Hello, community! I’ve been working on this for the past few hours and can’t seem to find the error. I think I’m in need of a pair of fresh eyes to look it over. The problem I’m having arises on the form submit. And I think it may have to do with the Photo uploads. Thank you!
<form name="quiz-form" method="post" action="send_form_email.php" enctype="multipart/form-data">
<label for="first_name">First Name * </label>
<input type="text" name="first_name" maxlength="50"></br>
<label for="last_name">Last Name * </label>
<input type="text" name="last_name" maxlength="50"></br></br></br>
<ol>
<li>
<label for="TorF">Question</label></br>
<input type="radio" name="TorF1" value="True"/>True</br>
<input type="radio" name="TorF1" value="False"/>False
</li></br>
<li>
<label for="TorF2">Question</label></br>
<input type="radio" name="TorF2" value="True"/>True</br>
<input type="radio" name="TorF2" value="False"/>False
</li></br>
<li><label for="uploaded_file1">Question</label></br>
<input type="file" name="uploaded_file1" /></li></br>
<li><label for="uploaded_file2">Question</label><br/>
<input type="file" name="uploaded_file2" /></li></br>
<li><label for="comments">Question</label></br>
<textarea name="comments" maxlength="1000" cols="30" rows="8"></textarea></li></br>
</ol>
<label for="email">Email * </label>
<input type="text" name="email" maxlength="50"></br></br>
<p align="center"><input type="submit" value=" Submit" class="button" /></p>
</form>
<?php
include_once('Mail.php');
include_once('Mail_Mime/mime.php');
$max_allowed_file_size = 100; // size in KB
$allowed_extensions = array("jpg", "jpeg", "gif", "bmp");
$upload_folder = './pictures/';
$your_email = '******@hotmail.com';
$errors ='';
if(isset($_POST['submit'])) {
$name_of_uploaded_file1 = basename($_FILES['uploaded_file1']['first_name']['last_name']);
$type_of_uploaded_file1 = substr($name_of_uploaded_file1, strrpos($name_of_uploaded_file1, '.') + 1);
$size_of_uploaded_file1 = $_FILES["uploaded_file1"]["size"]/1024;
$name_of_uploaded_file2 = basename($_FILES['uploaded_file2']['first_name']['last_name']));
$type_of_uploaded_file2 = substr($name_of_uploaded_file2, strrpos($name_of_uploaded_file2, '.') + 1);
$size_of_uploaded_file2 = $_FILES["uploaded_file2"]["size"]/1024;
if(empty($_POST['first_name'])||empty($_POST['last_name'])||empty($_POST['email']))
{
$errors .= "\
First Name, Last Name, and Email are required fields. ";
}
if(empty($_POST['TorF1'])||empty($_POST['TorF2']||empty($_POST['uploaded_file1'])||empty($_POST['uploaded_file2']))
{
$errors .= "\
All questions must be answered before submitting. ";
}
if(IsInjected($email))
{
$errors .= "\
Bad email value!";
}
if($size_of_uploaded_file > $max_allowed_file_size )
{
$errors .= "\
Size of file should be less than $max_allowed_file_size";
}
//------ Validate the file extension -----
$allowed_ext = false;
for($i=0; $i<sizeof($allowed_extensions); $i++)
{
if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file1) == 0)
{
$allowed_ext = true;
}
}
$allowed_ext = false;
for($i=0; $i<sizeof($allowed_extensions); $i++)
{
if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file2) == 0)
{
$allowed_ext = true;
}
}
if(!$allowed_ext)
{
$errors .= "\
The uploaded file is not supported file type. ".
" Only the following file types are supported: ".implode(',',$allowed_extensions);
}
//send the email
if(empty($errors))
{
//copy the temp. uploaded file to uploads folder
$path_of_uploaded_file1 = $upload_folder . $name_of_uploaded_file1;
$tmp_path = $_FILES["uploaded_file1"]["tmp_name"];
$path_of_uploaded_file2 = $upload_folder . $name_of_uploaded_file2;
$tmp_path = $_FILES["uploaded_file2"]["tmp_name"];
if(is_uploaded_file1($tmp_path))
{
if(!copy($tmp_path,$path_of_uploaded_file1))
{
$errors .= '\
error while copying the uploaded file';
}
}
if(is_uploaded_file2($tmp_path))
{
if(!copy($tmp_path,$path_of_uploaded_file2))
{
$errors .= '\
error while copying the uploaded file';
}
}
//send the email
$name = $_POST['first_name'];
$surname = $_POST['last_name'];
$TorF1 = $_POST['TorF1'];
$TorF2 = $_POST['TorF2'];
$visitor_email = $_POST['email'];
$comments = $_POST['comments'];
$to = $your_email;
$subject="Quiz Responses";
$from = $your_email;
$text = "A user $name has sent you this message:\
$user_message";
$message = new Mail_mime();
$message->setTXTBody($text);
$message->addAttachment($path_of_uploaded_file1);
$message->addAttachment($path_of_uploaded_file2);
$body = $message->get();
$extraheaders = array("From"=>$from, "Subject"=>$subject,"Reply-To"=>$visitor_email);
$headers = $message->headers($extraheaders);
$mail = Mail::factory("mail");
$mail->send($to, $headers, $body);
}
}
function IsInjected($str)
{
$injections = array('(\
+)',
'(\\r+)',
'(\ +)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>