I have a page i created for school, its an online senior serperlative submition page (http://your-space.awardspace.com/senior) and for some reason the process.php page won't work right it just bypasses all the lenght checks and goes straight to creating the file and e-mailing the file :/
Index.php Page:
Process.php page:
Index.php Page:
Code:
<?php
include("../include/session.php");
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="StyleSheet" type="text/css" href="style.css">
<script type="text/JavaScript">
<!--
function ismaxlength(obj){
var mlength=obj.getAttribute? parseInt(obj.getAttribute("maxlength")) : "";
if (obj.getAttribute && obj.value.length>mlength){
obj.value=obj.value.substring(0,mlength)
}
}
// -->
</script>
</head>
<body leftmargin="0" marginwidth="0" topmargin="0" marginheight="0">
<table width="574" border="0" align="center" cellpadding="0" cellspacing="0" summary="">
<tr>
<td colspan="3"><img src="images/index_01.jpg" border="0" width="574" height="13" alt=""></td>
</tr>
<tr>
<td width="13" style="background:url(images/index_02.jpg);"></td>
<td width="548">
<table width="548" border="0" align="center" cellpadding="0" cellspacing="0" summary="">
<tr>
<td width="24" style="background:url(images/index_06.jpg);"></td>
<td width="499" style="background-color:#cac6ab">
<table width="499" border="0" cellpadding="2" cellspacing="0" >
<tr>
<td colspan="2" align="center">
<?php
if($session->logged_in){
?>
<a href="http://your-space.awardspace.com/index.php">Home</a> |
<a href="http://your-space.awardspace.com/process.php">Log Out</a> |
<a href="http://your-space.awardspace.com/index.php?action=user">User Abilities</a> |
<?php
if($session->isAdmin()){
echo "<a href=\"http://your-space.awardspace.com/index.php?action=admin\">Admin Center</a> | ";
}
?>
<a href="http://your-space.awardspace.com/index.php?action=faq">FAQ</a> |
<a href="http://your-space.awardspace.com/index.php?action=contact">Contact</a> |
<a href="http://your-space.awardspace.com/index.php?action=links">Links</a>
<?
}else{
?>
<a href="http://your-space.awardspace.com/index.php">Home</a> |
<a href="http://your-space.awardspace.com/index.php?action=login">Login</a> |
<a href="http://your-space.awardspace.com/index.php?action=register">Register</a> |
<a href="http://your-space.awardspace.com/index.php?action=faq">FAQ</a> |
<a href="http://your-space.awardspace.com/index.php?action=contact">Contact</a> |
<a href="http://your-space.awardspace.com/index.php?action=links">Links</a>
<?
}
?>
</td>
</tr>
<?php
$error = $HTTP_GET_VARS['error'];
if($error == "email_1"){
$id = $_COOKIE["studentid"];
echo "<tr valign=\"top\"><td colspan=\"2\" style=\"border-bottom:1px dashed black;\"><b>Senior Serperlitives Submition</b></td></tr>";
echo "<tr><td>Your Serperlative has been successfully e-mailed!<br><br>To view it <a href=\"http://your-space.awardspace.com/senior/$id.php\">click here</a>.</td><td></td></tr>";
}else{
if($error == "file_1"){
$id = $_COOKIE["studentid"];
echo "<tr valign=\"top\"><td colspan=\"2\" style=\"border-bottom:1px dashed black;\"><b>Senior Serperlitives Submition</b></td></tr>";
echo "<tr><td>You have already submited a senior serperlative! If you know it wasn't you that submited it please contact the yearbook advisor, Mrs. Harris, at <a href=\"mailto:[email protected]\">[email protected]</a>.<br><br>To view it <a href=\"http://your-space.awardspace.com/senior/$id.php\">click here</a>.</td><td></td></tr>";
}else{
if(isset($_COOKIE["studentid"])&&isset($_COOKIE["activities"])&&isset($_COOKIE["memories"])){
$id = $_COOKIE["studentid"];
$act = $_COOKIE["activities"];
$mem = $_COOKIE["memories"];
}
?>
<form action="process.php" method="post">
<tr valign="top">
<td colspan="2" style="border-bottom:1px dashed black;"><b>Senior Serperlitives Submition</b></td>
</tr>
<tr valign="top">
<td align="right" width="100">Student ID:</td>
<td align="left" width="399"><input type="text" name="studentid" size="6" maxlength="6" value="<? echo $id; ?>"></td>
</tr>
<tr valign="top">
<td align="right" width="100">Activities:</td>
<td align="left" width="399">
<textarea name="activities" maxlength="125" onkeyup="return ismaxlength(this)" cols="30" rows="4" wrap="on" style="overflow:auto;"><? echo $act; ?></textarea><br>
<font color="red" size="-1">* 125 Characters Max</font>
</td>
</tr>
<tr valign="top">
<td align="right" width="100">Memories:</td>
<td align="left" width="399">
<textarea name="memories" maxlength="250" onkeyup="return ismaxlength(this)" cols="30" rows="5" wrap="on" style="overflow:auto;"><? echo $mem; ?></textarea><br>
<font color="red" size="-1">* 250 Characters Max</font>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<?php
$error = $HTTP_GET_VARS['error'];
if($error == "id_1"){
echo "<font color=\"red\">Please Enter a Valid ID</font>";
}
if($error == "act_1"){
echo "<font color=\"red\">The max length of Activities is 125 characters!</font>";
}
if($error == "act_2"){
echo "<font color=\"red\">You must write out your Activites!<br>If you don't have any, write 'None'.</font>";
}
if($error == "mem_1"){
echo "<font color=\"red\">The max length of Memories is 250 characters!</font>";
}
if($error == "mem_2"){
echo "<font color=\"red\">You must write out your Memories!<br>If you don't have any, write 'None'.</font>";
}
if($error == "email_2"){
echo "<font color=\"red\">Sorry, but there has been an unexpected problem in e-mailing your serperlative! Please try again.</font>";
}
?>
</td>
</tr>
<tr valign="top">
<td></td>
<td align="left"><input type="submit" value="Submit"><input type="reset" value="Reset"></td>
</tr>
</form>
<?php
}
?>
<tr valign="top">
<td colspan="2" align="center"><br><br>
<?php
if($session->logged_in){
?>
<a href="http://your-space.awardspace.com/index.php">Home</a> |
<a href="http://your-space.awardspace.com/process.php">Log Out</a> |
<a href="http://your-space.awardspace.com/index.php?action=user">User Abilities</a> |
<?php
if($session->isAdmin()){
echo "<a href=\"http://your-space.awardspace.com/index.php?action=admin\">Admin Center</a> | ";
}
?>
<a href="http://your-space.awardspace.com/index.php?action=faq">FAQ</a> |
<a href="http://your-space.awardspace.com/index.php?action=contact">Contact</a> |
<a href="http://your-space.awardspace.com/index.php?action=links">Links</a>
<?
}else{
?>
<a href="http://your-space.awardspace.com/index.php">Home</a> |
<a href="http://your-space.awardspace.com/index.php?action=login">Login</a> |
<a href="http://your-space.awardspace.com/index.php?action=register">Register</a> |
<a href="http://your-space.awardspace.com/index.php?action=faq">FAQ</a> |
<a href="http://your-space.awardspace.com/index.php?action=contact">Contact</a> |
<a href="http://your-space.awardspace.com/index.php?action=links">Links</a>
<?
}}
?>
</td>
</tr>
<tr>
<td colspan="2"><center>Copyright ©, 2006 Tristian Flanagan. All rights reserved.</center></td>
</table>
</td>
<td width="25" style="background:url(images/index_12.jpg);"></td>
</tr>
</table>
</td>
<td width="13" style="background:url(images/index_04.jpg);"></td>
</tr>
<tr>
<td colspan="3"><img src="images/index_23.jpg" border="0" width="574" height="13" alt=""></td>
</tr>
</table>
</body>
</html>
Process.php page:
Code:
<?php
// Get Form Info
$id = $_POST['studentid']; // get id
$act = $_POST['activities']; // get activites
$mem = $_POST['memories']; // get memories
// Get lengths
$idlength = strlen($id); // get length of id
$actlength = strlen($act); // get length of activites
$memlength = strlen($mem); // get length of memories
// Check Lengths
if($idlength<=5){ // Check to see if ID is 6 charaters long
header("Location: index.php?error=id_1"); // If less than or equal to 5, send back with error
}
if($actlength==0){ // Check to see if Activities is 0 charaters long
header("Location: index.php?error=act_2"); // If its equal to 0, send back with error
}
if($actlength>=126){ // Check to see if Activities is 125 charaters long
header("Location: index.php?error=act_1"); // If greater than or equal to 126, send back with error
}
if($memlength==0){ // Check to see if Memories is 0 charaters long
header("Location: index.php?error=mem_2"); // If its equal to 0, send back with error
}
if($memlength>=251){ // Check to see if Memories is 250 charaters long
header("Location: index.php?error=mem_1"); // If greater than or equal to 251, send back with error
}
if($idlength==0&&$actlength==0&&$memlength==0){ // check to see if they accidently got to this page
header("Location: index.php"); // Send them back to the index page
}
$idcheck = is_int($id); // checks to see if ID is an interger
if($idcheck==false){ // if its false then do
header("Location: index.php?error=id_1"); // send back with error
}
// Set Cookies so user doesnt have to re-type serperlative!
if(isset($_COOKIE["studentid"])){ // If ID Cookie exists then delete it then write it again
setcookie("studentid", $id, time()-3600); // delete ID
setcookie("studentid", $id, time()+3600); // set ID
}else{ // if it doesn't exist write it
setcookie("studentid", $id, time()+3600); // set ID
}
if(isset($_COOKIE["activities"])){ // If Activities Cookie exists then delete it then write it again
setcookie("activities", $act, time()-3600); // delete Activities
setcookie("activities", $act, time()+3600); // set Activities
}else{ // if it doesn't exist write it
setcookie("activities", $act, time()+3600); // set Activities
}
if(isset($_COOKIE["memories"])){ // If Memories Cookie exists then delete it then write it again
setcookie("memories", $mem, time()-3600); // delete Memories
setcookie("memories", $mem, time()+3600); // set Memories
}else{ // if it doesn't exist write it
setcookie("memories", $mem, time()+3600); // set Memories
}
// Check to see if they have already submitted a serperlative
if(file_exists($id.".php")){ // If file does exist then do the following
header("Location: index.php?error=file_1"); // Say that they have already submited one
}else{ // If file doesn't exist then do the following
// Send Serperlative to Advisor
$to = "[email protected]"; // sets address
$subject = "Senior Serperlative of ".$id."."; // sets subject
$body = "Student ID:".$id."<br>Activities:".$act."<br>Memories:".$mem."<br><br>End of E-Mail<br><a href=\"http://your-space.awardspace.com/senior/files/".$id."\">Backup url</a>"; // sets message
if(!mail($to, $subject, $body)){ // checks to see if it email was written correctly, not if it was sent ( can't check that :/ )
header("Location: index.php?error=email_2"); // if unsuccesfull say so!
}
// Write it in folder for backup database
$file = fopen("$id.php", "a+"); // Create the backup file
chmod("$id.php", 0755); // change the permissions of the file
$act1 = nl2br($act);
$mem1 = nl2br($mem);
$info = "<html><head><title>Senior Serperlative - ".$id."</title></head><body>Student ID:".$id."<br>Activities:".$act1."<br>Memories:".$mem1."<br><br>End of Serperlative</body></html>"; // set info to be written
fwrite($file, $info); // write the info to the file
fclose($file); // close file
// Delete Cookies since they are not needed anymore ID will be deleted on next page
setcookie("activities", $mem, time()-3600); // delete Activities
setcookie("memories", $mem, time()-3600); // delete Memories
// Send them back with message saying its been done
header("Location: index.php?error=email_1"); // Say that is has been a success!!!
}
?>