why doesnt my form recognize mathguard?

In your process.php file, you have a couple references to the $_REQUEST array. Change this to the $_POST array.

If this does not solve the problem, put some debug code in for me, re-run it and tell me what the output is:

In Process.php, change this code:
 
/* this condition checks the user input. Don't change the condition, just the body within the curly braces */ 
    if (MathGuard :: checkResult($_REQUEST['mathguard_answer'], $_REQUEST['mathguard_code'])) 
    { 
        //insert code to be executed when user enters correct answer 
        header("Location: journal_test.php"); 
    } 
    else 
    { 
        die("Bad answer, go back to school !"); 
    } 
} 
 
 
 
 
To this:
 
 
 
 
/* this condition checks the user input. Don't change the condition, just the body within the curly braces */ 
 
    echo "<pre>POST ARRAY:\n";
    print_r($_POST);
    echo "\n\n\nREQUEST ARRAY:\n";
    print_r($_REQUEST);
 
    if (MathGuard :: checkResult($_REQUEST['mathguard_answer'], $_REQUEST['mathguard_code'])) 
    { 
        die("Debug halt. Correct Answer"); 
    } 
    else 
    { 
        die("Bad answer, go back to school !"); 
    } 
} 

Select allOpen in new window

Also I can't help but notice that Journal.php is posting to "../process.php" and includes "ClassMathGuard.php", while process.php includes "../ClassMathGuard.php". How can this be?

I'm not sure if this has anything to do with anything but I sense a bit of incorrect-path stuff going on here. Just make sure you're editing the right file and it's going to the right place on your server.

Hi I applied your code and I also changed the path to process.php on line 7 to this:
header("Location: journal.php");

I have uploaded a new process.phps file with your updated code being used. Still no luck my friend. I am able to post a comment without entering anything into the mathguard field or if i enter an incorrect answer in mathguard it still posts the comment :/

As it stands right now, your page should never let anything through. It should either die with "Debug Halt" if everything was okay, or it should die with "Bad Answer" if it failed due to mathguard. It should output the contents of those two arrays as debug output.

Can you run through it and tell me what the output is? I can't find a live version going on your site

Okay I have it working on my machine.

There were a number of issues that may or may not be a problem for you.

1) I changed the form's target in journal.php to "process.php", instead of "../process.php"

2) The two lines in journal.php:

<p><input type="hidden" name="entry" id="entry" value="<?php echo $id; ?>" />
<input type="hidden" name="timestamp" id="timestamp" value="<?php echo $commenttimestamp; ?>" />

The $id and the $commenttimestamp variable do not exist, and so it generates php errors. These errors are invisible because they're within a hidden input box form element. I just removed them. You're gonna want to make sure these variables are working

3) I put <Script> tags around your javascript validation code in journal.php

The code works on my testing server now.

Please let me know what the debug code I gave you above outputs when you run it. That will help us debug this the next step.

cool now I can see the post and request arrays. This is the browser message I got after entering and submitting all the correct information in every field:

POST ARRAY:
Array
(
    [entry] =>
    [timestamp] =>
    [name] => aadsad
    [email] => asdasd@a.com
    [url] => http://asdad
    [comment] => asdasd
    [mathguard_answer] => 2
    [mathguard_code] => 029965943be49743e54fa5fdc79f8702
    [submit_comment] =>
    [submit_comment_button] => Add Comment
)



REQUEST ARRAY:
Array
(
    [entry] =>
    [timestamp] =>
    [name] => aadsad
    [email] => asdasd@a.com
    [url] => http://asdad
    [comment] => asdasd
    [mathguard_answer] => 2
    [mathguard_code] => 029965943be49743e54fa5fdc79f8702
    [submit_comment] =>
    [submit_comment_button] => Add Comment
    [phpbb2mysql4_data] => a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";i:-1;}
)
Debug halt. Correct Answer

Why does the REQUEST array print everything input that the form has plus it has an extra line that the post array doesnt being [phpbb2mysql4_data] ?

I can see why the POST array would echo all the input values in the form because the forms method is post.

The only time REQUEST is being used is in the mathguard if statement on process.php.

Is there any programs I can use to debug code or do you know this language fluently to recognize mistakes and to be able to correct code? I am using Dreamweaver

$_REQUEST is an array that contains everything from $_GET, $_POST and $_COOKIE. Probably that extra entry is just a cookie put there from something else (looks like a phpbb forum), so it's nothing you need to worry about.

Well your code looks fine. Your output looks fine. It works on my test server, try doing it with an intentionally wrong answer and see if it correctly dies with "bad answer go back to school".

There do exist single-stepping PHP debuggers but I don't use any ATM. To my knowledge it is a bit of a pain to get them set up. I just put lots of echo statements in my code so I can see exactly what the state of all the variables is just as the code executes. That usually reveals the problem.

with the wrong answer the form says "Bad answer, go back to school !"
Should I delete this to get the comments form to work?
 die("Debug halt. Correct Answer");
    }
    else
    {
        die("Bad answer, go back to school !");
    }
}


I have a few more questions and I will raise the points if you can help?

1. Does my form prevent SQL injection? If not can you help me to add SQL injection prevention code?

2. If I type an address in the comments text area i.e. https://www.experts-exchange.com the link won't be active. Can you help me make this possible please?

hello?

Looks like your form is working properly now. Now take out that die("debug halt. correct answer") and replace it with the redirect() you had before. Your code *should* die on an incorrect answer, perhaps with a link to go back to the form. Ideally it would be nice to redirect back to the original form and preserve all of the comments the user typed in but you can code that up at your own discretion.

Your code is protected from html injection, but not from sql injection. To do this, simply feed your data through mysql_real_escape_string(). e.g. your code in process.php:

    $entry = htmlspecialchars(strip_tags($_POST['entry']));
    $timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
    $name = htmlspecialchars(strip_tags($_POST['name']));
    .... etc

Should be instead

    $entry = mysql_real_escape_string(htmlspecialchars(strip_tags($_POST['entry'])));
    $timestamp = mysql_real_escape_string(htmlspecialchars(strip_tags($_POST['timestamp'])));
    ... etc

Replacing addresses with html links can be easily done with preg_replace. According to a commenter on php.net's forums (source: http://www.php.net/manual/en/function.preg-replace.php#79204).

I've attached some code that should do it. You pass any text into the hyperlink() function defined below, and it will replace the links with html <a href...> and return that.

This code you would put on the page where you DISPLAY the comments. It should be done on the fly every time data is retrieved from the database is displayed on the screen. It should not be done at the point where the user submits the comment otherwise all the tags will get stripped out by your validation code.

<?php
function hyperlink($text) {
    // match protocol://address/path/file.extension?some=variable&another=asf%
    $text = preg_replace("/\s([a-zA-Z]+:\/\/[a-z][a-z0-9\_\.\-]*
            [a-z]{2,6}[a-zA-Z0-9\/\*\-\?\&\%\=]*)([\s|\.|\,])/i",
            " <a href=\"$1\" target=\"_blank\">$1</a>$2", $text);
    // match www.something.domain/path/file.extension?some=variable&another=asf%
    $text = preg_replace("/\s(www\.[a-z][a-z0-9\_\.\-]*
            [a-z]{2,6}[a-zA-Z0-9\/\*\-\?\&\%\=]*)([\s|\.|\,])/i",
            " <a href=\"http://$1\" target=\"_blank\">$1</a>$2", $text);
    // match name@address
    $text = preg_replace("/\s([a-zA-Z][a-zA-Z0-9\_\.\-]*[a-zA-Z]*
            \@[a-zA-Z][a-zA-Z0-9\_\.\-]*[a-zA-Z]{2,6})([\s|\.|\,])/i",
            " <a href=\"mailto://$1\">$1</a>$2", $text);
    return $text;
}
?>
 
PS - please note that the line breaks and spaces/tabs in the method's regular expressions need to be removed before using it. 

Select allOpen in new window

I changed: debug halt. correct answer
 to: header("Location: entry/journal.php?id=" . $entry);"

When I fill all fields with the correct input the browser gives me this error message:
Warning:  Cannot modify header information - headers already sent by (output started at /home/webmedia/public_html/jecgardner/entry/process.php:9) in /home/webmedia/public_html/jecgardner/entry/process.php on line 16

Fatal error:  Call to undefined function:  checkresult() in /home/webmedia/public_html/jecgardner/entry/process.php on line 38

I have uploaded the process.phps:
http://www.newmedia.lincoln.ac.uk/jecgardner/mathguard/process.phps

I have now added mysql_real_escape_string to process.php

I have also added the function hyperlink($text) to my blog (http://www.newmedia.lincoln.ac.uk/jecgardner) and when I entered a new blog entry with an URL in the text area the URL wasnt active on the index page?

The reason you're getting errors when you call header(), is because the debug code we added earlier is still present in your script. Remove or comment out the print_r() and echo statements from your code.

checkresult() never made any sense to me, I don't see why it is there. I assumed it related to some other part of your code you were not showing me, but if you do not know what it is either you can probably just remove the line.

Not sure about your blog. Make sure you are calling hyperlink and echoing out the text that the function returns. Also make sure you removed the carriage returns and spaces as instructed at the bottom of the code I posted.  The regular expression passed to the preg_replace() function calls should be one long line of text.

I have deleted the print_r() and echo statements and now when I submit and valid entry the next page shows: Invalid ID specified.
If I enter wrong info in the fields then I get the "go back to school" bad answer response.

I have put the function hyperlink($text) at the top of my blog (index) code. I am not sure how to correctly echo out the function? My guess would be to add hyperlink to this line:
echo "<br /><br />".smiley(showinweb($row['entry']));
Please can you have a look at the source? Maybe you can see why the links dont display with a text entry?
http://www.newmedia.lincoln.ac.uk/jecgardner/mathguard/index.phps

I have also updated the process.phps
http://www.newmedia.lincoln.ac.uk/jecgardner/mathguard/process.phps

Hi frosty!
I have made the changes you told me to do in step 1 and 2.

I made a new blog entry and typed www.test.com in the main text area and when I viewed my index page the link was still not being noticed by the hyperlink function?

Step 3:
The long text area that is posted with the blog entry goes into the db table field called entry. There is also a table in the db just for user comments and this also has a field called entry. When the user submits a comment it is stored in the comments entry field and it should take the user back to ID page of the blog entry showing the blog entry along with the new user comment.
I am not sure why I have a hidden field called entry in the comments form.. I did have an annoying spam bot and I tried alot of prevention techniques and this could of got caught up in it.. I dont think I need the hidden entry field in the comment form?

hello?