Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Sep 2005
Posts: 102
T
Testing Offline OP
UGN Member
OP Offline
UGN Member
T
Joined: Sep 2005
Posts: 102
I am currently working on a project from the book. It is a very simple form. However the script to handle the form simply isnt working and I cant figure it out. I swear I have checked and double checked my syntax over and over. I was hoping someone might be able to give it a peek and tell me where im messing up. Thanks in advance.

The Form

Code
 <form action="handle_about.php" method="post">
<fieldset><legend>Enter your information in the form below </legend>


<b>Name:</b> <input type="text" name ="name" size="20" maxlength="40" />


<b>Interests:</b>
<input type="checkbox" name="interests[]" value="Music" /> Music
<input type="checkbox" name="interests[]" value="Books" /> Books
<input type="checkbox" name="interests[]" value="Skiing" /> Skiing
<input type="checkbox" name="interests[]" value="Napping" /> Napping

</fieldset>
<div align="center"><input type="submit" name="submit" value="Submit Information" /></div>
</form> 
The script handling the form :

Code
<?php 


if (strlen($_POST['name']) > 0) {
	$name = stripslashes($_POST['name']);
	
} else { // If no name was entered...
	$name = NULL;
	echo '

<b>You forgot to enter your name!</b>';
}

//Check $interests[]
if (isset($_POST['interests'])) {
	$ints = NULL; //New message to be used.
	foreach ($_POST['interests']) as $key => $value) { //loop through each.
		$ints .= "$value, ";

}
$ints = substr($ints, 0, -2);
$interests = TRUE;
		
} else {
	$interests = NULL;
	echo '

<b>You forgot to enter your interests!</b>';
	
	}
	
if ($name && $interests) {
echo "Thank you, <b>{$_POST['name']}</b>.  You entered interests as:
<tt>$ints</tt>";

}


?>  
All I get is a blank page.

Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Code
 
<?
if(!$cmd){
//start form
?>
 <form action="index.php?cmd=send" method="post">
	<fieldset>
		<legend>
			Enter your information in the form below 
		</legend>
		<br/>
		<strong>
			Name:
		</strong>
			<input type="text" name ="myname" size="20" maxlength="40" />
		<br/>
		<strong>
			Interests:
		</strong>
			<input type="checkbox" name="interests[]" value="Music" /> Music
			<input type="checkbox" name="interests[]" value="Books" /> Books
			<input type="checkbox" name="interests[]" value="Skiing" /> Skiing
			<input type="checkbox" name="interests[]" value="Napping" /> Napping
		<br/>
	</fieldset>
	<div align="center">
			<input type="submit" name="submit" value="Submit Information" />
	</div>
</form> 
<?
//process form

}else if($cmd == "send"){
print_r($interests);
if (strlen($_POST['myname']) > 0) {
	$myname = stripslashes($_POST['myname']);
}else{ // If no name was entered...
	$myname = NULL;
	echo '

<b>You forgot to enter your name!</b>';
}
//Check $interests[]
if (isset($_POST['interests'])) {
	$ints = NULL; //New message to be used.
	foreach ($_POST['interests'] as $key => $value) {     //loop through each.
		$ints .= "$value, ";
	}
	$ints = substr($ints, 0, -2);
	$interests = TRUE;
}else{
	$interests = NULL;
	echo '

<b>You forgot to enter your interests!</b>';
}
if ($name && $interests) {
		echo "Thank you, <b>{$_POST['name']}</b>.  You entered interests as:
<tt>$ints</tt>";
	}
}
 
Try that. this is just an array not a multi demmensional array. I added the Print_r(); function on line 33 so you can see the array. you can add the pre tags to this to keep the formatting. Chec it out

Code
echo "<pre>";
print_r($interests);
echo "</pre>";
Now your out put should look something like

Code
Array
(
    [0] => Music
    [1] => Books
    [2] => Napping
)
  

Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Oh I forgot. You will see I put all the code on one page. I find this easier to keep track of later. a good way in my oppion to verify data came from a form is


Code
<input type="hidden" value="<? $this_val = md5($_SERVER['REMOTE_ADDR']);  echo "$this_val"; ?>" name="secure_id">
then in the form processing script
Code
$my_security = md5($_SERVER['REMOTE_ADDR']);
if($secure_id == "$my_security"){
     //do form processing here
}else{
     echo "Please use our form to submit data thank you";
}
For more security use crypt instead of MD5 which I belive to be machine specific.


What this dose is encrypts the users IP address with an MD5 hash. Then on the form Processing page we check the the value sent matches when we do it again. For dynamic IP addresses this will change often but should be fine to post the form data. But if they come back they will not be able to use the same MD5 hash to submit data without the form using the GET method.

Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
'eh I like to generate the secure_id with a combination of server ip or name and the users ip; as if the user's ip changes per page they're using a proxy swapper and I don't want to deal with them anyway wink ...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Joined: Apr 2005
Posts: 247
UGN Member
Offline
UGN Member
Joined: Apr 2005
Posts: 247
That's not very considerate to us AOHellers, giz :p


"We can categorically state that we have not released man-eating badgers into the area."

-UK military spokesman Major Mike Shearer
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Verizon now offers $14.95 DSL. Drop AOhell

Joined: Apr 2005
Posts: 247
UGN Member
Offline
UGN Member
Joined: Apr 2005
Posts: 247
I'm not going through this again...

My IRC Logs With Inf.:

Quote:

[18:38] <shadow516> indeed
[18:38] <Infinite> hrm...
[18:38] <Infinite> aol...
[18:38] <shadow516> ...
[18:38] * Infinite thinks...
[18:39] <shadow516> the strange thing is
[18:39] <shadow516> that I HAVE broadband
[18:39] <shadow516> but my parents are too lazy to pick up the router
[18:39] <shadow516> so I'm stuck with dialup untill further notice
[18:39] <shadow516> smirk
[18:39] <shadow516> how's that for funny?
[18:40] <Infinite> nice
[18:40] * shadow516 kicks wall
[18:40] <shadow516> ow
[18:41] <Infinite> hrm
[18:41] <Infinite> lets see if this works on you now...
[18:41] <shadow516> [censored]
[18:42] <shadow516> I can tell what's comming
[18:42] * shadow516 cowers at inf's 1337 skillz
[18:43] <Infinite> omg it does
[18:43] <Infinite> hahahaha
[18:43] <Infinite> bye shadow frown
Session Close: Mon Oct 10 18:43:34 2005
Note to self: Things that start with "* shadow516 slaps Infinite - Take that [censored]!" always end with "bash-3.00# ping -p 2b2b2b415448300d 172.131.40.24" frown


"We can categorically state that we have not released man-eating badgers into the area."

-UK military spokesman Major Mike Shearer
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
Heh, get yourself a good wireless router (Linksys WRT54G or WRT54GS) wink ...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Hey Testing,

did this help at all? The code i posted works. It also makes it one page instead of 2.

Joined: Sep 2005
Posts: 102
T
Testing Offline OP
UGN Member
OP Offline
UGN Member
T
Joined: Sep 2005
Posts: 102
SORRY, Haven't worked on it today at all. Life has gotten in the way. Just got back from training and will check it tonight. Thanks for the help with this!

Joined: Sep 2005
Posts: 102
T
Testing Offline OP
UGN Member
OP Offline
UGN Member
T
Joined: Sep 2005
Posts: 102
Sorry it has taken me so long. Been absolutely slammed. I have checked out your script you made. Works perfectly!

It did help on the fact I can see the script work now however it doesn't help me figure out what I was doing wrong. Either way at least I can see the script in action. Granted im now able to basically understand whats gonna happen without running every single script! WOOHOO the learning has begun!!


So bonehead question # 2001 comming up. in your script you have (!$cmd)

What does the ! do?

Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
basically ! means "if no" thus, (!$cmd) is "if no command" or "if command is empty"; I use the same in some of my scripts to do basically the same as if($action == "") (so that'd be (!$action))


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Not a bone headed question. I used this for about 10 scripts before I understood what was going on. lol It is funny how you can code something and truely have no clue how it works.


Code
if(!$cmd){
}
The above code say basically this. If the variable $cmd has nothing set to it or does not exist. Do the code between the curly brackets { and }.

Code
Line | Code
-----------------------------------
1    | if(!$cmd){
2    | }else if($cmd == "process_form"){
3    | }
You are now familar with Line 1. If $cmd has no value do what is inbetween { and }.

Line 2 we have
else if($cmd == "process_form"){

this is saying

else - $cmd has a value
if($cmd == - $cmd is a perfect match for (use 1 "=" for un perfect matches(not ideal for security))
"process_form" - the name that was passed in the $cmd variable.

and Line 3 I think you will get.

Now how do we set the $cmd value? Where did I get $cmd from?

First off $cmd can be anything. $cmd could easily be $deez_nuts or $action or anything you want it to be. To se the value you could use the form tag..
Code
<form action="http://somesite.com/form.php?cmd=process_form" method="POST">
notice the "?cmd=process_form."

You could also use a hidden input tag

Code
<input type="hidden" name="cmd" value="process_form">
or even a select element

Code
<select name="cmd">
 <option value="process_form">Process option 1</option>
 <option value="process_form2">Process option 2</option>
 <option value="process_form3">Process option 3</option>
</select>
Now you can get reall tricking and have this also...


Code
if(!$cmd){
   //provide a form
}else if($cmd == "process_form"){
   if(!$action){
        //do basic form process
   }else if($action == "advanced"){
       //do advance form process
   }//end action variables
}//end cmd variables
Just remeber to keep them nested and keep the code easy to read for yourself. Nothing suck more than trying to find that bug through 10,000 lines of code and it is all aligned left.

Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
You sound like you have some ideas as to what is going on. Let me make a sugestion. Give yourself a basic idea. Then code it. For example...

form asking for - name - rant - email

that sends to a PHP processor that takes the data and put it to the screen. Play with it, tweek it. understand it the build on it. I think when you start with an idea you want to make happen you will really see it all click. and do not feel you are ever buging me in here. You got a free pass man, I will answer any question you have because i know you will do the research and apply the answer.

happy coding.


Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5