MariaCM
asked on
Form Validation - PHP Variables to URL
I have a validation script that I always use to secure my forms to prevent automatic submissions by bots.
This validation script works as follows:
The individual copies the digits into a textbox that is displayed in an image file, the form is then submitted to a seperate php page that validates the input.
I'm now using another script called Form Tools, this script inserts form submissions into mysql and provides an interface to edit submissions and handle email notifications.
I now need to integrate the two, to prevent automatic submissions into my database. The only problem I have is that I do not know how to pass the variables in the form to the URL if I use a seperate page for validation.
My current script uses the mailto: function, I now need to know how to pass my variables to a URL via PHP and not via the action field in my form:
as in <form name="subscribeform" action="http://www.splice.co.za/forms/process.php" method="post" onSubmit="return CheckAll();"> but using PHP and not html.
This is what my process script looks like:
<?php
// ------------- MAIL & URL CONFIGURABLE SECTION --------------------- //
$mailto = 'email@domain.com';
$subject = "Contact Form" ;
$formurl = "http://www.domain.com/contact_us.php" ;
$errorurl = "http://www.domain.com/error.php";
$imageerrorurl = "http://www.domain.com/imageerror.php";
$thankyouurl = "http://www.domain.com/thankyou.php" ;
// ------------- END OF CONFIGURABLE SECTION ------------------------ //
// ------------- VARIABLE CONFIGURABLE SECTION ---------------------- //
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$comments = $_POST['comments'] ;
$code = $_POST['code'] ;
// ------------- END OF VARIABLE CONFIGURABLE SECTION --------------- //
// define url that indicates where submission comes from
$http_referrer = getenv( "HTTP_REFERER" );
// start PHP session
session_start();
// check for posted form
if (isset($_POST['contact']))
{
// see if the code the user typed matched the generated code
if (strtoupper($_POST['code'] ) != $_SESSION['code'])
{
header("Location: $imageerrorurl");
}
else
{
// process the variables to email
$messageproper =
"This message was sent from:\n" .
"$http_referrer\n" .
"------------------------- FORM SUBMISSION -------------------------\ n\n" .
"Client:\n" .
$name .
"\n" .
"E-mail:\n" .
$email .
"\n" .
"Comment:\n" .
$comments .
"\n" .
"\n\n--------------------- ---------- ---------- ---------- ---------\ n" ;
mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.02" );
header( "Location: $thankyouurl" );
exit ;
}
}
?>
How do I send my variables to a URL instead of mailto: ?
Please Help...
This validation script works as follows:
The individual copies the digits into a textbox that is displayed in an image file, the form is then submitted to a seperate php page that validates the input.
I'm now using another script called Form Tools, this script inserts form submissions into mysql and provides an interface to edit submissions and handle email notifications.
I now need to integrate the two, to prevent automatic submissions into my database. The only problem I have is that I do not know how to pass the variables in the form to the URL if I use a seperate page for validation.
My current script uses the mailto: function, I now need to know how to pass my variables to a URL via PHP and not via the action field in my form:
as in <form name="subscribeform" action="http://www.splice.co.za/forms/process.php" method="post" onSubmit="return CheckAll();"> but using PHP and not html.
This is what my process script looks like:
<?php
// ------------- MAIL & URL CONFIGURABLE SECTION --------------------- //
$mailto = 'email@domain.com';
$subject = "Contact Form" ;
$formurl = "http://www.domain.com/contact_us.php" ;
$errorurl = "http://www.domain.com/error.php";
$imageerrorurl = "http://www.domain.com/imageerror.php";
$thankyouurl = "http://www.domain.com/thankyou.php" ;
// ------------- END OF CONFIGURABLE SECTION ------------------------ //
// ------------- VARIABLE CONFIGURABLE SECTION ---------------------- //
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$comments = $_POST['comments'] ;
$code = $_POST['code'] ;
// ------------- END OF VARIABLE CONFIGURABLE SECTION --------------- //
// define url that indicates where submission comes from
$http_referrer = getenv( "HTTP_REFERER" );
// start PHP session
session_start();
// check for posted form
if (isset($_POST['contact']))
{
// see if the code the user typed matched the generated code
if (strtoupper($_POST['code']
{
header("Location: $imageerrorurl");
}
else
{
// process the variables to email
$messageproper =
"This message was sent from:\n" .
"$http_referrer\n" .
"-------------------------
"Client:\n" .
$name .
"\n" .
"E-mail:\n" .
$email .
"\n" .
"Comment:\n" .
$comments .
"\n" .
"\n\n---------------------
mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.02" );
header( "Location: $thankyouurl" );
exit ;
}
}
?>
How do I send my variables to a URL instead of mailto: ?
Please Help...
ASKER
I understand in theory what to do, but I would like to learn how to code this.
If had this form:
form.php
########################## ########## ########## ########## ########## ########## ######
<form name="subscribeform" action="process.php">
<input type="hidden" name="form_tools_initializ e_form" value="1" />
<input type="hidden" name="form_tools_form_id" value="3" />
<table border="0" cellpadding="0" cellspacing="0" summary="feedback form" WIDTH=350>
<tr><td ALIGN="left"><br></td></tr >
<tr><td ALIGN="left">Name and Surname: </td><td><in put type="text" name="name" size="25"></td></tr>
<tr><td ALIGN="left">E-mail:</td>< td><input type="text" name="email" size="25"></td></tr>
<tr><td>Please copy the digits in the image (case sensitive):</td><td><div id="security"><img src="security-image.php?wi dth=160" width="200" height="60" alt="Security Image" /></div></td></tr>
<tr><td>to the textbox on the right:</td><td><input type="text" name="code" id="code" value="" /></td></tr>
<tr><td ALIGN="left"><br><input type="submit" name="send" id="contact" value="Submit" /><td></td></tr>
</td><td></td>
</tr>
</table>
</form>
########################## ########## ########## ########## ########## ########## ######
How would my process page look like:
process.php
########################## ########## ########## ########## ########## ########## ######
//script to validate security input
// define url that indicates where submission comes from
$http_referrer = getenv( "HTTP_REFERER" );
// start PHP session
session_start();
// check for posted form
if (isset($_POST['contact']))
{
// see if the code the user typed matched the generated code
if (strtoupper($_POST['code'] ) != $_SESSION['code'])
{
header("Location: $imageerrorurl");
}
else
{
//script to process variables to URL http://www.splice.co.za/forms/process.php
??????????
########################## ########## ########## ########## ########## ########## #######
Or is there a way that I can validate the security code input on-page like I do all the other values with javascript and still submitting with action="url"?
Your assistance is appreciated.
If had this form:
form.php
##########################
<form name="subscribeform" action="process.php">
<input type="hidden" name="form_tools_initializ
<input type="hidden" name="form_tools_form_id" value="3" />
<table border="0" cellpadding="0" cellspacing="0" summary="feedback form" WIDTH=350>
<tr><td ALIGN="left"><br></td></tr
<tr><td ALIGN="left">Name and Surname: </td><td><in
<tr><td ALIGN="left">E-mail:</td><
<tr><td>Please copy the digits in the image (case sensitive):</td><td><div id="security"><img src="security-image.php?wi
<tr><td>to the textbox on the right:</td><td><input type="text" name="code" id="code" value="" /></td></tr>
<tr><td ALIGN="left"><br><input type="submit" name="send" id="contact" value="Submit" /><td></td></tr>
</td><td></td>
</tr>
</table>
</form>
##########################
How would my process page look like:
process.php
##########################
//script to validate security input
// define url that indicates where submission comes from
$http_referrer = getenv( "HTTP_REFERER" );
// start PHP session
session_start();
// check for posted form
if (isset($_POST['contact']))
{
// see if the code the user typed matched the generated code
if (strtoupper($_POST['code']
{
header("Location: $imageerrorurl");
}
else
{
//script to process variables to URL http://www.splice.co.za/forms/process.php
??????????
##########################
Or is there a way that I can validate the security code input on-page like I do all the other values with javascript and still submitting with action="url"?
Your assistance is appreciated.
>>Or is there a way that I can validate the security code input on-page like I do all the other values with javascript and still submitting with action="url"?
No, client side validation is easily defeated.
<?PHP
session_start();
$http_referrer = $_SERVER("HTTP_REFERER");
// ------------- MAIL & URL CONFIGURABLE SECTION --------------------- //
$mailto = 'email@domain.com';
$subject = "Contact Form" ;
$formurl = "http://www.domain.com/contact_us.php" ;
$errorurl = "http://www.domain.com/error.php";
$imageerrorurl = "http://www.domain.com/imageerror.php";
$thankyouurl = "http://www.domain.com/thankyou.php" ;
// ------------- END OF CONFIGURABLE SECTION ------------------------ //
// ------------- VARIABLE CONFIGURABLE SECTION ---------------------- //
$name = $_POST['name'] ; // <-- these must be filtered!!!!
$email = $_POST['email'] ;
$comments = $_POST['comments'] ;
$code = $_POST['code'] ;
// ------------- END OF VARIABLE CONFIGURABLE SECTION --------------- //
// correct way to check for a post
if ($_SERVER['REQUEST_METHOD' ]=="POST") {
if isset($_POST['code'])) {
if (strtoupper($_POST['code'] ) != $_SESSION['code']) {
// error
header("Location: $imageerrorurl");
}else{
// okay
processForm($mailto, $subject, $formurl, $name, $email, $contents, $thankyouurl);
}
}
}
function processForm($mailto, $subject, $formurl, $name, $email, $contents, $thankyouurl) {
// code to process for, send e-mail whatever.
// when done
header("Location: $thankyouurl");
}
?>
No, client side validation is easily defeated.
<?PHP
session_start();
$http_referrer = $_SERVER("HTTP_REFERER");
// ------------- MAIL & URL CONFIGURABLE SECTION --------------------- //
$mailto = 'email@domain.com';
$subject = "Contact Form" ;
$formurl = "http://www.domain.com/contact_us.php" ;
$errorurl = "http://www.domain.com/error.php";
$imageerrorurl = "http://www.domain.com/imageerror.php";
$thankyouurl = "http://www.domain.com/thankyou.php" ;
// ------------- END OF CONFIGURABLE SECTION ------------------------ //
// ------------- VARIABLE CONFIGURABLE SECTION ---------------------- //
$name = $_POST['name'] ; // <-- these must be filtered!!!!
$email = $_POST['email'] ;
$comments = $_POST['comments'] ;
$code = $_POST['code'] ;
// ------------- END OF VARIABLE CONFIGURABLE SECTION --------------- //
// correct way to check for a post
if ($_SERVER['REQUEST_METHOD'
if isset($_POST['code'])) {
if (strtoupper($_POST['code']
// error
header("Location: $imageerrorurl");
}else{
// okay
processForm($mailto, $subject, $formurl, $name, $email, $contents, $thankyouurl);
}
}
}
function processForm($mailto, $subject, $formurl, $name, $email, $contents, $thankyouurl) {
// code to process for, send e-mail whatever.
// when done
header("Location: $thankyouurl");
}
?>
and...
function processForm($mailto, $subject, $formurl, $name, $email, $contents, $thankyouurl) {
// code to process for, send e-mail whatever.
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=utf-8\r\n";
/* additional headers */
$headers .= "To: $to\r\n";
$headers .= "From: Your Site<webmaster@yourdomain. com>\r\n";
$headers .= "X-Mailer: PHP/" . phpversion();
$mailHead = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
$mailHead .= "<html>\n<head>\n <META http-equiv=Content-Type content=\"text/html; charset=utf-8\">\n";
$mailHead .= " <title>Form Submission</title>";
}
$mailHead .= " <style type=\"text/css\">\n /*<![CDATA[*/\n";
$mailHead .= " BODY {background: #FFF; font-family: Tahoma, Arial, Sans-Serif; font-size: 12pt; color: #000000 }\n";
$mailHead .= " /*]]>*/\n </style>\n</head>\n";
$mailBody = "<body>\n <div>\n";
$mailbody .= " From: " . "$http_referrer\n";
$mailBody .= " $formurl\n\n";
$mailBody .= " Client: $name\n";
$mailBody .= " E-Mail: $email\n\n";
$mailBody .= " $contents\n";
$mailBody .= " </div>\n</body>\n</html>";
mail($mailto, $subject, $mailHead.$mailBody, $headers);
header( "Location: $thankyouurl" );
}
function processForm($mailto, $subject, $formurl, $name, $email, $contents, $thankyouurl) {
// code to process for, send e-mail whatever.
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=utf-8\r\n";
/* additional headers */
$headers .= "To: $to\r\n";
$headers .= "From: Your Site<webmaster@yourdomain.
$headers .= "X-Mailer: PHP/" . phpversion();
$mailHead = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
$mailHead .= "<html>\n<head>\n <META http-equiv=Content-Type content=\"text/html; charset=utf-8\">\n";
$mailHead .= " <title>Form Submission</title>";
}
$mailHead .= " <style type=\"text/css\">\n /*<![CDATA[*/\n";
$mailHead .= " BODY {background: #FFF; font-family: Tahoma, Arial, Sans-Serif; font-size: 12pt; color: #000000 }\n";
$mailHead .= " /*]]>*/\n </style>\n</head>\n";
$mailBody = "<body>\n <div>\n";
$mailbody .= " From: " . "$http_referrer\n";
$mailBody .= " $formurl\n\n";
$mailBody .= " Client: $name\n";
$mailBody .= " E-Mail: $email\n\n";
$mailBody .= " $contents\n";
$mailBody .= " </div>\n</body>\n</html>";
mail($mailto, $subject, $mailHead.$mailBody, $headers);
header( "Location: $thankyouurl" );
}
mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.02" );
header( "Location: $thankyouurl" );
exit ;
replace line with header with:
$url =
"http://www.splice.co.za/forms/process.php?email=".$email."&name=".$email. "&comments =".$commen ts;
header("Location: $url");
the only thing that you have to do now is to in your process.php script is to retrueve sent variables with $_GET['email'] and after saving all that to database redirect to $thankyouurl at the end of your script like:
$thankyouurl = "http://www.domain.com/thankyou.php" ;
header( "Location: $thankyouurl" );
this modification will send you an email and then redirect to proccess.php script.
but you could easily do all that in this script to simplify the proccess.
header( "Location: $thankyouurl" );
exit ;
replace line with header with:
$url =
"http://www.splice.co.za/forms/process.php?email=".$email."&name=".$email.
header("Location: $url");
the only thing that you have to do now is to in your process.php script is to retrueve sent variables with $_GET['email'] and after saving all that to database redirect to $thankyouurl at the end of your script like:
$thankyouurl = "http://www.domain.com/thankyou.php" ;
header( "Location: $thankyouurl" );
this modification will send you an email and then redirect to proccess.php script.
but you could easily do all that in this script to simplify the proccess.
ASKER
Deresh,
I'm trying the url option, but the script keeps on flaring up problems. It works perfectly until I replace the $thankyouurl with http://www.splice.co.za/forms/process.php?name=".$name."&email=".$email;
see example: http://www.splice.co.za/formtest/submit.php
Where is my syntax problem?
<?php
// ------------- MAIL & URL CONFIGURABLE SECTION --------------------- //
$mailto = 'mcmbotha@splice.co.za' ;
$subject = "Contact Form" ;
$formurl = "http://www.splice.co.za/test/contact.php" ;
$errorurl = "http://www.splice.co.za/test/error.html";
$imageerrorurl = "http://www.splice.co.za/test/imageerror.html";
$thankyouurl = "http://www.splice.co.za/forms/process.php?name=".$name."&email=".$email; " ;
// ------------- END OF CONFIGURABLE SECTION ------------------------ //
// ------------- VARIABLE CONFIGURABLE SECTION ---------------------- //
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$code = $_POST['code'] ;
// ------------- END OF VARIABLE CONFIGURABLE SECTION --------------- //
// define url that indicates where submission comes from
$http_referrer = getenv( "HTTP_REFERER" );
// start PHP session
session_start();
// check for posted form
if (isset($_POST['contact']))
{
// see if the code the user typed matched the generated code
if (strtoupper($_POST['code'] ) != $_SESSION['code'])
{
header("Location: $imageerrorurl");
}
else
{
// process the variables to email
$messageproper =
"This message was sent from:\n" .
"$http_referrer\n" .
"------------------------- FORM SUBMISSION -------------------------\ n\n" .
"Client:\n" .
$name .
"\n" .
"E-mail:\n" .
$email .
"\n" .
"\n\n--------------------- ---------- ---------- ---------- ---------\ n" ;
mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.02" );
header( "Location: $thankyouurl");
exit ;
}
}
?>
I'm trying the url option, but the script keeps on flaring up problems. It works perfectly until I replace the $thankyouurl with http://www.splice.co.za/forms/process.php?name=".$name."&email=".$email;
see example: http://www.splice.co.za/formtest/submit.php
Where is my syntax problem?
<?php
// ------------- MAIL & URL CONFIGURABLE SECTION --------------------- //
$mailto = 'mcmbotha@splice.co.za' ;
$subject = "Contact Form" ;
$formurl = "http://www.splice.co.za/test/contact.php" ;
$errorurl = "http://www.splice.co.za/test/error.html";
$imageerrorurl = "http://www.splice.co.za/test/imageerror.html";
$thankyouurl = "http://www.splice.co.za/forms/process.php?name=".$name."&email=".$email;
// ------------- END OF CONFIGURABLE SECTION ------------------------ //
// ------------- VARIABLE CONFIGURABLE SECTION ---------------------- //
$name = $_POST['name'] ;
$email = $_POST['email'] ;
$code = $_POST['code'] ;
// ------------- END OF VARIABLE CONFIGURABLE SECTION --------------- //
// define url that indicates where submission comes from
$http_referrer = getenv( "HTTP_REFERER" );
// start PHP session
session_start();
// check for posted form
if (isset($_POST['contact']))
{
// see if the code the user typed matched the generated code
if (strtoupper($_POST['code']
{
header("Location: $imageerrorurl");
}
else
{
// process the variables to email
$messageproper =
"This message was sent from:\n" .
"$http_referrer\n" .
"-------------------------
"Client:\n" .
$name .
"\n" .
"E-mail:\n" .
$email .
"\n" .
"\n\n---------------------
mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\nReply-To: \"$name\" <$email>\nX-Mailer: chfeedback.php 2.02" );
header( "Location: $thankyouurl");
exit ;
}
}
?>
ASKER
P.S. I do not need to email the variables at all, I just need to pass them to the url. In other words I need to do exactly what would have happened if I submitted the form with action="www.splice.co.za/froms/process.php", only I do not want to pass the security image code. I only want to pass &email and $name, so essentailey I can leave out the mail() function and go directly to header (), but I can't seem to get the url format correct.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I accept that argument, but I still do not know how to solve the problem.
The second page is expecting the variables via a submitted form > action="url"
How do I simulate this in my "in-between" processing page?
The second page is expecting the variables via a submitted form > action="url"
How do I simulate this in my "in-between" processing page?
I wouldn't. I'd put your validation and e-mail code in the second page rather than trying to submit to two pages.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if so, just in a part of your code where you build and send an email just use header to call your url with parameters, like:
$url = "http://someserver.com/yourscript.php?email=".$email."&name=".$email.
header("Location: $url");
or you could put all your post variables into session and then redirect to plain url