PDA

View Full Version : newsletter script



ianhaney
03-07-2016, 04:17 PM
Hi

I am using the following newsletter script

http://www.plus2net.com/php_tutorial/newsletter.php

It all works fine apart from I don't seem to be getting a confirmation message when I click submit?

below is my script



<form name='myForm' action='' method='post'>
<table class='t1'>
<input type=hidden name=todo value='post-data'>
<tr class='r1'>
<td>
<label>Email Address</label>
<br />
<input type=text name='email' size=40>
</td>
</tr>
<tr class='r0'>
<td>
<label for="number" class="title">What is three plus four?</label>
<input name="number" id="number" required="required" pattern="7" title="Please answer the question to prove you are human">
</td>
</tr>
<tr class='r0'>
<td>
<input type="button" onClick="ajaxFunction()" value='Signup'>
</td>
</tr>

</table>
</form>

</div>
</div>

<script type="text/javascript">
function ajaxFunction()
{
var httpxml;
try
{
// Firefox, Opera 8.0+, Safari
httpxml=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
httpxml=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
httpxml=new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e)
{
alert("Your browser does not support AJAX!");
return false;
}
}
}
function stateChanged()
{
if(httpxml.readyState==4)
{
///////////////////////
//alert(httpxml.responseText);
var myObject = JSON.parse(httpxml.responseText);
//alert(myObject.data[0].msg);
if(myObject.data[0].status_form==="NOTOK"){ // status of form if notok
document.getElementById("msgDsp").style.borderColor='red';
document.getElementById("msgDsp").style.background='#f0f0c0';
document.getElementById("msgDsp").innerHTML=myObject.data[0].msg;

}/// end of if if form status is notok
else { ///// Validation is passed

document.getElementById("msgDsp").style.borderColor='blue';
document.getElementById("msgDsp").style.background='#2CFC90';
document.getElementById("msgDsp").innerHTML=" Thank You <br> Please Check your email to confirm subscription .... <br>";
document.myForm.reset();
} // end of if else if status form notok
/////// Changing the border colors /////////////
//////////////
}
}

/////////////////////////////////
function getFormData(myForm) {
var myParameters = new Array();
myParameters.push("todo=" + myForm.todo.value);
myParameters.push("email=" + myForm.email.value);

return myParameters.join("&");
}
////////////////////////////////////////////


var url="subscribeck.php";
var myForm = document.forms[0];
var parameters=getFormData(myForm);
httpxml.onreadystatechange=stateChanged;
httpxml.open("POST", url, true)
httpxml.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
//alert(parameters);
httpxml.send(parameters)
document.getElementById("msgDsp").innerHTML="<img src=wait.gif>";

////////////////////////////////


}
</script>


Hope someone can help, thank you in advance

Ian

DyDr
03-08-2016, 10:10 AM
I don't seem to be getting a confirmation message when I click submit?

Define: confirmation message? What are you referring to? The subscribe email? Something on the subscribe web page? Does the markup on your page still contain the element with id="msgDsp" where the ajax status message is displayed at? What debugging have you done to narrow down the problem?

I see that you have modified the form to add a simple captcha field. You do realize that a static value for a captcha will quickly get bypassed and doing this only in the browser won't stop anything since data is submitted directly to the form processing code by bot scripts. Was ALL the code that deals with the data for this form modified to handle the captcha form field? Hint: the hard-coded JavaScript on that page wasn't changed to do anything with the captcha form field. This is another problem with the person who wrote this tutorial/code, he didn't use any general purpose coding methods, so everything is hard-coded bespoke logic, even the form number in the DOM on that page is hard-coded and the code will break if there's another form above this one on the page.

In looking at the code for this tutorial, it's nonsense as far as showing useful methods to do anything it purports to tutor you on. It's little more than a class project that someone got to work when everything is perfect and it doesn't work and doesn't tell you why when everything is not perfect. It's also insecure (it puts external data directly into a prepared query, bypassing one of the main reasons for using a prepared query), inconsistent (among other things, half the time after validating data it stops code execution, the other half of the time it merrily continues on to use the invalid data), repetitive (common things that should be coded only once and reused are written out in just about every file, there's even a login check function defined, that in one file had the logic inside the function being used instead of calling the function), it contains much broken html, and is filled with hard-coded bespoke logic that's hard and error prone to change.