aine Posted June 28, 2008 Share Posted June 28, 2008 Hi! I´m trying this script on my website, but i cant get it to work with register globals settings off. (it works fine with globals on but I really want the setting to stay off) Could anyone please help me rewrite the code so it´ll work with globals off? I would really appreciate it! Thanks /Aine <!-- Copyright © 2002 Kali (http://www.xentrik.net) --> <html> <head> <title>Kali's PHP Contact Form</title> <?php // COPYRIGHT/LIABILITY NOTICE // Copyright © 2002 Kali (http://www.xentrik.net) // Last modified 04/05/2004 // Kali's Contact Form may be used and modified free of charge as long as this // copyright notice and the comments above remain intact. By using this code // you agree to indemnify Kali from any liability that might arise from its use. // Selling the code for this program without prior written consent is not permitted. // Permission must be obtained before redistributing this software. In all cases the // copyright and header information must remain intact. // MODIFY THE FOLLOWING SECTION // your name $recipientname = "YOUR NAME"; // your email $recipientemail = "[email protected]"; // subject of the email sent to you $subject = "Online-Form Response for $recipientname"; // send an autoresponse to the user? $autoresponse = "yes"; // subject of autoresponse $autosubject = "Thank you for your mail!"; // autoresponse message $automessage = "This is an auto response to let you know that we've successfully received your email sent through our email form. Thanks! We'll get back to you shortly."; // thankyou displayed after the user clicks "submit" $thanks = "Thank you for contacting us.<br>We will get back to you as soon as possible.<br>"; // END OF NECESSARY MODIFICATIONS ?> <style type="text/css"><!-- td,body,input,textarea { font-size:12px; font-family:Verdana,Arial,Helvetica,sans-serif; color:#000000} --></style> </head> <body> <table width="100%" height="100%"><tr> <td valign="top"><font face="Verdana,Arial,Helvetica" size="2"> <?php if($_POST['submitform']) { $Name = $HTTP_POST_VARS['Name']; $Email = $HTTP_POST_VARS['Email']; $Comments = $HTTP_POST_VARS['Comments']; // check required fields $dcheck = explode(",",$require); while(list($check) = each($dcheck)) { if(!$$dcheck[$check]) { $error .= "Missing $dcheck[$check]<br>"; } } // check email address if ((!ereg(".+\@.+\..+", $Email)) || (!ereg("^[[email protected]]+$", $Email))){ $error .= "Invalid email address<br>";} // display errors if($error) { ?> <b>Error</b><br> <?php echo $error; ?><br> <a href="#" onClick="history.go(-1)">try again</a> <?php } else { $browser = $HTTP_USER_AGENT; $ip = $REMOTE_ADDR; // format message $message = "Online-Form Response for $recipientname: Name: $Name Email: $Email Comments: $Comments ----------------------------- Browser: $browser User IP: $ip"; // send mail and print success message mail($recipientemail,"$subject","$message","From: $Name <$Email>"); if($autoresponse == "yes") { $autosubject = stripslashes($autosubject); $automessage = stripslashes($automessage); mail($Email,"$autosubject","$automessage","From: $recipientname <$recipientemail>"); } echo "$thanks"; } } else { ?> <form name="contactform" action="<?php echo $PHP_SELF; ?>" method="post"> <input type="hidden" name="require" value="Name,Email,Comments"> <table><tr> <td colspan="2" align="center"><b>Contact Me!</b><p></td> </tr><tr> <td valign="top" align="right">Name:</td> <td valign="top"><input name="Name" size="25"></td> </tr><tr> <td valign="top" align="right">E-mail:</td> <td valign="top"><input name="Email" size="25"></td> </tr><tr> <td valign="top" align="right">Comments:</td> <td valign="top"><textarea name="Comments" rows="5" cols="35"></textarea></td> </tr><tr> <td colspan="2" align="center"><input type="submit" value="Submit" name="submitform"> <input type="reset" value="Reset" name="reset"></td> </tr></table> <br> </form> <?php } ?> </font><p></td> </tr><tr> <td valign="bottom"><font face="Verdana" size="1">Mailform Copyright © 2002 <a href="http://www.xentrik.net/">Kali's Web Shoppe</a>.</font></td> </tr></table> </body> </html> (edited by kenrbnsn to add tags) Link to comment https://forums.phpfreaks.com/topic/112318-solved-help-to-make-this-mail-form-work-with-register-globals-off/ Share on other sites More sharing options...
kenrbnsn Posted June 28, 2008 Share Posted June 28, 2008 There are two ways of doing this. The easy way. At the top of your script put: <?php extract($_POST); extract($_SERVER); ?> but that is just like turning on register_globals with all the inherent security issues. The other way is to explicitly use the $_POST super global array when checking the submitted values. Also you should change the references to $HTTP_POST_VARS to $_POST: <?php // COPYRIGHT/LIABILITY NOTICE // Copyright © 2002 Kali (http://www.xentrik.net) // Last modified 04/05/2004 // Kali's Contact Form may be used and modified free of charge as long as this // copyright notice and the comments above remain intact. By using this code // you agree to indemnify Kali from any liability that might arise from its use. // Selling the code for this program without prior written consent is not permitted. // Permission must be obtained before redistributing this software. In all cases the // copyright and header information must remain intact. // MODIFY THE FOLLOWING SECTION // your name $recipientname = "YOUR NAME"; // your email $recipientemail = "[email protected]"; // subject of the email sent to you $subject = "Online-Form Response for $recipientname"; // send an autoresponse to the user? $autoresponse = "yes"; // subject of autoresponse $autosubject = "Thank you for your mail!"; // autoresponse message $automessage = "This is an auto response to let you know that we've successfully received your email sent through our email form. Thanks! We'll get back to you shortly."; // thankyou displayed after the user clicks "submit" $thanks = "Thank you for contacting us.<br>We will get back to you as soon as possible.<br>"; // END OF NECESSARY MODIFICATIONS ?> <style type="text/css"><!-- td,body,input,textarea { font-size:12px; font-family:Verdana,Arial,Helvetica,sans-serif; color:#000000} --></style> </head> <body> <table width="100%" height="100%"><tr> <td valign="top"><font face="Verdana,Arial,Helvetica" size="2"> <?php if($_POST['submitform']) { $Name = $_POST['Name']; $Email = $_POST['Email']; $Comments = $_POST['Comments']; // check required fields $dcheck = explode(",",$_POST['require']); foreach ($dcheck as $req) { if(strlen(trim(stripslashes($_POST[$req]))) == 0) { $error .= "Missing $req<br>"; } } // check email address if ((!ereg(".+\@.+\..+", $Email)) || (!ereg("^[[email protected]]+$", $Email))){ $error .= "Invalid email address<br>";} // display errors if($error != '') { ?> <b>Error</b><br> <?php echo $error; ?><br> <a href="#" onClick="history.go(-1)">try again</a> <?php } else { $browser = $_server['HTTP_USER_AGENT']; $ip = $_server['REMOTE_ADDR']; // format message $message = "Online-Form Response for $recipientname: Name: $Name Email: $Email Comments: $Comments ----------------------------- Browser: $browser User IP: $ip"; // send mail and print success message mail($recipientemail,$_post['subject'],$_POST['message'],'From: ' . $_POST['Name'] . ' <' $_POST['Email'] . ">"); if($autoresponse == "yes") { $autosubject = stripslashes($autosubject); $automessage = stripslashes($automessage); mail($_POST['Email'],$autosubject,$automessage,"From: $recipientname <$recipientemail>"); } echo $thanks; } } else { ?> <form name="contactform" action="" method="post"> <input type="hidden" name="require" value="Name,Email,Comments"> <table><tr> <td colspan="2" align="center"><b>Contact Me!</b><p></td> </tr><tr> <td valign="top" align="right">Name:</td> <td valign="top"><input name="Name" size="25"></td> </tr><tr> <td valign="top" align="right">E-mail:</td> <td valign="top"><input name="Email" size="25"></td> </tr><tr> <td valign="top" align="right">Comments:</td> <td valign="top"><textarea name="Comments" rows="5" cols="35"></textarea></td> </tr><tr> <td colspan="2" align="center"><input type="submit" value="Submit" name="submitform"> <input type="reset" value="Reset" name="reset"></td> </tr></table> <br> </form> <?php } ?> </font><p></td> </tr><tr> <td valign="bottom"><font face="Verdana" size="1">Mailform Copyright © 2002 <a href="http://www.xentrik.net/">Kali's Web Shoppe</a>.</font></td> </tr></table> </body> </html> I hope you realize that by using this form without sanitizing the input from the user, you're opening yourself up to getting a lot of spam messages. Also, I haven't checked my modified code for syntax errors, so some may have crept in. Ken Link to comment https://forums.phpfreaks.com/topic/112318-solved-help-to-make-this-mail-form-work-with-register-globals-off/#findComment-576641 Share on other sites More sharing options...
br0ken Posted June 28, 2008 Share Posted June 28, 2008 I would recommend using an updated mail script. This one was created in 2002 and last updated in 2004... four years ago! There are plenty of good mail scripts out there, just search on Google and I'm sure you're bound to find a better one. If you're struggling integrating into your website just post on here and we'll help you out. Link to comment https://forums.phpfreaks.com/topic/112318-solved-help-to-make-this-mail-form-work-with-register-globals-off/#findComment-576648 Share on other sites More sharing options...
aine Posted June 29, 2008 Author Share Posted June 29, 2008 Hi guys! Thanks for your quick response! I took your advice and implemented a more up to date script to my site;) which seems to be more stable and secure and works great. Thanks for your help! Link to comment https://forums.phpfreaks.com/topic/112318-solved-help-to-make-this-mail-form-work-with-register-globals-off/#findComment-577237 Share on other sites More sharing options...
br0ken Posted June 29, 2008 Share Posted June 29, 2008 That's a wise move Aine. Good luck with it all! Link to comment https://forums.phpfreaks.com/topic/112318-solved-help-to-make-this-mail-form-work-with-register-globals-off/#findComment-577240 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.