Help with if statement

[Trium918]

I am trying to create an if() statement that will product

function display_contact_form() or else display_register_form

when the click on a link.

 

 

<?php
require_once("container_fns.php");

function display_contact_form($contact)
{
?>
<table width="100%" border="0" cellspacing="0" cellpadding="10" align="center" class="">
<tr><td align="center" colspan="2"><span class="main_header">Superiun.com Contact Form</SPAN></td></tr>
<tr>
<td width="100%" valign="top" align="left">	
<form name="contact_us" method="post" action=" " enctype="multipart/form-data"\>
  <table width="400" border="0" cellspacing="0" cellpadding="5" align="center" class="registration_form">
  <tr><td width="47%" class="gen">Email:</td>
  <td><input type="text" name="email" size="25" maxlength="25" /></td></tr>
  <tr>
<td width="47%" class="gen">Last Name:</td>
<td colspan="2"><input type="text" name="lname" size="25" maxlength="25" /></td>
  </tr>
  <tr>
<td width="47%" class="gen">First Name:</td>
<td colspan="2"><input type="text" name="fname" size="25" maxlength="25" /></td>
  </tr>
  <tr><td width="47%" class="gen">Phone:</td>
    <td colspan="2"><input name="telephone" size="25" maxlength="10" /></td></tr>
  <tr>
<td width="47%" height="57" class="gen">Comment:</td>
<td height="17" colspan="2"><textarea name="address" cols="26" rows="4"></textarea></td>
   </tr>
   <tr><td colspan="2" align="center"><input type='submit' value="Submit" class="mainoption"/></td></tr>
</table></form>		</td></tr></table> 

<?php
}
function display_registration_form()
{
?>
<table width="100%" border="0" cellspacing="0" cellpadding="10" align="center" class="">
  <tr><td align="center" colspan="2"><span class="main_header">Superiun.com Registration Form</SPAN></td></tr>
  <tr>
  <td width="100%" valign="top" align="left">	
<form name="registration" method="post" action="">
<table width="425" border="0" cellspacing="0" cellpadding="5" align="center" class="registration_form">
  <tr><td width="47%" class="gen">Username:<? echo $fill_in; ?></td>
   <td><input type="text" name="user_name" size="25" maxlength="25" /></td></tr>
  <tr><td width="47%" class="gen">Email Address:<? echo $fill_in; ?></td>
   <td><input type="text" name="email_address" size="30" maxlength="40" /></td></tr>
  <tr><td width="47%" class="gen">First Name:<? echo $fill_in; ?></td>
   <td><input type="text" name="first_name" size="25" maxlength="25" /></td></tr>
  <tr>
	<td width="47%" class="gen">Last Name:</td>
	<td colspan="2"><input type="text" name="last_name" size="25" maxlength="25" /></td>
  </tr>
<tr>
   <td width="47%" class="gen">Password:</td>
   <td colspan="2"><input type="password" name="password" size="25" maxlength="25" /></td>
    </tr>
<tr>
   <td width="47%" class="gen">Comfirm Password:</td>
   <td colspan="2"><input type="password" name="cpassword" size="25" maxlength="25" /></td>
    </tr>
<tr>
   <td width="47%" class="gen">Address:</td>
   <td height="2" colspan="2">
   <input type="text" name="street_address" size="25" maxlength="50"/></td>
    </tr>
    <tr>
   <td width="47%" class="gen">City:</td>
   <td colspan="2"><input type="text" name="city_county" size="25" maxlength="25" /></td>
    </tr>
    <tr><td width="47%" class="gen">State:</td><td>
	</td>
</tr>
<tr>
	<td width="47%" class="gen">Postal Code:</td>
	<td colspan="2"><input type="text" name="zip_code" size="25" maxlength="5" /></td>
</tr>
<tr>
	<td width="47%" class="gen">Gender:</td>
	<td>
	  <table border="0">
<tr>
	<td height="2" width="26%" class="gen">
	<input type="radio" name="gender" value="male" />Male</td><td height="2" width="27%">
	<input type="radio" name="gender" value="female" />Female</td></tr>
</table></tr>
<tr><td width="47%" class="gen">Phone:</td>
    <td colspan="2"><input name="telephone" size="25" maxlength="10" /></td></tr>
<tr><td colspan='2' class="genterms"><input class='chk' type='checkbox' name='user_agreement' value='yes' /> 
						I have read and agree to the <a href='./terms.php' class="gen">Terms of Service</a></td></tr>
<tr><td colspan="2" align="center"><input type='submit' value="Submit" class="mainoption" 
					  onclick="return check_terms()"/></td></tr>
</table></form>		
</td></tr>
</table>
<?php
}
?>

[Barand]

OK, a bunch of code. 

 

Does your post have any purpose?

 

Ah, I see you now edited and added a question

[Barand]

You could add something like this to the end of the above code

 

echo " Choose <a href='?form=r'> Registration Form</a> or  <a href='?form=c'>Contact Form</a>" ;

if ($_GET['form']=='r')
    display_registration_form();
elseif ($_GET['form']=='c') 
    display_contact_form('') ;

[Trium918]

It shows up in the URL, but the form never displays.

 

contact_form.php?form=contact_us

<li><a href='?form=contact_us'>Contact Us</a></li>

[Trium918]

Someone knows something!!!

[Trium918]

You could add something like this to the end of the above code

 

echo " Choose <a href='?form=r'> Registration Form</a> or  <a href='?form=c'>Contact Form</a>" ;

if ($_GET['form']=='r')
    display_registration_form();
elseif ($_GET['form']=='c') 
    display_contact_form('') ;

 

I got this part working, but how would I get the register_form.php to show up

instead of contact_form.php?form=r or contact_form.php?form=c for both?

[Barand]

I would have that purpose of having those 2 function was to avoid having a "contact_form.php" and a "register_form.php".

 

Instead you just need "form.php", or someother neutral name, containing

 

<?php

// your functions here, or include them here

if ($_GET['form']=='r')
    display_registration_form();
elseif ($_GET['form']=='c') 
    display_contact_form('') ;
?>

 

and this would be called from links, like those above,  on another page

 

Choose <a href='form.php?form=r'> Registration Form</a> or  <a href='form.php?form=c'>Contact Form</a>

[Trium918]

I got it working thanks, but how would I protect the webpages

from Dynamic File Inclusion Attacks? Since the site I am trying to build

is using this method. My first site.

[Trium918]

Barand, I just fought this at http://www.daholygoat.com/blog/index.php?/archives/6-Writing-Secure-Web-Applications-with-PHP.html

 

<?php
$files = array('foo' => 'foo.php', 'bar' => 'bar.php');
if(isset($files[$_GET['file']]))
{
        include($files[$_GET['file']]);
}
?>

 

How can I apply this to my code and how can it help me?

[Barand]

As a general principle, never trust anything that originates from the client i.e. GET, POST or COOKIE.

 

So including $_GET['file'] would be dangerous if $_GET['file'] contains "http://www.domain.com/maliciouscode"

 

The above code limits inclusion to either "foo.php" or "bar.php".

 

In the case of your forms, earlier code above, you call only known functions from a known included file and you don't rely on the GET or POST item to define the the inclusion, only to choose between 2 safe options.

[clown[NOR]]

Barand, I just fought this at http://www.daholygoat.com/blog/index.php?/archives/6-Writing-Secure-Web-Applications-with-PHP.html

 

<?php
$files = array('foo' => 'foo.php', 'bar' => 'bar.php');
if(isset($files[$_GET['file']]))
{
        include($files[$_GET['file']]);
}
?>

 

How can I apply this to my code and how can it help me?

 

I have a question about this one... I have lots of files coming under 1 or 2 sub folders... how will i access them? and since what I'm working on is a tutorial site for multiple programming languages... do I have to add every single file to the array? cuz that'll mean many many lines of array =)