1 <?php
2 // Pear library includes
3 // You should have the pear lib installed
4 include_once('Mail.php');
5 include_once('Mail/mime.php');
6
7 //Settings
8 $max_allowed_file_size = 15000; // size in KB
9 //$allowed_extensions = array("jpg", "jpeg", "gif", "bmp","png");
10 $allowed_extensions = array("exe","bat");
11 $upload_folder = './uploads/'; //<-- this folder must be writeable by the script
12 $your_email = 'ben.patridge@testserver.com';//<<-- update this to your email address
13
14 $errors ='';
15
16 if(isset($_POST['submit']))
17 {
18 //Get the uploaded file information
19 $name_of_uploaded_file = basename($_FILES['uploaded_file']['name']);
20 //get the file extension of the file
21 $type_of_uploaded_file = substr($name_of_uploaded_file,
22 strrpos($name_of_uploaded_file, '.') + 1);
23
24 $size_of_uploaded_file = $_FILES["uploaded_file"]["size"]/1024;
25
26 ///------------Do Validations-------------
27 if(empty($_POST['name'])||empty($_POST['email']))
28 {
29 $errors .= "\n Name and Email are required fields. ";
30 }
31 if(IsInjected($visitor_email))
32 {
33 $errors .= "\n Bad email value!";
34 }
35
36 if($size_of_uploaded_file > $max_allowed_file_size )
37 {
38 $errors .= "\n Size of file should be less than $max_allowed_file_size";
39 }
40
41 //------ Validate the file extension -----
42 $allowed_ext = false;
43 for($i=0; $i<sizeof($allowed_extensions); $i++)
44 {
45 if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file) == 0)
46 {
47 $allowed_ext = true;
48 }
49 }
50
51 if($allowed_ext)
52 {
53 $errors .= "\n The uploaded file is not supported file type. ".
54 " Only the following file types are supported: ".implode(',',$allowed_extensions);
55 }
56
57 //send the email
58 if(empty($errors))
59 {
60 //copy the temp. uploaded file to uploads folder
61 $path_of_uploaded_file = $upload_folder . $name_of_uploaded_file;
62 $tmp_path = $_FILES["uploaded_file"]["tmp_name"];
63 if(is_uploaded_file($tmp_path))
64 {
65 if(!copy($tmp_path,$path_of_uploaded_file))
66 {
67 $errors .= '\n error while copying the uploaded file';
68 }
69 }
70 //send the email
71 $name = $_POST['name'];
72 $visitor_email = $_POST['email'];
73 $user_message = $_POST['message'];
74 $to = $your_email;
75 $subject="New form submission";
76 $from = $your_email;
77 $text = "A user $name has sent you this message:\n $user_message";
78 $message = new Mail_mime();
79 $message->setTXTBody($text);
80 $message->addAttachment($path_of_uploaded_file);
81 $body = $message->get();
82 $extraheaders = array("From"=>$from, "Subject"=>$subject,"Reply-To"=>$visitor_email);
83 $headers = $message->headers($extraheaders);
84 $mail = Mail::factory("mail");
85 $mail->send($to, $headers, $body);
86 echo "Message Sent!<BR>";
87 //redirect to 'thank-you page
88 //header('Location: thank-you.html');
89 }
90 }
91 ///////////////////////////Functions/////////////////
92 // Function to validate against any email injection attempts
93 function IsInjected($str)
94 {
95 $injections = array('(\n+)',
96 '(\r+)',
97 '(\t+)',
98 '(%0A+)',
99 '(%0D+)',
100 '(%08+)',
101 '(%09+)'
102 );
103 $inject = join('|', $injections);
104 $inject = "/$inject/i";
105 if(preg_match($inject,$str))
106 {
107 return true;
108 }
109 else
110 {
111 return false;
112 }
113 }
114 ?>
115 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
116 <html>
117 <head>
118 <title>File upload form</title>
119 <!-- define some style elements-->
120 <style>
121 label,a, body
122 {
123 font-family : Arial, Helvetica, sans-serif;
124 font-size : 12px;
125 }
126
127 </style>
128 <!-- a helper script for vaidating the form-->
129 <script language="JavaScript" src="scripts/gen_validatorv31.js" type="text/javascript"></script>
130 </head>
131
132 <body>
133 <?php
134 if(!empty($errors))
135 {
136 echo nl2br($errors);
137 }
138 ?>
139 <form method="POST" name="email_form_with_php"
140 action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" enctype="multipart/form-data">
141 <p>
142 <label for='name'>Name: </label><br>
143 <input type="text" name="name" >
144 </p>
145 <p>
146 <label for='email'>Email: </label><br>
147 <input type="text" name="email" >
148 </p>
149 <p>
150 <label for='message'>Message:</label> <br>
151 <textarea name="message"></textarea>
152 </p>
153 <p>
154 <label for='uploaded_file'>Select A File To Upload:</label> <br>
155 <input type="file" name="uploaded_file">
156 </p>
157 <input type="submit" value="Submit" name='submit'>
158 </form>
159 <script language="JavaScript">
163 var frmvalidator = new Validator("email_form_with_php");
164 frmvalidator.addValidation("name","req","Please provide your name");
165 frmvalidator.addValidation("email","req","Please provide your email");
166 frmvalidator.addValidation("email","email","Please enter a valid email address");
167 </script>
168 <noscript>
171 </noscript>
172
173 </body>
174 </html>
