CODEWITHSUNDEEP
php
Leah
Leah

Reputation: 331

PHP email verification - wrong_code won't call proper action

I have the following email form:

    <form action="mailer.php" method="post" name="form1" id="form1" onsubmit="MM_validateForm('from','','RisEmail','name','','R','verif_box','','R','message','','R');return document.MM_returnValue">


     <table width="500" border="0" cellpadding="2" cellspacing="0" bgcolor="#000000"><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666" >first name (<span class="R">*</span>)</font></td> 

    <td width="500" align="left"><input type="text" name="name" size="37" border="0" id="name" value="<?php echo $_GET['name'];?>"> </td></tr><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666">last name</font></td> 

   <td align="left"><input type="text" name="lastname" size="37" border="0" id="lastname" value="<?php echo $_GET['lastname'];?>"> </td></tr><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666">email (<span class="R">*</span>)</font></td> 

   <td align="left"><input type="text" name="from" size="37" border="0" id="from" value="<?php echo $_GET['from'];?>"> </td>
    </tr><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666"></font></td> 

  <td align="left"><input type=checkbox name="mailinglist" id="mailinglist" value="<?php echo $_GET['mailinglist'];?>"><font face="Verdana" size="3" color="#666666"></font><br> </td></tr><tr valign="top" align="right"> <td nowrap><font face="Verdana" size="3" color="#666666">comments (<span class="R">*</span>)</font></td> 

   <td align="left"><textarea name="message" cols="35" rows="10" border="0" id="message"><?php echo $_GET['message'];?></textarea><br> </td></tr><tr> <td colspan="2"><table cellpadding=5 cellspacing=0 bgcolor="#000000" width="100%"><tr bgcolor="#000000">

   <td class="label" colspan="2"><font color="#cccccc" face="Verdana" size="2"><b>Image Verification</b></font></td></tr><tr>

    <td> <input name="verif_box" type="text" id="verif_box" style="padding:2px; border:1px solid #CCCCCC; width:80px; height:14px;"/>&nbsp;&nbsp;<img src="verificationimage.php?<?php echo rand(0,9999);?>" alt="verification image, type it in the box" width="50" height="24" align="top" /><br />
    <br />

    <!-- if the variable "wrong_code" is sent from previous page then display the error field -->
    <?php if(isset($_GET['wrong_code'])){?>
    <div style="border:1px solid #990000; background-color:#D70000; color:#FFFFFF; padding:4px; padding-left:6px;width:295px;">Wrong verification code</div><br /> 
    <?php }?>


   </td><td class="field" valign="bottom">

  <div><input name="Submit" type="submit" style="margin-top:10px; display:block; border:1px solid #000000; width:100px; height:20px;font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px; padding-left:2px; padding-right:2px; padding-top:0px; padding-bottom:2px; line-height:14px; background-color:#EFEFEF;" value="Send Message"/>

  <input type="reset" class="btn" value="  clear  " name="Clear" border="0" style="margin-top:10px; display:block; border:1px solid #000000; width:100px; height:20px;font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px; padding-left:2px;  padding-top:0px; padding-bottom:2px; line-height:14px; background-color:#EFEFEF;">

  </td></tr></table></td></tr></table></form>

and the following code in my mailer.php

    // check to see if verificaton code was correct
    if(md5($verif_box).'a4xn' == $_COOKIE['tntcon']){
// if verification code was correct send the message and show this page
mail("[email protected]", 'Online Form: '.$subject, "\n".$message." \n\n".$name."\n\n".$lastname."\n\n".$from."\n\n".$_SERVER['REMOTE_ADDR']."\n\n".'mailinglist: '.$mailinglist, "From: $from");
// delete the cookie so it cannot sent again by refreshing this page
setcookie('tntcon','');
    } else if(isset($message) and $message!=""){
// if verification code was incorrect then return to contact page and show error
header("Location: http://{$_SERVER['HTTP_HOST']}".dirname($_SERVER['PHP_SELF'])."contactform.php?subject=$subject&email=$email&message=".urlencode($message)."&wrong_code=true"); 
exit;
    } else {
echo "no variables received, this page cannot be accessed directly";
exit;
}
    ?>

For some reason I receive emails when the verification code is correct, but the "wrong code warning" will not show up when the wrong verification code is entered.

Can someone help me please? I am new to php and it has taken me a long time just to get this to work. When the wrong verification code is entered, all that happens is that a blank mailer.php is called in the browser.

**sorry, not sure why the code copied in so many different windows.

Upvotes: 0

Views: 528

Answers (2)

DaveRandom
DaveRandom

Reputation: 88697

In mailer.php, do this:

// check to see if verificaton code was correct
if (md5($verif_box).'a4xn' == $_COOKIE['tntcon']) {
  // if verification code was correct send the message and show this page
  mail("[email protected]", 'Online Form: '.$subject, "\n".$message." \n\n".$name."\n\n".$lastname."\n\n".$from."\n\n".$_SERVER['REMOTE_ADDR']."\n\n".'mailinglist: '.$mailinglist, "From: $from");
  // delete the cookie so it cannot sent again by refreshing this page
  setcookie('tntcon','');
} else if (isset($message) && $message != "") {
  // if verification code was incorrect then return to contact page and show error
  exit("<html><head><title>Redirect</title><meta http-equiv=\"refresh\" content=\"0;contactform.php?subject=$subject&amp;email=$email&amp;message=".htmlspecialchars(urlencode($message))."&amp;wrong_code=true\" /></head><body>You should be redirected, if you aren't click <a href=\"contactform.php?subject=$subject&amp;email=$email&amp;message=".htmlspecialchars(urlencode($message))."&amp;wrong_code=true\">here</a>.</body></html>");
} else exit("no variables received, this page cannot be accessed directly");

Upvotes: 0

IOrlandoni
IOrlandoni

Reputation: 1828

The best idea would be to actually put the contents of mailer.php inside of contactform.php, so you wont need any redirects, no URL full of variables, no nothing.

The outcome of this would be something along the lines of:

<?php
$state = 0;
// check to see if verificaton code was correct
if(md5($verif_box).'a4xn' == $_COOKIE['tntcon']){
    // if verification code was correct send the message and show this page
    mail("[email protected]", 'Online Form: '.$subject, "\n".$message." \n\n".$name."\n\n".$lastname."\n\n".$from."\n\n".$_SERVER['REMOTE_ADDR']."\n\n".'mailinglist: '.$mailinglist, "From: $from");
    // delete the cookie so it cannot sent again by refreshing this page
    setcookie('tntcon','');
    $state = 2;
} else if(isset($message) and $message!=""){
    // if verification code was incorrect then return to contact page and show error
    $state = 1;
}

if ($state == 0) {  ?>
    <form action="" method="post" name="form1" id="form1" onsubmit="MM_validateForm('from','','RisEmail','name','','R','verif_box','','R','message','','R');return document.MM_returnValue">

    <!-- All the form that I dont want to copy paste... -->

    </form>


<?php } else if ($state == 1) { ?>
       Message for wrong verification code.
<?php } else if ($state == 2) { ?>
       Message for email sent.
<?php } ?>

I changed the forms target attribute so it doesnt go to mailer.php and changed the opening php a bit to make it work with this distribution of things. You should change the input code to populate it with the POST data, instead of GET and you would avoid having that nasty looking URL.

Upvotes: 1

Related Questions