Hi this is a simple form i have when i submit the form it will redirect to mail.php
and i want to restrict direct access to mail.php so i added some script here...

// <?php
session_start();
// kill the page if the access variable doesn't exists
// or if the access variable does exist but is not set to true
if(!isset($_SESSION['State']) || (isset($_SESSION['State']) && $_SESSION['State'] !== true))
{
header("Location: index.php");
// kill the page display error
}
?>...//

now the problem is my form is not getting submitted. Your help will be appreciated(i am beginer to php)


<?php error_reporting (E_ALL ^ E_NOTICE); ?>
<?php

// some 'helper' functions -
// apply html htmlentities to a value
function _ent($val)
{
return htmlentities($val);
}

// return an element from an array
function _element($arr,$index)
{
return isset($arr[$index]) ? $arr[$index] : '';
}


$errors = []; // define an array to hold errors
$data = []; // define an array to hold a working copy of the data being operated on (if editing existing data, this is needed. for commonality, use if just submitting new data too.)

// define a list of option choices - both city/state are using the same list. if they were different lists, create two separate defining arrays.
$options = ['1','2','3'];
$options1 = ['4','5','6'];


// form processing
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$data = array_map('trim',$_POST); // get a trimmed copy of all 1st level (non-array) data

// validate all the inputs here
// state and city - select/option, consisting of Member, New, one.
// name - text field, consisting of letters and spaces only.
// phone - unknown if used, but using this recommend code layout, adding code for a field is straight forward.

if($data['state'] == '')
{
$errors['state'] = "State is required.";
}
else
{
if(!in_array($data['state'],$options))
{
$errors['state'] = "Invalid choice for State."; // if you see this error, either there is a mistake in the coding or someone is submitting their own values.
}
}

if($data['city'] == '')
{
$errors['city'] = "City is required.";
}
else
{
if(!in_array($data['city'],$options1))
{
$errors['city'] = "Invalid choice for City."; // if you see this error, either there is a mistake in the coding or someone is submitting their own values.
}
}

if($data['name'] == '')
{
$errors['name'] = "Name is required.";
}
else
{
if (!preg_match("/^[a-zA-Z ]*$/",$data['name']))
{
$errors['name'] = "Only letters and spaces are allowed in Name."; // allowing actual white space, which the original message stated uses a different value in the regex pattern
}
}
if($data['textarea1'] == '')
{
$errors['textarea1'] = "Message is required.";
}
// if no errors, use the submitted data
if(empty($errors))
{
header('location:mail.php'); // note: success was misspelled in the original code
die;
}
}
?>
<?php

if($_SERVER["REQUEST_METHOD"]=="POST") { $name = $_POST["name"]; $_SESSION['name']=$name; }
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
// if you want to display all the errors at once, before the start of the form, do that here...
if(!empty($errors))
{
echo implode('<br>',$errors); // add any html markup and css to display them the way you want
}
?>
<form method="post">
<fieldset>
<legend><?php echo $error; ?> </legend>
<select name="state">
<option value="">-- Please select a state --</option>
<?php
foreach($options as $choice)
{
$sel = isset($data['state']) && $data['state'] == $choice ? ' selected' : '';
echo "<option value='$choice'$sel>$choice</option>\n";
}
?>
</select>

<select name="city">
<option value="">-- Please select a city --</option>
<?php
foreach($options1 as $choice)
{
$sel = isset($data['city']) && $data['city'] == $choice ? ' selected' : '';
echo "<option value='$choice'$sel>$choice</option>\n";
}
?>
</select>

<?= _element($errors,'name'); ?> <input type="text" name="name" value="<?= _ent(_element($data,'name')); ?>">
<textarea class="textarea" id="textarea1" name="textarea1" type="text">
<?php if(isset($_POST['textarea1'])) {
echo htmlentities ($_POST['textarea1']); }?>
</textarea>
<input type="submit" name="submit" value="submit">
</fieldset>
</form>
</body>
</html>

my mail.php script ..............


<?php
session_start();
// kill the page if the access variable doesn't exists
// or if the access variable does exist but is not set to true
if(!isset($_SESSION['State']) || (isset($_SESSION['State']) && $_SESSION['State'] !== true))
{
header("Location: index.php");
// kill the page display error
}
?>

When posting code in the forum, you need to add the forum's
tags around your code. A(The) forum moderator has been editing your posts to add these, but has probably gotten tired of doing so.

In the original code example I posted, there was a section in the form processing code that looked like this -


// if no errors, use the submitted data
if(empty($errors))
{

// do 'something' with the submitted form data in $data

// generate a fake error message
$errors[] = 'For testing, stay on this page after the form data has been processed';

}

This is where you should be putting the code to send an email (this is the first thread where we have learned what you are trying to use the form data for) or doing whatever else you may want to do with the form data. You should not be redirecting to a different page to do something with the submitted data.

The 'fake error message' code's purpose was to prevent the next section of code from running, for demonstration purposes only, since I/we didn't know what you were even trying to use the form data for at that point -


// if no errors at this point, the form data was successfully processed
if(empty($errors))
{
header('location:success.php'); // note: success was misspelled in the original code
die;
}

If you want to display a success page to the visitor after sending the email, you would want to have this section in your code. You currently have removed it/merged it with the code section above it and you have removed the die; statement that's needed to prevent the remainder of the code from running.


In addition to putting any email code in the correct place in the main code, your current code isn't setting any $_SESSION['State'] variable. One other version of code you have posted in the forum is setting a $_SESSION['state'] variable, but those two variables are not the same, due to the capitalization differences. Your current code also has an $error variable that doesn't exist and would be throwing a php error. The php error_reporting should be E_ALL. Remove the ^ E_NOTICE part, as that will hide errors that would be helping you find problems in your code.

When we see what looks like randomly changing code for no purpose, variables that don't exist, capitalization differences, etc..., it makes it hard to help you, which is why a number of your threads have gone unanswered. If you are just copying together things you have seen or been told, without understanding what they do or why you are using them, it will take you a very long time to successfully write code that works. You need to actually understand what each line code does, so that you will know how it contributes to the goal you are trying to accomplish.

If you go back to the thread where I posted the code example - http://www.dynamicdrive.com/forums/showthread.php?81358-pregmatch-for-name-field-not-working-in-validation and add any form fields to the form, validation logic to the form processing code, put the email code where the // do 'something' with the submitted form data in $data line is at, and remove the 'fake error message' code, you will be done.

Yes, please start formatting your code as recommended by DyDr.