Check code for errors

This is where you share YOUR scripts with others

Moderators: macek, egami, gesf

liberate
New php-forum User
New php-forum User
Posts: 2
Joined: Mon Feb 11, 2013 8:04 am

Check code for errors

Postby liberate » Mon Feb 11, 2013 8:25 am

Hi everyone.

Anyone willing to help out a newbie in need?

// Backgroud info
Form_1 would work perfectly except it contains Sensitive Data that would be revealed through "View Source" and a form is unable do 2 actions. php to the rescue.

// Lets name this Form_1
<form method=post action=http://example.com/signup.php>
<input type=hidden name=list value=2>
<input type=hidden name=data1 value=Foo_Bar>
<input type=hidden name=data2 value=Sensitive Data2>
<input type=hidden name=data3 value=Sensitive Data3>
<input type=hidden name=data4 value=Sensitive Data4>
First Name: <input type=text name=firstname>
Last Name: <input type=text name=lastname>
Email: <input type=text name=email>
<input type=submit name=sup value="Subscribe">
</form>


So instead I want to create php to:
- Retrieve values from Form_2
- Retrieve data from mysql based on data1 (Foo_Bar)
- Submit a form inside php as if Form_1 had been used, containing both the form values and the retrieved mysql data
- Send an email


// Lets name this Form_2
<form method=post action=http://example.com/Stage1_signup.php>
<input type=hidden name=list value=2>
<input type=hidden name=data1 value=Foo_Bar> // data1 = Foo_Bar
First Name: <input type=text name=firstname>
Last Name: <input type=text name=lastname>
Email: <input type=text name=email>
<input type=submit name=sup value="Subscribe">
</form>


Stage1_signup.php

Code: Select all

<?php

// Please Note: I do not know php code, at best I can only follow the logic of it.
// Some of this came from a previous application.
// Also keep in mind what I need to add for security reasons.


// code to make Form_2 values  $data1 $firstname $lastname $list and $email  available to Stage1_signup.php

if (isset($_POST['submit'])) {
   
$list = $_POST['list'];
$data1 = $_POST['data1'];             
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
}

//connect to database

function dbc() {
   
   mysql_connect("localhost","username","password");
   mysql_select_db("dbase");
}


//  Retreive data from mysql based on data1 Foo_Bar

dbc();

$row = mysql_query("select data1,data2,data3,data4 from users where list = 1 and cnf = 1 and data1 = '".addslashes($data1)."';");   // In this case Foo_Bar
list($data1,$data2,$data3,$data4)=mysql_fetch_row($row);


// code to send all values form Form_2 and all values retrieved from mysql to signup.php as if they were sent by Form_1 

// This code is courtesy of  http://www.html-form-guide.com/php-form/php-form-submit.html

//create array of data to be posted

$post_data['list'] = '$list';
$post_data['data1'] = '$data1';
$post_data['data2'] = '$data2';                               
$post_data['data3'] = '$data3';
$post_data['data4'] = '$data4';
$post_data['firstname'] = '$firstname';
$post_data['lastname'] = '$lastname';
$post_data['email'] = '$email';


//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
$post_items[] = $key . '=' . $value;
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);

//create cURL connection
$curl_connection =
curl_init('http://www.example.com/signup.php');

//set options
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT,
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");  // supposed to be common used - update to MSIE 9.0; Windows 7
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);

//set data to be posted
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);

//perform our request
$result = curl_exec($curl_connection);

//show information regarding the request 
print_r(curl_getinfo($curl_connection));    // Should this be removed? - Who's printer does it print on?
echo curl_errno($curl_connection) . '-' .   //  Should this be removed?  - Who sees this?
curl_error($curl_connection);                  //  Should this be removed?

//close the connection
curl_close($curl_connection);


// code to send mail to $data2, an email address retrieved from mysql

$to = "$data2";   

$subject = "Form Submitted"; 

$message = "$firstname, $lastname, $email"; 

$from = "no_reply@email.com";   // Remove if not needed

$headers = "From: $from"; 

mail($to,$subject,$message,$headers); 

 ?>


Thank you in advance for your help. I wish I had studied programming over 30 years ago, it's a bit late for me now. I love the logic of php, the details are just "over my head".

Best Regards
Tom

liberate
New php-forum User
New php-forum User
Posts: 2
Joined: Mon Feb 11, 2013 8:04 am

Re: Check code for errors

Postby liberate » Tue Feb 19, 2013 4:56 pm

Completed it.

Used a different method.

Code: Select all

<?php

if($list=='2'){

$link = mysqli_connect("             ");
                                                                                                                                           
$row = mysql_query("select user2,user4,user5,user6,user10 from lm_users where list = '1' and user2 = '$user2'"); 

list($user2,$user4,$user5,$user6,$user10)=mysql_fetch_row($row);   

$sql = "Update lm_users SET user4='$user4', user5='$user5', user6='$user6', user7='$user2', user10='$user10' WHERE list = '2' and uid = '$uid'";

mysql_query($sql);

 $to = "$user6";   

 $subject = "Form Submitted"; 

 $message = "$fname, $lname, $email, $user1"; 

 $from = "foobar@mail.com";   

 $headers = "From: $from"; 

 mail($to,$subject,$message,$headers); 

 mysqli_close($link);

}

?>


Return to “Your Scripts”

Who is online

Users browsing this forum: No registered users and 1 guest

cron