Jump to content

Help with Contact Form security question choices


Chrisj
 Share

Recommended Posts

I realize this is old code (that I didn't write) but works well for a temporary 'under construction' page.
After filling in the simple Form fields the simple Security question is presented : Is fire Hot or Cold?
When I enter text into the answer field it works successfully, except, of course on a mobile device. In order for it to work on a mobile device, I believe I need to present a choice, rather than entering text - correct?
So, I'm looking for a possible simple tweak on this code, so that it will work for a mobile device, please. I don't really want to re-write all of it, and I know it's not super-secure, but it will do for now.
 
Here's the last part of the Form:
 
<div>
<p>Security Question:<br> Is Fire Hot Or Cold?:
<input type="text" name="ans"/></p><br>
<p><input class="btn btn-action" type='submit' value="Send message"></p>
</div>
</form>
And
 

<?php
// create an empty error array to hold any error messages\
$error = array();
$mailto     = 'someone@somewhere.com';
$mailsubj   = "ContactForm Submission";
$mailhead   = "From:SomehereForm\n";
$mailbody   = "--- Contact form results ---\n";
foreach($_REQUEST as $key => $value)
{
if($key != 'PHPSESSID')
{
$mailbody .= $key.": ".$value."\n";
}
}
if(isset($_POST['ans']) && $_POST['ans']!='hot')
{
// add error to error array
$error[] = header('Location: ww.somesite.com/WrongAnswer.html');
exit;
}
// if no errors are set, continue
if(empty($error))
{
header('Location: ww.somesite.com/ThankYou.html');
exit;
}
?>

Is it possible to add something like:

<option value="ans">hot</option>
<option value="">cold</option>

and then change this somehow:

$error['anything other than hot'] = header('Location: ww.somesite.com/WrongAnswer.html');
exit;

Any tweak help will be appreciated.

Edited by Chrisj
Link to comment
Share on other sites

Thanks so much for your reply.

Yes, I have this input field:

<input type="text" name="ans"/>

which works successfully from my windows desktop. After entering 'hot' and select 'Send Message' I am successfully directed to the page(I've changed the url for this posting) listed here"

// if no errors are set, continue
if(empty($error))
{
header('Location: ww.somesite.com/ThankYou.html');
exit;
}

And also, from my desktop if I enter anything other than 'hot', and select 'Send Message', I'm successfully directed to the page listed here:

$error[] = header('Location: ww.somesite.com/WrongAnswer.html');
exit;

But from my iPhone when I enter 'hot' (or anything else) and select either 'Send Message", Done(on the phone) and then 'Send Message', or 'Go'(on the phone), no matter what, I'm directed to this page:

ww.somesite.com/WrongAnswer.html

So, if it's true that "Entering text on a mobile is no different than a fixed desktop", than obviously and not surprisingly, my code needs some type of correction/modification.

 

Any ideas/suggestions will be appreciated.

Much thanks again

Link to comment
Share on other sites

Thanks for your replies.

 

Regarding "show us the code", I have showed the php in the intial posting, and here is the Form:

<form action='../ContactForm.php' method='post' name='myform' onSubmit="return checkemail()">
<div class="row">
<div class="col-sm-4">
<input class="form-control" type="text" name='contact_name' placeholder="Name">
</div>
<div class="col-sm-4">
<input class="form-control" type="text" name='email_address' placeholder="Email">
</div>
</div>
<br>
<div class="row">
<div class="col-sm-12">
<textarea name='Description' placeholder="Type your message here..." class="form-control" rows="9"></textarea>
</div>
</div>
<div class="row">
<div class="col-sm-4">
<p style="color:grey; font-size:15px;"><b>Security Question:<br> Is Fire Hot Or Cold?:</p>
<input type="text" name="ans"/><br>
<div>
<div class="row">
<div class="col-sm-4">
<input class="btn btn-action" type='submit' value="Send message">
</div>
</div>
</div>
</form>

Regarding "Can you assign a header call to a variable?", I'm not clear on that. Is my url(s) the variable?

Any clarification, and/or code tweak suggestion will be greatly appreciated.

Edited by Chrisj
Link to comment
Share on other sites

As we said earlier you cannot assign a header to a var. The header transfers control to another script so what's the point of the assignment to the variable in the current script?

 

I still don't see how you can distinguish where the form comes from and get a different result from this code. Could it have something to do with the JS you are executing upon submit?

Edited by ginerjm
Link to comment
Share on other sites

Phones typically auto-capitalize the first letter of text you enter into a field. That may be what is causing your problem. Comparisons in PHP are case sensitive, 'Hot' is not the same as 'hot'.

 

You could use strtolower to force the value entered to lowercase prior to your comparison to resolve the issue. If that doesn't fix things then var_dump the value and test each device to compare the results.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.