[thelist] PHP_SELF / Contact Form

DAVOUD TOHIDY dtohidy at hotmail.com
Thu Jul 29 09:58:42 CDT 2010 

Hi,
I have an index.php file which is placing and replacing some pages such as contact page within itself dynamically using pId and a configuration file which contains an array like:
$mypages = array("0x12" => "contact.php",// etc.) 

// mypages/contact.php

I have a contact form and wrote the following to process and validate the form inside contact.php file :
<?php
error_reporting(6143);
if(isset($_POST['btnshoot'])) {

        $name = mysql_real_escape_string(htmlentities(strip_tags(stripslashes(trim($_POST['name'])))));
        $subject = mysql_real_escape_string(htmlentities(strip_tags(stripslashes(trim($_POST['subject'])))));
        $tel = mysql_real_escape_string(htmlentities(strip_tags(stripslashes(trim($_POST['tel'])))));
        $com = mysql_real_escape_string(htmlentities(strip_tags(stripslashes(trim($_POST['com'])))));
       $email = mysql_real_escape_string(htmlentities(strip_tags(stripslashes(trim($_POST['email'])))));
       $message = mysql_real_escape_string(htmlentities(strip_tags(stripslashes(trim($_POST['message'])))));
       $captcha = mysql_real_escape_string(htmlentities(strip_tags(stripslashes(trim($_POST['captcha'])))));

        $valid = true;
        $error = "";
        $errMsg = "";

       if(!preg_match("#^[a-zA-Z]+$#", $name)){
       $errMsg .="Invalid Entry, Please enter only letters";
       $valid = false;
       exit;
      
      } else if(strlen($name > 20)){
       $error.="Please enter a name less than 20 characters!<br />";
       $valid = false; 
       exit;
            
        } else if(!preg_match("#^[a-zA-Z]+$#", $subject)){
            $errMsg .="Invalid Entry, Please enter only letters";
            $valid = false;    
            exit;
        
        } else if(strlen($subject > 40)){
            $error.="Please enter a subject less than 40 characters!<br />";
            $valid = false;
            exit;

            } else if(!preg_match("#^[a-zA-Z0-9_]{1,}$#", $com)){
              $errMsg .="Invalid Entry, Please enter only letters and numbers";
              $valid = false;
              exit;

           } else if(strlen($com > 40)){
            $error.="Please enter less than 40 characters!<br />";
            $valid = false;
            exit;

          } else if(!preg_match("/^[2-9]{1}[0-9]{2}-[0-9]{3}-[0-9]{4}$/", $tel)){
            $errMsg .="Please enter a telephone number in xxx-xxx-xxxx format ";
            $valid = false;
            exit;
           } else if(strlen($tel <> 12)){

            $error.="Please enter 12 characters including dashes<br />";
            $valid = false;
            exit;

         } else if(!preg_match('/^[A-Z1-9][\w.+-]*@[\w.-]+\.[A-Z]{2,6}$/i', $email)){
            $errMsg.= "Invalid Entry, Please enter a valid email";
            $valid = false;
            exit;

        } else if($name == "" || $subject == "" || $tel == "" || $com == "" || $email == "" || $message == ""){
            $error.="None of the fields can be left blank. Please provide the information requested. <br />";
            $valid = false;
            exit;

       } else if(!preg_match('^[\w\.\?]+?$/', $message)){
            $errMsg.= "Invalid Entry, Please enter only words";
            $valid = false;
            exit;

      } else if(strlen($message > 400)){

             // sets max amount of characters in comments area (edit as nesesary)

            $message=substr($message, 0, 400).'...'; 
            $error .="We are sorry for inconvenience. Your message should not exceed 400 characters.<br />";
            $valid = false;
            exit;

     } else if(!preg_match("#^[a-zA-Z]+$#", $captcha)){

          $errMsg .="Invalid Entry, Please enter name of the image";
          $valid = false;
          exit;

   } else if (isset($_POST['btnshoot'])) {

                    $caperror = array();
                   if (!in_array(strtolower($_POST['captcha']), $aCaptcha[$_SESSION['captcha']])) {
                    $caperror['captcha'] = "<span style='color:red'>Name of the animal is not correct.</span>";
                    exit;
  }
  } else {
            header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
            header("Cache-Control: no-store, no-cache, must-revalidate");
            header("Cache-Control: post-check=0, pre-check=0", false);
            header("Pragma: no-cache");

   function remove_headers($string) {
                $headers = array(
                "/to\:/i",
                "/from\:/i",
                 "/bcc\:/i",
                 "/cc\:/i",
                  "/Content\-Transfer\-Encoding\:/i",
                 "/Content\-Type\:/i",
                 "/Mime\-Version\:/i" 
             ); 
                if(preg_replace($headers, '', $string) == $string) {
              return $string;
} else {
          die('.....');
}
}
$name = remove_headers($name);
$email = remove_headers($email);
$subject = remove_headers($subject);
$message = remove_headers($message);
$http_referrer = getenv( "HTTP_REFERER" );

$to = "myemail at hotmail.com";
$body = "This message was sent from:\n" . "$http_referrer\n\n" . "From: $name\n E-Mail: $email\n Message:\n $message";
$ret = mail($to, $subject, $body);

if($ret){
$feedback= "Thanks for contacting us. We've recieved your email. We will be in touch with you shortly.";
} else {

$errMsg.="Sorry There was a Problem. please try again <br />";

} 
}
}
?>
here it is the html:
<form name="mycontactForm"  action="&lt;?php $_SERVER['PHP_SELF']?&gt;" method="get">

I get the error : The requested URL /****/< was not found on this server.
and this is in the address bar : www.myurl.com/****/<?name=&subject=&tel=&com=&email=&message=&captcha=&btnSend=Send+Message

Could someone help me to debug this please?

Thanks
davoud

More information about the thelist mailing list