Jump to content

Slow/Delayed Submit


SalientAnimal

Recommended Posts

Ok I will have to give you two sets of code, as this is happening, both with the original submit of the form, as well as with the udpate of the form:

 

This is my submit code/script

 

<?php
$con = mysql_connect("localhost","root","MYPASSWORD");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }


if
	(
	$_POST['owner'] == "User1"
	)
{
$to = "[email protected],[email protected],$_POST[email]";
$subject = "New Request - Reference Number $_POST[reference]_$_POST[request_type]";
$message = "

Hi $_POST[owner]

A new $_POST[request_type] request has been logged to your name.
Please log onto the drc portal via the link http://10.249.135.30 and action the request accordingly.
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.

Request Details: $_POST[request_details]
";
}


else if
	(
	$_POST['owner'] == "User2"
	)
{
$to = "[email protected],[email protected],$_POST[email]";
$subject = "New Request - Reference Number $_POST[reference]_$_POST[request_type]";
$message = "

Hi $_POST[owner]

A new $_POST[request_type] request has been logged to your name.
Please log onto the drc portal via the link http://10.249.135.30 and action the request accordingly.
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.

Request Details: $_POST[request_details]
";
}


else if
	(
	$_POST['owner'] == "User3"
	)
{
$to = "[email protected],[email protected],$_POST[email]";
$subject = "New Request - Reference Number $_POST[reference]_$_POST[request_type]";
$message = "

Hi $_POST[owner]

A new $_POST[request_type] request has been logged to your name.
Please log onto the drc portal via the link http://10.249.135.30 and action the request accordingly.
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.

Request Details: $_POST[request_details]
";
}
  
  
else if
	(
	$_POST['owner'] == "User4"
	)
{
$to = "[email protected],[email protected],$_POST[email]";
$subject = "New Request - Reference Number $_POST[reference]_$_POST[request_type]";
$message = "

Hi $_POST[owner]

A new $_POST[request_type] request has been logged to your name.
Please log onto the drc portal via the link http://10.249.135.30 and action the request accordingly.
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.

Request Details: $_POST[request_details]
";
}


else if
	(
	$_POST['owner'] == "User5"
	)
{
$to = "[email protected],[email protected],$_POST[email]";
$subject = "New Request - Reference Number $_POST[reference]_$_POST[request_type]";
$message = "

Hi $_POST[owner]

A new $_POST[request_type] request has been logged to your name.
Please log onto the drc portal via the link http://10.249.135.30 and action the request accordingly.
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.

Request Details: $_POST[request_details]
";
}


else if
	(
	$_POST['owner'] == "User6"
	)
{
$to = "[email protected],[email protected],$_POST[email]";
$subject = "New Request - Reference Number $_POST[reference]_$_POST[request_type]";
$message = "

Hi $_POST[owner]

A new $_POST[request_type] request has been logged to your name.
Please log onto the drc portal via the link http://10.249.135.30 and action the request accordingly.
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.

Request Details: $_POST[request_details]
";
} 


mail($to, $subject, $message);
mysql_select_db("drc", $con);



$sql="INSERT INTO drc_portal
(username
, email
, reference
, owner
, request_type
, request_details
, status
)

VALUES
('$_POST[username]'
,'$_POST[email]'
,'$_POST[reference]_$_POST[request_type]'
,'$_POST[owner]'
,'$_POST[request_type]'
,'$_POST[request_details]'
,'Open'
)";


if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }


  
  	
else
{
echo "<b><font color='white' face='segoe' size='2'>Your reference number is: $_POST[reference]_$_POST[request_type]. Please record this number for future reference.</b>";
include "redirect_drc_portal.html";
}
mysql_close($con)

?> 

 

 

This is my update code/script

 

<?php
session_start();
$conn = @mysql_connect("localhost","root","MYPASSWORD") or exit("Could not establish a connection to MySQL Server. mysql_error()");
$select = @mysql_select_db("mydatabase1",$conn) or exit("Could not select the appropriate database for this operation. mysql_error()");

if(isset($_COOKIE['ID_my_site']))
{
    $username = $_COOKIE['ID_my_site'];
    $name = $_COOKIE['ID_my_name'];	
    $pass = $_COOKIE['Key_my_site'];
    $check = @mysql_query("SELECT * FROM userinfo WHERE username='$username'") or die("Failed to execute SQL Statement.");
    while($info = mysql_fetch_array($check))
    {
        if($pass != $info['password'])
        {
            header("Location: login.php");
        }
        else{

	}
}
}
?>

<?php
$con = mysql_connect("localhost","root","MYPASSWORD");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

  
if
	(
	$_POST['ud_owner'] == "User1"
	)
{
$to = "[email protected],[email protected],$_POST[ud_email]";
$subject = "Reference Number $_POST[ud_reference]";
$message = "

Hi $_POST[ud_owner]

Reference Number $_POST[ud_reference] has been $_POST[ud_reason]. 
Please log onto the drc portal via the link http://10.249.135.30 to ensure that all information has been updated correctly.
The request status is: $_POST[ud_status]
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.
";
}
  
  
else if
	(
	$_POST['ud_owner'] == "User2"
	)
{
$to = "[email protected],[email protected],$_POST[ud_email]";
$subject = "Reference Number $_POST[ud_reference]";
$message = "

Hi $_POST[ud_owner]

Reference Number $_POST[ud_reference] has been $_POST[ud_reason]. 
Please log onto the drc portal via the link http://10.249.135.30 to ensure that all information has been updated correctly.
The request status is: $_POST[ud_status]
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.
";
}
  
  
else if
	(
	$_POST['ud_owner'] == "User3"
	)
{
$to = "[email protected],[email protected],$_POST[ud_email]";
$subject = "Reference Number $_POST[ud_reference]";
$message = "

Hi $_POST[ud_owner]

Reference Number $_POST[ud_reference] has been $_POST[ud_reason]. 
Please log onto the drc portal via the link http://10.249.135.30 to ensure that all information has been updated correctly.
The request status is: $_POST[ud_status]
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.
";
}  
  
  
else if
	(
	$_POST['ud_owner'] == "User4"
	)
{
$to = "[email protected],[email protected],$_POST[ud_email]";
$subject = "Reference Number $_POST[ud_reference]";
$message = "

Hi $_POST[ud_owner]

Reference Number $_POST[ud_reference] has been $_POST[ud_reason]. 
Please log onto the drc portal via the link http://10.249.135.30 to ensure that all information has been updated correctly.
The request status is: $_POST[ud_status]
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.
";
}
  
  
else if
	(
	$_POST['ud_owner'] == "User5"
	)
{
$to = "[email protected],[email protected],$_POST[ud_email]";
$subject = "Reference Number $_POST[ud_reference]";
$message = "

Hi $_POST[ud_owner]

Reference Number $_POST[ud_reference] has been $_POST[ud_reason]. 
Please log onto the drc portal via the link http://10.249.135.30 to ensure that all information has been updated correctly.
The request status is: $_POST[ud_status]
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.
";
}
  

else if
	(
	$_POST['ud_owner'] == "User6"
	)
{
$to = "[email protected],[email protected],$_POST[ud_email]";
$subject = "Reference Number $_POST[ud_reference]";
$message = "

Hi $_POST[ud_owner]

Reference Number $_POST[ud_reference] has been $_POST[ud_reason]. 
Please log onto the drc portal via the link http://10.249.135.30 to ensure that all information has been updated correctly.
The request status is: $_POST[ud_status]
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.
";
}


mail($to, $subject, $message);
mysql_select_db("drc", $con);

?>




<?php
$ud_reference=$_POST['ud_reference'];
$ud_sys_date=$_POST['ud_sys_date'];
$ud_owner=$_POST['ud_owner'];
$ud_username2=$_POST['ud_username2'];
$ud_request_type=$_POST['ud_request_type'];
$ud_request_details=$_POST['ud_request_details'];
$ud_status=$_POST['ud_status'];
$ud_reason=$_POST['ud_reason'];


if ($ud_reference == "") echo "! No identifier retrieved";
else
echo "<p>Updating record: $ud_reference";

//clean up any carriage returns etc
$ud_reference = preg_replace("/[\n\r]*/","",$ud_reference);
$ud_sys_date = preg_replace("/[\n\r]*/","",$ud_sys_date);
$ud_owner = preg_replace("/[\n\r]*/","",$ud_owner);
$ud_username2 = preg_replace("/[\n\r]*/","",$ud_username2);
$ud_request_type = preg_replace("/[\n\r]*/","",$ud_request_type);
$ud_request_details = preg_replace("/[\n\r]*/","",$ud_request_details);
$ud_status = preg_replace("/[\n\r]*/","",$ud_status);
$ud_reason = preg_replace("/[\n\r]*/","",$ud_reason);





$host = "localhost";
$login_name = "root";
$password = "MYPASSWORD";


$link = mysql_connect("$host","$login_name","$password"); 

if (!$link) {
    die('Not connected : ' . mysql_error());
}

$db_selected = mysql_select_db('drc', $link);
if (!$db_selected) 
{
    die ('Can\'t use drc: ' . mysql_error());
}


$query = "UPDATE drc_portal
SET
sys_date='$ud_sys_date'
, date_modified = NOW()
, username2='$ud_username2'
, owner='$ud_owner'
, request_type='$ud_request_type'
, request_details='$ud_request_details'
, status='$ud_status'
WHERE reference='$ud_reference'";




mysql_query($query) or die('mysql error ' . mysql_error() . ' in query : ' . $query);


echo "<BR>Record ⇒ $ud_reference sucessfuly updated<BR><BR>";
//echo $query;
include "update_drc_portal.html";


?>

Link to comment
https://forums.phpfreaks.com/topic/266444-slowdelayed-submit/#findComment-1365390
Share on other sites

First off: Was there any reason why you decided to duplicate the entire mail generation bit, when only the username in the IF-tests themselves changed?

 

That said, I've modified your code a bit, to give you some hints on what you should have done. There's also a few comments in there, to explain what I've done, and why. As well as a few comments stating what you need to do, to make this script safe® from attacks.

<?php
$con = mysql_connect ("localhost", "root", "MYPASSWORD");
if (!$con) {
// mysql_error () should be removed before pushed to production, for security concerns.
die ('Could not connect: ' . mysql_error ());
}

// Set up an array of valid users, and check if selected username is valid.
$validUsers = array ('User1' => true, 'User2' => true, 'User3' => true, 'User4' => true, 'User5' => true, 'User6' => true);
if (!isset ($validUsers[$_POST['owner']])) {
die ("No valid user selected.");
}

// Always validate input before using it in your script.
$reference = val_ref ($_POST['reference']);
$reqType = val_req ($_POST['request_type']);
if (!filter_var ($_POST['email'], FILTER_VALIDATE_EMAIL)) {
die ("Invalid e-mail address!");
}

// Never use user-generated data directly like this, it's just begging to be attacked.
// Validate and escape output!
$to = "[email protected],[email protected],$_POST[email]";
$subject = "New Request - Reference Number $_POST[reference]_$_POST[request_type]";
$message = "

Hi $_POST[owner]

A new $_POST[request_type] request has been logged to your name.
Please log onto the drc portal via the link http://10.249.135.30 and action the request accordingly.
If this request was logged to the incorrect owner, please reassign it to the correct owner and advise all the parties concerned that you have done so.

Request Details: $_POST[request_details]
";

mail ($to, $subject, $message);
mysql_select_db ("drc", $con);

// Escape output! Read up on prepared statements or "mysql_real_escape_string ()"
$sql = "INSERT INTO drc_portal
(username
, email
, reference
, owner
, request_type
, request_details
, status
)

VALUES
('$_POST[username]'
,'$_POST[email]'
,'$_POST[reference]_$_POST[request_type]'
,'$_POST[owner]'
,'$_POST[request_type]'
,'$_POST[request_details]'
,'Open'
)";

if (!mysql_query ($sql, $con)) {
die ('Error: ' . mysql_error ());
} 

// No need for the else, as PHP stops parsing on the "die ()" above.

// Escape output! "htmlspecialchars ()" in this case.
echo "<b><font color='white' face='segoe' size='2'>Your reference number is: $_POST[reference]_$_POST[request_type]. Please record this number for future reference.</b>";
include "redirect_drc_portal.html";

// No need to close the MySQL connection, PHP does that automatically.

 

I suggest you fix that, plus do the same changes to the update script. Then, if you still have the problem, re-post the newly updated code so that we can look at it.

 

PS: Always remember to kill a script (with die ()) after a header ('Location: ') call. Otherwise PHP will continue to parse the script, possibly causing huge issues and/or bypassing security measures.

Link to comment
https://forums.phpfreaks.com/topic/266444-slowdelayed-submit/#findComment-1365397
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.