Solved

Posting information from form goes wrong.

Posted on 2009-07-08
6
263 Views
Last Modified: 2013-12-13
Hi Expert,

I've got an old guest book functionality that is written for PHP 4.x But now I've moved it to PHP 5 it does not work. The user entered values are not arriving in the post file. I've been looking for problems in the code but was not able to determine what goes wrong.

The error I get is the validation in the "voegtoe.php" telling me I did not fil in a value.

Both files are attached

Your help is highly appreciated

-----index.php------------

<?php
 

if(!$start) {

$start="0";} else{

$start=$start;}

?>
 
 

<html>

<head>

<?php

include("include/config.php");

include("include/style.inc.php");

include("include/functies.inc.php");
 

?>
 
 

<title>Mijn gastenboek</title>
 

<script type="text/javascript"> 

// ADDTEXT 

function addtext(veld,text) 

{ 

    document.gastenboek.elements[veld].value += " "+text+" "; 

    document.gastenboek.elements[veld].focus(); 

} 

</script>
 

<script>
 

function submitonce(theform){

//if IE 4+ or NS 6+

if (document.all||document.getElementById){

//screen thru every element in the form, and hunt down "submit" and "reset"

for (i=0;i<theform.length;i++){

var tempobj=theform.elements[i]

if(tempobj.type.toLowerCase()=="submit"||tempobj.type.toLowerCase()=="reset")

//disable em

tempobj.disabled=true

}

}

}

</script>
 
 

</head>
 

<body>
 

<?php
 

include("bekijk.php");

?></p>

<p>&nbsp;</p>
 

<form method="POST" name="gastenboek" action="voegtoe.php" onSubmit="submitonce(this)">
 

<div align="center">

  <center>

  <table border="0" cellpadding="2" width="100%">

    <tr>

      <td width="19%">Naam:</td>

      <td width="81%"><input type="text" name="naam" size="30"></td>

    </tr>

    <tr>

      <td width="19%">E-mail:</td>

      <td width="81%"><input type="text" name="email" size="30"></td>

    </tr>

    <tr>

      <td width="19%">Lid van onze club:</td>

      <td width="81%"><input type="checkbox" name="lid" value="ON">ja</td>

    </tr>

    <tr>

      <td width="19%" valign="top">Jouw bericht:</td>

      <td width="81%">
 

<?php

if ($UBB=="true") {

UBBinc(bericht);

}

?>  
 

<textarea rows="4" name="bericht" cols="40" class="tekstvak"></textarea><br>
 

<?php

if ($smilie=="true") {

smilieinc(bericht);

}

?> 
 

</td>

    </tr>

    <tr>

      <td width="19%"></td>

      <td width="81%"><input type="submit" value="Verzenden" name="B1" class="knop"> <input type="reset" value="Invoer wissen" name="B2" class="knop"></td>

    </tr>

  </table>

  </center>

</div>

</form>

<?php

//copyright

//if($Copyrightnr11) {

//copyright ();}

?> 

</body>
 

</html>

-----------------------end of index.php------------------
 

-------------------voegtoe.php----------------------
 

<?php 

// Boven aan je pagina 

ob_start(); 
 

include("include/config.php");

include("include/style.inc.php");

include("include/functies.inc.php");
 

session_start(); 

$verlooptijd = 0; //tijd in seconden waarna er weer gepost mag worden 
 

if($_SESSION['tijd'] + $verlooptijd > time()){ 

$wachten = $_SESSION['tijd'] + $verlooptijd - time(); 

echo "U heeft zojuist al een bericht geplaatst, over ".$wachten." seconden kunt u weer posten."; 

} 

else{ 

$_SESSION['tijd'] = $tijd;
 

$datum=date("d-m-Y @ H:i:s",time());

$id=date("dmyHis",time());
 
 

//check lege velden

if (strlen($naam)<1) {

echo "<b>U heeft uw naam (nog) niet ingevuld ...</b><br><br><A href=\"javascript: history.go(-1);\" target=\"_self\"><blockquote>Klik hier om terug te gaan en vult u alsnog uw naam in !!!</blockquote></A>";

}

elseif (strlen($bericht)<1) {

echo "<br><br><b><br>U heeft (nog) geen bericht achtergelaten ...</b></font><br><br><A href=\"javascript: history.go(-1);\" target=\"_self\"><blockquote>Klik hier om terug te gaan en schrijft u alsnog een leuk <img border=\"0\" src=\"img/smile/knipoog.gif\"> bericht !!!</blockquote></a>";

}

else {
 

//html-tags verwijderen

$naam  = strip_tags($naam);

$email = strip_tags($email);

$bericht = strip_tags($bericht);

$bericht = stripslashes($bericht);
 

//Toevoegen IP gelogd

$iplog="J";
 

//vervangen van de smilies-codes door html codes ...

$bericht=smilie($bericht);
 

if ($scheldwoorden=="true") {

$bericht = scheldwoorden($bericht);

}
 

//vervangen van de UBB codes door html codes ...

$bericht=UBB($bericht);
 

$bericht = nl2br($bericht); 

$bericht = eregi_replace("\n", "", $bericht); 

      
 

//wegschrijven naar een bestand

$logfile = fopen("$bestand","a"); 

fputs($logfile, $id."||".$datum."||".$email."||".$lid."||".$iplog."||".$bericht."||".$naam."||\n"); 

fclose($logfile); 
 

//bestand voor de IP adressen van berichten in het gastenboek

$ipbestand ="ipadressen.txt";
 

//initialiseren IP

$ip = $REMOTE_ADDR; 
 

//wegschrijven naar een bestand

$logfileip = fopen("$ipbestand","a"); 

fputs($logfileip, $ip."||".$datum."||".$naam."||\n"); 

fclose($logfileip);
 
 

?>
 

<html>
 

<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<meta http-equiv="refresh" content="0;URL=index.php">
 

<title>ZFC Zuidlaren</title>

</head>
 

<body>

</body>

</html>
 

<?php

} } 
 
 

// Onder aan je pagina 

ob_end_flush(); 

?> 

-----------------end of voegtoe.php---------------------

Open in new window

0
Comment
Question by:Steynsk
  • 5
6 Comments
 
LVL 18

Accepted Solution

by:
Hube02 earned 500 total points
ID: 24805065
The problem is here:

$naam  = strip_tags($naam);
$email = strip_tags($email);
$bericht = strip_tags($bericht);
$bericht = stripslashes($bericht);


You need to change all the references to $_POST variables to use the $_POST global. Example

$naam  = strip_tags($_POST['naam']);
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805091
Noticed that you have these references all through the code. Your other choice is to turn register globals on, but I'd fix the code.
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805276
Another solution, at the beginning of your "voegtoe.php" file add the following:
<?php
 

  foreach($_POST as $key => $value) {

    $$key = $value;

  }
 

?>

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 18

Expert Comment

by:Hube02
ID: 24805331
Or the below.

But the best solution is to correct the problem which is that the script was written for a PHP with register_globals = On, which was determined to be a security risk and is not Off by default.
<?php
 

  extract($_POST);
 

?>

Open in new window

0
 
LVL 1

Author Closing Comment

by:Steynsk
ID: 31601175
Hube02,
Many thanks
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805344
That should be:

 "it is NOW of by default"

sorry for the typo that completely changes the meaning of the sentence :S
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Animated .jpg? 13 57
phpmailer in WHILE loop - weird results 10 27
html input type 3 21
array_values - reorder after unset? 5 9
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now