php - Check if email address exist in database and captcha code is correct if not give alert and dont save data in database -

-

i wrote code form in added 2 validation first 1 through email , second 1 through email. when user enter's email address exist in data base show error. problem faced when user enter's new email address , wrong captcha code show error @ same time save data base also. here's complete code given

<?php include('../config/connection.php');   //database insert query if(isset($_post['submit'])) {         $finame = $_post['finame'];     $email = $_post['email'];     $user_message = $_post['message'];     $b="select * form email='".$_post['email']."'";                   $res = mysql_query($b);             $tot = mysql_fetch_assoc($res);             if(empty($tot) || empty($_session['6_letters_code'] ) ||       strcasecmp($_session['6_letters_code'], $_post['6_letters_code']) == 0)                 {                           $sel = "insert ".form." set finam='".$_post['finam']."',lnam='".$_post['lnam']."',dob='".$_post['dob']."',cntn='".$_post['cntn']."',fanam='".$_post['fanam']."',str='".$_post['str']."',email='".$_post['email']."',passw='".$_post['passw']."'";                 mysql_query($sel);                      }           //-------------------------------captcha--------------------     $your_email ='yourname@your-website.com';// <<=== update email address  session_start(); $errors = ''; $finame = ''; $email = ''; $user_message = '';      ///------------do validations-------------       if(!empty($tot))     {         $errors .= "\n re-enter captcha code...!!! ";            $msg .="email adreess exist";     }     if(isinjected($email))     {         $errors .= "\n bad email value!";     }     if(empty($_session['6_letters_code'] ) ||       strcasecmp($_session['6_letters_code'], $_post['6_letters_code']) != 0)     {      // strcmp()         $errors .= "\n captcha code not match!";     }      if(empty($errors))     {         //send email         $to = $your_email;         $subject="new form submission";         $from = $your_email;         $ip = isset($_server['remote_addr']) ? $_server['remote_addr'] : '';          $body = "a user  $name submitted contact form:\n".         "name: $finame\n".         "email: $email \n".         "message: \n ".         "$user_message\n".         "ip: $ip\n";              $headers = "from: $from \r\n";         $headers .= "reply-to: $visitor_email \r\n";          mail($to, $subject, $body,$headers);          header('location: ../admin/sign-in1.php');     } }  // function validate against email injection attempts function isinjected($str) {   $injections = array('(\n+)',               '(\r+)',               '(\t+)',               '(%0a+)',               '(%0d+)',               '(%08+)',               '(%09+)'               );   $inject = join('|', $injections);   $inject = "/$inject/i";   if(preg_match($inject,$str))     {     return true;   }   else     {     return false;   } }  ?>   <html> <head> <link rel="stylesheet" type="text/css" media="all" href="jsdatepick_ltr.min.css" /> <script type="text/javascript" src="jsdatepick.min.1.3.js"></script> <script type="text/javascript">     window.onload = function(){         new jsdatepick({             usemode:2,             target:"inputfield",             dateformat:"%d-%m-%y"             });     };             </script> <title>form</title> <link href="style/style.css" rel="stylesheet" type="text/css"> <link href='http://fonts.googleapis.com/css?family=kaushan+script' rel='stylesheet' type='text/css'> <script language="javascript" src="scripts/gen_validatorv31.js" type="text/javascript"></script> </head>  <body> <div style="width:100%; height:170px; margin:auto;">     <div class="abc">     <h1 style="margin:5% 0 0 5%; width:10%; color:#fff;">form</h1>      <!--</form>-->     <?php                      $sel = "select * home";                     $a=mysql_query($sel);                      $fetch = mysql_fetch_array($a);                       ?>             <div class="sample"> <?php echo $fetch['home4'];?></div>                 <div class="main" style="margin:4% 0 0 0;">                 <a href="../index.php" class="navi">home</a>                 <a href="../index.php" class="navi">about us</a>                 <a href="../index.php" class="navi">gallery</a>                 <a href="../index.php" class="navi">contact us</a>         </div>     </div>      </div> <div style=" width:100%; margin:5% 0 0 0; height:auto;">        <div style="margin:auto; width:80%">         <form method="post" class="w3-container" onsubmit="alert('thank you. registered input login id , passwprd make changes on index , pages...')" >             <div class="w3-group"> <input class="w3-input blue-l4" pattern="[a-za-z]{3,}" title="only alphabets" value="<?php echo $_post['finam'] ?>" type="text" name="finam"required>                 <label class="w3-label">first-name</label>             </div>             <div class="w3-group"> <input class="w3-input blue-l4" pattern="[a-za-z]{3,}" title="only alphabets" value="<?php echo $_post['lnam'] ?>" type="text" name="lnam"required>                 <label class="w3-label">last name</label>             </div>             <div class="w3-group">             <input class="w3-input blue-l4" type="text" size="12" readonly id="inputfield" value="<?php echo $_post['dob'] ?>"  name="dob" placeholder="dd/mm/yy"required>              </div>             <div class="w3-group">             <input class="w3-input blue-l4" type="text" pattern="[a-za-z]{3,}" title="only alphabets" value="<?php echo $_post['fanam'] ?>" name="fanam"required>                 <label class="w3-label">father's name</label>             </div>             <div class="w3-group">                   <?php if(!empty($msg)){ echo "<p class='err'>".nl2br($msg)."</p>"; } ?>                 <input class="w3-input blue-l4"  value="<?php echo $_post['email'] ?>" type="email" name="email"required>                                                                                    <label class="w3-label">email</label>             </div>             <div class="w3-group">                 <input class="w3-input blue-l4" type="password" name="passw" required>                 <label class="w3-label">password</label>             </div>              <div class="w3-group">                 <input class="w3-input blue-l4" pattern="[0-9]+" value="<?php echo $_post['cntn'] ?>"  title="only numeric value" type="text" name="cntn"required>                 <label class="w3-label">contact no.</label>            </div>            <div class="clear"></div>                 <div class="w3-group">               <select name="str"  class="w3-input blue-l4">              <option>--select stream--</option>                 <?php                              $sel = "select * stream";           $a=mysql_query($sel);                             while($fetch = mysql_fetch_array($a))                            {                              ?>                     <option><?php echo $fetch['str']?></option>                 <?php                              }                         ?>               </select>                    </div>              <div class="w3-group">       <?php if(!empty($errors)){ echo "<p class='err'>".nl2br($errors)."</p>"; } ?>                 <img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ><br>         <label for='message'>enter code above here :</label><br>                      <input class="w3-input blue-l4" id="6_letters_code" name="6_letters_code" type="text"><br>          <small>can't read image? click <a href='javascript: refreshcaptcha();'>here</a> refresh</small>   </div>              <button class="w3-btn blue-d1" name="submit" value="submit">submit</button>          </form>     </div> </div> <script language='javascript' type='text/javascript'> function refreshcaptcha() {     var img = document.images['captchaimg'];     img.src = img.src.substring(0,img.src.lastindexof("?"))+"?rand="+math.random()*1000; } </script> <div class="foot" style="margin-top:4px;">     <div  style="margin:2% 0 2% 86%;">     <a href="http://facebook.com"><img style="margin:0 0 12px 12px;" src="index.jpg" width="30" height="30"/></a>     <a href="http://twiter.com"><img style="margin:0 0 12px 12px;" src="images1.png" width="30" height="30"/></a>     <a href="htp://google+.com"><img src="googleplus.png" width="50" height="50"/></a>     </div> </div> </div> </body> </html>

several comments here. first, , maybe important, you're using mysql_* functions, deprecated , no longer maintained. should consider converting mysqli or pdo, has prepared statements (that protects against sql-inection). mysql_* bad practice.

furthermore, mixing variable-names in code. you're using both $_post['finam'] , $_post['finame'], assume 1 , same. careful names!

and you're inserting password in plain text -- security issue! should hash password, it's never stored in plain text (in case of hacker accessing database).

as question: inserting database series of or-operators in if-statement. means long one of them returns true, it'll run query , insert email.

i'm not sure how captcha-validating, think code work more intended.

<?php  session_start();  include('../config/connection.php');   //database insert query if (isset($_post['submit'])) {     $finame         = $_post['finam'];     $lname          = $_post['lnam'];     $dob            = $_post['dob'];     $passw          = $_post['passw'];     $email          = $_post['email'];     $fanam          = $_post['fanam'];     $cntn           = $_post['cntn'];     $user_message   = $_post['message'];     $str            = $_post['str'];     $errors         = '';      ///------------do validations-------------     // checking if email exists in database     $res = mysql_query("select * form email=$email");      // if number of rows result greater 0, email in our database     if (mysql_num_rows($res) > 0) {         $errors .= "\n email exists!";         $emailavailable = false;     } else {         $emailavailable = true;     }      if (!$emailavailable)) {         $errors .= "\n re-enter captcha code...!!! ";            $msg .= "email adreess exist";     }     if (isinjected($email)) {         $errors .= "\n bad email value!";         $bademail = false;     } else {         $bademail = true;     }      if (empty($_session['6_letters_code'] ) || strcasecmp($_session['6_letters_code'], $_post['6_letters_code']) != 0) {         // strcmp()         $errors .= "\n captcha code not match!";         $captcha = false;     } else {         $captcha = true;     }      ///------------if well, inserting email-------------     if ($emailavailable && $captcha && $bademail) {         // $sel = "insert ".form." set finam='".$_post['finam']."',lnam='".$_post['lnam']."',dob='".$_post['dob']."',cntn='".$_post['cntn']."',fanam='".$_post['fanam']."',str='".$_post['str']."',email='".$_post['email']."',passw='".$_post['passw']."'";         $sel = "insert form (finam, lnam, dob, cntn, fanam, str, email, passw) values ($finame, $lname, $dob, $cntn, $fanam, $str, $email, $passw)";         mysql_query($sel);     }      //-------------------------------captcha--------------------     $your_email ='yourname@your-website.com';// <<=== update email address      if(empty($errors)) {         //send email         $to         = $your_email;         $subject    = "new form submission";         $from       = $your_email;         $ip         = $_server['remote_addr'];          $body = "a user  $name submitted contact form:\n".         "name: $finame\n".         "email: $email \n".         "message: \n ".         "$user_message\n".         "ip: $ip\n";              $headers = "from: $from \r\n";         $headers .= "reply-to: $visitor_email \r\n";          mail($to, $subject, $body,$headers);          header('location: ../admin/sign-in1.php');     } }  // function validate against email injection attempts function isinjected($str) {     $injections = array('(\n+)',               '(\r+)',               '(\t+)',               '(%0a+)',               '(%0d+)',               '(%08+)',               '(%09+)'               );     $inject = join('|', $injections);     $inject = "/$inject/i";     if (preg_match($inject,$str)) {         return true;     } else {         return false;     } }  ?>

as can see, updated insert-query, kind of messy.


Comments

Post a Comment

Popular posts from this blog

javascript - Karma not able to start PhantomJS on Windows - Error: spawn UNKNOWN -

-
i lost "unknown" error: karma.conf.js: frameworks: ['mocha', 'should'], plugins: ['karma-mocha', 'karma-should', 'karma-phantomjs-launcher'], ... browsers: ['phantomjs'], error: 23 07 2015 14:35:37.691:warn [karma]: no captured browser, open http://localhost:9876/ 23 07 2015 14:35:37.701:info [karma]: karma v0.13.3 server started @ http://localhost:9876/ 23 07 2015 14:35:37.707:info [launcher]: starting browser phantomjs 23 07 2015 14:35:37.738:error [karma]: { [error: spawn unknown] code: 'unknown', errno: 'unknown', syscall: 'spawn' } error: spawn unknown @ exports._errnoexception (util.js:749:11) @ childprocess.spawn (child_process.js:1093:11) @ exports.spawn (child_process.js:933:9) @ object._execcommand (c:\users\jinga4x\git\mdl-sample-project\node_modules\karma\lib\launchers\process.js:63:21) @ object._start (c:\users\jinga4x\git\md...
Read more

Nuget pack csproj using nuspec -

-
i want create nuget package contains specified in nuspec file, still version csproj. in order use token have pack like: nuget pack myproj.csproj but when adds dependencies , creates unwanted folder in nuget package. nuspec file is: <?xml version="1.0" encoding="utf-8"?> <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"> <metadata> <id>test</id> <version>$version$</version> <title>test</title> <authors>test</authors> <owners>test</owners> <requirelicenseacceptance>false</requirelicenseacceptance> <description>test</description> <summary>test</summary> <releasenotes>test</releasenotes> <copyright>test</copyright> </metadata> <files> <file src="bin\debug\*.dll" target="lib\net45" /> <file s...
Read more

c# - Display ASPX Popup control in RowDeleteing Event (ASPX Gridview) -

-
i have aspxgridview includes new , delete button. delete button includs gv_rowdeleting event. want show aspxpopupcontrol (id="pupconfirm"). want user have confirm password delete item. tried: protected void gv_rowdeleting(object sender, devexpress.web.data.aspxdatadeletingeventargs e) { pupconfirm.showonpageload = true; } but nothing happened. please me. !!! you can create template column javascript prompt confirmation. <itemtemplate> <asp:linkbutton id="btndelete" runat="server" text="delete" commandname="delete" onclientclick="javascript:if(!confirm('are sure want delete record?')){return false;}"> </asp:linkbutton> </itemtemplate>
Read more