-16

I've been at this for a few hours now and scratching my head as to what the problem is.

The form works and sends the email, but when the verification link is clicked, it does not show the echoed "Success" message, but the die("error message"); message. Anything to do with the $salt ?

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<input type="text" size="35" name="email" title="Email"> 
<input id="button" type="submit" name="submit" value="Submit your Email" />

</form>

<?php

$salt = "mysecret";

if(isset($_POST["confirm"]) && isset($_POST["email"])){
    $confirm = $_POST["confirm"];
    $to_email = $_POST["email"];

    if(sha1($salt.$to_email) == $confirm){
        echo "Success";
    } else{
        die("error: mail not confirmed");
    }


} elseif(isset($_POST["email"])){
    $to_email = $_POST["email"];

    $confirm_link = "http://www.mysite.com/form.php?confirm=".urlencode(sha1($salt.$to_email))."&mail=".urlencode($to_email);
    $msg = "to confirm ... click the link: \n ".$confirm_link;
    mail($to_email, "pls confirm your mail", $msg);
} else{
    die("error message");
}

?>
Tchoupi
  • 14,560
  • 5
  • 37
  • 71
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141

2 Answers2

8

When you click on that verification link from an email, the values are going to be passed via GET not via POST.

Mike Brant
  • 70,514
  • 10
  • 99
  • 103
  • 1
    @Fred Typically most all request made by browser are GET requests. When you pass parameters in a URL for a regular browser request, you will be passing those parameters via GET, because your browser makes a GET request for the URL. Browsers can be made to POST via the use of forms based on the form elements `method` attribute. When set to `post` the browser will, upon submittal of the form, make a POST, passing the form data. – Mike Brant Oct 02 '12 at 16:45
  • Thanks Mike. When I changed some of the 'post' to 'get' and reload then click on the submit button, it's not executing but instead a dialog box comes up asking me to either save or open the .php file, that's what I find strange. – Funk Forty Niner Oct 02 '12 at 16:49
3

You check data in $_POST when they are passed in $_GET when you click on link and also your link specify a mail parameter (without "e") and you check "email" parameter.

Sébastien Tharaud
  • 61
  • 2