PHP - set session variable on form submit - php

I have a form on my page, and I want to send the user to the 'private' part of the page when they've submitted the form.
I want to achieve this by using sessions, but I can't find out how to set a session variable when the form is submitted. This is because the form action is an external page, and when it has been submitted it gets sent back to the page where the form is. The problem is however that I cannot catch that with HTTP_REFERER because it's an https page.
So i have no idea how to do this. Anybody? Thx!

A couple ways I can think of doing this:
Send the form to a local page that sets the session variable and then fopen()'s the remote page. Here's a post describing how to send POST data with PHP streams.
Use AJAX and the onbeforesubmit JavaScript hook. Basically, when the user clicks submit, cancel the form submission, send your AJAX request to your own server, then when it returns, submit the form. Make sure to disable the form submit button when you do this, as it could take some time for the round trip to your server.

Related

PHP Script that sends an Email when users press on SUBMIT button in the form

I have a submission form, and I wrote a PHP script to make form send an email with input data that the user inserts it in the fields of the form
Now I put the PHP code in the same file of HTML and CSS, I mean that the HTML, CSS and PHP in the same file
When I put the file in the CMS, that what happened to the page, you could see what happen from here: https://www.hochikiamerica.com/acd-landing-2
PHP Script and HTML code of the form
https://github.com/Mstava/FreelancerProject/blob/master/formScript.php
Now, I need to know where to put the PHP code in the HTML file to avoid this
and How to ensure that code is working and it sends the Email
When you click on submit your form action takes you to action_page.php That's where you should read your post variables and send the email. Take a look at this post I wrote several years ago blue host email
A common misconception is that additional PHP can be run upon the user doing something (i.e. clicking submit button). Not the case. When the page has been rendered, no further PHP on that page can be executed.
So, what to do?
You have two options:
(1) You can create a second page (action_page.php or some name), that is specified on the action= attribute of the form tag. That additional page will receive the data the user typed in, via PHP variables $_POST (if method="post") or via $_GET if method=get, and you can then use that data to send the contact form, and either display new data to the user or send the user back to the original page. Of course, you may need additional PHP to acknowledge the form has been sent, etc - and this additional code will need to handle both the case where the user is visiting the page for the first time, and when the contact form has been sent and the user is seeing the page for the second time.
(2) You can use AJAX (javascript/jQuery) to grab the form data, send it to a secondary PHP file, which will receive the data via the $_POST/$_GET variables, send the email, and return a response back to the first page.
These days, mostly we use the second method, because it is much more powerful. For one, the user remains on the same page. For another, there is no page refresh. For another, your javascript can do other things after the form has been sent.
AJAX is actually pretty simple - just do a google search for YouTube videos on creating a login system with PHP and AJAX. You should be able to find one of around 10 mins or less that explains all you need to know to send your contact form, and send feedback back to the calling page.
Here is a 5-minute YouTube tutorial that will show you the basics:
Install a simple PHP and Ajax login system

PHP - return the same page with changes

I have html page where you can insert some information and then submit this form, which will change information in database. I do it normally, that submit button call php file in server.
But what I want, is that this php file will return to me the same html page of which I sent request, with modified changes. e.g: there will be "Database update successfully" text added etc.
How can I do it without AJAX ?
Thanks
In the PHP file, do a call to the header() function to redirect the user. For example:
header('Location: url.php');
To change the content of that page they are redirected to, you could pass something in the URL that your page will check for. For example:
header('Location: url.php?submitted=1');
There are other ways to implement this, but this seems the most straightforward to me. Note that you don't want to call header() until the end of your submission page.
Use POST/REDIRECT/GET
Excerpt:
The user submits the form
This is pretty straight forward. The user completes the form and submits it by pressing the submit button or enter on their keyboard.
We store the form data in a session
After processing the data we discover an error so we need to redisplay the form with an error message but we also want to populate
it with their data so they don't have to refill the entire form just
to fix potentially one little mistake. So we store their data in a
session ($_SESSION). Session variables carry over from page-to-page
for as long as the session is valid or until they are deleted. This is
an ideal place to put their information since redirecting will cause
their information to be immediately discarded by the server.
We redirect the user back to the same page using a 303 redirect
Once we have saved the user's information in their session we need to redirect them back to the same page. In order for this to work
properly we need to use a 303 redirect. This means we need to send a
303 header with our redirect. A 303 redirect will cause the browser to
reload the page without the initial HTTP POST request to be
resubmitted. This includes when the user uses the back or refresh
buttons.
We re-populate the form using the data stored in the session
When the page is sent to the user we re-populate it with their information we saved in their session.
Only by generating the whole page in CGI first, unless you go through some horribly convoluted method of getting value of one of the fields to be set to document.innerHTML or something like that in Javascript. But you'll go through hell to get the quoting issues resolved. Use AJAX, it was created for precisely this purpose and exactly to avoid the utter hell associated with what you need.
Alternatively: the "modified piece" of the page may be an iframe, and you can set the target attribute of the form, so that the PHP returns only the iframe content.

using recaptcha with external form submit url

I'm trying to use recaptcha to prevent spam on my form that submits to a salesforce url.
The recaptcha instructions say to include the verification functionality in a my internal form-checking. Because the form is submitted to salesforce though, I'm not sure where this code should go...or how to work around submitting the form responses to salesforce if the captcha is entered correctly, and how to re-display the form if it isn't. help?
If you mean that the form's action takes the user to an external site upon submission, you either need to check the captcha with javascript/ajax, or create a man-in-the-middle page to handle validation and redirection (if everything is valid). Both will give you the ability to kick the user back to the form if something isn't right.
just save cookie to temp file, and resubmit form with curl and set cookies with previous temp file

How to send form errors back to the form via $_POST when redirected for processing

I have a form in contact.php with a considerable amount of inputs.
this form will be mailed using the php mail() function providing the captcha is correct and the input values follow the regex.
the action for the form is "mailer.php" and the method is post
on the mailer.php, validation is checked and captcha verification etc. But if the user enters the wrong captcha, they are redirected back to the form.
Where ALL the data they just entered is CLEARED!
I used to redirect with a query string and the$_GET array.
But I cant do that for this form as there is a lot of data including many textareas etc.
So how can I send this data back to the form on error?
You could store the user input information as $_SESSION variables. Dont forget to include session_start(); to initiate the session.
You should design the flow like :-
form (accepting a set of default values)
when user submit the form to mailer.php
necessary checking
if success, proceed to mail
complete then redirect to whatever place
if fail
require the form again
pass the $_POST as the default values
Basically, don't do redirect when fail (only upon success)

How to handle browser back button for dynamic content

I'm writing a PHP app which presents people with a form to fill out and submit.
Once the user submits the form, things change in the database and the form should become inaccessible to the user.
If, however, the user presses the back button after submitting the form, they can see it again. I have code in the back end to prevent a user from being able to re-submit an already submitted form, however ideally if the user presses the back button, they will get the same message as if they were to just navigate to it outright: A message is shown on the screen saying that this form has already been submitted and is now unavailable.
Aside from an AJAX call to the back-end to check if the form has already been submitted, and redirect the user to the "form submitted and now unavailable" message, is there any other (better?) way of handling this?
Since this will only be used internally on a SOE, I only need it to work on IE8+.
You can consider adding this information to session/cookie. Alternatively if you have authentication system, you can store this information in the database.
Probably the first option is easier and sufficient.
so basically before displaying the form you check if the cookie alreadySubmitted is 1. If yes - error message, otherwise - form. When you submit the form, just set this cookie to alreadySubmitted.
However be aware, that if someone deletes cookie, he will be able to trick your system.

Categories