// variable is $friendemail1 and IS required
elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail1']))) {
$error_msg .= "Friend email is not a valid e-mail address. \n";
}
// variable is $friendemail2 but isn
elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail2']))) {
$error_msg .= "Friend 2 email is not a valid e-mail address. \n";
}

By default this is checking both, but I'm trying to get it to only run the check on friendemail2 when that field is filled out.

I tried sometihng like
elseif ($friendemail2 != ''; ) (!ereg...
so if field friendemail2 isn't blank run the rest of the check, but couldn't get it to work. Anyone have any suggestions? Thank you.

Try this:



// variable is $friendemail1 and IS required
elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail1']))) {
$error_msg .= "Friend email is not a valid e-mail address. \n";
}
// variable is $friendemail2 but isn
else {
if ($c['friendemail2'] != '') {
if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail2']))) {
$error_msg .= "Friend 2 email is not a valid e-mail address. \n";
}
}
}


Probably not the best way to do it, but it should work unless you already have an else statement after the first one you posted, then it will error out; in which case you should post the full code.

Hope this helps.

That worked great for the 2 email fields. I thought if I could figure out how to check friendemail2 conditionally that I could follow the pattern for the other 2 I had friendemail3 and friendemail4 (4 friend email fields total, only the 1st is required)

Here is all the relevant validation check code (up to friendemail2)

if (isset($c['submit'])) {
if (empty($c['yourname']) || empty($c['youremail']) || empty($c['friendemail1'])) {
$error_msg .= "Your name and email along with at least one friends email are required fields. \n";

} elseif (strlen($c['yourname']) > 15) {
$error_msg .= "The name field is limited to 15 characters. \n";

} elseif (!ereg("^[A-Za-z' -]", $c['yourname'])) {
$error_msg .= "The name field must not contain any special characters. \n";

} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['youremail']))) {
$error_msg .= "Your email is not a valid e-mail address. \n";
}
// variable is $friendemail1 and IS required
elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail1']))) {
$error_msg .= "Friend email is not a valid e-mail address. \n";
}
// variable is $friendemail2 but isn't required
else {
if ($c['friendemail2'] != '') {
if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail2']))) {
$error_msg .= "Friend 2 email is not a valid e-mail address. \n";
}
}
}

I'm having a little trouble working in friendemail3 and friendemail4 since there is an initial if then elseif follow after that. I tried to make friendemail4 the else and all the others before it elseif but couldn't get it to work.

See if this works


if (isset($c['submit'])) {
if (empty($c['yourname']) || empty($c['youremail']) || empty($c['friendemail1'])) {
$error_msg .= "Your name and email along with at least one friends email are required fields. \n";

} elseif (strlen($c['yourname']) > 15) {
$error_msg .= "The name field is limited to 15 characters. \n";

} elseif (!ereg("^[A-Za-z' -]", $c['yourname'])) {
$error_msg .= "The name field must not contain any special characters. \n";

} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['youremail']))) {
$error_msg .= "Your email is not a valid e-mail address. \n";
}
// variable is $friendemail1 and IS required
elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail1']))) {
$error_msg .= "Friend email is not a valid e-mail address. \n";
}
// variable is $friendemail2 but isn't required
elseif ($c['friendemail2'] != '') {
if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail2']))) {
$error_msg .= "Friend 2 email is not a valid e-mail address. \n";
}
}
elseif ($c['friendemail3'] != '') {
if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail3']))) {
$error_msg .= "Friend 3 email is not a valid e-mail address. \n";
}
}
else {
if ($c['friendemail4'] != '') {
if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail4']))) {
$error_msg .= "Friend 4 email is not a valid e-mail address. \n";
}
}
}
}

Thank you for the reply. I received an unexpected } on line 173 which is the last } in the validation code. I commented it out to test, but it only checked the first 2 email addresses.

This is weird that the above doesn't work, because I just wrote this for something else. Although it doesn't have the extra if's in it...it's generally the same principle. (if elseif elseif else)


<?php if (isset($_GET['page']) && $_GET['page'] == 'specialpage') {
include("includes/specialpage.php"); }

elseif (isset($_GET['page']) && $_GET['page'] == 'somethingelse') {
include("includes/somethingelse.php"); }

elseif (isset($_GET['page']) && $_GET['page'] == 'uniquepage') {
include("includes/uniquepage.php"); }

else { $target = isset($_GET['page'])?$_GET['page']:'index';
if ( file_exists('./includes/' . $target . '.php') ) include './includes/' . $target . '.php'; if ( !file_exists('./includes/' . $target . '.php') ) include './includes/404.php'; } ?>

Would posting the full code of the referral form help to spot something? Thank you

Yep post the full code, or a link to it

I posted the code prior to any changes. Around line 43 is where the changes are being attempted.


<?php
function clean($data) {
$data = trim(stripslashes(strip_tags($data)));
return $data;
}

$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|url=|url|link=|link|http:|https:)/i";
$profanity = "/(curse|words|here)/i";
$spamwords = "/(viagra||blackjack|backgammon|texas|holdem|meds|freemeds|poker|cialis|ciara|ciprofloxacin|debt|dating)/i";
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
exit("<p>Known spam bots are not allowed.</p>");
}
foreach ($_POST as $key => $val) {
$c[$key] = clean($val);

if (preg_match($exploits, $val)) {
exit("<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>ERROR:</strong>Exploits/malicious scripting attributes aren't allowed.<br><br>Click your back browser button to submit the appropriate content.</td></tr></table>");
} elseif (preg_match($profanity, $val) || preg_match($spamwords, $val)) {
exit("<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>ERROR:</strong><p>That kind of language isn't allowed through this form.<br><br>Click your back browser button to submit the appropriate content.</p></td></tr></table>");
}
}

$show_form = true;
$error_msg = NULL;

if (isset($c['submit'])) {
if (empty($c['yourname']) || empty($c['youremail']) || empty($c['friendemail1'])) {
$error_msg .= "Your name and email along with at least one friends email are required fields. \n";

} elseif (strlen($c['yourname']) > 15) {
$error_msg .= "The name field is limited to 15 characters. \n";

} elseif (!ereg("^[A-Za-z' -]", $c['yourname'])) {
$error_msg .= "The name field must not contain any special characters. \n";

} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['youremail']))) {
$error_msg .= "Your email is not a valid e-mail address. \n";
}
elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail1']))) {
$error_msg .= "Friend email is not a valid e-mail address. \n";
}
########### trying to add additional friendemail checks above this ######################
#########################################################################################
if ($error_msg == NULL) {
$show_form = false;

if (!empty($c['url']) && !ereg("^(http|https)", $c['url'])) {
$c['url'] = "http://" . $c['url'];
}
$admin_subject = "A site recommendation has been sent";
$admin_message = "".$yourname." @ ".$youremail." has recommended your site to \n ".$friendemail1."\n ".$friendemail2."\n".$friendemail3."\n".$friendemail4."";
$subject = "A friend thought you might be interested in this site.";
//////// Change top email message line here
$message = "Hello, \n Your friend ".$yourname." thought you might be interested in this site and wanted you to take a look at http://example.com \n";
$message .= "\n Thank you, \n example.com";

if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
$headers = "From: $youremail \n";
$headers .= "Reply-To: $youremail";
} else {
$headers = "From: $yourname <$youremail> \n";
$headers .= "Reply-To: $youremail";
}
// email the admin to let them know that someone recommended their site
if (mail('admin@example.com',$admin_subject,$admin_message,$headers)) {
################################################################################
// email submitted addresses
if (mail($friendemail1,$subject,$message,$headers)) {
echo "<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'>Thank you for recommending this site.</td></tr></table><br><table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>SUCCESS: </strong><br>The site recommendation was successfully sent to your friend @ ".$friendemail1."</td></tr></table>";
if (mail($friendemail2,$subject,$message,$headers)) {
echo "<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>SUCCESS: </strong><br>The site recommendation was successfully sent to your friend @ ".$friendemail2."</td></tr></table>";
if (mail($friendemail3,$subject,$message,$headers)) {
echo "<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>SUCCESS: </strong><br>The site recommendation was successfully sent to your friend @ ".$friendemail3."</td></tr></table>";
if (mail($friendemail4,$subject,$message,$headers)) {
echo "<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>SUCCESS: </strong><br>The site recommendation was successfully sent to your friend @ ".$friendemail4."</td></tr></table>";
}
}
}
}
}else {
echo "<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>FAILURE: </strong><br>The site recommendation could not be sent this time. Please try again later.</td></tr></table>";
}
}
}
if (!isset($c['submit']) || $show_form == true) {
function get_data($var) {
global $c;
if (isset($c[$var])) {
echo $c[$var];
}
}

if ($error_msg != NULL) { // show error messages
echo "<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>ERROR: </strong><p>";
echo nl2br($error_msg) . "</p></td></tr></table>";
}
?> <!-- $class = ''; if (!empty($error_msg['yourname']))... JUST CHECKS THE REQUIRED FIELDS AND SHOWS THE ERROR CLASS IF BLANK -->
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post"><table width="430" height="19" border="0" cellpadding="5" cellspacing="0"><tr><td width="212" valign="top"><label>Your Name&nbsp;*<br>
<input name="yourname" type="text" <?php $class = ''; if (!empty($error_msg['yourname'])) {$class = 'class="req"';} if (!empty($c["yourname"])) {$class = '';} print "{$class}"; ?> id="yourname" value="<?php get_data("yourname"); ?>" size="30"></label></td><td width="218"><label>Your Email&nbsp;*<br>
<input name="youremail" type="text" <?php $class = ''; if (!empty($error_msg['youremail'])) {$class = 'class="req"';} if (!empty($c["youremail"])) {$class = '';} print "{$class}"; ?> id="email" value="<?php get_data("youremail"); ?>" size="30"></label></td></tr><tr><td valign="top"><label>Friend's Email&nbsp;*<br>
<input name="friendemail1" type="text" <?php $class = ''; if (!empty($error_msg['friendemail1'])) {$class = 'class="req"';} if (!empty($c["friendemail1"])) {$class = '';} print "{$class}"; ?> id="friendemail1" value="<?php get_data("friendemail1"); ?>" size="30"></label></td><td><label>Friend's Email&nbsp;(2)<br>
<input name="friendemail2" type="text" id="friendemail2" value="<?php get_data("friendemail2"); ?>" size="30"></label></td></tr><tr><td valign="top">Friend's Email&nbsp;(3)<br>
<input name="friendemail3" type="text" id="friendemail3" value="<?php get_data("friendemail3"); ?>" size="30"></td><td>Friend's Email&nbsp;(4)<br>
<input name="friendemail4" type="text" id="friendemail4" value="<?php get_data("friendemail4"); ?>" size="30"></td></tr></table><br></label>
<input type="submit" name="submit" id="submit" class="btn" value="Send">All fields marked with an * are required.</form>
<?php
}
?>
I appreciate it.

Try this, it worked when I tested it.

There was also an error in your code for the 'spam' array, I kept being told that I was using bad language, I've corrected that as well

Put all of this into the top section of your code replacing everything down to,
'########### trying to add additional friendemail checks above this ######################', in the code you posted.




function clean($data) {
$data = trim(stripslashes(strip_tags($data)));
return $data;
}

$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|url=|url|link=|link|http:|https:)/i";
$profanity = "/(curse|words|here)/i";
$spamwords = "/(viagra|blackjack|backgammon|texas|holdem|meds|freemeds|poker|cialis|ciara|ciprofloxacin|debt|dating)/i";
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
exit("<p>Known spam bots are not allowed.</p>");
}
foreach ($_POST as $key => $val) {
$c[$key] = clean($val);

if (preg_match($exploits, $val)) {
exit("<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>ERROR:</strong>Exploits/malicious scripting attributes aren't allowed.<br><br>Click your back browser button to submit the appropriate content.</td></tr></table>");
} elseif (preg_match($profanity, $val) || preg_match($spamwords, $val)) {
exit("<table><tr><td style='color: #FFFFFF; padding: 5px; font: normal 11px Arial, sans-serif; background-color: #4A494D; border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #2B2F38; border-bottom: 1px solid #2B2F38;'><strong>ERROR:</strong><p>That kind of language isn't allowed through this form.<br><br>Click your back browser button to submit the appropriate content.</p></td></tr></table>");
}
}

$show_form = true;
$error_msg = NULL;

if (isset($c['submit'])) {
if (empty($c['yourname']) || empty($c['youremail']) || empty($c['friendemail1'])) {
$error_msg .= "Your name and email along with at least one friends email are required fields. \n";
}
elseif (strlen($c['yourname']) > 15) {
$error_msg .= "The name field is limited to 15 characters. \n";
}
elseif (!ereg("^[A-Za-z' -]", $c['yourname'])) {
$error_msg .= "The name field must not contain any special characters. \n";
}
elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['youremail']))) {
$error_msg .= "Your email is not a valid e-mail address. \n";
}
// variable is $friendemail1 and IS required
elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail1']))) {
$error_msg .= "Friend 1 email is not a valid e-mail address. \n";
}
// variable is $friendemail2 but isn't required
elseif ($c['friendemail2'] != '' && !ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail2']))) {
$error_msg .= "Friend 2 email is not a valid e-mail address. \n";
}
elseif ($c['friendemail3'] != '' && !ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail3']))) {
$error_msg .= "Friend 3 email is not a valid e-mail address. \n";
}

else {
if ($c['friendemail4'] != '' && !ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['friendemail4']))) {
$error_msg .= "Friend 4 email is not a valid e-mail address. \n";
}
}

Thank you very much, this now works as intended.

It looks like the key to making it work was elseif ($c['friendemail2'] != '' && !ereg... since 2 and beyond aren't required, but still need to be checked if filled in.

Yep, just a slight change to the syntax