Welcome to WebmasterWorld Guest from 54.205.20.160

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Form error in verification code to be sent

Verification code is not being sent

   
1:02 am on Oct 2, 2012 (gmt 0)



Hello, I have been scratching my head for almost 2 hours now, trying to figure out what's wrong with my code.

The form below is supposed to take someone's email address, and an email to be sent for verification.

Can someone be so kind as to point out the problem to me?

I keep getting the message "error message" set from the 'die' function.


<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<input type="text" size="35" name="email" title="Email">
<input id="button" type="submit" name="submit" value="Submit your Email" />

</form>

<?php

$salt = "mysecret";

if(isset($_GET["confirm"]) && isset($_GET["email"])){
$confirm = $_GET["confirm"];
$to_email = $_GET["email"];

if(sha1($salt.$to_email) == $confirm){

echo "Success";

} else{
die("error: mail not confirmed");
}


} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

$confirm_link = $_SERVER["PHP_SELF"]."?confirm=".urlencode(sha1($salt.$to_email))."&mail=".urlencode($to_email);
$msg = "to confirm ... click the link: \n ".$confirm_link;
mail($to_email, "pls confirm your mail", $msg);
} else{
die("error message");
}

?>

7:36 am on Oct 2, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Your form action is set to POST while you check for GET variables.
3:07 pm on Oct 2, 2012 (gmt 0)



So, should I change all $_GET to $_POST ?
3:43 pm on Oct 2, 2012 (gmt 0)



Update: I changed all the $_GET to $_POST - it works and sends the email, but when the verification link is clicked, it does not show the echoed "Success" message, but the die("error message"); message. Anything to do with the $salt ?
8:20 pm on Oct 2, 2012 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Back to basics:

$_POST collects all the variables in a POST request (like your form sends)
$_GET collects all the variables in a GET request (like your verification is sending)

Easiest if you don't want to be bothered with tracking/understanding the difference is to use $_REQUEST which has both the POST and GET variables all in one place.

Alternatively change these two
} elseif(isset($_GET["email"])){
$to_email = $_GET["email"];

to
} elseif(isset($_POST["email"])){
$to_email = $_POST["email"];

and it'll work if you leave the others on GET.

Your script is called twice (or more):
  • Once it is processing the POST from the form,
    -> it sends an email with a link to itself (a GET request)
  • once it is processing the GET from the email
8:27 pm on Oct 2, 2012 (gmt 0)



Many thanks (swa66), works beautifully, cheers!
8:50 pm on Oct 2, 2012 (gmt 0)



Question though as to how I can fix another wee problem that arose. If someone clicks on the submit button without entering an email, a dialog box pops up to "save the file". Anything I can do about that?
9:02 pm on Oct 2, 2012 (gmt 0)



when this happened and I did save the file (just to see what the content would be), had this in there:

No recipient addresses found in header
X-Powered-By: PHP/5.2.3-20070601
Content-type: text/html
9:11 am on Oct 3, 2012 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Input validation is what you need to do.

This is the #1 security vulnerability in all applications out there.
1:45 pm on Oct 3, 2012 (gmt 0)



Thanks. Will a Javascript version work and hide the form in <noscript> if Javascript is disabled?
 

Featured Threads

Hot Threads This Week

Hot Threads This Month