password for file uploading permission

ekstasis16

I have a form where users can upload a file which is sent to an email account as an attachment, which is working fine. I want to add a password so only certain users can upload files (for obvious security reasons).

Here is the code I have so far from my very basic understanding of PHP:

if ($password != "xxxxx"){
$passcheck = "The password you entered is incorrect.";
header("Location: http://www.ekstasis.nu/music/pages/recital_form.php");
break;
}

I've tested it with the correct password, and the rest of the script will execute fine if this is the case. What I want to do is if the password is wrong, reload the page with all the form fields still containing the info they typed in and add some text below the password field saying they did no enter it correctly. How do I resend the form fields to the reloaded page from within this script?

Here is the whole script:

// Read POST request params into global vars
$to = $HTTP_POST_VARS['recipient'];
$from = $HTTP_POST_VARS['email'];
$subject = $HTTP_POST_VARS['subject'];
$name = $HTTP_POST_VARS['name'];
$instrument = $HTTP_POST_VARS['instrument'];
$date = $HTTP_POST_VARS['date'];
$password = $HTTP_POST_VARS['password'];
$passcheck = "";
$message = "Name: $name \nVoice/Instrument: $instrument \nPerformance Date: $date \n";

if ($password != "xxxxx"){
$passcheck = "The password you entered is incorrect.";
header("Location: http://www.ekstasis.nu/music/pages/recital_form.php");
break;
}

// Obtain file upload vars
$fileatt = $FILES['fileatt']['tmp_name'];
$fileatt_type = $FILES['fileatt']['type'];
$fileatt_name = $_FILES['fileatt']['name'];

$headers = "From: $from";

if (is_uploaded_file($fileatt)) {
// Read the file to be attached ('rb' = read binary)
$file = fopen($fileatt,'rb');
$data = fread($file,filesize($fileatt));
fclose($file);

// Generate a boundary string
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";

// Add the headers for a file attachment
$headers .= "\nMIME-Version: 1.0\n" .
"Content-Type: multipart/mixed;\n" .
" boundary=\"{$mime_boundary}\"";

// Add a multipart boundary above the plain message
$message .= "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";

// Base64 encode the file data
$data = chunk_split(base64_encode($data));

// Add file attachment to the message
$message .= "--{$mime_boundary}\n" .
"Content-Type: {$fileatt_type};\n" .
" name=\"{$fileatt_name}\"\n" .
//"Content-Disposition: attachment;\n" .
//" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n" .
"--{$mime_boundary}--\n";
}

// Send the message
mail($to, $subject, $message, $headers);

header("Location: http://www.clunet.edu/music/pages/student_info.html");

And here is the form that sends the variables to the above script:

<FORM enctype="multipart/form-data" ACTION="recital_program_mailer.php" METHOD="POST">
<input type="hidden" name="recipient" value="me@cmydomain.com">
<input type="hidden" name="subject" value="Student Recital Program Information">
<input type=hidden name="redirect" value="some redirect page">
<table class="bodytext" cellpadding=3 cellspacing=0>
<tr><td width=150 align=right>Name: </td><td align=left><input type="text" name="name" value="<? echo $HTTP_POST_VARS['name']; ?>" size=30></td></tr>
<tr><td width=150 align=right>Email: </td><td align=left><input type="text" name="email" value="<? echo $HTTP_POST_VARS['email']; ?>" size=30></td></tr>
<tr><td width=150 align=right>Instrument/Voice Category: </td><td align=lef><input type="text" value="<? echo $HTTP_POST_VARS['instrument']; ?>" name="instrument" size=20></td></tr>
<tr><td width=150 align=right>Performance Date: </td><td align=lef><input type="text" value="<? echo $HTTP_POST_VARS['date']; ?>" name="date" size=15></td></tr>
<tr><td width=150 align=right><br>File: </td><td align=left><br><input type="file" name="fileatt"></td></tr>
<tr><td width=150 align=right>Password: </td><td align=left><input type="password" name="password"></td></tr>
<tr><td width=150 align=right></td><td align=left><font color="#FF0000"><? echo $passcheck ?></font></td></tr>
<tr><td width=150><td align=left><br><input type=submit value=Submit></td></tr>
</table>
</form>