dawndmd Posted May 20, 2008 Share Posted May 20, 2008 I know I am missing something here in my form code for the check box "custom colors" to work. Everything else in my form submits the correct info to my email but when I check the checkbox it does not send the info. Please advise. Any help is appreciated. Here is my form code: <?php $options = array("50 @ $75.00", "70 @ $99.00", "100 @ $130.00", "200 @ $260.00", "250 @ $335.00", "500 @ $640.00"); // set up options array, may be easier ways depending on data. $footer = "</body>\n</html>"; function RemoveXSS($val) { if (ini_get('magic_quotes_gpc')) { $val = stripslashes($val); } // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=@avascript:alert('XSS')> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // @ @ search for the hex values $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // @ @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are \t, \n, and \r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?'; $pattern .= '|(�{0,8}([9][10][13]);?)?'; $pattern .= ')?'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } return $val; } if (isset($_POST['submit'])) { $errors = array(); // Initialize error array. //Check for card name if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['cardname'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['bridesname']))) || !$_POST['bridesname']) { $cardname = $_POST['cardname']; } else { $errors[] = 'Please enter the name of the Card you are ordering.'; } //Check for brides name if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['bridesname'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['bridesname']))) || !$_POST['bridesname']) { $bridesname = $_POST['bridesname']; } else { $errors[] = 'Please enter your full name.'; } //Check for grooms name if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['groomsname'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['groomsname']))) || !$_POST['groomsname']) { $groomsname = $_POST['groomsname']; } else { $errors[] = 'Please enter your full name.'; } //Check for wedding date $weddingdate = nl2br(htmlspecialchars(RemoveXSS($_POST['weddingdate']))); if($_POST['weddingdate']) { $weddingdate = nl2br(htmlspecialchars(RemoveXSS($_POST['weddingdate']))); } else { $errors[] = 'Please enter wedding date.'; } //Check for matte or glossy finish $creamwhite = nl2br(htmlspecialchars(RemoveXSS($_POST['matteglossy']))); if($_POST['matteglossy']) { $matteglossy = nl2br(htmlspecialchars(RemoveXSS($_POST['matteglossy']))); } else { $errors[] = 'Please enter matte or glossy finish.'; } //Check for address $streetaddress = nl2br(htmlspecialchars(RemoveXSS($_POST['streetaddress']))); if($_POST['streetaddress']) { $streetaddress = nl2br(htmlspecialchars(RemoveXSS($_POST['streetaddress']))); } else { $errors[] = 'Please enter street address'; } //Check for city $city = nl2br(htmlspecialchars(RemoveXSS($_POST['city']))); if($_POST['city']) { $city = nl2br(htmlspecialchars(RemoveXSS($_POST['city']))); } else { $errors[] = 'Please enter your City'; } //Check for state if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['state'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['state']))) || !$_POST['state']) { $state = $_POST['state']; } else { $errors[] = 'Please enter your state.'; } //Check for phone number if(preg_match('/^\(?[0-9]{3}\)?[\- ]?[0-9]{3}\-?[0-9]{4}$/', stripslashes(trim($_POST['telephone'])))) { $telephone = $_POST['telephone']; } else { $errors[] = 'Please enter a valid, 10 digit, phone number.'; } //Check for e-mail address if(eregi('^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$', stripslashes(trim($_POST['emailaddress'])))) { $emailaddress = $_POST['emailaddress']; } else { $errors[] = 'Please enter a valid email address.'; } //Check for paypal e-mail address if(eregi('^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$', stripslashes(trim($_POST['paypalemail'])))) { $paypalemail = $_POST['paypalemail']; } //Check drop down if (in_array($_POST['quantity1'], $options)) { $o = $_POST['quantity1']; } //Check drop down if (in_array($_POST['quantity2'], $options)) { $ob = $_POST['quantity2']; } //Check drop down if (in_array($_POST['quantity3'], $options)) { $oc = $_POST['quantity3']; } //Check drop down if (in_array($_POST['quantity4'], $options)) { $od = $_POST['quantity4']; } //Check drop down if (in_array($_POST['quantity5'], $options)) { $oe = $_POST['quantity5']; } //Check drop down if (in_array($_POST['quantity6'], $options)) { $of = $_POST['quantity6']; } //Clean comments $comments = nl2br(htmlspecialchars(RemoveXSS($_POST['comments']))); /*Comments were optional, to make them required use: if($_POST['comments']) { $comments = nl2br(htmlspecialchars(RemoveXSS($_POST['comments']))); } else { $errors[] = 'Please enter comments.'; } */ if (empty($errors)) { //No errors, send e-mail $todayis = date("l, F j, Y, g:i a") ; $subject = "Save the Date Order Form"; $message = "Date: $todayis [EST] From: $name ($emailaddress) Quantity of Cards: $o Quantity of Cards: $ob Quantity of Cards: $oc Quantity of Cards: $od Quantity of Cards: $oe Quantity of Cards: $of Card being ordered: $cardname Brides Name: $bridesname Grooms Name: $groomsname Wedding Date: $weddingdate Matte or Glossy Finish: $matteglossy Street Address: $streetaddress City: $city State and Zip Code: $state Telephone Number: $telephone Email Address: $emailaddress Custom Colors: $customcolor"; $from = "From: $emailaddress\r\n"; //send the message. @mail("info@savethedatebridal.com", $subject, $message, $from); echo '<h2><font color="purple">Thank you for your order.</font></h2> <p>If you are paying by paypal, you will receive a payment request within 12 hours after you have customized your card to the email address you provided in the form.</p> <p>If you would like to pay by Check or Money Order, please mail your total purchase price plus $14.00 for shipping and handling to: <b>Branic Designs</b>, 4265 Vance Road, Traverse City, MI 49684.</p> <p>Please be sure to upload your photo if your card choice includes a photo. The photo size should not be any smaller than 3 x 5 and saved in .JPG format. If you have not yet done so, please email your photo to info@savethedatebridal.com</p>' . $footer; //display confirmation exit; } else { // oh dear, there were some errors echo '<h1>Error!</h1> <p>The following error(s) occured:<br />'; foreach ($errors as $msg) { // Print each error. echo " - <font color=\"purple\">$msg</font><br />\n"; } echo '</p><p>Please try again.</p><p><br /></p>'; } } ?> <form action="form.php" method="post"> <!-- this is where we will put the quanitity of cards purchased--> <CENTER> <TD WIDTH="39%" VALIGN="TOP"> <div align="left">Quantity of Cards you wish to purchase <SELECT NAME="quantity1"> <?php foreach ($options as $option) { echo "<option>$option</option>\n"; }?> </SELECT> </div></TD> <!--end where we will put quanitity of cards ordered--> <TABLE BORDER="0" WIDTH="100%"> <TR> <TD WIDTH="38%"><div align="left">Name of Card you are ordering:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="cardname" SIZE="25" value="<?php if (isset($_POST['cardname'])) echo stripslashes($_POST['cardname']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Bride's Full Name:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="bridesname" SIZE="25" value="<?php if (isset($_POST['bridesname'])) echo stripslashes($_POST['bridesname']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Groom's Full Name:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="groomsname" SIZE="25" value="<?php if (isset($_POST['groomsname'])) echo stripslashes($_POST['groomsname']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Wedding Date:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="weddingdate" SIZE="25" value="<?php if (isset($_POST['weddingdate'])) echo stripslashes($_POST['weddingdate']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Where will Wedding take place?</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="weddingplace" SIZE="25" value="<?php if (isset($_POST['weddingplace'])) echo stripslashes($_POST['weddingplace']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Matte or Glossy Finish</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="matteglossy" SIZE="25" value="<?php if (isset($_POST['matteglossy'])) echo stripslashes($_POST['matteglossy']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Street Address:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="streetaddress" SIZE="25" value="<?php if (isset($_POST['streetaddress'])) echo stripslashes($_POST['streetaddress']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">City:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="city" SIZE="25" value="<?php if (isset($_POST['city'])) echo stripslashes($_POST['city']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">State:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="state" SIZE="25" value="<?php if (isset($_POST['state'])) echo stripslashes($_POST['state']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Telephone Number:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="telephone" SIZE="25" value="<?php if (isset($_POST['telephone'])) echo stripslashes($_POST['telephone']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Email Address (If paypal is used to pay, please use paypal email address):</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="emailaddress" SIZE="25" value="<?php if (isset($_POST['emailaddress'])) echo stripslashes($_POST['emailaddress']); ?>" /></TD> </TR> </TABLE> <TABLE BORDER="0" WIDTH="50%"> <TR> <TD WIDTH="37%">Custom Colors</TD> <TD WIDTH="63%"><INPUT TYPE="checkbox" NAME="customcolor" VALUE="<?php if (isset($_POST['customcolor'])) echo stripslashes($_POST['customcolor']); ?>" />($15.00) </TD> </TR> </TABLE> <p align="left">If you are paying by paypal, you will receive a payment request within 12 hours after you have customized your card to the email address you provided in the form.</p> <p align="left">If you would like to pay by Check or Money Order, please mail your total purchase price plus $14.00 for shipping and handling to: <span class="style2">Branic Designs</span>, 4265 Vance Road, Traverse City, MI 49684. </p> <div align="left"> <p>Please be sure to email your photograph or any other comments/instructions to <a href="mailto:info@savethedatebridal.com">info@savethedatebridal.com</a> after your customization submission. Your photograph must be at least 3 x 5 in size and saved in .JPG format. Also include your Ebay user Email Address within the email. Thank you again for purchasing from Save the Date Bridal. </p> </div> <p> <input type="submit" value="Submit your Request" name="submit"> <input type="reset" value="Clear Form" name="reset"> <br /> </p> </CENTER> </FORM> <?php echo $footer; ?> mod edit - code tags added Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 20, 2008 Share Posted May 20, 2008 Oh mon dieu, use the tags! As for the problem, as far as I can see, you never extract $customcolor from the POST array. Though you might do somewhere. Narrowing down the problem area for us would help us help you. Quote Link to comment Share on other sites More sharing options...
dawndmd Posted May 20, 2008 Author Share Posted May 20, 2008 Sorry, I thought it was the quotes I use. Dawn Quote Link to comment Share on other sites More sharing options...
dawndmd Posted May 20, 2008 Author Share Posted May 20, 2008 I am not sure what you mean by extract. Did I miss some code to add somewhere? Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 20, 2008 Share Posted May 20, 2008 Indeed - you'd need to do : $customcolor = $_POST['customcolor']; However, im not sure what value you wanted it to take. And it wouldn't remain checked with the code you have presently either - to make a checkbox checked you need to set the attrribute: checked="checked" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.