Form Submit With Photo Attachment Not Working?

Telo · June 28, 2013, 12:29am

Hello, community! I’ve been working on this for the past few hours and can’t seem to find the error. I think I’m in need of a pair of fresh eyes to look it over. The problem I’m having arises on the form submit. And I think it may have to do with the Photo uploads. Thank you!

<form name="quiz-form" method="post" action="send_form_email.php" enctype="multipart/form-data">

<label for="first_name">First Name * </label>
<input type="text" name="first_name" maxlength="50"></br>

<label for="last_name">Last Name * </label>
<input type="text" name="last_name" maxlength="50"></br></br></br>

	<ol>
		<li>
			<label for="TorF">Question</label></br>
			<input type="radio" name="TorF1" value="True"/>True</br>
                        <input type="radio" name="TorF1" value="False"/>False
		</li></br>

		<li>
			<label for="TorF2">Question</label></br>
		        <input type="radio" name="TorF2" value="True"/>True</br>
		        <input type="radio" name="TorF2" value="False"/>False
		</li></br>

		<li><label for="uploaded_file1">Question</label></br>
		<input type="file" name="uploaded_file1" /></li></br>

		<li><label for="uploaded_file2">Question</label><br/>
		<input type="file" name="uploaded_file2" /></li></br>

		<li><label for="comments">Question</label></br>
		<textarea  name="comments" maxlength="1000" cols="30" rows="8"></textarea></li></br>
	</ol>

<label for="email">Email * </label>
<input type="text" name="email" maxlength="50"></br></br>

<p align="center"><input type="submit" value=" Submit" class="button" /></p>
</form>


<?php 

	include_once('Mail.php');
	include_once('Mail_Mime/mime.php');

	$max_allowed_file_size = 100; // size in KB 
	$allowed_extensions = array("jpg", "jpeg", "gif", "bmp");
	$upload_folder = './pictures/';
	$your_email = '******@hotmail.com';

	$errors ='';

	if(isset($_POST['submit'])) {

	$name_of_uploaded_file1 =  basename($_FILES['uploaded_file1']['first_name']['last_name']);
	$type_of_uploaded_file1 = substr($name_of_uploaded_file1, strrpos($name_of_uploaded_file1, '.') + 1);
	$size_of_uploaded_file1 = $_FILES["uploaded_file1"]["size"]/1024;

	$name_of_uploaded_file2 =  basename($_FILES['uploaded_file2']['first_name']['last_name']));
	$type_of_uploaded_file2 = substr($name_of_uploaded_file2, strrpos($name_of_uploaded_file2, '.') + 1);
	$size_of_uploaded_file2 = $_FILES["uploaded_file2"]["size"]/1024;
	

	if(empty($_POST['first_name'])||empty($_POST['last_name'])||empty($_POST['email']))
	{
		$errors .= "\
 First Name, Last Name, and Email are required fields. ";	
	}

	if(empty($_POST['TorF1'])||empty($_POST['TorF2']||empty($_POST['uploaded_file1'])||empty($_POST['uploaded_file2']))
	{
		$errors .= "\
 All questions must be answered before submitting. ";
	}

	if(IsInjected($email))
	{
		$errors .= "\
 Bad email value!";
	}
	
	if($size_of_uploaded_file > $max_allowed_file_size ) 
	{
		$errors .= "\
 Size of file should be less than $max_allowed_file_size";
	}
	
	//------ Validate the file extension -----
	$allowed_ext = false;
	for($i=0; $i<sizeof($allowed_extensions); $i++) 
	{ 
		if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file1) == 0)
		{
			$allowed_ext = true;		
		}
	}

	$allowed_ext = false;
	for($i=0; $i<sizeof($allowed_extensions); $i++) 
	{ 
		if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file2) == 0)
		{
			$allowed_ext = true;		
		}
	}
	
	if(!$allowed_ext)
	{
		$errors .= "\
 The uploaded file is not supported file type. ".
		" Only the following file types are supported: ".implode(',',$allowed_extensions);
	}
	
	//send the email 
	if(empty($errors))
	{
		//copy the temp. uploaded file to uploads folder
		$path_of_uploaded_file1 = $upload_folder . $name_of_uploaded_file1;
		$tmp_path = $_FILES["uploaded_file1"]["tmp_name"];

		$path_of_uploaded_file2 = $upload_folder . $name_of_uploaded_file2;
		$tmp_path = $_FILES["uploaded_file2"]["tmp_name"];
		
		if(is_uploaded_file1($tmp_path))
		{
		    if(!copy($tmp_path,$path_of_uploaded_file1))
		    {
		    	$errors .= '\
 error while copying the uploaded file';
		    }
		}

		if(is_uploaded_file2($tmp_path))
		{
		    if(!copy($tmp_path,$path_of_uploaded_file2))
		    {
		    	$errors .= '\
 error while copying the uploaded file';
		    }
		}
		
		//send the email
		$name = $_POST['first_name'];
		$surname = $_POST['last_name'];
		$TorF1 = $_POST['TorF1'];
		$TorF2 = $_POST['TorF2'];
		$visitor_email = $_POST['email'];
		$comments = $_POST['comments'];
		$to = $your_email;
		$subject="Quiz Responses";
		$from = $your_email;
		$text = "A user  $name has sent you this message:\
 $user_message";
		
		$message = new Mail_mime(); 
		$message->setTXTBody($text); 
		$message->addAttachment($path_of_uploaded_file1);
		$message->addAttachment($path_of_uploaded_file2);
		$body = $message->get();
		$extraheaders = array("From"=>$from, "Subject"=>$subject,"Reply-To"=>$visitor_email);
		$headers = $message->headers($extraheaders);
		$mail = Mail::factory("mail");
		$mail->send($to, $headers, $body);
	}
}

		function IsInjected($str)
		{
  			$injections = array('(\
+)',
              		'(\\r+)',
              		'(\	+)',
              		'(%0A+)',
              		'(%0D+)',
              		'(%08+)',
              		'(%09+)'
              	);
  
		$inject = join('|', $injections);
  		$inject = "/$inject/i";
  
		if(preg_match($inject,$str))
    		{
    			return true;
  		}
 		else
    		{
    			return false;
  		}
	}
?>

tamilsuresh · June 28, 2013, 3:27am

You should not give first_name and last_name in FILES variable

$name_of_uploaded_file1 =  basename($_FILES['uploaded_file1']['first_name']['last_name']);
$name_of_uploaded_file2 =  basename($_FILES['uploaded_file2']['first_name']['last_name']));

Change it like this

$name_of_uploaded_file1 =  basename($_FILES['uploaded_file1']['name']);
$name_of_uploaded_file2 =  basename($_FILES['uploaded_file2']['name']));

SpikeZ · June 28, 2013, 9:02am

also


empty($_POST['uploaded_file1'])

will never evaluate as uploaded_file1 in in the $_FILES global array and not the $_POST array!

Telo · June 28, 2013, 2:12pm

I’m a bit confused by this statement… But, can it be evaluated any other way other than these two arrays to make sure the user has indeed selected photos when the form submits?

SpikeZ · June 28, 2013, 9:12pm

Yes, the $_FILES array contains a few useful things. One of which is an error code.


if($_FILES['uploaded_file1']['error'] == 4) { // error 4 means that no file was submitted
    // no file
} else {
    // file submitted
}

So a print out of the array would look like:


/*
Array
(
    [image] => Array
        (
            [name] => Array
                (
                    [0] => 400.png
                )
            [type] => Array
                (
                    [0] => image/png
                )
            [tmp_name] => Array
                (
                    [0] => /tmp/php5Wx0aJ
                )
            [error] => Array
                (
                    [0] => 0
                )
            [size] => Array
                (
                    [0] => 15726
                )
        )
)

Have a look at: http://php.net/manual/en/reserved.variables.files.php for more details

litebearer · June 28, 2013, 10:27pm

BTW 100 is bytes NOT kb. So 100000 would be 100kb
Ignore…
Didn’t see your modification of files sizes