jarednz

Hi all I was wondering if someone could take a quick peak at my code and let me know if I have any major security flaws in my code. Such as any variables that could be hijacked for any injection or methods that could be used to get access to our web server, that sort of stuff. Its a simple contact form built in php, takes values from fields in a form and posts it to an email address. There is no database back end. <?php function validEmail($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } if ($isValid && !(myCheckDNSRR($domain,"MX") || myCheckDNSRR($domain,"A"))) { // domain not found in DNS $isValid = false; } } return $isValid; } function myCheckDNSRR($hostName, $recType = '') { if(!empty($hostName)) { if( $recType == '' ) $recType = "MX"; exec("nslookup -type=$recType $hostName", $result); // check each line to find the one that starts with the host // name. If it exists then the function succeeded. foreach ($result as $line) { if(eregi("^$hostName",$line)) { return true; } } // otherwise there was no mail handler for the domain return false; } return false; } $name = trim($_REQUEST['name']); $emailCheck = trim($_REQUEST['email']); $phone = trim($_REQUEST['phone']); $EnquirySubject = $_REQUEST['EnquirySubject']; $queryComments = trim($_REQUEST['queryComments']); switch ($_REQUEST['EnquirySubject']) { case "General land information": $checkedSubject0 = 'checked="checked"'; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "How to order a land record, eg. Title": $checkedSubject0 = ""; $checkedSubject1 = 'checked="checked"'; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Geodetic mark updates and information": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = 'checked="checked"'; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "online": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = 'checked="checked"'; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Maps": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = 'checked="checked"'; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Hydrographic information": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = 'checked="checked"'; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Our website": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = 'checked="checked"'; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "OIA Requests": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = 'checked="checked"'; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Survey Mark Protection Service": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = 'checked="checked"'; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Report damage or disturbance to survey marks": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = 'checked="checked"'; $checkedSubject10 = ""; $checkedSubject11 = ""; break; case "Recommendations for additional survey control": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = 'checked="checked"'; $checkedSubject11 = ""; break; case "Other": $checkedSubject0 = ""; $checkedSubject1 = ""; $checkedSubject2 = ""; $checkedSubject3 = ""; $checkedSubject4 = ""; $checkedSubject5 = ""; $checkedSubject6 = ""; $checkedSubject7 = ""; $checkedSubject8 = ""; $checkedSubject9 = ""; $checkedSubject10 = ""; $checkedSubject11 = 'checked="checked"'; break; } function displayForm($name, $email, $phone, $EnquirySubject, $queryComments, $checkedSubject0, $checkedSubject1, $checkedSubject2, $checkedSubject3, $checkedSubject4, $checkedSubject5, $checkedSubject6, $checkedSubject7, $checkedSubject8, $checkedSubject9, $checkedSubject10, $checkedSubject11, $phoneError) { //make $emailCheck global so function can get value from global scope. global $emailCheck; //name echo '<form action="index.php" method="post" name="contact" id="contact">'."\n". '<fieldset>'."\n". '<div>'."\n". '<label for="name">Your name:</label>'."\n". '<input type="text" name="name" id="name" class="inputText required" value="'. $name .'" />'."\n"; //check if name field is filled out if (isset($_REQUEST['submit']) && empty($name)) { echo '<label for="name" class="error">Please enter your name.</label>'."\n"; } echo '</div>'."\n". '<div>'."\n"; //Email echo '<label for="email">Your email:</label>'."\n". '<input type="text" name="email" id="email" class="inputText required email" value="'. $emailCheck .'" />'."\n"; // check if email field is filled out and proper format if (isset($_REQUEST['submit']) && validEmail($emailCheck) == false) { echo '<label for="email" class="error">Invalid email address entered.</label>'."\n"; } echo '</div>'."\n". '<div>'."\n"; //phone echo '<label for="phone">Your phone number:</label>'."\n". '<input type="text" name="phone" id="phone" class="inputText" value="'. $phone .'" />'."\n". '<span class="mandatory small">(optional)</span>'; // check if phone field is filled out that it has numbers and not characters if (isset($_REQUEST['submit']) && $phoneError == "true") { echo '<label for="email" class="error">Please enter a valid phone number.</label>'."\n"; } echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n"; //subect of enquiry echo '<p style="padding-left: 1em">Subject of your enquiry:</p>'; // check if email field is filled out and proper format if (isset($_REQUEST['submit']) && empty($EnquirySubject)) { echo '<label class="error" style="float: none !important;clear:both">These fields are required.</label><br />'."\n"; } echo '<div class="radioError"></div>'; echo '<p><label class="contactRadio" for="Subject_0"><input type="radio" name="EnquirySubject" value="General land information" id="Subject_0" '. $checkedSubject0 .' /> General land information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_1"><input type="radio" name="EnquirySubject" value="How to order a land record, eg. Title" id="Subject_1" '. $checkedSubject1 .' /> How to order a land record, eg. Title</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_2"><input type="radio" name="EnquirySubject" value="Geodetic mark updates and information" id="Subject_2" '. $checkedSubject2 .' /> Geodetic mark updates and information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_3"><input type="radio" name="EnquirySubject" value="online" id="Subject_3" '. $checkedSubject3 .' /> online</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_4"><input type="radio" name="EnquirySubject" value="Maps" id="Subject_4" '. $checkedSubject4 .' /> Maps</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_5"><input type="radio" name="EnquirySubject" value="Hydrographic information" id="Subject_5" '. $checkedSubject5 .' /> Hydrographic information</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_6"><input type="radio" name="EnquirySubject" value="Our website" id="Subject_6" '. $checkedSubject6 .' /> Our website</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_7"><input type="radio" name="EnquirySubject" value="OIA Requests" id="Subject_7" '. $checkedSubject7 .' /> OIA Requests</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_8"><input type="radio" name="EnquirySubject" value="Survey Mark Protection Service" id="Subject_8" '. $checkedSubject8 .' /> Survey Mark Protection Service</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_9"><input type="radio" name="EnquirySubject" value="Report damage or disturbance to survey marks" id="Subject_9" '. $checkedSubject9 .' /> Report damage or disturbance to survey marks</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_10"><input type="radio" name="EnquirySubject" value="Recommendations for additional survey control" id="Subject_10" '. $checkedSubject10 .' /> Recommendations for additional survey control</label>'."\n\r". '<br />'."\n\r". '<label class="contactRadio" for="Subject_11"><input type="radio" name="EnquirySubject" value="Other" id="Subject_11" '. $checkedSubject11 .' /> Other</label>'."\n\r". '<br /></p>'; echo '</div>'."\n". '<div>'."\n"; //comment/query echo '<label class="queryComments" for="queryComments">Query/Comments:</label>'."\n". '<textarea name="queryComments" id="queryComments" class="required">'. $queryComments .'</textarea>'."\n"; //check if message field is filled out if (isset($_REQUEST['submit']) && empty($_REQUEST['queryComments'])) { echo '<label for="queryComments" class="error">This field is required.</label>'."\n"; } echo '</div>'."\n". '</fieldset>'; echo '<div class="submit"><input type="submit" name="submit" value="Submit" id="submit" /></div>'. '<div class="clear"><p><br /></p></div>'. '<p class="contact-form">If you have a problem using this form please email us at <a href="mailto:blah@blahblahblahhblah.com">blah@blahblahblahhblah.com</a></p>'. '</form>'."\n"; } if (isset($_REQUEST['submit']) && !empty($_REQUEST['phone']) && !is_numeric($_REQUEST['phone'])) { $phoneError = "true"; } if(empty($name) || empty($emailCheck) || empty($EnquirySubject) || empty($queryComments) || validEmail($emailCheck) == false || $phoneError == "true") { displayForm($name, $email, $phone, $EnquirySubject, $queryComments, $checkedSubject0, $checkedSubject1, $checkedSubject2, $checkedSubject3, $checkedSubject4, $checkedSubject5, $checkedSubject6, $checkedSubject7, $checkedSubject8, $checkedSubject9, $checkedSubject10, $checkedSubject11, $phoneError); } else { //send email $to = "blah@blahblahblahhblah.com"; $subject = "$EnquirySubject - Contact Feedback from the website"; $message = "Name: $name \n\r" . "Phone Number: $phone \n\r" . "Message: $queryComments"; $headers = "From: $name <$emailCheck>"; mail($to, $subject, $message, $headers ); echo '<div id="thankyoubox">'; echo '<h2>Thank you</h2>'; echo '<p>Thank you for submitting the contact us form. If you have requested information we will get back to you within 10 working days.</p>'; echo '</div>'; } ?> Appreciate your help and constructive criticism Apologies in advanced if I posted this in the wrong forum, but testing on this would also be appreciated if I missed a a task that a user could do in the form that relates to validation etc. cheers Jared

bump ;p

Hi PHP Version 4.3.3 I have 2 forms, one for a message/contact details from the user and also a mini form that allows the user to upload files to my server. My code for the uploading process is fine and dandy. It uploads the file to the server and then stores the file name into an array called "$_SESSION['filearray']". When it gets time for the user to submit the entire form everything should be picked up from the session filearray and emailed off to the designated email address. This works fine and I have no problem with getting the message details or recieving the email But the multi attachments seem to be a problem, rather than attaching everything in the filearray it seems to only take the last file in the array. My code below // set the max number of uploads $count = count($_SESSION['filearray']); $max_uploads = $count; $cur = 0; while ($max_uploads > $cur) { $path_parts[$cur] = pathinfo($DOCUMENT_ROOT.'/tls/form_template/wcr/upload/' . $_SESSION['filearray'][$cur]); $fileatt[$cur] = $DOCUMENT_ROOT.'/tls/form_template/wcr/upload/' . $_SESSION['filearray'][$cur]; $fileatt_type[$cur] = $path_parts[$cur]['extension']; $fileatt_name[$cur] = $path_parts[$cur]['basename']; $file = fopen($fileatt[$cur],'rb'); $data = fread($file, filesize($fileatt[$cur])); fclose($file); // Base64 encode the first file data $data = chunk_split(base64_encode($data)); // Add the file attachment to the message $message .= "--{$mime_boundary}\n" . "Content-Type: {$fileatt_type[$cur]};\n" . " name=\"{$fileatt_name[$cur]}\"\n" . //"Content-Disposition: attachment;\n" . //" filename=\"{$fileatt_name.$cur}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data; $cur++; } I've been playing around for a few days now just trying things with the while and renaming variables that kind of stuff, even using print_r to check if its getting everything from the session array(and it is!) but yet still I only get 1 file attachment in the email result. Here is also a print of the mime headers that the email sends out.. To: me Subject: email script test: Wednesday 15th August 2007 12:49:58 PM From: <> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==Multipart_Boundary_x729049da69970177489bac19aa0d9a3ex" This is a multi-part message in MIME format. --==Multipart_Boundary_x729049da69970177489bac19aa0d9a3ex Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message details etc etc helloworld12345 --==Multipart_Boundary_x729049da69970177489bac19aa0d9a3ex Content-Type: txt; name="New Text Document.txt" Content-Transfer-Encoding: base64 --==Multipart_Boundary_x729049da69970177489bac19aa0d9a3ex Content-Type: txt; name="New Text Document (2).txt" Content-Transfer-Encoding: base64 As you can see it is setting the boundarys for all the files and is picking the names up from the array but only 1 file gets attached. I'm lost. My theories are I'm stuffing my boundaries up, or my loop just plain outright sucks Could someone please shed some light, banging my head around on this one. TIA. Jared

Damn.. I was close haha. Awesome mate, exactly what I needed. Thanks so much... case closed

sort of same way, except of course my table would have another colum to accomodate the new group of codes. Essential what I have now is fine and dandy, I just need to know how to get a new array of codes into my "ar Array()".

Nope, i've specified all the tables in use, I think I didn't properly display the group code table however, whoops :/ What I probably haven't made clear is.. each code belongs to a group in the group code table labeled such as code 1 | group 1 code 2 | group 1 code 3 | group 2 code 4 | group 2 etc etc my query divides all the codes into the relevant groups, but I'm only pulling one set of group codes in my array and I'm now trying to add in the 2nd group codes. I hope that makes sense I realise I'm a bit vague.. apologies for this. So basically.. I just want to add a seperate amount of data(codes) to my "ar Array()" from the same table (i have this data in my query already).

I'm not having much luck here mate could you please provide some more help I'd really appreciate it. This is my code now $ar = array(); while ($arraylist = list($text, $groupcode1, $groupcode2) = mysql_fetch_row($delQuery)) { $ar[$delegation][] = $groupcode1; $ar[$delegation][$groupcode1][] = $groupcode2; } my loops foreach ($ar as $text => $groupcode1) { echo "<tr>\n"; //text references echo "\t<td valign=\"top\">"; echo $delegation; echo "</td>\n"; //group codes echo "<td align=\"center\">"; echo join("<br />", $groupcode1); echo "</td>\n"; echo "<td align=\"center\">"; foreach ($ar as $text => $groupcode2) { echo join("<br />", $groupcode2); } echo "</td>\n"; but when i display my result in my table text | group 1 | group 2 ------------------------------------------- blahblah123 | code1 | code1 | Array | Array | code2 | Array | Array | code2 | | Array ------------------------------------------- And it just repeats that all over my table. I am stuffing my loops I know, I'm just not sure how to iterate my array properly. TIA Regards.

I'm just working out how to add a second array of data into the main array at moment. But hoping GROUP_CONCAT will sort out this and I won't have to do much iterating over arrays for my data. Once again, thanks for your help

Just another quick question, if I wanted to make that array in your code even deep with another set/group of codes. How would I do that? Is there a way I can iterate over the array for more than 1 set of codes as its doing just fine now, but I have another column of codes that needs to be inputed. I did manage to add the extra set of codes to the list() by adding another variable. and I checked the list to see if the data was in there and it was. (all good so far). But not sure how to iterate over the array to pick out my new set of codes. Appreciate some more help. Thanks.

Thanks exactly what I needed. Btw I've never used join() before... I looked it up in manual and it says "alias of implode()" is there a reason to use the function join() over implode() or just personal preference? I wonder though if this task is better suited to be off in the database or not.. I heard group_concat might have done the trick. But thanks anyways mate.

Hi I have 3 tables 1 table for holding text codes 1 table for holding text references and my relationship table that holds all the foreign keys. displayed as such. code table: [code] id | code ------------------ 1 | code1 2 | code2 3 | code3 text reference table: id | text_ref -------------------- 1 | hello world 2 | world hello 3 | blah blah12345 relationship table (where I do my select) text_id | code_id --------------------- 1 | 1 1 | 2 2 | 1 2 | 3 My relationship table has duplicate text ids because there is multiple codes relating to a text reference. so far I have a query like this SELECT tr.text, FROM text_data LEFT JOIN text_codes AS group1 ON group1.id = code_id LEFT JOIN text_reference AS tr ON tr.id = text_id ORDER BY text_id Now this query will return the right data, but obviously will display: text | code ---------------------------- hello world | code1 hello world | code2 blah blah12345 | code1 blah blah12345 | code2 blah blah12345 | code3 I want to display a result as: text | code ---------------------------- hello world | code1, code2 blah blah12345 | code1, code2, code3 How can I attempt to join all the codes to a distinct text reference? I am trying everything I know with loops and arrays but with no luck. Appreciate some help, TIA. [/code]

bah sorted. Not a spelling problem though.  ???

file = main_api.php [code] $database = "blah"; [/code] [code] function dbConnect() { global $database, $hostname, $username, $password, $db; $db = mysql_connect($hostname, $username, $password) or die ("Error connecting to database."); mysql_select_db($database, $db) or die ("Couldn't select the database."); return $db; } [/code] returns.. [code] Undefined variable: database in d:\inetpub\www\core\main_api.php on line 48 Couldn't select the database. [/code] what am I missing here? I've specified my global variables but it still complains?