if(isset($_SESSION['contactstatus'])&& $_SESSION['contactstatus']){
echo ' <p>Your request has sent successfully.</p>';
unset($_SESSION['contactstatus']);
}
I want to use session to display messages after the validation of input in the form is done. How to do it or there still need to write any codes in the form?
At first, you have to fill the Session after pass the validation condition.
session_start();
if($validationCondition){
$_SESSION['contactstatus'] = 'Success';
}
Your code is all right, and you only need to print the content of Session
if(isset($_SESSION['contactstatus'])&& $_SESSION['contactstatus']){
echo ' <p>Your request has sent successfully.</p>';
echo 'Content of your SESSION:' . $_SESSION['contactstatus'];
unset($_SESSION['contactstatus']);
}
Related
I am trying to pass data in a form that has code that checks for csrf attacks first and then sends dat using php, but the code always tells me that there is an attack even though there is not attack The code always just executes the error message and the rest of the code is not considered.
php code:
<?php
$csrf_avoid= bin2hex(random_bytes(20));
$_SESSION['auth_token'] = $csrf_avoid;
if (isset($_POST["save_entry"])) {
if ($_POST["auth_token"] !== $csrf_avoid) {
// show an error message
echo '<h1 class="error">Error: invalid form submission</h1><p>Your request was denied as this request could not be verified.</p>';
// return 405 http status code
exit();
}
else{
// do anything here there is no csrf attacks
}
}
?>
html
<input type="hidden" name="auth_token" value="<?php echo $csrf_avoid;?>">
first of, don't generate a token every time, and check the session when submitting :
if(!isset($_SESSION['auth_token'])) {
$csrf_avoid = bin2hex(random_bytes(20));
$_SESSION['auth_token'] = $csrf_avoid;
}
if (isset($_POST["save_entry"])) {
//check the session
if ($_SESSION['auth_token'] !== $csrf_avoid) {
// show an error message
echo '<h1 class="error">Error: invalid form submission</h1><p>Your request was denied as this request could not be verified.</p>';
// return 405 http status code
exit();
}
else {
// do anything here there is no csrf attacks
// you could regenerate token on submit, so the current one becomes invalid
$csrf_avoid = bin2hex(random_bytes(20));
$_SESSION['auth_token'] = $csrf_avoid;
}
}
Also change your input to :
<input type="hidden" name="auth_token" value="<?php echo $_SESSION['auth_token'];?>">
At this moment I have a small contact-box on my page that ask for telephone number.
If no number is entered the form should do nothing. Instead of sending a empty email to my client.
It is not necessary that the form creates a message or something else if the field is empty.
I just want to have extra php code, that makes sure nothings happening if somebody clicks the send button while the field is left empty.
This is my code:
<?php
$EmailFrom = Trim(stripslashes($_POST['email']));
$EmailTo = "INFO#EPIMMO.BE";
$Subject = "Vraagt om hem te bellen - Website Epimmo";
$free = Trim(stripslashes($_POST['free']));
// validation
$validationOK=true;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
exit;
}
// prepare email body text
$Body = "";
$Body .= "Volgend telefoonnummer werd ingevoerd via uw website:";
$Body .= $free;
$Body .= "\n";
// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.epimmo.be/hire-us-phone.php\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>
Thanks for reading and a hopefully a solution ;-)
Kristof
First you can add if condition that will check email or phone number is not blank
and in its not blank then execute next code of sending an email.
if(isset($_POST['email']) && $_POST['email']!="")
{
//write here your code to send an email
}
You can do this with HTML like this:
<input type="number" required></input>
Just after <?php you could add the following code:
if(!isset($_POST['free']) || empty($_POST['free']) {
header('location: /hire-us-phone.php');
exit;
}
header('location: /hire-us-phone.php'); will do a header redirect to /hire-us-phone.php (which is much better than using a meta refresh) and exit; will ensure no code after the header redirect will be run.
To redirect, you should be using:
header("Location: your-url.php");
exit;
This code would need to go before anything is echoed, including whitespace.
Also, what is this code?
// validation
$validationOK=true;
if (!$validationOK) {
Clearly, the if statement will never be false.
You could validate the easy way, such as one big if statement. But a better way is to do something like this:
if($_POST['email'] == ''){
$_SESSION['my_form']['errors']['email'] = 'The email was left blank';
}
if(!empty($_SESSION['my_form']['errors'])){
// redirect & exit here
}
And then on your form page, you can use this session data to display a relevant error to the user:
if(isset($_SESSION['my_form']['errors']['email'])){
// output $_SESSION['my_form']['errors']['email'] here to the user
}
Here, we're presented with the action page, which means something has already happened: The form was submitted, and redirected to the action page.
As #Mohini pointed out, you can test the condition of an empty field on the action page.
But after the submit button is pressed, you can easily use javascript on the form page to test if the required fields are populated.
(plain vanilla javascript)
if(! document.forms['formname']['email'].value == "" ){
document.forms['formname'].sumit();
} else {
// do nohing. Or do something. I don't really care!
}
i have created a contact form using html and php to send the email, when the user fills the forms it just display blank screen
// Let's send the email.
if(!$error) {
//$messages="From: $email <br>";
$messages.="Company Name: $name <br>";
$messages.="Email: $email <br>";
$messages.="Message: $message <br>";
$emailto=$to;
$mail = mail($emailto,$subject,$messages,"from: $from <$Reply>\nReply-To: $Reply \nContent-type: text/html");
if($mail) {
$url = 'index.php?page=process&token=101';
echo "<script language=\"javascript\">
location.href=\"$url\";
</script>";
exit;
}
} else {
echo '<div class="error">'.$error.'</div>';
}
}
want if the user entered all the fields then should send them to index.php?page=process&token=101
Try this instead. There is no sense in echoing out a partial HTML page with a script tag in it when you can redirect them in PHP.
header("Location: $url");
Try this,
echo "<script>
window.location = '$url';
</script>";
I would suggest to go with header(), instead of java script.
In this case instead on JavaScript best practice is use the php function for redirection.
Try this
header("Location: index.php?page=process&token=101");
I have a form where a user is required to enter their full name, contact number and best time to call details. I would like to validate these fields on my web form so that users cannot submit the form without those fields being filled. I have used if(empty($...)) and echoed my error message however, when i try to submit the blank form it doesn't display any of the error messages. How could i resolve this?
CODE
<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/inc/bootstrap.php');
include("config/cn.php");
$template['template'] = "page";
if($_POST)
{
// Data pulled from input form
$full_name = $_POST['full_name'];
if (empty($_POST['full_name']))
{
// Set error and return to form
echo "Field cannot be left blank";
header('Location: /call-back-form.php');
exit;
}
$contact_number = $_POST['contact_number'];
if (empty($_POST['contact_number']))
{
// Set error and return to form
echo "Field cannot be left blank";
header('Location: /call-back-form.php');
exit;
}
$best_time_to_call = $_POST['best_time_to_call'];
if (empty($_POST['best_time_to_call']))
{
// Set error and return to form
echo "Field cannot be left blank";
header('Location: /call-back-form.php');
exit;
}
$enter_sql = "INSERT INTO contact (full_name, contact_number, best_time_to_call)
VALUES('$full_name' , '$contact_number' , '$best_time_to_call')";
/*print($enter_sql);*/
$enter_query = mysql_query($enter_sql) or die(mysql_error());
header('Location: /thankyou.php');
exit;
}
?>
Well, there is an error in logic. You are doing an echo then header. Which means it shows the message and returns them to the previous page faster than they can see the message. Is this really what you wanted to do?
You should probably either post the form to itself and just just echo without the header where you want the errors displayed, or implement javascript form validation.
Also, you could use
<?
header('Location: /call-back-form.php?message=Error');
?>
And then in call-back-form.php user
<?
echo $_GET['message'];
?>
where needed
This question already has answers here:
Redirecting to the referrer on form submission
(2 answers)
Closed 9 years ago.
I'm trying to redirect my customers back to my original home page after they successfully enter their contact information. How would I do that with the following PHP form? Thanks in advance for all your help!
<?php
// Receive form's subject value into php $subject variable
$subject =$_REQUEST['subject'];
// Receive form's message value into php $message variable
$message=$_REQUEST['message'];
// Receive form's sender name value into php $sender variable
$sender=$_REQUEST['name'];
// Receive form's user email value into php $user_email variable
$user_email=$_REQUEST['email'];
// the email address where the message will be sent
$TO ="ttdthemes#gmail.com";
$send_email=mail($TO,$subject,$message,"From: ".$sender."<".$user_email.">");
// To check email has been sent or not
if($send_email)
{
echo "Your E-mail has been sent !";
}
else
{
echo "E-mail sent was failed !";
}
?>
To redirect you can use:
header("Location: yourpage.php");
to redirect to the page you want
Just use header function of php
// To check email has been sent or not
if($send_email)
{
header('location:youwebsitehomepahe.php');
}
else
{
echo "E-mail sent was failed !";
}
There are some other similar postings you can refer
How to redirect if user already logged in