Chris569x Chris569x - 4 months ago 98
PHP Question

My PHP Script is not processing correctly (new to PHP)

I tried to write a PHP script to automatically send an email with form inputs, but when it is called upon on submit, it is displaying the error I put in if you try to access the php directly.

Any help would be greatly appreciated, I am very new at this.

<form action="form-to-email.php" method="post" name="camper_registration" id="camper registration" ">
<label>Last Name*: </label>
<input name="lastname" type="text" id="lastname" required="required"/><br />
<label>First Name*: </label>
<input name="firstname" type="text" id="firstname" required="required"/><br />
<label>Middle Initial: </label>
<input type="text" name="initial" size=1 maxlength=1 /><br /><br />

<label>Street Address*: </label>
<input name="streetaddress" type="text" id="streetaddress" required="required"/><br />
<label>Address Line 2: </label><input type="text" name="addressline2" /><br />
<label>City*: </label>
<input name="city" type="text" id="city" required="required"/><br />
<label>State/Province/Region*: </label>
<input name="state" type="text" id="state" required="required"/><br />
<label>Zipcode*: </label>
<INPUT NAME="zip" input type="tel" SIZE=5 MAXLENGTH=5 onKeyPress="return numbersonly(this, event)" required="required"><br /><br />
<label>Youth's Email*: </label>
<input type="email" name="email" required="required"/><br /><br />
<label>Date of Birth*: </label>
<INPUT NAME="month" input type="tel" SIZE=2 MAXLENGTH=2 onKeyPress="return numbersonly(this, event)" required="required">/
<INPUT NAME="day" input type="tel" SIZE=2 MAXLENGTH=2 onKeyPress="return numbersonly(this, event)" required="required">/
<INPUT NAME="year" input type="tel" SIZE=4 MAXLENGTH=4 onKeyPress="return numbersonly(this, event)" required="required">

<SCRIPT TYPE="text/javascript">
autojump("month", "day", 2); autojump("day", "year", 2);
</SCRIPT>
<br /><br />
<label>Grade completed in<br /> Spring 2013*: </label>
<input type="tel" name="grade" size=2 maxlength=2 required="required"/><br /><br />
<label>Gender*:</label>
<input type="radio" name="gender" value="Male" required="required"> Male
<input type="radio" name="gender" value="Female" required="required"> Female <br /> <br />
<label>Parent/Guardian(s)*: </label>
<input name="guardian" type="text" id="guardian" required="required"/> <br /><br />
<label>Parent Phone*: </label>
(<INPUT NAME="areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">)
<INPUT NAME="cellphone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br />

<SCRIPT TYPE="text/javascript">
<!--
autojump("areacode", "cellphone", 3);
//-->
</SCRIPT>

<label>1st Emergency Contact*: </label>
<input name="emergency_contact_1" type="text" id="emergency_contact_1" required="required"/><br /><br />
<label>Contact Number*: </label>
(<INPUT NAME="emergency_contact_1_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">)
<INPUT NAME="emergency_contact_1_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br />

<SCRIPT TYPE="text/javascript">
<!--
autojump("emergency_contact_1_areacode", "emergency_contact_1_phone", 3);
//-->
</SCRIPT>

<label>2nd Emergency Contact*: </label>
<input name="emergency_contact_2" type="text" id="emergency_contact_2" required="required"/><br /><br />
<label>Contact Number*: </label>
(<INPUT NAME="emergency_contact_2_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">)
<INPUT NAME="emergency_contact_2_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br />

<SCRIPT TYPE="text/javascript">
<!--
autojump("emergency_contact_2_areacode", "emergency_contact_2_phone", 3);
//-->
</SCRIPT>

<label>Name of Home Church: </label>
<input type="text" name="home_church" /><br /><br />
<label>Phone Number: </label>
(<INPUT NAME="church_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)">)
<INPUT NAME="church_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)"><br />

<SCRIPT TYPE="text/javascript">
autojump("church_areacode", "church_phone", 3);
</SCRIPT>

<label>Contact Person: </label>
<input type="text" name="contact_person" /><br /><br />

<b>Special Needs</b><br /> Some campers may have needs that might require special attention from our staff; accessibility, health concerns, diet, allergies, etc. <br /><br />
<label>Please list any special needs: </label>
<textarea rows="10" cols="20" name="special_needs"> </textarea> <br /><br />
<label>T-Shirt Size*: </label>
<input type="radio" name="shirt_size" value="Small" required="required"> Small
<input type="radio" name="shirt size" value="Medium" required="required"> Medium
<input type="radio" name="shirt size" value="Large" required="required"> Large
<input type="radio" name="shirt size" value="XL" required="required"> XL
<input type="radio" name="shirt size" value="2XL" required="required"> 2XL<br /><br />

<b>Roommate</b><br /> There are double and many single occupancy dorm rooms at Grinnell college campus - if possible we will honor your request for ONE preferred roommate.<br /><br />
<label>Roommate Preference: </label>
<input type="text" name="roommate" /><br /><br />

<div id="satellites">
<b>Satellite Choices</b><br /> List your first, second, and third choices. You will be given your first choice if it is not full. ALL events have limited capacity. If you do not choose a satellite, one will be assigned for you. (<a href="satellites.htm"target="_blank">Satellite Choices</a>)<br />
<label>First Choice*: </label>
<input name="firstchoice" type="text" id="firstchoice" required="required"/><br />
<label>Second Choice*: </label>
<input name="secondchoice" type="text" id="secondchoice" required="required"/><br />
<label>Third Choice*: </label>
<input name="thirdchoice" type="text" id="thirdchoice" required="required"/><br /><br />
</div>

<p>
<b> Remember! </b><br />Please to fill out and bring the <a href="Camper_Health_History_and_Authorization_Form_2013.pdf">Health Form</a> <i>with you to camp</i>.<br /><br />
<b>Cost of SGU Camp July 8 - 12, 2013 $275 <br /></b> A $50 <i> non-refundable</i> fee is required to be registered. <br /> Due to the limited capacity of 400 campers, please note full payment is due by June 25th to ensure you have completed the registration process.
</p><br />

<input type="submit" value="Submit">
</form>


And here is the PHP

<?php
if(!isset($_POST['submit'])){
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
die;
}

$page = "camper.htm";
if (!ereg($page, $_SERVER['HTTP_REFERER'])){
echo "Invalid referer";
die;
}

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$initial = $_POST['initial'];
$streetaddress = $_POST['streetaddress'];
$addressline2 = $_POST['addressline2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];
$grade = $_POST['grade'];
$gender = $_POST['gender'];
$guardian = $_POST['guardian'];
$areacode = $_POST['areacode'];
$cellphone = $_POST['cellphone'];
$contact1 = $_POST['emergency_contact_1'];
$contact1areacode = $_POST['emergency_contact_1_areacode'];
$contact1phone = $_POST['emergency_contact_1_phone'];
$contact2 = $_POST['emergency_contact_2'];
$contact2areacode = $_POST['emergency_contact_2_areacode'];
$contact2phone = $_POST['emergency_contact_2_phone'];
$homechurch = $_POST['home_church'];
$churchareacode = $_POST['church_areacode'];
$churchphone = $_POST['church_phone'];
$contactperson = $_POST['contact_person'];
$specialneeds = $_POST['special_needs'];
$shirtsize = $_POST['shirt_size'];
$roommate = $_POST['roommate'];
$firstchoice = $_POST['firstchoice'];
$secondchoice = $_POST['secondchoice'];
$thirdchoice = $_POST['thirdchoice'];


//Validate first
if(IsInjected($visitor_email)){
echo "Bad email address!";
exit;
}

/*
Simple form validation
check to see if an email and message were entered */
if ($_POST['firstname'] == "" || $_POST['lastname'] == "" || $_POST['streetaddress'] == "" || $_POST['city'] == "" || $_POST['state'] == "" || $_POST['zip'] == "" || $_POST['email'] == "" || $_POST['month'] == "" || $_POST['day'] == "" || $_POST['year'] == "" || $_POST['grade'] == "" || $_POST['gender'] == "" || $_POST['guardian'] == "" || $_POST['areacode'] == "" || $_POST['cellphone'] == "" || $_POST['emergency_contact_1'] == "" || $_POST['emergency_contact_1_areacode'] == "" || $_POST['emergency_contact_1_phone'] == "" || $_POST['emergency_contact_2'] == "" || $_POST['emergency_contact_2_areacode'] == "" || $_POST['emergency_contact_2_phone'] == "" || $_POST['shirt_size'] == "" || $_POST['firstchoice'] == "" || $_POST['secondchoice'] == "" || $_POST['thirdchoice'] == "" ) {
echo "Please fill in all required boxes.";
}
else {
$email_from = 'cscholtens@marionmethodist.org';//<== update the email address
$email_subject = "New Registration";
$email_body = "You have received a new registration.\n".
"Camper: $firstname $initial $lastname \n".
"Address: $streetaddress \n".
"$addressline2 \n".
"$city, $state $zip \n".
"Email: $email \n".
"Date of Birth: $month/$day/$year \n".
"Grade Completed: $grade \n".
"Gender: $gender \n".
"Guardian: $guardian \n".
"Guardian Cell Phone: ($areacode) $cellphone \n".
"First Emergency Contact: $contact1 Contact Number: ($contact1areacode) $contact1phone \n".
"Second Emergency Contact: $contact2 Contact Number: ($contact2areacode) $contact2phone \n".
"Home Church: $homechurch Contact Number: ($churchareacode) $churchphone Contact Person: $contactperson \n".
"Special Needs: $specialneeds \n".
"T-Shirt Size: $shirtsize \n".
"Roommate Preference: $roommate \n".
"Satellite Preferences: 1.$firstchoice 2.$secondchoice 3.$thirdchoice \n".
" \n".

$to = "cscholtens@marionmethodist.org";//<== update the email address
$headers = "From: $email_from \r\n"; //Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: thanks2.htm');

// Function to validate against any email injection attempts
function IsInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)){
return true;
}
else{
return false;
}
}
}
?>

Answer

You need a better way to detect the form has been posted..

if($_SERVER['REQUEST_METHOD'] !== 'POST')
{
    //do error here
}

This returns POST when the form is submitted. You'll need to further validate it was YOUR form, but the only way to do that reliably is with a form-key.