wordpress - frontend post form issue - php

I have a post form on front end where users can post (post_type = product) from the form. As a part of it I have tried implementing few server side validations as in below code. The issue is that the validations are all working fine but the data is getting saved on form submission even when the validation fails.
Ideally the form submission should fail when there is a field validation failure.
I am not sure if $hasError = true is working or not, there might be a very simple logic I am missing which I am not getting. Any help regarding this?
Thanks in advance.
$postTitleError = '';
if (isset($_POST['submitted']) && isset($_POST['post_nonce_field']) && wp_verify_nonce($_POST['post_nonce_field'], 'post_nonce')) {
if (trim($_POST['postTitle']) === '') {
$postTitleError = 'msg 1';
$hasError = true;
}
if (trim($_POST['postCat1']) === '') {
$postTitleError = 'msg2';
$hasError = true;
}
if (trim($_POST['postPrice']) === '') {
$postTitleError = 'msg3';
$hasError = true;
}
if (trim($_POST['postTime']) === '') {
$postTitleError = 'msg4';
$hasError = true;
}
if (trim($_POST['postTimeMin']) === '') {
$postTitleError = 'msg5';
$hasError = true;
}
if (trim($_POST['postContent']) === '') {
$postTitleError = 'msg6';
$hasError = true;
}

<?php
//$postTitleError = '';
$resultArr = array();
$error_msg = false;
if (isset($_POST['submitted']) && isset($_POST['post_nonce_field']) && wp_verify_nonce($_POST['post_nonce_field'], 'post_nonce')) {
if (isset($_POST['postTitle']) && !empty($_POST["postTitle"])) {
//$postTitleError = 'msg 1';
//$hasError = true;
$postTitle=$_POST['postTitle'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postTitle']= "msg 1";
$error_msg = true;
}
if (isset($_POST['postCat1']) && !empty($_POST["postCat1"]) ) {
// $postTitleError = 'msg2';
// $hasError = true;
$postCat1=$_POST['postCat1'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postCat1']= "msg2";
$error_msg = true;
}
if (isset($_POST['postPrice']) && !empty($_POST["postPrice"]) ) {
// $postTitleError = 'msg3';
//$hasError = true;
$postPrice=$_POST['postPrice'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postPrice']= "msg3";
$error_msg = true;
}
if (isset($_POST['postTime']) && !empty($_POST["postTime"]) ) {
//$postTitleError = 'msg4';
//$hasError = true;
$postTime=$_POST['postTime'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postTime']= "msg4";
$error_msg = true;
}
if (isset($_POST['postTimeMin']) && !empty($_POST["postTimeMin"]) ) {
// $postTitleError = 'msg5';
// $hasError = true;
$postTimeMin=$_POST['postTimeMin'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postTimeMin']= "msg5";
$error_msg = true;
}
if (isset($_POST['postContent']) && !empty($_POST["postContent"]) ) {
//$postTitleError = 'msg6';
// $hasError = true;
$postContent=$_POST['postContent'];
}
else
{
$resultArr['status'] = 'failure';
$resultArr['error_msg_postContent']= "msg6";
$error_msg = true;
}
if($error_msg == false)
{
//here publish post code
}
else
{
//here Error message prine
}
?>

Related

check validate OpenCart

I am trying to check on validate. in PrestaShop i do it this way:
if (empty($email)) {
$this->errors[] = Tools::displayError('Email is empty.');
$this->doLog('ERROR: Email/username is empty');
} elseif (!Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid email address.');
$this->doLog('ERROR: Invalid Email address');
}
Does anyone have any idea how to do this in OpenCart?
Thanks
open this file for example:
catalog/controller/information/contact.php
you will see validate function:
protected function validate() {
if ((utf8_strlen($this->request->post['name']) < 3) || (utf8_strlen($this->request->post['name']) > 32)) {
$this->error['name'] = $this->language->get('error_name');
}
if (!filter_var($this->request->post['email'], FILTER_VALIDATE_EMAIL)) {
$this->error['email'] = $this->language->get('error_email');
}
if ((utf8_strlen($this->request->post['enquiry']) < 10) || (utf8_strlen($this->request->post['enquiry']) > 3000)) {
$this->error['enquiry'] = $this->language->get('error_enquiry');
}
// Captcha
if ($this->config->get($this->config->get('config_captcha') . '_status') && in_array('contact', (array)$this->config->get('config_captcha_page'))) {
$captcha = $this->load->controller('extension/captcha/' . $this->config->get('config_captcha') . '/validate');
if ($captcha) {
$this->error['captcha'] = $captcha;
}
}
return !$this->error;
}
In that file, you can also see how this function is used:
if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {

how to add form validation rule in this script

hello i've learned about codeigniter form validation and i see on this tutorial script form validation like this
private function _validate(){
$data = array();
$data['error_string'] = array();
$data['inputerror'] = array();
$data['status'] = TRUE;
if($this->input->post('post_nama') == ''){
$data['inputerror'][] = 'post_nama';
$data['error_string'][] = 'Nama harus diisi';
$data['status'] = FALSE;
}
if($this->input->post('post_jk') == ''){
$data['inputerror'][] = 'post_jk';
$data['error_string'][] = 'Jenis Kelamin harus diisi';
$data['status'] = FALSE;
}
if($this->input->post('post_alamat') == ''){
$data['inputerror'][] = 'post_alamat';
$data['error_string'][] = 'Alamat harus diisi';
$data['status'] = FALSE;
}
if($data['status'] === FALSE){
echo json_encode($data);
exit();
}
}
my question is, if i want to use limited_number or max_length in that script, where i can place it?
if( validation ){
$data['inputerror'][] = '';
$data['error_string'][] = '';
$data['status'] = FALSE;
}
Add youself validation

Header location not working on live server but works on localhost [duplicate]

This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 8 years ago.
Header location not working on live server but works on localhost.
This code worked until last week, but it does not work anymore.
So, I have started testing on localhost. It is working as before.
I tried to add "ob_start()" on the top of the code; not working.
Please review this code and comment.
<?php session_start();
$fnameErr ="";
$lnameErr ="";
$emailErr ="";
$phoneErr = "";
$dateErr = "";
$timeErr = "";
$errMsg = "";
$area = "";
$local3 = "";
$local4 = "";
$cust_info = "";
$charOnly = "/^[a-z]+[a-z]$/i";
$reg_email = "/^[^0-9~!##$%^&*()_+=?.,][a-z0-9_]+([.][a-z0-9_]+)*[#][a-z0-9_]+([.][a-z0-9_]+)*[.][a-z]{2,3}$/i";
$reg_phone = "/^(\d{3}+\d{3}+\d{4}|\d{3}\d{3}+[\s]{1}+\d{4}|\d{3}+[\s]{1}+\d{3}+[\s]{1}+\d{4}||\d{3}+[-]{1}+\d{3}+[-]{1}+\d{4}|\d{3}+[\s]{1}+\d{7}|\(\d{3}\)\s{1}\d{3}[\s-]{1}\d{4})$/";/*"/^(\d{3}|[(]\d{3}[)]|\d{3}[)])[ -]*\d{3}[ -]*\d{4}$/";*/
$dataValid = true;
$phone = $area .''. $local3 .''. $local4;
$phoneValid = true;
// If submit with POST
if ($_POST) {
$errMsg = "Debugging";
$area = $_POST['c_area'];
$local3 = $_POST['c_local3'];
$local4 = $_POST['c_local4'];
$cust_info = array( "first" => $_POST['c_fname'],
"last" => $_POST['c_lname'],
"email" => $_POST['c_email'],
"phone" => array("area"=> $area,
"mid" => $local3,
"last" => $local4),
"date" => $_POST['c_date'],
"time" => $_POST['c_time']);
// Test for nothing entered in field
if ($_POST['c_fname'] == "") {
$fnameErr = "Please enter your first name.";
$dataValid = false;
}
else {
if ( preg_match($charOnly, $_POST['c_fname']) )
{
$fnameErr = "";
} else {
$fnameErr = "This is an invalid name.";
$dataValid = false;
}
}
if ($_POST['c_lname'] == "") {
$lnameErr = "Please enter your last name.";
$dataValid = false;
}
else {
if ( preg_match($charOnly, $_POST['c_lname']) )
{
$lnameErr = "";
} else {
$lnameErr = "This is an invalid name.";
$dataValid = false;
}
}
if ($_POST['c_email'] == "") {
$emailErr = "Please enter E-mail address.";
$dataValid = false;
}
else {
if ( preg_match($reg_email, $_POST['c_email']) )
{
$emailMsg = "";
} else {
$emailMsg = "E-mail is not Valid.";
$dataValid = false;
}
}
if ($_POST['c_area'] == "") {
$phoneErr = "Please enter phone number.";
$dataValid = false;
$phoneValid = false;
}
if ($_POST['c_local3'] == "") {
$phoneErr = "Please enter phone number.";
$dataValid = false;
$phoneValid = false;
}
if ($_POST['c_local4'] == "") {
$phoneErr = "Please enter phone number.";
$dataValid = false;
$phoneValid = false;
}
if( $phoneValid ) {
$phone = $area . "" . $local3 . "" .$local4;
if ( preg_match($reg_phone, $phone) ) {
$phoneErr = "";
} else {
$phoneErr = "Phone number is not Valid.";
$dataValid = false;
}
} else {
$area = "";
$local3 = "";
$local4 = "";
$phone = "";
}
if ($_POST['c_date'] == "") {
$dateErr = "Please choose a date.";
$dataValid = false;
}
if ($_POST['c_time'] == "" || $_POST['c_time'] == "Morning" || $_POST['c_time'] == "Afternoon") {
$timeErr = "Please choose a time.";
$dataValid = false;
} else {
if ("07:00" == $_POST['c_time']){
$Checked0700 = 'selected';
}
else if ("07:30" == $_POST['c_time']){
$Checked0730 = 'selected';
}
else if ("08:00" == $_POST['c_time']){
$Checked0800 = 'selected';
}
else if ("08:30" == $_POST['c_time']){
$Checked0830 = 'selected';
}
else if ("09:00" == $_POST['c_time']){
$Checked0900 = 'selected';
}
else if ("09:30" == $_POST['c_time']){
$Checked0930 = 'selected';
}
else if ("10:00" == $_POST['c_time']){
$Checked1000 = 'selected';
}
else if ("10:30" == $_POST['c_time']){
$Checked1030 = 'selected';
}
else if ("11:00" == $_POST['c_time']){
$Checked1100 = 'selected';
}
else if ("11:30" == $_POST['c_time']){
$Checked1130 = 'selected';
}
else if ("12:00" == $_POST['c_time']){
$Checked1200 = 'selected';
}
else if ("12:30" == $_POST['c_time']){
$Checked1230 = 'selected';
}
else if ("13:00" == $_POST['c_time']){
$Checked1300 = 'selected';
}
else if ("13:30" == $_POST['c_time']){
$Checked1330 = 'selected';
}
else if ("14:00" == $_POST['c_time']){
$Checked1400 = 'selected';
}
else if ("14:30" == $_POST['c_time']){
$Checked1430 = 'selected';
}
else if ("15:00" == $_POST['c_time']){
$Checked1530 = 'selected';
}
else if ("15:30" == $_POST['c_time']){
$Checked1530 = 'selected';
}
else if ("16:00" == $_POST['c_time']){
$Checked1600 = 'selected';
}
else if ("16:30" == $_POST['c_time']){
$Checked1630 = 'selected';
}
else if ("17:00" == $_POST['c_time']){
$Checked1700 = 'selected';
}
else if ("after" == $_POST['c_time']){
$Checkedafter = 'selected';
}
}
}
if ($_POST && $dataValid) {
$_SESSION['token1'] = "ok";
$_SESSION['cust'] = $cust_info;
header('Location:innout-booking-step2.php');
exit();
?>
I also faced such problem so I tried following steps to resolve it.
1. Remove or comment spaces, echos, print_r, error reporting before calling header location.
2. Remove spaces after php end tag (after ?> )
3. Modify header location syntax for this what I generally do is open w3schools copy header location syntax and paste it. In your case you should try to change your header code as
header('Location: innout-booking-step2.php'); (space after : )

PHP - Final input-validate

i am validating three types of input(string,email,url):
string-validating:
if ($_POST['string'] != "") {
$string = filter_var($_POST['string'], FILTER_SANITIZE_STRING);
if ($string != "") {
// valid
} else {
// not valid
}
} else {
// empty
}
email-validating:
if ($_POST['email'] != "") {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
// valid
} else {
// not valid
} else {
// empty
}
url-validating:
if ($_POST['url'] != "") {
$url = filter_var($_POST['url'], FILTER_SANITIZE_URL);
if (filter_var($url, FILTER_VALIDATE_URL)) {
// valid
} else {
// not valid
}
} else {
// empty
}
After doing this checks i use PDO - Prepared statements to inserate in database.
You think this is secure enough or did i missed some points?
Hope for your answers, thanks and greetings!

giving a error while calling a function in php that variable is undefined

I m using the following code in a PHP script I am trying to call a set of code through function calling(). When I call that function and run that script if shows me the error that the variable $querydigit is undefined.
Can any body tell me how I can call that set of code where I want it.
<?php
//$querynum = $_SERVER['QUERY_STRING'];
function calling()
{
if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==1)) {$photoname = '1'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==2)) {$photoname = '2'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==3)) {$photoname = '3'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==4)) {$photoname = '4'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==5)) {$photoname = '5'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==6)) {$photoname = '6'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==7)) {$photoname = '7'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==8)) {$photoname = '8'; }
}
if(isset($_GET['1']))
{
$querydigit = 1;
$photoseries = 8;
$foldername = 'founder';
calling();
}
else if(isset($_GET['2']))
{
$querydigit = '2';
$photoseries = 8;
$foldername = 'founder';
calling;
}
}
?>
$querydigit is not defined within function's scope.
You can fix it in following way:
function calling($querydigit) {
and then call your function like this:
calling($querydigit);
Here is your code fixed:
<?php
//$querynum = $_SERVER['QUERY_STRING'];
function calling($querydigit)
{
if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==1)) {$photoname = '1'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==2)) {$photoname = '2'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==3)) {$photoname = '3'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==4)) {$photoname = '4'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==5)) {$photoname = '5'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==6)) {$photoname = '6'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==7)) {$photoname = '7'; }
else if(isset($_GET[$querydigit]) && ($_GET[$querydigit]==8)) {$photoname = '8'; }
}
if(isset($_GET['1']))
{
$querydigit = 1;
$photoseries = 8;
$foldername = 'founder';
calling($querydigit);
}
else if(isset($_GET['2']))
{
$querydigit = '2';
$photoseries = 8;
$foldername = 'founder';
calling($querydigit);
}
?>

Categories