I have the following HTML code:
<form method="post" action="">
<b>Name: <input type="text" name="username" size="20" />
<input type="submit" value="Login" name="login" />
</form>
and:
<?php
if(isset($_POST['login'])){
$check = $_POST['username'];
?>
Whenever a user submits his username, the user should receive his username back but with the following modifications:
1) *Sapce bars will be replaced with "_"
2) *All letters will become non-capital letters.
Example:
Username: "I Like Icecream"
Result:
i_like_icecream
The message should be displayed to the user as an variable through an echo.
echo "$result";
I was thinking about doing it with preg_repalce, but didn't really manage to since I am not familiar with it very well. Any help will be appriciated.
preg_replace() is way too powerful but way expensive for this task. The patterns you need to change are constant, so you're better of using str_replace() and mb_strtolower()
$encoding = 'UTF-8'; // optional
$name = $_POST['usernamename']
$name = str_replace(' ', '_', $name);
$name = mb_strtolower($name, $encoding); // or $name = mb_strtolower($name); if you don't specify encoding
Related
I have some problem with XSS scan on sitelock. They said that some of URL from html input form is vulnerable. They said each parameters which I sent through the form was vulnerable. In this case the vulnerability is from Paypal input form. I build my website with Paypal redirect so the user will input their own data into the form and the system will send it to paypal. This is the example of my form code:
<div class="col-md-5">
<input type="text" class="form-control" name="L_PAYMENTREQUEST_FIRSTNAME" id="L_PAYMENTREQUEST_FIRSTNAME" value="<?=$_SESSION['post_value']['shipping_first_name']?>" readonly="readonly">
</div>
<input type="hidden" name="billing_first_name" value="<?=$_POST['billing_first_name']?>">
<input type="hidden" name="billing_last_name" value="<?=$_POST['billing_last_name']?>">
<input type="hidden" name="billing_email" value="<?=$_POST['billing_email']?>">
<input type="hidden" name="billing_phone" value="<?=$_POST['billing_phone']?>">
<input type="hidden" name="billing_address" value="<?=$_POST['billing_address']?>">
<input type="hidden" name="billing_city" value="<?=$_POST['billing_city']?>">
<input type="hidden" name="billing_postcode" value="<?=$_POST['billing_postcode']?>">
<input type="hidden" name="billing_state" value="<?=$_POST['billing_state']?>">
That is some part of my form. What I want to know is whats wrong with that form and how to prevent Sitelock to scan XSS vulnerability ? Please anyone knows could help me.
I would also recommend using the HTTP header.
X-XSS-Protection: 1; mode=block
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
you probably dont check/nullify the data you are getting in the input fields
and by typing <script>alert('hacked')</script> in billing_address field
on next page where you print the billing_address you will get a popup window calling hacked
On the page that process your form you should validate that input fields doesn't have any javascript code.
for example
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
you need to create a function like test_input and run for all your input fields
I'm migrating from codeigniter to Fat-Free (F3) and trying to get my head around the quirks.
Regarding the following form:
<form ACTION = "<?php echo $_SERVER['PHP_SELF'];?>" METHOD="POST">
<input type="text" name="theirName" value="" required="required">
...
In standard PHP I get the POST value like this:
$name = $_POST['theirName'];
Or in codeignitor:
echo form_open('someclass/some_method_of_someclass');
$name = $this->input->post('name');
How do I get data from a form in a view in f3/fatfree?
You can get it from the Hive:
$name = $f3->get('POST.name');
newbie here
I am currently attempting to build a simple contact form to learn how best to build one. I've tried to make several fields required (name, email, do you like spam radio button). The required html5 element isn't working for me or I am not implementing it correctly based on what i've read here, on google and other places. Likewise the error/require messages don't display if someone attempts to submit a message. Instead the form goes through on submit even if NO content anywhere has been entered. I built this yesterday and have been working on the errors for about 24 hours now and am hoping to find some help here.
I currently am returning no errors, the form sends all information entered as hoped, but it also sends if NO information is entered and that doesn't seem like the best possible form to me. I've tried to build a function to help the required, but that doesn't seem to be working either.
Again, i'm new so if my mistakes are obvious and silly, please help em to understand them, that would be greatly appreciated.
current example can be found here
My code:
<!-- For PoohPot -->
<style TYPE="text/css">
input[type="text"]#website { display: none; }
input#website { display: none; }
.vSmall {font-size: 50%; text-align: center;}
</style>
<script>
$('form').submit(function(){
if ($('input#website').val().length != 0) {
return false;
}
});
</script>
<?php
//template.php
include '_inc/config.php';//holds arrays, et al.
include '_inc/functions.php';//holds functions that call arrays, etc
include '_inc/head.php';//Begin Document
//include '_inc/header.php';//Begin Content
?>
<article class="container box style3">
<header>
<img src="_img/icons/icon_lg-max-o-matic2.png" alt="php icon">
<h2><?=NAME_SITE?></h2>
<p>Spam Survey</p>
</header>
<?php
$to = "chezshire#gmail.com";
$subject="Spam Survey";
//----- end conf ----- //
// define variables and set to empty values
$nameErr = $emailErr = $spamErr = "";
$userName = $userEmail = $userMessage = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["userName"]))
{$nameErr = "* Name is required";}
else
{$name = testInput($_POST["userName"]);}
if (empty($_POST["userEmail"]))
{$emailErr = "* Email is required";}
else
{$email = testInput($_POST["userEmail"]);}
if (empty($_POST["spamErr"]))
{$emailErr = "* You must select an option";}
else
{$email = testInput($_POST["userEmail"]);}
if (empty($_POST["userMessage"]))
{$comment = "";}
else
{$comment = testInput($_POST["userMessage"]);}
}
if(isset($_POST['userName']))
{//data is submitted, show it
//echo $_POST['userName'];
$text = 'From: ' . $_POST['userName'] . PHP_EOL;
//$text .= $_POST['Comments']; //add on to text
$text .= process_post(); // uses proces_post to handle comments and stuff
$from = $_POST['userEmail'];
/*
echo '<pre>';
var_dump($_POST);
echo '</pre>';
*/
//domain spoofing controls
$headers = 'From: noreply#max-o-matic.com' . PHP_EOL . //from where formhandler sits
'Reply-To: ' . $from . PHP_EOL . //where replies are to go to
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $text, $headers); //from becomes headers
echo '<div class="row">
<div class="12u">
<p>Thanxs!</p>
<p>
<br />RESET
</p>
</div>
</div>
</article>
';
/*
echo '<pre>';
var_dump($_POST);
echo '</pre>';
*/
}else{//no data, show form
echo '
<form action="' . THIS_PAGE . '" method="post">
<div class="row half">
<div class="6u">
<input type="text" class="text" name="userName" placeholder="Name?" required autofocus />
<span class="error"><?php echo $nameErr;?></span>
</div>
<div class="6u">
<input type="text" class="text" name="userEmail" placeholder="Email" required />
<span class="error"><?php echo $emailErr;?></span>
</div>
</div>
<div class="row half">
<div class="6u">
Do you like spam?<br />
<input type="radio" name="Please_Spam_Me" value="YES!" required value="1" />Yes<br />
<input type="radio" name="Please_Spam_Me" value="NO!" />No<br />
<span class="error"><?php echo $spamErr;?>
</div>
<div class="6u">
How much Spam is too much?<br />
<input type="checkbox" name="checkbox-group" class="group-required" id="checkbox-group-id" value="6+" >6 or more<br />
<input type="checkbox" name="checkbox-group" value="2+">2 to 5<br />
<input type="checkbox" name="checkbox-group" value="Any">ANY<br /><br />
</div>
</div>
<!--For Winnie the Pooh -->
<input id="website" name="website" type="text" value"Website" />
<div class="row half">
<div class="12u">
<textarea name="userMessage" placeholder="What is your opinion on Spam?"></textarea>
</div>
</div>
<div class="row">
<div class="12u">
<ul class="actions">
<li>SEND!</li>
<input type="submit" />
</ul>
<p class="vSmall">
* Please note, instead of a reCaptcha I build my own \'honeypot\' from scratch.
</p>
</div>
</div>
</form>
</article>
';
}
function testInput($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// this is a function
function process_post()
{//loop through POST vars and return a single string
$myReturn = ''; //set to initial empty value
foreach($_POST as $varName=> $value)//$_POST is an array
{#loop POST vars to create JS array on the current page - include email
$strippedVarName = str_replace("_"," ",$varName);#remove underscores
if(is_array($_POST[$varName]))
{#checkboxes are arrays, and we need to collapse the array to comma separated string!
$myReturn .= $strippedVarName . ": " . implode(",",$_POST[$varName]) . PHP_EOL;
}else{//not an array, create line
$myReturn .= $strippedVarName . ": " . $value . PHP_EOL;
}
}
return $myReturn;
}
include "_inc/footer.php";//End Content/Document
?>
If you're trying to use HTML5 stuffs then you need the HTML5 doctype. Place this at the start of your output and see what happens:
<!DOCTYPE html>
Also, typo value"Website" should be value="Website"
I've spent most of today and all of yesterday just trying to get a simple, basic send-to-email PHP code to work. Here is the code I've tried putting together myself after extensively researching, checking, and editing based on a lot of other threads I've read on this website and on other sites.
<?php
$to='dustedpages#gmail.com';
$subject='Commission Inquiry';
$email = $_REQUEST['Email'] ;
$headers = "From: $email";
$sent = mail($to, $subject, $message, $headers) ;
$message="Name: ".$name. "\r\n" . "Email: " .$email . "\r\n" . "Username: " .$user . "\r\n" . "Type: ".$position. "\r\n" . "Add-Ons: ".$addons. "\r\n" . "Price: ".$price. "\r\n" . "Brief Description: ".$briefdesc;
$name=$_POST['FirstName'],['LastName'];
$email=$_POST['Email'];
$user=$_POST['User'];
$position=$_POST['position'];
$addons=$_POST['cat'],['dog'];
$price=$_POST['price'];
$desc=$_POST['briefdesc'];
if($sent)
{print "Your mail was sent successfully. Please be patient and the artist will contact you soon. Thanks!"; }
else
{print "We encountered an error sending your mail"; }
?>
There is actually a LOT more form data than just that basic information, but I cannot even get the basic information to show up. For the portion of html codes it is pulling from, here is some of what it looks like.
<!--NAME-->
</li> <li id="li_2" >
<label class="description" for="element_2">Name </label>
<span>
<input onkeypress="return handleEnter(this, event)" id="element_2_1" name="FirstName" class="element text" maxlength="255" size="14" value=""/>
<label>First</label>
</span>
<span>
<input onkeypress="return handleEnter(this, event)" id="element_2_2" name="LastName" class="element text" maxlength="255" size="18" value=""/>
<label>Last</label>
</span>
<p class="guidelines" id="guide_2"><small>Please fill this in as the name I will see on Paypal.</small></p>
<!--EMAIL-->
</li> <li id="li_1" >
<label class="description" for="element_1">Email </label>
<div>
<input onkeypress="return handleEnter(this, event)" id="element_1" name="Email" class="element text medium" type="text" maxlength="255" value=""/>
</div>
<p class="guidelines" id="guide_1"><small>Your Paypal email</small></p>
<!--USERNAME-->
</li> <li id="li_3" >
<label class="description" for="element_3">DA/Tumblr Username </label>
<div>
<input onkeypress="return handleEnter(this, event)" id="element_3" name="User" class="element text medium" type="text" maxlength="255" value=""/>
</div>
<p class="guidelines" id="guide_3"><small>If you have an account on either Deviantart or Tumblr and wish to be credited in the commission description, please note it here.</small></p>
</li>
<p>
<!--POSITION TYPE-->
</li> <li id="li_26" >
<label class="description" for="element_26">Comm. Type </label>
<div>
<select class="element select medium" id="element_26" name="position">
<option value="" selected="selected"></option>
<option value="1" >Bust</option>
<option value="2" >Waist</option>
<option value="3" >Full-Body</option>
</select>
</div>
<p class="guidelines" id="guide_26">
<small>Please choose what position you wish for your character(s) to be viewed from. Price will change depending on what type you choose.</small></p>
<!--ADD ONS-->
</li> <li id="li_27" >
<label class="description" for="element_27" name="addons">Add-Ons </label>
<span>
<input name="cat" type="checkbox" onClick="return KeepCount()">
+1 Character<br>
<input name="dog" type="checkbox" onClick="return KeepCount()">
+2 Characters
I have multiple fields (such as the First and Last Name) that I need to be one single variable in the email code, and I need to be able to display all of the filled out form fields in an email. I can't even get more than one variable to show up at this point.
Also the form itself includes selects, checkboxes, textareas, and image uploads. I haven't even gotten to that point - I'm just trying to make some of the basic information show up right now. I'm very familiar with HTML and Javascript, just not so much PHP, though I've worked with it before. Some of the form data is used in Javascript code on the same page as the HTML, also. The actual PHP data is on a separate file that my form pulls from.
I think what's happening is you're attempting to use variables before they have the value you would like. Try something like the following and let me know how it goes.
<?php
$to = 'dustedpages#gmail.com';
$subject = 'Commission Inquiry';
$headers = "From: $email";
$fname = $_POST['FirstName'];
$lname = $_POST['LastName'];
$email = $_POST['Email'];
$user = $_POST['User'];
$position = "CHANGE-ME";
$addons = "CHANGE-ME";
$price = "CHANGE-ME";
$briefdesc = "CHANGE-ME";
$message = "Name: ".$fname.", ".$lname."\r\n";
$message .= "Email: $email \r\n";
$message .= "Username: $user \r\n";
$message .= "Type: $position \r\n";
$message .= "Add-Ons: $addons \r\n";
$message .= "Price: $price \r\n";
$message .= "Brief Description: $briefdesc \r\n";
$sent = mail($to, $subject, $message, $headers);
if($sent) {
echo "Success";
}
else {
echo "Failure";
}
?>
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 9 years ago.
My freshly updated website has a contact form with php mail script which I based on the form script here.
The script is saved on my webserver, but when data is submitted, no mails are sent as there is a fault in line 10.
I honestly don't understand enough to pinpoint my error - can someone help a newbie out?
I found a temporary replacement by using Bravenet, but I'd like to use my unbranded version, if simple php scripts are as simple as they seem…
My script (kontakt.php) looks like this:
<?php
/* Set e-mail recipient */
$myemail = "edw#rdturner.co.uk";
/* Check all form inputs using check_input function */
$name = check_input($_POST['name'], "Ihr Name");
$email = check_input($_POST['email'], "Ihre E-Mail-Adresse");
$kontaktnummer = check_input($_POST['kontaktnummer']);
$thema = check_input($_POST['them']);
$message = check_input($_POST['message']), "Worum geht's?");
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email))
{
show_error("E-mail-Adresse ungültig");
}
/* Let's prepare the message for the e-mail */
$message = "Hallo!
Ihr Form ist unterwegs…:
Name: $name
E-Mail-Adresse: $email
Kontaktnummer: $kontaktnummer
Frage zum Thema? $thema
Nachricht: $message
Comments:
$comments
End of message
";
/* Send the message using mail() function */
mail($myemail, $subject, $message);
/* Redirect visitor to the thank you page */
header('Location: danke.htm');
exit();
/* Functions we used */
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>
<html>
<body>
<b>Hier stimmt was nicht - bitte prüfen!</b><br />
<?php echo $myError; ?>
</body>
</html>
<?php
exit();
}
?>
and my submission form like this:
<form method="post" enctype="multipart/form-data" action="http://pub14.bravenet.com/emailfwd/senddata.php" accept-charset="utf-8">
<input type="hidden" name="usernum" value="1126560145">
<input type="hidden" name="cpv" value="2">
<ol><li>
<label for="name">Name (Erförderlich)</label>
<input id="name" name="name" class="text" />
</li><li>
<label for="email">E-Mail-Adresse (Erförderlich)</label>
<input id="email" name="email" class="text" />
</li><li>
<label for="kontaktnummer">Kontaktnummer (Erförderlich)</label>
<input id="kontaktnummer" name="kontaktnummer" class="text" />
</li><li>
<label for="thema">Fragen zum Thema (Erförderlich)</label></br>
<input type="checkbox" name="thema" value="unterricht" /> Unterricht</br>
<input type="checkbox" name="thema" value="übersetzungen" /> Übersetzungen</br>
<input type="checkbox" name="thema" value="dolmetschen" /> Dolmetschen</br>
<input type="checkbox" name="thema" value="faß" /> Englsich vom Faß</br>
<input type="checkbox" name="thema" value="anders" /> Andere
</li><li>
<label for="message">Worum geht's? (Erförderlich)</label>
<textarea id="message" name="message" rows="8" cols="50"></textarea>
</li><li>
<input type="image" name="imageField" id="imageField" src="images/submit.gif" class="send" />
<div class="clr"></div>
</li></ol>
</form>
Naturally I'll need to tweak the html to reflect the newly working script… but how?
Thanks in advance
Edd Turner
$message = check_input($_POST['message']), "Worum geht's?");
to
$message = check_input($_POST['message'], "Worum geht's?");
There is a ) in the wrong place.
$message = check_input($_POST['message']), "Worum geht's?");
Excessive ), try $message = check_input($_POST['message'], "Worum geht's?");'
Check out the extra ')'. The error is in this line.
Change
$message = check_input($_POST['message']), "Worum geht's?");
to
$message = check_input($_POST['message'], "Worum geht's?");