Solved

Posting information from form goes wrong.

Posted on 2009-07-08
6
262 Views
Last Modified: 2013-12-13
Hi Expert,

I've got an old guest book functionality that is written for PHP 4.x But now I've moved it to PHP 5 it does not work. The user entered values are not arriving in the post file. I've been looking for problems in the code but was not able to determine what goes wrong.

The error I get is the validation in the "voegtoe.php" telling me I did not fil in a value.

Both files are attached

Your help is highly appreciated

-----index.php------------

<?php
 

if(!$start) {

$start="0";} else{

$start=$start;}

?>
 
 

<html>

<head>

<?php

include("include/config.php");

include("include/style.inc.php");

include("include/functies.inc.php");
 

?>
 
 

<title>Mijn gastenboek</title>
 

<script type="text/javascript"> 

// ADDTEXT 

function addtext(veld,text) 

{ 

    document.gastenboek.elements[veld].value += " "+text+" "; 

    document.gastenboek.elements[veld].focus(); 

} 

</script>
 

<script>
 

function submitonce(theform){

//if IE 4+ or NS 6+

if (document.all||document.getElementById){

//screen thru every element in the form, and hunt down "submit" and "reset"

for (i=0;i<theform.length;i++){

var tempobj=theform.elements[i]

if(tempobj.type.toLowerCase()=="submit"||tempobj.type.toLowerCase()=="reset")

//disable em

tempobj.disabled=true

}

}

}

</script>
 
 

</head>
 

<body>
 

<?php
 

include("bekijk.php");

?></p>

<p>&nbsp;</p>
 

<form method="POST" name="gastenboek" action="voegtoe.php" onSubmit="submitonce(this)">
 

<div align="center">

  <center>

  <table border="0" cellpadding="2" width="100%">

    <tr>

      <td width="19%">Naam:</td>

      <td width="81%"><input type="text" name="naam" size="30"></td>

    </tr>

    <tr>

      <td width="19%">E-mail:</td>

      <td width="81%"><input type="text" name="email" size="30"></td>

    </tr>

    <tr>

      <td width="19%">Lid van onze club:</td>

      <td width="81%"><input type="checkbox" name="lid" value="ON">ja</td>

    </tr>

    <tr>

      <td width="19%" valign="top">Jouw bericht:</td>

      <td width="81%">
 

<?php

if ($UBB=="true") {

UBBinc(bericht);

}

?>  
 

<textarea rows="4" name="bericht" cols="40" class="tekstvak"></textarea><br>
 

<?php

if ($smilie=="true") {

smilieinc(bericht);

}

?> 
 

</td>

    </tr>

    <tr>

      <td width="19%"></td>

      <td width="81%"><input type="submit" value="Verzenden" name="B1" class="knop"> <input type="reset" value="Invoer wissen" name="B2" class="knop"></td>

    </tr>

  </table>

  </center>

</div>

</form>

<?php

//copyright

//if($Copyrightnr11) {

//copyright ();}

?> 

</body>
 

</html>

-----------------------end of index.php------------------
 

-------------------voegtoe.php----------------------
 

<?php 

// Boven aan je pagina 

ob_start(); 
 

include("include/config.php");

include("include/style.inc.php");

include("include/functies.inc.php");
 

session_start(); 

$verlooptijd = 0; //tijd in seconden waarna er weer gepost mag worden 
 

if($_SESSION['tijd'] + $verlooptijd > time()){ 

$wachten = $_SESSION['tijd'] + $verlooptijd - time(); 

echo "U heeft zojuist al een bericht geplaatst, over ".$wachten." seconden kunt u weer posten."; 

} 

else{ 

$_SESSION['tijd'] = $tijd;
 

$datum=date("d-m-Y @ H:i:s",time());

$id=date("dmyHis",time());
 
 

//check lege velden

if (strlen($naam)<1) {

echo "<b>U heeft uw naam (nog) niet ingevuld ...</b><br><br><A href=\"javascript: history.go(-1);\" target=\"_self\"><blockquote>Klik hier om terug te gaan en vult u alsnog uw naam in !!!</blockquote></A>";

}

elseif (strlen($bericht)<1) {

echo "<br><br><b><br>U heeft (nog) geen bericht achtergelaten ...</b></font><br><br><A href=\"javascript: history.go(-1);\" target=\"_self\"><blockquote>Klik hier om terug te gaan en schrijft u alsnog een leuk <img border=\"0\" src=\"img/smile/knipoog.gif\"> bericht !!!</blockquote></a>";

}

else {
 

//html-tags verwijderen

$naam  = strip_tags($naam);

$email = strip_tags($email);

$bericht = strip_tags($bericht);

$bericht = stripslashes($bericht);
 

//Toevoegen IP gelogd

$iplog="J";
 

//vervangen van de smilies-codes door html codes ...

$bericht=smilie($bericht);
 

if ($scheldwoorden=="true") {

$bericht = scheldwoorden($bericht);

}
 

//vervangen van de UBB codes door html codes ...

$bericht=UBB($bericht);
 

$bericht = nl2br($bericht); 

$bericht = eregi_replace("\n", "", $bericht); 

      
 

//wegschrijven naar een bestand

$logfile = fopen("$bestand","a"); 

fputs($logfile, $id."||".$datum."||".$email."||".$lid."||".$iplog."||".$bericht."||".$naam."||\n"); 

fclose($logfile); 
 

//bestand voor de IP adressen van berichten in het gastenboek

$ipbestand ="ipadressen.txt";
 

//initialiseren IP

$ip = $REMOTE_ADDR; 
 

//wegschrijven naar een bestand

$logfileip = fopen("$ipbestand","a"); 

fputs($logfileip, $ip."||".$datum."||".$naam."||\n"); 

fclose($logfileip);
 
 

?>
 

<html>
 

<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<meta http-equiv="refresh" content="0;URL=index.php">
 

<title>ZFC Zuidlaren</title>

</head>
 

<body>

</body>

</html>
 

<?php

} } 
 
 

// Onder aan je pagina 

ob_end_flush(); 

?> 

-----------------end of voegtoe.php---------------------

Open in new window

0
Comment
Question by:Steynsk
  • 5
6 Comments
 
LVL 18

Accepted Solution

by:
Hube02 earned 500 total points
ID: 24805065
The problem is here:

$naam  = strip_tags($naam);
$email = strip_tags($email);
$bericht = strip_tags($bericht);
$bericht = stripslashes($bericht);


You need to change all the references to $_POST variables to use the $_POST global. Example

$naam  = strip_tags($_POST['naam']);
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805091
Noticed that you have these references all through the code. Your other choice is to turn register globals on, but I'd fix the code.
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805276
Another solution, at the beginning of your "voegtoe.php" file add the following:
<?php
 

  foreach($_POST as $key => $value) {

    $$key = $value;

  }
 

?>

Open in new window

0
Easy Project Management (No User Manual Required)

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 18

Expert Comment

by:Hube02
ID: 24805331
Or the below.

But the best solution is to correct the problem which is that the script was written for a PHP with register_globals = On, which was determined to be a security risk and is not Off by default.
<?php
 

  extract($_POST);
 

?>

Open in new window

0
 
LVL 1

Author Closing Comment

by:Steynsk
ID: 31601175
Hube02,
Many thanks
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805344
That should be:

 "it is NOW of by default"

sorry for the typo that completely changes the meaning of the sentence :S
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now