Welcome to WebmasterWorld Guest from 50.17.114.227

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Form error in verification code to be sent

Verification code is not being sent

     
1:02 am on Oct 2, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 4, 2011
posts: 73
votes: 0


Hello, I have been scratching my head for almost 2 hours now, trying to figure out what's wrong with my code.

The form below is supposed to take someone's email address, and an email to be sent for verification.

Can someone be so kind as to point out the problem to me?

I keep getting the message "error message" set from the 'die' function.


<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<input type="text" size="35" name="email" title="Email">
<input id="button" type="submit" name="submit" value="Submit your Email" />

</form>

<?php

$salt = "mysecret";

if(isset($_GET["confirm"]) && isset($_GET["email"])){
$confirm = $_GET["confirm"];
$to_email = $_GET["email"];

if(sha1($salt.$to_email) == $confirm){

echo "Success";

} else{
die("error: mail not confirmed");
}


} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

$confirm_link = $_SERVER["PHP_SELF"]."?confirm=".urlencode(sha1($salt.$to_email))."&mail=".urlencode($to_email);
$msg = "to confirm ... click the link: \n ".$confirm_link;
mail($to_email, "pls confirm your mail", $msg);
} else{
die("error message");
}

?>

7:36 am on Oct 2, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 15, 2004
posts:941
votes: 0


Your form action is set to POST while you check for GET variables.
3:07 pm on Oct 2, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 4, 2011
posts: 73
votes: 0


So, should I change all $_GET to $_POST ?
3:43 pm on Oct 2, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 4, 2011
posts: 73
votes: 0


Update: I changed all the $_GET to $_POST - it works and sends the email, but when the verification link is clicked, it does not show the echoed "Success" message, but the die("error message"); message. Anything to do with the $salt ?
8:20 pm on Oct 2, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


Back to basics:

$_POST collects all the variables in a POST request (like your form sends)
$_GET collects all the variables in a GET request (like your verification is sending)

Easiest if you don't want to be bothered with tracking/understanding the difference is to use $_REQUEST which has both the POST and GET variables all in one place.

Alternatively change these two
} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

to
} elseif(isset($_POST["email"])){
$to_email = $_POST["email"];

and it'll work if you leave the others on GET.

Your script is called twice (or more):
  • Once it is processing the POST from the form,
    -> it sends an email with a link to itself (a GET request)
  • once it is processing the GET from the email
8:27 pm on Oct 2, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 4, 2011
posts: 73
votes: 0


Many thanks (swa66), works beautifully, cheers!
8:50 pm on Oct 2, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 4, 2011
posts: 73
votes: 0


Question though as to how I can fix another wee problem that arose. If someone clicks on the submit button without entering an email, a dialog box pops up to "save the file". Anything I can do about that?
9:02 pm on Oct 2, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 4, 2011
posts: 73
votes: 0


when this happened and I did save the file (just to see what the content would be), had this in there:

No recipient addresses found in header
X-Powered-By: PHP/5.2.3-20070601
Content-type: text/html
9:11 am on Oct 3, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


Input validation is what you need to do.

This is the #1 security vulnerability in all applications out there.
1:45 pm on Oct 3, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 4, 2011
posts: 73
votes: 0


Thanks. Will a Javascript version work and hide the form in <noscript> if Javascript is disabled?