Submit Form Issue, Submitting a form action and form method Options

[KBM]

I'll try it and let you know how it works!

A couple of other things Is there a php version for the terms and conditions that you could add?
Also, I have been getting bots in the database. Is there anything that can be added to help that??

Thanks

[CharlesEF]

I'll try it and let you know how it works!

A couple of other things Is there a php version for the terms and conditions that you could add?
Also, I have been getting bots in the database. Is there anything that can be added to help that??

Thanks

I'm not sure I understand what you want. Do you mean terms and conditions that I use in my replies? I get my information from the online PHP manual located here. I also search the web for examples, when needed.

As for the bot problem you mention. I have never heard of bots being saved in a database.

[KBM]

I'll try it and let you know how it works!

A couple of other things Is there a php version for the terms and conditions that you could add?
Also, I have been getting bots in the database. Is there anything that can be added to help that??

Thanks

I'm not sure I understand what you want. Do you mean terms and conditions that I use in my replies? I get my information from the online PHP manual located here. I also search the web for examples, when needed.

As for the bot problem you mention. I have never heard of bots being saved in a database.

I mean the one like I had in the test_volunteer.php that was a javascript where the person must click a check box to agree to the terms before submitting. JavaScript can be disabled, therefore a php version would be better. We use a FileMaker database and a web application that submits directly in the FileMaker database. I do get bots there!!! Any thoughts? Also what is involved in taking care of the sql injection. Is this a process that be relatively easily added?

This post has been edited by KBM: Aug 26 2014, 06:35 PM

[CharlesEF]

Oh, I understand now. I will use the original files you posted, not the new ones. You have the checkbox defined as '<input name="Terms" type="checkbox" value="0">'. This means that the value of 0 is submitted when you submit the form. You would have to check for a blank value (or strlen = 0) to see if it is not checked, I will use the strlen method to match the empty rule. To do this you must add some code to your 'validator.php' script, you must also add the field and rule to your 'test_volunteer.php' script. (for some reason the code button is not working)

Add these lines to your 'test_volunteer.php' script:
$validator->add_field('Terms');
$validator->add_rule_to_field('Terms', array('checked'));

Add this code to your switch statement in the 'public function add_rule_to_field($field_name, $field_rule)' function of your 'validator.php' script.
case 'checked':
if(strlen($_POST[$field_name]) == 0)
{
$this->add_error_to_field($field_name, ucwords($field_name). " must be checked");
}
break;

You can change the 'must be checked' error message if you want. That should do it.

This post has been edited by CharlesEF: Aug 27 2014, 02:12 AM

[Christian J]

I do get bots there!!! Any thoughts?

Do you mean bots are able to access your database? Sounds like SQL injection to me. Or maybe you simply need to password protect the form (script) that accesses the database.

Also what is involved in taking care of the sql injection. Is this a process that be relatively easily added?

You should always add mysqli_real_escape_string in order to escape characters (such as quotes) before using data submitted by site visitors in an SQL statement. (Can't say if that's always enough though: this PHP manual commenter says that underscores and percent signs are not escaped by mysqli_real_escape_string, and that these characters are used in LIKE clauses, but that's beyond my SQL knowledge.)

[CharlesEF]

Christian J might be right, it could be SQL injection but I'm not sure either. If I could see the 2 missing scripts I mentioned before then I could make a better suggestion.

As for my checked code I posted. There is another way to do it that might be better because it does not depend on any value being sent. In the checked switch statement change this line of code:

CODE

if(strlen($_POST[$field_name]) == 0)

to

CODE

if(!isset($_POST[$field_name]))

This works because $_POST['Terms'] is sent when the checkbox is checked and not sent when it is not checked.

This post has been edited by CharlesEF: Aug 27 2014, 01:22 PM

[Christian J]

I do get bots there!!! Any thoughts?

Forgot to ask --in which way have you noticed the above?

[KBM]

Here is where I am.
1. The Form submits and the data enters into the database fine. However when it submits to the new_volunteer.php the page is white. If I refresh it posts the information again. Which may not be an issue because I need the submit to redirect to new_volunteer_orientation.php
2. The Terms and Conditions works great. Thanks
3. The Email (post 17) is not an issue as it will be sent when the orientation is submitted.
4. Here is another issue:
a. How do you place the "<input name="personal_DOB" type="text" value="<?php echo $_POST['personal_DOB']; ?>" id="personal_DOB">
on a drop down to get it to keep the information in the field if you have some fields that have not validated and you need to complete those fields?
When the page come up "text" fields continue to display the information that was put into them, but the "drop down's" are empty and you have to fill them again?

<input name="personal_DOB" type="text" value="<?php echo $_POST['personal_DOB']; ?>" id="personal_DOB">

I have attached a copy of the new_volunteer.php. Could you give it a look to see if there are any code issues before I launch it and place the redirect to the new_volunteer_orientation.php
Thanks for all your help!!!

[CharlesEF]

I see that you have the checkbox validation defined twice, you only need it once.

CODE

        
    $validator->add_field('Terms');
    $validator->add_rule_to_field('Terms', array('checked'));
        
    $validator->add_field('Terms');
    $validator->add_rule_to_field('Terms', array('checked'));

Also, I did not see this before because I had to comment out the code, but it appears there are 2 redirect commands:

CODE

        fmsRedirect('new_volunteer_orientation.php'.'?Profile_id='<$new_volunteer_row->getField('Profile_id'));
        //redirect to success pages
        header("Location: new_volunteer_orientation.php");
        exit();

I do not have the code for fmsRedirect(...) but it appears to redirect with a query string attached to the end of the URL. If this redirect works then you can delete the line 'header("Location: new_volunteer_orientation.php");'.
You asked about a <select> but your code shows an <input>, but here is a general idea:

CODE

<select id="timezone" name="timezone">
    <option value="0"<?php if($_POST['timezone'] == '0') echo(' selected="selected"');?>></option>
    <option value="Pacific/Midway"<?php if($_POST['timezone'] == 'Pacific/Midway') echo(' selected="selected"');?>>(UTC-11:00) Midway Island</option>
    <option value="Pacific/Samoa"<?php if($_POST['timezone'] == 'Pacific/Samoa') echo(' selected="selected"');?>>(UTC-11:00) Samoa</option>
</select>

Each <option> will need that PHP code snippet, unless you load the <select> from a database, in that case, there is another way to do it.

If you really need to redirect to another page and you want to keep the $_POST values then you will need to save the data in a SESSION array, like so, in test_volunteer.php:

CODE

    @session_start();
    $_SESSION['data'] = $_POST;

This code must be placed before the redirect command.
Then in, test_volunteer_submit.php, you need this type of code to read the array:

CODE

@session_start();
$test_volunteer_fields = array('name_first'=>$_SESSION['data']['name_first'],'name_last'=>$_SESSION['data']['name_last'],'orientation_key'=>$_SESSION['data']['orientation_key'],'terms'=>$_SESSION['data']['Terms'],'email'=>$_SESSION['data']['email']);
foreach($test_volunteer_fields as $key=>$value) {
echo($key . '=' . $value . '<br>');
}
unset($_SESSION['data']); // To destroy the array

The key names are case sensitive, so be careful (like the name 'Terms'). I can't tell you why you get a white page, I have to comment out most of your code to run it on my computer because of the missing PHP script files.

This post has been edited by CharlesEF: Aug 27 2014, 11:07 PM

[KBM]

#1 You asked if this code needed to be with the validation for new_volunteer.php. (post 20) I think it does. I used the test version and used the FM redirect and redirected it to the new_volunteer_orientation.php and it worked, so my guess is that this code needs to be within the validation. So how do I put it within the validation? Could you redo the code so its within the validation so that I can make the changes or paste your changes to the page. As always thanks for all your help. while I am not a programmer, I am learning as we go! THANKS!!!

#2 Session Array - I did a version of the new_volunteer_submit with the Sessions in it. Was having issues so I put the original back. I have attached both files (new_volunteer.php and new_volunteer_submit.php. for you to look at. Let me know if that is what you where looking for on the submit page (PS line 11 of the submit has an error!!)

Thanks

$new_volunteer_find = $Vol_Web->newFindCommand('Profile');
$new_volunteer_findCriterions = array('Profile_id'=>'*',);
foreach($new_volunteer_findCriterions as $key=>$value)
{
$new_volunteer_find->AddFindCriterion($key,$value);
}
$Positions_find = $Vol_Web->newFindCommand('Position');
$Positions_findCriterions = array('PosID'=>$posID,);
foreach($Positions_findCriterions as $key=>$value)
{
$Positions_find->AddFindCriterion($key,$value);
}
fmsSetPage($new_volunteer_find,'new_volunteer',10);
fmsSetPage($Positions_find,'Positions',10);
$new_volunteer_result = $new_volunteer_find->execute();
$Positions_result = $Positions_find->execute();
if(FileMaker::isError($new_volunteer_result)) fmsTrapError($new_volunteer_result,"error.php");
if(FileMaker::isError($Positions_result)) fmsTrapError($Positions_result,"error.php");
fmsSetLastPage($new_volunteer_result,'new_volunteer',10);
fmsSetLastPage($Positions_result,'Positions',10);
$new_volunteer_row = current($new_volunteer_result->getRecords());
$new_volunteer__ApplicationProcess_portal = fmsRelatedRecord($new_volunteer_row, 'Application_Process');
$new_volunteer__Logo_portal = fmsRelatedRecord($new_volunteer_row, 'Logo');
$new_volunteer__Volunteerarchive_portal = fmsRelatedRecord($new_volunteer_row, 'Volunteer_archive');
$Positions_row = current($Positions_result->getRecords());
$Positions__Profile_portal = fmsRelatedRecord($Positions_row, 'Profile');

[CharlesEF]

The validation and post code is contained within 2 if statements (an if inside another if), like this:

CODE

if($_POST)
{
    $validator->add_field('name_first');
    $validator->add_rule_to_field('name_first', array('min_length', 2));
    $validator->add_rule_to_field('name_first', array('empty'));
    .......
    .......
    .......
    $validator->add_field('Terms');
    $validator->add_rule_to_field('Terms', array('checked'));
    //check errors
    if($validator->form_valid())
    {
        $test_volunteer_add = $Vol_Web->newAddCommand('Profile');
        $test_volunteer_fields = array('name_first'=>$_REQUEST['name_first'],'name_last'=>$_REQUEST['name_last'],'orientation_key'=>$_REQUEST['orientation_key'],'Terms'=>$_REQUEST['Terms'],'email'=>$_REQUEST['email'],);
        .......
        .......
        header("Location: test_volunteer_submit.php");
        exit();
    }
}

Any validation code needed should be placed in the 1st if section, 'if($_POST)'. Any code needed to run after validation passes should be placed in the inner if section, 'if($validator->form_valid())'.
I do not see any new attached files in this post, or are you talking about the versions you posted before?

[KBM]

OOPS - here are the attachments
Thanks

[CharlesEF]

Ok, I moved the code to run after validation and before the existing code that was there. You forgot the SESSION code needed in 'new_volunteer.php' so I put it in. There was a syntax error in 'new_volunteer_submit.php' which I fixed.

I sees that 'new_volunteer_submit.php' will redirect to 'new_volunteer_orientation.php'. Do you want the $_SESSION['data'] values available to that script also? If yes then you must comment out the unset command in 'new_volunteer_submit.php'. And you should copy that unset command line to 'new_volunteer_orientation.php'. You only want to destroy the SESSION data when all your scripts are done.

Try it out, see how it goes.

 new_volunteer.php ( 55.14k ) Number of downloads: 283
 new_volunteer_submit.php ( 6.65k ) Number of downloads: 302

[KBM]

I tried the new_volunteer.php and no fields show on the page. I did have some dreamweaver errors, but perhaps some code was omitted when adjustments were made. I copied the center section, which was the FileMaker code and that corrected the dreamweaver issue, but the page still does not show fields. I attached the new page with my changes. I also included the link below so you cold take a look at the page . Again thanks, while I am not a programmer, I am learning a great deal. I have a great appreciation for your help and skills. Thanks!



https://kbmssl.c7.ixsecure.com/fm9web/vol_w...w_volunteer.php

This post has been edited by KBM: Sep 1 2014, 09:27 AM

[CharlesEF]

First, are you sure it is new_volunteer.php that is failing? The reason I ask is because your 'new_volunteer.php' script calls another script which in turn calls another script. What is the address located in the address bar after the blank page. The link you posted shows a web page this is partly built. If you do a 'view source' you will see that some of the web page is defined. It does not finish and that's more likely where your PHP error is

[KBM]

First, are you sure it is new_volunteer.php that is failing? The reason I ask is because your 'new_volunteer.php' script calls another script which in turn calls another script. What is the address located in the address bar after the blank page. The link you posted shows a web page this is partly built. If you do a 'view source' you will see that some of the web page is defined. It does not finish and that's more likely where your PHP error is

I'm pretty sure. if you open the attached php file, that is the one that the link is viewing. I'm think the issues is there. Maybe there is scripting there that is cutting it off. Let me know if that php file is the issue.

This post has been edited by KBM: Sep 2 2014, 03:16 PM

[CharlesEF]

The error was on this line:

CODE

<?php $validator->output_all_field_errors();?>

, it should be like this:

CODE

<?php if($_POST) $validator->output_all_field_errors();?>

$validator is only valid during a submit process. I re-arranged the code a little, it is hard for me to know the flow of data that you need because I don't have access to the functions used by your script. Anyway, try it out and let me know.

 new_volunteer1.php ( 55.43k ) Number of downloads: 360

[KBM]

The error was on this line:

CODE

<?php $validator->output_all_field_errors();?>

, it should be like this:

CODE

<?php if($_POST) $validator->output_all_field_errors();?>

$validator is only valid during a submit process. I re-arranged the code a little, it is hard for me to know the flow of data that you need because I don't have access to the functions used by your script. Anyway, try it out and let me know.

 new_volunteer1.php ( 55.43k ) Number of downloads: 360

Here is what your revised new_volunteer.php looks like. https://kbmssl.c7.ixsecure.com/fm9web/vol_w...w_volunteer.php Could you describe what "I don't have access to the functions used by your script. " Maybe that will help me know a little more what you are looking for. Here is another link, same page, but for return volunteers fi that helps. Thanks


https://kbmssl.c7.ixsecure.com/fm9web/vol_w...n_volunteer.php

By the way, I attached a jpeg of the injection I am getting. Is this sql injection or bots?

This post has been edited by KBM: Sep 2 2014, 07:48 PM

[CharlesEF]

Your script uses functions like fmsSetPage(), fmsSetLastPage() and fmsRelatedRecord() but I don't have the script files where those functions are defined. They might be in 'FileMaker.php' and 'FMStudio_v2/FMStudio_Tools.php'.

As for your error, the page stops loading when it gets to this PHP script:

CODE

<?php
foreach(fmsValueListItems2($Vol_Web,'Profile','YES/NO',$new_volunteer_row->getField('crime_conviction'),null,"") as $list_item) {
  if(html_entity_decode($list_item[0]) == "") {
    echo "<option value=\"{$list_item[0]}\" selected=\"selected\">{$list_item[1]}</option>\n";
  } else {
    echo "<option value=\"{$list_item[0]}\">{$list_item[1]}</option>\n";
  }
}
fmsValueListCustomChoice(null);
?>

This script appears to be used several times in your page. I can only check the syntax of the code, I have no idea if you are using the functions correctly (like passing 6 parameters with the function call to fmsValueListItems2()). Now, on my computer I would expect this code to stop because I'm missing the supporting script files.

Also, your thumbnail looks like a bot attack to me.

This post has been edited by CharlesEF: Sep 2 2014, 08:37 PM

[CharlesEF]

1 question, the PHP snippet I posted before appears to be used to populate several <select> lists. I'm not sure I understand this part, '$new_volunteer_row->getField('crime_conviction')'. When the page first loads I do not think there is a $new_volunteer_row, yet.

Maybe you want the select list to have general items, so get rid of $new_volunteer_row?