Jump to content

form still sends after failing validation

mdez13

By mdez13
in PHP Coding Help

 Share

Recommended Posts

mdez13 Newbie

mdez13

Posted
Posted

this is a form im using. i added in the drop down department and that's where i started running in to trouble since im not so great with php. if i don't choose a department the message returns 'message sent' & 'invalid department'. the form doesn't reset itself after sending also. can anybody help me out?

 

:shrug:

 

<?php 
session_start();

$errors = '';
$name = '';
$visitor_email = '';
$visitor_telephone = '';
$visitor_subject = '';
$visitor_hear = '';
$user_message = '';
$your_email = '';
$department = '';

$contactAry = array(
    'Sales' => '[email protected]',
    'Advertising' => '[email protected]',
);    

if(isset($_POST['submit']))
{	
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$visitor_telephone = $_POST['telephone'];
$visitor_subject = $_POST['subject'];
$visitor_hear = $_POST['hear'];
$user_message = $_POST['message'];
$your_email = $_POST['department'];

///------------Do Validations-------------
if(!array_key_exists($_POST['department'], $contactAry))
{
$invaliddept = '';
$invaliddept .= "<p class='fail' align='center'>Invalid department</p>";
}
else
{
    $your_email = $contactAry[$_POST['department']];
}

if(empty($name)||empty($visitor_email))
{
	$errors .= "\n<p class='captcha-miss' align='center'>Please Fill out Required Fields.</p>";	
}
if(IsInjected($visitor_email))
{
	$errors .= "\n Bad email entry!";
}
if(empty($_SESSION['6_letters_code'] ) ||
  strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
{
//Note: the captcha code is compared case insensitively.
//if you want case sensitive match, update the check above to
// strcmp()
	$errors .= "\n <p class='captcha-miss' align='center'>The captcha code does not match!</p>";
}

if(empty($errors))
{
	//send the email
	$to = $your_email;
	$subject="Form Submission From Contact Page";
	$from = $your_email;
	$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';

	$body = "$name submitted the contact form for $department:\n".
	"Name: $name\n".
	"Email: $visitor_email \n".
	"Telephone: $visitor_telephone \n\n".
	"How did you hear about us? $visitor_hear \n\n".
	"Subject: $visitor_subject \n\n".
	"Message: \n ".
	"$user_message\n".
	"IP: $ip\n";	

	$headers = "From: $from \r\n";
	$headers .= "Reply-To: $visitor_email \r\n";

	mail($to, $subject, $body,$headers);

	$success = '';
	$success .= "<p class='success' align='center'>Your message sent!</p>";
}
}

// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
?>

 

<?php echo $success; ?>
<?php echo $invaliddept; ?>
<?php
if(!empty($errors)){
echo "<p class='err'>".nl2br($errors)."</p>";
}
?>
<div id='contact_form_errorloc' class='err'></div>
<form method="POST" name="contact_form" 
action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
<p>
<label for='department'><strong>Department</strong></label><br>
<select name="department" id="department">
<option>Select Department...</option>
<?php 
foreach($contactAry as $department => $your_email)
{
    echo "<option value='$department'>$department</option>\n";
}
?>
</select>
</p>
<p>
<label for='name'><strong>Name</strong></label><br>
<input type="text" name="name" value='<?php echo htmlentities($name) ?>' class="contact_input shadow">
</p>
<p>
<label for='email'><strong>Email</strong></label><br>
<input type="text" name="email" value='<?php echo htmlentities($visitor_email) ?>' class="contact_input shadow">
</p>
<p>
<label for='telephone'><strong>Telephone</strong></label><br>
<input type="text" name="telephone" value='<?php echo htmlentities($visitor_telephone) ?>' class="contact_input shadow">
</p>
<p>
<label for='hear'><strong>How did you hear about us?</strong></label><br>
<input type="text" name="hear" value='<?php echo htmlentities($visitor_hear) ?>' class="contact_input shadow">
</p>
<p>
<label for='subject'><strong>Subject</strong></label><br>
<input type="text" name="subject" value='<?php echo htmlentities($visitor_subject) ?>' class="contact_input shadow">
</p>
<p>
<label for='message'><strong>Message</strong></label> <br>
<textarea name="message" rows=8 cols=35 style="border:none;width:310px;" class="shadow"><?php echo htmlentities($user_message) ?></textarea>
</p>
<p>
<img src="script/captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ><br />
<label for='message'>Enter the code above here:</label><br>
<input id="6_letters_code" name="6_letters_code" type="text" style="border:none;" class="shadow"><br />
<small>Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh</small>
</p>
<input type="submit" value="Submit" name='submit' class="rapidcharge-contact-btn">
</form>
<script>
var frmvalidator  = new Validator("contact_form");
//remove the following two lines if you like error message box popups
frmvalidator.EnableOnPageErrorDisplaySingleBox();
frmvalidator.EnableMsgsTogether();

frmvalidator.addValidation("department","req","You forgot to choose a department!");
frmvalidator.addValidation("name","req","You forgot to enter your name!"); 
frmvalidator.addValidation("email","req","You forgot to enter your email!"); 
frmvalidator.addValidation("subject","req","You forgot to enter a subject!"); 
frmvalidator.addValidation("hear","req","How did you hear about us?");
frmvalidator.addValidation("message","req","No message? hrmph!"); 
</script>
<script>
function refreshCaptcha()
{
var img = document.images['captchaimg'];
img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>

PeoMachine Newbie

PeoMachine

Posted
Posted

You talking about the PHP validation, right?

 

If yes, when your department is not valid, you didnt use the errors variable. So, even you have and invalid department you will send, because the sending is been wrapper by a if testing just the error variable.

SalientAnimal Regular Member

SalientAnimal

Posted
Posted

Are you validating that the field has actually been filled in?

 

I'm not the best at PHP myself, but if this is what you are trying to do I have found that it is easier to do a validation using javascript.

 

 

Here is a sample of the javascript validation:

function validateForm(formnamehere)
{
if(document.formnamehere.fieldnamehere.value)
{
alert("This is the alert message that will pop-up for an incomplete field.");
document.formnamehere.fieldnamehere.focus();
return false;
}

 

 

The validation is then performed when clicking on submit using the following:

<form id="formnamehere" name="formnamehere" method="post" action="" onSubmit="return validateForm(formnamehere);">

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

Javascript is not, and can not be relied upon as validation. It's merely a convenience (or inconvenience when poorly implemented) to the user. All validation must still be done server-side.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.