unexpected $end ???

pixelsoul

I have this problem with a script for an email form that does some checking of the input to the form before it processes it. It is coming back with error:

Parse error: parse error, unexpected $end in c:\Inetpub\wwwroot\secure_mail\mail_test.php on line 76

I have gone through over and over on this and can't see what the problem is. I am somewhat of a n00b with php, so I can understand that I am probably just missing something that is small. Here is the code that I am having the problem with:

<?php

//checks to see if form data has \r or \n and does not send mail if they exist
$from=$_POST["txtemail"];

if (eregi("\r",$from) || eregi("\n",$from)) {

die("Error: Some of the content you have entered is not allowed.");

}

elseif (empty($name) || empty($email) || empty($message)) {

echo $empty_fields_message;

}

// Check the refering URL
$referer = $_SERVER['HTTP_REFERER'];

// Get the URL of this page
$this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];

// If the referring URL and the URL of this page don't match then
// display a message and don't send the email.
if ($referer != $this_url) {
    echo "You do not have permission to use this script from another URL.";
    exit;

}

else {

// The URLs matched so send the email
mail($your_email, $subject, $message, "From: $name <$email>");

// Display the thankyou message
echo $thankyou_message;

}

?>

I am thinking that I did not close a tag or something but for the life of me I can't see where. If anyone could help me with this I would appreciate it 🙂

Thank you.

rincewind456

You usually get it if you've missed a curly bracket, this looks fine

SargeZT

Is there some more code before this, as there are variables being called that were not defined in the source code. Even if the two segments of code are broken up, it won't spit an error out until the end, and assuming the line referenced in the error is even close to the line of code is a dangerous assumption.

But as for the code you've shown us, it's correct. There is nothing in there that should be spitting out that error.

pixelsoul

Well thanks for pointing that out Sarge. I really should be a little more perceptive heh.

There was some code before this that included the variables to be called and in there I did find an open curly bracket. I removed that and no more error 🙂

Now my page shows another error. I wanted to make all the processing of the form on the same page so when you hit the submit button it goes back the same page which then process the form. There are some variables that are supposed to echo if certain conditions are true but for some reason they show. I have alot of work to do on it still I think, but I am proud of how much messing with this has taught me about mail forms and trying to secure them. Here is the code from the whole page if you want to look at it. It is not pretty I should warn you lol.

<?php

error_reporting(E_ALL ^ E_NOTICE);

$your_email = "myemail@fakedomain.com";
$subject = "Message via your contact form";
$empty_fields_message = "<p>Please go back and complete all the fields that are required in the form.</p>";
$thankyou_message = "<p>Thankyou. Your message has been sent.</p>";
$invalid_content = "<p>You have entered invalid content into the mail form. For security issues we do not allow special characters.</p>";

$name = stripslashes($_POST['txtname']);
$email = stripslashes($_POST['txtemail']);
$message = stripslashes($_POST['txtmessage']);

if (!isset($_POST['txtname']))

?>

<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">

<p><label for="txtname">Name:</label><br />
<input type="text" title="Enter your name" name="txtname" /></p>

<p><label for="txtemail">Email:</label><br />
<input type="text" title="Enter your email address" name="txtemail" /></p>

<p><label for="txtmessage">Your message:</label><br />
<textarea title="Enter your message" name="txtmessage"></textarea></p>

<p><label title="Send your message">
<input type="submit" value="send" /></label></p>

</form>

<?php

//checks to see a field has \n or \r in the data and if it does it does not send the email
if (eregi("\r",$email) || eregi("\n",$email)) {

echo $invalid_content;

die ();

}

elseif (empty($name) || empty($email) || empty($message)) {

echo $empty_fields_message;

}

else {

// Check the refering URL
$referer = $_SERVER['HTTP_REFERER'];

// Get the URL of this page
$this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];

// If the referring URL and the URL of this page don't match then
// display a message and don't send the email.
if ($referer != $this_url) {
	echo "You do not have permission to use this script from another URL.";
	exit;

}

// The URLs matched so send the email
mail($your_email, $subject, $message, "From: $name <$email>");

// Display the thankyou message
echo $thankyou_message;

}


?>

You can kind of see what I am trying to do. I just have to figure out what I missplaced or did not place at all. I would think this would work....I am so new at php it is all still a little confusing.

willfitch

Hey pixelsoul,

I just copied and pasted your code and everything worked fine. Did you actually fix the issue?

pixelsoul

ya I put error_reporting(E_ALL ^ E_NOTICE); in the top so it would not show the alerts, but it seems to not be stopping the email if it has \n or \r in the email fields.

Also when I go to the page it shows that variable that prints out that the user needs to go back and finish all of the form fields. I put all of that stuff at the bottom to help keep from spammers from injecting headers into the mail form.

Also I am not really done totaly with it because I am going to have it check to see if MIME-Version exists in the data then the email will fail also and then it will email me to let me know that someone was trying to relay emails through my form.

It just feels like I am missing something but not sure what.

rincewind456

Check the code logic, on line 15 you say if $_POST['txtname'] is not set print the form which it does but you don't then split the validation section into a separate else statemnet, so the code runs all the way to the end of the script. The only thing on the way that it can do is print out the empty field message.

To cure it put a { at the end of line 15.
Put } else { at line 36 and put a closing } at line 75.

This will break your code into the two sections it needs to be in.

pixelsoul

what you said made sense. I can see now where the problem is that you pointed out. I made the changes that you said would help with splitting it up into two parts but something is wrong in the syntax and it is giving me a parsing error on line 79 which is just the closing php tag "?>"

Here is what the code looks like:

<?php

error_reporting(E_ALL ^ E_NOTICE);

$your_email = "myemail@fakedomain.com";
$subject = "Message via your contact form";
$empty_fields_message = "<p>Please go back and complete all the fields that are required in the form.</p>";
$thankyou_message = "<p>Thankyou. Your message has been sent.</p>";
$invalid_content = "<p>You have entered invalid content into the mail form. For security issues we do not allow special characters.</p>";

$name = stripslashes($_POST['txtname']);
$email = stripslashes($_POST['txtemail']);
$message = stripslashes($_POST['txtmessage']);

if (!isset($_POST['txtname'])) {

?>

<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">

<p><label for="txtname">Name:</label><br />
<input type="text" title="Enter your name" name="txtname" /></p>

<p><label for="txtemail">Email:</label><br />
<input type="text" title="Enter your email address" name="txtemail" /></p>

<p><label for="txtmessage">Your message:</label><br />
<textarea title="Enter your message" name="txtmessage"></textarea></p>

<p><label title="Send your message">
<input type="submit" value="send" /></label></p>

</form>

<?php

} else {

//checks to see a field has \n or \r in the data and if it does it does not send the email
if (eregi("\r",$email) || eregi("\n",$email)) {

echo $invalid_content;

die ();

}

elseif (empty($name) || empty($email) || empty($message)) {

echo $empty_fields_message;

}

else {

// Check the refering URL
$referer = $_SERVER['HTTP_REFERER'];

// Get the URL of this page
$this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];

// If the referring URL and the URL of this page don't match then
// display a message and don't send the email.
if ($referer != $this_url) {
	echo "You do not have permission to use this script from another URL.";
	exit;

}

// The URLs matched so send the email
mail($your_email, $subject, $message, "From: $name <$email>");

// Display the thankyou message
echo $thankyou_message;

}


?>

I have been looking through it and can not find anything wrong. All curly brackets have closing tags it seems and can't see any place that I missed a semi-colon.

Do I have to remove the php openning and closing tags in the middle of the page to make it one large script? I wouldn't think I would but not sure.

Thanks again for the help with this.

rincewind456

You need a closing curly bracket at the end of the script Just BEFORE the closing ?> php tag

Weedpacket

pixelsoul wrote:
I have been looking through it and can not find anything wrong. All curly brackets have closing tags

In fact, the { on this line:

} else {

isn't paired with a matching }.

Try tidying up your code; using a consistent indentation in particular will help prevent mistakes like this.

pixelsoul

Okay that took care of that parse error. sorry was a little confused about the other } already being there and adding another one.

For some reason now it still will not filter $email for \n and \r. It seems to be checking the referer url and working correctly there, and detects whether all form fields have been filled in, it is just that one that it is skipping past and that is an important one. I was able to send email with \n and \r in every field on the email form. May be I am not testing it right?

Thanks!

rincewind456

Why not just clean up the input with this

$_POST['email'] = preg_replace("/\r/", "", $_POST['email']); 
$_POST['email'] = preg_replace("/\n/", "", $_POST['email']);

rather than sending an alert.

Weedpacket

One thing I note is that you probably want to move

$name = stripslashes($_POST['txtname']);
$email = stripslashes($_POST['txtemail']);
$message = stripslashes($_POST['txtmessage']);

to the section that is run only if $_POST['txtname'] is set, because it's only there that its worthwhile. Leaving Notice reporting turned on would have picked this up.

The newline test could be improved a lot (eregi() is probably one of the worst choices!): strpos() would be a much better here.

But that aside, your code works for me in that it's recognising when newline characters are in the email address. How are you testing it?

pixelsoul

Thanks for the pointer weedpacket. You want to know something funny, right before I read your reply I was reading a tutorial that was talking about that and even commenting in php which each close bracket is for like

} //else $referer

Pretty ironic 🙂

Well need sleep 4am here and about to pass out at my desk heh.

Thanks again Amigos.

lkq

where is the 76th line?

Weedpacket

What I want is an IDE that when I hit { it automtically inserts a matching } at the same indent. I can get it for (, [, " and ', so why not {?

No, I'm not asking for recommendations; I was just being rhetorical.

pixelsoul

I just use Text Pad and it does not do any of that for me so I have no clue. What do you use that automatically creates a closing tag like that? I would like that. I found a couple other ones but man they clutter the UI sometimes with so much stuff it bothers me.

thorpe

What do you use that automatically creates a closing tag like that? I would like that.

vim can do that and much more, and absolutely no clutter. hehe.

pixelsoul

I tried VIM. I like some or most of it. A little awkward so I would just have to get used to using it. I also decided to install another one that I had looked at a while back but not yet play with and found that it also ads a closing } when { is typed.

It is called php designer 2006 and you can find it at www.mpsoftware.dk

defaulty their UI was all cluttered to but you can customize it and get rid of all the garbage that you don't need 🙂

Weedpacket

Do some people have trouble understanding what "rhetorical" means?🙂