PHP Validation showing all errors at once - php

I am using the below script for validation. I want to know if there is a way to convert this script to show all errors at once instead of one at a time? Also, is there anything more I can do to prevent header injection?
thanks.
<?php
session_start();
/* Check all form inputs */
$fname = check_input($_POST['fname'], "Friend's Name cannot be empty.");
$femail = check_input($_POST['femail'], "Friend's email cannot be empty.");
$yname = check_input($_POST['yname'], "Your Name cannot be empty.");
$yemail = check_input($_POST['yemail'], "Your email cannot be empty.");
$subject = check_input($_POST['subject'], "Subject cannot be empty.");
$comments = check_input($_POST['comments'], "Comments cannot be empty.");
/* alphabet only */
if(!preg_match("/^([A-Za-z\s\-]{2,45})$/i", $fname))
{
show_error("Friend's name is not valid.");
}
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $femail))
{
show_error("Your friend's email address is not valid.");
}
if(!preg_match("/^([A-Za-z\s\-]{2,45})$/i", $yname))
{
show_error("Your name is not valid.");
}
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $yemail))
{
show_error("Your email address is not valid.");
}
htmlentities ($message, ENT_QUOTES);
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlentities($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>


Something I often do is use an $errors array. So you would define an empty array before all your checks, and then inside of each check for show_error you would add that string to your errors array:
$errors[] = "Friend's name is not valid.";
Then at the end, check to see if the error array is empty. If it is, then nothing failed. Otherwise, you now have an array of all the errors that you can display however you'd like.

Related

Post contact form to html document

I currently have a contact page that emails me when it gets submitted. I want to send the fields to another htm page on the server instead so staff can access the information by viewing the page in their browser. So even if they don't have access to email, they can view the page from their browser.
The information sent must accumulate on the form, ie new submissions must submit to the ame form without deleting previous submissions.
Do I amend the code? Do I make a few changes like changing the 'mymail' to 'myform = "form.htm" ' I made a few changes and tried submitting but have no idea how to make the form work.
Below is the code that sends the email.
<?php
/* Set e-mail recipient */
$myemail = "mail#abc.co.za";
$subject = "Contact Form";
/* Check all form inputs using check_input function */
$name = check_input($_POST['name']);
$contactnr = check_input($_POST['contactnr']);
$email = check_input($_POST['email']);
$phoneoremail = check_input($_POST['phoneoremail']);
$message = check_input($_POST['message']);
$ipaddress = $_SERVER['REMOTE_ADDR'];
$iphost = $_SERVER['HTTP_HOST'];
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email))
{
show_error("E-mail address not valid");
}
/* If URL is not valid set $website to empty */
if (!preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i", $website))
{
$website = '';
}
/* Prepare the message for the e-mail */
$message = "Contact form has been submitted
Details:
Name: $name
Phone Number: $contactnr
E-mail: $email
Message: $message
Sender IP Address: $ipaddress
Form submitted via server: $iphost
End of message
";
/* Send the message using mail() function */
mail($myemail, $subject, $message);
/* Redirect visitor to the thank you page */
header('Location: thankyou.htm');
exit();
/* Functions we used */
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>
<html>
<body>
<b>Please provide missing information so we can assist you:</b><br />
<?php echo $myError; ?>
</body>
</html>
<?php
exit();
}
?>

If you want to post this to an HTML page aswell as sending it per E-Mail, why don't you just write to an HTML file?
$file = 'formdata.html';
// Open the file to get existing content
$current = file_get_contents($file);
// Append a new person to the file
$current .= "Details:<br>
Name: $name<br>
Phone Number: $contactnr<br>
E-mail: $email<br>
Message: $message<br>
Sender IP Address: $ipaddress<br>
Form submitted via server: $iphost<br><hr>";
// Write the contents to the file
file_put_contents($file, $current);
Maybe include formdata.html then as an iFrame on a page only the staff can access?

PHP Form sends Email even if Email and Name are invalid

Hi everyone and thanks for your time!
Although it's the first time that I try PHP, I've been making a PHP Form and so far I've been able to make it validate the fields, and also that the form doesn't send anything if the fields are empty.
Now... The fields "Name" and "Email" have validation filters...
"Name" doesn't allow more than "letters and white spaces" and "Email" doesn't allow an "invalid Email format".
Example:
Name: Rob3rt... it has a number
Email: anything... isn't an Email address
Subject and Message have no validation filters...
The problem is, that if I fill up all fields, the form sends the Email, even if the information written on "Name" and "Email" doesn't agree with their validation filters...
Q: How can I hold the form from sending an Email, until all fields have the correct information inside?
Here's the code:
// This is the validation code //
<?php
// define variables and set to empty values
$nameErr = $emailErr = $commentErr = $subjectErr = "";
$name = $email = $comment = $subject = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "<h5>Name is required</h5>";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "<h5>Only letters and white space allowed</h5>";
}
}
if (empty($_POST["email"])) {
$emailErr = "<h5>Email is required</h5>";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "<h5>Invalid email format</h5>";
}
}
if (empty($_POST["comment"])) {
$commentErr = "<h5>Message is required</h5>";
} else {
$comment = test_input($_POST["comment"]);
}
if (empty($_POST["subject"])) {
$subjectErr = "<h5>Subject is required</h5>";
} else {
$subject = test_input($_POST["subject"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form>
Form comes here
</form>
// This is the sending code... I think the problem is here... //
<?php
if($_POST['name']!="" && $_POST['email']!="" && $_POST['comment']!="" && $_POST['subject']!="") {
$to = "myemail#whatever.com";
$email = "From: " . $email . "\r\n";
$subject = "" . $subject . "\r\n";
$comment = "" . $comment . "\r\n";
mail($to,$subject,$comment,$email);
echo "good";
}
else {
"bad";
}
?>

It is not working, because you never check if an error occurred, you are only checking if the fields are not empty before you send the mail.
The simplest way to fix it is replacing
if($_POST['name']!="" && $_POST['email']!="" && $_POST['comment']!="" && $_POST['subject']!="") {
with
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $nameErr === '' && $emailErr === '' && $commentErr === '' && $subjectErr === '') {
There is no no need to check for empty fields again, you have already done it before, so you just need to check if you are POSTing the form and if all errors are empty.
Some advice on how to generally improve your code:
1) Do not handle the HTTP POST in two positions (once above the form and once below). Merge it together in one PHP code block.
2) At least make sure that the user can't re-submit a successful form by reloading the site. After a successful submit, redirect the page. Something like this:
mail($to,$subject,$comment,$email);
header('Location:' . $_SERVER['REQUEST_URI'] . '?status=ok');
exit();
3) separate your HTML from your PHP or you will end up with a huge file which gets hard to maintain. Put your HTML form in a separate file and include it.
Although imho the nicest solution for a form is to sanitize in in JavaScript, submit it via AJAX (with angular, react, jQuery, whatever), handle it (and sanitize the data again) in PHP, send a 4xx HTTP header on error and return the error messages as a JSON object, which you then use in JavaScript.

How to make autoresponse email for custom optin form

I am using a custom optin form on My lead page
I want to add an autoresponse confirmation email to be sent to everyone who submits the form. Here is code currently being used in mail-script.php.
<?php
/* Set e-mail recipient */
$myemail = "email#gmail.com";
/* Check all form inputs using check_input function */
$fname = check_input($_POST['fname'], "Enter your first name");
$lname = check_input($_POST['lname'], "Enter your last name");
$email = check_input($_POST['email']);
$phone = check_input($_POST['phone']);
$altphone = check_input($_POST['altphone']);
$resort = check_input($_POST['resort']);
$amount = check_input($_POST['amount']);
$call = check_input($_POST['call']);
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email))
{
show_error("E-mail address not valid");
}
/* If URL is not valid set $website to empty */
if (!preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i", $website))
{
$website = '';
}
/* Lets Save in txt file */
$text = "$fname\n$lname\n$email\n$phone\n$resort\n$amount\n$call\n\n";
file_put_contents('secretfilenae.txt', $text, FILE_APPEND);
/* Let save in cvs file */
$fields = array($fname,$lname,$email,$phone,$resort,$amount,$call);
$fp = fopen('secretfilenae.csv', 'a');
fputcsv($fp, $fields);
fclose($fp);
/* Let's prepare the message for the e-mail */
$message = "Hello!
Your contact form has been submitted by:
First Name : $fname
Last Name : $lname
E-mail: $email
Phone : $phone
Alt Phone : $altphone
Resort: $resort
Amount: $amount
Call : $call
End of message
";
/* Send the message using mail() function */
mail($myemail, $subject, $message);
/* Redirect visitor to the thank you page */
header('Location: index.html');
exit();
/* Functions we used */
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>
if (strtolower($_POST['code']) != 'mycode') {die('Wrong access code');}
<html>
<body>
<b>Please correct the following error:</b><br />
<?php echo $myError; ?>
</body>
</html>
<?php
exit();
}
?>

Use the php mail() function:
mail($myEmail, $headerForEmail, $message);

php form validation required fields

I have a php form that i'm trying to make required fields for but I cannot seem to get it to work right and I know its something i'm missing. I just need to make the form require $name $bank $email and $phone.
<?php
/* Set e-mail recipient */
$myemail = "email#email.com";
/* Check all form inputs using check_input function */
$name = check_input($_POST['name'], "Enter your name");
$bank = check_input($_POST['bank'], "Enter your name");
$email = check_input($_POST['email']);
$phone = check_input($_POST['phone']);
$headphones = check_input($_POST['headphones']);
$subject = "Allied Affiliated Funding - Bose Landing Page Form Submission";
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email))
{
show_error("E-mail address not valid");
}
/* Let's prepare the message for the e-mail */
$message = "Hello!
Your contact form has been submitted by:
Name: $name
Bank: $bank
E-mail: $email
Phone: $phone
Head Phones: $headphones
End of message
";
/* Send the message using mail() function */
mail($myemail, $subject, $message);
/* Redirect visitor to the thank you page */
if($_POST['headphones'] == Yes){
header("Location: landing1/thank-you-bose.html");
}
else {
header("Location: landing1/thank-you.html");
}
exit();
/* Functions we used */
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>
<html>
<body>
<b>Please correct the following error:</b><br />
<?php echo $myError; ?>
</body>
</html>
<?php
exit();
}
?>
I have looked at several different tutorials on how to complete this but none of the solutions seem to be working.

I think your problem is at this line
if($_POST['headphones'] == Yes){
It needs to be
if($_POST['headphones'] == "Yes"){
You dont have a variable named Yes so i think you want to check if the content of headphones is "yes".

.php only sending part of a form to a email address

I'm trying to setup a simple website with a form that sends to a specific email address. The idea is to have a few different things to be sent in an email, like: first and last name, age, email, city, subject (which is a dropdown menu with a few different options) and then finally a comment box.
I've actually spent the last 14 hours reading and looking up a way of how to get the PHP script to work properly so that the form will be send. But for some reason I just can't figure it out.
I just cant seem to get the form to send with everything included that I require to be included. Could somebody point me out why the below code doesn't work?
<?php
/* EMAIL RECIPIENT */
$myemail = "name#example.com";
/* Functions we used */
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
/* Check all form inputs using check_input function */
$formName = check_input ($_POST['formName'], "Please enter your First Name");
$formSurname = check_input ($_POST['formSurname'], "Please enter your First Name");
$formAge = check_input ($_POST['formAge'],);
$formEmail = check_input ($_POST['formEmail'], "Please enter your email so we can get back to you");
$formIntent = check_input ($_POST['formIntent'], "Pleas choose a reason for why contact us");
$formIntent = " (MYFORM) " . $formIntent;
$formComment = check_input ($_POST['formComment']);
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $formEmail))
{
show_error("E-mail address not valid");
}
/* The layout for the email and how it will be set up for reading the email. */
$message = "Hello!
Your contact form has been submitted by:
Name: $formName
Age: $formAge
City: $formCity
Email: $formEmail
Comment: $formName
The reason for contact with Mistral is: $formIntent
Comment: $formComment
End of message.
";
/* Send the message using the mail() function */
mail($myemail, $subject, $message);
/* Redirect visitors to the thank you page */
header('Location: ../thanks.html');
function show_error($myError)
{?>
<html>
<body>
<b>Please correct the following error:</b><br />
<?php echo $myError; ?>
</body>
</html>
<?php
exit();
}
?>

Well, you validate $_POST['formSurname'] but then you never use it. Similarly, you output $formCity in your $message but you never defined it.
This is most likely the cause of your problems.

Categories