pithed2 Posted March 13, 2010 Share Posted March 13, 2010 This is probably just me missing a quote or something, but my php file is printing rather than processing. I'm not seeing my mistake. <?php // Make sure the user actually posted something. // If they didn't, scram brotha. if (!isset($_POST) || empty($_POST)) { redirect($_SERVER['REQUEST_URI'], true); } // Move over the fields from the contact form and stick them in temp variables $contactFields = array ( 'company', 'name', 'address', 'phone', 'email', 'comments' ); // Now take the posted data and stick it into the data array $data = array(); foreach ($contactFields as $field) { $data[$field] = isset($_POST[$field]) ? trim(stripslashes($_POST[$field])) : ''; } // Time for some real, real basic edits. // Basically, this is requiring the Name and either a phone number or email address. if (empty($data['name'])) { redirect($_SERVER['REQUEST_URI'], true); } if (empty($data['phone']) && empty($data['email'])) { redirect($_SERVER['REQUEST_URI'], true); } if (empty($data['comments'])) { redirect($_SERVER['REQUEST_URI'], true); } // Check 1 //First, make sure the form was posted from a browser. // For basic web-forms, we don't care about anything // other than requests from a browser: if(!isset($_SERVER['HTTP_USER_AGENT'])) { die('Forbidden - You are not authorized to view this page (0)'); exit; } // Check 2 // Make sure the form was indeed POST'ed: // (requires your html form to use: action="get") if(!$_SERVER['REQUEST_METHOD'] == "GET") { die('Forbidden - You are not authorized to view this page (1)'); exit; } // Host names from where the form is authorized // to be posted from: $authHosts = array("calliopevoices.com"); // Where have we been posted from? $fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER'])); // Test to see if the $fromArray used www to get here. $wwwUsed = strpos($fromArray['host'], "www."); // Make sure the form was posted from an approved host name. if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)) { die(' Forbidden - You are not authorized to view this page (2)'); exit; } // Attempt to defend against header injections: $badStrings = array("content-type:", "mime-version:", "content-transfer-encoding:", "multipart/mixed", "charset=", "bcc:", "cc:"); // Loop through each POST'ed value and test if it contains // one of the $badStrings: foreach($_POST as $k => $v) { foreach($badStrings as $v2) { if(strpos(strtolower($v), $v2) !== false) { die('Form processing cancelled: string(`'.$v.'`) contains text portions that are potentially harmful to this server. Your input has not been sent! Please use your browser\'s `back`-button to return to the previous page and try rephrasing your input.'); exit; } } } // Made it past spammer test, free up some memory // and continuing the rest of script: unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed); // At this point we know we have at least the user's name, a phone/email address and their comments. // Time to create the email. $to = 'info@xxxxx.com'; $subject = 'User Comment'; //$message = 'On ' . $date('m/d/Y \\at h:i:s a'); $message = trim($data['name']); $message .= ' emailed with the following comment:'. "\r\n"; $message .= trim($data['comments']); $headers = 'From: Contact Form <info@xxxxxx.com>' . "\r\n"; // Send out the email // Mail it $sent = mail($to, $subject, $message, $headers); // If it was successfully sent, then go to the thank you page // otherwise go back to the form. if ($sent) { $url = 'thankyou.php'; } else { $url = $_SERVER['REQUEST_URI']; } redirect($url, true); ?> Instead of processing, I get the text of this entire php file starting at $v) { foreach($badStrings as $v2) and going all the way to the end. I would assume that somewhere I'm missing the ending quote or something, but I don't see it. Anyone with a better set of eyes than mine? TIA, Andy Quote Link to comment Share on other sites More sharing options...
trq Posted March 13, 2010 Share Posted March 13, 2010 If you are seeing php code then your server is misconfigured. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 13, 2010 Share Posted March 13, 2010 Has any php code ever functioned on your server (i.e. fill us in on how you got to this point)? Quote Link to comment Share on other sites More sharing options...
pithed2 Posted March 13, 2010 Author Share Posted March 13, 2010 I've been able to run joomla off my test server without issue. I'm just trying to make a small back end script for a friend that wants a contact form. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 13, 2010 Share Posted March 13, 2010 There is nothing in the posted code that is causing the symptom you mentioned. However, since that is not all the relevant code on the page, it is not directly possible to tell you what is wrong with it. Post the whole file, including the first opening php tag in the file. Quote Link to comment Share on other sites More sharing options...
pithed2 Posted March 13, 2010 Author Share Posted March 13, 2010 Actually, that is the entire file. I have a page prior to that that hosts the form and has this file to do the processing. Is the page with the form what you're looking for? I can pull that for ya. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html > <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Contact Us</title> <link type="text/css" rel="stylesheet" href="css/style.css"> <style type="text/css"> <!-- .style7 {font-size: 36px} .style8 {color: #990000} --> </style> </head> <body> <div id="wapper"> <div id="container"> <div class="centerPanel"> <div id="mainController"> <div id="mainHeaderPanel"> <div id="mainLeftPanel"> <div id="logoPanel"> <div id="logoPanel"><strong><img src="images/calliope.jpg" width="76" height="45" /><br /> xxxxxxxxxx</strong><br /> xxxxxxxxxxxxxxxxx<br /> xxxxxxxxxxxxxxx<br /> (xxxxxxxxxxxxxx<br /> <strong>info at xxxxxxxxxx.com</strong> </a> </div> </div> <div id="navigationPanel"> <ul class="navList"> <li><a href="index.html" onClick="return (false);"><span>Home</span> </a></li> <li><a href="about-us.html" onClick="return (false);"><span>About</span></a></li> <li><a href="voices.html" onClick="return (false);"><span>Our Voices </span></a></li> <li><a href="about-us.html" onClick="return (false);"><span>What We Do</span></a></li> <li><a href="contact-us.html" class="over" onClick="return (false);"><span> Contact</span></a></li> <li><a href="twincities.html" onClick="return (false);"><span> Twin Cities, USA </span></a></li> </ul> </div> </div> <div> <img src="images/voice3.jpg" /> </div><br /> <span class="readMore"></span> <div class="clear"></div> <div> </div> </div> <div id="middlePanel"> <p><br /> <span class="logbDesingBox5 style4 style7">Say<br /> <span class="style8">Something</span></span> <div> <strong> Gots a question? Gots something to say? Something about yourself that you just need to reveal to someone? </strong><br /> <br /> No worries. Give us a call...fill out the form...shoot us a message. We wants to know about it. </div> <div> <br /> <h6>Contact Form:</h6> <form action="form.php" method="GET"> <table width="97%"> <tr> <td width="145" align="left" valign="top" class="body" id="Company"><strong>Company:</strong></td> <td width="280" align="left" valign="top"><input name="Company" type="text" size="30" /></td> </tr> <tr> <td align="left" valign="top" class="body" id="Contact"><strong>Full Name:</strong></td> <td align="left" valign="top"><input name="Name" type="text" size="30" /></td> </tr> <tr> <td align="left" valign="top" class="body" id="Address"><strong>Address: </strong></td> <td align="left" valign="top"><input name="Address" type="text" size="30" /></td> </tr> <tr> <td align="left" valign="top" class="body" id="Phone"><strong> Phone: </strong></td> <td align="left" valign="top"><input name="Phone" type="text" size="30" /></td> </tr> <tr> <td align="left" valign="top" class="body" id="Email"><strong> Email: </strong></td> <td align="left" valign="top"><input name="Email" type="text" size="30" /></td> </tr> <tr> <td align="left" valign="top" class="body" id="Comments"><strong> Questions / Comments: </strong></td> <td align="left" valign="top"><textarea name="comments" cols="25" rows="6"></textarea></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" class="button" value="Send Now" /></td> </tr> </table> </form> </div> <div> <br /> <h6>Contact Information: </h6> <img src="images/photo-contact.jpg" alt="" width="152" height="100" class="project-img" /> xxxxxxxx<br /> xxxxxxxxxxxxx<br /> xxxxxxxx<br /> xxxxxxxxxxxxxxxx <br /> <br /> <p> <span><img src="images/ico-phone.png" alt="Phone" width="20" height="16" hspace="2" /> Phone:</span> xxxxxxxxxxxxx<br /> <span><img src="images/ico-fax.png" alt="Fax" width="20" height="16" hspace="2" /> Fax:</span> xxxxxxxxxxxxx</p> <p><br /> <span><img src="images/ico-website.png" alt="WWW Link" width="20" height="16" hspace="2" /> Website:</span> <a href="#">www.xxxxxxxxxxx.com</a><br /> <span><img src="images/ico-email.png" alt="Email" width="20" height="16" hspace="2" /> Email:</span> <a href="mailto:info@xxxxxxxxxx.com">info@xxxxxxxxxxxxx.com</a><br /> <span><img src="images/ico-twitter.png" alt="Twitter Follow" width="20" height="16" hspace="3" /> <a href="#">Follow</a> on Twitter</span><br /> <br /> </p> </div> <span class="readMore"></span> <div class="servicecolumnzone"> <p> </p> <div class="servicecolumn1"> <div> <h5> <a href="/calliopevoices.html" onClick="return (false);">Calliope Voices </a></h5> <img src="images/mic.jpg" alt="" width="65" height="65" class="abouticon" />They're not just great voices. They're great people with remarkable creative reserves. They don't just read. They dig deep to bring out the best in your work. </div> <div class="clear"></div> </div> <div class="servicecolumn2"> <div> <h5><a href="http://www.xxxxxx.com/audio.html"> Audio</a> </h5> <img src="images/bcasm.jpg" alt="" width="65" height="60" class="abouticon" />If you've not recorded with Audio, then you're missing out on one of the best values in town. A great facility with great expertise, and rates to lighten your bottom line. </div> <div class="clear"></div> </div> <div class="clear"></div> <div class="servicecolumn1"> <div> <h5>In-House Coaching </h5> <img src="images/fan.jpg" alt="" width="65" height="65" class="abouticon" />xxxxxxxx talent is already terrific when they walk through our door, and we aims to keep them that way. All of our talent are treated to regular coaching sessions, which are designed to maximize their skills, while keeping their freshness date intact. </div> <div class="clear"></div> </div> <div class="servicecolumn2"> <div> <h5>Mixers and Showcases </h5> <img src="images/spot.jpg" alt="" width="65" height="65" class="abouticon" />All those names out there. All those voices. Tell you what...how 'bout you drop by our place once in a while for a beer? You can meet flesh and blood talent, take a listen to what they can do, and maybe take a shot at directing them, too. It's a complete gas. Do it. </div> </div> <div class="clear"></div> </div> </div> <div class="clear"></div> </div> <div> <div></div> </div> </div> <div id="main_footer_panel"> <div class="main_footer_controller"> <div class="main_center"> <div class="main_footer_details"> <p><a href="index.html" onClick="return (false);">Home </a>| <a href="about-us.html" onClick="return (false);"> About </a> |<a href="services.html" onClick="return (false);"> What We Do </a> |<a href="voices.html" onClick="return (false);">Our Voices </a> |<a href="contact-us" onClick="return (false);"> Contact</a>| <a href="audio.html" onClick="return (false);"> Audio </a> |<a href="twincities.html" onClick="return (false);"> Twin Cities, USA </a> </p> <h4>© Copyright xxxxxxxxx, LLC. All Rights Reserved</h4> </div> </div> </div> </div> </div> </div> </div> </div> </div> </html> Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 13, 2010 Share Posted March 13, 2010 Since there is no built-in php function named redirect(), the posted php code would result in a fatal runtime error and would not display any portion of the code or content in that file. Quote Link to comment Share on other sites More sharing options...
pithed2 Posted March 13, 2010 Author Share Posted March 13, 2010 I'm a moron. Thanks! That's what I get for copying code. I'll switch those out with header and see what I get. Quote Link to comment Share on other sites More sharing options...
pithed2 Posted March 13, 2010 Author Share Posted March 13, 2010 Changed the code to header(Location: etc) and still get the same thing. <?php // Make sure the user actually posted something. // If they didn't, scram brotha. if (!isset($_POST) || empty($_POST)) { header("Location: http://www.xxxxxxxxx.com/contact-us.html"); } // Move over the fields from the contact form and stick them in temp variables $contactFields = array ( 'company', 'name', 'address', 'phone', 'email', 'comments' ); // Now take the posted data and stick it into the data array $data = array(); foreach ($contactFields as $field) { $data[$field] = isset($_POST[$field]) ? trim(stripslashes($_POST[$field])) : ''; } // Time for some real, real basic edits. // Basically, this is requiring the Name and either a phone number or email address. if (empty($data['name'])) { header("Location: http://www.calliopevoices.com/contact-us.html"); } if (empty($data['phone']) && empty($data['email'])) { header("Location: http://www.calliopevoices.com/contact-us.html"); } if (empty($data['comments'])) { header("Location: http://www.calliopevoices.com/contact-us.html"); } // Check 1 //First, make sure the form was posted from a browser. // For basic web-forms, we don't care about anything // other than requests from a browser: if(!isset($_SERVER['HTTP_USER_AGENT'])) { die('Forbidden - You are not authorized to view this page (0)'); exit; } // Check 2 // Make sure the form was indeed POST'ed: // (requires your html form to use: action="post") if(!$_SERVER['REQUEST_METHOD'] == "POST") { die('Forbidden - You are not authorized to view this page (1)'); exit; } // Host names from where the form is authorized // to be posted from: $authHosts = array("xxxxxxxx.com"); // Where have we been posted from? $fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER'])); // Test to see if the $fromArray used www to get here. $wwwUsed = strpos($fromArray['host'], "www."); // Make sure the form was posted from an approved host name. if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)) { die(' Forbidden - You are not authorized to view this page (2)' exit; } // Attempt to defend against header injections: $badStrings = array("content-type:", "mime-version:", "content-transfer-encoding:", "multipart/mixed", "charset=", "bcc:", "cc:"); // Loop through each POST'ed value and test if it contains // one of the $badStrings: foreach($_POST as $k => $v) { foreach($badStrings as $v2) { if(strpos(strtolower($v), $v2) !== false) { die('Form processing cancelled: string(`'.$v.'`) contains text portions that are potentially harmful to this server. Your input has not been sent! Please use your browser\'s `back`-button to return to the previous page and try rephrasing your input.'); exit; } } } // Made it past spammer test, free up some memory // and continuing the rest of script: unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed); // At this point we know we have at least the user's name, a phone/email address and their comments. // Time to create the email. $to = 'info@xxxxx.com'; $subject = 'User Comment'; //$message = 'On ' . $date('m/d/Y \\at h:i:s a'); $message = trim($data['name']); $message .= ' emailed with the following comment:'. "\r\n"; $message .= trim($data['comments']); $headers = 'From: Contact Form <info@xxxxxx.com>' . "\r\n"; // Send out the email // Mail it $sent = mail($to, $subject, $message, $headers); // If it was successfully sent, then go to the thank you page // otherwise go back to the form. if ($sent) { $url = 'thankyou.php'; } else { $url = $_SERVER['REQUEST_URI']; } header("Location: {$ur}"); ?> Still get all my code on being echoed onto the page. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 13, 2010 Share Posted March 13, 2010 Either php is not installed/working or the file name being requested does not end in .php or the <?php opening tag is not being seen because it contains corrupted or a non-printing character(s). Quote Link to comment Share on other sites More sharing options...
pithed2 Posted March 13, 2010 Author Share Posted March 13, 2010 It was the php installation. Thanks for your time. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.