New Query.

Teach

Hello.

Just a new quick query. Hope you'll be able to help please.

We've got quite a few forms on our website, and as they get huge amounts of activity, and we're using a PHP script to generate a unique ID for each person.

As I didn't want to use a DB (and still don't) it's done using a flatfile.

Basically, I want to now do the following:

As you'll see by the code, the "next ID" is generated whenever the page is simply loaded. I want to change that so an ID is only issued when it's submitted SUCESSFULLY. I imagine then that the PHP on the form.php itself needs to end up on mailer.php. I'm sure you'll see what I mean.
I've done what I think I think is right (which works), but if you could just confirm? The first pastes are the original, and the last are the newly modified.

You'll also see that in the modified mailer.php (the last paste) I had had change $value (which is on the first form.php (first page)) to $id -- as the mailer.php was already using $value -- is this OK how I've done it?
2. Any suggestions or modifications?

form.php:

<?php
 include('/home/www/htdocs/header.php');

$fh = fopen("/home/www/htdocs/secure/support.txt","r");
$value = fread($fh, filesize("/home/www/htdocs/secure/support.txt"));
fclose($fh);

$value++;

$fh = fopen("/home/home/www/htdocs/secure/support.txt","w");
fwrite($fh, $value);
fclose($fh);
 ?>

    <form action="/mailer.php" method="post">
      <p class="hidden"><input type="hidden" name="ID" value="<?php echo $value ?>" /></p>
      All the form data here (inputs etc...)
    </form>

<?php
 include('/home/www/htdocs/footer.php');
 ?>

mailer.php:

<?php
$msg = "";
if (empty($_POST['NAME'])) {
    $msg .= "Your name cannot be blank.<br />";
}
if (!preg_match("/^[a-zA-Z0-9]+$/", $USERNAME)) {
    $msg .= "Your username cannot be blank and must contain only A-Z, a-z and 0-9.<br />";
}
if (!preg_match('/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+/', $_POST['EMAIL'])) {
    $msg .= "Your E-mail address is invalid.<br />";
}
if (empty($_POST['COMMENTS'])) {
    $msg .= "Your comments cannot be blank.<br />";
}

if (!empty($msg)) {
	include "/home/www/htdocs/header.php";
	echo "<p>Errors:</p><div class=\"box\"><p>$msg</p></div>\n";
	include "/home/www/htdocs/footer.php";
	exit();
}

####################################################### 
# This script is Copyright 2003, Infinity Web Design  # 
# Distributed by [url]http://www.webdevfaqs.com[/url]            #
# Written by Ryan Brill - [email]ryan@infinitypages.com[/email]      # 
# All Rights Reserved - Do not remove this notice     # 
####################################################### 

$to = "our@domain.com";
$subject = 'Support [ID:' . $_POST['ID'].']';
$headers = "From: [email]our@domain.com[/email]";
$forward = 0;
$location = "http://www.ourdomain.com/thankyou/index.php";

$date = date ("l, F jS, Y");
$time = date ("h:i A");

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";
$msg .= "IP: ".$_SERVER['REMOTE_ADDR']."\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    foreach ($_POST as $key => $value) {
        $msg .= ucfirst ($key) ." : ". $value . "\n";
    }
}
else {
    foreach ($_GET as $key => $value) {
        $msg .= ucfirst ($key) ." : ". $value . "\n";
    }
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
    header ("Location:$location");
}
else {
	include "/home/www/htdocs/header.php";
	echo "<p>Thank you!</p>\n<p>lots of other text.</p>\n<p>Your ID for this submission is: <strong>Support [ID:" . $_POST['ID']. "]</strong>.</p>\n";
	include "/home/www/htdocs/footer.php";
}

?>

NEW:

form.php:

<?php
 include('/home/www/htdocs/header.php');
 ?>

    <form action="/mailer.php" method="post">
      All the form data here (inputs etc...)
    </form>

<?php
 include('/home/www/htdocs/footer.php');
 ?>

mailer.php:

<?php
$msg = "";
if (empty($_POST['NAME'])) {
    $msg .= "Your name cannot be blank.<br />";
}
if (!preg_match("/^[a-zA-Z0-9]+$/", $USERNAME)) {
    $msg .= "Your username cannot be blank and must contain only A-Z, a-z and 0-9.<br />";
}
if (!preg_match('/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+/', $_POST['EMAIL'])) {
    $msg .= "Your E-mail address is invalid.<br />";
}
if (empty($_POST['COMMENTS'])) {
    $msg .= "Your comments cannot be blank.<br />";
}

if (!empty($msg)) {
	include "/home/www/htdocs/header.php";
	echo "<p>Errors:</p><div class=\"box\"><p>$msg</p></div>\n";
	include "/home/www/htdocs/footer.php";
	exit();
}

$fh = fopen("/home/www/htdocs/secure/support.txt","r");
$id = fread($fh, filesize("/home/www/htdocs/secure/support.txt"));
fclose($fh);

$id++;

$fh = fopen("/home/home/www/htdocs/secure/support.txt","w");
fwrite($fh, $id);
fclose($fh);

####################################################### 
# This script is Copyright 2003, Infinity Web Design  # 
# Distributed by [url]http://www.webdevfaqs.com[/url]            #
# Written by Ryan Brill - [email]ryan@infinitypages.com[/email]      # 
# All Rights Reserved - Do not remove this notice     # 
####################################################### 

$to = "our@domain.com";
$subject = 'Support [ID:' . $id .']';
$headers = "From: [email]our@domain.com[/email]";
$forward = 0;
$location = "http://www.ourdomain.com/thankyou/index.php";

$date = date ("l, F jS, Y");
$time = date ("h:i A");

$msg = "Below is the result of your feedback form. It was submitted on $date at $time with ID $id.\n\n";
$msg .= "IP: ".$_SERVER['REMOTE_ADDR']."\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    foreach ($_POST as $key => $value) {
        $msg .= ucfirst ($key) ." : ". $value . "\n";
    }
}
else {
    foreach ($_GET as $key => $value) {
        $msg .= ucfirst ($key) ." : ". $value . "\n";
    }
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
    header ("Location:$location");
}
else {
	include "/home/www/htdocs/header.php";
	echo "<p>Thank you!</p>\n<p>lots of other text.</p>\n<p>Your ID for this submission is: <strong>Support [ID:" . $id . "]</strong>.</p>\n";
	include "/home/www/htdocs/footer.php";
}

?>

Many thanks in advance!

Regards,

bubblenut

$fh = fopen("/home/www/htdocs/secure/support.txt","r");
$id = fread($fh, filesize("/home/www/htdocs/secure/support.txt"));
fclose($fh);

$id++;

$fh = fopen("/home/home/www/htdocs/secure/support.txt","w");
fwrite($fh, $id);
fclose($fh);

Could be shortened to

$fh = fopen('/home/home/www/htdocs/secure/support.txt', 'w+') or die('File read error'); //w+ allows reading and writing
$id = fread($fh, 1024) or die('file write error'); //I doubt very much you're ever going to exceed 1024 characters
fwrite($fh, ++$i); //pre-increment $i and write to file

one thing I would like to say, without meaning to appear rude is; stearing clear of databases for data access and relying on flat files is absurd. Why do you not want to use a database?

HTH
Bubble

Teach

Hello,

Firstly, a massive thank you for your help. I really appreciate it. 🙂

Well, the reason I don't want to use a DB is because I don't see why a flatfile for just a simple set of numbers is bad -- it seems to have coped this far... I use a db for a lot of other things.

I'll give that shortened code a go, thanks very much for doing that.

All the rest looks okay though? And was a I right to change that first $value to $id?

Regards,

Teach

bump...

Teach

Hi guys.

I'm really sorry to be a nuisance.

Can you help me with this, could you just tell me whether what I had done was right, and whether I was correct to change $value to $id?

Thanks.

bubblenut

Does it work?

Teach

Originally posted by bubblenut
Does it work?

Hiya. Thanks for your reply.

Yes it works, i'm just wondering whether i've done it correctly -- as i'm not brilliant in php.

Thanks if you can advise.

Regards,

bubblenut

Well if it's working then what's the problem? Have you ever heard the expression "If it ain't broke, don't fix it"?

You may well come back to it in a couple of months, with a little more experience under your belt, and decide to change a couple of things, but untill then don't waste time on it. Move on to the next job. 🙂

Teach

Originally posted by bubblenut
Well if it's working then what's the problem? Have you ever heard the expression "If it ain't broke, don't fix it"?

You may well come back to it in a couple of months, with a little more experience under your belt, and decide to change a couple of things, but untill then don't waste time on it. Move on to the next job. 🙂

Hiya Bubblenut.

Thanks for your reply again.

Yep, I'm gradually learning... and yes I've heard the expression.
The thing that concerns me though is even though somethign works, it might not be correct, or even insecure.

By "and decide to change a couple of things" were you referring to anything in particular in the script, or anything of concern? It's just they're so heavily used we don't want any gaping holes! 🙂

Thanks again for your assistance.

Regards,

bubblenut

There are no gapping holes (or even small holes) which I can see from looking through. The only changes I would personally make are largely stylistic and due to my personal coding style.

I would suggest leaving it and coming back to it in a couple of months when you have more experience and addapting it to your coding style (which will be hopefully be blossoming by then)

Teach

Okay, thanks. 🙂

I presume then I was right to change $value to $id? 🙂