bourgm Posted September 15, 2009 Share Posted September 15, 2009 Ok... I have a form that has a lot of requirements. 1. Has to be registered 2. Each registered person is limited to 4 entires into form a month 3. I have a required field "MEMO". Even with all those requirements, I still get between 5-15 blank entires into the table a day. I even have a IP entry into the table on the form, but the entry into the table will not have a IP address. I thaught it was some bug where people were hitting refresh or something, but I can't duplicate the error. This is a low volume low use "new" website. I havn't even had one person use the form (real person). But get tons of these blank entries. Any thaughts of what would cause this in a forum? Quote Link to comment Share on other sites More sharing options...
meltingpoint Posted September 15, 2009 Share Posted September 15, 2009 You say blank entries - but you have a required field. So can you post the code that you are using to validate the entries? Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 15, 2009 Author Share Posted September 15, 2009 <?php $local_header_title="Send Messages"; require("member.php"); require("lib/ntmtxt.php"); require("lib/mail.php"); $mon=date('m'); $pro_id = $_REQUEST['profile_id']; if($_REQUEST['auth']=='-1') { echo "You Don't have right to send messages."; exit; } //print_r($_REQUEST); //$pro_id = $_REQUEST['profile_id']; if(isset($_REQUEST['profile_id'])) { $pro_id = $_REQUEST['profile_id']; if ($pro_id!='') { //inmate name $sel = "Select value from attribs where profile = '$pro_id' and aid='168'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_name = $row['value']; //inmate number $sel = "Select value from attribs where profile = '$pro_id' and aid='169'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmatenumber = $row['value']; //facility name $sel = "Select value from attribs where profile = '$pro_id' and aid='134'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $facility_name = $row['value']; //facility address $sel = "Select value from attribs where profile = '$pro_id' and aid='162'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $facility_address = $row['value']; //city $sel = "Select value from attribs where profile = '$pro_id' and aid='163'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_city = $row['value']; //state $sel = "Select value from attribs where profile = '$pro_id' and aid='164'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_state = $row['value']; //zip $sel = "Select value from attribs where profile = '$pro_id' and aid='165'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_zip = $row['value']; //country $sel = "Select value from attribs where profile = '$pro_id' and aid='166'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_country = $row['value']; $ip=@$REMOTE_ADDR; $name = $_REQUEST['name']; $inmate_number = $_REQUEST['inmate_number']; $street = $_REQUEST['street']; $city = $_REQUEST['city']; $state = $_REQUEST['state']; $country = $_REQUEST['country']; $message = $_REQUEST['message']; $dt1=date("Y-m-d"); echo $dtl; $mon=date('m'); //echo $mon; //check msg per day values $sel = "Select msg_per_day from msend_msg where mid = '$auth' and date='$dt1' and msg_per_day != ''"; $res = mysql_query($sel); //$cnt = count($res); include("inc/member.status.php"); mem_resetstats($auth); echo "<br><center>"; //check prights table whether entry exists or not for pid & rid=53 $q_mes_day="select count(*) from prights where pid= '$auth' and rid='53'"; $r_mes_day=mysql_query($q_mes_day); $row_cnt=mysql_fetch_row($r_mes_day); $pright_53_exists=$row_cnt[0]; if($pright_53_exists==0) { $sql_d="insert into prights(pid,rid,value) values('$auth','53','4')"; $res_d=mysql_query($sql_d); } $sel_mes_day = "Select value from prights where pid = '$auth' and rid = '53'"; $res_mes_day = mysql_query($sel_mes_day); $row_mes_day = mysql_fetch_array($res_mes_day); $count_msg_day=mysql_num_rows($res_mes_day); // count value per day $value_day = $row_mes_day['value']; //check prights table whether entry exists or not for pid & rid=54 $q_mes_mon="select count(*) from prights where pid= '$auth' and rid='54'"; $r_mes_mon=mysql_query($q_mes_mon); $row_cnt1=mysql_fetch_row($r_mes_mon); $pright_54_exists=$row_cnt1[0]; if($pright_54_exists==0) { $sql_d="insert into prights(pid,rid,value) values('$auth','54','4')"; $res_d=mysql_query($sql_d); } $sel_mes_month = "Select value from prights where pid = '$auth' and rid = '54'"; $res_mes_month = mysql_query($sel_mes_month); $row_mes_month = mysql_fetch_array($res_mes_month); // count value per Month $value_month = $row_mes_month['value']; //echo $value_month; $del= "delete from msend_msg where date='0000-00-00'|| name='' "; $res=mysql_query($del); //if ($member_policy[messages_per_day]) if //if($member_policy[messages_per_day]>=$count_msg_day) e0("Too many messages today!"); //if ($member_policy[messages_per_month]) if //if($member_policy[messages_per_month]>=$value_month) e0("Too many messages this month!"); $select_msg="select * from msend_msg where mid='$auth' and date='$dt1' "; $res_msg = mysql_query($select_msg); $count_msg= mysql_num_rows($res_msg); //SELECT * FROM msend_msg where date >= DATE_SUB(CURDATE(), INTERVAL 1 MONTH) //and inmate_id='$pro_id' $select_msg1="select * from msend_msg where mid='$auth' and month='$mon' "; $res_msg1 = mysql_query($select_msg1); $count_msg1= mysql_num_rows($res_msg1); //echo "Month count is:".$count_msg1; /*if($value_day>=$count_msg) { echo "Too Many Message Today"; }*/ //if($_REQUEST['send'] == '1' && $_REQUEST['Submit'] == 'Submit' && $value_day<=$count_msg) if($value_month>$count_msg1){ if($value_day>$count_msg){ $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` , `ip`) VALUES ('$auth', '$pro_id' , '$name', '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1', '$ip')"; $res1 = mysql_query($sql); //$sql="`members` ( `id`, `login` , `pswd` , `fname` , `lname` , `email` , `street` , `city` , `state` , `country` , `zip` , `phone` , `fax` , `status` , `rdate` ) VALUES ( '$mid', '$login', '$pswd_1', '$fname', '$lname', '$email', '$street', '$city', '$state', '$country', '$zip', '$phone', '$fax', '$mem_default_approval', '$dt1')"; //qi($sql); //if (!$mid) e2($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; //if (!$member_policy[provided_profiles]) e1(); //if (!$member_policy[send_message]) e1(); /* // folders management if (!$folder&&!$read) $show_compose=1; if (!$folder) $folder=1; $tim=time(); if ($target) if (is_array($selected)) for ($i=0;$i<count($selected);$i++) { $msgp=f(qs("* from messages where id=$selected[$i]")); if ($msgp[type]==1||!e(qs("id from mprofiles where id='$msgp[to]' and member='$auth'"))) if ($target==1) qd("messages where id='$selected[$i]'"); elseif ($target==2) qu("messages set status=2 where id='$selected[$i]'"); } //winks, kisses if ($wink) { $subject=$wink; $message=$wink; $send=1; } */ if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_REQUEST['name']; } /*$r=qs("* from mprofiles where name='$to'"); $sql="select p1.name, p2.name from mprofiles p1, mprofiles p2, pattitudes a, plist f where p1.id='$profile' and p1.id=f.pid and f.attitude=a.id and p2.name='$to' and p2.member=f.mid and a.attitude<-2"; if (!e(q($sql))) echo "<B>".l1("Message was blocked!")."</B>"; elseif (e($r)) echo "<B>".l1("Profile was not found !")."</B>"; else { $mem=f($r); $to=$mem[id]; $from=$profile; $pfrom=f(qs("* from mprofiles where id='$from'")); }*/ //rights verifications /*//messages per hour/day/month if ($member_policy[messages_per_hour]) if ($member_policy[messages_per_hour]<=mem_getstat($auth,1)) e0("Too many messages per hour!"); if ($member_policy[messages_per_day]) if ($member_policy[messages_per_day]<=mem_getstat($auth,2)) e0("Too many messages today!"); if ($member_policy[messages_per_month]) if ($member_policy[messages_per_month]<=mem_getstat($auth,3)) e0("Too many messages this month!"); //is friend (Sender of Receiver or Receiver of Sender) $rif=qs("id from friends where (pid='$from' and fid='$to') or (fid='$from' and pid='$to')"); $is_friend=0; if (!e($rif)) $is_friend=1;*/ // if (!$wink&&!$member_policy[send_message]&&!$is_friend) e0("No rights to send messages!"); /*if ($wink&&!($member_policy[wink]||$member_policy[kiss])) e0("No rights to quick message!"); //same type if ($mem[p1]==$pfrom[p1] && !$member_policy[message_same]) e0("No rights to message same type of profile!"); //paid messaging $message_cost=0; if (!$wink) $message_cost=$member_policy[message_sendcost]; else $message_cost=$member_policy[message_winkcost]; if ($message_cost) { include_once("money/money.lib.php"); if (account_has_credits($auth, $message_cost)) money_spend($auth, $message_cost, l1("Send Message"), $from, 6, $to); else e0("Insufficient credits!"); } if ($wink) qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '2', '0', '$tim', '$subject', '$message')"); else qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '0', '0', '$tim', '$subject', '$message')"); if ($save_template) qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '1', '0', '$tim', '$subject', '$message')"); echo "<b>"; if (!$is_friend) echo l1("Message was sent!"); else echo l1("Message was sent to friend!"); echo "</b><br>"; mem_incstat($auth,1); mem_incstat($auth,2); mem_incstat($auth,3); //Email notification if ($mem[p2]) $memi=f(qs("* from members where id='$mem[member]'")); */ $param=array( subject=>$subject, message=>$message, /* profile=>$mem[name], fname=>$memi[fname], lname=>$memi[lname], mail=>$memi[email], username=>$memi[login], password=>$memi[pswd], city=>$mem[city], country=>$mem[country], id=>$mem[id], sender=>$pfrom[name], // sender_link=>$ROOT_HOST."profile.php?profile_name=".$pfrom[name], loginlink=>$ROOT_HOST."login.php?username=$mem[login]&password=$mem[pswd]",*/ link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_REQUEST['send'] == '1' && $_REQUEST['Submit'] == 'Submit'){ //Number of messages sent last 30days $q1="SELECT * FROM msend_msg where mid='$_REQUEST[auth]' and date >= DATE_SUB(CURDATE(), INTERVAL 1 MONTH)"; $r1 = mysql_query($q1); $num_msg_last30days= mysql_num_rows($r1); //messages sent current month $q2="select * from msend_msg where mid='$_REQUEST[auth]' and month='$mon'"; $r2 = mysql_query($q2); $msg_sent_curmonth= mysql_num_rows($r2); //message limit per month $q3 = "Select value from prights where pid = '$_REQUEST[auth]' and rid = '54'"; $r3 = mysql_query($q3); $row3 = mysql_fetch_array($r3); // count value per Month $msg_limit_monthly = $row3['value']; $msg_left=$msg_limit_monthly - $msg_sent_curmonth; echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.!")); echo "<br>"; echo "Messages sent in last 30 days:$num_msg_last30days<br> Messages Left:$msg_left<br>"; } }//End day if else { echo "Too Many Message Today"; }//End of day else // test // /* $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` ) VALUES ('$auth', '$pro_id' , '$name', '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1')"; $res1 = mysql_query($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_REQUEST['name']; } $param=array( subject=>$subject, message=>$message, link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_REQUEST['send'] == '1' && $_REQUEST['Submit'] == 'Submit'){ echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.!")); echo "<br>"; }*/ }//End month if else{ echo "Too Many Message This Month - View Member Upgrades to purchase more messages."; } // Month Condition /*if($value_month>$count_msg1){ $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `inmate_number` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` ) VALUES ('$auth', '$pro_id' , '$name', '$inmate_number' , '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1')"; $res1 = mysql_query($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_REQUEST['name']; } $param=array( subject=>$subject, message=>$message, link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_REQUEST['send'] == '1' && $_REQUEST['Submit'] == 'Submit'){ echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.")); echo "<br>"; } } else { echo "Too Many Message This Month - View Member Upgrades to purchase more messages."; }*/ }//end else { echo "You Don't have right to send messages."; } } /*if ($mem[p4]) { $message=l1("New message was just received!"); qi("mproactive ( mid , type , rdate , message ) VALUES ('$mem[member]', '1', '$tim', '$message')"); echo(l1("Instant notification sent! Member will receive if online.")); } $to=""; $message=""; $subject=""; $ntm3k_ncd_directive=$verify; }; echo "<br></center>"; }*/ ?> <form action="send_message.php" method="post" enctype="multipart/form-data" > <input type="hidden" name="profile_id" value="<?=$pro_id?>"> <table align="center" width=100% cellpadding="1" cellspacing="1" border="<?=$tab_bd_size?>" bordercolor="<?=$color_tab_bd?>" bgcolor="<?=$color_tab_bkg?>"> <tr bgcolor="<?=$color_head_bk?>"> <td colspan="2"><div align="center"> <p><strong><font size="3">Email A Inmate</font></strong></p> <p>Email a Inmate is a program where we collect letters to inmates and send them to the inmate twice a month. Inmates do not have access to emails, so we take the next step and print the letter and mail it to him/her via US Mail. As a registered user you are allowed up to four free "email a inmate" letters. If you desire more then four per month, please <a href="http://www.letterstoprison.com/membership.php">upgrade</a> your account. </p> <p><a href="http://support.letterstoprison.com/" target="_blank">If you have any questions, please contact customer support. </a></p> </div></td> </tr> <tr bgcolor="<?=$color_head_bk?>"> <td colspan="2"> <strong><img src="<?=t1i("icons16/message", "icons/messages.gif")?>" border="0" align="absmiddle"><font color="<?=$color_head?>" > <?=l1("Email a Prisoner - We print out your message and mail it to the inmate.")?> </font></strong></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td width="16%" bgcolor="<?=$color_light_bk?>"><?=(l1("Inmate Name"))?></td> <td width="84%" bgcolor="<?=$color_light_bk?>"><font size="1"><b> <?=$inmate_name?> #<?=$inmatenumber?> </b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Facility Name"))?></td> <td><font size="1"><b> <?=$facility_name?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Facility Address"))?></td> <td><font size="1"><b> <?=$facility_address?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("City"))?></td> <td><font size="1"><b> <?=$inmate_city?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("State"))?></td> <td><font size="1"><b> <?=$inmate_state?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Country"))?></td> <td><font size="1"><b> <?=$inmate_country?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Zip"))?></td> <td><font size="1"><b> <?=$inmate_zip?></b></font></td> </tr> <tr bgcolor="<?=$color_light_bk?>"> <td colspan="2"> </td> </tr> <tr bgcolor="<?=$color_light_bk?>"> <td colspan="2"><p><strong> <?=(l1("From - Your Contact Information"))?> </strong></p></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Your Name"))?></td> <td bgcolor="<?=$color_tab_bk?>"> <input name="name" type="text" id="name" value="<?=$wdet[name]?>" size="64" maxlength="128" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Street Address"))?></td> <td><input name="street" type="text" id="street" size="64" maxlength="128" /></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("City"))?> </td> <td><input name="city" type="text" size="64" maxlength="128" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("State/County"))?> </td> <td><input name="state" type="text" id="state" size="64" maxlength="64" /> <? if ($mab_mod[Zones]) { ?> <a href="javascript: var locsel=window.open('location_popup.php?details_var=reg_zone', '_locationwindow', 'fullscreen=no,toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,directories=no,location=no,width=400,height=150'); locsel.focus();"><b><img src="<?=t1i("icons16/world","interface/globe.gif")?>" border="0" align="absmiddle" /> <?=l1("Select")?> </b></a> <? } ?></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Country"))?> </td> <td><input name="country" type="text" id="country" size="64" maxlength="64" /> <? if ($mab_mod[Zones]) { ?> <a href="javascript: var locsel=window.open('location_popup.php?details_var=reg_zone', '_locationwindow', 'fullscreen=no,toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,directories=no,location=no,width=400,height=150'); locsel.focus();"><b> <img src="<?=t1i("icons16/world","interface/globe.gif")?>" border="0" align="absmiddle" /> <?=l1("Select")?> </b></a> <? } ?></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Postal/ZIP Code"))?> </td> <td><input name="zip" type="text" size="64" maxlength="16" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Message Detail"))?></td> <td bgcolor="<?=$color_tab_bk?>"> <p> <textarea name="message" cols="100" rows="12" id="message"><?=$wdet[message]?> </textarea> </p> <p align="center"><? echo "Your IP Address is tracked for security and fraud prevention. Your IP address is $ip"; ?> </p> <font size="-4">Max Message Length is 500 Characters </font></p> <p align="justify"><font size="-4">Disclaimer: Some states do not allow 3rd party letters. If a letter is returned to us, we will contact you via your email address on file. If in the past a letter has been returned, we will make a notation on the inmates profile. Each household is limited to one account. If more then one account is used to send more then the allowed letters, your account will be suspended till payment is made for the extra letters. Please limit mature content in your letters. Letters are subject to revier to verify terms of use are followed. </font></font></p></td> </tr> <? if ($mab_mod[Templates]){?> <tr bgcolor="<?=$color_tab_bk?>"> <td colspan="2"><blockquote> <p> <?=h1("Send Message")?></p> </blockquote></td> </tr> <? }?> <tr align="center" valign=top bgcolor="f0f0f0"> <td colspan="2"><input name="send" type="hidden" id="send" value="1" /> <input type="submit" name="Submit" value="<?=l1("Submit")?>"> <input type="hidden" name="pid" value="<?=$pid?>"></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td colspan="2" bgcolor="<?=$color_light_bk?>"><a href="member_center.php"><img src="<?=t1i("icons32/account", "icons/account.gif")?>" border="1" align="absmiddle" /><<<?=l1("Account")?> </a></td> </tr> </table> </form> <? include("_footer.php");?> <script type="text/javascript"> <!-- function textCounter(field, countfield, maxlimit) { if (field.value.length > maxlimit) // if too long...trim it! field.value = field.value.substring(0, maxlimit); // otherwise, update 'characters left' counter else countfield.value = maxlimit - field.value.length; } // --> </script> Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 15, 2009 Author Share Posted September 15, 2009 Want to hear a even stranger thing? I woke up today and the blank entries were gone. Last night I had 7. I went into the database several times and looked at the seven. But today they are gone, but more will come later I'm sure. Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 16, 2009 Author Share Posted September 16, 2009 Any thaughts? I have 31 entires since midnight. Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 16, 2009 Author Share Posted September 16, 2009 Now it is at 65 and I can't stop it.. grrr.. Any thaughts anyone? Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 17, 2009 Author Share Posted September 17, 2009 I wake up today and there are 0. What fun.. Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted September 17, 2009 Share Posted September 17, 2009 May i ask is the form self-submitting or something ?, James. Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 18, 2009 Author Share Posted September 18, 2009 I have done everything I know to keep it from self-submitting. I can't duplicate the error. And how could it delete itself at night? When I woke up it was 0 but right now it is at 21. If I wait till the morning they will go away. This is crazy. Quote Link to comment Share on other sites More sharing options...
Handy PHP Posted September 18, 2009 Share Posted September 18, 2009 Well, if you have a submission that only has the name "TestFromPHPFreaks", that was me... You use the predefined variable $_REQUEST which would allow someone to use a URL query string to send data to the form. In fact, if someone simply browsed to the form url, that would trigger a submission of no data to the script since the url doesn't contain a query string. This is where the empty records are coming from. You really shouldn't use $_REQUEST for this application. Your form should use the POST method as you have it now. Your script should only accept data that was sent using the the POST method by using $_POST just the same way you used $_REQUEST. Your PHP script should validate the data sent to it since JavaScript can be circumvented. First, make sure that the data was sent using POST: if(!$_POST){ // Only Show The Form } else{ //Check that each item was filled in as required/ } This way any data sent using the GET method, will be ignored. Speaking of the GET method (URL Query String), you should use this to tell the script if you are showing the form or submitting data. So /file.php?action=form or /file.php would show the form but /file.php?action=submit would actually submit the data for consideration. if($_GET['action'] == 'form'){ //Show Form }else if($_GET['action'] == 'submit'){ // Submit Data }else{ // Show Form } Of course, it would be nice if when your script found a blank field if it reloaded the form with the filled in fields filled in automatically. You should take great care in checking that the data sent to the script is valid and safe before you send it on to the database. If a hacker manages to use SQL Injection to add his own information in your database, he could make himself admin and do a lot of damage assuming he doesn't just drop all of your DB tables right-away. Your blank database entries that disappear each morning are probably purged automatically each night be the server. Hope this helps, Handy PHP Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 18, 2009 Author Share Posted September 18, 2009 Where exactly should I put the following: if(!$_POST){ // Only Show The Form } else{ //Check that each item was filled in as required/ } Quote Link to comment Share on other sites More sharing options...
Handy PHP Posted September 18, 2009 Share Posted September 18, 2009 Near the beginning of the script. It should act as the primary control structure for the script. Basically, the control statements (IF, ELSE, SWITCH, etc...) tell the rest of the script when to do what. IF the form was filled out, then use the code that adds the data to the database. ELSE, show the form again. I usually write script like this: [*]Define any variables used by the script that isn't automatically assigned. [*]Check form input to see if everything is filled out, is valid, and most importantly, safe for storage in the database. [*]Using the supplied data (from the URL query string, and form input, date, etc...) perform various functions or tasks to either get the user to input the required data or manipulate or store the data submitted. [*]Wrap up the script and close any open connections etc... You script has a lot of potential. You will find that there are extensive ways to modify it to perform better for you and your users. Good luck, Handy PHP Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 19, 2009 Author Share Posted September 19, 2009 I'm not too great at php myself. Still learning. I usually hire through scriptlance. The page I am having trouble with was done by a programmer on scriptlance, but he doesn't respond anymore. You know how that goes. I added the $post so far and still getting the extra entries. Quote Link to comment Share on other sites More sharing options...
Handy PHP Posted September 20, 2009 Share Posted September 20, 2009 Did you replace all of the $_REQUEST with $_POST? That is your biggest issue with blank entries. Quote Link to comment Share on other sites More sharing options...
bourgm Posted September 20, 2009 Author Share Posted September 20, 2009 When I replace the $_REQUEST WITH $_POST, the script doesn't grab any of the information. None of the information from the database. Quote Link to comment Share on other sites More sharing options...
Handy PHP Posted September 20, 2009 Share Posted September 20, 2009 Here is your original code with only the $_REQUEST replaced with $_POST: <?php $local_header_title="Send Messages"; require("member.php"); require("lib/ntmtxt.php"); require("lib/mail.php"); $mon=date('m'); $pro_id = $_POST['profile_id']; if($_POST['auth']=='-1') { echo "You Don't have right to send messages."; exit; } //print_r($_POST); //$pro_id = $_POST['profile_id']; if(isset($_POST['profile_id'])) { $pro_id = $_POST['profile_id']; if ($pro_id!='') { //inmate name $sel = "Select value from attribs where profile = '$pro_id' and aid='168'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_name = $row['value']; //inmate number $sel = "Select value from attribs where profile = '$pro_id' and aid='169'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmatenumber = $row['value']; //facility name $sel = "Select value from attribs where profile = '$pro_id' and aid='134'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $facility_name = $row['value']; //facility address $sel = "Select value from attribs where profile = '$pro_id' and aid='162'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $facility_address = $row['value']; //city $sel = "Select value from attribs where profile = '$pro_id' and aid='163'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_city = $row['value']; //state $sel = "Select value from attribs where profile = '$pro_id' and aid='164'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_state = $row['value']; //zip $sel = "Select value from attribs where profile = '$pro_id' and aid='165'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_zip = $row['value']; //country $sel = "Select value from attribs where profile = '$pro_id' and aid='166'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_country = $row['value']; $ip=@$REMOTE_ADDR; $name = $_POST['name']; $inmate_number = $_POST['inmate_number']; $street = $_POST['street']; $city = $_POST['city']; $state = $_POST['state']; $country = $_POST['country']; $message = $_POST['message']; $dt1=date("Y-m-d"); echo $dtl; $mon=date('m'); //echo $mon; //check msg per day values $sel = "Select msg_per_day from msend_msg where mid = '$auth' and date='$dt1' and msg_per_day != ''"; $res = mysql_query($sel); //$cnt = count($res); include("inc/member.status.php"); mem_resetstats($auth); echo "<br><center>"; //check prights table whether entry exists or not for pid & rid=53 $q_mes_day="select count(*) from prights where pid= '$auth' and rid='53'"; $r_mes_day=mysql_query($q_mes_day); $row_cnt=mysql_fetch_row($r_mes_day); $pright_53_exists=$row_cnt[0]; if($pright_53_exists==0) { $sql_d="insert into prights(pid,rid,value) values('$auth','53','4')"; $res_d=mysql_query($sql_d); } $sel_mes_day = "Select value from prights where pid = '$auth' and rid = '53'"; $res_mes_day = mysql_query($sel_mes_day); $row_mes_day = mysql_fetch_array($res_mes_day); $count_msg_day=mysql_num_rows($res_mes_day); // count value per day $value_day = $row_mes_day['value']; //check prights table whether entry exists or not for pid & rid=54 $q_mes_mon="select count(*) from prights where pid= '$auth' and rid='54'"; $r_mes_mon=mysql_query($q_mes_mon); $row_cnt1=mysql_fetch_row($r_mes_mon); $pright_54_exists=$row_cnt1[0]; if($pright_54_exists==0) { $sql_d="insert into prights(pid,rid,value) values('$auth','54','4')"; $res_d=mysql_query($sql_d); } $sel_mes_month = "Select value from prights where pid = '$auth' and rid = '54'"; $res_mes_month = mysql_query($sel_mes_month); $row_mes_month = mysql_fetch_array($res_mes_month); // count value per Month $value_month = $row_mes_month['value']; //echo $value_month; $del= "delete from msend_msg where date='0000-00-00'|| name='' "; $res=mysql_query($del); //if ($member_policy[messages_per_day]) if //if($member_policy[messages_per_day]>=$count_msg_day) e0("Too many messages today!"); //if ($member_policy[messages_per_month]) if //if($member_policy[messages_per_month]>=$value_month) e0("Too many messages this month!"); $select_msg="select * from msend_msg where mid='$auth' and date='$dt1' "; $res_msg = mysql_query($select_msg); $count_msg= mysql_num_rows($res_msg); //SELECT * FROM msend_msg where date >= DATE_SUB(CURDATE(), INTERVAL 1 MONTH) //and inmate_id='$pro_id' $select_msg1="select * from msend_msg where mid='$auth' and month='$mon' "; $res_msg1 = mysql_query($select_msg1); $count_msg1= mysql_num_rows($res_msg1); //echo "Month count is:".$count_msg1; /*if($value_day>=$count_msg) { echo "Too Many Message Today"; }*/ //if($_POST['send'] == '1' && $_POST['Submit'] == 'Submit' && $value_day<=$count_msg) if($value_month>$count_msg1){ if($value_day>$count_msg){ $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` , `ip`) VALUES ('$auth', '$pro_id' , '$name', '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1', '$ip')"; $res1 = mysql_query($sql); //$sql="`members` ( `id`, `login` , `pswd` , `fname` , `lname` , `email` , `street` , `city` , `state` , `country` , `zip` , `phone` , `fax` , `status` , `rdate` ) VALUES ( '$mid', '$login', '$pswd_1', '$fname', '$lname', '$email', '$street', '$city', '$state', '$country', '$zip', '$phone', '$fax', '$mem_default_approval', '$dt1')"; //qi($sql); //if (!$mid) e2($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; //if (!$member_policy[provided_profiles]) e1(); //if (!$member_policy[send_message]) e1(); /* // folders management if (!$folder&&!$read) $show_compose=1; if (!$folder) $folder=1; $tim=time(); if ($target) if (is_array($selected)) for ($i=0;$i<count($selected);$i++) { $msgp=f(qs("* from messages where id=$selected[$i]")); if ($msgp[type]==1||!e(qs("id from mprofiles where id='$msgp[to]' and member='$auth'"))) if ($target==1) qd("messages where id='$selected[$i]'"); elseif ($target==2) qu("messages set status=2 where id='$selected[$i]'"); } //winks, kisses if ($wink) { $subject=$wink; $message=$wink; $send=1; } */ if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_POST['name']; } /*$r=qs("* from mprofiles where name='$to'"); $sql="select p1.name, p2.name from mprofiles p1, mprofiles p2, pattitudes a, plist f where p1.id='$profile' and p1.id=f.pid and f.attitude=a.id and p2.name='$to' and p2.member=f.mid and a.attitude<-2"; if (!e(q($sql))) echo "<B>".l1("Message was blocked!")."</B>"; elseif (e($r)) echo "<B>".l1("Profile was not found !")."</B>"; else { $mem=f($r); $to=$mem[id]; $from=$profile; $pfrom=f(qs("* from mprofiles where id='$from'")); }*/ //rights verifications /*//messages per hour/day/month if ($member_policy[messages_per_hour]) if ($member_policy[messages_per_hour]<=mem_getstat($auth,1)) e0("Too many messages per hour!"); if ($member_policy[messages_per_day]) if ($member_policy[messages_per_day]<=mem_getstat($auth,2)) e0("Too many messages today!"); if ($member_policy[messages_per_month]) if ($member_policy[messages_per_month]<=mem_getstat($auth,3)) e0("Too many messages this month!"); //is friend (Sender of Receiver or Receiver of Sender) $rif=qs("id from friends where (pid='$from' and fid='$to') or (fid='$from' and pid='$to')"); $is_friend=0; if (!e($rif)) $is_friend=1;*/ // if (!$wink&&!$member_policy[send_message]&&!$is_friend) e0("No rights to send messages!"); /*if ($wink&&!($member_policy[wink]||$member_policy[kiss])) e0("No rights to quick message!"); //same type if ($mem[p1]==$pfrom[p1] && !$member_policy[message_same]) e0("No rights to message same type of profile!"); //paid messaging $message_cost=0; if (!$wink) $message_cost=$member_policy[message_sendcost]; else $message_cost=$member_policy[message_winkcost]; if ($message_cost) { include_once("money/money.lib.php"); if (account_has_credits($auth, $message_cost)) money_spend($auth, $message_cost, l1("Send Message"), $from, 6, $to); else e0("Insufficient credits!"); } if ($wink) qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '2', '0', '$tim', '$subject', '$message')"); else qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '0', '0', '$tim', '$subject', '$message')"); if ($save_template) qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '1', '0', '$tim', '$subject', '$message')"); echo "<b>"; if (!$is_friend) echo l1("Message was sent!"); else echo l1("Message was sent to friend!"); echo "</b><br>"; mem_incstat($auth,1); mem_incstat($auth,2); mem_incstat($auth,3); //Email notification if ($mem[p2]) $memi=f(qs("* from members where id='$mem[member]'")); */ $param=array( subject=>$subject, message=>$message, /* profile=>$mem[name], fname=>$memi[fname], lname=>$memi[lname], mail=>$memi[email], username=>$memi[login], password=>$memi[pswd], city=>$mem[city], country=>$mem[country], id=>$mem[id], sender=>$pfrom[name], // sender_link=>$ROOT_HOST."profile.php?profile_name=".$pfrom[name], loginlink=>$ROOT_HOST."login.php?username=$mem[login]&password=$mem[pswd]",*/ link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_POST['send'] == '1' && $_POST['Submit'] == 'Submit'){ //Number of messages sent last 30days $q1="SELECT * FROM msend_msg where mid='$_POST[auth]' and date >= DATE_SUB(CURDATE(), INTERVAL 1 MONTH)"; $r1 = mysql_query($q1); $num_msg_last30days= mysql_num_rows($r1); //messages sent current month $q2="select * from msend_msg where mid='$_POST[auth]' and month='$mon'"; $r2 = mysql_query($q2); $msg_sent_curmonth= mysql_num_rows($r2); //message limit per month $q3 = "Select value from prights where pid = '$_POST[auth]' and rid = '54'"; $r3 = mysql_query($q3); $row3 = mysql_fetch_array($r3); // count value per Month $msg_limit_monthly = $row3['value']; $msg_left=$msg_limit_monthly - $msg_sent_curmonth; echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.!")); echo "<br>"; echo "Messages sent in last 30 days:$num_msg_last30days<br> Messages Left:$msg_left<br>"; } }//End day if else { echo "Too Many Message Today"; }//End of day else // test // /* $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` ) VALUES ('$auth', '$pro_id' , '$name', '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1')"; $res1 = mysql_query($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_POST['name']; } $param=array( subject=>$subject, message=>$message, link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_POST['send'] == '1' && $_POST['Submit'] == 'Submit'){ echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.!")); echo "<br>"; }*/ }//End month if else{ echo "Too Many Message This Month - View Member Upgrades to purchase more messages."; } // Month Condition /*if($value_month>$count_msg1){ $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `inmate_number` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` ) VALUES ('$auth', '$pro_id' , '$name', '$inmate_number' , '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1')"; $res1 = mysql_query($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_POST['name']; } $param=array( subject=>$subject, message=>$message, link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_POST['send'] == '1' && $_POST['Submit'] == 'Submit'){ echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.")); echo "<br>"; } } else { echo "Too Many Message This Month - View Member Upgrades to purchase more messages."; }*/ }//end else { echo "You Don't have right to send messages."; } } /*if ($mem[p4]) { $message=l1("New message was just received!"); qi("mproactive ( mid , type , rdate , message ) VALUES ('$mem[member]', '1', '$tim', '$message')"); echo(l1("Instant notification sent! Member will receive if online.")); } $to=""; $message=""; $subject=""; $ntm3k_ncd_directive=$verify; }; echo "<br></center>"; }*/ ?> <form action="send_message.php" method="post" enctype="multipart/form-data" > <input type="hidden" name="profile_id" value="<?=$pro_id?>"> <table align="center" width=100% cellpadding="1" cellspacing="1" border="<?=$tab_bd_size?>" bordercolor="<?=$color_tab_bd?>" bgcolor="<?=$color_tab_bkg?>"> <tr bgcolor="<?=$color_head_bk?>"> <td colspan="2"><div align="center"> <p><strong><font size="3">Email A Inmate</font></strong></p> <p>Email a Inmate is a program where we collect letters to inmates and send them to the inmate twice a month. Inmates do not have access to emails, so we take the next step and print the letter and mail it to him/her via US Mail. As a registered user you are allowed up to four free "email a inmate" letters. If you desire more then four per month, please <a href="http://www.letterstoprison.com/membership.php">upgrade</a> your account. </p> <p><a href="http://support.letterstoprison.com/" target="_blank">If you have any questions, please contact customer support. </a></p> </div></td> </tr> <tr bgcolor="<?=$color_head_bk?>"> <td colspan="2"> <strong><img src="<?=t1i("icons16/message", "icons/messages.gif")?>" border="0" align="absmiddle"><font color="<?=$color_head?>" > <?=l1("Email a Prisoner - We print out your message and mail it to the inmate.")?> </font></strong></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td width="16%" bgcolor="<?=$color_light_bk?>"><?=(l1("Inmate Name"))?></td> <td width="84%" bgcolor="<?=$color_light_bk?>"><font size="1"><b> <?=$inmate_name?> #<?=$inmatenumber?> </b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Facility Name"))?></td> <td><font size="1"><b> <?=$facility_name?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Facility Address"))?></td> <td><font size="1"><b> <?=$facility_address?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("City"))?></td> <td><font size="1"><b> <?=$inmate_city?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("State"))?></td> <td><font size="1"><b> <?=$inmate_state?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Country"))?></td> <td><font size="1"><b> <?=$inmate_country?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Zip"))?></td> <td><font size="1"><b> <?=$inmate_zip?></b></font></td> </tr> <tr bgcolor="<?=$color_light_bk?>"> <td colspan="2"> </td> </tr> <tr bgcolor="<?=$color_light_bk?>"> <td colspan="2"><p><strong> <?=(l1("From - Your Contact Information"))?> </strong></p></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Your Name"))?></td> <td bgcolor="<?=$color_tab_bk?>"> <input name="name" type="text" id="name" value="<?=$wdet[name]?>" size="64" maxlength="128" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Street Address"))?></td> <td><input name="street" type="text" id="street" size="64" maxlength="128" /></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("City"))?> </td> <td><input name="city" type="text" size="64" maxlength="128" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("State/County"))?> </td> <td><input name="state" type="text" id="state" size="64" maxlength="64" /> <? if ($mab_mod[Zones]) { ?> <a href="javascript: var locsel=window.open('location_popup.php?details_var=reg_zone', '_locationwindow', 'fullscreen=no,toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,directories=no,location=no,width=400,height=150'); locsel.focus();"><b><img src="<?=t1i("icons16/world","interface/globe.gif")?>" border="0" align="absmiddle" /> <?=l1("Select")?> </b></a> <? } ?></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Country"))?> </td> <td><input name="country" type="text" id="country" size="64" maxlength="64" /> <? if ($mab_mod[Zones]) { ?> <a href="javascript: var locsel=window.open('location_popup.php?details_var=reg_zone', '_locationwindow', 'fullscreen=no,toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,directories=no,location=no,width=400,height=150'); locsel.focus();"><b> <img src="<?=t1i("icons16/world","interface/globe.gif")?>" border="0" align="absmiddle" /> <?=l1("Select")?> </b></a> <? } ?></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Postal/ZIP Code"))?> </td> <td><input name="zip" type="text" size="64" maxlength="16" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Message Detail"))?></td> <td bgcolor="<?=$color_tab_bk?>"> <p> <textarea name="message" cols="100" rows="12" id="message"><?=$wdet[message]?> </textarea> </p> <p align="center"><? echo "Your IP Address is tracked for security and fraud prevention. Your IP address is $ip"; ?> </p> <font size="-4">Max Message Length is 500 Characters </font></p> <p align="justify"><font size="-4">Disclaimer: Some states do not allow 3rd party letters. If a letter is returned to us, we will contact you via your email address on file. If in the past a letter has been returned, we will make a notation on the inmates profile. Each household is limited to one account. If more then one account is used to send more then the allowed letters, your account will be suspended till payment is made for the extra letters. Please limit mature content in your letters. Letters are subject to revier to verify terms of use are followed. </font></font></p></td> </tr> <? if ($mab_mod[Templates]){?> <tr bgcolor="<?=$color_tab_bk?>"> <td colspan="2"><blockquote> <p> <?=h1("Send Message")?></p> </blockquote></td> </tr> <? }?> <tr align="center" valign=top bgcolor="f0f0f0"> <td colspan="2"><input name="send" type="hidden" id="send" value="1" /> <input type="submit" name="Submit" value="<?=l1("Submit")?>"> <input type="hidden" name="pid" value="<?=$pid?>"></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td colspan="2" bgcolor="<?=$color_light_bk?>"><a href="member_center.php"><img src="<?=t1i("icons32/account", "icons/account.gif")?>" border="1" align="absmiddle" /><<<?=l1("Account")?> </a></td> </tr> </table> </form> <? include("_footer.php");?> <script type="text/javascript"> <!-- function textCounter(field, countfield, maxlimit) { if (field.value.length > maxlimit) // if too long...trim it! field.value = field.value.substring(0, maxlimit); // otherwise, update 'characters left' counter else countfield.value = maxlimit - field.value.length; } // --> </script> At the very least, this should work as it did before any changes were made. Unless there is something in one of your "requires files listed at the top, this would work as before but provide enough stability that inappropriate usage would be limited since the script would only accept data from the form as opposed to the original version that allowed data to be sent through the URL instead. If this doesn't behave as expected, you'll need to either get the original programmer to fix it or find a new programmer to fix it. It would probably be cheaper to offer additional money to the original developer fix the problem. Handy PHP Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.