PHP code wont validate against Checkbox selection

Hi guys,

The program did work up unitll this morning but I have clumsely done something, and it now doesnt test for validation:
I need to understand how to implement PHP validation for when Javascript is disabled. And the only part of my contact that needs validating is the terms and condition checkbox, that said, if this checkbox is not selected “yes” and javascript is disabled, and the form is submitted, you are redirected to the error page, if the select box has had “yes” selected and javascript has been disabled, then your just redirected as normal to the thankyou html page.

The part of the big chunk of code below thats related just to the validation check is:


if ( preg_match( "/[\\r\
]/", $tandc ) ) {
    header( "Location: $orderErrorurl" );
    exit ;
}

$mailto = 'test@news-ball.co.uk' ;
$subject = "New EPC Client enquiry from  Website" ;
$formurl = "http://news-ball.co.uk/test/order_epc.html" ;
$orderThankyouurl = "http://news-ball.co.uk/test/orderThankyou.html" ;
$orderErrorurl = "http://news-ball.co.uk/test/orderError.html" ;

$bName_is_required = 0;
$title_is_required = 0;
$fName_is_required = 0;
$lName_is_required = 0;
$custAddress_is_required = 0;
$custCityAndCount_is_required = 0;
$custPostC_is_required = 0;
$tDay_is_required = 0;
$tEve_is_required = 0;
$eMail_is_required = 0;
$aNumRdTwn_is_required = 0;
$cAndC_is_required = 0;
$propPostC_is_required = 0;
$pAccess_is_required = 0;
$contact_is_required = 0;
$contactName_is_required = 0;
$cTDay_is_required = 0;
$cTEve_is_required = 0;
$bedrooms_is_required = 0;
$floorplan_is_required = 0;
$output_is_required = 0;
$otherInfo_is_required = 0;
$tandc_is_required = 1;

$uself = 0;
$forcelf = 0;
$use_envsender = 0;
$use_sendmailfrom = 0;
$smtp_server_win = '' ;
$use_webmaster_email_for_from = 0;
$use_utf8 = 1;
$my_recaptcha_private_key = '' ;

// -------------------- END OF CONFIGURABLE SECTION ---------------

define( 'MAX_LINE_LENGTH', 998 );
$headersep = $uself ? "\
" : "\\r\
" ;
$content_nl = $forcelf ? "\
" : (defined('PHP_EOL') ? PHP_EOL : "\
") ;
$content_type = $use_utf8 ? 'Content-Type: text/plain; charset="utf-8"' : 'Content-Type: text/plain; charset="iso-8859-1"' ;
if ($use_sendmailfrom) {
    ini_set( 'sendmail_from', $mailto );
}
if (strlen($smtp_server_win)) {
    ini_set( 'SMTP', $smtp_server_win );
}
$envsender = "$mailto" ;
$bName = $_POST['bName'];
$title = $_POST['title'] ;
$fName = $_POST['fName'];
$lName = $_POST['lName'];
$custAddress = $_POST['custAddress'];
$custCityAndCount = $_POST['custCityAndCount'];
$custPostC = $_POST['custPostC'];
$tDay = $_POST['tDay'];
$tEve = $_POST['tEve'];
$eMail = $_POST['eMail'];
$aNumRdTwn = $_POST['aNumRdTwn'];
$cAndC = $_POST['cAndC'];
$propPostC = $_POST['propPostC'];
$pAccess = $_POST['pAccess'];
$contact = $_POST['contact'];
$contactName = $_POST['contactName'];
$cTDay = $_POST['cTDay'];
$cTEve = $_POST['cTEve'];
$bedrooms = $_POST['bedrooms'];
$floorplan = $_POST['floorplan'];
$output = $_POST['output'];
$otherInfo = $_POST['otherInfo'];
$tandc = $_POST['tandc'];

if ( preg_match( "/[\\r\
]/", $tandc ) ) {
    header( "Location: $orderErrorurl" );
    exit ;
}

$fromemail = $use_webmaster_email_for_from ? $mailto : $email ;

if (function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc()) {
    $comments = stripslashes( $comments );
}

$messageproper =
    "This message was sent from:" . $content_nl .
    "$http_referrer" . $content_nl .
    "-------------------------Clients Contact Details--------------------------------" . $content_nl .
    "Company name:                $bName" . $content_nl .
    "Clients Title:                $title" . $content_nl .
    "Clients First Name:           $fName" .  $content_nl . 
    "Clients Last Name:            $lName" .  $content_nl .
    "Clients Address:              $custAddress" .  $content_nl .
    "Clients City or County:       $custCityAndCount" .  $content_nl .
    "Clients Post Code:            $custPostC" .  $content_nl .
    "Clients Daytime Phone Number: $tDay" .  $content_nl .
    "Clients Evening Phone Number: $tEve" .  $content_nl .
    "Clients E-mail Address:       $eMail" .  $content_nl .
    "------------------Details of Property Requiring EPC-------------------------------" . $content_nl .
    "Properties Address:             $aNumRdTwn" .  $content_nl .
    "Properties City or County:      $cAndC" .  $content_nl .
    "Properties Post Code:           $propPostC" .  $content_nl .
    "Property Access:                $pAccess" .  $content_nl .
    "Contact is:                     $contact" .  $content_nl .
    "Contact Name:                   $contactName" .  $content_nl .
    "Contacts Daytime Phone Number:  $cTDay" .  $content_nl .
    "Contacts Evening Phone Number:  $cTEve" .  $content_nl .
    "Number of Bedrooms:             $bedrooms" .  $content_nl .
    "Is a floorplan required:        $floorplan" .  $content_nl .
    "EPC Total Price:                $output" .  $content_nl .
    "------------------------- Other Information -------------------------" . $content_nl . $content_nl .
    wordwrap( $otherInfo, MAX_LINE_LENGTH, $content_nl, true ) . $content_nl . $content_nl .
    "------------------------------------------------------------" . $content_nl .
    "Client agreed to Terms and Conditions:  $tandc" . $content_nl ;
    
$headers =
    "From: \\"$company\\" <$fromemail>" . $headersep . "Reply-To: \\"$company\\" <$email>" . $headersep . "X-Mailer: chfeedback.php 2.16.2" .
    $headersep . 'MIME-Version: 1.0' . $headersep . $content_type ;

if ($use_envsender) {
    mail($mailto, $subject, $messageproper, $headers, $envsender );
}
else {
    mail($mailto, $subject, $messageproper, $headers );
}
header( "Location: $orderThankyouurl" );
exit ;

?>

To validate the checkbox, you would check the value of the variable.

Something like this:

if($termsofuse !=1){

header(‘location: $errorpage’);

}

You can always check how variables are being passed with this:
print_r($_POST);

You should also validate the name and email protect the script from an email injection attack (which are quite common).
http://www.w3schools.com/php/php_secure_mail.asp

E

If the checkbox is the only field in the form with that name then the field gets set on the server if the box is checked and doesn’t get set if it isn’t checked.

If you want to be able to test the value of that named field to see if it is checked or not then add a hidden field in front of the checkbox field and give it the value you want passed when the chjeckbox isn’t checked.