beanman1 Posted November 2, 2017 Share Posted November 2, 2017 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Dice Handler</title> </head> <body> <?php // Functions ------------------------------------------ function rollDice($dice) { $faceArray = array(); for($i = 0; $i < $dice; $i++) { $face = rand(1, 10); $faceArray[$i] = $face; } return $faceArray; } ; function is_valid_email($email) { return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email); } function contains_bad_str($str_to_test) { $bad_strings = array( "content-type:", "mime-version:", "multipart/mixed", "Content-Transfer-Encoding:", "bcc:", "cc:", "to:" ); foreach($bad_strings as $bad_string) { if(eregi($bad_string, strtolower($str_to_test))) { echo "$bad_string found. Suspected injection attempt - mail not being sent."; exit; } } } function contains_newlines($str_to_test) { if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) { echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent."; exit; } } // Code ------------------------------------------- $name = $_POST['requiredname']; $dice = $_POST['requireddice']; $description = $_POST['requireddescription']; $email = $_POST['requiredemail']; if(!is_valid_email($email)) { echo 'Invalid email submitted - mail not being sent.'; exit; } contains_bad_str($email); contains_bad_str($description); contains_newlines($email); contains_newlines($description); $faces = rollDice($dice); for($i = 0; $i < (count($faces) - 1); $i++) { $results = $results . $faces[$i] . ", "; } $results = $results . $faces[$i] . ", "; echo ($results); function redirect($url) { header('Location: http://www.nybn.org/diceform.php ' . $url, true); die(); } // email results // $to = 'dicerolls@nybn.org' . ','; $to .= $email; $subject = "Dice roll for $name"; $message = "$name rolled a $results for $description"; $headers = "From: " . $from . "\r\n" . "Reply-To: " . $from . "\r\n" . "X-Mailer: PHP/" . phpversion(); $headers .= 'From: NYbN Dice Roller <dicerolls@nybn.org>' . "\r\n"; mail($to, $subject, $message, $headers); ?> </body> </html> Above is the code as it stands. For whatever reason when you go to http://www.nybn.org/diceform.php and try to roll the dice, you get a blank page. Could someone please tell me where my code's wrong and possibly suggest corrections? Thank you in advance! Link to comment Share on other sites More sharing options...
ginerjm Posted November 2, 2017 Share Posted November 2, 2017 Have you turned on php error checking to see if that gives you a clue? PS - good style would have the php at the top of your scripts with the html at the end and all of the functions near the bottom of the php code so that one can easily read the code and follow it. Link to comment Share on other sites More sharing options...
kicken Posted November 2, 2017 Share Posted November 2, 2017 if(eregi($bad_string, strtolower($str_to_test))) { echo "$bad_string found. Suspected injection attempt - mail not being sent."; exit; } From the manual page for eregi: Warning This function was DEPRECATED in PHP 5.3.0, and REMOVED in PHP 7.0.0. Alternatives to this function include: preg_match() (with the i (PCRE_CASELESS) modifier) You need to update your code to the alternative. Or preferably, use a library for your mailing needs such as PHPMailer or SwiftMailer which will properly handle this task. Link to comment Share on other sites More sharing options...
beanman1 Posted November 2, 2017 Author Share Posted November 2, 2017 Wow..... replaced the eregi with preg_match and it worked like a charm. THANK YOU!!! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.