Davsas Posted July 23, 2019 Share Posted July 23, 2019 Hi Guys, new to php and taken on the on the challenge of a web site written years ago, using old code. Various parts are failing but the main issue is the join form. I have gone over and over it but I cannot find the issue. I’ve asked else where but just been told to post the error. The only error I get is that the fields are not filled in, when they are. If I post code ( if it allows ) can someone please help me? Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 If it helps the page it relates to is: https://www.webcadets.com/administration/forms/rtform.php Quote Link to comment Share on other sites More sharing options...
chhorn Posted July 23, 2019 Share Posted July 23, 2019 (edited) And if someone wants to read the ongoing discussion: https://www.phphelp.com/t/register-form-won-t-work/29551/13 I don't see how you expect people to help without code, or code that does not include the error message. Edited July 23, 2019 by chhorn Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 (edited) It won’t let me post any more on that page, says I’ve posted Max for today ! I’m struggling to copy and paste code as on iPad and keeps crashing as too big, so screen shots are best I can do. where will I get error message from? Edited July 23, 2019 by Davsas Quote Link to comment Share on other sites More sharing options...
chhorn Posted July 23, 2019 Share Posted July 23, 2019 And what happens if you try editing your posts? At least you can see that posting screenshots is nearly unusable for any development tasks like debugging. You already said you get an error message: "fields are not filled in", so search for it in your files to get the related code part. Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 Ok, I see what you are getting at Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 (edited) Ok, through trial and error I think it’s the Ajax file that’s failing. Leave the form black, it lists the missing fields, as it should. Fill in every one, it says fields missing! <?php $bypassSecCheck = true; require_once("/home/webcadet/public_html/mywcc/*************"); require_once("/home/webcadet/public_html/mywcc/Connections/recaptchalib.php"); function addNewMember($NameLast, $NameFirst, $EMail, $EMail2, $DOB, $Gender, $Referer1, $Country, $Province, $City, $ICQ, $MSN, $YAHOO, $AIM, $AOL, $AboutSelf, $WhyJoined, $ValidationCode, $Password, $Status, $rank, $class, $force, $platoon, $section) { global $link, $userDate; $GLOBALS['dbMYWCC']->connect(); $data = array(); $data['NameLast'] = $NameLast; $data['NameFirst'] = $NameFirst; $data['Status'] = $Status; $data['Rank'] = $rank; $data['Class'] = $class; $data['Force'] = $force; $data['EMail'] = $EMail; $data['EMail2'] = $EMail2; $data['Password'] = $Password; $data['DateJoined'] = $userDate->currentGMT("string"); $data['MSN'] = $MSN; $data['ICQ'] = $ICQ; $data['AOL'] = $AOL; $data['Yahoo'] = $YAHOO; $data['WhyJoined'] = $WhyJoined; $data['AboutSelf'] = $AboutSelf; $data['Referer'] = $Referer1; $data['Country'] = $Country; $data['Province'] = $Province; $data['City'] = $City; $data['DOB'] = $DOB; $data['Gender'] = $Gender; $data['EMailValidationCode'] = $ValidationCode; $data['EMailValidated'] = '0'; $data['MemberType'] = 'Regular'; $data['Platoon'] = $platoon; $data['Section'] = $section; $data['LeavingPageWarningShow'] = '1'; $data['LeavingPageWarningDate'] = strtotime(gmdate("Y-m-d H:i:s")); $Result1 = $GLOBALS['dbMYWCC']->insert_array('wcc_admin', $data); if ($Result1 > 0) { return true; }else { return false; } return($Result1); } if (isset($_POST)) { $requiredFields = array(); $requiredFields['0'] = "NameLast"; $requiredFields['1'] = "NameFirst"; $requiredFields['2'] = "EMail"; $requiredFields['3'] = "EMail2"; $requiredFields['4'] = "Country"; $requiredFields['5'] = "Force"; $requiredFieldsNames = array(); $requiredFieldsNames['0'] = "NameLast"; $requiredFieldsNames['1'] = "NameFirst"; $requiredFieldsNames['2'] = "EMail"; $requiredFieldsNames['3'] = "EMail2"; $requiredFieldsNames['4'] = "Country"; $requiredFieldsNames['5'] = "Force"; $foundD = array(); $foundD['0'] = "missing"; $foundD['1'] = "missing"; $foundD['2'] = "missing"; $foundD['3'] = "missing"; $foundD['4'] = "missing"; $foundD['5'] = "missing"; $i = 0; $runRestofForm = true; $temp = ""; echo "Check Required Fields"; while ($i < count($requiredFields)) { if (is_null($_POST[$requiredFields[$i]]) || $_POST[$requiredFields[$i]] == "") { $runRestofForm = false; $foundD[$i] = "missing"; }else { $foundD[$i] = "found"; } $i++; } if ($runRestofForm == false) { echo "<font color='red'><strong>The Following Fields are Missing: "; echo "<br />"; foreach ($foundD as $key => $val) { if ($val == "missing") { echo " => " . $requiredFieldsNames[$key] . "<br />"; } } echo "</strong></font>"; } else { //Run Captcha Check //Captcha Check $publickey = "6Le29AQAAAAAACRNYqNRRZIZSUlv19J2zHx3eJVP"; // you got this from the signup page $privatekey = "6Le29AQAAAAAAB9Yf3Pj2dzN3e8_j8NVjTs1k612"; //$resp = recaptcha_check_answer ($privatekey, //$_SERVER["REMOTE_ADDR"], //$_POST["recaptcha_challenge_field"], //$_POST["recaptcha_response_field"]); $secretKey = "6LfgeAcUAAAAAIwFHVsuxDTOetivOqq4Rn7wIhdd"; $ip = $_SERVER['REMOTE_ADDR']; $captcha=$_POST['g-recaptcha-response']; $resp=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip); $responseKeys = json_decode($resp,true); if ($responseKeys["success"] !== true) { echo "<font color='red'>Incorrect RE-CAPTCHA. Please Try Again." . $responseKeys['error-codes'][0] . "</font>"; }else { if ($_POST['Force'] == "Air Force") { $rank = "NE(WCCAF)"; $force = "WCC"; }else if ($_POST['Force'] == "Army") { $rank = "NE(WCCA)"; $force = "WCC"; }else if ($_POST['Force'] == "Coast Guard") { $rank = "NE(WCCCG)"; $force = "WCC"; }else if ($_POST['Force'] == "Marines") { $rank = "NE(WCCM)"; $force = "WCC"; }else if ($_POST['Force'] == "Navy") { $rank = "NE(WCCN)"; $force = "WCC"; }else if ($_POST['Force'] == "Space") { $rank = "NE(WCCS)"; $force = "WCC"; } $password = password_hash($_POST['Password']); $GLOBALS['dbMYWCC']->connect(); $select2 = "SELECT * FROM wcc_misc_config WHERE `unit`='".$force."' AND `configname`='join_form_platoon'"; $r2 = $GLOBALS['dbMYWCC']->select($select2); while ($row_Jobs=$GLOBALS['dbMYWCC']->get_row($r2, 'MYSQL_ASSOC')) { $platoon = $row_Jobs['field1']; $section = $row_Jobs['field2']; } $result = addNewMember($_POST['NameLast'], $_POST['NameFirst'], $_POST['EMail'], $_POST['EMail2'], $_POST['DOB'], $_POST['Gender'], $_POST['Referer1'], $_POST['Country'], $_POST['Province'], $_POST['City'], $_POST['ICQ'], $_POST['MSN'], $_POST['YAHOO'], $_POST['AIM'], $_POST['AOL'], mysql_escape_string($_POST['AboutSelf']), mysql_escape_string($_POST['WhyJoined']), $_POST['ValidationCode'], $password, $_POST['Status'], $rank, $_POST['Class'], $force, $platoon, $section); if ($result > 0 || $result == true) { require('/home/webcadet/public_html/mywcc/mail/mail_newjoinform.php'); require('/home/webcadet/public_html/mywcc/mail/mail_joinform_notification.php'); $memberr = new Member($_POST['EMail']); $memberID = $memberr->ID; $memberr->addToOldPasswords ($password); $memberr->addEMailValidation($memberID, $_POST['EMail'], $_POST['Password'], $_POST['ValidationCode']); ?> <script lang="en" language="javascript" type="text/javascript"> document.getElementById('form_join_new').style.display = 'none'; </script> <div align='center'> <strong> <font size='2'> You're application has been submitted successfully! Welcome to the Web Cadet Corps, you will be receiving a confirmation e-mail shortly with a link to verify your e-mail. You will also receive instructions on beginning your recruit training. </font> </strong> </div> <?php } } } }else { echo "ERROR No Submission found"; } ?> Edited July 23, 2019 by Davsas Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 It had not pasted very well. I’ll edit and make it more readable Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 I commented out the isset code, then it just hangs when submitted Quote Link to comment Share on other sites More sharing options...
chhorn Posted July 23, 2019 Share Posted July 23, 2019 just follow up the code: as this The Following Fields are Missing is caused by tis $runRestofForm == false this assignment must hit $runRestofForm = false because of this condition if (is_null($_POST[$requiredFields[$i]]) || $_POST[$requiredFields[$i]] == "") so you can have a look at var_dump($_POST); and see what is missing. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted July 23, 2019 Share Posted July 23, 2019 2 hours ago, Davsas said: Fill in every one, it says fields missing! it would be helpful if you posted exactly what output you get in this case. next, there's two immediate problems in the posted code - 1) if (isset($_POST)) { --- post is always set, so, all the form processing code runs every time it gets requested. if that code gets requested without any post data, it will list all the 'required' form fields as being missing. that line of code should be using if (!empty($_POST)) { 2. mysql_escape_string($_POST['AboutSelf']), mysql_escape_string($_POST['WhyJoined']) --- since the mysql_ extension has been removed from php, either you will be getting a fatal runtime error and execution will halt, or you are still running this on a php5 version and when it gets used under php7 it will produce a fatal runtime error and halt execution. so, two problems, the mysql_escape_string() calls must be removed, and the code must do something for all the external/unknown data to protect against sql injection. lastly, there's several implementation problems in the code, resulting in a large amount of unnecessary variables and logic, and without knowing what the database layer is doing, it is likely open to sql injection. just getting this code to 'function' my leave you with a site that will end up getting taken over and used for phishing sites, sending spam, ... code/queries must be secured against sql injection, email header injection, and cross site scripting. Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 thank you guys for the detailed replies. At least i have a starting point to work from now. I will go and look at these and see where i get. Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 this is when i leave all entries empty Quote Link to comment Share on other sites More sharing options...
Davsas Posted July 23, 2019 Author Share Posted July 23, 2019 * Which element of the Corps would you like to apply to? WCC NavyWCC ArmyWCC Air ForceWCC MarinesWCC Coast GuardWCC Space By pressing the Apply for WCC Basic Training button you hereby agree that all work done by you on behalf of the WCC becomes the property of the Web Cadet Corps including all copyright. You also agree that all information provided by yourself and sent in any email or form can be stored on the WCC server. This information will be kept secure and not given to anyone outside of the WCC. For Security reason's your IP Address has been logged: Check Required Fields Wont let me upload another image, but in red is the message when ALL fields are filled in Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted July 23, 2019 Share Posted July 23, 2019 2 minutes ago, Davsas said: Check Required Fields Wont let me upload another image, but in red is the message when ALL fields are filled in yes, but that's the message you or someone else is unconditionally echoing inside the form processing code. it means that the form processing code executed. echo "Check Required Fields"; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.