7
Good morning guys, I have to do a maintenance on an old form and I’m trying to understand how it works...
Below the form_proposta.php file
<?
$msg = "Mais informações de imóvel enviado em " . date("d/m/Y") . ", os dados seguem abaixo: " . chr(13) . chr(10) . chr(10); //nessa linha, estará impresso em que data e hora foi enviado o formulário
$msg .= "Código : " .$codigo . chr(13) . chr(10);
$msg .= "Nome : " . $nome . chr(13) . chr(10); //aqui o campo nome
$msg .= "E-mail : " . $email . chr(13) . chr(10); //campo email
$msg .= "Endereço : " . $endereco . chr(13) . chr(10); //campo endereco
$msg .= "Telefone : " . $telefone . chr(13) . chr(10); //campo telefone
$msg .= "Mensagem : " . $mensagem . chr(13) . chr(10); //campo mensagem
$Remetente = $email; //aqui, colocamos que o email digitado seja quem enviou o formulário, pode ser substituido por "Contato do Site", assim, sairá sempre que quem enviou o email, seja Contato do Site
$para = $email_from;
mail($para, "Proposta do site",$msg,"From: $Remetente\n");
?>
Below follows the html of the page
<form action="../exec/form_proposta.php" method="post" >
<table align="center" border="0" cellpadding="0" cellspacing="1" >
<tr align="left">
<td align="left">Código: </td>
<td align="left">
<h1>{$imo_cod}</h1>
</td>
</tr>
<tr align="left">
<td >Nome: </td>
<td align="left"> <input type="text" name="nome" style="width:400px;" class="campo"> </td>
</tr>
<tr align="left">
<td>E-mail: </td>
<td align="left"> <input type="text" name="email" style="width:400px;" class="campo"> </td>
</tr>
<tr align="left">
<td>Telefone: </td>
<td align="left"> <input type="text" name="telefone" style="width:400px;" class="campo"> </td>
</tr>
<tr align="left">
<td>Endereço: </td>
<td align="left"> <input type="text" name="endereco" style="width:400px;" class="campo"> </td>
</tr>
<tr align="left">
<td align="left">Mensagem: </td>
<td align="left"> <textarea rows="6" name="mensagem" style="width:400px;" class="campo"></textarea> </td>
</tr>
<tr>
<td colspan="2" align="center"><br>
<input type="submit" name="submit" value="Enviar" style="width:100px;" class="campo" />
<input type="reset" name="reset" value="Limpar" style="width:100px;" class="campo" />
<input type="hidden" name="codigo" value="{$imo_cod}" />
<input type="hidden" name="email_from" value="{$alt_email}" />
</td>
</tr>
</table>
</form>
I’ve been looking at these codes for a long time and do not understand how this business can work, the php file is not included in nor is another file triggered directly by the form...
At no time did I find the location where $_POST is taken and $variables are assigned...
Basically my conclusion so far is that it works with magic kkk Could someone help me understand how this business works?
You are aver the wrong php file. Have a look at
../exec/form_proposta.php
– Sergio
@Sergio am not (unfortunately). the php code I put in question is the code of this file
– RodrigoBorth
Has no
extract()
lost there? orregister_globals
enabled(php.ini)?– rray
@lost
register_globals
is enabled...extract()
I didn’t find any– RodrigoBorth
Now disable this bagasse! any parameter passed in a url becomes a variable when the
register_globals
ison
.– rray
@lost gave a read about and it is really very dangerous to leave it active, the problem is that the old company sites were based on this "thing"... I can not disable, but at least I know how it is working now...
– RodrigoBorth
@Rodrigoborth what is your company’s website? hahaha
– gmsantos
@gmsantos is terra.com.br xD aushaushau
– RodrigoBorth
I think I could take the example and change the question to "What are the most common problems and dangers to qualify
register_globals
?" what do you think?– RodrigoBorth
@Rodrigoborth I think it’s a good idea. This or a new question.
– Sergio