blanne Posted August 29, 2011 Share Posted August 29, 2011 Hi all. I've been trying to solve the following issue for about a week. I've looked on this board (and various others) and do find some references to the code, but no assistance with my problem. The code is from NOPCART free PHP shopping cart, and I know it's quite old, but I'm hoping it will work for me as I haven't found any others. I also have little/no PHP skills, but have certainly been learning a bit lately with this! OK, on to the porblem. I have a checkout.htm file, which takes a form input and passes it to the checkout.php script. This in turn should populate an email (and csv file) and send to me. I fixed an issue with it not sending at all, but now it sends with only static data - that is it doesn't pass the form data. I also used a small script to see the form code generated, and this does display form data - so I know the html side is working. HTML code portion: <TABLE class="blacktext"> <TR><TD>Name: </TD><TD><input type="text" size="20" name="b_first"> <input type="text" size="20" name="b_last"></TD></TR> <TR><TD>Address: </TD><TD><input type="text" size="46" name="b_addr"> </TD></TR> <TR><TD>Address: </TD><TD><input type="text" size="46" name="b_addr2"></TD></TR> <TR><TD>Address: </TD><TD><input type="text" size="46" name="b_addr3"> </TD></TR> <TR><TD>State: </TD><TD><input type="text" size="1" name="b_state"> </TD></TR> <TR><TD>Zip: </TD><TD><input type="text" size="5" name="b_zip"></TD></TR> <TR><TD>Phone: </TD><TD><input type="text" size="37" name="b_phone"></TD></TR> <TR><TD>Fax: </TD><TD><input type="text" size="37" name="b_fax"></TD></TR> <TR><TD>Email: </TD><TD><input type="text" size="37" name="b_email"> </TD></TR> </TABLE> The variables are populated by user input fine. PHP section: $header = "header.html"; $footer = "footer.html"; $mailprogram = "sendmail -t"; $returnpage = "/"; $youremail = "info@myemail.co.za"; $csvfilename = "orders.csv"; $csvquote = "\"\""; $mode = "BOTH"; $b_first = "b_first"; $today = date ("l, F jS Y"); $strMessageBody = ""; $strMessageBody .= "A new order has been received. A summary of this order appears below.\n"; $strMessageBody .= "\n"; $strMessageBody .= "Order Date: $today \n"; $strMessageBody .= " \n"; $strMessageBody .= "Bill To: \n"; $strMessageBody .= "-------- \n"; $strMessageBody .= "$b_first"; $strMessageBody .= "$b_last \n"; $strMessageBody .= " $b_addr \n"; $strMessageBody .= " $b_addr2 \n"; $strMessageBody .= " $b_city, $b_state $b_zip \n"; $strMessageBody .= " $b_phone \n"; $strMessageBody .= " $b_fax \n"; $strMessageBody .= " $b_email \n"; The email bit - I suspect this could be part of the issue..? if( $mode == "BOTH" || $mode == "EMAIL") { //# Send email order to you... $mailheaders = "From: $b_email\r\n"; $mailheaders .="X-Mailer: PHP Mail generated by:NOP Design Shopping Cart\r\n"; $subject = "New Online Order"; mail($youremail, $subject, $strMessageBody, $mailheaders); } The problem is that the $b_first variables etc. are not passing the information to the email body. I only receive the static text (and the $today info) For what it's worth, the script also processes a CSV file, but again only static data is passed to the CSV file, no variables. Please, I know this is old code, but I am a complete novice who simply wants to receive an online order. Online payments can come later. Any help is most appreciated. Thanks. Bryan Quote Link to comment Share on other sites More sharing options...
gizmola Posted August 29, 2011 Share Posted August 29, 2011 I don't see anything in your code that sets the variables from the $_POST superglobal array. When you state that the "variables are populated by user input fine" what exactly does that mean? Quote Link to comment Share on other sites More sharing options...
blanne Posted August 29, 2011 Author Share Posted August 29, 2011 Hi gizmola. My apologies if my language isn't correct. When you state that the "variables are populated by user input fine" what exactly does that mean? I mean that the user enters their details in the checkout.html page (for example in the b_first field) and this informaiton is passed to php ok, as I have checked with another small script. I am assuming then that the php form should populate the $b_first variable with the user input (first name) and then this would form part of the email body as in the $strMessageBody .= "$b_first"; ? The email populates the message body (I assume that $strMessageBody is some kind of system understood variable here) with only static text, e.g. $strMessageBody .= "Order Date: $today \n"; But not with user entered text - e.g. $strMessageBody .= "$b_first"; As for your comment on $_POST superglobal array - I am afriad this is beyond my capabilities! the orignal source code and help forums etc are at http://www.nopdesign.com/freecart Thanks for your assistance. Quote Link to comment Share on other sites More sharing options...
gizmola Posted August 29, 2011 Share Posted August 29, 2011 At the top of the email script, add this code: var_dump($_POST); die(); Report back with the results. Quote Link to comment Share on other sites More sharing options...
blanne Posted August 29, 2011 Author Share Posted August 29, 2011 Hey there. When I submit the order I receive the following on the screen instead of the usual "thanks for your order.." array(37) { ["ID_1"]=> string(5) "care1" ["QUANTITY_1"]=> string(1) "1" ["PRICE_1"]=> string(4) "0.00" ["NAME_1"]=> string(13) "Caribbean Red" ["SHIPPING_1"]=> string(4) "0.00" ["ADDTLINFO_1"]=> string(0) "" ["ID_2"]=> string(5) "resa1" ["QUANTITY_2"]=> string(1) "1" ["PRICE_2"]=> string(5) "40.00" ["NAME_2"]=> string(10) "Red Savina" ["SHIPPING_2"]=> string(4) "0.00" ["ADDTLINFO_2"]=> string(0) "" ["SUBTOTAL"]=> string(6) "R40.00" ["SHIPPING"]=> string(5) "R0.00" ["TAX"]=> string(5) "R0.00" ["TOTAL"]=> string(6) "R40.00" ["b_first"]=> string(6) "Bryan " ["b_last"]=> string(5) "Lanne" ["b_addr"]=> string(17) "6 Yellowood Close" ["b_addr2"]=> string(13) "Somerset West" ["b_addr3"]=> string(0) "" ["b_state"]=> string(2) "wc" ["b_zip"]=> string(4) "7130" ["b_phone"]=> string(10) "0768499170" ["b_fax"]=> string(0) "" ["b_email"]=> string(17) "bryan@lanne.co.za" ["s_first"]=> string(7) "ship to" ["s_last"]=> string(0) "" ["s_addr"]=> string(0) "" ["s_addr2"]=> string(0) "" ["s_city"]=> string(0) "" ["s_state"]=> string(0) "" ["s_zip"]=> string(0) "" ["s_phone"]=> string(0) "" ["s_fax"]=> string(0) "" ["s_email"]=> string(0) "" ["comment"]=> string( "instruct" } I guess for total clarity (and maximum assistance to you) I should post the whole codes, as below. You may notice I have "rem'd" a few php lines out - due to receiving errors back in the browser. The function doerror etc seems not to be recognised by the browser. Am I perhaps missing some kind of path to the actual PHP binaries? checkout.html (receives orders from managecart.html and displays order and requests shopper input) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Shu Shu Chillies</title> <meta name="description" content="Shu Shu Chillies. The only place for the hottest chilli seeds" /> <meta name="keywords" content="bhut jolokia, bih Jolokia, habanero, naga morich, naga, seed, seeds, chilli seeds, chillies, tomato seeds" /> <link href="../css/main.css" rel="stylesheet" type="text/css" /> <style type="text/css"> <!-- body { background-color: #F60; } --> </style> <script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script> <link href="../SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" /> <SCRIPT SRC="../pages/language-en.js"></SCRIPT> <SCRIPT SRC="../pages/nopcart.js"> //=====================================================================|| // NOP Design JavaScript Shopping Cart || // || // For more information on SmartSystems, or how NOPDesign can help you || // Please visit us on the WWW at http://www.nopdesign.com || // || // JavaScript Shop Module, V.4.4.0 || //=====================================================================|| </SCRIPT> <SCRIPT> function CheckForm( theform ) { var bMissingFields = false; var strFields = ""; if( theform.b_first.value == '' ){ bMissingFields = true; strFields += " Billing: First Name\n"; } if( theform.b_last.value == '' ){ bMissingFields = true; strFields += " Billing: Last Name\n"; } if( theform.b_addr.value == '' ){ bMissingFields = true; strFields += " Billing: Address\n"; } if( theform.b_state.value == '' ){ bMissingFields = true; strFields += " Billing: State\n"; } if( theform.b_zip.value == '' ){ bMissingFields = true; strFields += " Billing: Zipcode\n"; } if( theform.b_phone.value == '' ){ bMissingFields = true; strFields += " Billing: Phone\n"; } if( theform.b_email.value == '' ){ bMissingFields = true; strFields += " Billing: Email\n"; } if( bMissingFields ) { alert( "I'm sorry, but you must provide the following field(s) before continuing:\n" + strFields ); return false; } return true; } </SCRIPT> </head> <body> <div id="container"> <div id="header"> <div id="headerimageleft"> <img name="sb_y" src="../images/scotch_yell.jpg" width="120" height="120" alt="" /> </div> <div id="headerimageright"> <img name="sb_y" src="../images/header_cayenne.jpg" width="120" height="169" alt="" /> </div> <div class="fltrt" id="headertext"> <h1>Welcome to Shu Shu Chillies</h1> <h1>The <em>only</em> place for the <em>hottest</em> seeds!</h1> </div> <div id="logoholder"> <img src="../images/shushu_logo2.gif" width="200" height="133" alt="Shu Shu Chillies" /></div> </div> <div id="navbar"> <ul id="MenuBar1" class="MenuBarHorizontal"> <li><a href="../pages/index.html">Home</a> </li> <li><a href="#" class="MenuBarItemSubmenu">Products</a> <ul> <li><a href="../pages/chilli_seeds.html">Chilli Seeds</a></li> <li><a href="../pages/tomato_seeds.html">Tomato Seeds</a></li> </ul> </li> <li><a class="MenuBarItemSubmenu" href="#">Chilli FAQ</a> <ul> <li><a href="../pages/chilli_faq.html">Growing Tips</a> </li> <li><a href="../pages/chilli_faq.html#facts">Chilli Facts</a></li> <li><a href="../pages/chilli_faq.html#scoville">Scoville Scale</a></li> </ul> </li> <li><a href="../pages/ordering.html">Ordering info</a></li> <li><a href="mailto:info@mrchilli.co.za?subject=I am interested in chilli seeds" title="send us an email">Contact Us</a></li> </ul> </div> <br class="clearfloat" /> <NOSCRIPT> Whoops, we detected that your browser does not have JavaScript, or it is disabled. Our product catalog requires that you have JavaScript enabled to order products. <a href="http://www.netscape.com">Netscape</a> and <a href="http://www.microsoft.com/ie">Microsoft</a> offer free browsers which support JavaScript. If you are using a JavaScript compliant browser and still have problems, make sure you have JavaScript enabled in your browser's preferences. </NOSCRIPT> <div id="sidebar1"> <p class="centerjust">Sidebar right </p> </div> <div id="wideContent"> <p class="leftjust"> </p> <!--Shopping Cart Checkout Begin--> <FONT CLASS="checkout"> <form action="checkout.php" method="POST" name="checkout" id="checkout" onSubmit="return CheckForm(this)"> <NOBR> <SCRIPT> CheckoutCart(); </SCRIPT> </NOBR> <br> <h3 class="centerjust"> <b>Please fill out the following information below to complete your order.</b> </h3> <h3 class="centerjust"> <b>Billing Information:</b></h3> <P> <TABLE class="blacktext"> <TR><TD>Name: </TD><TD><input type="text" size="20" name="b_first"> <input type="text" size="20" name="b_last"></TD></TR> <TR><TD>Address: </TD><TD><input type="text" size="46" name="b_addr"> </TD></TR> <TR><TD>Address: </TD><TD><input type="text" size="46" name="b_addr2"></TD></TR> <TR><TD>Address: </TD><TD><input type="text" size="46" name="b_addr3"> </TD></TR> <TR><TD>State: </TD><TD><input type="text" size="1" name="b_state"> </TD></TR> <TR><TD>Zip: </TD><TD><input type="text" size="5" name="b_zip"></TD></TR> <TR><TD>Phone: </TD><TD><input type="text" size="37" name="b_phone"></TD></TR> <TR><TD>Fax: </TD><TD><input type="text" size="37" name="b_fax"></TD></TR> <TR><TD>Email: </TD><TD><input type="text" size="37" name="b_email"> </TD></TR> </TABLE> <p> <b><font class="greetext">Shipping Information (if different than billing):</font></b><P> <TABLE class="blacktext"> <TR><TD>Name: </TD><TD><input type="text" size="18" name="s_first"> <input type="text" size="15" name="s_last"></TD></TR> <TR><TD>Address: </TD><TD><input type="text" size="37" name="s_addr"> </TD></TR> <TR><TD>Address: </TD><TD><input type="text" size="37" name="s_addr2"></TD></TR> <TR><TD>City: </TD><TD><input type="text" size="21" name="s_city"> </TD></TR> <TR><TD>State: </TD><TD><input type="text" size="1" name="s_state"> </TD></TR> <TR><TD>Zip: </TD><TD><input type="text" size="5" name="s_zip"></TD></TR> <TR><TD>Phone: </TD><TD><input type="text" size="37" name="s_phone"></TD></TR> <TR><TD>Fax: </TD><TD><input type="text" size="37" name="s_fax"></TD></TR> <TR><TD>Email: </TD><TD><input type="text" size="37" name="s_email"> </TD></TR> </TABLE> <p> <FONT class="blacktext"> <b><font class="greetext">Comments/Special Instructions:</font></b><P> <TEXTAREA NAME="comment" ROWS=6 COLS=40> </TEXTAREA> </font> <p> <input type=submit Value="Submit Order"> <INPUT type=RESET value=" Clear Form "> </p></center> </FORM> <b><font color="#660000">This is a DEMO SITE! No real orders will be taken, and no products will be shipped. Please use a real email address to view the checkout confirmation. Your email address will NOT be stored on the server, or used for ANYTHING, EVER!</font></b><P> <!--Shopping Cart Checkout End --> </div> <br class="clearfloat" /> <div id="footer"> <p class="justify">© 2011 Shu Shu Chillies</p> </div> </div> <script type="text/javascript"> <!-- var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgDown:"../SpryAssets/SpryMenuBarDownHover.gif", imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"}); //--> </script> </body> </html> checkout.php (i made the part you requested in bold - please advise if I placed it correctly?) <? //=====================================================================|| // NOP Design JavaScript Shopping Cart || // PHP SCRIPT Checkout Module || // || // For more information on SmartSystems, or how NOPDesign can help you || // Please visit us on the WWW at http://www.nopdesign.com || // || // Javascript portions of this shopping cart software are available as || // freeware from NOP Design. You must keep this comment unchanged in || // your code. For more information contact FreeCart@NopDesign.com. || // || // JavaScript Shop Module, V.4.4.0 || //=====================================================================|| // || // Function: Writes available form elements from the NOP || // Free Cart (http://www.nopdesign.com/freecart) || // and other form elements to an email file, and || // send user confirmation || // || //=====================================================================|| //###################################################################### // # // User defined variables: # // $header - string value containing the complete # // path of the HTML page header # // $footer - string value containing the complete # // path of the HTML page footer # // $youremail - string value containing the email address to # // send catalog orders in EMAIL or BOTH modes # // $returnpage - URL to send user when checkout is complete # // $csvfilename - string value containing the complete # // path of the user database. # // $csvquote - string value containing what to use for quotes # // in the csv file (typically "" or \") # // $mode - string value containing 'EMAIL', 'FILE' or # // 'BOTH' to determine if the script should send # // an email to you with the new order, write the # // order to a CSV file, or do both. # //###################################################################### $header = "header.html"; $footer = "footer.html"; $mailprogram = "sendmail -t"; $returnpage = "/"; $youremail = "info@mrchilli.co.za"; $csvfilename = "orders.csv"; $csvquote = "\"\""; $mode = "BOTH"; //############################################################## //#FUNCTION: doFormError # //#RETURNS: # //#PARAMETERS: A error message string. # //#PURPOSE: Generates an HTML page indicating a form # //# submission error occurred. # //############################################################## /*function doFormError($errString) { include($header); echo "<FONT SIZE=+2>The form you submitted was not complete.<BR><BR></FONT>"; echo "$errString<BR><BR>\n"; echo "<INPUT TYPE=BUTTON ONCLICK='history.back()' VALUE=' Return to the checkout page '><HR>"; include($footer); exit; } //############################################################## //#FUNCTION: doError # //#RETURNS: # //#PARAMETERS: A error message string. # //#PURPOSE: Generates an HTML page indicating an error # //# occurred. # //############################################################## */ /* function doError($errString) { include($header); echo "$errString<BR><BR>\n"; include($footer); exit; } */ //############################################################## //############################################################## //### MAIN ### //############################################################## //############################################################## var_dump($_POST); die(); $b_first = "b_first"; $today = date ("l, F jS Y"); $strMessageBody = ""; $strMessageBody .= "A new order has been received. A summary of this order appears below.\n"; $strMessageBody .= "\n"; $strMessageBody .= "Order Date: $today \n"; $strMessageBody .= " \n"; $strMessageBody .= "Bill To: \n"; $strMessageBody .= "-------- \n"; $strMessageBody .= "$b_first"; $strMessageBody .= "$b_last \n"; $strMessageBody .= " $b_addr \n"; $strMessageBody .= " $b_addr2 \n"; $strMessageBody .= " $b_city, $b_state $b_zip \n"; $strMessageBody .= " $b_phone \n"; $strMessageBody .= " $b_fax \n"; $strMessageBody .= " $b_email \n"; $strMessageBody .= " \n"; $strMessageBody .= " \n"; $strMessageBody .= "Ship To: \n"; $strMessageBody .= "-------- \n"; $strMessageBody .= " $s_first $s_last \n"; $strMessageBody .= " $s_addr \n"; $strMessageBody .= " $s_addr2 \n"; $strMessageBody .= " $s_city, $s_state $s_zip \n"; $strMessageBody .= " $s_phone \n"; $strMessageBody .= " \n"; $strMessageBody .= " \n"; // next section edited to replace all \$ with R for currency $strMessageBody .= "Qty Price® Product ID - Product Name\n"; $strMessageBody .= "===================================================================== \n"; $strMessageBody .= "$QUANTITY_1 R$PRICE_1 $ID_1 - $NAME_1 $ADDTLINFO_1 \n"; if( $NAME_2 ) {$strMessageBody .= "$QUANTITY_2 R$PRICE_2 $ID_2 - $NAME_2 $ADDTLINFO_2 \n";} if( $NAME_3 ) {$strMessageBody .= "$QUANTITY_3 R$PRICE_3 $ID_3 - $NAME_3 $ADDTLINFO_3 \n";} if( $NAME_4 ) {$strMessageBody .= "$QUANTITY_4 R$PRICE_4 $ID_4 - $NAME_4 $ADDTLINFO_4 \n";} if( $NAME_5 ) {$strMessageBody .= "$QUANTITY_5 R$PRICE_5 $ID_5 - $NAME_5 $ADDTLINFO_5 \n";} if( $NAME_6 ) {$strMessageBody .= "$QUANTITY_6 R$PRICE_6 $ID_6 - $NAME_6 $ADDTLINFO_6 \n";} if( $NAME_7 ) {$strMessageBody .= "$QUANTITY_7 R$PRICE_7 $ID_7 - $NAME_7 $ADDTLINFO_7 \n";} if( $NAME_8 ) {$strMessageBody .= "$QUANTITY_8 R$PRICE_8 $ID_8 - $NAME_8 $ADDTLINFO_8 \n";} if( $NAME_9 ) {$strMessageBody .= "$QUANTITY_9 R$PRICE_9 $ID_9 - $NAME_9 $ADDTLINFO_9 \n";} if( $NAME_10 ){$strMessageBody .= "$QUANTITY_10 R$PRICE_10 $ID_10 - $NAME_10 $ADDTLINFO_10 \n";} if( $NAME_11 ){$strMessageBody .= "$QUANTITY_11 R$PRICE_11 $ID_11 - $NAME_11 $ADDTLINFO_11 \n";} if( $NAME_12 ){$strMessageBody .= "$QUANTITY_12 R$PRICE_12 $ID_12 - $NAME_12 $ADDTLINFO_12 \n";} if( $NAME_13 ){$strMessageBody .= "$QUANTITY_13 R$PRICE_13 $ID_13 - $NAME_13 $ADDTLINFO_13 \n";} $strMessageBody .= "===================================================================== \n"; $strMessageBody .= "SUBTOTAL: $SUBTOTAL \n"; $strMessageBody .= "TOTAL: $TOTAL \n"; $strMessageBody .= "\n"; $strMessageBody .= "FREIGHT: $SHIPPING \n"; $strMessageBody .= "\n\n"; $strMessageBody .= "Comments: \n"; $strMessageBody .= "--------- \n"; $strMessageBody .= "$comment \n"; $strMessageBody .= " \n"; if( $mode == "BOTH" || $mode == "EMAIL") { //# Send email order to you... $mailheaders = "From: $b_email\r\n"; $mailheaders .="X-Mailer: PHP Mail generated by:NOP Design Shopping Cart\r\n"; $subject = "New Online Order"; mail($youremail, $subject, $strMessageBody, $mailheaders); } if( $mode == "BOTH" || $mode == "FILE") { $csvcomments = $comment; if (!$CSVF = fopen($csvfilename,'a')) { doError("Unable to open CSV file for writing. Your order has not been saved."); exit; } fputs($CSVF, $string); fputs($CSVF, "\""); fputs($CSVF, "$today"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_first"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_last"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_addr"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_addr2"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_city"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_state"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_zip"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_phone"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_fax"); fputs($CSVF, "\",\""); fputs($CSVF, "$b_email"); fputs($CSVF, "\",\""); fputs($CSVF, "$s_first"); fputs($CSVF, "\",\""); fputs($CSVF, "$s_last"); fputs($CSVF, "\",\""); fputs($CSVF, "$s_addr"); fputs($CSVF, "\",\""); fputs($CSVF, "$s_addr2"); fputs($CSVF, "\",\""); fputs($CSVF, "$s_city"); fputs($CSVF, "\",\""); fputs($CSVF, "$s_state"); fputs($CSVF, "\",\""); fputs($CSVF, "$s_zip"); fputs($CSVF, "\",\""); fputs($CSVF, "$s_phone"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_1"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_1"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_1"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_1"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_1"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_2"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_2"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_2"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_2"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_2"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_3"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_3"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_3"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_3"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_3"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_4"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_4"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_4"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_4"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_4"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_5"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_5"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_5"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_5"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_5"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_6"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_6"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_6"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_6"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_6"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_7"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_7"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_7"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_7"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_7"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_8"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_8"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_8"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_8"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_8"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_9"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_9"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_9"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_9"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_9"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_10"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_10"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_10"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_10"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_10"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_11"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_11"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_11"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_11"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_11"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_12"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_12"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_12"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_12"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_12"); fputs($CSVF, "\",\""); fputs($CSVF, "$QUANTITY_13"); fputs($CSVF, "\",\""); fputs($CSVF, "R$PRICE_13"); fputs($CSVF, "\",\""); fputs($CSVF, "$ID_13"); fputs($CSVF, "\",\""); fputs($CSVF, "$NAME_13"); fputs($CSVF, "\",\""); fputs($CSVF, "$ADDTLINFO_13"); fputs($CSVF, "\",\""); fputs($CSVF, "$SUBTOTAL"); fputs($CSVF, "\",\""); fputs($CSVF, "$TOTAL"); fputs($CSVF, "\",\""); fputs($CSVF, "$SHIPPING"); fputs($CSVF, "\",\""); fputs($CSVF, "$comment"); fputs($CSVF, "\"\n"); fclose($CSVF); } //# Send email conformation to the customer..... $mailheaders = "From: $youremail\r\n"; $mailheaders .="X-Mailer: PHP Mail generated by:NOP Design Shopping Cart\r\n"; $subject = "Order Confirmation"; mail($b_email, $subject, $strMessageBody, $mailheaders); include($header); echo "<h2>Thank you</h2>"; echo "Thank you for your order from our online store. You will receive a confirmation email of your order "; echo "momentarily. Please contact us at $youremail if you have any questions or concerns."; echo "<P>"; echo "<A HREF=\"$returnpage\" target=_top>Return Home</A>"; echo "<P>"; foreach ($_POST as $field => $value) { echo "$field = $value<br>"; } include($footer); ?> Thanks Quote Link to comment Share on other sites More sharing options...
gizmola Posted August 29, 2011 Share Posted August 29, 2011 Ok, you stuck it in the right place. The problem is that this script appears to assume that the server is using an ancient/deprecated feature known as register_globals. The individual variables from the form are in the $_POST array as they are supposed to be, but nothing in the code every assigns those values to the individual variable names used later in the script. Basically what you really need to do is edit the script so that it does this: $b_first = $_POST['b_first']; You need one of these assignments for every variable that was referenced. Against my better judgement I will provide you this workaround that in essence recreates register_globals for the form data. foreach ($_POST as $key => $value) { if (!isset($$key)) { $$key = $value; } } Theoretically replacing the vardump/die with that block of code will make it work, but you could also just declare each variable, which would be more secure. I'd also recommend using htmlentities on these values to negate the effect of people trying to inject XSS code through your form. Quote Link to comment Share on other sites More sharing options...
blanne Posted August 29, 2011 Author Share Posted August 29, 2011 Hey Gizmola, thanks so much! I was earlier thinking about how the script would handle the variables, but I assumed the whole <form action="checkout.php" method="POST" name="checkout" id="checkout" onSubmit="return CheckForm(this)"> command in the checkout.html file (the form) would send all this to the script to interpret (i.e. not needing to manually define the b_first = $_POST['b_first']; etc. as there is already reference to the b_first in the actual form. Whilst I appreciate you providing a solve for me, I'm also the type of person who likes to know what was wrong. If you have the time I would appreciate an explanation as to the need to declare the variables in the php script? Can I also assume I am following your instructions correctly by defining each variable as below? $b_first = $_POST['b_first']; $b_last = $_POST['b_last']; $b_email = $_POST['b_email']; etc etc $today = date ("l, F jS Y"); $strMessageBody = ""; $strMessageBody .= "A new order has been received. A summary of this order appears below.\n"; $strMessageBody .= "\n"; $strMessageBody .= "Order Date: $today \n"; $strMessageBody .= " \n"; etc etc And the script that you kindly sent would negate the need to manually enter them all? (although I really don't mind the "long method") - but can you tell me why this is more secure? Once again thanks very much! Quote Link to comment Share on other sites More sharing options...
gizmola Posted August 29, 2011 Share Posted August 29, 2011 Back in the bad old days, you could turn register_globals on, and if it was on, when a form was posted php would take every form variable (the $_POST['somevar'] and make a variable named $somevar. This became a source of a lot of exploits since people who figured out what a script was doing could use it to inject variables into scripts by manipulating the HTTP header section. This is why the feature is deprecated. It appears this script makes that assumption. The way php makes POSTed form values available is in the $_POST superglobal array. As for the rest of your comments, yes you interpreted my response correctly. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.