Solved

Posting information from form goes wrong.

Posted on 2009-07-08
6
266 Views
Last Modified: 2013-12-13
Hi Expert,

I've got an old guest book functionality that is written for PHP 4.x But now I've moved it to PHP 5 it does not work. The user entered values are not arriving in the post file. I've been looking for problems in the code but was not able to determine what goes wrong.

The error I get is the validation in the "voegtoe.php" telling me I did not fil in a value.

Both files are attached

Your help is highly appreciated

-----index.php------------
<?php
 
if(!$start) {
$start="0";} else{
$start=$start;}
?>
 
 
<html>
<head>
<?php
include("include/config.php");
include("include/style.inc.php");
include("include/functies.inc.php");
 
?>
 
 
<title>Mijn gastenboek</title>
 
<script type="text/javascript"> 
// ADDTEXT 
function addtext(veld,text) 
{ 
    document.gastenboek.elements[veld].value += " "+text+" "; 
    document.gastenboek.elements[veld].focus(); 
} 
</script>
 
<script>
 
function submitonce(theform){
//if IE 4+ or NS 6+
if (document.all||document.getElementById){
//screen thru every element in the form, and hunt down "submit" and "reset"
for (i=0;i<theform.length;i++){
var tempobj=theform.elements[i]
if(tempobj.type.toLowerCase()=="submit"||tempobj.type.toLowerCase()=="reset")
//disable em
tempobj.disabled=true
}
}
}
</script>
 
 
</head>
 
<body>
 
<?php
 
include("bekijk.php");
?></p>
<p>&nbsp;</p>
 
<form method="POST" name="gastenboek" action="voegtoe.php" onSubmit="submitonce(this)">
 
<div align="center">
  <center>
  <table border="0" cellpadding="2" width="100%">
    <tr>
      <td width="19%">Naam:</td>
      <td width="81%"><input type="text" name="naam" size="30"></td>
    </tr>
    <tr>
      <td width="19%">E-mail:</td>
      <td width="81%"><input type="text" name="email" size="30"></td>
    </tr>
    <tr>
      <td width="19%">Lid van onze club:</td>
      <td width="81%"><input type="checkbox" name="lid" value="ON">ja</td>
    </tr>
    <tr>
      <td width="19%" valign="top">Jouw bericht:</td>
      <td width="81%">
 
<?php
if ($UBB=="true") {
UBBinc(bericht);
}
?>  
 
<textarea rows="4" name="bericht" cols="40" class="tekstvak"></textarea><br>
 
<?php
if ($smilie=="true") {
smilieinc(bericht);
}
?> 
 
</td>
    </tr>
    <tr>
      <td width="19%"></td>
      <td width="81%"><input type="submit" value="Verzenden" name="B1" class="knop"> <input type="reset" value="Invoer wissen" name="B2" class="knop"></td>
    </tr>
  </table>
  </center>
</div>
</form>
<?php
//copyright
//if($Copyrightnr11) {
//copyright ();}
?> 
</body>
 
</html>
-----------------------end of index.php------------------
 
-------------------voegtoe.php----------------------
 
<?php 
// Boven aan je pagina 
ob_start(); 
 
include("include/config.php");
include("include/style.inc.php");
include("include/functies.inc.php");
 
session_start(); 
$verlooptijd = 0; //tijd in seconden waarna er weer gepost mag worden 
 
if($_SESSION['tijd'] + $verlooptijd > time()){ 
$wachten = $_SESSION['tijd'] + $verlooptijd - time(); 
echo "U heeft zojuist al een bericht geplaatst, over ".$wachten." seconden kunt u weer posten."; 
} 
else{ 
$_SESSION['tijd'] = $tijd;
 
$datum=date("d-m-Y @ H:i:s",time());
$id=date("dmyHis",time());
 
 
//check lege velden
if (strlen($naam)<1) {
echo "<b>U heeft uw naam (nog) niet ingevuld ...</b><br><br><A href=\"javascript: history.go(-1);\" target=\"_self\"><blockquote>Klik hier om terug te gaan en vult u alsnog uw naam in !!!</blockquote></A>";
}
elseif (strlen($bericht)<1) {
echo "<br><br><b><br>U heeft (nog) geen bericht achtergelaten ...</b></font><br><br><A href=\"javascript: history.go(-1);\" target=\"_self\"><blockquote>Klik hier om terug te gaan en schrijft u alsnog een leuk <img border=\"0\" src=\"img/smile/knipoog.gif\"> bericht !!!</blockquote></a>";
}
else {
 
//html-tags verwijderen
$naam  = strip_tags($naam);
$email = strip_tags($email);
$bericht = strip_tags($bericht);
$bericht = stripslashes($bericht);
 
//Toevoegen IP gelogd
$iplog="J";
 
//vervangen van de smilies-codes door html codes ...
$bericht=smilie($bericht);
 
if ($scheldwoorden=="true") {
$bericht = scheldwoorden($bericht);
}
 
//vervangen van de UBB codes door html codes ...
$bericht=UBB($bericht);
 
$bericht = nl2br($bericht); 
$bericht = eregi_replace("\n", "", $bericht); 
      
 
//wegschrijven naar een bestand
$logfile = fopen("$bestand","a"); 
fputs($logfile, $id."||".$datum."||".$email."||".$lid."||".$iplog."||".$bericht."||".$naam."||\n"); 
fclose($logfile); 
 
//bestand voor de IP adressen van berichten in het gastenboek
$ipbestand ="ipadressen.txt";
 
//initialiseren IP
$ip = $REMOTE_ADDR; 
 
//wegschrijven naar een bestand
$logfileip = fopen("$ipbestand","a"); 
fputs($logfileip, $ip."||".$datum."||".$naam."||\n"); 
fclose($logfileip);
 
 
?>
 
<html>
 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta http-equiv="refresh" content="0;URL=index.php">
 
<title>ZFC Zuidlaren</title>
</head>
 
<body>
</body>
</html>
 
<?php
} } 
 
 
// Onder aan je pagina 
ob_end_flush(); 
?> 
-----------------end of voegtoe.php---------------------

Open in new window

0
Comment
Question by:Steynsk
  • 5
6 Comments
 
LVL 18

Accepted Solution

by:
Hube02 earned 500 total points
ID: 24805065
The problem is here:

$naam  = strip_tags($naam);
$email = strip_tags($email);
$bericht = strip_tags($bericht);
$bericht = stripslashes($bericht);


You need to change all the references to $_POST variables to use the $_POST global. Example

$naam  = strip_tags($_POST['naam']);
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805091
Noticed that you have these references all through the code. Your other choice is to turn register globals on, but I'd fix the code.
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805276
Another solution, at the beginning of your "voegtoe.php" file add the following:
<?php
 
  foreach($_POST as $key => $value) {
    $$key = $value;
  }
 
?>

Open in new window

0
ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

 
LVL 18

Expert Comment

by:Hube02
ID: 24805331
Or the below.

But the best solution is to correct the problem which is that the script was written for a PHP with register_globals = On, which was determined to be a security risk and is not Off by default.
<?php
 
  extract($_POST);
 
?>

Open in new window

0
 
LVL 1

Author Closing Comment

by:Steynsk
ID: 31601175
Hube02,
Many thanks
0
 
LVL 18

Expert Comment

by:Hube02
ID: 24805344
That should be:

 "it is NOW of by default"

sorry for the typo that completely changes the meaning of the sentence :S
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question