Reason7194 wrote:If I understand correctly, I do believe I am using two different files to process and display the message.
Yes, the two separate files are part of the problem. Another is the form action itself. It's set to call the file 'support.php' but the file that's calling it is using it's variables. That effectively gives both files access to separate variables that just happen to have the same names. But, only one of them is currently using them. And, if 'support.php' doesn't exist, your server will issue a 404 (your "not found" error).
All these issues can be fixed pretty simply, either by creating that file, and using the variables locally, or by altering the code slightly. This is just the same code I sent you a moment ago, but I'm posting it here as well for completeness. Check this out.
- Code: Select all
// FIXED: Case sensitivity mismatch in original $_POST['message'].
if( isset($_POST['message']) && ($_POST['message'] != null) )
// this should actually be filtered as well
$message = $_POST['message'];
$fp = fopen("support.php","a");
// no quotes here: Solves the problem of '$message' being
// written to the file instead of the actual message content
// form action is now THIS file
echo "<form method='post' action=''><center><br /><br />Username:<input name='username' type='text' /><br />Message:<br /><textarea name='message' rows='15' cols='40'></textarea><br /><input type='submit' /></center></form>";
// now to render the contents of support.php
$fp = fopen("support.php","r");
while( !feof($fp) )
$line = fgets($fp);
$text = special_filter_function_defined_elsewhere($line);
That's a little bit better without actually defining what would be the perfect method for filtering user input. I left that function undefined, because there are a few ways to do it. And to secure something like what you're building here, it will most likely involve something custom. For instance, placing quotes around each line of the file, so that they're written as text, instead of interpretted as code, would help. But I'm sure there are other ways.