Jump to content

Old site, old code, need help


Davsas

Recommended Posts

Hi Guys,

 

new to php and taken on the on the challenge of a web site written years ago, using old code. Various parts are failing but the main issue is the join form. I have gone over and over it but I cannot find the issue. I’ve asked else where but just been told to post the error. The only error I get is that the fields are not filled in, when they are. If I post code ( if it allows ) can someone please help me?

Link to comment
Share on other sites

It won’t let me post any more on that page, says I’ve posted Max for today ! I’m struggling to copy and paste code as on iPad and keeps crashing as too big, so screen shots are best I can do.

 

where will I get error message from?

Edited by Davsas
Link to comment
Share on other sites

And what happens if you try editing your posts? At least you can see that posting screenshots is nearly unusable for any development tasks like debugging.

You already said you get an error message: "fields are not filled in", so search for it in your files to get the related code part.

Link to comment
Share on other sites

Ok, through trial and error I think it’s the Ajax file that’s failing. Leave the form black, it lists the missing fields, as it should. Fill in every one, it says fields missing!

 

<?php $bypassSecCheck = true;

require_once("/home/webcadet/public_html/mywcc/*************");

require_once("/home/webcadet/public_html/mywcc/Connections/recaptchalib.php");

function addNewMember($NameLast, $NameFirst, $EMail, $EMail2, $DOB, $Gender, $Referer1, $Country, $Province, $City, $ICQ, $MSN, $YAHOO, $AIM, $AOL, $AboutSelf, $WhyJoined, $ValidationCode, $Password, $Status, $rank, $class, $force, $platoon, $section) {

global $link, $userDate; $GLOBALS['dbMYWCC']->connect();

$data = array();

$data['NameLast'] = $NameLast;

$data['NameFirst'] = $NameFirst;

$data['Status'] = $Status;

$data['Rank'] = $rank;

$data['Class'] = $class;

$data['Force'] = $force;

$data['EMail'] = $EMail;

$data['EMail2'] = $EMail2;

$data['Password'] = $Password;

$data['DateJoined'] = $userDate->currentGMT("string");

$data['MSN'] = $MSN;

$data['ICQ'] = $ICQ;

$data['AOL'] = $AOL;

$data['Yahoo'] = $YAHOO;

$data['WhyJoined'] = $WhyJoined;

$data['AboutSelf'] = $AboutSelf;

$data['Referer'] = $Referer1;

$data['Country'] = $Country;

$data['Province'] = $Province;

$data['City'] = $City;

$data['DOB'] = $DOB;

$data['Gender'] = $Gender;

$data['EMailValidationCode'] = $ValidationCode;

$data['EMailValidated'] = '0';

$data['MemberType'] = 'Regular';

$data['Platoon'] = $platoon;

$data['Section'] = $section;

$data['LeavingPageWarningShow'] = '1';

$data['LeavingPageWarningDate'] = strtotime(gmdate("Y-m-d H:i:s"));

$Result1 = $GLOBALS['dbMYWCC']->insert_array('wcc_admin', $data);

if ($Result1 > 0) { return true; }else { return false; } return($Result1);

}

if (isset($_POST))

{ $requiredFields = array();

$requiredFields['0'] = "NameLast";

$requiredFields['1'] = "NameFirst";

$requiredFields['2'] = "EMail";

$requiredFields['3'] = "EMail2";

$requiredFields['4'] = "Country";

$requiredFields['5'] = "Force";

$requiredFieldsNames = array();

$requiredFieldsNames['0'] = "NameLast";

$requiredFieldsNames['1'] = "NameFirst";

$requiredFieldsNames['2'] = "EMail";

$requiredFieldsNames['3'] = "EMail2";

$requiredFieldsNames['4'] = "Country";

$requiredFieldsNames['5'] = "Force";

$foundD = array();

$foundD['0'] = "missing";

$foundD['1'] = "missing";

$foundD['2'] = "missing";

$foundD['3'] = "missing";

$foundD['4'] = "missing";

$foundD['5'] = "missing";

$i = 0; $runRestofForm = true; $temp = ""; echo "Check Required Fields"; while ($i < count($requiredFields)) { if (is_null($_POST[$requiredFields[$i]]) || $_POST[$requiredFields[$i]] == "") { $runRestofForm = false; $foundD[$i] = "missing"; }else { $foundD[$i] = "found"; } $i++; } if ($runRestofForm == false) { echo "<font color='red'><strong>The Following Fields are Missing: ";

echo "<br />"; foreach ($foundD as $key => $val) { if ($val == "missing") { echo " => " . $requiredFieldsNames[$key] . "<br />"; } } echo "</strong></font>"; }

else { //Run Captcha Check //Captcha Check $publickey = "6Le29AQAAAAAACRNYqNRRZIZSUlv19J2zHx3eJVP"; // you got this from the signup page $privatekey = "6Le29AQAAAAAAB9Yf3Pj2dzN3e8_j8NVjTs1k612"; //$resp = recaptcha_check_answer ($privatekey, //$_SERVER["REMOTE_ADDR"], //$_POST["recaptcha_challenge_field"], //$_POST["recaptcha_response_field"]); $secretKey = "6LfgeAcUAAAAAIwFHVsuxDTOetivOqq4Rn7wIhdd"; $ip = $_SERVER['REMOTE_ADDR']; $captcha=$_POST['g-recaptcha-response']; $resp=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip); $responseKeys = json_decode($resp,true); if ($responseKeys["success"] !== true) { echo "<font color='red'>Incorrect RE-CAPTCHA. Please Try Again." . $responseKeys['error-codes'][0] . "</font>"; }else { if ($_POST['Force'] == "Air Force") { $rank = "NE(WCCAF)"; $force = "WCC"; }else if ($_POST['Force'] == "Army") { $rank = "NE(WCCA)"; $force = "WCC"; }else if ($_POST['Force'] == "Coast Guard") { $rank = "NE(WCCCG)"; $force = "WCC"; }else if ($_POST['Force'] == "Marines") { $rank = "NE(WCCM)"; $force = "WCC"; }else if ($_POST['Force'] == "Navy") { $rank = "NE(WCCN)"; $force = "WCC"; }else if ($_POST['Force'] == "Space") { $rank = "NE(WCCS)"; $force = "WCC"; } $password = password_hash($_POST['Password']); $GLOBALS['dbMYWCC']->connect(); $select2 = "SELECT * FROM wcc_misc_config WHERE `unit`='".$force."' AND `configname`='join_form_platoon'"; $r2 = $GLOBALS['dbMYWCC']->select($select2); while ($row_Jobs=$GLOBALS['dbMYWCC']->get_row($r2, 'MYSQL_ASSOC')) { $platoon = $row_Jobs['field1']; $section = $row_Jobs['field2']; } $result = addNewMember($_POST['NameLast'], $_POST['NameFirst'], $_POST['EMail'], $_POST['EMail2'], $_POST['DOB'], $_POST['Gender'], $_POST['Referer1'], $_POST['Country'], $_POST['Province'], $_POST['City'], $_POST['ICQ'], $_POST['MSN'], $_POST['YAHOO'], $_POST['AIM'], $_POST['AOL'], mysql_escape_string($_POST['AboutSelf']), mysql_escape_string($_POST['WhyJoined']), $_POST['ValidationCode'], $password, $_POST['Status'], $rank, $_POST['Class'], $force, $platoon, $section); if ($result > 0 || $result == true) { require('/home/webcadet/public_html/mywcc/mail/mail_newjoinform.php'); require('/home/webcadet/public_html/mywcc/mail/mail_joinform_notification.php'); $memberr = new Member($_POST['EMail']); $memberID = $memberr->ID; $memberr->addToOldPasswords ($password); $memberr->addEMailValidation($memberID, $_POST['EMail'], $_POST['Password'], $_POST['ValidationCode']); ?> <script lang="en" language="javascript" type="text/javascript"> document.getElementById('form_join_new').style.display = 'none'; </script> <div align='center'> <strong> <font size='2'> You're application has been submitted successfully! Welcome to the Web Cadet Corps, you will be receiving a confirmation e-mail shortly with a link to verify your e-mail. You will also receive instructions on beginning your recruit training. </font> </strong> </div> <?php } } } }else { echo "ERROR No Submission found"; } ?>

Edited by Davsas
Link to comment
Share on other sites

just follow up the code:

as this

The Following Fields are Missing

is caused by tis

$runRestofForm == false

this assignment must hit

$runRestofForm = false

because of this condition

if (is_null($_POST[$requiredFields[$i]]) || $_POST[$requiredFields[$i]] == "")

so you can have a look at

var_dump($_POST);

and see what is missing.

Link to comment
Share on other sites

2 hours ago, Davsas said:

Fill in every one, it says fields missing!

it would be helpful if you posted exactly what output you get in this case.

next, there's two immediate problems in the posted code -

1) if (isset($_POST)) { --- post is always set, so, all the form processing code runs every time it gets requested. if that code gets requested without any post data, it will list all the 'required' form fields as being missing. that line of code should be using if (!empty($_POST)) {

2. mysql_escape_string($_POST['AboutSelf']),  mysql_escape_string($_POST['WhyJoined']) --- since the mysql_ extension has been removed from php, either you will be getting a fatal runtime error and execution will halt, or you are still running this on a php5 version and when it gets used under php7 it will produce a fatal runtime error and halt execution. so, two problems, the mysql_escape_string() calls must be removed, and the code must do something for all the external/unknown data to protect against sql injection.

lastly, there's several implementation problems in the code, resulting in a large amount of unnecessary variables and logic, and without knowing what the database layer is doing, it is likely open to sql injection. just getting this code to 'function' my leave you with a site that will end up getting taken over and used for phishing sites, sending spam, ... code/queries must be secured against sql injection, email header injection, and cross site scripting.

Link to comment
Share on other sites

* Which element of the Corps would you like to apply to?

WCC NavyWCC ArmyWCC Air ForceWCC MarinesWCC Coast GuardWCC Space

By pressing the Apply for WCC Basic Training button you hereby agree that all work done by you on behalf of the WCC becomes the property of the Web Cadet Corps including all copyright. You also agree that all information provided by yourself and sent in any email or form can be stored on the WCC server. This information will be kept secure and not given to anyone outside of the WCC. 

For Security reason's your IP Address has been logged:  


 

Check Required Fields

 

Wont let me upload another image, but in red is the message when ALL fields are filled in

Link to comment
Share on other sites

2 minutes ago, Davsas said:

Check Required Fields

 

Wont let me upload another image, but in red is the message when ALL fields are filled in

yes, but that's the message you or someone else is unconditionally echoing inside the form processing code. it means that the form processing code executed.

echo "Check Required Fields";

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.