I have a page with an options menu, however would like the user to pass the captcha test. Currently i want it so the user enters atleast 3 characters in the textbox or else they would not be able to submit the form, the code is shown below with the php condition at the end of the form. However i know i have obviously got it wrong. Is there anyway to do this without pasting the php code on another page? Thanks.
<?php
// Check to see if the form has been submitted.
if(isset($_POST['menu1'])) {
// If the form has been submitted, force a re-direct to the choice selected.
header('Location: ' . $_POST['menu1']);
}
?>
<div style="padding-left: 50px">
<p class="arial"><strong></strong><br /><br /></p>
<form method="post">
<table class="freecontact2form" border="0" width="400px">
<tbody>
<tr>
<td colspan="2"><span style="font-size: x-small;"> </span> <font color=#000000 >Which of the following do you want to use?</font>
<br /><br /></td>
</tr>
<tr>
<td valign="top"><table width="400px" class="freecontact2form">
<tr>
<td colspan="2"><br />
<br />
<div class="freecontact2formmessage"> </div></td>
</tr>
<tr>
<td valign="top"><label for="menu1" >The options are:<span class="required_star"> </span></label></td>
<td valign="top"><select name="menu1" id="menu1">
<option selected="selected" value ="http://www.google.com">Google </option>
<option value ="http://www.yahoo.com">Yahoo</option>
<option value ="http://www.bing.com">Bing</option>
</select></td>
</tr>
<tr>
<td valign="top"><label for="captcha" ><span class="required_star"></span><span class="required_star"></span></label></td>
<td valign="top"><BR /><BR /><img src="captcha.jpg" /></td>
</tr>
<tr>
<td>Please enter the characters shown in the CAPTCHA image:</td>
<td><input type="text" name="captcha" id="captcha" value="" size="10" />
</td>
</tr>
<tr>
<td style="text-align:center" colspan="2"><br /><br />
<input type="submit" value=" Submit ">
</td>
</tr>
</table></td>
<td valign="top"> </td>
</tr>
</tbody>
</table>
</form> <br />
<p> </p>
<p> </p>
<?php
if(isset($_POST['menu1'])) {
function died($error) {
echo "Sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if(!isset($_POST['menu1']) ||
!isset($_POST['captcha'])
) {
died('Sorry, there appears to be a problem with your form submission.');
}
$error_message = "";
if(strlen($captcha) < 3) {
$error_message .= 'Please ensure the captcha entered is at least 3 characters long';
}
if(strlen($error_message) > 0) {
died($error_message);
}
?>
<?php
}
die();
?>
Try this code at the top of your file (instead of at the bottom). Notice I fixed a few issues.
First, you were doing the header() redirect before ever running your validation code, because that was at the top of your file while the validation was below. I changed the logic so if the validation succeeds, then it will redirect, otherwise it will show an error message
Second, you were checking strlen($captcha) but should have been checking strlen($_POST['captcha']).
<?php
function died($error) {
echo "Sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if(isset($_POST['menu1'])) {
if(!isset($_POST['menu1']) || !isset($_POST['captcha'])) {
died('Sorry, there appears to be a problem with your form submission.');
}
$error_message = "";
if(strlen($_POST['captcha']) < 3) {
$error_message .= 'Please ensure the captcha entered is at least 3 characters long';
}
if(strlen($error_message) > 0) {
// VALIDATION ERRORS, DIE
died($error_message);
}
else {
// DO YOUR REDIRECT RIGHT HERE... NO VALIDATION ISSUES, CONTINUE...
header('Location: ' . $_POST['menu1']);
}
}
?>
You have to keep the captcha in session first and then check it with the value submitted in order to match them after validating that entered value is of 3 character or more.
Related
I have created a CMS with a ban feature to ban accounts who violate the rules.
However, when I ban someone, I will ban the user but also myself. The unstyled text will appear only if you're an administrator:
You have been banned.
and if you're an user which is being banned, you'll get
Your account has been disabled and cannot be used anymore.
You find the details below.
Date: 13-04-2016 16:06:27
Reason: Violation of the EULA.
If you have questions, feel free to contact the administrator.
And now it's getting spooky: the text above is the only text I have in my scripts. The "You have been banned" is some old, pre-alpha text but it's still spooking around. So for the record, I have deleted this text a long time ago. I have searched every file, every include and every database.
I have even done a map search for the "You have been banned" sentence. No luck, he couldn't find anything! I have also restarted XAMPP and the databases and I also have logged out and logged in again; didn't work either.
Details about the issue.
Text is fully blanco, no styles or anything.
Only appears at admin.php
Appears when a user is banned - I have double checked the ban script and everything is running OK. Queries are pointing to the right database, etc.
Because the text only appears on admin.php, we need to take a look at admin.php. It's a file of 520 lines.
The ban script is on the top:
$sql = "SELECT * FROM bans WHERE user_name='".$_SESSION['user_name']."'";
$result = $conn->query($sql);
if(mysqli_num_rows($result) != 0) {
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$blocked = "
<div class='modal-inner' style='width:500px'>
<h2>Account disabled</h2>
Your account has been disabled and cannot be used anymore.<br />You find the details below.<br /><br />
Processed: ". $row["user_dateofban"] ."<br />
Reason: ". $row["reason"] ."<br /><br />
If you have questions, feel free to contact the administrator.
</div>
";
exit($blocked);
}
}
}
Hope someone can help me out, it's super frustrating!
admin.php
the top.php & bot.php both are just html files. No php.
<?php
include("loginsys.php");
if ($login->isUserLoggedIn() == true) {
//ban config
$sql = "SELECT * FROM bans WHERE user_name='".$_SESSION['user_name']."'";
$result = $conn->query($sql);
if(mysqli_num_rows($result) != 0) {
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$blocked = "
<div class='modal-inner' style='width:500px'>
<h2>Account disabled</h2>
Your account has been disabled and cannot be used anymore.<br />You find the details below.<br /><br />
Processed: ". $row["user_dateofban"] ."<br />
Reason: ". $row["reason"] ."<br /><br />
If you have questions, feel free to contact the administrator.
</div>
";
exit($blocked);
}
}
}
if(isset($_SESSION['user_rank']) && $_SESSION['user_rank'] == "3") {
if(isset($_GET["page"]) && $_GET["page"] == "customization") {
include("assets/top.php");
if(isset($_POST['editcustom'])) {
$sql = "UPDATE customization SET iam='".$_POST["iam"]."', iam2='".$_POST["iam2"]."', about='".$_POST["about"]."', about2='".$_POST["about2"]."', about3='".$_POST["about3"]."', recentwork='".$_POST["recentwork"]."', recentwork2='".$_POST["recentwork2"]."', getintouch='".$_POST["getintouch"]."', getintouch2='".$_POST["getintouch2"]."', address='".$_POST["address"]."', phone='".$_POST["phone"]."', email='".$_POST["email"]."', sendbutton='".$_POST["sendbutton"]."', copyright='".$_POST["copyright"]."'";
$updateuser = $conn->query($sql);
if ($updateuser) {
echo '<div class="alert alert-success">Settings saved.</div>';
} else {
echo '<div class="alert alert-danger">Something went wrong executing the query. Try again.</div>';
}
}
$sql = "SELECT * FROM customization LIMIT 1";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
?>
<h1>Header</h1>
<form method="post">
<table>
<tr>
<td>Header 1</td>
<td><input type="text" value="<?php echo $row["iam"]; ?>" name="iam" />
</tr>
<tr>
<td>Header 2</td>
<td><input type="text" value="<?php echo $row["iam2"]; ?>" name="iam2" />
</tr>
</table>
<h1>About</h1>
<table>
<tr>
<td>About heading</td>
<td><input type="text" value="<?php echo $row["about"]; ?>" name="about" />
</tr>
<tr>
<td>About text</td>
<td><input type="text" value="<?php echo $row["about2"]; ?>" name="about2" />
</tr>
<tr>
<td>About button</td>
<td><input type="text" value="<?php echo $row["about3"]; ?>" name="about3" />
</tr>
</table>
<h1>Recent Work</h1>
<table>
<tr>
<td>Recent Work heading</td>
<td><input type="text" value="<?php echo $row["recentwork"]; ?>" name="recentwork" />
</tr>
<tr>
<td>Recent Work button</td>
<td><input type="text" value="<?php echo $row["recentwork2"]; ?>" name="recentwork2" />
</tr>
</table>
<h1>Contact</h1>
<table>
<tr>
<td>Heading</td>
<td><input type="text" value="<?php echo $row["getintouch"]; ?>" name="getintouch" />
</tr>
<tr>
<td>Text</td>
<td><input type="text" value="<?php echo $row["getintouch2"]; ?>" name="getintouch2" />
</tr>
<tr>
<td>Address</td>
<td><input type="text" value="<?php echo $row["address"]; ?>" name="address" />
</tr>
<tr>
<td>Phone</td>
<td><input type="text" value="<?php echo $row["phone"]; ?>" name="phone" />
</tr>
<tr>
<td>Email</td>
<td><input type="text" value="<?php echo $row["email"]; ?>" name="email" />
</tr>
<tr>
<td>Button text</td>
<td><input type="text" value="<?php echo $row["sendbutton"]; ?>" name="sendbutton" />
</tr>
</table>
<h1>Copyright</h1>
<table>
<tr>
<td>Copyright</td>
<td><input type="text" value="<?php echo $row["copyright"]; ?>" name="copyright" />
</tr>
</table>
<input type="submit" value="Save changes" name="editcustom" />
</form>
<?php
}
} else {
echo "No customization yet.";
}
include("assets/bot.php");
} else {
?>
<iframe src="admin.php?page=dashboard" style="width:700px;height:500px;">
Your browser doesn't support iframes. Please upgrade.
</iframe>
<?php
}
} else {
echo "Error: No permissions";
}
} else {
echo "Error: Not signed in";
}
?>
This is a small guide for improving your code, through which you will probably find the error evaporates or is more easily identified:
In no particular order:
run Error Logging on your PHP!!! Seriously. One of the very first fundamentals to learn.
You should be writing in HTML5 which means your code needs the correct syntax so <br/> becomes <br> and /> closing of tags does not need the slash.
Use correct attributes in your HTML, your <form> should have enctype and action and accept attributes as a minimum. Likewise other HTML tags can do with having more correct ettributes associated with them.
Stop using iframes , they are not as widely supported now as have serious issues with XSS. Instead use CSS and/or PHP includes.
Try and avoid using select * and instead specify the name of each MySQL column you need to select. It is a bit more long winded but saves lots of 'umms' and 'aahs' on larger projects.
Good points: You are escaping PHP variable placements correctly and you are using Object Orientated DB connections, BUT the way you are setting up your database queries is very unsafe and should be improved as a priority:
Instead of putting the variable into the Query string directly you want to bind it to the query. please research this with prejudice (different methods depending on your connection type).
Leading on from the point above you really, really should be cleaning your input / POST data as much as reasonably possible, never ever trust any user input, ever. The $_POST values can be anything, so use a REGEX cleaner or a PHP cleaning function to remove unwanted / damaging characters from form and text inputs.
Add lines to query your MySQL commands and feedback errors to your eyes.
got a question, that I can't find a solution for. Before I continue with my question, just a brief overview of what the code is suppose to do (This is for a class project in a beginning php course). User automatically starts on the index.php page. Once the quantities are inputed, it will take them to the login.php page. If they have a login, then it will take them to the invoice.php page. If not, then it will take them to the register.php page, then go to the invoice.php page.
Here's where I run into a problem, how do I match the username and password (inputed from the user registration page) from my user.dat file to the login page? It's frustrating because we really didn't go over it in class :(
Any help will be greatly appreciated, feel free to give feed back on any of the code presented :)
Thank you so much in advance folks! This site has definitely ease some of the coding headaches :P
login.php
<h3>
<center>
Please Login
</center>
</h3>
<?php
include "functions.inc";
//if the form data is clicked... if all valid.. display invoice... otherwise display error
$datafile = "users.dat";
$file = file_get_contents($datafile);
if(!strpos($file, "search string")) {
echo "String not found!";
}
if (array_key_exists('submit', $_POST))
{
if(!strpos($file, "search string")) {
echo "String not found!";
}
header('Location: registration.php');
}
else
if (array_key_exists('register', $_POST))
{
header('Location: invoice.php');
}
?>
<?php//made the user login menu into a nice table that will center the username and password in the middle of the page.?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<form name="form1" method="post" action="invoice.php">
<tr>
<td>Username</td>
<td>:</td>';
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
</table>
<center><input type='submit' name='submit' value='Login'></center>
</form>
<?php
/*This code will allow a new user to go to the registration page and register for the site
* before buying anything.
*/
?>
<br>
<form name="form1" method="post" action="registration.php">
<center><input type='submit' name='Register' value='New User? Click here.'></center>
</form>
registration.php
<html>
<h4>
<center>
New User Registration
</center>
</h4>
<body>
<?php
/*
* What this code does, is it takes the users registration information, and stores it in a file.
* After that what I hope to do is to retrive the same file when the user is on the login page and if
* the login matches whats in the file, then proceed to the invoice page.
*/
include "functions.inc";
// Define the datafile to hold the $users array
$datafile = "users.dat";
// See if the user has submitted something
if (array_key_exists('register', $_POST))
{
// Get the new user info
$the_user = $_POST['newUser'];
// Load the file of users and store it in $users
$users = arrayfile_to_array($datafile);
// Validate user name and password
if (user_exists($the_user['ID'], $users))
{
echo "<p><center>Please fill in all text boxes</center></p>";
}
else
{
// If valid, save to the file of users
$users[] = $the_user;
array_to_arrayfile($users, $datafile);
}
}
else
{
if (!file_exists($datafile)) // Data file doesn't exist, so create it
{
$users = array();
array_to_arrayfile($users, $datafile);
}
}
?>
<?php
// my defined error values
$errEmail = "";
$errUser = "";
$errPass = "";
if(isset($_POST["register"])){
// User must be digits and letters
if(preg_match("/^[0-9a-zA-Z]{5,}$/", $_POST['newUser']['ID']) === 0)
$errUser = '<span class="error">Username must be more than 5 characters and contain letters and numbers.</span>';
// Password must be strong
if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST['newUser']['password']) === 0)
$errPass = '<span class="error">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</span>';
//Email validation
if(preg_match("/^[a-zA-Z]\w+(\.\w+)*\#\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/", $_POST['newUser']['email']) === 0)
$errEmail = '<span class="error">example: chars(.chars)#chars(.chars).chars(2-4)</span>';
}
?>
<form action = "<?= $_SERVER['PHP_SELF'] ?>" method= 'POST'>
<center>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td>Username</td>
<td>:</td>
<td ><input name="newUser[ID]" type="text" size="16" value="">
<?php if(isset($errUser) and $errUser !='') echo $errUser; ?>
</td >
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="newUser[password]" type="password" size="16" value="">
<?php if(isset($errPass) and $errPass !='') echo $errPass; ?>
</td >
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="newUser[email]" type="text" size="50" value="">
<?php if(isset($errEmail) and $errEmail !='') echo $errEmail; ?>
</td >
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
<input type='submit' name='register' value='Register'>
</center>
</form>
</body>
</html>
Hi guys I'm new to coding and loving every minute of it :)
So the following code is in my registration.php file. I want to make it so that when the user fills everything BEFORE it will direct them to my invoice.php file after pressing the register button. If they are missing some requirements, go back to the registration form and (hopefully after I get this figured out, put some sticky forms so they don't have to type in whatever text was validated) Also, getting an error "
Notice: Undefined index: submit in C:\xampp\htdocs\assignment_2\registration.php on line 9" on my validation at the top of my PHP code, not too sure what I'm suppose to put there. :( As always, any help is greatly appreciated!
<html>
<h4>
<center>
New User Registration
</center>
</h4>
<body>
<?php
if($_POST["submit"]=="login")
{
if(preg_match("/^[0-9a-zA-Z_]{5,}$/", $_POST["user"]) === 0)
$errUser = '<p class="errText">User must be bigger that 5 chars and contain only digits, letters and underscore</p>';
// Password must be strong
//if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["pass"]) === 0)
if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["pass"]) === 0)
$errPass = '<p class="errText">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</p>';
// Email mask
if(preg_match("/^[a-zA-Z]\w+(\.\w+)*\#\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/", $_POST["email"]) === 0)
$errEmail = '<p class="errText">Email must comply with this mask: chars(.chars)#chars(.chars).chars(2-4)</p>';
}
?>
<form action="invoice.php" method="post">
<center>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td>Username</td>
<td>:</td>
<td <input name="user" type="text" size="16" value="<?php echo $_POST["user"]; ?>">
<?php if(isset($errUser)) echo $errUser; ?>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" size="16" value="<?php echo $_POST["pass"]; ?>">
<?php if(isset($errPass)) echo $errPass; ?>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" size="50" value="<?php echo $_POST["email"]; ?>">
<?php if(isset($errEmail)) echo $errEmail; ?>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
<input type='submit' name='register' value='Register'>
</center>
</form>
</body>
</html>
The problem here is one that many programmers that are new to PHP run into. See, $_POST is an array that includes all parameters that have been submitted with the POST request the script was requested with. But what if there were none, or the script was requested using GET? You got it: it's empty.
In your case, submit doesn't seem to be present in the POST data. In that case you most likely want to just display the form, so the user can enter the data and submit the form (which will set that value). SO you have to check FIRST if "submit" is there.
Second: Your submit button is called "register", and it's value (which is not really necessary, but alright) is "Register". So if the form is submitted, the data that is sent is register=Register&<other fields>. Therefore you have to check for the presence of "register", not "submit"
if (isset($_POST['register']) && $_POST['register']) {
// evaluate
}
you don't have check any var is set so you can see more php error
i change more check, you can try
<html>
<h4>
<center>
New User Registration
</center>
</h4>
<body>
<?php
$errEmail = "";
$errUser = "";
$errPass = "";
//not too sure what this if statement suppose to be.
if(isset($_POST["register"])){//1. no '{' 2. the post is not ckeck 'type', is 'name'
// Email mask
if(preg_match("/^[a-zA-Z]\w+(\.\w+)*\#\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/", $_POST["email"]) === 0)
$errEmail = '<p class="errText">Email must comply with this mask: chars(.chars)#chars(.chars).chars(2-4)</p>';
// User must be digits and letters
if(preg_match("/^[0-9a-zA-Z_]{5,}$/", $_POST["user"]) === 0)
$errUser = '<p class="errText">User must be bigger that 5 chars and contain only digits, letters and underscore</p>';
// Password must be strong
//if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["pass"]) === 0)
if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["pass"]) === 0)
$errPass = '<p class="errText">Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit</p>';
}
?>
<form method="post">
<center>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td>Username</td>
<td>:</td>
<td ><input name="user" type="text" size="16" value="<?php echo (isset($_POST["user"]))?$_POST["user"]:'';/*3.no check the var is set?*/ ?>">
<?php if(isset($errUser) and $errUser !='') echo $errUser; ?>
</td ><!--4. no '</td>'-->
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" size="16" value="<?php echo (isset($_POST["pass"]))?$_POST["pass"]:''; ?>">
<?php if(isset($errPass) and $errPass !='') echo $errPass; ?>
</td >
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" size="50" value="<?php echo (isset($_POST["email"]))?$_POST["email"]:''; ?>">
<?php if(isset($errEmail) and $errEmail !='') echo $errEmail; ?>
</td >
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
<input type='submit' name='register' value='Register'>
</center>
</form>
</body>
</html>
I've a html form with multiple select field. I'm trying to validate it with php. but i can't validate this multiple select field with php. It's show me success message without any validation.
Please kindly tell me what's the problem in my code. Thank you.
Php Code:
<?php
if(isset($_POST['Submit']) && $_POST['Submit'] == "Send SMS")
{
if(isset($_POST['number']))
$number = $_POST['number'];
$msg = inputvalid($_POST['txt']);
$err = array();
if(isset($msg) && isset($number))
{
if(empty($msg) && empty($number))
$err[] = "All field require";
else
{
if(empty($msg))
$err[] = "Your message require";
if(empty($number))
$err[] = "Select your mobile number";
}
}
if(!empty($err))
{
echo "<div class='error'>";
foreach($err as $er)
{
echo "<font color=red>$er.</font><br/>";
}
echo "</div>";
echo "<br/>";
}
else
{
echo "good";
}
}
?>
Html Code:
<form name="frm" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) ?>">
<table width="800" border="0" cellspacing="10" cellpadding="0">
<tr>
<td valign="top">Number</td>
<td>
<select multiple="multiple" size="10" name="number[]">
<option value="">--Select Member--</option>
<?php
$class = mysql_query("SELECT * FROM e_members");
while($res = mysql_fetch_array($class))
{
$phone = $res['phone'];
?>
<option value="<?php echo $phone; ?>"> <?php echo $phone; ?></option>
<?php
}
?>
</select>
</td>
</tr>
<tr>
<td valign="top">Write message</td>
<td>
<textarea class="textarea" placeholder="Your message" name="txt" onkeyup="counter(this);">
<?php if(isset($_POST['txt'])) echo $_POST['txt']; ?>
</textarea>
<br/>
<input type="" name="lbl" style="border:none;">
<br/>
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="submit" name="Submit2" value="Save SMS" class="view"/>
<input type="submit" name="Submit" value="Send SMS" class="submit"/>
</td>
</tr>
</table>
</form>
Update:
After select multiple/single value var_dump showing:
array(1) { [0]=> string(13) "8801814758545" }
Without select it's showing:
NULL
You are trying to validate array $number using empty($number). It won't work as you expected
You can validate this as if (is_array($number) && count($number) > 0)
The problem is that your check for empty values is inside for check for if(isset($msg) && isset($number)) and as soon as you post the form these variables are set. As you are already check that the post is set then remove this outer if statement and just check for empty values and it should work.
Below is my php contact form:
Page the user inputs information:
<div style="padding-left: 50px">
<p class="arial"><strong></strong><br /><br /></p>
<form action="freecontact2formprocess.php" method="post">
<table class="freecontact2form" border="0" width="400px">
<tbody>
<tr>
<td colspan="2"><span style="font-size: x-small;"> </span> <font color=#E42217 >Please ensure all card details are correct.</font>
<br /><br /></td>
</tr>
<tr>
<td valign="top"><table width="400px" class="freecontact2form">
<tr>
<td colspan="2"><br />
<br />
<div class="freecontact2formmessage"> </div></td>
</tr>
<tr>
<td valign="top"><label for="subject_type" >Subject Type:<span class="required_star"> * </span></label></td>
<td valign="top"><select name="subject_type" id="subject_type">
<option selected="selected" value ="Maths">Maths</option>
<option value ="English">English</option>
<option value ="Biology">Biology</option>
<option value ="Chemistry">Chemistry</option>
<option value ="Physics">Physics</option>
<option value ="History">History</option>
</select></td>
</tr>
<tr>
<td style="text-align:center" colspan="2"><br /><br /> <input src="../../images/submit1.png" name="submit" type="image"> <br /><br /> <!-- If you want to remove this author link, please purchase an unbranded version from: http://www.freecontact2form.com/unbranded_form.php Or upgrade to the professional version at: http://www.freecontact2form.com/professional.php --> <br /><br /></td>
</tr>
</table></td>
<td valign="top"> </td>
</tr>
</tbody>
</table>
</form> <br />
<p> </p>
<p> </p>
This is freecontact2formprocess.php:
if(isset($_POST['subject_type'])) {
include 'freecontact2formsettings.php';
function died($error) {
echo "Sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if(!isset($_POST['subject_type']) ||
!isset($_POST['testvariablealwaysset']) ||
) {
died('Sorry, there appears to be a problem with your form submission.');
}
$subjecttype_from = $_POST['subject_type']; // required
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
header("Location: $thankyou");
?>
<script>location.replace('<?php echo $thankyou;?>')</script>
<?php
}
die();
?>
this is freecontact2formsettings:
<?php
$email_to = "myemailaddress#emailaddress.com"; // your email address
$email_subject = "Subject type"; // email subject line
if ($subjecttype_from="Maths")
{
$thankyou = "http://www.google.com";
}
else
{
$thankyou = "http://www.yahoo.com"; // thank you page
}
// if you update the question on the form -
// you need to update the questions answer below
$antispam_answer = "25";
?>
On the freecontact2formsetting file, i have set a condition that if the user selects Maths from the drop down menu, the thank you page is set to google.com, if however anything else is selected it goes to yahoo.com. Currently all redirects are going to google.com regardless, how do i make sure when the user selects anything but maths, it goes to yahoo.com?
You're assigning rather than evaluating, change your if statement to:
if ($subjecttype_from == "Maths")
You could also write it like this:
$thankyou = ($subjecttype_from == "Maths") ? 'http://www.google.com' : 'http://www.yahoo.com';
From looking at your code, $subjecttype_from isn't defined when your if statement is evaluated. Assign the variable before you include the file which makes the comparison, eg:
$subjecttype_from = $_POST['subject_type']; // required
include 'freecontact2formsettings.php';