I have a login system in my site. in which session starts when user login. when a user sign up his information is stored in userdb.php .now i want to store point of the user when he clicks link www.stackoverflow.com and save it to my database or userdb.php.and again display point.
my sign up code are
<?php
if (session_id() == "")
{
session_start();
}
$database = './usersdb.php';
$success_page = './Inside.php';
$error_message = "";
if (!file_exists($database))
{
die('User database not found!');
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$newfullname = $_POST['fullname'];
$code = 'NA';
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!preg_match("/^[A-Za-z0-9_!#$]{1,50}$/", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!preg_match("/^[A-Za-z0-9_!#$]{1,50}$/", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!preg_match("/^[A-Za-z0-9_!#$.' &]{1,50}$/", $newfullname))
{
$error_message = 'Fullname is not valid, please check and try again!';
}
else
if (!preg_match("/^.+#.+\..+$/", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
else
if (isset($_POST['captcha'],$_SESSION['random_txt']) && md5($_POST['captcha']) == $_SESSION['random_txt'])
{
unset($_POST['captcha'],$_SESSION['random_txt']);
}
else
{
$error_message = 'The entered code was wrong.';
}
$items = file($database, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach($items as $line)
{
list($username, $password, $email, $fullname) = explode('|', trim($line));
if ($newusername == $username)
{
$error_message = 'Username already used. Please select another username.';
break;
}
}
if (empty($error_message))
{
$file = fopen($database, 'a');
fwrite($file, $newusername);
fwrite($file, '|');
fwrite($file, md5($newpassword));
fwrite($file, '|');
fwrite($file, $newemail);
fwrite($file, '|');
fwrite($file, $newfullname);
fwrite($file, '|1|');
fwrite($file, $code);
fwrite($file, "\r\n");
fclose($file);
$subject = 'Your new account';
$message = 'A new account has been setup.';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$header = "From: webmaster#yourwebsite.com"."\r\n";
$header .= "Reply-To: webmaster#yourwebsite.com"."\r\n";
$header .= "MIME-Version: 1.0"."\r\n";
$header .= "Content-Type: text/plain; charset=utf-8"."\r\n";
$header .= "Content-Transfer-Encoding: 8bit"."\r\n";
$header .= "X-Mailer: PHP v".phpversion();
mail($newemail, $subject, $message, $header);
header('Location: '.$success_page);
exit;
}
}
?>
Please help me.....
You could try it by using ajax..if you want save points..
like you have a link
www.stackoverflow.com
Now in your js file:
$('#stack-overflow').on('click', function() {
count = 1//how many points you want to assign
//send a ajax
$.ajax({
url:'usersdb.php',
type:'GET'
dataType: 'json'
data: {
points: count,
},
success: function(resp){
$('#stack-overflow').href='www.stackoverflow.com';
//now triggered this link
$('#stack-overflow').click();
//or what ever msg you want to display
});
});
//Now u can get $_POST values in your usersdb.php and save it
if there is another issue the please confirm...and tell me what actually you want.
Thanks.
To store values in session you can just use the below syntax
$_SESSION['Desired variable name'] = value;
Related
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 5 years ago.
I have read several answers and questions, however, I still cannot seem to get my header() to work. This is just a simple contact form, and This is my last step to send guests to a thankyou page. What am I missing.
<?php
$fname = $lname = $cname = $email = $budget = $services = "";
$error_counter = 0;
$error_report = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (empty($_POST['fname'])) {
$fname_error = 'Please provide your first name.';
$error_counter++;
} else {
$fname = test_input($_POST['fname']);
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$fnameErr = "Only letters and white space allowed";
$error_counter++;
}
}
if (empty($_POST['lname'])) {
$lname_error = 'Please provide your last name.';
$error_counter++;
} else {
$lname = test_input($_POST['lname']);
if (!preg_match("/[a-zA-Z \.]/",$lname)) {
$lnameErr = "Only letters and white space allowed";
$error_counter++;
}
}
if (empty($_POST['cname'])) {
$cname = '';
} else {
$cname = test_input($_POST['cname']);
if (!preg_match("/^[a-zA-Z0-9 \.]*$/",$cname)) {
$cnameErr = "Only letters and white space allowed";
$error_counter++;
}
}
if (empty($_POST['phone'])) {
$phone = '';
} else {
$phone = test_input($_POST['phone']);
if (!preg_match("/^[()\-0-9 \.]*$/",$phone)) {
$phoneErr = "Please use only the following: ( ) - . 0-9.";
$error_counter++;
}
}
if (empty($_POST['email'])) {
$email_error = 'Please provide an email so that I can get back in touch with you.';
$error_counter++;
} else {
$email = test_input($_POST['email']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { //validate email
$emailErr = "Invalid email format";
$error_counter++;
}
}
if (empty($_POST['budget'])) {
$budget_error = 'Please provide an estimated budget.';
$error_counter++;
} else {
$budget = test_input($_POST['budget']);
}
if (empty($_POST['textarea'])) {
$textarea = '';
} else {
$textarea = test_input($_POST['textarea']);
}
if (isset($_POST['new-website'])) {
$services = $services."New Website<br>";
}
if (isset($_POST['website-redesign'])) {
$services = $services."Website Re-design<br>";
}
if (isset($_POST['mobile-website'])) {
$services = $services."Mobile Website<br>";
}
if (isset($_POST['online-resume'])) {
$services = $services."Online Resume<br>";
}
if (isset($_POST['non-profit-website'])) {
$services = $services."Non-profit Website<br>";
}
if (isset($_POST['seo'])) {
$services = $services."SEO<br>";
}
if (isset($_POST['google-adwords'])) {
$services = $services."Google AdWords<br>";
}
if (isset($_POST['graphics-design'])) {
$services = $services."Graphics Design<br>";
}
if (isset($_POST['other'])) {
$services = $services."Other<br>";
}
$fname = test_input($_POST['fname']);
$lname = test_input($_POST['lname']);
$cname = test_input($_POST['cname']);
$phone = test_input($_POST['phone']);
$email = test_input($_POST['email']);
$budget = test_input($_POST['budget']);
$textarea = test_input($_POST['textarea']);
if ($error_counter == 0) {
$to = "dpeaches96#gmail.com";
$subject = "Website Contact Peachwebdev";
$name_final = "Name: ".$fname." ".$lname."<br><br>";
$company_final = "Company: ".$cname."<br><br>";
$phone_final = "Phone Number: ".$phone."<br><br>";
$email_final = "Email: ".$email."<br><br>";
$budget_final = "Est. Budget: ".$budget."<br><br>";
$services_final = "Services: <br>".$services."<br><br>";
$textarea_final = "Comments: ".$textarea."<br><br>";
$message = $name_final.$company_final.$phone_final.$email_final.$budget_final.$services_final.$textarea_final;
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: '.$email;
mail($to,$subject,$message,$headers);
header("Location: http://www.peachwebdev.com/pages/thankyou.html");
exit;
} else {
echo '<script type="text/javascript"> alert(\'There were errors in your form. Please try again.\'); </script>';
$error_report = "<div class='alert alert-danger'>There were errors in your form, please correct and submit again.</div>";
}
}
function test_input($data) {
$data = htmlspecialchars($data);
$data = trim($data);
$data = stripslashes($data);
return $data;
}
?>
And I am aware that my code can probably made better, so if there are suggestions on simplifying or condensing, I would gladly appreciate it!
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP.
Refer the documentation.
One way to test is replace the call to header() in your code with a simple echo with some custom string (say 'XYZXYZ'). Then look at the raw output and check if there are any characters before this string.
I have a reset password link that seemingly won't process $_GET('variable'). The forgot password form:
<?php
$error = $email = "";
if (isset($_POST['email']))
{
$email = sanitizeString($_POST['email']);
$com_code = md5(uniqid(rand()));
if ($email == "")
$error = "Not all fields were entered<br>";
else if (!filter_var($email, FILTER_VALIDATE_EMAIL))
$error='Email is invalid';
else
{
$resultE = queryMySQL("SELECT email FROM users WHERE email='$email'");
if ($resultE->num_rows == 0)
{
$error = "<span class='error'>Email
error</span><br><br>";
}else
{
queryMysql("UPDATE users SET com_code='$com_code' WHERE email='$email'");
$mail_to = $email;
$subject = 'Reset your password ';
$body_message = 'Please click on this link to reset password ';
$body_message .= 'Activate';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$mail_status = mail($mail_to, $subject, $body_message, $headers);
if(isset($_SESSION['url']))
$url = $_SESSION['url'];
else
$url = "../../index.php";
header("Location:$url");
}
}
}
?>
The reset password form:
<?php
$error = $pass ="";
if (isset($_POST['pass']))
{
$pass = sanitizeString($_POST['pass']);
$salt1 = "qm&h*";
$salt2 = "pg!#";
$token = hash('ripemd128', "$salt1$pass$salt2");
$passkey = $_GET['passkey'];
if ($pass == "")
$error = "Enter all fields";
//put if else statements here
else if (preg_match("/[^a-zA-Z0-9_-]/", $pass)){
$error='Remove spaces,numbers,special characters';
}
else
{
$resultpassw = queryMysql("SELECT * FROM users WHERE com_code='$passkey' ");
if ($resultpassw->num_rows == 0)
$error = " ✘ Confirmation not sent";
else
{
queryMysql("UPDATE users SET pass='$token', updated=CURRENT_TIMESTAMP WHERE com_code='$passkey'");
header("Location:../../profile.php");
}
}
}
?>
The error that keeps occurring is the 'confirmation not sent' implying that the table 'users' has no com_code inserted previously, but when I look at the table via phpmyadmin the com_code is there. Where I'm I going wrong
In forgot passaword form try below.
<?php
$error = $email = "";
if (isset($_POST['email']))
{
$email = sanitizeString($_POST['email']);
$com_code = md5(uniqid(rand()));
if ($email == "")
$error = "Not all fields were entered<br>";
else if (!filter_var($email, FILTER_VALIDATE_EMAIL))
$error='Email is invalid';
else
{
$resultE = queryMySQL("SELECT email FROM users WHERE email='$email'");
if ($resultE->num_rows == 0)
{
$error = "<span class='error'>Email
error</span><br><br>";
}else
{
queryMysql("UPDATE users SET com_code='$com_code' WHERE email='$email'");
$mail_to = $email;
$subject = 'Reset your password ';
$body_message = 'Please click on this link to reset password ';
$body_message .= 'Activate';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$mail_status = mail($mail_to, $subject, $body_message, $headers);
if(isset($_SESSION['url']))
$url = $_SESSION['url'];
else
$url = "../../index.php";
header("Location:$url");
}
}
}
?>
I changed one line here.
$body_message .= 'Activate';
As $com_code is dynamic value so you need to pass it in way, so php can fetch its value, and not take it as a static value.
Think I'll just use sessions. forgot_pass.php:
$com_code = md5(uniqid(rand()));
$_SESSION["com_code_sesh"] = $com_code;
reset_pass.php:
$passkey = $_SESSION["com_code_sesh"];
I am new to PHP and currently getting back to HTML. I have made a form and have the data sent and validated by PHP but I am trying to send the email to myself only after the data had been validated and is correct. Currently if the page is loaded I think it send an email and it will send whenever I hit submit without the data being correct.
Here is where I validate the data:
<?php
//Set main variables for the data.
$fname = $lname = $email = $subject = $website = $likedsite = $findoption = $comments = "";
//Set the empty error variables.
$fnameErr = $lnameErr = $emailErr = $subjectErr = $commentsErr = $websiteErr = $findoptionErr = "";
//Check to see if the form was submitted.
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
//Check the 'First Name' field.
if (empty($_POST["fname"]))
{
$fnameErr = "First Name is Required.";
}
else
{
$fname = validate_info($_POST["fname"]);
}
//Check the 'Last Name' field.
if (empty($_POST["lname"]))
{
$lnameErr = "Last Name is Required.";
}
else
{
$lname = validate_info($_POST["lname"]);
}
//Check the 'E-Mail' field.
if (empty($_POST["email"]))
{
$emailErr = "E-Mail is Required.";
}
else
{
$email = validate_info($_POST["email"]);
//Check if valid email.
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$emailErr = "Invalid E-Mail Format.";
}
}
//Check the 'Subject' field.
if (empty($_POST["subject"]))
{
$subjectErr = "Subject is Required.";
}
else
{
$subject = validate_info($_POST["subject"]);
}
//Check the 'Website' field.
if (empty($_POST["siteurl"]))
{
$website = "";
}
else
{
$website = validate_info($_POST["siteurl"]);
//Check if valid URL.
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website))
{
$websiteErr = "Invalid URL.";
}
}
//Check the 'How Did You Find Us' options.
if (empty($_POST["howfind"]))
{
$findoptionErr = "Please Pick One.";
}
else
{
$findoption = validate_info($_POST["howfind"]);
}
//Check the comment box.
if (empty($_POST["questioncomments"]))
{
$commentsErr = "Questions/Comments are Required.";
}
else
{
$comments = validate_info($_POST["questioncomments"]);
}
//Pass any un-required data.
$likedsite = validate_info($_POST["likedsite"]);
}
function validate_info($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Sorry its a little lengthy.
Here is where I try to send the email. I have tried two different attempts and both have the same result.
<?php
if (!empty($fnameErr) || !empty($lnameErr) || !empty($subjectErr) || !empty($emailErr) || !empty($commentErr) || !empty($websiteErr) || !empty($findoptionErr))
{
echo "Sent!!";
}else
{
echo"Not Sent!!";
}
//Make the message.
$message =
"
First Name: $fname.\n
Last Name: $lname.\n
Website: $website\n
Did They Like the Site? $likedsite.\n
How They Found Us. $findoption.\n
Question/Comments:\n
$comments.
";
$message = wordwrap($message, 70);
$headers = "From: $email";
mail("me#gmail.com", $subject, $message, $headers);
?>
Once again sorry for the length. Thanks in advance also sorry if this is a double question or not described enough I am also new to stack overflow.
Please try:
<?php
//Set main variables for the data.
$fname = $lname = $email = $subject = $website = $likedsite = $findoption = $comments = "";
//Set the empty error variables.
$fnameErr = $lnameErr = $emailErr = $subjectErr = $commentsErr = $websiteErr = $findoptionErr = "";
//Initialize variable used to identify form is valid OR not.
$formValid = true;
//Check to see if the form was submitted.
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
//Check the 'First Name' field.
if (empty($_POST["fname"]))
{
$formValid = false;//Form not validate
$fnameErr = "First Name is Required.";
}
else
{
$fname = validate_info($_POST["fname"]);
}
//Check the 'Last Name' field.
if (empty($_POST["lname"]))
{
$formValid = false;//Form not validate
$lnameErr = "Last Name is Required.";
}
else
{
$lname = validate_info($_POST["lname"]);
}
//Check the 'E-Mail' field.
if (empty($_POST["email"]))
{
$formValid = false;//Form not validate
$emailErr = "E-Mail is Required.";
}
else
{
$email = validate_info($_POST["email"]);
//Check if valid email.
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$formValid = false;//Form not validate
$emailErr = "Invalid E-Mail Format.";
}
}
//Check the 'Subject' field.
if (empty($_POST["subject"]))
{
$formValid = false;//Form not validate
$subjectErr = "Subject is Required.";
}
else
{
$subject = validate_info($_POST["subject"]);
}
//Check the 'Website' field.
if (empty($_POST["siteurl"]))
{
$website = "";
}
else
{
$website = validate_info($_POST["siteurl"]);
//Check if valid URL.
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website))
{
$formValid = false;//Form not validate
$websiteErr = "Invalid URL.";
}
}
//Check the 'How Did You Find Us' options.
if (empty($_POST["howfind"]))
{
$formValid = false;//Form not validate
$findoptionErr = "Please Pick One.";
}
else
{
$findoption = validate_info($_POST["howfind"]);
}
//Check the comment box.
if (empty($_POST["questioncomments"]))
{
$formValid = false;//Form not validate
$commentsErr = "Questions/Comments are Required.";
}
else
{
$comments = validate_info($_POST["questioncomments"]);
}
//Pass any un-required data.
$likedsite = validate_info($_POST["likedsite"]);
}
//If every variable value set, send mail OR display error...
if (!$formValid){
echo"Form not validate...";
}
else {
//Make the message.
$message =
"
First Name: $fname.\n
Last Name: $lname.\n
Website: $website\n
Did They Like the Site? $likedsite.\n
How They Found Us. $findoption.\n
Question/Comments:\n
$comments.
";
$message = wordwrap($message, 70);
$headers = "From: $email";
mail("me#gmail.com", $subject, $message, $headers);
if($sendMail){
echo "Mail Sent!!";
}
else {
echo "Mail Not Sent!!";
}
}
function validate_info($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
I edit my answer as per some change. Now this code only allow send mail if form required fields are not empty and all fields value are valid as per your validation.
Let me know if there is any concern.!
from what i was able to conceive, u are
trying to apply 'OR' in if condition- should be changed to AND i.e. change || to &&
you are checking for not empty error variables... which should be changed to verify if they all are empty or not.
if (empty($fnameErr) && empty($lnameErr) && empty($subjectErr) && empty($emailErr) && empty($commentErr) && empty($websiteErr) && empty($findoptionErr))
{
echo "sent";
}
Instead of writing lengthy conditions.
Assign all error messages to a single variable and append errors to it ($errorMsg). You can avoid lengthy if else ladder by doing this.
Change empty($_POST["email"]) to !isset($_POST["email"]) - In all statements.
Then update the condition to following,
<?php
if($errorMsg == ''){
//Make the message.
$message ="
First Name: ".$fname.".\n
Last Name: ".$lname."\n
Website: ".$website."\n
Did They Like the Site? ".$likedsite."\n
How They Found Us. ".$findoption."\n
Question/Comments:\n
".$comments." ";
$message = wordwrap($message, 70);
$headers = "From: $email";
mail("me#gmail.com", $subject, $message, $headers);
}else{
// Show $errorMsg
}
?>
Make it simple, I hope this helps.
I have a application form on my website and when someone fills one out it works fine with all data properly sent over, however multiple times a day we are getting completely blank emails. (client is CONVINCED that its people filling out the form and its sending it blank randomly removing their information - i dont think thats possible)
Here are snippets of my code:
if($_SERVER['REQUEST_METHOD'] == "POST") {
if (trim($_POST['fname']) == "") {
$errors[] = "Please enter your first name";
}
if (trim($_POST['lname']) == "") {
$errors[] = "Please enter your last name";
}
if (trim($_POST['address1']) == "") {
$errors[] = "Please enter your address";
}
if (trim($_POST['city']) == "") {
$errors[] = "Please enter your city";
}
if (trim($_POST['state']) == "") {
$errors[] = "Please enter your state";
}
if (trim($_POST['zip']) == "") {
$errors[] = "Please enter your zip code";
}
if (trim($_POST['email']) == "") {
$errors[] = "Please enter your email";
}
if (trim($_POST['phone']) == "") {
$errors[] = "Please enter your phone number";
}
if (trim($_POST['school']) == "") {
$errors[] = "Please enter your High School";
}
if (trim($_POST['school_study']) == "") {
$errors[] = "Please enter your course of study";
}
if (trim($_POST['school_years']) == "") {
$errors[] = "Please enter your school years completed";
}
if (trim($_POST['school_degree']) == "") {
$errors[] = "Please enter your diploma/degree";
}
if (trim($_POST['employer1']) == "") {
$errors[] = "Please enter Employer #1";
}
if (trim($_POST['employer1_telephone']) == "") {
$errors[] = "Please enter Employer #1 Telephone";
}
if (trim($_POST['employer1_title']) == "") {
$errors[] = "Please enter Employer #1 Title";
}
if (trim($_POST['employer1_supervisor']) == "") {
$errors[] = "Please enter Employer #1 Supervisor";
}
if (trim($_POST['employer1_from']) == "") {
$errors[] = "Please enter Employer #1 Start Date";
}
if (trim($_POST['employer1_to']) == "") {
$errors[] = "Please enter Employer #1 End Date";
}
if (trim($_POST['employer1_salary']) == "") {
$errors[] = "Please enter Employer #1 Salary";
}
if (trim($_POST['employer1_duties']) == "") {
$errors[] = "Please enter Employer #1 Duties";
}
if (trim($_POST['sig2']) == "") {
$errors[] = "Please complete the Signature Field";
}
if (trim($_POST['date2']) == "") {
$errors[] = "Please complete the Date Field";
}
if(is_array($errors))
{
echo '<div class="error"><span>The following errors occurred:</span><ul>';
while (list($key,$value) = each($errors))
{
echo '<li>'.$value.'</li><br />';
}echo'</ul></div>';
}
else {
require_once('recaptchalib.php');
$privatekey = "(private key thing here not sure if that should be shared)";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
// convert the application to a pdf. not going to include all this jarble
// also insert the application into a database - not including
$mpdf=new mPDF();
$mpdf->WriteHTML($html);
$content = $mpdf->Output('', 'S');
$content = chunk_split(base64_encode($content));
$eol = PHP_EOL;
$mailto = "$setting[apps_email]";
$from_name = 'Employment Application';
$from_mail = 'no-reply';
$replyto = 'no-reply';
$uid = md5(uniqid(time()));
$subject = "".$row[fname]." ".$row[lname]." - ".$row1[position]."";
$filename = "".$row[fname]."".$row[lname]."-".$row[submitted].".pdf";
$header = "From: ".$from_name." <".$from_mail.">".$eol;
$header .= "Reply-To: ".$replyto.$eol;
$header .= "MIME-Version: 1.0\r\n";
$header .= "Content-Type: multipart/mixed; boundary=\"".$uid."\"".$eol;
$header .= "Content-Transfer-Encoding: 7bit".$eol;
$message .= "--".$uid.$eol;
$message .= "Content-type:text/plain; charset=\"iso-8859-1\"\r\n";
$message .= "Content-Transfer-Encoding: 7bit\r\n\r\n";
$message .= $eol."".$row[fname]." ".$row[lname]." has submitted an employment application for the ".$row1[position]." position. Please see the attached .pdf file to save and/or print the application.".$eol;
$message .= "--".$uid.$eol;
$message .= "Content-Type: application/pdf; name=\"".$filename."\"\r\n";
$message .= "Content-Transfer-Encoding: base64\r\n";
$message .= "Content-Disposition: attachment".$eol.$eol;
$message .= $eol.$content;
$message .= "--".$uid."--".$eol;
$is_sent = #mail($mailto, $subject, $message, $header);
}
}}
I feel like i've taken every measure against this with making sure it was submitted first, validating required fields, and i even threw on a stupid captcha that i hate doing
any idea why (i'm assuming crawlers) are sending blank emails?
I have two issues with a contact form I have created. I was previously hit hard by spam.
I am requiring that all fields be filled out before the form is processed, but what I have written isn't working: info goes into the database whether a person fills out all fields or not. ***fixed by using:
function validateForm()
{
var x=document.forms["validation"]["firstname"].value;
if (x==null || x=="")
{
alert("Please enter your first name");
return false;
}
for all fields and this one for email:
var x=document.forms["validation"]["email"].value;
var atpos=x.indexOf("#");
var dotpos=x.lastIndexOf(".");
if (atpos<1 || dotpos<atpos+2 || dotpos+2>=x.length)
{
alert("Please enter a valid email address");
return false;
}
Now, I need to get the captcha working or how to add to check if captcha is correct in same javascript? I think the error lies in this somehow?:
session_start();
if($_POST['submitted'] == "contactus")
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
header("Location:http://www.berrieswebdesign.com/thankyou.php?message=thanks");
unset($_SESSION['security_code']);
} else {
// Insert your code for showing an error message here
echo "<div id='thankyoubox'>'Security breach! Security Breach! Ehem...Your security code was incorrect.'</div>";
}
ob_flush();
?>
And lastly, here is contactfunctions.php
<?php ob_start();//Required for the redirect to work?>
<?php
include_once("databasefunctions.php");
$contactsdbtable = "contacts";
function GetHeaders()
{
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= "To: {$firstname} <{$email}>" . "\r\n";
$headers .= 'From: My Website <info#mywebsite.com>' . "\r\n";
return $headers;
}
function ContactMessage($firstname, $lastname, $email, $message, $location)
{
global $contactsdbtable;
openDatabase();
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$email = mysql_real_escape_string($email);
$message = mysql_real_escape_string($message);
$location = mysql_real_escape_string($location);
$result = QuickQuery("INSERT INTO {$contactsdbtable}(firstname, lastname, email, message, location)
VALUES('{$firstname}', '{$lastname}', '{$email}', '{$message}', '{$location}')");
if($result)
{
$headers = GetHeaders();
$message = "\"Thank you for contacting us at My Website. We will be answering your website inquiry post haste.\"<br />
<br />
<br />
Best Regards,<br />
<br />
Me
";
mail($email, "RE: Design Inquiry", $message, $headers);
mail("myemail#blahblah.com", "Website Inquiry", "{$firstname}, {$email}, has sent a web design inquiry", $headers);
}
}
?>
I appreciate any help I receive on this in advance. Also, since this is a lengthy post, would you guys mind listing which issue you are addressing, 1 or 2?
Thanks!
Ok try this:
<?php
$is_error = false;
if($_POST['submitted'] == "contactus")
{
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$message = $_POST['message'];
$location = $_POST['location'];
if(!$firstname || $firstname = ''){
$error = "Please enter your first name.";
$is_error = true;
} else if(!$lastname || $lastname= ''){
$error = "Please enter your last name.";
$is_error = true;
} else if(!$email || $email= ''){
$error = "Please enter a valid email.";
$is_error = true;
}else if(!$message || $message= ''){
$error = "Please enter your message.";
$is_error = true;
}else if(!$location || $location= ''){
$error = "Please tell us where you're from.";
$is_error = true;
}
if(($is_error === false) && ($_SESSION['security_code'] == $_POST['security_code']))
{
ContactMessage($firstname, $lastname, $email, $message, $location);
} else {
Error($error);
}
}
?>