Sanitize Function Stripping My Variables?

[capitalalist]

Hi Guys,

 

First off thanks in advance for taking the time to take a look at this. It's been driving me crazy 

 

What I'm trying to do here is take a hidden form value and pass it to a php script to be echo'd out into an email in the following steps.

 

Step 1. Pass the hidden field data from the link to the form page

<a href="http://www.domainname.com/guestlist/guestlisttemp.php?param1=Movida&param2=02072052245">Join The Guestlist</a>

Step 2: Receive the form data and echo into the relevant fields

<p>Testing New Guestlist Form</p>
<?php $param1 = $_GET['param1'];$param2 = $_GET['param2'];?>
<form method="post" action="http://www.domainname.com/confirmation" >
<input type="hidden" name="gl_clubname" value="<?php echo $param1;?>" /><input type="hidden" name="gl_clubnumber" value="<?php echo $param2;?>" />
<label for="gl_name" >Name<span id="required">*</span></label><br/>
<input type="text" name="gl_name" /><br/>
<label for="gl_email" >Email<span id="required">*</span></label><br/>
<input type="text" name="gl_email" /><br/>
<label for="gl_phonenumber" >Phone number<span id="required">*</span></label><br/>
<input type="text" name="gl_phonenumber" /><br/>
<label for="gl_when" >Date of attendance<span id="required">*</span></label><br/>
<input type="text" name="gl_when" /><br/>
<label for="gl_message" >Further Details</label><br/>
<textarea rows="3" name="gl_message"></textarea><br/>
<p>Are you over 18?<span id="required">*</span></p>
<div id="datebirthcustom" style="margin-top:-12px; ;">
<div id="gl_selects">
<select name="gl_day" class="guestlistselect">
<option value="day">Day:</option>
<option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option value="5">5</option><option value="6">6</option><option value="7">7</option><option value="8">8</option><option value="9">9</option><option value="10">10</option><option value="11">11</option><option value="12">12</option><option value="13">13</option><option value="14">14</option><option value="15">15</option><option value="16">16</option><option value="17">17</option><option value="18">18</option><option value="19">19</option><option value="20">20</option><option value="21">21</option><option value="22">22</option><option value="23">23</option><option value="24">24</option><option value="25">25</option><option value="26">26</option><option value="27">27</option><option value="28">28</option><option value="29">29</option><option value="30">30</option><option value="31">31</option></select>
<select name="gl_month" class="guestlistselect">
<option value="month">Month:</option>
<option value="1">January</option><option value="2">February</option><option value="3">March</option><option value="4">April</option><option value="5">May</option><option value="6">June</option><option value="7">July</option><option value="8">August</option><option value="9">September</option><option value="10">October</option><option value="11">November</option><option value="12">December</option></select>
<select name="gl_year" class="guestlistselect">
<option value="year">Year:</option>
<option value="1996">1996</option><option value="1995">1995</option><option value="1994">1994</option><option value="1993">1993</option><option value="1992">1992</option><option value="1991">1991</option><option value="1990">1990</option><option value="1989">1989</option><option value="1988">1988</option><option value="1987">1987</option><option value="1986">1986</option><option value="1985">1985</option><option value="1984">1984</option><option value="1983">1983</option><option value="1982">1982</option><option value="1981">1981</option><option value="1980">1980</option><option value="1979">1979</option><option value="1978">1978</option><option value="1977">1977</option><option value="1976">1976</option><option value="1975">1975</option><option value="1974">1974</option><option value="1973">1973</option><option value="1972">1972</option><option value="1971">1971</option><option value="1970">1970</option><option value="1969">1969</option><option value="1968">1968</option><option value="1967">1967</
option><option value="1966">1966</option><option value="1965">1965</option><option value="1964">1964</option><option value="1963">1963</option><option value="1962">1962</option><option value="1961">1961</option><option value="1960">1960</option><option value="1959">1959</option><option value="1958">1958</option><option value="1957">1957</option><option value="1956">1956</option><option value="1955">1955</option><option value="1954">1954</option><option value="1953">1953</option><option value="1952">1952</option><option value="1951">1951</option><option value="1950">1950</option><option value="1949">1949</option><option value="1948">1948</option><option value="1947">1947</option><option value="1946">1946</option><option value="1945">1945</option><option value="1944">1944</option><option value="1943">1943</option><option value="1942">1942</option><option value="1941">1941</option><option value="1940">1940</option><option value="1939">1939</option><option value="1938">1938</option><option value="1937">1937</
option><option value="1936">1936</option><option value="1935">1935</option><option value="1934">1934</option><option value="1933">1933</option><option value="1932">1932</option><option value="1931">1931</option><option value="1930">1930</option><option value="1929">1929</option><option value="1928">1928</option><option value="1927">1927</option><option value="1926">1926</option><option value="1925">1925</option><option value="1924">1924</option><option value="1923">1923</option><option value="1922">1922</option><option value="1921">1921</option><option value="1920">1920</option><option value="1919">1919</option><option value="1918">1918</option><option value="1917">1917</option><option value="1916">1916</option><option value="1915">1915</option><option value="1914">1914</option><option value="1913">1913</option><option value="1912">1912</option><option value="1911">1911</option><option value="1910">1910</option><option value="1909">1909</option><option value="1908">1908</option><option value="1907">1907</
option><option value="1906">1906</option><option value="1905">1905</option><option value="1904">1904</option><option value="1903">1903</option><option value="1902">1902</option><option value="1901">1901</option><option value="1900">1900</option></select></div></div>
<br/><input type = "submit" value = "Join The Guestlist!" class="button"/>
</form>

Step 3: Upon the loading of the 'confirmation page' run the following script

/* Load form data
======================================================================*/
$sophisticated = $_POST['gl_sophisticated'];
$name = $_POST['gl_name'];
$email = trim($_POST['gl_email']);
$mobile = $_POST['gl_number'];
$when = $_POST['gl_when'];
$message = $_POST['gl_message'];
$day = $_POST['gl_day'];
$month = $_POST['gl_month'];
$clubname = $_POST['gl_clubname'];
$clubnumber = $_POST['gl_clubnumber'];
$year = $_POST['gl_year'];
//Create Birthday in mm/dd format for mailchimp
$birthday = $month."/".$day;
//Create Birthday in dd/mm/yy output
$birthdayfull = $day."/".$month."/".$year;

/* Functions
==================================================================*/
function sanitize($var) {
    $var = stripslashes($var);
    $var = htmlentities($var);
    $var = htmlspecialchars($var);
    return $var;
}

function ParseName($name)
{
 // Calculate first/last names
 $space = strpos($name, ' ');
 if ($space !== false) {
  $firstName = substr($name, 0, $space);
  $lastName = substr($name, $space + 1);
 } else {
  $firstName = $name;
  $lastName = '';
 }
 
 return array('first' => $firstName, 'last' => $lastName);
}

The problem I'm having is that all of the variables will echo/print and display the data held within except for $clubname and $clubnumber. What am I doing wrong here. It all looks ok to me but the variables of $clubname and $clubnumber just give me zip!

 

Is it the sanitize function???? 

 

Thanks in advance for the help on this one guy!! 

[cyberRobot]

Have you done anything to see how the variables are working (or not) throughout the process? When the form loads, for example, do the hidden form fields contain a value?

[capitalalist]

Yeah, that was my first port of call. Here is the exert from source code:

<p>Testing New Guestlist Form</p>
<form method="post" action="http://www.cluboid.com/confirmation" >
<input type="hidden" name="gl_clubname" value="Movida" /><input type="hidden" name="gl_clubnumber" value="02072052245" />
<label for="gl_name" >Name<span id="required">*</span></label><br/>
<input type="text" name="gl_name" /><br/>
<label for="gl_email" >Email<span id="required">*</span></label><br/>
<input type="text" name="gl_email" /><br/>
<label for="gl_phonenumber" >Phone number<span id="required">*</span></label><br/>
<input type="text" name="gl_phonenumber" /><br/>
<label for="gl_when" >Date of attendance<span id="required">*</span></label><br/>
<input type="text" name="gl_when" /><br/>
<label for="gl_message" >Further Details</label><br/>
<textarea rows="3" name="gl_message"></textarea><br/>
<p>Are you over 18?<span id="required">*</span></p>

Notice the line 

<input type="hidden" name="gl_clubname" value="Movida" /><input type="hidden" name="gl_clubnumber" value="02072052245" />

[cyberRobot]

What about the next step? Does $clubname have a value after it's created?

 

Note that the code doesn't really show what happens to $clubname after it's initialized. Unless I'm missing something, you'll need to post more code.

[capitalalist]

Ok here is the script that runs in full. As I said the only thing that doesn't work is when I try to echo either $clubname or $clubnumber. I have replaced some of the api keys for safety and and the domain name in question. Thanks!!!

<?php
if($_POST['gl_valid'] === "guestlist") {
// Include MailChimp + Text Marketer API
require_once 'TMRestClient.php';
require_once "MCAPI.class.php";

 /* Load form data
======================================================================*/
$sophisticated = $_POST['gl_sophisticated'];
$name = $_POST['gl_name'];
$email = trim($_POST['gl_email']);
$mobile = $_POST['gl_number'];
$when = $_POST['gl_when'];
$message = $_POST['gl_message'];
$day = $_POST['gl_day'];
$month = $_POST['gl_month'];
$clubname = $_POST['gl_clubname'];
$clubnumber = $_POST['gl_clubnumber'];
$year = $_POST['gl_year'];
//Create Birthday in mm/dd format for mailchimp
$birthday = $month."/".$day;
//Create Birthday in dd/mm/yy output
$birthdayfull = $day."/".$month."/".$year;

/* Functions
==================================================================*/
function sanitize($var) {
    $var = stripslashes($var);
    $var = htmlentities($var);
    $var = htmlspecialchars($var);
    return $var;
}

function ParseName($name)
{
 // Calculate first/last names
 $space = strpos($name, ' ');
 if ($space !== false) {
  $firstName = substr($name, 0, $space);
  $lastName = substr($name, $space + 1);
 } else {
  $firstName = $name;
  $lastName = '';
 }
 
 return array('first' => $firstName, 'last' => $lastName);
}

function SubscribeToList($listId, $name, $email, $birthday, $mobile)
{
// MailChimp API Key from Account Control Panel
$apiKey = '********************************';
 $api = new MCAPI($apiKey);
 $parsedName = ParseName($name);
 
$mergeVars = array('FNAME' => $parsedName['first'], 'LNAME' => $parsedName['last'], 'BDAY' => $birthday, 'NUMBER' => $mobile);
 
 $success = $api->listSubscribe($listId, $email, $mergeVars, 'html', false);
 return $success; 
}

/* Mailchimp
 * ========================================================================
 */

// MailChimp List Id to subscribe to (leave blank for no subscription)

$listId = '***********';

//Subscribe to email list
if ($listId) {
   $success = SubscribeToList($listId, $name, $email, $birthday, $mobile);
}


/* Text Marketer
 * ===========================================================================
 */
//Send Text Message from Text Marketer
$tmClient = new TMRestClient('*******', '********', 'production'); //production
      try {
            $result = $tmClient->sendSMS("Hi five $name! Complete your guestlist by 'liking' us on Facebook > http://tinyurl.com/bl85tyg and we'll call you to confirm this shortly. www.domainname.com x", "$mobile", 'Cluboid');
      } catch (Exception $ex) {
         // echo "Error: {$ex->getCode()}, {$ex->getMessage()}";
          echo "<div id='smserror'><p>Looks like you didn't enter a vaild UK mobile number.</p>";
          echo "<p>Unfortunately we cannot send you the guestlist details without it!</p></div>";
      }
	  
//Store Phone Number at Text Marketer
$tmClient = new TMRestClient('********', '******', 'production');
      try {
          $result = $tmClient->addNumbersToGroup('Applicationscluboid', "$mobile");
      } catch (Exception $ex) {
         // echo "Error: {$ex->getCode()}, {$ex->getMessage()}";
      }
	
/* Email section
 * ============================================================================
 */


// Prepare e-mail body
$body = "Hi,

There is a new guestlist subscriber. ";
if($sophisticated == true) {
   $body .= "(High End)";
}
$body .= "
Name: $name
Birthday: $birthdayfull
Email: $email
Mobile: $mobile
When: $when
Club Choice: $clubname
Message: $message



Thanks";

// Prepare e-mail autoresponse
$autorespond = "Hi five $name!, 

Get ready to have an awesome night.

Once you've 'Liked' us on Facebook here http://www.facebook.com/pages/*********, we'll call you on our guestlist line (within office hours 12pm - 7pm) to book in your party application on the number you supplied ($mobile).

We look forward to seeing you at one of our events.

Happy partying x 

The Guestlist team,

02079230802
[email protected]
www.domainname.com
@domain
";


// Settings
$sendTo = '[email protected]';

// Send e-mail to us
$success_self = mail($sendTo, sprintf("Domain Guestlist: %s", $name), $body, sprintf("From: %s", $email));

// Send e-mail autoresponse to applicant
$success_subscriber = mail($email, sprintf("Thanks for applying %s", $name), $autorespond, sprintf("From: [email protected]"));

if($success_self && $success_subscriber) {
    echo "<h2>Hi five $name!</h2>";
    echo "<p>- $clubname $clubnumber - We will give you a quick call shortly on $mobile to confirm all of the details for what will be an amazing night. In the mean time don't forget to <a href=\"http://www.facebook.com/pages/***************\" target=\"_blank\">like us on Facebook to complete your application</a>!</p>";
	echo "<div class=\"videocontainer1\"><iframe src=\"http://player.vimeo.com/video/51554170?title=1&byline=1&portrait=1\" width=\"900\" height=\"506\" frameborder=\"0\" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe></div>";
	echo "<div class=\"blogimages\"><img src=\"http://www.cluboid.com/wp-content/themes/bigformat/images/voltparty-popup1.jpg\" width=\"157\" height=\"105\"/>";
	echo "<img src=\"http://www.cluboid.com/wp-content/themes/bigformat/images/voltparty-popup2.jpg\" width=\"157\" height=\"105\"/>";
	echo "<img src=\"http://www.domainname.com/wp-content/themes/bigformat/images/voltparty-popup3.jpg\" width=\"157\" height=\"105\"/>";
	echo "<img src=\"http://www.domainname.com/wp-content/themes/bigformat/images/voltparty-popup4.jpg\" width=\"157\" height=\"105\"/></div>";
} else {
    echo "Sorry but we seem to be haing some technical difficulties at the moment";
}

} else {
    header("location: http://www.domainname.com/confirmation/");
}  ?>

[capitalalist]

Ok so after some experimenting I've discovered that the Variables $clubname and $clubnumber are empty BEFORE the sanitize function kicks in. But why!?

[mac_gyver]

what does the following debugging line, to show all the post data, added immediately after your first <?php tag show -

echo '<pre>',print_r($_POST,true),'</pre>';