &lt;form method="post"&gt;

    &lt;p align="right" style="padding:5px;"&gt;Email Address:&lt;/p&gt;
    

  &lt;/div&gt;

    &lt;div style="float:left;width:415px;padding:5px;"&gt;

    &lt;p&gt;&lt;input type="text" name="email" style="border:1px solid #1c5665;padding:3px;margin-top:5px;"&gt;&lt;/p&gt;
    &lt;input type=radio name="action" value="sub" checked&gt;Subscribe
    &lt;input type=radio name="action" value="unsub"&gt;Unsubscribe
    &lt;input type = "hidden" name = "op" value = "ds"&gt;
  
  &lt;/div&gt;

  &lt;div style="clear:both;"&gt;&nbsp;&lt;/div&gt;

  &lt;hr style="color:gray" /&gt;

  &lt;div style="width:325px; border:1px solid black;margin:0px auto;text-align:center;"&gt;
    &lt;p&gt;&lt;img src="captcha.php" /&gt;&lt;/p&gt;

      &lt;div style="margin-top:-15px;"&gt;
        Please enter the image text:&lt;br /&gt;
        (There will be no capital letters)
      &lt;/div&gt;
      &lt;div style="margin-top:-3px;margin-bottom: 4px;"&gt;
        &lt;input type="text" name="code" style="border:1px solid #1c5665;padding:3px;margin-top:5px;"&gt;

      &lt;/div&gt;
      &lt;input type="submit" value="Submit Form" /&gt;
      &lt;input type="hidden" name="form_submitted" value="1"/&gt;
      &lt;/form&gt;
  &lt;/div&gt;

  &lt;div style="width:650px;height:10px;background-color:#1c5665;"&gt;&nbsp;&lt;/div&gt;

&lt;?php } elseif ($_POST[form_submitted] == 1) {

                            //Encrypt the posted code field and then compare with the stored key

                            if(md5($_POST['code']) != $_SESSION['key']) {
                                echo "It seems you entered an invalid Captcha key. Please go back and try again.&lt;br /&gt;&lt;FORM&gt;&lt;INPUT type=\\"button\\" value=\\"CLICK HERE TO GO BACK!\\" onClick=\\"history.go(-1)\\"&gt;&lt;/FORM&gt; ";
                            } elseif (!$_POST['email']) {
                                echo "It seems you forgot your email. Please go back and try again.&lt;br /&gt;&lt;FORM&gt;&lt;INPUT type=\\"button\\" value=\\"CLICK HERE TO GO BACK!\\" onClick=\\"history.go(-1)\\"&gt;&lt;/FORM&gt; ";
                            } else {
                            
                            session_unset();
                            session_destroy();

                            // start of data

                        include('connect.php');
                        $email  = $_POST['email'];
                        $op     = $_POST['op'];
                        $action = $_POST['action'];
                        
                        $email   = htmlspecialchars($email, ENT_QUOTES);
    
    
    // I really couldn't get this one to work...lol

                function emailChecker($email){

                //check mail is not already in list

                $check = "select * from `users` where `email` = '$email'";

                $check_result = mysqli_query($check) or die(mysqli_error());

                }


            if ( ($op == "ds") && ($action == 'sub')) {
            
                    //Try to subscribe, so validate email

                    //connect to database

                    include('connect.php');
                    
                    //check if email is on the list

                $check = "select * from `users` where `email` = '$email'";

                $check_result = mysqli_query($check) or die(mysqli_error());
                    
                echo $check_result;
            
            
            
            
            
                    if (mysqli_num_rows($check_result)&lt;1) {

                    //since no records detected, so add this new email

                    echo mysqli_num_rows($check_result);

                    $sql="INSERT into `users` (email) values('$email')";

                    $result = mysqli_query($sql) or die(mysqli_error());

                    echo "&lt;html&gt;&lt;body style='background-color:#ececec;'&gt;&lt;div style='width:300px;border:1px dashed black;text-align:center;margin:0px auto;margin-top:200px;padding:20px;font-size:20px;background-color:white;'&gt;&lt;p&gt;Thanks for signing up!!&lt;/p&gt;&lt;/div&gt;";

                    } else {      

                    //print failure message

                    echo mysqli_num_rows($check_result);

                    echo "&lt;html&gt;&lt;body style='background-color:#ececec;'&gt;&lt;div style='width:300px;border:1px dashed black;text-align:center;margin:0px auto;margin-top:200px;padding:20px;font-size:20px;background-color:white;'&gt;&lt;p&gt;You have already subscribed!&lt;/p&gt;&lt;/div&gt;";

                    }
            
            
            
            
            } elseif (($op == 'ds') && ($action == "unsub")){
            
            
            
                        //trying to unsubscribe and validate address
                        
                        include('connect.php');

                        $check = "select * from `users` where `email` = '$email'";

                        $check_result = mysqli_query($check) or die(mysqli_error());
                            
                        echo $check_result;

      

                    if (mysqli_num_rows($check_result) &lt;1) {

                            //print failure message

                            echo mysqli_num_rows($check_result);

                            echo "&lt;html&gt;&lt;body style='background-color:#ececec;'&gt;&lt;div style='width:300px;border:1px dashed black;text-align:center;margin:0px auto;margin-top:200px;padding:20px;font-size:20px;background-color:white;'&gt;&lt;p&gt;Cannot find your address!&lt;/p&gt; &lt;p&gt;No action is taken&lt;/p&gt;&lt;/div&gt;";
                    
                    } else {

                                //unsubscribe address
                            
                                // Fix this while statement to suit your needs
                            
                                while ($row = mysqli_fetch_array($check_result)) {

                                extract($row);
                                
                                $id = $row["id"];
                                
                                }

                                $sql = "DELETE from `users` where `id` = '$id' AND `email` = '$email' LIMIT 1";

                                $result = mysqli_query($sql) or die(mysqli_error());

                                echo mysqli_num_rows($check_result);

                                echo "&lt;html&gt;&lt;body style='background-color:#ececec;'&gt;&lt;div style='width:300px;border:1px dashed black;text-align:center;margin:0px auto;margin-top:200px;padding:20px;font-size:20px;background-color:white;'&gt;&lt;p&gt;You have unsubscribed!&lt;/p&gt;&lt;/div&gt;";

                    }
                    
            }        
                    
                    
        }
}
?&gt;
&lt;/div&gt;
&lt;/body&gt;

&lt;/html&gt;

Just check it, because on my server I can’t use the mysqli ext…lol

captcha.php


&lt;?php

session_start();

// Generate a Random String, Based On Time
$md5 = md5(microtime() * mktime());

//We don't need a 32 character long string, let's trim it
$string = substr($md5,0,5);

// Use GD Library to make a PNG from a file
$captcha = imagecreatefrompng("captcha.png");

// Set colors of lines with RGB colors
$black = imagecolorallocate($captcha, 0, 0, 0);

$line = imagecolorallocate($captcha,233,239,239);

// The following creates random lines to help throw off a spam robot's ability to guess the string

// imageline($captcha,0,10,50,16,$black);
imageline($captcha,40,11,64,29,$black);
imageline($captcha,0,60,90,0,$black);

//Write the string to the image

imagestring($captcha, 5, 20, 10, $string, $black);

// Use MD5 encryption on the key, and store it for a comparison test later

$_SESSION['key'] = md5($string);

// Print out the image
header("Content-type: image/png");
imagepng($captcha);
imagedestroy($captcha);
?&gt;

Then the captcha.png file here: http://www.kevinslair.com/captcha.png

Hope you can get it to work on your site better.

Thanks,
Kevin

Kevin I think I love you, in a non-homo way

Thx a million for your extra work!!! I learned some good security features which come in handy for my site.

However i couldn’t get the CAPTCHA to work, as no CAPTCHA image is shown when i test it. You uploaded a link which is the image file for CAPTCHA so do i put this into htdocs directory along with manage.php and captcha.php ?

Again, I am really impressed by your great work man !! :stuck_out_tongue:

Haha. That’s cool. Just put the captcha.png file in the same directory as manage.php and captcha.php.
Thanks,
Kevin

Apparently i did put all these files under same directory but still no captcha image shows up, which is like

Please enter the image text:
(There will be no capital letters)
TEXTBOX
SUBMIT FORM

sry for so many questions cuz i am a real noob in captcha :eek:

thx a lot !

Check and see if you have the gd library installed.

use

 <?php phpinfo(); ?> 

to see if you have gd library installed.

You can check the image itself yoursite.com/captcha.php to see if it works.

in the captcha.php file, you can add:


<?php
$docroot = $_SERVER['DOCUMENT_ROOT'];
$captcha = imagecreatefrompng("$docroot/captcha.png");
?>

Let me know what gd if any exists in your phpinfo…
Kevin

hi kevin

i have added the code u mentioned into captcha.php and uploaded onto my web server (netfirms.ca) but it doesn’t seem to make a difference

i checked the gd section using phpinfo( ), and the result is this:

GD Support enabled
GD Version bundled (2.0.34 compatible)
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.3.11
T1Lib Support enabled
GIF Read Support enabled
GIF Create Support enabled
JPEG Support enabled
libJPEG Version 7
PNG Support enabled
libPNG Version 1.2.40
WBMP Support enabled
XBM Support enabled
JIS-mapped Japanese Font Support enabled

Directive Local Value Master Value
gd.jpeg_ignore_warning 0 0

wut gives ?

Tommy,
PM me your url to the captcha.php file.

yoursite.com/php/captcha.php or something… it should show as an image. If it doesn’t we’ll go from there.

Also, if the pages are in a folder off your doc root in /php/ you should change:



<?php
$docroot = $_SERVER['DOCUMENT_ROOT'];
$captcha = imagecreatefrompng("$docroot/captcha.png");
?>

// to

<?php
$docroot = $_SERVER['DOCUMENT_ROOT'];
$captcha = imagecreatefrompng("$docroot/php/captcha.png");
?>


Or… just thinking off my head… maybe you can’t run images from the php folder? Check that as well with just the url to the png file.

yoursite.com/php/captcha.png

if that fails, try this:

Change:


<form method="post">

<img src="captcha.php" alt="" />

to:


<form method="post" action="http://www.yoursite.com/php/manage.php">

<img src="http://www.yoursite.com/php/captcha.php" alt="" />


Let me know,
Thanks,
Kevin

so i have PM the urls for captcha.png and manage_edited.php to u

as u can c, captcha.png simply shows a green box without any text in it

and this sorta carries on to manage_edited.php which u c that green box as well

i made the changes u mentioned accordingly to my manage_edited.php file

but still wut’s the problem with this?

hope there’s no 403 error when u try to access those urls

Thx man appcreiate it :lol:

you know wut, problem solved

YAYYYYYYYYYYYYYYYYYYYYYY

ya u can check the url i sent to u and the captcha function works great

but still there r some minor sql problems i need to debug and i will ask you when i get stuck

anywayz simply can’t say enough THXXXX :smiley:

Awesome!!
I did check and signed up for the email, then unsubscribed and it seems to work.
Thanks,
Kevin