0

And please remember that this is really only a pre-verification check. You have to reverify the captcha right at the top of processForm.php, otherwise that script would be accessible without verification.

If the test in processForm.php fails, then redirect back to checkForm.php . This won't happen to bona fide users; only hackers who did not use checkForm.php will be redirected.

Airshow

You mean I have to do like this in

processForm.php

<?php
session_start();
require("include/application_top.php");

if(strtolower($_REQUEST['captcha_code']) == strtolower($_SESSION['random_number']))
	{
..
..
      // insert your name , email and text message to your table in db
	  $table_fields = array("name", "tel", "email", "interested", "comment", "email_list");
     $table_name = "present";
..
..	 
	  exit('1');//pass
	  header('Location: thankyou.php');
	}
	else
	{
	    exit('0');//fail
	    header('Location: checkForm.php');
	}

Is this correct way?

Edited by siabenie: n/a

0

In each of the tests, simply push error messages onto the error_mesg array

if($name.val()==="") {
	error_mesg.push("Please enter your name");
	$name.addClass('error');
}
else {
	$name.removeClass('error');
}

The function showErrorMesg (called in various places) displays the message.

You will see that showErrorMesg has two lines of code; your original alert is currently commented out, in favour of a line of jQuery. Simply move the comment marks to the jquery line and your alert will will happen.

Airshow

0

Yes, I got it now thanks!!:)

But the <br/> is printed on the error message instead of break, this is the sample what I got:

Please enter your name<br/>Please enter tel no<br/>Please enter email<br/>Please accept the terms and conditions<br/>Please enter the image verification

Airshow, is the processForm.php I show you earlier was correct way to do it?

0

You mean I have to do like this in processForm.php

<?php
session_start();
require("include/application_top.php");

if(strtolower($_REQUEST['captcha_code']) == strtolower($_SESSION['random_number']))
	{
..
..
      // insert your name , email and text message to your table in db
	  $table_fields = array("name", "tel", "email", "interested", "comment", "email_list");
     $table_name = "present";
..
..	 
	  exit('1');//pass
	  header('Location: thankyou.php');
	}
	else
	{
	    exit('0');//fail
	    header('Location: checkForm.php');
	}

Is this correct way?

Nearly:

<?php
session_start();

//Here revalidate ALL form data
$name_OK = ...;
$tel_OK = ...;
$email_OK = ...;
$terms_OK = ...;
$captcha_OK = strtolower($_REQUEST['captcha_code']) != strtolower($_SESSION['random_number']);
if(!$name_OK || !$tel_OK || !$email_OK || !$terms_OK || !$captcha_OK)
{
	header('Location: checkForm.php');
	exit();
}

//here do whatever is required on successful form submission
...

I'm away now. Back this evening.

Airshow

0

Nearly:

<?php
session_start();

//Here revalidate ALL form data
$name_OK = ...;
$tel_OK = ...;
$email_OK = ...;
$terms_OK = ...;
$captcha_OK = strtolower($_REQUEST['captcha_code']) != strtolower($_SESSION['random_number']);
if(!$name_OK || !$tel_OK || !$email_OK || !$terms_OK || !$captcha_OK)
{
	header('Location: checkForm.php');
	exit();
}

//here do whatever is required on successful form submission
...

I'm away now. Back this evening.

Airshow

Hi Airshow,

I did not get what you mean by ...;

Shall I put it like this:?

$name_OK = $name;
$tel_OK = $tel;
$email_OK = $email;
..
..

And how can we break this error message from printed the <br/>:

Please enter your name<br/>Please enter tel no<br/>Please enter email<br/>Please accept the terms and conditions<br/>Please enter the image verification
..
alert(mesgArray.join("<br/>"));
..
..

Please assist, thank you.

0

Hi Airshow,

I did not get what you mean by ...;

Shall I put it like this:?

$name_OK = $name;
$tel_OK = $tel;
$email_OK = $email;
..
..

The right hand part of each expression should be a test that returns true or false, in the same way as the line $captcha_code = ....; .

These tests will be php versions of the validations performed client-side by javascript.

And how can we break this error message from printed the <br/>:

Please enter your name<br/>Please enter tel no<br/>Please enter email<br/>Please accept the terms and conditions<br/>Please enter the image verification
alert(mesgArray.join("<br/>"));

Sorry, that's my fault. It should be:

alert(mesgArray.join("\n"));

Airshow

0

Thanks for clarify them - but I did not understand what you mean by

The right hand part of each expression should be a test that returns true or false, in the same way as the line $captcha_code = ....; .

These tests will be php versions of the validations performed client-side by javascript.

Airshow

Can you please give me an example?

Thanks again.!!

0

Can you please give me an example?

For name, javascript tests for blank/non-blank

if($name.val()===""){
	//error
}
else {
	//ok
}

So in php, do the same:

$name_OK = $_REQUEST['name'] != "";

Airshow

0

For name, javascript tests for blank/non-blank

if($name.val()===""){
	//error
}
else {
	//ok
}

So in php, do the same:

$name_OK = $_REQUEST['name'] != "";

Airshow

I see okay thanks - so I have to do these for all the variables that I used? or only those I use for checking error messages?

And - How about to the one for check-box one (terms and conditions)? Do I do the same thing?

Here is snippets what I did; Is this looks correct Airshow?

<?php
session_start();
require("include/application_top.php");

$name_OK = $_REQUEST['name'] != "";
$tel_OK = $_REQUEST['tel'] != "";
$email_OK = $_REQUEST['email'] != "";
$terms_OK = $_REQUEST['terms_agree'] != "";
$captcha_OK = strtolower($_REQUEST['captcha_code']) != strtolower($_SESSION['random_number']);

if(!$name_OK || !$tel_OK || !$email_OK || !$terms_OK || !$captcha_OK)
{
	header('Location: checkForm.php');
	exit();
}
..
..
$table_fields = array("name", "tel", "email", "comment");
$table_name = "present";

....
....
if(isset($_POST['name'])){
  
  $connection = mysql_connect (DB_SERVER, DB_USER, DB_PASS) or
	die ('I cannot connect to the database because: ' . mysql_error());
  mysql_select_db (DB_NAME, $connection);
..
..
..}
  mysql_query ($query, $connection)
	or die(mysql_error()."\n<br />This is the query:\n<br />".$query);
  ..
  ..
  ..
  mail($notification_to, $notification_subject, $notification_body, $notification_headers);
  
  header ("Location: thankyou.php");
  
}
?>

S

Edited by siabenie: n/a

0

Do as many checks as you feel are necessary to prevent absent/inappropriate data from messing up your registration process.

If I recall correctly, a check-box's property exists in $_REQUEST if the box is checked, and not if it's unchecked. Therefore test isset($_REQUEST['terms_agree']) .

Airshow

Edited by Airshow: n/a

0

Do as many checks as you feel are necessary to prevent absent/inappropriate data from messing up your registration process.

If I recall correctly, a check-box's property exists in $_REQUEST if the box is checked, and not if it's unchecked. Therefore test isset($_REQUEST['terms_agree']) .

Airshow

Ok - so you saying it should be done like this, am I correct?

..

$terms_OK = isset($_REQUEST['terms_agree']);
..

One question about the JS: If I was thinking to add an extra email address for different form NOT on this but for other purposed where people always have two emails to confirm e.g: where if both fields are empty then show error message - and if both of the email is not match show error message.

Here is snippets for the form:

..
..
<tr>        
  <td>E-mail</td>        
  <td ><input name="email" type="text" size="40" value="<?php echo $_SESSION["email"];?>" />     
  <td>      
</tr>      

<tr>
  <td>E-mail Confirmation</td>
  <td><input name="email_1" type="text" size="40" value="<?php echo $_SESSION["email_1"];?>" />     
  <td>      
</tr>
..

And here for the JS version for if the fields are empty which works fine:

..
$('[name=email]').parent().removeClass('error');       if($('[name=email]').val()==""){         
error_num++;         
error_mesg += "E-mail。\n";         
$('[name=email]').parent().addClass('error');       }

$('[name=email_1]').parent().removeClass('error');       if($('[name=email_1]').val()==""){         
error_num++;         
error_mesg += "Please confirm your email\n";         $('[name=email_1]').parent().addClass('error');       }

And here for the error message if both emails are not match - but it did not work.

..
$('[name=email]').parent().removeClass('error') && $('[name=email_1]').parent().removeClass('error');    
if($('[name=email != name=email_1]').val()){         
error_num++;         
error_mesg += "E-mail not match\n";         $('[name=email]').parent().addClass('error') && $('[name=email_1]').parent().addClass('error');       } 
..
..

Can you please assist me what is the correct way of doing this as I am using jQuery.

Edited by siabenie: n/a

0

Airshow, I think I have sorted the jQuery bit thanks a lot for all your help! I just need to play with the code and test them.

Really appreicated your kind help! Nice people! Credit to you!
Cheers matey!

0

The right hand part of each expression should be a test that returns true or false, in the same way as the line $captcha_code = ....; .

These tests will be php versions of the validations performed client-side by javascript.
Airshow

Hi Airshow,

I like to ask you about the processForm.php - How can we check that the validations on the processForm is okay? Just out of interest..

Thanks

0

We moved away from error_mesg being a string, remember?

These checks need to be constructed to the same pattern as the others. And it will be less confusing name the fields 'email_1' and 'email_2'.

First, construct jQuery objects for 'email_1' and 'email_2' ONCE at the top of $(document).ready(function(){, same as for other fields:

...
	var $email_1 = $("[name='email_1']");
	var $email_2 = $("[name='email_2']");

Inside function validate_form() {

...
		$email_1.removeClass('error')
		$email_2.removeClass('error');
		if($email_1.val()==""){
			error_mesg.push("E-mail?");         
			$email_1.addClass('error');
		}
		if($email_2.val()==""){
			error_mesg.push("Please confirm your email");
			$email_2.addClass('error');
		}
		if($email_1.val() != $email_2.val()){         
			error_mesg.push("E-mail not match");
			$email_1.addClass('error');
			$email_2.addClass('error');
		}

Airshow

Edited by Airshow: n/a

0

We moved away from error_mesg being a string, remember?

These checks need to be constructed to the same pattern as the others. And it will be less confusing name the fields 'email_1' and 'email_2'.
Airshow

Yes I do remember we swap to different way of dealing it - Airshow, question; when I entered a wrong secure image: I got an error message which is correct, but there is a little checkbox there saying "[]Prevent this page from creating additional dialogues"

What is that suppose to mean?

Thanks

EDIT: When I clicked the checked box all the pop up error messages not showing but still giving me highlighted error. Where is that line on our JS code?

Edited by siabenie: n/a

0

Sounds like some half-baked nanny-browser thing.

It's not directly caused by anything in the javascript.

There may be a workaround but you would need to research it.

Airshow

0

Sounds like some half-baked nanny-browser thing.

It's not directly caused by anything in the javascript.

There may be a workaround but you would need to research it.

Airshow

LOL - Ok well it's not a big issue I am just curious - By the way, I wonder How can we do a function for email so that a valid format (yourmeail@here.com) of email been entered if not valid then an error message pop up?

Do I have to create a different page for that or? Any idea?

0

No, you just something better that checking for empty string.

You need to do some research. There are loads good discussions etc about email validation on the web. I would not try to write it myself because other people have done a better job than I could ever hope for. Besides I'm lazy.

Google eg. "javascript email validation"

You will be introduced to the wonderful world of "regular expressions".

Airshow

0

No, you just something better that checking for empty string.

You need to do some research. There are loads good discussions etc about email validation on the web. I would not try to write it myself because other people have done a better job than I could ever hope for. Besides I'm lazy.

Google eg. "javascript email validation"

You will be introduced to the wonderful world of "regular expressions".

Airshow

Hmm "regular expressions"? Ok will look into it.!

Thanks Airshow.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.