PHP upload and email help

webmanUK

Hi all,

Being a bit of a php newbie I wondered if someone could have a look at this attempt to code a script that uploads a file to the server and emails the site admin and give me some advice.

Also how would I allow for other file formats, eg. wav, mp3 etc.

The code I have so far is:

        <?php
        function spamcheck($field)
        {
        //eregi() performs a case insensitive regular expression match
        if(eregi("to:",$field) || eregi("cc:",$field))
        {
        return TRUE;
        }
        else
        {
        return FALSE;
        }
        }

    //if "email" is filled out, send email
    if (isset($_REQUEST['email']))
    {
    //check if the email address is invalid
    $mailcheck = spamcheck($_REQUEST['email']);
    if ($mailcheck==TRUE)
    {
    echo "Invalid input";
    }
    //&#1057;heck that we have a file
    if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {
    //Check if the file is JPEG image and it's size is less than 350Kb
    $filename = basename($_FILES['uploaded_file']['name']);
    $ext = substr($filename, strrpos($filename, '.') + 1);
    if (($ext == "wav") && ($_FILES["uploaded_file"]["type"] == "audio/wav") &&
    ($_FILES["uploaded_file"]["size"] < 200000000)) {
    //Determine the path to which we want to save this file
    $newname = dirname(__FILE__).'/upload/'.$filename;
    //Check if the file with the same name is already exists on the server
    if (!file_exists($newname)) {
    //Attempt to move the uploaded file to it's new place
    if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {

    //send email
    $email = $_REQUEST['email'] ;
    $subject = $_REQUEST['subject'] ;
    $message = "A file has been uploaded to the 'uploads' folder on the web server:\r\n\n";
    $message .= "---------------------------------------------------------------\r\n\n";
    $message .= "File Name: ".$filename; "\r\n\n";
    $message .= "File Location: http://www.yourdomain.com/upload/".$filename; "\r\n\n";
    $message .= "Uploader's IP address: ". $_SERVER['REMOTE_ADDR'] ."\r\n\n";
    $message .= "---------------------------------------------------------------\r\n\n";
    mail("youk@yourdomain.com", "Subject: $subject",
    $message, "From: $email" );
    echo "Thank you for using our mail form";
    echo "It's done! The file has been saved as: ".$newname;

    } else {
    echo "Error: A problem occurred during file upload!";
    }
    } else {
    echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
    }
    } else {
    echo "Error: Only .mp3 files under 350Kb are accepted for upload";
    }
    } else {
    echo "Error: No file uploaded";
    }
    }
    else
    //if "email" is not filled out, display the form
    {
    echo "<form enctype='multipart/form-data' method='post' action='form.php'>
    Email: <input name='email' type='text' /><br />
    Subject: <input name='subject' type='text' /><br />
    Choose a file to upload: <input name='uploaded_file' type='file' /><br />
    <input type='submit' value='Submit' />
    </form>";
    }
    ?>

Thanks in advance.

Joseph07

First of all, I think you should get a newer version of upload script. Googling certainly will gives you tons of this kind of scripts back.

For the extension, you should be looking at this line.

if (($ext == "wav") && ($_FILES["uploaded_file"]["type"] == "audio/wav") && 
// If you want to accept other format, you can predefined a set of extension you want to accept.
// Put acceptable format in array.
$acceptable_format = array("wav", "mp3");
// Then check whether if the format the user upload is acceptable
if (!in_array($ext, $acceptable_format)) {
// Format not accepted
echo "Format not acceptable";
} else {
echo "Format acceptable";
}

Something like that if you understand.

webmanUK

Thanks for that Joseph,

Just out of curiosity, whats out dated about the upload script?

Cheers

webmanUK

Could anyone suggest a more up to date upload script?

Cheers

Joseph07

$_REQUEST is one of it.

Google it and you should get it.

fabiobasile

The email function validates correctly, by which i mean it returns the success page, and the file uploads, but i get no email back.

I hope the upload part of this code will help you, and if anyone has any idea how to get the form to send an email back it would be great! :-)

<?php

// get posted data into local variables
//$EmailTo = "webmaster@eleganteditions.com";
$EmailFrom = Trim(stripslashes($_POST['EmailFrom'])); 
$EmailTo = "info@fabiobasile.com";
$Subject = "A new file was uploaded";
$name = Trim(stripslashes($_POST['name'])); 
$email = Trim(stripslashes($_POST['email']));
$comments = Trim(stripslashes($_POST['comments']));

// validation
$validationOK=true;
if (Trim($name)=="") $validationOK=false;
if (Trim($email)=="") $validationOK=false;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=../ERROR.html\">";
  exit;
}


// prepare email body text
$Body .= "name: ";
$Body .= $name;
$Body .= "\n";

$Body .= "e-mail: ";
$Body .= $email;
$Body .= "\n";

$Body .= "comments: ";
$Body .= $comments;
$Body .= "\n";

// send email 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// redirect to success page 
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=../upload_OK\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=../ERROR.html\">";
}

//==========
// Upload script
//==========

// ==============
// Configuration
// ==============
$uploaddir = "../upload";
// Where you want the files to upload to
//Important: Make sure this folders permissions is 0777!
$allowed_ext = "jpg, JPG, jpeg, gif, png, pdf";
// These are the allowed extensions of the files that are uploaded
$max_size = "10485760";
// 50000 is the same as 50kb
$max_height = "6000";
// This is in pixels - Leave this field empty if you don't want to upload images
$max_width = "6000";
// This is in pixels - Leave this field empty if you don't want to upload images

// Check Entension
$extension = pathinfo($_FILES['file']['name']);
$extension = $extension[extension];
$allowed_paths = explode(", ", $allowed_ext);
for($i = 0; $i < count($allowed_paths); $i++) {
if ($allowed_paths[$i] == "$extension") {
$ok = "1";
}
}

// Check File Size
if ($ok == "1") {
if($_FILES['file']['size'] > $max_size)
{
print "<meta http-equiv=\"refresh\" content=\"0;URL=../upload_ERROR_SIZE\">";
exit;
}

// Check Height & Width
if ($max_width && $max_height) {
list($width, $height, $type, $w) = getimagesize($_FILES['file']['tmp_name']);
if($width > $max_width || $height > $max_height)
{
print "<meta http-equiv=\"refresh\" content=\"0;URL=../upload_ERROR_DIMENSION\">";
exit;
}
}


// The Upload Part
if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);

}
print "<meta http-equiv=\"refresh\" content=\"0;URL=../upload_OK\">";
} else {
print "<meta http-equiv=\"refresh\" content=\"0;URL=../upload_ERROR_EXTENSION\">";
}
?>