homepage Welcome to WebmasterWorld Guest from 54.205.205.47
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Form error in verification code to be sent
Verification code is not being sent
fredfletcher




msg:4502769
 1:02 am on Oct 2, 2012 (gmt 0)

Hello, I have been scratching my head for almost 2 hours now, trying to figure out what's wrong with my code.

The form below is supposed to take someone's email address, and an email to be sent for verification.

Can someone be so kind as to point out the problem to me?

I keep getting the message "error message" set from the 'die' function.


<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<input type="text" size="35" name="email" title="Email">
<input id="button" type="submit" name="submit" value="Submit your Email" />

</form>

<?php

$salt = "mysecret";

if(isset($_GET["confirm"]) && isset($_GET["email"])){
$confirm = $_GET["confirm"];
$to_email = $_GET["email"];

if(sha1($salt.$to_email) == $confirm){

echo "Success";

} else{
die("error: mail not confirmed");
}


} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

$confirm_link = $_SERVER["PHP_SELF"]."?confirm=".urlencode(sha1($salt.$to_email))."&mail=".urlencode($to_email);
$msg = "to confirm ... click the link: \n ".$confirm_link;
mail($to_email, "pls confirm your mail", $msg);
} else{
die("error message");
}

?>


 

omoutop




msg:4502853
 7:36 am on Oct 2, 2012 (gmt 0)

Your form action is set to POST while you check for GET variables.

fredfletcher




msg:4503017
 3:07 pm on Oct 2, 2012 (gmt 0)

So, should I change all $_GET to $_POST ?

fredfletcher




msg:4503039
 3:43 pm on Oct 2, 2012 (gmt 0)

Update: I changed all the $_GET to $_POST - it works and sends the email, but when the verification link is clicked, it does not show the echoed "Success" message, but the die("error message"); message. Anything to do with the $salt ?

swa66




msg:4503160
 8:20 pm on Oct 2, 2012 (gmt 0)

Back to basics:

$_POST collects all the variables in a POST request (like your form sends)
$_GET collects all the variables in a GET request (like your verification is sending)

Easiest if you don't want to be bothered with tracking/understanding the difference is to use $_REQUEST which has both the POST and GET variables all in one place.

Alternatively change these two
} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

to
} elseif(isset($_POST["email"])){
$to_email = $_POST["email"];

and it'll work if you leave the others on GET.

Your script is called twice (or more):
  • Once it is processing the POST from the form,
    -> it sends an email with a link to itself (a GET request)
  • once it is processing the GET from the email

fredfletcher




msg:4503164
 8:27 pm on Oct 2, 2012 (gmt 0)

Many thanks (swa66), works beautifully, cheers!

fredfletcher




msg:4503176
 8:50 pm on Oct 2, 2012 (gmt 0)

Question though as to how I can fix another wee problem that arose. If someone clicks on the submit button without entering an email, a dialog box pops up to "save the file". Anything I can do about that?

fredfletcher




msg:4503182
 9:02 pm on Oct 2, 2012 (gmt 0)

when this happened and I did save the file (just to see what the content would be), had this in there:

No recipient addresses found in header
X-Powered-By: PHP/5.2.3-20070601
Content-type: text/html

swa66




msg:4503364
 9:11 am on Oct 3, 2012 (gmt 0)

Input validation is what you need to do.

This is the #1 security vulnerability in all applications out there.

fredfletcher




msg:4503451
 1:45 pm on Oct 3, 2012 (gmt 0)

Thanks. Will a Javascript version work and hide the form in <noscript> if Javascript is disabled?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved