I am trying to change the password from the user logged in. On the page it says the password was changed, but it does not change, not on the database and not at all. I have trying logging in with the new password, but just the old one remains to login. I did refreshed the page and everything. I am trying this for a couple of days and I wonder if someone would kindly spot my error. Tonight I thought it could be because the password is encrypted with md5 on the database. How would I proceed as I already tried a few things and do not work.
error_reporting(E_ALL); ini_set("display_errors","On");
<?php include "includes/connection.php" ?>
<?php
session_start();
if(#$_REQUEST["Submit"]=="Update")
{
$sql="update users set password ='$_REQUEST[newpassword]' where user='$_SESSION[myusername]'";
if (!mysql_query($sql)) die('err: PROBLEM IN QUERY: '.mysql_error());
header("Location:changpass.php?msg=updated");
}
else
die('err: PROBLEM IN REQUEST');
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Change password</TITLE>
<script language="javascript" type="text/javascript">
function validate()
{
var formName=document.frm;
if(formName.newpassword.value == "")
{
document.getElementById("newpassword_label").innerHTML='Please Enter New Password';
formName.newpassword.focus();
return false;
}
else
{
document.getElementById("newpassword_label").innerHTML='';
}
if(formName.cpassword.value == "")
{
document.getElementById("cpassword_label").innerHTML='Enter ConfirmPassword';
formName.cpassword.focus();
return false;
}
else
{
document.getElementById("cpassword_label").innerHTML='';
}
if(formName.newpassword.value != formName.cpassword.value)
{
document.getElementById("cpassword_label").innerHTML='Passwords Missmatch';
formName.cpassword.focus()
return false;
}
else
{
document.getElementById("cpassword_label").innerHTML='';
}
}
</script>
<style type="text/css">
<!--
.style1 {font-weight: bold}
.style7 {
color: yellow;
font-size: 24px;
}
.style9 {
color: #FF6666;
font-weight: bold;
}
.style12 {
color: #666666;
font-weight: bold;
}
.style14 {color: #CC0033; font-weight: bold; }
-->
</style>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
</HEAD>
<BODY>
<form action="changpass.php" method="post" name="frm" id="frm" onSubmit="return validate();">
<table width="47%" border="1" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" align="center"></td>
</tr>
<tr bgcolor="#666666">
<td colspan="2"><span class="style7">Change Password</span></td>
</tr>
<?php if(isset($_REQUEST['msg']) && $_REQUEST['msg'] == 'updated') { ?>
<tr bgcolor="#666666">
<td colspan="2"><span class="style7">Password has been changed successfully.</span></td>
</tr>
<?php } ?>
<tr>
<td bgcolor="#CCCCCC"><span class="style14">New Password:</span></td>
<td bgcolor="#CCCCCC"><input type="password" name="newpassword" id="newpassword" size="20" autocomplete="off"/> <label id="newpassword_label"
class="level_msg"></td>
</tr>
<tr>
<td bgcolor="#CCCCCC"><span class="style14">Confirm Password:</span></td>
<td bgcolor="#CCCCCC"><input type="password" name="cpassword" id="cpassword" size="20" autocomplete="off"> <label id="cpassword_label"
class="level_msg"></td>
</tr><tr bgcolor="#666666"><td colspan="2" align="center"><input type="submit" name="Submit" value="Update" /></td>
</tr></table>Home</form></BODY></HTML>`
I enhanced your code:
<?php
if ($_REQUEST['Submit'] == "Update")
{
$sql = "UPDATE `users` SET `password`='".$_REQUEST['newpassword']."' WHERE `user`='".$_SESSION['myusername']."'";
mysql_query($sql);
header("Location: changpass.php?msg=updated");
exit;
}
?>
To use this code make sure following:
1) You are having correct Submit button, example is following:
<input type="submit" name="Submit" value="Update" />
2) You are having correct password field, example is following:
<input type="password" name="newpassword" value="" />
3) Session has to be set under key myusername
4) Make sure your table fields and names are okay. Do more debugging.
If this still won't solve, add form code for further investigation.
EDIT
Here is interpretation of this code with for some basic debugging purposes that might help:
<?php
if (isset($_REQUEST['Submit']) && $_REQUEST['Submit'] == "Update")
{
if (!isset($_SESSION['myusername'])) trigger_error("DEBUG: SESSION VARIABLE IS NOT SET");
if (!isset($_REQUEST['newpassword']) || empty($_REQUEST['newpassword'])) trigger_error("DEBUG: NEW PASSWORD IS NOT GIVEN");
$sql = "UPDATE `users` SET `password`='".mysql_real_escape_string($_REQUEST['newpassword'])."' WHERE `user`='".mysql_real_escape_string($_SESSION['myusername'])."'";
$qw = mysql_query($sql);
if (!$qw) trigger_error("DEBUG: MYSQL RESPONDED WITH ERROR - ".mysql_error());
header("Location: changpass.php?msg=updated");
exit;
}
?>
UPDATE: Debugging step #1
Change a code in your php file to this and tell us if any error messages show up.
if(#$_REQUEST["Submit"]=="Update")
{
$sql="update users set password ='$_REQUEST[newpassword]' where user='$_SESSION[myusername]'";
if (!mysql_query($sql)) die('err: PROBLEM IN QUERY: '.mysql_error());
header("Location:changpass.php?msg=updated");
}
else
die('err: PROBLEM IN REQUEST');
Related
I want go to another page if the condition allowed. But when i submit the button it just like refresh the page. it doesn't direct to another page.
I have already read another question remain same but did not change.
Here is my code :
<?php
session_start();
if(isset($_POST['login']))
{
$nik = $_POST['nik'];
$pswd = $_POST['pswd'];
if ((empty($nik)) or (empty($pswd)))
echo "Data masih ada yang kosong<br/><br/>";
else
{
include("sss_connection.php");
$connection = mysql_connect($server,$user,$pass);
$db = mysql_select_db("skripsi");
if(!$connection)
{
echo "Database belum terkoneksi<br/><br/>";}
elseif(!$db)
{
echo "Database Tidak Ada<br/><br/>";}
else
{
$sql1 = "select count(*) as cek,kd_jabatan from datakaryawan where nik='".$nik."' and password='".$pswd."'";
//$exec = mysql_query($sql1);
$ambil_data = mysql_query($sql1);
if ($data = mysql_fetch_array($ambil_data))
{
$cek = $data["cek"];
$jabatan = $data["kd_jabatan"];
}
if(($jabatan) == 0)
{
echo "Anda gagal Login, NIK / Password salah<br/><br/>";
}
else
{
header("Location: sss_header.php");
}
}
}
}?>
And here is my html code :
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post">
<div style="float:left;margin-left:35%;margin-top:5%;">
<center><strong><font size="6">Login</font></strong></center>
</br></br>
<table style="float:left;margin-left:5%;">
<tr>
<td width=84>NIK</td>
<td width=10>:</td>
<td width=30><input type="text" name="nik" size=30 onkeypress="return isNumber(event)" style="width: 217px" autofocus></td>
</tr>
<tr>
<td width=70>Password</td>
<td width=10>:</td>
<td width=30><input type="password" name="pswd" size=30 style="width: 217px"></td>
</tr>
</table><blockquote><blockquote><br/><br/>
<input type="submit" value="Login" name="login" style="float:left; margin-left:45px; margin-top:12px;">
<input type="submit" value="Daftar" name="daftar" style="float:left; margin-left:26px; margin-top:12px;">
<input type="reset" value="Clear" style="float:left; margin-left:26px; margin-top:12px;">
</form>
</div>
<div style="float:left;margin-left:35%;margin-top:5%;">
</div>
</body>
</html>
you have to specified the action attribute on your form tag, should be like this:
<form method="post" action="anotherplace.php">
I have problem with update my password from MD5 I don't get any errors but they didn't update !
here's my code .. I saw the questions about MD5 in Stackoverflow. and adding more row but unfortunately I can't update my passwords. there's a lot problems I know but I can't find them
<?php
$_SESSION["sess_user"] = "24";
include "config.php";
mysql_select_db("user_registration",$con);
if(isset($_POST['submit']))
{
$cur_password=$_POST['currentPassword'];
if(count($_POST)>0) {
$result = mysql_query("SELECT * FROM users WHERE id ='" . $_SESSION["sess_user"] . "' AND passwords = '".MD5($cur_password)."'");
$row=mysql_fetch_array($result);
if($row['passwords'] == MD5($cur_password)) {
mysql_query("UPDATE users SET passwords ='" . md5($_POST["newPassword"]) . "' WHERE id ='" . $_SESSION["sess_user"] . "'");
$message = "Password Changed";
} else $message = "Current Password is not correct";
}
}
?>
<html>
<head>
<title>Change Password</title>
<link rel="stylesheet" type="text/css" href="styles.css" />
<script>
function validatePassword() {
var currentPassword,newPassword,confirmPassword,output = true;
currentPassword = document.frmChange.currentPassword;
newPassword = document.frmChange.newPassword;
confirmPassword = document.frmChange.confirmPassword;
if(!currentPassword.value) {
currentPassword.focus();
document.getElementById("currentPassword").innerHTML = "required";
output = false;
}
else if(!newPassword.value) {
newPassword.focus();
document.getElementById("newPassword").innerHTML = "required";
output = false;
}
else if(!confirmPassword.value) {
confirmPassword.focus();
document.getElementById("confirmPassword").innerHTML = "required";
output = false;
}
if(newPassword.value != confirmPassword.value) {
newPassword.value="";
confirmPassword.value="";
newPassword.focus();
document.getElementById("confirmPassword").innerHTML = "not same";
output = false;
}
return output;
}
</script>
</head>
<body>
<form name="frmChange" method="post" action="" onSubmit="return validatePassword()">
<div style="width:500px;">
<div class="message"><?php if(isset($message)) { echo $message; } ?></div>
<table border="0" cellpadding="10" cellspacing="0" width="500" align="center" class="tblSaveForm">
<tr class="tableheader">
<td colspan="2">Change Password</td>
</tr>
<tr>
<td width="40%"><label>Current Password</label></td>
<td width="60%"><input type="password" name="currentPassword" class="txtField"/><span id="currentPassword" class="required"></span></td>
</tr>
<tr>
<td><label>New Password</label></td>
<td><input type="password" name="newPassword" class="txtField"/><span id="newPassword" class="required"></span></td>
</tr>
<td><label>Confirm Password</label></td>
<td><input type="password" name="confirmPassword" class="txtField"/><span id="confirmPassword" class="required"></span></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td>
</tr>
</table>
</div>
</form>
</body></html>
The following code worked perfectly before I put them into functions but I cannot figure out how to get this form to work correctly using the functions I created. I know I need to pass variables and create some proper main logic but I really don't know where to go from here. The end product should look something like this form: guestbookonescript
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
<title>Guestbook</title>
<meta charset="ISO-8859-1">
</head>
<?php
function check(){
$userErr = $emailErr = $noteErr = "";
$user = $email = $note = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["user"]))
$userErr = "Please fill out a name.";
else
$user = $_POST["user"];
if (empty($_POST["email"]))
$emailErr = "Please fill out an email.";
else
$email = $_POST["email"];
if (empty($_POST["note"]))
$noteErr = "Please give us your comments.";
else
$note= $_POST["note"];
}
}
function display(){
print<<<TABLE_BLOCK
<h2>Please Sign Our Guestbook</h2>
<form method="post" action="mock.php">
<table>
<tr>
<td>Name:</td><td><input type="text" size="34" name="user" value="" /><span class="error"><br> $userErr</span></td>
</tr>
<tr>
<td>Email: </td><td><input type="text" size="34" name="email" value="" /><span class="error"><br> $emailErr</span></td>
</tr>
<tr>
<td valign="top">Comments: </td><td><textarea rows="5" cols="25" name="note"> </textarea><span class="error"><br> $noteErr</span></td>
</tr>
<tr>
<td></td><td></td>
</tr>
<tr>
<td></td><td align="right"><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
TABLE_BLOCK;
}
function result(){
print<<<TABLE_BLOCK
<h2>Your Input:</h2>
<table>
<tr>
<td>Name:</td><td>$user</td>
</tr>
<tr>
<td>Email: </td><td>$email</td>
</tr>
<tr>
<td valgin="top">Comments: </td><td>$note</td>
</tr>
</table>
TABLE_BLOCK;
}
if(isset($_REQUEST['submit']))
check();
else
display();
result();
?>
</body>
What Alon is trying to say is that all of your variables are caught in the local scope, to avoid this, you need tell the offending variables that they belong in the global scope. Technically, you don't need to initialize them first, but it's good practice.
Note, you need to ensure that your variables are in the global scope in each function you're using them in.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
<title>Guestbook</title>
<meta charset="ISO-8859-1">
</head>
<?php
$userErr = $emailErr = $noteErr = "";
$user = $email = $note = "";
function check(){
global $user, $email, $note;
global $userErr, $emailErr, $noteErr;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["user"]))
$userErr = "Please fill out a name.";
else
$user = $_POST["user"];
if (empty($_POST["email"]))
$emailErr = "Please fill out an email.";
else
$email = $_POST["email"];
if (empty($_POST["note"]))
$noteErr = "Please give us your comments.";
else
$note = $_POST["note"];
}
}
function display(){
global $userErr, $emailErr, $noteErr;
print<<<TABLE_BLOCK
<h2>Please Sign Our Guestbook</h2>
<form method="post" action="/">
<table>
<tr>
<td>Name:</td><td><input type="text" size="34" name="user" value="" /><span class="error"><br> $userErr</span></td>
</tr>
<tr>
<td>Email: </td><td><input type="text" size="34" name="email" value="" /><span class="error"><br> $emailErr</span></td>
</tr>
<tr>
<td valign="top">Comments: </td><td><textarea rows="5" cols="25" name="note"> </textarea><span class="error"><br> $noteErr</span></td>
</tr>
<tr>
<td></td><td></td>
</tr>
<tr>
<td></td><td align="right"><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
TABLE_BLOCK;
}
function result(){
global $user, $email, $note;
print<<<TABLE_BLOCK
<h2>Your Input:</h2>
<table>
<tr>
<td>Name:</td><td>$user</td>
</tr>
<tr>
<td>Email: </td><td>$email</td>
</tr>
<tr>
<td valgin="top">Comments: </td><td>$note</td>
</tr>
</table>
TABLE_BLOCK;
}
if(isset($_REQUEST['submit']))
check();
display();
result();
?>
</body>
You need to define variables that was declared outside the function as global. Put this line at start of your function, after function result(){
global $user,$email,$note;
note that variables declared inside the function scope will be deleted after the function execution. you need to declare $user,$email,$note ouside check() (and just declare them as global inside check())
I am trying to add ReCaptcha into a mail form that I created which is intended for sharing content,
but for some reason the captcha is not being validated when I hit "submit", meaning that even if you enter a wrong text in the captcha, the form will still send the email.
I am using joomla 2.5.8, the recaptcha plugin is enabled (although I don't think it is being intialized since I added the recaptchalib.php myself and I am including the ref to the publickey and privatekey inside the mail form code).
Any help would be very much appreciated!
Thank you!!
here is the code:
<?php require_once('recaptchalib.php'); ?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script language="javascript" type="text/javascript">
function validateEmail($email)
{
var emailReg = /^([\w-\.]+#([\w-]+\.)+[\w-]{2,4})?$/;
if( !emailReg.test( $email ) )
{
return false;
}
else
{
return true;
}
}
function validateForm()
{
var form = document.mailForm;
if (form.recipient.value == "" || validateEmail(form.recipient.value)==false)
{
alert("bad email");
return false;
}
if (form.subject.value == "")
{
alert("please enter subject");
return false;
}
if (form.content.value == "")
{
alert("please enter massage");
return false;
}
<?php
$privatekey = "privatekey";
$resp = recaptcha_check_answer($privatekey,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]); ?>
if (!$resp->is_valid)
{
alert("try again");
return false;
}
return true;
}
</script>
<?php
if($this->success=='1')
{
echo JText::_('MAIL_SEND_SUCCESSFULLY');
}
elseif($this->success=='0')
{
echo JText::_('MAIL_SEND_FAILED');
}
?>
<div id="SendMail">
<h2>send mail</h2>
<form action="index.php" name="mailForm" method="post" onsubmit="return validateForm()">
<table>
<tr>
<td><label><?php echo JText::_('MAIL_SEND_TO'); ?>:</label></td>
<td><input type="text" name="recipient" size="25" value=""/></td>
</tr>
<tr>
<td><label><?php echo JText::_('MAIL_SUBJECT'); ?>:</label></td>
<td><input type="text" name="subject" size="25" value=""/></td>
</tr>
<tr>
<td><label><?php echo JText::_('MAIL_MESSAGE'); ?>:</label></td>
<td>
<textarea name="content" rows="10" cols="40"></textarea>
<br/><?php echo JText::_('MAIL_DESC'); ?>
</td>
<tr>
<td><?php $publickey = "public key"; ?></td>
<td><?php echo recaptcha_get_html($publickey);?></td>
</tr>
</table>
<p>
<input type="hidden" name="controller" value="mail" />
<input type="hidden" name="task" value="sendMail" />
<div class="button-mail">
<input style="width: 50px;height: 25px;" type="submit" name="submit" value="<?php echo JText::_('SEND'); ?>"/>
<a href="javascript: void window.close()" title="Close Window"><span style="color: #444;
border: #D5D5D5 1px solid; padding: 4px; width: 50px;height: 25px;"><?php echo JText::_('CLOSE'); ?></span></a>
</div>
</p>
</form>
</div>
You have error in the code. Please look this lne
if (!$resp->is_valid)
{
alert("try again");
return false;
}
Where $resp->is_valid is the PHP but executed as JS.
Correct code would be
if (!<php (int)$resp->is_valid;?>)
{
alert("try again");
return false;
}
But it will not work anyway because of 2.
You cannot check recaptcha code in Javascript validation. It should be checked server side. Or if you want to check with javascript it should be checked with AJAX request to server. That is because you code
<?php
$privatekey = "privatekey";
$resp = recaptcha_check_answer($privatekey,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]); ?>
is executed on form load before even user eneter captcha.
I have the following email form:
<form action="mailer.php" method="post" name="form1" id="form1" onsubmit="MM_validateForm('from','','RisEmail','name','','R','verif_box','','R','message','','R');return document.MM_returnValue">
<table width="500" border="0" cellpadding="2" cellspacing="0" bgcolor="#000000"><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666" >first name (<span class="R">*</span>)</font></td>
<td width="500" align="left"><input type="text" name="name" size="37" border="0" id="name" value="<?php echo $_GET['name'];?>"> </td></tr><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666">last name</font></td>
<td align="left"><input type="text" name="lastname" size="37" border="0" id="lastname" value="<?php echo $_GET['lastname'];?>"> </td></tr><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666">email (<span class="R">*</span>)</font></td>
<td align="left"><input type="text" name="from" size="37" border="0" id="from" value="<?php echo $_GET['from'];?>"> </td>
</tr><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666"></font></td>
<td align="left"><input type=checkbox name="mailinglist" id="mailinglist" value="<?php echo $_GET['mailinglist'];?>"><font face="Verdana" size="3" color="#666666"></font><br> </td></tr><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666">comments (<span class="R">*</span>)</font></td>
<td align="left"><textarea name="message" cols="35" rows="10" border="0" id="message"><?php echo $_GET['message'];?></textarea><br> </td></tr><tr> <td colspan="2"><table cellpadding=5 cellspacing=0 bgcolor="#000000" width="100%"><tr bgcolor="#000000">
<td class="label" colspan="2"><font color="#cccccc" face="Verdana" size="2"><b>Image Verification</b></font></td></tr><tr>
<td> <input name="verif_box" type="text" id="verif_box" style="padding:2px; border:1px solid #CCCCCC; width:80px; height:14px;"/> <img src="verificationimage.php?<?php echo rand(0,9999);?>" alt="verification image, type it in the box" width="50" height="24" align="top" /><br />
<br />
<!-- if the variable "wrong_code" is sent from previous page then display the error field -->
<?php if(isset($_GET['wrong_code'])){?>
<div style="border:1px solid #990000; background-color:#D70000; color:#FFFFFF; padding:4px; padding-left:6px;width:295px;">Wrong verification code</div><br />
<?php }?>
</td><td class="field" valign="bottom">
<div><input name="Submit" type="submit" style="margin-top:10px; display:block; border:1px solid #000000; width:100px; height:20px;font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px; padding-left:2px; padding-right:2px; padding-top:0px; padding-bottom:2px; line-height:14px; background-color:#EFEFEF;" value="Send Message"/>
<input type="reset" class="btn" value=" clear " name="Clear" border="0" style="margin-top:10px; display:block; border:1px solid #000000; width:100px; height:20px;font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px; padding-left:2px; padding-top:0px; padding-bottom:2px; line-height:14px; background-color:#EFEFEF;">
</td></tr></table></td></tr></table></form>
and the following code in my mailer.php
// check to see if verificaton code was correct
if(md5($verif_box).'a4xn' == $_COOKIE['tntcon']){
// if verification code was correct send the message and show this page
mail("myemail#gmail.com", 'Online Form: '.$subject, "\n".$message." \n\n".$name."\n\n".$lastname."\n\n".$from."\n\n".$_SERVER['REMOTE_ADDR']."\n\n".'mailinglist: '.$mailinglist, "From: $from");
// delete the cookie so it cannot sent again by refreshing this page
setcookie('tntcon','');
} else if(isset($message) and $message!=""){
// if verification code was incorrect then return to contact page and show error
header("Location: http://{$_SERVER['HTTP_HOST']}".dirname($_SERVER['PHP_SELF'])."contactform.php?subject=$subject&email=$email&message=".urlencode($message)."&wrong_code=true");
exit;
} else {
echo "no variables received, this page cannot be accessed directly";
exit;
}
?>
For some reason I receive emails when the verification code is correct, but the "wrong code warning" will not show up when the wrong verification code is entered.
Can someone help me please? I am new to php and it has taken me a long time just to get this to work. When the wrong verification code is entered, all that happens is that a blank mailer.php is called in the browser.
**sorry, not sure why the code copied in so many different windows.
The best idea would be to actually put the contents of mailer.php inside of contactform.php, so you wont need any redirects, no URL full of variables, no nothing.
The outcome of this would be something along the lines of:
<?php
$state = 0;
// check to see if verificaton code was correct
if(md5($verif_box).'a4xn' == $_COOKIE['tntcon']){
// if verification code was correct send the message and show this page
mail("myemail#gmail.com", 'Online Form: '.$subject, "\n".$message." \n\n".$name."\n\n".$lastname."\n\n".$from."\n\n".$_SERVER['REMOTE_ADDR']."\n\n".'mailinglist: '.$mailinglist, "From: $from");
// delete the cookie so it cannot sent again by refreshing this page
setcookie('tntcon','');
$state = 2;
} else if(isset($message) and $message!=""){
// if verification code was incorrect then return to contact page and show error
$state = 1;
}
if ($state == 0) { ?>
<form action="" method="post" name="form1" id="form1" onsubmit="MM_validateForm('from','','RisEmail','name','','R','verif_box','','R','message','','R');return document.MM_returnValue">
<!-- All the form that I dont want to copy paste... -->
</form>
<?php } else if ($state == 1) { ?>
Message for wrong verification code.
<?php } else if ($state == 2) { ?>
Message for email sent.
<?php } ?>
I changed the forms target attribute so it doesnt go to mailer.php and changed the opening php a bit to make it work with this distribution of things. You should change the input code to populate it with the POST data, instead of GET and you would avoid having that nasty looking URL.
In mailer.php, do this:
// check to see if verificaton code was correct
if (md5($verif_box).'a4xn' == $_COOKIE['tntcon']) {
// if verification code was correct send the message and show this page
mail("myemail#gmail.com", 'Online Form: '.$subject, "\n".$message." \n\n".$name."\n\n".$lastname."\n\n".$from."\n\n".$_SERVER['REMOTE_ADDR']."\n\n".'mailinglist: '.$mailinglist, "From: $from");
// delete the cookie so it cannot sent again by refreshing this page
setcookie('tntcon','');
} else if (isset($message) && $message != "") {
// if verification code was incorrect then return to contact page and show error
exit("<html><head><title>Redirect</title><meta http-equiv=\"refresh\" content=\"0;contactform.php?subject=$subject&email=$email&message=".htmlspecialchars(urlencode($message))."&wrong_code=true\" /></head><body>You should be redirected, if you aren't click here.</body></html>");
} else exit("no variables received, this page cannot be accessed directly");