<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "entered proc_registern.php<br>";
the code isn't being runYep, there could be any number of things wrong. Â The other (calling) program might have logic in it that establishes a conditional call to this program, and the conditions are not met. Â Another program might have started output buffering and then discarded the buffers. Â Most likely it's the former. Â Try running this script all by itself, then go looking for the reasons the calling program is not running it.
These are the first 4 lines in a php program (called from another).How is this code "called"?
<form method="post" name="st" action="proc_registern.php" onSubmit = "return chk_vals();">
function chk_vals() {
if (document.st.fname.value == "" || document.st.lname.value == "" || document.st.company.value == "" || document.st.email.value == "" || document.st.pwd.value == "" || document.st.city.value == "") {
alert ("Please complete all required fields.");
return false;
}
if (!is_email(document.st.email.value)) {
alert("Invalid email address.");
return false;
}
if (document.st.country.options[0].selected) {
alert ("Please specify Country.");
return false;
}
ctry = document.st.country.value;
if (ctry == "United States" || ctry == "Mexico" || ctry == "Canada") {
if (document.st.state.options[0].selected) {
alert("Please specify State or Province.");
return false;
}
}
if (document.st.pwd.value != document.st.cpwd.value) {
alert("Passwords do not match.")
return false;
}
if (document.st.pwd.value != "") {
pw = document.st.pwd.value;
if (pw.length < 8) {
alert("Password length must be at least 8.");
return false;
}
} else {
alert("Please either enter a password.");
return false;
}
return true;
}
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "entered proc_registern.php<br>";
function gen_rand() {
$p = "";
for ($j = 0; $j < 6; $j++) {
$n = rand(1,62);
if ($n < 11) {
$p = $p . ($n - 1);
}
// upper case
if ($n > 10 && $n < 37) {
$c = chr($n - 10 + 64);
$p = $p . $c;
}
// lower case
if ($n > 36) {
$c = chr($n - 36 + 96);
$p = $p . $c;
}
}
return $p;
}
$cwd = getcwd();
$lnc = strlen($cwd);
$l4cwd = substr($cwd,$lnc-4,4);
if ($l4cwd == "/dev") {
$locusr = "/dev/userok.php";
$locnet = "/dev/net_ok.php";
$locver = "/dev/verify_user.php";
} else {
$locusr = "/userok.php";
$locnet = "/net_ok.php";
$locver = "/verify_user.php";
}
$state = $_POST['state'];
session_start();
// check captcha
echo "posted security = " . $_POST['security_code'] . "<br>";
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] )) {
$formok = true;
}
// captcha bad
if (! $formok) {
$str = "&fn=" . $_POST['fname'] . "&ln=" . $_POST['lname'] . "&tt=" . $_POST['title'] +. "&co=" . $_POST['company'] . "&ph=" . $_POST['phone'] . "&em=" . $_POST['email'] . "&city=" . $_POST['city'] . "&pwd=" . $_POST['pwd'] . "&cpwd =" . $_POST['cpwd'];
header("Location: registern.php?bad=1" . $str);
}
include "db_connect.php";
$qry = "SELECT * from registered_users where email = '" . $_POST['email'] . "' and affilliation = '" . $_POST['company'] . "'";
$res = mysqli_query($link, $qry);
$nr = mysqli_num_rows($res);
$qryk = "SELECT * from parms";
$resk = mysqli_query($link, $qryk);
$p = mysqli_fetch_array($resk,MYSQLI_ASSOC);
$key = $p['hkey'];
$gpwd = false;
if ($nr != 0) {
// already registered
header("Location: index.php?isuser=y");
exit;
} else {
$pwd = $_POST['pwd'];
$slnl = "N";
if ($_POST['slnl'] == "on") {
$slnl = "Y";
}
// send email to lakos admin (me first)
require_once('class.phpmailer.php');
// change to save values in temp db table
// hash the pwd
$code = gen_rand();
$hpwd = hash_hmac('ripemd160', $pwd, $key);
$qryi = "INSERT into registered_users (lastname, firstname, email, pwd, affilliation, phone, country, state, city, ccode, date_reg, subs) VALUES('" . $_POST['lname'] . "', '" . $_POST['fname'] . "', '" . $_POST['email'] . "', '" . $hpwd . "', '" . $_POST['company'] . "', '" . $_POST['phone'] . "', '" . $_POST['country'] . "', '" . $state . "', '" . $_POST['city'] . "', '" . $code . "', '" . date('Y-m-d') . "', '" . $slnl . "')";
//echo "insert qry = " . $qryi . "<br>";
$resi = mysqli_query($link, $qryi);
// update to allow pricing rights if email is in auto_pricing
//$qryap = "SELECT * from pricing_rights where email = '" . $_POST['email'] . "'";
//$resap = mysqli_query($link, $qryap);
//$nap = mysqli_num_rows($resap);
//if ($nap != 0) {
//$qryur = "UPDATE registered_users set see_pricing = 'Y' where email = '" . $_POST['email'] . "'";
//$resur = mysqli_query($link, $qryur);
//}
$nap = 0;
// welcome email to registrant
$mail1 = new PHPMailer(); // defaults to using php "mail()"
$mail1->isSMTP(); // telling the class to use SMTP transport
$body = "";
$mail1->SetFrom('noreply@lakos.com');
$mail1->Subject = "Verify your Email - Lakos HVAC Product Configurator";
$mail1->AddAddress($_POST['email']);
$body = "Dear " . $_POST['fname'] . ",<br><br>";
$body = $body . "Thank you for registering your account at Lakos HVAC Product Configurator. We need to verify your email address before you can fully register. <br><br>";
$body = $body . "Please click on the link below to verify your email<br><br>";
$body = $body . "<a href='https://www.lakoshvac.com" . $locver . "?email=". $_POST['email'] . "'>verify your email</a><br><br>";
$body = $body . "Thank you,<br><br>";
$body = $body . "The Lakos Product Configurator Team";
$mail1->MsgHTML($body);
if(!$mail1->Send()) {
echo "Mailer Error: ". $mail1->ErrorInfo;
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<title>Lakos Configuration Tool - Registered User Application</title>
<style>
.nopadding {
padding: 0 !important;
margin: 0 !important;
}
.wrapper{
max-width:1100px;
min-width:900px;
margin:0 auto;
}
#dialog { text-align:center; }
.custom-overlay { background-color: black; background-image: none; opacity: 0.4; }
</style>
<script>
cwd = "<? print $cwd; ?>";
lnc = cwd.length;
l4cwd = cwd.substr(lnc-4,4);
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-5238882-1', 'auto');
ga('send', 'pageview');
$(function() {
$('#resendEmail').click(function() {
var data1 = "<? print $_POST['email']; ?>";
var data2 = "<? print $_POST['fname']; ?>";
$.ajax({
url: "registrant_email.php",
data: "email=" + data1 + "&fname=" + data2,
type: "post", //can be get or post
success: function(data) {
if(data.trim() === "1") {
alert("Your email has been re-sent'");
}
else {
alert("there was an issue sending the email");
}
}
});
return false;
});
});
$(document).ready(function() {
$('#showDialog').click(function(e){
$('#dialog').dialog({
modal: true,
open: function() {
$('.ui-widget-overlay').addClass('custom-overlay');
},
close: function() {
$('.ui-widget-overlay').removeClass('custom-overlay');
}
});
});
});
function show_thank() {
document.getElementById("showDialog").click();
}
</script>
</head>
<body>
<button id="showDialog" style="display:none;">Show The Dialog</button>
<div id="dialog" style="display:none;">
<h1>Thank You</h1>
<p>Your email has been sent</p>
</div>
<div class="wrapper">
<div class="container-fluid" >
<div class="row">
<div class="col-sm-6 col-xs-6"><img src="images/logo.jpg"></div>
</div>
<div class="row">
<div class="col-sm-12 col-xs-12" style="padding-top:3px;"> </div>
</div>
<div class="row">
<div class="col-sm-12 col-xs-12 text-center" style="padding-top:2px; padding-bottom:2px; background-color:#0A2F98; color: white; font-size:20px"><b>HT Product Configurator</b></div>
</div>
<div class="row" style="padding-top: 50px;">
<div class="col-sm-2 col-xs-2"> </div>
<div class="col-sm-8 col-xs-8" style="font-size:20px; color:#5B9BD5;">You are almost done with your registration.<br><br>
We sent an email to the email address you provided. Please check your inbox and click the link in that email to continue using Lakos HVAC Product Configurator.</div>
<div class="col-sm-2 col-xs-2"> </div>
</div>
<div class="row" style="padding-top: 30px;">
<div class="col-sm-2 col-xs-2"> </div>
<div class="col-sm-8 col-xs-8 text-left" style="font-size:18px;"><a id="resendEmail" href="#">Click Here to resend email</a></div>
<div class="col-sm-2 col-xs-2"> </div>
</div>
<div class="row" style="padding-top: 30px;">
<div class="col-sm-2 col-xs-2"> </div>
<div class="col-sm-8 col-xs-8" style="font-size:20px; color:#5B9BD5;"><p>Why do I have to do this?</p>
<p>We want to ensure that you own your email address and someone is not impersonating you.</p><br><br>
<p>I have not received my email</p>
<p>Check your spam mailbox and ensure lakos.com is allowed to send you an email. If you registered with an incorrect email address, please re-register with the correct email address.</p><br>
Still having trouble? Contact <a href="mailto:lit@lakos.com">lit@lakos.com</a> </div>
<div class="col-sm-2 col-xs-2"> </div>
</div>
</div>
</div>
</body>
</html>
$nr = mysqli_num_rows($res);
no such function mysqli_num_rows() you want mysqli_affected_rows ($link)
name="data[email]"
name="data[fname]"
etc
Now you can get your form data in one step$data = isset($_POST['data']) ? $_POST['data'] : false;
if (is_array($data)) {
// you have a valid array so you can do your sanity checks - either directly or with a generic function that loops through the array
}
Why do none of the error checkings, etc., catch this?They are but your ISP has blocked error reporting to the screen (mine does the same) what they do is configure errors to go to an error.log file in the webroot - I can check for them there - alternatively I can place a custom PHP.INI file in the folder to override their settings and if that is not available you can always create your own custom error handler that intercepts the error and logs it.
Almost all of the 'mysqli' OOP functions have a procedural equivalentI know but I usually setup a $mysqli object that I inject all over the place I use that to do
1. adding a line above the given code (but after the <?php tag) with
Open in new window
in case that helps show what's happening2. checking any htaccess files that might call other files, to find out which code is really being run