homepage Welcome to WebmasterWorld Guest from 174.129.76.87
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Form error in verification code to be sent
Verification code is not being sent
fredfletcher



 
Msg#: 4502767 posted 1:02 am on Oct 2, 2012 (gmt 0)

Hello, I have been scratching my head for almost 2 hours now, trying to figure out what's wrong with my code.

The form below is supposed to take someone's email address, and an email to be sent for verification.

Can someone be so kind as to point out the problem to me?

I keep getting the message "error message" set from the 'die' function.


<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<input type="text" size="35" name="email" title="Email">
<input id="button" type="submit" name="submit" value="Submit your Email" />

</form>

<?php

$salt = "mysecret";

if(isset($_GET["confirm"]) && isset($_GET["email"])){
$confirm = $_GET["confirm"];
$to_email = $_GET["email"];

if(sha1($salt.$to_email) == $confirm){

echo "Success";

} else{
die("error: mail not confirmed");
}


} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

$confirm_link = $_SERVER["PHP_SELF"]."?confirm=".urlencode(sha1($salt.$to_email))."&mail=".urlencode($to_email);
$msg = "to confirm ... click the link: \n ".$confirm_link;
mail($to_email, "pls confirm your mail", $msg);
} else{
die("error message");
}

?>


 

omoutop

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4502767 posted 7:36 am on Oct 2, 2012 (gmt 0)

Your form action is set to POST while you check for GET variables.

fredfletcher



 
Msg#: 4502767 posted 3:07 pm on Oct 2, 2012 (gmt 0)

So, should I change all $_GET to $_POST ?

fredfletcher



 
Msg#: 4502767 posted 3:43 pm on Oct 2, 2012 (gmt 0)

Update: I changed all the $_GET to $_POST - it works and sends the email, but when the verification link is clicked, it does not show the echoed "Success" message, but the die("error message"); message. Anything to do with the $salt ?

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4502767 posted 8:20 pm on Oct 2, 2012 (gmt 0)

Back to basics:

$_POST collects all the variables in a POST request (like your form sends)
$_GET collects all the variables in a GET request (like your verification is sending)

Easiest if you don't want to be bothered with tracking/understanding the difference is to use $_REQUEST which has both the POST and GET variables all in one place.

Alternatively change these two
} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

to
} elseif(isset($_POST["email"])){
$to_email = $_POST["email"];

and it'll work if you leave the others on GET.

Your script is called twice (or more):
  • Once it is processing the POST from the form,
    -> it sends an email with a link to itself (a GET request)
  • once it is processing the GET from the email

fredfletcher



 
Msg#: 4502767 posted 8:27 pm on Oct 2, 2012 (gmt 0)

Many thanks (swa66), works beautifully, cheers!

fredfletcher



 
Msg#: 4502767 posted 8:50 pm on Oct 2, 2012 (gmt 0)

Question though as to how I can fix another wee problem that arose. If someone clicks on the submit button without entering an email, a dialog box pops up to "save the file". Anything I can do about that?

fredfletcher



 
Msg#: 4502767 posted 9:02 pm on Oct 2, 2012 (gmt 0)

when this happened and I did save the file (just to see what the content would be), had this in there:

No recipient addresses found in header
X-Powered-By: PHP/5.2.3-20070601
Content-type: text/html

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4502767 posted 9:11 am on Oct 3, 2012 (gmt 0)

Input validation is what you need to do.

This is the #1 security vulnerability in all applications out there.

fredfletcher



 
Msg#: 4502767 posted 1:45 pm on Oct 3, 2012 (gmt 0)

Thanks. Will a Javascript version work and hide the form in <noscript> if Javascript is disabled?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved