homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

Form error in verification code to be sent
Verification code is not being sent

 1:02 am on Oct 2, 2012 (gmt 0)

Hello, I have been scratching my head for almost 2 hours now, trying to figure out what's wrong with my code.

The form below is supposed to take someone's email address, and an email to be sent for verification.

Can someone be so kind as to point out the problem to me?

I keep getting the message "error message" set from the 'die' function.

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<input type="text" size="35" name="email" title="Email">
<input id="button" type="submit" name="submit" value="Submit your Email" />



$salt = "mysecret";

if(isset($_GET["confirm"]) && isset($_GET["email"])){
$confirm = $_GET["confirm"];
$to_email = $_GET["email"];

if(sha1($salt.$to_email) == $confirm){

echo "Success";

} else{
die("error: mail not confirmed");

} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

$confirm_link = $_SERVER["PHP_SELF"]."?confirm=".urlencode(sha1($salt.$to_email))."&mail=".urlencode($to_email);
$msg = "to confirm ... click the link: \n ".$confirm_link;
mail($to_email, "pls confirm your mail", $msg);
} else{
die("error message");




 7:36 am on Oct 2, 2012 (gmt 0)

Your form action is set to POST while you check for GET variables.


 3:07 pm on Oct 2, 2012 (gmt 0)

So, should I change all $_GET to $_POST ?


 3:43 pm on Oct 2, 2012 (gmt 0)

Update: I changed all the $_GET to $_POST - it works and sends the email, but when the verification link is clicked, it does not show the echoed "Success" message, but the die("error message"); message. Anything to do with the $salt ?


 8:20 pm on Oct 2, 2012 (gmt 0)

Back to basics:

$_POST collects all the variables in a POST request (like your form sends)
$_GET collects all the variables in a GET request (like your verification is sending)

Easiest if you don't want to be bothered with tracking/understanding the difference is to use $_REQUEST which has both the POST and GET variables all in one place.

Alternatively change these two
} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

} elseif(isset($_POST["email"])){
$to_email = $_POST["email"];

and it'll work if you leave the others on GET.

Your script is called twice (or more):
  • Once it is processing the POST from the form,
    -> it sends an email with a link to itself (a GET request)
  • once it is processing the GET from the email


 8:27 pm on Oct 2, 2012 (gmt 0)

Many thanks (swa66), works beautifully, cheers!


 8:50 pm on Oct 2, 2012 (gmt 0)

Question though as to how I can fix another wee problem that arose. If someone clicks on the submit button without entering an email, a dialog box pops up to "save the file". Anything I can do about that?


 9:02 pm on Oct 2, 2012 (gmt 0)

when this happened and I did save the file (just to see what the content would be), had this in there:

No recipient addresses found in header
X-Powered-By: PHP/5.2.3-20070601
Content-type: text/html


 9:11 am on Oct 3, 2012 (gmt 0)

Input validation is what you need to do.

This is the #1 security vulnerability in all applications out there.


 1:45 pm on Oct 3, 2012 (gmt 0)

Thanks. Will a Javascript version work and hide the form in <noscript> if Javascript is disabled?

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved