0

I am trying to convert this code into smarty so that it works as it should though my whmcs although I have tried just to include the php file in the tpl containing the php(which works perfectly on it own just it does not display correctly though whmcs) so I want to change the current php into smarty so that he code runs smooth direct from the tpl file.

This is what it looks like when I include the php page and this is basicly how I want it to be this is after I replace all the <?php tags with {php} and ?> tags with {/php} but it does not work properly as I believe there are other smarty syntaxes that need changing but I don't know what and where

Can anybody help please?

<script type="application/javascript">
$(function(){

    $("input[type='radio']").change(function(){
        var val = $(this).val();
        $(this).parent().find("input[type='radio']").each(function(){
            if ($(this).val() < val){
                $(this).addClass("belowchecked");
            } else {
                $(this).removeClass("belowchecked"); 
            }
        });
    });
});
</script>

<?php
//Require Database
require('connect.php');
//Variables
$name = $_POST['name'];
$email = $_POST['email'];
$website = $_POST['website'];
$service = $_POST['service'];
$comment = $_POST['comment'];
$rating = $_POST['star'];
$robotest = $_POST['robotest'];
$captcha = $_POST['captcha'];
date_default_timezone_set('Europe/London');
$date = date('Y-m-d');
// If Form Is Submitted 
 if(isset($_POST['add'])){
// Check User Entered Name   
if(empty ($name)){
   $error[] = "<b>Name</b>";
  }
// Check User Entered Email 
if(empty ($email)){
   $error[] = "<b>Email Address</b>";
   }
// Checks Users Email is valid
 else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) 
        {
     $error[] = "<b>Email</b>"; 
           $error2[] = "Email is invalid";
        }
// If Website Is Not Empty
if (!empty ($website)) {
 // Check Website Is Valid
 if(!filter_var($website,   FILTER_VALIDATE_URL)) 
        {
     $error[] = "<b>Website</b>";
            $error2[] = "<b>Website</b> must begin with <b>http://</b> and end with your domain extention";
        } 
}
// Else Website feild = null
else {
 $website = "";
}
//Check User Entered Rating
if(empty($rating)) {
 $error[] = "<b>Rating</b>";
}  
// Check User Entered Feedback  
if(empty ($comment)){
   $error[] = "<b>Feedback</b>";  
   }
// Check User Is Human
if($robotest) {
      $error[] = "You are a gutless robot.";
   }
if ($captcha != $_SESSION['captcha']){
 $error2[] = "Please reenter <b>Captcha</b>";
 }
// If No Errors Insert To Database & Redirect To Feedback    
if (empty ($error)) {
 if (empty ($error2))
{
mysql_query("INSERT INTO comment (id, name, email, comment, rating, postdate, service, website) VALUES ('','$name','$email','$comment','$rating','$date','$service','$website')");

$status = "Thankyou for your feedback";
ob_end_flush;
header ("location: feedback.php#main");
}
}
}
?>
<section class="post-info" id="addfb" name="add">
<form action="#addfb" class="forms" method="POST">
<div class="stars">
    <input class="star star-5" id="star-1" type="radio" name="star" value="5" <?php if (isset($rating) && $rating=="5") echo "checked";?>/> 
    <label class="star star-5" for="star-1"></label>  
 
    <input class="star star-4" id="star-2" type="radio" name="star" value="4" <?php if (isset($rating) && $rating=="4") echo "checked";?>/> 
    <label class="star star-4" for="star-2"></label>
    
    <input class="star star-3" id="star-3" type="radio" name="star" value="3" <?php if (isset($rating) && $rating=="3") echo "checked";?>/> 
    <label class="star star-3" for="star-3"></label> 

    <input class="star star-2" id="star-4" type="radio" name="star" value="2" <?php if (isset($rating) && $rating=="2") echo "checked";?>/> 
    <label class="star star-2" for="star-4"></label>
    
    <input class="star star-1" id="star-5" type="radio" name="star" value="1" <?php if (isset($rating) && $rating=="1") echo "checked";?>/> 
    <label class="star star-1" for="star-5" ></label> 
</div>

<br>
Name <span class="Required">*Required</span><br>
  <input name="name" type="text" value="<?php echo $name; ?>">
  
</p>
<p>Email <span class="Required">*Required</span><br>
  <input name="email" type="text" value="<?php echo $email; ?>">
</p>
<p>Website <span class="Required">http://</span><br>
  <input name="website" type="text" id="website" value="<?php echo $website; ?>">
  </p>
<p>Service <span class="Required">*Required</span></p>
  <select name="service" class="services">
  <optgroup label="Peronal Services">
      <option value="Buisness Card Design" selected="selected">Business Card Design</option>
      <option value="Website Design">Website Design</option>
      <option value="Banner Design">Banner Design</option>
      <option value="Poster Design">Poster Design</option>
      <option value="Flyer Design">Flyer Design</option>
      <option value="Logo Design">Logo Design</option>
      </optgroup>
    
    <optgroup label="Service Packages" class="services">
      <option value="Buisness Package">Business Package</option>
      <option value="Personal Package">Personal Package</option>
      <option value="Charity Package">Charity Package</option>
      <option value="Mixed Services">Mixed Services</option>
      </optgroup>
  </select>
</p>

<p>Feedback<span class="Required"> *Required</span><br>
  <textarea id="comment" rows="8" cols="20" name="comment"><?php echo $comment; ?></textarea>
</p>
<!-- The following field is for robots only, invisible to humans: -->
    <p class="robotic" id="pot">
      <label>If you're human leave this blank:</label>
      <input name="robotest" type="text" id="robotest" class="robotest" />
<p>
<img class="img-responsive" src="captcha.php" />
<br>
<input name="captcha" placeholder="Enter Captcha" type="text" />
</p>
<p>
  <input type="submit" name="add" value="Add Feedback">
  
  <p>
  <?php 
// Show validation errros here
    if(!empty($error)){
 echo "Please check the following fields<br>";
    echo  implode($error, ', ');
 }
 
 if(!empty($error2)){
 echo "<br><br>";
    echo  implode($error2, '<br>');
 }
 echo $status;
?>
</p>
</p>
</form>
</section>
Legionar
  • 7,472
  • 2
  • 41
  • 70
RicPurcell
  • 86
  • 12
  • 1
    mate, you are not considering how smarty should be used. it is not just so you can find / replace all php tags with something else. You should provide to the smarty template all the variables it needs and let it do it's magic. You should not have any {php} codes in it at all. I believe the latest smarty does not permit them by default. Not to mention that your code is extremely insecure especially to SQL injections. – Mihai P. Oct 26 '15 at 06:35
  • Also your captcha should count on the fact that robots want to fill in fields. If you have a field named robotest it will probably not be filled so what is the point of it anyway. You should use a name for it that is interesting to them like "address". Sorry I am not answering your question but you block of code is very hard to read and contains lots of strange programming. – Mihai P. Oct 26 '15 at 06:38
  • I am aware of the issue regarding the captcha this is in the process of being resolved with another method also what is the issue with sql? what do you mean by strange programming and what cant you understand? – RicPurcell Oct 26 '15 at 06:53
  • Basically I only intend on using smarty as I don't really understand how to use it as of yet in this instance because it looks like I have no other choose as it is not showing the page as it should when I just include the page of the code in the relevant div inside the tpl The php code basicly if the form is submitted check all relevant fields are set if not output error, if is the enter data into sql and return to the page at the top of the main page this code also refers to other sections of the other code which displays the data in sql and marquee's it – RicPurcell Oct 26 '15 at 07:00
  • If you are using smarty like that you might as well stick with PHP as the templating language. It makes no difference. – Mihai P. Oct 26 '15 at 21:44
  • Read about SQL injections: http://www.w3schools.com/sql/sql_injection.asp your code is very insecure. Here are some basic fixes http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php. Here is a joke about it too https://xkcd.com/327/ – Mihai P. Oct 26 '15 at 21:46
  • thankyou fix below think I have done it write then as the post you sent me is what I did hopefully :) thank you kindly – RicPurcell Oct 27 '15 at 04:33

1 Answers1

0

@Mihai P I have now resolved this issue simply changing a little of the code and using {include_php file=""} so diplays correctly and I have converted the sql codes to pdo is this better? also regarding the captcha I am now using recaptcha instead which was my plan just had to put it in if you have any further advice please do let me know

Thank you kindly

NEW TPL 

<div class="box04">
  <div class="box04Top"></div>
  <div class="box04Content">
     <h1 class="headingStyle01"><br />
     <span class="color2"><span class="color1"><span class="color3">Client Feedback</span></span></span></h1>
     <p class="pStyle01">Click feedback to Pause and click again Restart</p>
    <p>{include_php file="fb.php"}</p>
</div>
</div>
</div>


<div class="bodyRight">
  <div class="client_fb">
 {include_php file="addfb.php"}
  </div>
</div>

NEW DISPLAY DATA 

<script>
window.addEventListener('load', function () {
    function go() {
        i = i < height ? i + step : 1;
        m.style.marginTop = -i + 'px';
    }
    var i = 0,
        step = true,
        space = '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
    var m = document.getElementById('marquee');
    var t = m.innerHTML;
    m.innerHTML = t + space;
    m.style.position = 'absolute';
    var height = (m.clientHeight + 1);
    m.style.position = '';
    m.innerHTML = t + space + t + space + t + space + t + space + t + space + t + space + t + space;

  m.addEventListener('click', function () {
        step = !step
  }, true);

    var x = setInterval(go, 50);
}, true);
</script>
</head>

<section id="feedback">

  <ol id="posts-list">

    <li>

      <article class="hentry">

<div id="main"> 
        <div id="marquee">
          <div> 
          <?php 
require('connect.php'); 

foreach($db->query('SELECT * FROM comment ORDER BY id DESC') as $row) {
 if(!$row) {
        echo "No Comments Found";}
 else {      
 
 $dbname = $row['name']; 
 $dbrating = $row['rating']; 
 $dbwebsite = $row['website']; 
 $dbservice = $row['service']; 
 $dbdate = $row['postdate']; 
 $dbcomment = $row['comment']; 
 $newDate = date("l dS F Y", strtotime($dbdate));
?>             

<div id="commenttop"> 
 <div id="userdetails"><?php echo "{$dbname} - {$dbservice}" ?></div> 
  <div id="rating"> 
  <?php  
if ($dbrating == 1) { 
  echo '<img src="images/activestar.png" width="20" height="20" /> <img src="images/star.png" alt="" width="20" height="20" /><img src="images/star.png" alt="" width="20" height="20" /><img src="images/star.png" alt="" width="20" height="20" /><img src="images/star.png" alt="" width="20" height="20" />'; 
} 

if ($dbrating == 2) { 
  echo '<img src="images/activestar.png" width="20" height="20" /> <img src="images/activestar.png" width="20" height="20" /><img src="images/star.png" width="20" height="20" /><img src="images/star.png" width="20" height="20" /><img src="images/star.png" width="20" height="20" />'; 
} 

if ($dbrating == 3) { 
  echo '<img src="images/activestar.png" width="20" height="20" /> <img src="images/activestar.png" width="20" height="20" /><img src="images/activestar.png" width="20" height="20" /><img src="images/star.png" width="20" height="20" /><img src="images/star.png" width="20" height="20" />'; 
} 

if ($dbrating == 4) { 
  echo '<img src="images/activestar.png" width="20" height="20" /> <img src="images/activestar.png" width="20" height="20" /><img src="images/activestar.png" width="20" height="20" /><img src="images/activestar.png" width="20" height="20" /><img src="images/star.png" width="20" height="20" />'; 
} 

if ($dbrating == 5) { 
  echo '<img src="images/activestar.png" width="20" height="20" /> <img src="images/activestar.png" width="20" height="20" /><img src="images/activestar.png" width="20" height="20" /><img src="images/activestar.png" width="20" height="20" /><img src="images/activestar.png" width="20" height="20" />'; 
} 
?> 
  </div> 
</div> 

<div id="commentbtm"><?php echo "$dbcomment"?> 
<div id="date"><?php echo $newDate?></div> 
</div> 

<?php     
        } 
    } 
?> 
        </div>
      </div> 
        </div>
      <!-- /.entry-content -->

    </article></li>

  </ol><!-- /#posts-list -->

NEW ADD FORM 

<script type="application/javascript">
$(function(){

    $("input[type='radio']").change(function(){
        var val = $(this).val();
        $(this).parent().find("input[type='radio']").each(function(){
            if ($(this).val() < val){
                $(this).addClass("belowchecked");
            } else {
                $(this).removeClass("belowchecked"); 
            }
        });
    });
});
</script>
<?php
//Require Database
require('connect.php');
//Variables
$name = $_POST['name'];
$email = $_POST['email'];
$website = $_POST['website'];
$service = $_POST['service'];
$comment = $_POST['comment'];
$rating = $_POST['star'];
date_default_timezone_set('Europe/London');
$date = date('Y-m-d');

// If Form Is Submitted 
 if(isset($_POST['add'])){
  
// Check User Entered Name   
if(empty ($name)){
   $error[] = "<b>Name</b>";
  }
// Check User Entered Email 
if(empty ($email)){
   $error[] = "<b>Email Address</b>";
   }
// Checks Users Email is valid
 else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) 
        {
     $error[] = "<b>Email</b>"; 
           $error2[] = "<b class='SmError'><b>Email</b> is invalid</b>";
        }
// If Website Is Not Empty
if (!empty ($website)) {
 // Check Website Is Valid
 if(!filter_var($website,   FILTER_VALIDATE_URL)) 
        {
     $error[] = "<b>Website</b>";
            $error2[] = "<b class='SmError'><b>Website</b> must begin with <b>http://</b> and end with your domain extention</b>";
        } 
}
// Else Website feild = null
else {
 $website = "";
}
//Check User Entered Rating
if(empty($rating)) {
 $error[] = "<b>Rating</b>";
}  
// Check User Entered Feedback  
if(empty ($comment)){
   $error[] = "<b>Feedback</b>";  
   }
   
$APIkey = "";
    $postresult=$_POST['g-recaptcha-response'];
    $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$APIkey&response=$postresult");

    if (strpos($response, 'false')){
        $error[] = "<b>CAPTCHA</b>";
    }

// If No Errors Insert To Database & Redirect To Feedback    
if (empty ($error)) {
 if (empty ($error2))
{
$stmt = $db->prepare("INSERT INTO comment (`id`, `name`, `email`, `comment`, `rating`, `postdate`, `service`, `website`) VALUES(:id, :name, :email, :comment, :rating, :postdate, :service, :website)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->bindValue(':email', $email);
$stmt->bindValue(':comment', $comment);
$stmt->bindValue(':rating', $rating);
$stmt->bindValue(':postdate', $date);
$stmt->bindValue(':service', $service);
$stmt->bindValue(':website', $website);
$stmt->execute();
$status = "Thankyou for your feedback";
}
}
}
?>
<section class="post-info" id="addfb" name="add">
<form action="" class="forms" method="POST">
<div class="stars">
    <input class="star star-5" id="star-1" type="radio" name="star" value="5" <?php if (isset($rating) && $rating=="5") echo "checked";?>/> 
    <label class="star star-5" for="star-1"></label>  
 
    <input class="star star-4" id="star-2" type="radio" name="star" value="4" <?php if (isset($rating) && $rating=="4") echo "checked";?>/> 
    <label class="star star-4" for="star-2"></label>
    
    <input class="star star-3" id="star-3" type="radio" name="star" value="3" <?php if (isset($rating) && $rating=="3") echo "checked";?>/> 
    <label class="star star-3" for="star-3"></label> 

    <input class="star star-2" id="star-4" type="radio" name="star" value="2" <?php if (isset($rating) && $rating=="2") echo "checked";?>/> 
    <label class="star star-2" for="star-4"></label>
    
    <input class="star star-1" id="star-5" type="radio" name="star" value="1" <?php if (isset($rating) && $rating=="1") echo "checked";?>/> 
    <label class="star star-1" for="star-5" ></label> 
</div>

<br>
Name <span class="Required">*Required</span><br>
  <input name="name" type="text" value="<?php echo $name; ?>">
  
</p>
<p>Email <span class="Required">*Required</span><br>
  <input name="email" type="text" value="<?php echo $email; ?>">
</p>
<p>Website <span class="Required">http://</span><br>
  <input name="website" type="text" id="website" value="<?php echo $website; ?>">
  </p>
<p>Service <span class="Required">*Required</span></p>
  <select name="service" class="services">
  <optgroup label="Peronal Services">
      <option value="Buisness Card Design" selected="selected">Business Card Design</option>
      <option value="Website Design">Website Design</option>
      <option value="Banner Design">Banner Design</option>
      <option value="Poster Design">Poster Design</option>
      <option value="Flyer Design">Flyer Design</option>
      <option value="Logo Design">Logo Design</option>
    </optgroup>
    
    <optgroup label="Service Packages" class="services">
      <option value="Buisness Package">Business Package</option>
      <option value="Personal Package">Personal Package</option>
      <option value="Charity Package">Charity Package</option>
      <option value="Mixed Services">Mixed Services</option>
    </optgroup>
  </select>
</p>

<p>Feedback<span class="Required"> *Required</span><br>
  <textarea id="comment" rows="8" cols="20" name="comment"><?php echo $comment; ?></textarea>
</p>
<div class="g-recaptcha" data-theme="light" data-sitekey=""></div>
<p>
  <input type="submit" name="add" value="Add Feedback">
</form>
<p>
  <?php 
// Show validation errros here
    if(!empty($error)){
 echo "Please check the following fields<br>";
    echo  implode($error, ', ');
 }
 
 if(!empty($error2)){
 echo "<br><br>";
    echo  implode($error2, '<br>');
 }
 echo $status;
?>
</p>
</p>

</section>

NEW CONNECT CODE 

<?php
$db = new PDO('mysql:host=HOST;dbname=;charset=utf8', 'USER', 'PASS');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);   
?>

Live working preview

RicPurcell
  • 86
  • 12