unplugged_web Posted August 20, 2008 Share Posted August 20, 2008 I wonder if somebody could help me please. I'm trying to get a security image to work on a form, but the form is being sent without the image being checked. I think that it's got something to do with: class CJoinForm extends CHtmlBlock{ var $message = ""; var $login = ""; function init() { global $g; global $l; global $gc; $name = get_param("join_handle", ""); $pass = get_param("join_password", ""); $pass2 = get_param("verify_password", ""); $mail = get_param("email", ""); $mail2 = get_param("verify_email", ""); $captcha = get_param("code", ""); $this->message = ""; if (strtoupper($captcha) != $_SESSION['code']) { $this->message .= $l['join.php']['incorrect_security_code'] . "<br>"; } if (strlen($name) < 4 or strlen($name) > 20 or strpos($name, "'") !== false) { $this->message .= $l['join.php']['another_username'] . "<br>"; } if ($mail != $mail2 or strlen($mail) > 100 or !preg_match("/^[a-zA-Z-_\.0-9]{1,100}@[a-zA-Z-_\.0-9]{1,100}\.[a-zA-Z-_\.0-9]{1,100}$/", $mail)) { $this->message .= $l['join.php']['incorrect_email'] . "<br>"; } if ($pass != $pass2 or strlen($pass) > 15 or strlen($pass) < 6 or strpos($pass, "'") !== false) { $this->message .= $l['join.php']['incorrect_password'] . "<br>"; } if (DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . ";") != "") { $this->message .= $l['join.php']['exists_username'] . "<br>"; } if (DB::result("SELECT user_id FROM user WHERE mail=" . to_sql($mail, "Text") . ";") != "") { $this->message .= $l['join.php']['exists_email'] . "<br>"; } $month = (int) get_param("month", 1); $day = (int) get_param("day", 1); $year = (int) get_param("year", 1980); if ($month < 1 or $month > 12 or $day < 1 or $day > 31 or $year < 1906 or $year > date("Y") - $g['options']['users_age'] + 1) { $this->message .= $l['join.php']['incorrect_date'] . "<br>"; } if ($this->message == "") { set_session("j_name", $name); set_session("j_password", $pass); set_session("j_mail", $mail); set_session("j_month", $month); set_session("j_day", $day); set_session("j_year", $year); set_session("j_country", get_param("country", 1)); set_session("j_orientation", get_param("orientation", 1)); if ($g['options']['fast_join'] == "N" and isset($gc) and $gc) redirect("join_space.php"); elseif ($g['options']['fast_join'] == "N") redirect("join2.php"); else { $this->add_user(); #echo get_session("user_id"); redirect("profile.php"); } } } function add_user() { $partner = (int) get_session("partner"); global $g; DB::execute(" UPDATE partner SET account=(account+" . to_sql($g['options']['partner_price_user'], "Number") . "), summary=(summary+" . to_sql($g['options']['partner_price_user'], "Number") . "), count_users=(count_users+1) WHERE partner_id=" . $partner . " "); $p_partner = DB::result("SELECT p_partner FROM partner WHERE partner_id=" . $partner . ""); $plus = ($g['options']['partner_percent_ref'] / 100) * $g['options']['partner_price_user']; DB::execute(" UPDATE partner SET account=(account+" . $plus . "), summary=(summary+" . $plus . ") WHERE partner_id='" . $p_partner . "' "); $country = DB::result("SELECT country_title FROM geo_country WHERE country_id=" . to_sql(get_session("j_country"), "Number") . ""); DB::execute("INSERT INTO email SET mail=" . to_sql(get_session("j_mail"), "Text") . ""); DB::execute(" INSERT INTO user SET partner=" . $partner . ", gold_days=30, name=" . to_sql(get_session("j_name"), "Text") . ", orientation=" . to_sql(get_session("j_orientation"), "Number") . ", p_orientation=" . to_sql(DB::result("SELECT search FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Number") . ", gender=" . to_sql(DB::result("SELECT gender FROM const_orientation WHERE id=" . to_sql(get_session("j_orientation"), "Number")), "Text") . ", mail=" . to_sql(get_session("j_mail"), "Text") . ", password=" . to_sql($g['options']['md5'] == "Y" ? md5(get_session("j_password")) : get_session("j_password"), "Text") . ", country_id=" . to_sql(get_session("j_country"), "Number") . ", country=" . to_sql($country, "Text") . ", birth=" . to_sql(get_session("j_year") . "-" . get_session("j_month") . "-" . get_session("j_day"), "Text") . ", horoscope=" . to_sql(zodiac(get_session("j_year") . "-" . get_session("j_month") . "-" . get_session("j_day")), "Number") . ", p_horoscope=0, active='Y', active_code='', hide_time='0', register='" . date('Y-m-d H:i:s') . "', last_visit='" . date('Y-m-d H:i:s') . "', last_ip='', set_email_mail='2', set_email_interest='2' "); global $user_id; $user_id = DB::insert_id(); DB::execute(" INSERT INTO userinfo SET user_id=" . $user_id . " "); DB::execute(" INSERT INTO userpartner SET user_id=" . $user_id . " "); DB::execute("DELETE FROM zforum_users WHERE id=".$user_id.";"); DB::execute(" INSERT INTO zforum_users (id,username, group_id, password, email, email_setting, save_pass, registered) VALUES(". $user_id.",". to_sql(get_session("j_name"), "Text"). ", 4, ". to_sql(get_session("j_password"), "Text"). ", ". to_sql(get_session("j_mail"), "Text"). ", 1 , 1 ,1". ");" ); ini_set("sendmail_from", " info@dateorchat.com "); $subject = DB::result("SELECT subject FROM email_auto WHERE note='join'"); $text = DB::result("SELECT text FROM email_auto WHERE note='join'"); $subject = str_replace("{title}", $g['main']['title'], $subject); $text = str_replace("{title}", $g['main']['title'], $text); $text = str_replace("{name}", get_session("j_name"), $text); $text = str_replace("{password}", get_session("j_password"), $text); send_mail( get_session("j_mail"), $g['main']['info_mail'], $subject, $text ); #session_unset(); set_session("user_id", $user_id); set_session("user_id_verify", $user_id); } function parseBlock(&$html) { global $g; global $g_info; global $l; foreach ($g_info as $k => $v) $html->setvar($k, $v); $name = get_param("join_handle", ""); $pass = get_param("join_password", ""); $pass2 = get_param("verify_password", ""); $mail = get_param("email", ""); $mail2 = get_param("verify_email", ""); $captcha = get_param("code", ""); $html->setvar("join_handle", $name); $html->setvar("join_password", $pass); $html->setvar("verify_password", $pass2); $html->setvar("email", $mail); $html->setvar("verify_email", $mail2); $html->setvar("code", $captcha); if ($name != "") $html->setvar("join_message", $this->message); $m = array( 1 => isset($l['all']['january']) ? $l['all']['january'] : 'January', 2 => isset($l['all']['february']) ? $l['all']['february'] : 'February', 3 => isset($l['all']['march']) ? $l['all']['march'] : 'March', 4 => isset($l['all']['april']) ? $l['all']['april'] : 'April', 5 => isset($l['all']['may']) ? $l['all']['may'] : 'May', 6 => isset($l['all']['june']) ? $l['all']['june'] : 'June', 7 => isset($l['all']['july']) ? $l['all']['july'] : 'July', 8 => isset($l['all']['august']) ? $l['all']['august'] : 'August', 9 => isset($l['all']['september']) ? $l['all']['september'] : 'September', 10 => isset($l['all']['october']) ? $l['all']['october'] : 'October', 11 => isset($l['all']['november']) ? $l['all']['november'] : 'November', 12 => isset($l['all']['december']) ? $l['all']['december'] : 'December', ); $html->setvar("month_options", h_options($m, get_param("month", 1))); $html->setvar("day_options", n_options(1, 31, get_param("day", 1))); $html->setvar("year_options", n_options(date("Y") - $g['options']['users_age_max'], date("Y") - $g['options']['users_age'] + 1, get_param("year", date("Y") - $g['options']['users_age']))); $html->setvar("country_options", DB::db_options("SELECT country_id, country_title FROM geo_country WHERE country_id in (1,2,3)" , 3) . DB::db_options("SELECT country_id, country_title FROM geo_country ORDER BY country_title" , "")); $html->setvar("orientation_options", DB::db_options("SELECT id, title FROM const_orientation", get_param("orientation", ""))); parent::parseBlock($html); }} but if (strtoupper($captcha) != $_SESSION['code']) { $this->message .= $l['join.php']['incorrect_security_code'] . "<br>"; } in particular.If I suppress the E_NOTICE errors then the page loads otherwise I just get an error saying the 'code' is an undefined index. I've searched through the site and can't find a get_param functionThis is at the bottom of the page: $page = new CIndex("", $g['tmpl']['dir_tmpl_main'] . "jointest.html");$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header.php");$page->add($header);$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.php");$page->add($footer);$register = new CJoinForm("join", null);$page->add($register); I know what $header and $footer refer to but am not sure about $register. Thanks Link to comment Share on other sites More sharing options...
justsomeguy Posted August 20, 2008 Share Posted August 20, 2008 If $_SESSION['code'] is not set (if that's the line the notice is complaining about) then it sounds like the captcha isn't being saved when it's being printed on the form. I don't see in the code there where it's creating the captcha code, adding the image to the form, and saving the code in the session. That's probably somewhere else. Link to comment Share on other sites More sharing options...
unplugged_web Posted August 21, 2008 Author Share Posted August 21, 2008 If $_SESSION['code'] is not set (if that's the line the notice is complaining about) then it sounds like the captcha isn't being saved when it's being printed on the form. I don't see in the code there where it's creating the captcha code, adding the image to the form, and saving the code in the session. That's probably somewhere else.The actual form itself is:<form name="JoinForm" method="post" action="{url_main}join.php" onsubmit="return validateJoinForm();"> <div class="signup_header_big" style="padding-top: 15px; padding-right: 14px; text-align: right; background-image: url({url_tmpl_main}images/join_top.jpg); background-repeat: no-repeat;">Sign up for free! </div> <div id="join" style="padding-bottom: 10px; padding-top: 5px; background-image: url({url_tmpl_main}images/join_content.jpg);"> <div style="color: #FF0000; font-weight: bold; font-size: 11px; padding-right: 10px;">{join_message}</div><br /> <label for="username">{l_username}:</label><input type="text" id="username" name="join_handle" value="{join_handle}" /><br /> <label for="create-password">{l_create_password}:</label><input type="password" id="create-password" name="join_password" value="{join_password}" /><br /> <label for="re-password">{l_reenter_password}:</label><input type="password" id="re-password" name="verify_password" value="{join_password}" /><br /> <label for="email">{l_email}:</label><input type="text" id="email" name="email" value="{email}" /><br /> <label for="re-email">{l_reemail}:</label><input type="text" id="re-email" name="verify_email" value="{email}" /><br /> <label for="iam">{l_i_am}:</label> <select name="orientation" id="iam"> {orientation_options} </select> <br /> <label for="from">{l_from}:</label> <select name="country" id="from"> <option value="-1" selected="selected">{l_country_select}</option> {country_options} </select> <br /> <label for="month">{l_born_on}:</label> <select name="month" id="month" onchange="updateDay('month','JoinForm','year','month','day')"> {month_options} </select> <select name="day" id="day"> {day_options} </select> <select name="year" id="year" onchange="updateDay('year','JoinForm','year','month','day')"> {year_options} </select> <br /> </div> <div id="terms" style="padding-right: 10px; width: 352px; background-image: url({url_tmpl_main}images/join_content.jpg);"><input name="privacy_policy" type="checkbox" value="true" id="agree" checked> <label for="agree"> {l_i_agree} <a href="java script:winpop('{url_tmpl_main}popup/term_cond.html','960','600','yes');">{l_terms_and_conditions}</a> and <a href="java script:winpop('{url_tmpl_main}popup/priv_policy.html','960','600','yes');">{l_privacy_policy}</a> <br /></label><div id="security" style="padding: 5px 0 5px 0;"><img src="../../../Code/security-image.php?width=180" width="180" height="60" alt="Security Image" /></div> <label for="code">Enter the characters shown above: </label><input type="text" name="code" id="code" value="{code}" /></div><div id="terms" style="padding-right: 10px; height: 50px; width: 352px; background-image: url({url_tmpl_main}images/join_bottom.jpg); background-repeat: no-repeat;"><input type="button" value="" onclick="submitJoinForm();" class="button-join" style=" margin-right: 13px; margin-top: 5px; cursor: pointer; cursor: hand;" /></div> </form> It has a JavaScript validator which is: <script language="JavaScript" type="text/javascript"> function onValidateJoinForm() { var form = document.forms['JoinForm']; if (!(validateRequiredField(form['join_handle'], '{l_username}'))) { return false; } if (!(validateMinLength(form['join_handle'], '{l_username}','4'))) { return false; } if (!(validateMaxLength(form['join_handle'], '{l_username}','20'))) { return false; } if (!(validateAlphaNumeric(form['join_handle'], '{l_username}'))) { return false; } if (!(validateRequiredField(form['join_handle'], '{l_username}'))) { return false; } if (!(validateMinLength(form['join_handle'], '{l_username}','4'))) { return false; } if (!(validateMaxLength(form['join_handle'], '{l_username}','20'))) { return false; } if (!(validateAlphaNumeric(form['join_handle'], '{l_username}'))) { return false; } if (!(validateRequiredField(form['join_password'], '{l_password}'))) { return false; } if (!(validateMinLength(form['join_password'], '{l_password}','6'))) { return false; } if (!(validateMaxLength(form['join_password'], '{l_password}','15'))) { return false; } if (!(validateAlphaNumeric(form['join_password'], '{l_password}'))) { return false; } if (!(validateRequiredField(form['join_password'], '{l_password}'))) { return false; } if (!(validateMinLength(form['join_password'], '{l_password}','6'))) { return false; } if (!(validateMaxLength(form['join_password'], '{l_password}','15'))) { return false; } if (!(validateAlphaNumeric(form['join_password'], '{l_password}'))) { return false; } if (!(validateNotTwoFields(form['join_password'],'{l_password}',form['join_handle'],'{l_username}'))) { return false; } if (!(validateTwoFields(form['verify_password'],'{l_verify_password}',form['join_password'],'{l_password}'))) { return false; } if (!(validateRequiredField(form['email'], '{l_email_address}'))) { return false; } if (!(validateMaxLength(form['email'], '{l_email_address}','100'))) { return false; } if (!(validateEmailField(form['email'], '{l_email_address}'))) { return false; } if (!(validateRequiredField(form['verify_email'], '{l_verify_email}'))) { return false; } if (!(validateMaxLength(form['verify_email'], '{l_verify_email}','100'))) { return false; } if (!(validateEmailField(form['verify_email'], '{l_verify_email}'))) { return false; } if (!(validateTwoFields(form['verify_email'],'{l_verify_email}',form['email'],'{l_email_address}'))) { return false; } if (!(validateRequiredSelect(form['orientation'],'{l_orientation}','00'))) { return false; } if (!(validateRequiredField(form['orientation'], '{l_orientation}', '00'))) { return false; } if (!(validateRequiredSelect(form['country'],'{l_country}','-1'))) { return false; } if (!(validateRequiredField(form['country'], '{l_country}', '-1'))) { return false; } if (!(validateRequiredField(form['month'], '{l_month}'))) { return false; } if (!(validateRequiredField(form['day'], '{l_day}'))) { return false; } if (!(validateRequiredField(form['year'], '{l_year}'))) { return false; } if (!(validateRequiredCheckbox(form['privacy_policy'],'','{l_agree_privete_policy}'))) { return false; } if (!(validateRequiredField(form['code'], 'The security code'))) { return false; } return true; } function validateJoinForm() { blockSubmission = true; if (typeof beforeJoinFormValidation != 'undefined') { beforeJoinFormValidation(); } var validated = onValidateJoinForm(); if (validated && (typeof uponSuccessfulJoinFormValidation != 'undefined')) { validated = uponSuccessfulJoinFormValidation(); } else if (!validated && (typeof uponUnsuccessfulJoinFormValidation != 'undefined')) { uponUnsuccessfulJoinFormValidation(); } if (!validated) { } return validated; } function submitJoinForm() { if (validateJoinForm()) document.JoinForm.submit(); else return false; } </script> but that's it there's nothing else that I can find. Link to comment Share on other sites More sharing options...
unplugged_web Posted August 21, 2008 Author Share Posted August 21, 2008 Okay, here's where I hold my hands up in embarrassment. I've just noticed a spelling mistake in the html form so the results where being sent to the wrong page. I've changed it and it now works. Sorry. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.