Old site, old code, need help

[Davsas]

Hi Guys,

 

new to php and taken on the on the challenge of a web site written years ago, using old code. Various parts are failing but the main issue is the join form. I have gone over and over it but I cannot find the issue. I’ve asked else where but just been told to post the error. The only error I get is that the fields are not filled in, when they are. If I post code ( if it allows ) can someone please help me?

[Davsas]

If it helps the page it relates to is:

 

https://www.webcadets.com/administration/forms/rtform.php

[chhorn]

And if someone wants to read the ongoing discussion: https://www.phphelp.com/t/register-form-won-t-work/29551/13

I don't see how you expect people to help without code, or code that does not include the error message.

Edited July 23, 2019 by chhorn

[Davsas]

It won’t let me post any more on that page, says I’ve posted Max for today ! I’m struggling to copy and paste code as on iPad and keeps crashing as too big, so screen shots are best I can do.

 

where will I get error message from?

Edited July 23, 2019 by Davsas

[chhorn]

And what happens if you try editing your posts? At least you can see that posting screenshots is nearly unusable for any development tasks like debugging.

You already said you get an error message: "fields are not filled in", so search for it in your files to get the related code part.

[Davsas]

Ok, I see what you are getting at

[Davsas]

Ok, through trial and error I think it’s the Ajax file that’s failing. Leave the form black, it lists the missing fields, as it should. Fill in every one, it says fields missing!

 

<?php $bypassSecCheck = true;

require_once("/home/webcadet/public_html/mywcc/*************");

require_once("/home/webcadet/public_html/mywcc/Connections/recaptchalib.php");

function addNewMember($NameLast, $NameFirst, $EMail, $EMail2, $DOB, $Gender, $Referer1, $Country, $Province, $City, $ICQ, $MSN, $YAHOO, $AIM, $AOL, $AboutSelf, $WhyJoined, $ValidationCode, $Password, $Status, $rank, $class, $force, $platoon, $section) {

global $link, $userDate; $GLOBALS['dbMYWCC']->connect();

$data = array();

$data['NameLast'] = $NameLast;

$data['NameFirst'] = $NameFirst;

$data['Status'] = $Status;

$data['Rank'] = $rank;

$data['Class'] = $class;

$data['Force'] = $force;

$data['EMail'] = $EMail;

$data['EMail2'] = $EMail2;

$data['Password'] = $Password;

$data['DateJoined'] = $userDate->currentGMT("string");

$data['MSN'] = $MSN;

$data['ICQ'] = $ICQ;

$data['AOL'] = $AOL;

$data['Yahoo'] = $YAHOO;

$data['WhyJoined'] = $WhyJoined;

$data['AboutSelf'] = $AboutSelf;

$data['Referer'] = $Referer1;

$data['Country'] = $Country;

$data['Province'] = $Province;

$data['City'] = $City;

$data['DOB'] = $DOB;

$data['Gender'] = $Gender;

$data['EMailValidationCode'] = $ValidationCode;

$data['EMailValidated'] = '0';

$data['MemberType'] = 'Regular';

$data['Platoon'] = $platoon;

$data['Section'] = $section;

$data['LeavingPageWarningShow'] = '1';

$data['LeavingPageWarningDate'] = strtotime(gmdate("Y-m-d H:i:s"));

$Result1 = $GLOBALS['dbMYWCC']->insert_array('wcc_admin', $data);

if ($Result1 > 0) { return true; }else { return false; } return($Result1);

}

if (isset($_POST))

{ $requiredFields = array();

$requiredFields['0'] = "NameLast";

$requiredFields['1'] = "NameFirst";

$requiredFields['2'] = "EMail";

$requiredFields['3'] = "EMail2";

$requiredFields['4'] = "Country";

$requiredFields['5'] = "Force";

$requiredFieldsNames = array();

$requiredFieldsNames['0'] = "NameLast";

$requiredFieldsNames['1'] = "NameFirst";

$requiredFieldsNames['2'] = "EMail";

$requiredFieldsNames['3'] = "EMail2";

$requiredFieldsNames['4'] = "Country";

$requiredFieldsNames['5'] = "Force";

$foundD = array();

$foundD['0'] = "missing";

$foundD['1'] = "missing";

$foundD['2'] = "missing";

$foundD['3'] = "missing";

$foundD['4'] = "missing";

$foundD['5'] = "missing";

$i = 0; $runRestofForm = true; $temp = ""; echo "Check Required Fields"; while ($i < count($requiredFields)) { if (is_null($_POST[$requiredFields[$i]]) || $_POST[$requiredFields[$i]] == "") { $runRestofForm = false; $foundD[$i] = "missing"; }else { $foundD[$i] = "found"; } $i++; } if ($runRestofForm == false) { echo "<font color='red'><strong>The Following Fields are Missing: ";

echo "<br />"; foreach ($foundD as $key => $val) { if ($val == "missing") { echo " => " . $requiredFieldsNames[$key] . "<br />"; } } echo "</strong></font>"; }

else { //Run Captcha Check //Captcha Check $publickey = "6Le29AQAAAAAACRNYqNRRZIZSUlv19J2zHx3eJVP"; // you got this from the signup page $privatekey = "6Le29AQAAAAAAB9Yf3Pj2dzN3e8_j8NVjTs1k612"; //$resp = recaptcha_check_answer ($privatekey, //$_SERVER["REMOTE_ADDR"], //$_POST["recaptcha_challenge_field"], //$_POST["recaptcha_response_field"]); $secretKey = "6LfgeAcUAAAAAIwFHVsuxDTOetivOqq4Rn7wIhdd"; $ip = $_SERVER['REMOTE_ADDR']; $captcha=$_POST['g-recaptcha-response']; $resp=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip); $responseKeys = json_decode($resp,true); if ($responseKeys["success"] !== true) { echo "<font color='red'>Incorrect RE-CAPTCHA. Please Try Again." . $responseKeys['error-codes'][0] . "</font>"; }else { if ($_POST['Force'] == "Air Force") { $rank = "NE(WCCAF)"; $force = "WCC"; }else if ($_POST['Force'] == "Army") { $rank = "NE(WCCA)"; $force = "WCC"; }else if ($_POST['Force'] == "Coast Guard") { $rank = "NE(WCCCG)"; $force = "WCC"; }else if ($_POST['Force'] == "Marines") { $rank = "NE(WCCM)"; $force = "WCC"; }else if ($_POST['Force'] == "Navy") { $rank = "NE(WCCN)"; $force = "WCC"; }else if ($_POST['Force'] == "Space") { $rank = "NE(WCCS)"; $force = "WCC"; } $password = password_hash($_POST['Password']); $GLOBALS['dbMYWCC']->connect(); $select2 = "SELECT * FROM wcc_misc_config WHERE `unit`='".$force."' AND `configname`='join_form_platoon'"; $r2 = $GLOBALS['dbMYWCC']->select($select2); while ($row_Jobs=$GLOBALS['dbMYWCC']->get_row($r2, 'MYSQL_ASSOC')) { $platoon = $row_Jobs['field1']; $section = $row_Jobs['field2']; } $result = addNewMember($_POST['NameLast'], $_POST['NameFirst'], $_POST['EMail'], $_POST['EMail2'], $_POST['DOB'], $_POST['Gender'], $_POST['Referer1'], $_POST['Country'], $_POST['Province'], $_POST['City'], $_POST['ICQ'], $_POST['MSN'], $_POST['YAHOO'], $_POST['AIM'], $_POST['AOL'], mysql_escape_string($_POST['AboutSelf']), mysql_escape_string($_POST['WhyJoined']), $_POST['ValidationCode'], $password, $_POST['Status'], $rank, $_POST['Class'], $force, $platoon, $section); if ($result > 0 || $result == true) { require('/home/webcadet/public_html/mywcc/mail/mail_newjoinform.php'); require('/home/webcadet/public_html/mywcc/mail/mail_joinform_notification.php'); $memberr = new Member($_POST['EMail']); $memberID = $memberr->ID; $memberr->addToOldPasswords ($password); $memberr->addEMailValidation($memberID, $_POST['EMail'], $_POST['Password'], $_POST['ValidationCode']); ?> <script lang="en" language="javascript" type="text/javascript"> document.getElementById('form_join_new').style.display = 'none'; </script> <div align='center'> <strong> <font size='2'> You're application has been submitted successfully! Welcome to the Web Cadet Corps, you will be receiving a confirmation e-mail shortly with a link to verify your e-mail. You will also receive instructions on beginning your recruit training. </font> </strong> </div> <?php } } } }else { echo "ERROR No Submission found"; } ?>

Edited July 23, 2019 by Davsas

[Davsas]

It had not pasted very well. I’ll edit and make it more readable 

[Davsas]

I commented out the isset code, then it just hangs when submitted 

[chhorn]

just follow up the code:

as this

The Following Fields are Missing

is caused by tis

$runRestofForm == false

this assignment must hit

$runRestofForm = false

because of this condition

if (is_null($_POST[$requiredFields[$i]]) || $_POST[$requiredFields[$i]] == "")

so you can have a look at

var_dump($_POST);

and see what is missing.

[mac_gyver]

2 hours ago, Davsas said:

Fill in every one, it says fields missing!

it would be helpful if you posted exactly what output you get in this case.

next, there's two immediate problems in the posted code -

1) if (isset($_POST)) { --- post is always set, so, all the form processing code runs every time it gets requested. if that code gets requested without any post data, it will list all the 'required' form fields as being missing. that line of code should be using if (!empty($_POST)) {

2. mysql_escape_string($_POST['AboutSelf']),  mysql_escape_string($_POST['WhyJoined']) --- since the mysql_ extension has been removed from php, either you will be getting a fatal runtime error and execution will halt, or you are still running this on a php5 version and when it gets used under php7 it will produce a fatal runtime error and halt execution. so, two problems, the mysql_escape_string() calls must be removed, and the code must do something for all the external/unknown data to protect against sql injection.

lastly, there's several implementation problems in the code, resulting in a large amount of unnecessary variables and logic, and without knowing what the database layer is doing, it is likely open to sql injection. just getting this code to 'function' my leave you with a site that will end up getting taken over and used for phishing sites, sending spam, ... code/queries must be secured against sql injection, email header injection, and cross site scripting.

[Davsas]

thank you guys for the detailed replies. At least i have a starting point to work from now. I will go and look at these and see where i get. 

[Davsas]

this is when i leave all entries empty 

[Davsas]

* Which element of the Corps would you like to apply to?

WCC NavyWCC ArmyWCC Air ForceWCC MarinesWCC Coast GuardWCC Space

By pressing the Apply for WCC Basic Training button you hereby agree that all work done by you on behalf of the WCC becomes the property of the Web Cadet Corps including all copyright. You also agree that all information provided by yourself and sent in any email or form can be stored on the WCC server. This information will be kept secure and not given to anyone outside of the WCC. 

For Security reason's your IP Address has been logged:  


 

Check Required Fields

 

Wont let me upload another image, but in red is the message when ALL fields are filled in

[mac_gyver]

2 minutes ago, Davsas said:

Check Required Fields

 

Wont let me upload another image, but in red is the message when ALL fields are filled in

yes, but that's the message you or someone else is unconditionally echoing inside the form processing code. it means that the form processing code executed.

echo "Check Required Fields";