PDA

View Full Version : Mystery code - cant remove these variables

:kj:
04-27-2003, 03:12 AM
I'm not a coder, i'm a designer, this will explain why I have no idea how this works.

I stumbled accross this free PHP form mail script - its cool except the limitation is... Once the form is submited, the results wont show the fields named "name" and "email"

here's the sample form: http://www.dagazsolutions.com/sabrix_new/partners_become_partner3.html

So i tried to remove variables and what not and I cant delete that portion of the script - or, more realistically, I dont know how

PLEASE HELP!


Here's the PHP script:


###########################################################
# CONFIGURE THE FOLLOWING VARIABLES #
###########################################################

// Recipient of message (This can be changed via the form itself)
$recipient = 'kelli@rgbdirect.com';

// Subject of message (This can be changed via the form itself)
$subject = 'Interested in becoming a Sabrix Partner';

// This is a list of domains that can run EZ FormMail. Do not include
// www, just the actual domain/ip address!
$referers = array('dagazsolutions.com', '', '');

// This is the page that users will be redirected to after the form is
// processed successfully.
$success_url = 'http://www.dagazsolutions.com/sabrix_new/partners_thankyou.html';

// Your site URL
$siteurl = 'http://www.dagazsoltions.com';

###########################################################
# DO NOT EDIT BELOW THIS LINE #
###########################################################

function Print_Footer() {
echo '<p><center>DagazSolutions.com <a href="http://www.dagazsolutions.com">http://www.dagazsolutions.com</a>!</center>';
}

function Check_Referer() {
global $referers;
$temp = explode('/', $_SERVER['HTTP_REFERER']);
$referer = $temp[2];
$found = false;
foreach ($referers as $domain) {
if (stristr($referer, $dagazsolutions.com)) { $found = true; }
}
return $found;
}

if ($_POST) {
if (Check_Referer() == false) {
echo '<font size="+1" color="#FF0000">Error: Invalid Referer</font><BR>';
echo 'You are accessing this script from an unauthorized domain!';
Print_Footer();
die();
}
$ctr = 0;

$isname = 0;
$isemail = 0;

foreach ($_POST as $key => $val) {
if ($key == 'name') { $isname = 1; }
if ($key == 'email') { $isemail = 1; }
if (substr($key, 0, 4) == 'req_' || $key == 'name' || $key == 'email') {
if ($val == '') {
if ($ctr == 0) {
echo '<font size="+1" color="#FF0000">Error: Missing Field(s)</font><BR>';
echo 'The following <i>required</i> field(s) were not filled out:<BR>';
}
echo '<BR>- <b>'.substr($key, 4).'</b>';
$ctr++;
}
}
}
if ($ctr > 0) {
echo '<p>Click <a href="javascript:history.go(-1)">here</a> to go back';
Print_Footer();
die();
}
else {
if ($isname == 0) {
echo '<font size="+1" color="#FF0000">Error: Missing Field</font><BR>';
echo 'No "name" field found.<p><a href="'.$siteurl.'">here</a> to return to the home page.';
Print_Footer();
die();
}
elseif ($isemail == 0) {
echo '<font size="+1" color="#FF0000">Error: Missing Field</font><BR>';
echo 'No "email" field found.<p><a href="'.$siteurl.'">here</a> to return to the home page.';
Print_Footer();
die();
}
}

if (!(preg_match("/^.{2,}?@.{2,}\./", $_POST['email']))) {
echo '<font size="+1" color="#FF0000">Error: Invalid E-mail</font><BR>';
echo 'The e-mail address you entered (<i>'.$_POST['email'].'</i>) is invalid.';
Print_Footer();
die();
}

$body = "Below is the result of your feedback form. It was submitted on:\n".date('l, F jS, Y').' at '.date('g:ia').".\n";

foreach ($_POST as $key => $val) {
if ($key == 'recipient') { $recipient = $val; }
elseif ($key == 'subject') { $subject = $val; }
else {
if ($key != 'name' && $key != 'email') {
$body .= "\n".str_replace('req_', '', $key).": $val";
}
}
}
$body .= "\n\n-------- Submission Details --------\n";
$body .= "Remote Address: ".getenv('REMOTE_ADDR')."\n";
$body .= "HTTP User Agent: ".getenv('HTTP_USER_AGENT')."\n\n";
$body .= "--------------------------------------------------\n";
$body .= "Powered by DagazSolutions.com. Available at http://www.DagazSolutions.com!";

$mailheaders = "From: ".$_POST['name']." <".$_POST['email'].">\n";
$mailheaders .= "Reply-To: ".$_POST['email'];

mail($recipient, $subject, $body, $mailheaders);
header("Location: $success_url");
}
else {
echo '<center>You have access this page from an invalid location. Please click <a href="'.$siteurl.'">here</a> to go to '.$siteurl.'.</center>';
}

Print_Footer();
?>

Here is the end result of the form once submitted - everything listed but "name" and "email"

Below is the result of your feedback form. It was submitted on:
Saturday, April 26th, 2003 at 9:59pm.

title: the big *****
company_name:
company_address:
company_address2:
Ccity:
Cpost_zip:
state:
Ccountry:
region: Americas
company_headquartered:
company_url:
company_num_emp:
company_foundedyear:
company_overview:
remLen3: 750
company_revdata:
remLen4: 250
partner_cat_desired:
remLen5: 250
Submit: Submit

-------- Submission Details --------
Remote Address: 12.240.155.68
HTTP User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)

--------------------------------------------------
Powered by DagazSolutions.com. Available at http://www.DagazSolutions.com!
Nightfire
04-27-2003, 03:27 AM
Looks like you have an old version of php. Change $_POST to $HTTP_POST_VARS and $_SERVER to $HTTP_SERVER_VARS
:kj:
04-27-2003, 04:01 AM
would that be everywhere on the file?

so every $_POST i change to $HTTP_POST_VARS ??? - etc...
:kj:
04-27-2003, 04:08 AM
I get this error now...

Error: Invalid Referer - You are accessing this script from an unauthorized domain!

Here's what i did per your suggestion - although i may not have understood

###########################################################
# DO NOT EDIT BELOW THIS LINE #
###########################################################

function Print_Footer() {
echo '<p><center>DagazSolutions.com <a href="http://www.dagazsolutions.com">http://www.dagazsolutions.com</a>!</center>';
}

function Check_Referer() {
global $referers;
$temp = explode('/', $HTTP_SERVER_VARS['HTTP_REFERER']);
$referer = $temp[2];
$found = false;
foreach ($referers as $domain) {
if (stristr($referer, $dagazsolutions.com)) { $found = true; }
}
return $found;
}

if ($HTTP_POST_VARS) {
if (Check_Referer() == false) {
echo '<font size="+1" color="#FF0000">Error: Invalid Referer</font><BR>';
echo 'You are accessing this script from an unauthorized domain!';
Print_Footer();
die();
}
$ctr = 0;

$isname = 0;
$isemail = 0;

foreach ($HTTP_POST_VARS as $key => $val) {
if ($key == 'name') { $isname = 1; }
if ($key == 'email') { $isemail = 1; }
if (substr($key, 0, 4) == 'req_' || $key == 'name' || $key == 'email') {
if ($val == '') {
if ($ctr == 0) {
echo '<font size="+1" color="#FF0000">Error: Missing Field(s)</font><BR>';
echo 'The following <i>required</i> field(s) were not filled out:<BR>';
}
echo '<BR>- <b>'.substr($key, 4).'</b>';
$ctr++;
}
}
}
if ($ctr > 0) {
echo '<p>Click <a href="javascript:history.go(-1)">here</a> to go back';
Print_Footer();
die();
}
else {
if ($isname == 0) {
echo '<font size="+1" color="#FF0000">Error: Missing Field</font><BR>';
echo 'No "name" field found.<p><a href="'.$siteurl.'">here</a> to return to the home page.';
Print_Footer();
die();
}
elseif ($isemail == 0) {
echo '<font size="+1" color="#FF0000">Error: Missing Field</font><BR>';
echo 'No "email" field found.<p><a href="'.$siteurl.'">here</a> to return to the home page.';
Print_Footer();
die();
}
}

if (!(preg_match("/^.{2,}?@.{2,}\./", $HTTP_POST_VARS ['email']))) {
echo '<font size="+1" color="#FF0000">Error: Invalid E-mail</font><BR>';
echo 'The e-mail address you entered (<i>'.$HTTP_POST_VARS ['email'].'</i>) is invalid.';
Print_Footer();
die();
}

$body = "Below is the result of your feedback form. It was submitted on:\n".date('l, F jS, Y').' at '.date('g:ia').".\n";

foreach ($HTTP_POST_VARS as $key => $val) {
if ($key == 'recipient') { $recipient = $val; }
elseif ($key == 'subject') { $subject = $val; }
else {
if ($key != 'name' && $key != 'email') {
$body .= "\n".str_replace('req_', '', $key).": $val";
}
}
}
$body .= "\n\n-------- Submission Details --------\n";
$body .= "Remote Address: ".getenv('REMOTE_ADDR')."\n";
$body .= "HTTP User Agent: ".getenv('HTTP_USER_AGENT')."\n\n";
$body .= "--------------------------------------------------\n";
$body .= "Powered by DagazSolutions.com. Available at http://www.DagazSolutions.com!";

$mailheaders = "From: ".$HTTP_POST_VARS ['name']." <".$HTTP_POST_VARS ['email'].">\n";
$mailheaders .= "Reply-To: ".$HTTP_POST_VARS ['email'];

mail($recipient, $subject, $body, $mailheaders);
header("Location: $success_url");
}
else {
echo '<center>You have access this page from an invalid location. Please click <a href="'.$siteurl.'">here</a> to go to '.$siteurl.'.</center>';
}

Print_Footer();
?>
mordred
04-27-2003, 12:57 PM
I think this line is not doing what you expect:


if (stristr($referer, $dagazsolutions.com)) { $found = true; }
}


That would require a variable $dagazsolutions and a constant named 'com' to work properly - add error_reporting(E_ALL); at the top of your script to see the error. I suppose you want rather something like


if (stristr($referer, 'dagazsolutions.com')) { $found = true; }
}
:kj:
04-28-2003, 05:02 PM
Per your suggestion, this is what I got for Errors:

Warning: Undefined variable: HTTP_SERVER_VARS in /u/web/dagazs/sabrix_new/ez_formmail.php on line 72

Warning: Undefined offset: 2 in /u/web/dagazs/sabrix_new/ez_formmail.php on line 73

Warning: Undefined variable: dagazsolutions in /u/web/dagazs/sabrix_new/ez_formmail.php on line 76

Warning: Use of undefined constant com - assumed 'com' in /u/web/dagazs/sabrix_new/ez_formmail.php on line 76

Warning: Undefined variable: dagazsolutions in /u/web/dagazs/sabrix_new/ez_formmail.php on line 76

Warning: Use of undefined constant com - assumed 'com' in /u/web/dagazs/sabrix_new/ez_formmail.php on line 76

Warning: Undefined variable: dagazsolutions in /u/web/dagazs/sabrix_new/ez_formmail.php on line 76

Warning: Use of undefined constant com - assumed 'com' in /u/web/dagazs/sabrix_new/ez_formmail.php on line 76
Error: Invalid Referer
You are accessing this script from an unauthorized domain!
:kj:
04-28-2003, 05:22 PM
Ok, I reverted to the code before i added what night fire suggested (so the original code at the top of this string)

Then I added what Mordred suggested:

That would require a variable $dagazsolutions and a constant named 'com' to work properly - add error_reporting(E_ALL); at the top of your script to see the error. I suppose you want rather something like


PHP:--------------------------------------------------------------------------------
if (stristr($referer, 'dagazsolutions.com')) { $found = true; }
}

--------------------------------------------------------------------------------


This is now the error that comes up:

Warning: Cannot add header information - headers already sent by (output started at /u/web/dagazs/sabrix_new/ez_formmail.php:2) in /u/web/dagazs/sabrix_new/ez_formmail.php on line 176


Here is line 176

header("Location: $success_url");
}

This is crazy.... is this code that hard to figure out.

Back to my original intent:

I need the "name" and "email" fields to show up once the form has been submitted

Thanks so much for all the suggestions so far

:D
mordred
04-28-2003, 10:31 PM
Warning: Cannot add header information - headers already sent by (output started at /u/web/dagazs/sabrix_new/ez_formmail.php:2) in /u/web/dagazs/sabrix_new/ez_formmail.php on line 176


You are looking at the wrong line for the error; the output has been sent in line 2, not 176. In line 176 this error was only triggered. Look at the line 1 because there's something that get's sent to the browser, even if it's only a linfeed and get rid of that.


Originally posted by :kj:
This is crazy.... is this code that hard to figure out.


Obviously that's exactly the case or you wouldn't ask here. ;)
:kj:
04-29-2003, 12:55 AM
Could you Quote what you are referring to as "line 1"

What should it read

Sorry for the ignorance, but i'm not a coder obviously :)

Note: Check out what NightFire suggested:


Looks like you have an old version of php. Change $_POST to $HTTP_POST_VARS and $_SERVER to $HTTP_SERVER_VARS

I did not do this suggestion, because it gave me so many errors. So I reverted back to the original problem, hopefully all of the most current suggestions from everyone are based on the first post on this thread????
pardicity3
04-29-2003, 03:07 AM
I just had a problem exactly like yours. Luckily, Mordred's tip about where the error is occuring helped me out. Check and see if you aren't echo-ing anything before you send the header. I am pretty sure that once you echo something a header is sent. That was my problem atleast.
mordred
04-29-2003, 10:49 AM
:kj:, with "line 1" I mean exactly the first line in the file where your script is (note: that's not the first line of the script, but really the very first line in the file!).

If the error is indeed what I am suspecting, then it can be quite difficult to spot it because there might not be any obvious output which is reported. Quick example:



<?php
// etc.


In the first line there's nothing. But that means that a blank line is sent through your server to the client, and because headers must be sent prior before general output is sent, the header() function complains further down the script. There must not be any output before invoking the header() function in any case, if you don't use output_buffering in newer PHP versions. This means that no echo(), print() statements maybe used before header() and no HTML, blank lines or sth. like that.

Hope that clears things up a bit. And don' t hesitate to consult the manual about the header() function, there's a lot of interesting and helpful user notes in it.
:kj:
04-29-2003, 05:48 PM
OK... ready for this stupid question???

There are about 18 total fields to this form...

Why does the script only mention 2 of the fields?
"email" and "name"

and those are the two that dont show up once posted???

Is there another code I can use that will do what I want?

I like the Date and time posted feature:

Below is the result of your feedback form. It was submitted on:
Tuesday, April 29th, 2003 at 12:31pm.

and I like the submission details feature:

-------- Submission Details --------
Remote Address: 12.240.155.68
HTTP User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)


Should I keep messing with this code to try and make those two fields show up, or use something else??

thanks everyone :)
mordred
04-29-2003, 08:32 PM
I think your script is specifically designed not to put email and name into the email message (and why do you need it there, it should be in your mail headers anyway?)

Look at this line:


if ($key != 'name' && $key != 'email') {
$body .= "\n".str_replace('req_', '', $key).": $val";
}


So fields that are named "name" or "email" aren't added to the body of the mail message. You could try to omit this if-construct at whole:


foreach ($_POST as $key => $val) {
if ($key == 'recipient') { $recipient = $val; }
elseif ($key == 'subject') { $subject = $val; }
else {
$body .= "\n".str_replace('req_', '', $key).": $val";
}


hth