php switch

[ohdang888]

ready for a confusing problem! (at least for me  )

 

i have a form with action="do.php?do=register" method="POST"

 

i know for a fact that the do.php file is getting the $_GEt attibute correctly because i did this to error check:

if($_GET['do'] == "register"){

echo "gahhh";

}

 

and it echoed gahhh.

 

Now, i have a big-a$# switch statement with $_GET['do'] as the parameter.

 

in it i have this:

case "register":
r("?reg=confirm");
break;

default:
header(Location: index.php?m=undefined&do=".$_GET['do']);
break;

 

Get this: its redirecting me to "index.php?m=undefined&do="

 

I never reset a $_GET param or anything like that, but it seems as though its erased $_GET['do']. How messed up is that!

 

Any ideas how to solve that?

[steviez]

not sure if it will solve it but

header(Location: index.php?m=undefined&do=".$_GET['do']);

 

Should be

header("Location: index.php?m=undefined&do=".$_GET['do']);

 

 

[ohdang888]

not sure if it will solve it but

header(Location: index.php?m=undefined&do=".$_GET['do']);

 

Should be

header("Location: index.php?m=undefined&do=".$_GET['do']);

 

 

 

Nope that was a just a typo on my part.

[shino]

would be easier if you posted your whole code.

Also, could be if your using $do somewhere and register globals is on that it's overwriting it.

[ohdang888]

heres the file. thanks

<?php
require_once('connect.php');

function r($url){
header('Location: '.$url);
die();
}

function pass($pass){
return md5("$39".md5($pass)."*)dP~");
}

function validEmail($email)
{
   $isValid = true;
   $atIndex = strrpos($email, "@");
   if (is_bool($atIndex) && !$atIndex)
   {
      $isValid = false;
   }
   else
   {
      $domain = substr($email, $atIndex+1);
      $local = substr($email, 0, $atIndex);
      $localLen = strlen($local);
      $domainLen = strlen($domain);
      if ($localLen < 1 || $localLen > 64)
      {
         // local part length exceeded
         $isValid = false;
      }
      else if ($domainLen < 1 || $domainLen > 255)
      {
         // domain part length exceeded
         $isValid = false;
      }
      else if ($local[0] == '.' || $local[$localLen-1] == '.')
      {
         // local part starts or ends with '.'
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $local))
      {
         // local part has two consecutive dots
         $isValid = false;
      }
      else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
      {
         // character not valid in domain part
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $domain))
      {
         // domain part has two consecutive dots
         $isValid = false;
      }
      else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                 str_replace("\\\\","",$local)))
      {
         // character not valid in local part unless 
         // local part is quoted
         if (!preg_match('/^"(\\\\"|[^"])+"$/',
             str_replace("\\\\","",$local)))
         {
            $isValid = false;
         }
      }
      if ($isValid && !(checkdnsrr($domain,"MX") || 
checkdnsrr($domain,"A")))
      {
         // domain not found in DNS
         $isValid = false;
      }
   }
   return $isValid;
}







$doit = $_GET['do'];

switch($doit){
case "login":
if($_SESSION['user_logged_in']){ r("index.php?m=already logged in"); }
if(empty($_POST['email']) or empty($_POST['password'])){ r("index.php?login=1&m=missing_field&email=".urlencode($_POST['email'])); }

$email = clean($_POST['email']);
$pass = pass($_POST['password']);
$res = mysql_query("SELECT user_id, token FROM users WHERE lower(email)=lower('$email') AND `password`='$pass' LIMIT 1")or die("LOGIN ERROR");
if(mysql_num_rows($res) == 1){
$row = mysql_fetch_array($res);
$_SESSION['user_logged_in'] = true;
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_token'] = $row['token'];
r("index.php?logged_in");
}else{
r("index.php?login=1&not_found=1&email=".urlencode($_POST['email']));
}
break;


//END LOGIN


case "logout":
if(!$_SESSION['user_logged_in']){ r("index.php?m=not_logged_in_anyways"); }
session_destroy();
r("index.php?m=logged_out");
break;


//END LOGOUT


case "register":
if(empty($_POST['email']) or empty($_POST['password'])){ r("index.php?reg=1&m=missing_field&email=".urlencode($_POST['email'])); }
if(!validEmail($_POST['email'])){r("?reg=1&m=invalid_email");}
if(count($_POST['password']) < 6){r("?reg=1&m=pass must have more than 6 characters&email=".urlencode($_POST['email']));}

$email = clean($_POST['email']);
$res = mysql_query("SELECT user_id FROM users WHERE lower(email)=lower('$email') LIMIT 1")or die("REGSITER ERROR");
if(mysql_num_rows($res) == 1){
r("?reg=1&m=That+email+already+exists+in+our+system");
}
$pass = pass($_POST['password']);


$to = $_POST['email'];
$from = "[email protected]";
$subject = "Confirm this email to activate your  account";

    //begin of HTML message
    $message = "<html>
  <body bgcolor=\"#DCEEFC\">
    <center>
        Please click <a href='http://www.googe.com/do.php?do=confirm_email&token='>here</a> to confirm your email address.<br/>
        If you cannot click that link, copy and paste this url into your browser: <br>
         http://www.googe.com/javascript_projects/blogAPI/site/do.php?do=confirm_email&token=
    </center>
      </body>
</html>";
   //end of message

    // To send the HTML mail we need to set the Content-type header.
    $headers = "MIME-Version: 1.0rn";
    $headers .= "Content-type: text/html; charset=iso-8859-1rn";
    $headers  .= "From: [email protected]\r\n";
    //options to send to cc+bcc
    //$headers .= "Cc: [email][email protected][/email]";
    //$headers .= "Bcc: [email][email protected][/email]";
    
    // now lets send the email.
    mail($to, $subject, $message, $headers); 
r("?reg=confirm");
break;


default:
r("index.php?m=undefined&do=".$_GET['do']);
break;
}


//FUNCTIONS 


?>

[riwan]

see this thread which I've given the solution

http://www.phpfreaks.com/forums/index.php/topic,299702.0.html

 

I would think the solution is the same

form action should not contain ?do=register

instead just use do.php in form action

and then use

<input type="hidden" name="do" value="register"/>

retrieve the value with $_POST["do"]

 

[ohdang888]

just tried it. and same redirection.

 

then i added this before the switch statement:

if($_POST['do'] == "register"){
echo "gahhhhhhhhhhhh";
}

And guess what! IT FREIKING ECHOS gahhhhhhhhhhhh

 

i know the variable in the switch statement is right (and set), and the "case" is right... so WTF!

 

gah. any other ideas?!

[PFMaBiSmAd]

Your code in the 'register' section is redirecting back to that same page upon an error, but is not setting do= in the URL.

 

Is there some reason you have so many redirects in that code instead of just displaying the information you want?

[ohdang888]

Is there some reason you have so many redirects in that code instead of just displaying the information you want?

Ya, do.php is a backend file that has functions that are done and then the user is sent back to the index.php page with the results.

 

I set it up this way cause i thought it'd be nice to have all those types of functions in one folder rather than make like 10 extra files

[riwan]

And guess what! IT FREIKING ECHOS gahhhhhhhhhhhh

 

i know the variable in the switch statement is right (and set), and the "case" is right... so WTF!

What do you expect the script to do ?

 

Ok, now that you are sure that you get the $_POST['do'] contain register before the switch.

For the redirect to work, you need to comment the echo ?

[ohdang888]

you need to comment the echo

 

Ya i already did that. Its back to the file thats posted (except $_GET is now $_POST)

[riwan]

you need to separate two type of things.

for redirection you need method get, so you must include ?do=register

but for form submit with method POST do not include ?do=register in the action but set it as hidden field

 

Basically you need to store the value in $_POST['do'] to $doit

if its empty then you need to store $_GET['do'] to $doit

 

So what's the problem you're having now ?

[ohdang888]

you need to separate two type of things.

for redirection you need method get, so you must include ?do=register

but for form submit with method POST do not include ?do=register in the action but set it as hidden field

 

Basically you need to store the value in $_POST['do'] to $doit

if its empty then you need to store $_GET['do'] to $doit

 

So what's the problem you're having now ?

 

I already had all this done, yet revised it a tad and now its working. Still does not make ANY sense to me but whatever.

 

Thanks!