On a membership site that I am developing, once the user has logged in, on his profile page there are two simple forms.
The first is diplayed only if the user has his "district" field NULL in the database. If the "district" field contains any information, the first form is replaced by a table displaying data from that district. The purpose of the form is for the user to select his district from a list, and update his account so he can read local information from his district. After he hits submit, the "district" field in the databsase is updated and then he never sees this form again.
The second one is a basic contact form, thru which the user can easily send an email message to the support team if he needs any help. Once the message has been sent, instead of the form, a success message is displayed until the refresh of the page, when the text field comes back to normal and the user can send another message.
I have tested them and they both work fine separately, but the error I am encountering is that when a user with NULL in his "district" field logs in, or whenever his page is refreshed, the second form automatically sends a blank email to the support team, and is allways showing the success message instead of the text input for the message to be written in. I have setup an error when the second form is submitted empty, but despite this, while the first form is showing, with every refresh, a new blank email is being sent...
After the user has submitted the first form an updated his "district", the second form returns to normal and works just fine... I know that there is a conflict, or I forgot to setup some conditions in the code below. Please be kind, take a look and tell me where do you think the error might be. Any help is welcomed.
<? if($row_user['district'] == NULL ):
if(!isset($_POST['submit2']))
{
foreach($row_user as $field => $value)
{
$_POST[$field] = $value;
}
}
$error2 = 0;
if(isset($_POST['submit2'])){
if(isset($_POST['distr']) && ($_POST['distr']==""))
{
$error2 = 1;
$msg_distr="<br /><span class='error'>Select your district</span>";
}
if($error2 == 0)
{
$update = 'UPDATE users SET ';
if(isset($_POST['distr'])) $update .= 'district = '.GetSQLValueString($_POST['distr'], 'text').', ';
$update = substr_replace($update,"",-2);
$update .= 'WHERE id_user = '.$id_user;
mysql_query($update, $conn) or die(mysql_error());
}
}
?>
The HTML code for the first form is
<form action="" method="post" enctype="multipart/form-data" >
<table width="465px" border="0" cellpadding="5" cellspacing="5">
<tr>
<td width="160" valign="middle" align="left">
<span class="style20"><b>Choose District</b> *</span>
</td>
<td valign="top" align="left">
<select name="distr" onChange="sel_distr(this.value)" class="select" >
<option value="">Choose</option>
<option value="District1" <? if($_POST['distr']=="District1") echo "'selected'"?>>District1</option>
<option value="District2" <? if($_POST['distr']=="District2") echo "'selected'"?>>District2</option>
<option value="District3" <? if($_POST['distr']=="District3") echo "'selected'"?>>District3</option>
<option value="District4" <? if($_POST['distr']=="District4") echo "'selected'"?>>District4</option>
<option value="District5" <? if($_POST['distr']=="District5") echo "'selected'"?>>District5</option>
</select>
<?=$msg_distr?>
</td>
</tr>
<tr>
<td >
<input type="submit" name="submit2" class="submit" value="Insert" />
</td>
</tr>
</table>
</form>
<?endif; ?>
The other form is for sending email messages from this page, just by inserting the message and sending it. the user will not need to insert his name or email.
<?php
$error_message=0;
if ($_POST["email"]<>'') {
if(isset($_POST['comment']) && ($_POST['comment']=="")){
$error_message=1;
$er_msg="<br /><span class='error'>You can't send a blank message</span>";
}
if($error_message == 0){
$ToEmail = 'mail@domain';
$EmailSubject = 'New message from '.$row_user['name'].'';
$mailheader = "From: ".$_POST["email"]."
";
$mailheader .= "Reply-To: ".$_POST["email"]."
";
$mailheader .= "Content-type: text/html; charset=iso-8859-1
";
$MESSAGE_BODY = "<b>Name:</b> ".$_POST["name"]."<br/>";
$MESSAGE_BODY .= "<b>Email:</b> ".$_POST["email"]."<br/><br/>";
$MESSAGE_BODY .= " ".nl2br($_POST["comment"])."<br/>";
mail($ToEmail, $EmailSubject, $MESSAGE_BODY, $mailheader) or die ("Failure");
?>
<div class="success" style="height:60px;">
<b><?=$row_user['name']?>, Your message was sent!</b> <br/>
A member of our team will contact you soon.
</div>
<?php
}
if($error_message == 1){ ?>
<form action="me.html" method="post">
<input name="name" type="hidden" value="<?=$row_user['name']?>" id="name" size="32">
<input name="email" type="hidden" value="<?=$row_user['email']?>" id="email" size="32"> <br/>
<textarea name="comment" cols="45" rows="6" id="comment" class="input" style="width:90%"></textarea><br/>
<input class="submit" type="submit" name="Submit" value="Send">
</form>
<?=$er_msg?>
<?
}
} else {
?>
<form action="me.html" method="post">
<input name="name" type="hidden" value="<?=$row_user['name']?>" id="name" size="32">
<input name="email" type="hidden" value="<?=$row_user['email']?>" id="email" size="32"> <br/>
<textarea name="comment" cols="45" rows="6" id="comment" class="input" style="width:90%"></textarea><br/>
<input class="submit" type="submit" name="Submit" value="Send">
</form>
<?php
};
?>
Alright, I think this is a minor mistake and you are getting confused because of the too many error counter flags.
Try changing this:
if($error_message == 0){
to:
if($error_message == 0 && $row_user['district'] != NULL){