cyberdyne2

Thank you thorpe

Sorry thorpe, I did read it a number of times. The problem is, I didn't fully understand it. :-\ function checkType() { while("list($key,$value)" = each($_FILES['images']['type'])){ strtolower($value); if($value != "image/jpeg" AND $value != "image/pjpeg" AND $value != "") { exit('Sorry , current format is <b>'.($value).'</b> ,only Jpeg or jpg are allowed.') ; } } checkSize(); }

Many thanks thorpe but unfortunately, your suggestion did not fix it and I'm still receiving the same error. The whole function is: function checkType() { while(list($key,$value) = each($_FILES[images][type])){ strtolower($value); if($value != "image/jpeg" AND $value != "image/pjpeg" AND $value != "") { exit('Sorry , current format is <b>'.($value).'</b> ,only Jpeg or jpg are allowed.') ; } } checkSize(); }

Getting this error on the following lines. Can anyone tell me why please? while(list($key,$value) = each($_FILES[images][type])) while(list($key,$value) = each($_FILES[images][size])) while(list($key,$value) = each($_FILES[images][name])) Many thanks

Im aware of that, it does not work, that's why I thought I'd ask you guys, but no problem.

I have an email form with file attachment and I've had a nightmare of a time trying to incorporate reCaptcha into it. I think this is mainly because the post action"" doesn't use an external file but inline code (hope i'm making sense!?) I've managed to get the form to appear correct, but without the below code, it doesn't function. The code is below. Can anyone please tell me where to insert (no jokes please!) the reCaptcha code (posted at end). Many thanks in advance. <?php session_start(); function print_form(){ ?> <span><span class="required">*</span>Required Fields</span> <form method="post" action="<?php echo $_SERVER[’PHP_SELF’];?>" id="uploadform" enctype="multipart/form-data"> <span><label for="namefrom">Name <span class="required">*</span></label> <input name="namefrom" style="border-width:2; border-color:#006600" id="namefrom" type="text" class="field" value="<?= $_SESSION['myForm']['namefrom']; ?>" tabindex="1"/></span> <span><label for="emailfrom">Email <span class="required">*</span></label> <input name="emailfrom" style="border-width:2; border-color:#006600" id="emailfrom" type="text" class="field" value="<?= $_SESSION['myForm']['emailfrom']; ?>" tabindex="3"/></span> <span><label for="subject">Subject <span class="required">*</span></label> <input name="subject" style="border-width:2; border-color:#006600" id="subject" type="text" class="field" value="<?= $_SESSION['myForm']['subject']; ?>" tabindex="5"/></span> <span><label for="comments">Message <span class="required">*</span></label> <textarea name="comments" style="border-width:2; border-color:#006600" id="comments" rows="3" cols="8" class="field" tabindex="6"><?= $_SESSION['myForm']['comments']; ?></textarea></span> <span><label for="attachment" style="border-width:2; border-color:#006600">(1 file, max size 600kb, only .jpg or .jpeg)</label> <input name="attachment" style="border-width:2; border-color:#006600" id="attachment" type="file" tabindex="7"> <?php require_once('recaptchalib.php'); $publickey = "your_public_key"; // you got this from the signup page echo recaptcha_get_html($publickey); ?> <span><input type="submit" name="submit" id="submit" value="Send" tabindex="8"/> <input type="reset" name="reset" id="submit" value="Reset" tabindex="9"/></span> <span><input type="hidden" name="submitted" value="true" /></span> </form> <?php } function process_form() { $to = "[email protected]"; $subject = trim($_POST['subject']); $namefrom = trim($_POST['namefrom']); $emailfrom = trim($_POST['emailfrom']); $comments = trim($_POST['comments']); $allowtypes=array("jpeg", "jpg"); $requirefile="false"; $max_file_size="600"; $thanksmessage="Email sent, we will reply a.s.a.p."; $errors = array(); //Initialize error array if (empty($_POST['namefrom']) ) { $errors[]='You forgot to enter your name'; } if (empty($_POST['emailfrom']) ) { $errors[]='You forgot to enter your email'; } else { if (!eregi ('^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$', stripslashes(trim($_POST['emailfrom'])))) { $errors[]='Please enter a valid email address'; } // if eregi } // if empty email if (empty($_POST['subject']) ) { $errors[]='You forgot to enter a subject'; } if (empty($_POST['comments']) ) { $errors[]='You forgot to enter your message'; } if($requirefile=="true") { if($_FILES['attachment']['error']==4) { $errors[]='You forgot to attach a file'; } } if((!empty($_FILES["attachment"])) && ($_FILES['attachment']['error'] == 0)) { // basename -- Returns filename component of path $filename = basename($_FILES['attachment']['name']); $ext = substr($filename, strrpos($filename, '.') + 1); $filesize=$_FILES['attachment']['size']; $max_bytes=$max_file_size*600; if (!in_array($ext, $allowtypes)) { $errors[]="Invalid extension for your file: <strong>".$filename."</strong>"; } elseif($filesize > $max_bytes) { $errors[]= "Your file: <strong>".$filename."</strong> is to big. Max file size is ".$max_file_size."kb."; } } // if !empty FILES if (empty($errors)) { //If everything is OK $fileatt = $_FILES['attachment']['tmp_name']; $fileatt_type = $_FILES['attachment']['type']; $fileatt_name = $_FILES['attachment']['name']; $headers = "From: ".$emailfrom."\n"; $headers.= "Bcc: [email protected]" $semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; $headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; $message ="This is a multi-part message in MIME format.\n\n"; $message.="--{$mime_boundary}\n"; $message.="Content-Type: text/plain; charset=\"iso-8859-1\"\n"; $message.="Content-Transfer-Encoding: 7bit\n\n"; $message.="You have a new email:\n\n"; $message.="From: ".$namefrom."\n"; $message.="Email address: ".$emailfrom."\n\n"; # $message.="Company: ".$company."\n"; # $message.="Phone: ".$phone."\n"; $message.="Message: ".$comments."\n\n"; if (is_uploaded_file($fileatt)) { $file = fopen($fileatt,'rb'); $data = fread($file,filesize($fileatt)); fclose($file); $data = chunk_split(base64_encode($data)); $message .= "--{$mime_boundary}\n" . "Content-Type: {$fileatt_type};\n" . " name=\"{$fileatt_name}\"\n" . //"Content-Disposition: attachment;\n" . //" filename=\"{$fileatt_name}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data . "\n\n" . "--{$mime_boundary}--\n"; } $envs = array("HTTP_USER_AGENT", "REMOTE_ADDR", "REMOTE_HOST"); foreach ($envs as $env) $message .= "$env: $_SERVER[$env]\n"; if(!mail($to,$subject,$message,$headers)) { exit("Mail could not be sent. Sorry! An error has occurred, please report this to the website administrator.\n"); } else { echo '<div id="formfeedback"><!--<h3>Thank You!--></h3><p>'. $thanksmessage .'</p></div>'; unset($_SESSION['myForm']); print_form(); } // end of if !mail } else { //report the errors echo '<div id="formfeedback"><b>Error!</b><br />'; foreach ($errors as $msg) { //prints each error echo " - $msg<br />\n"; } // end of foreach echo '</div>'; print_form(); } //end of if(empty($errors)) } // end of process_form() ?> reCaptcha: <?php require_once('recaptchalib.php'); $privatekey = "your_private_key"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // What happens when the CAPTCHA was entered incorrectly die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")"); } else { // Your code here to handle a successful verification } ?>

Thought so I've: changed the cases for 1,2,3,4 changed the email addresses for real ones added my 4 x actual subjects changed $sendmailto to $toEmail to reflect what my script uses Do I need to change $subj to $subject ? It doesn't seem to work at the moment. Thanks

Ok, I thought my script prevented that, but then I've not posted the whole script. Fair enough. Should the case values read 1,2,1,1 ? Or should they be 1,2,3,4? Thanks

I thought the subject could only be one of the four drop down options. Am I wrong? Thanks

Many thanks for your reply. While awaiting a reply I found another solution which works well (below). How do you think the two compare and can you see any advantages of your method over what I found? Thanks again. //-----------Script:--------------// $recipients = array( 'Booking Enquiry' => '[email protected],[email protected]', 'General Enquiry' => '[email protected],[email protected]', 'Admissions' => '[email protected],[email protected]', 'Website Feedback' => '[email protected],[email protected]', ); $toEmail = $recipients[$_REQUEST['subject']]; $successPage = ''; //-----------Form:--------------// echo '<select id="subject" name="subject" value="'.htmlSafe($subject).'">'; echo '<option selected="selected" value=""> - Choose Subject -</option>'; echo '<option value="Booking Enquiry">Booking Enquiry</option>'; echo '<option value="General Enquiry">General Enquiry</option>'; echo '<option value="Admissions">Admissions</option>'; echo '<option value="Website Feedback">Website Feedback</option>';

I have a working email from in which I'd like to have the email sent to one of three different addresses depending on what subject is chosen: <?php $toEmail = '[email protected]'; $successPage = ''; function newLines($input) { if(strpos($input, "\n") === false && strpos($input, "\r") === false) { return false; } return true; } function userData($input) { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } return $input; } function htmlSafe($input) { //Only for HTML output, to prevent XSS and accidental breakage. return htmlspecialchars($input, ENT_COMPAT, 'UTF-8'); } function links($input) { //To deny web links in any part of the email (or custom string). if(strpos($input, "http") === false && strpos($input, "www") === false && strpos($input, ".cn") === false && strpos($input, "k0tibfj5c7ec") === false && strpos($input, ".kr") === false && strpos($input, ".jp") === false && strpos($input, ".ru") === false && strpos($input, ".com") === false && strpos($input, "url") === false && strpos($input, "htm") === false && strpos($input, "href") === false) { return false; } return true; } $output = ''; $failure = false; if(isset($_POST['senderName'])) //Check for submission. //Each field should be set even if empty, and this is more reliable than checking a submit button, //which isn't always sent if form was triggered by keyboard's "enter" key. { $senderName = userData($_POST['senderName']); $senderEmail = userData($_POST['senderEmail']); $subject = userData($_POST['subject']); $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); $message = userData($_POST['message']); $wholeBody = "\n*You have an email.*\n\n Subject: $subject \n\n Message:\n\n $message \n\nSent:\n On: " . strftime("%A,%d %B'%y\n At: %r")."\nBy:\n Name: $senderName\n Email address: $senderEmail\n IP: {$_SERVER['REMOTE_ADDR']} ($hostname)"; $headers = 'Bcc: [email protected]' . "\r\n"; if(strlen($senderName) == 0) { $failure = true; $output .= '<p class="error">Please enter a name!</p>'; } if(strlen($senderEmail) == 0) { $failure = true; $output .= '<p class="error">Please enter an e-mail address!</p>'; } elseif(!preg_match("/^[a-zA-Z0-9-_.]+\@[a-zA-Z0-9-.]{2,}\.[a-zA-Z]{2,4}$/u", $senderEmail)) { $failure = true; $output .= '<p class="error">Please enter a valid email or we cant reply!</p>'; } if(strlen($subject) == 0) { $failure = true; $output .= '<p class="error">Please enter a subject!</p>'; } if(strlen($message) == 0) { $failure = true; $output .= '<p class="error">Please enter a message!</p>'; } if($failure == false && (newLines($senderName) || newLines($senderEmail) || newLines($subject))) { $failure = true; $output .= '<p class="error">Sorry, there seem to be new lines in your message, which suggests you may be a spambot. '. 'If not, please remove line breaks from single line form fields.</p>'; } //removed ---> || links($senderEmail)<--- from the following rule if($failure == false && (links($senderName) || links($subject) || links($message))) { $failure = true; $output .= '<p class="error">There appear to be advertising links in your message, which we do not permit. '. 'Your email has not been sent. Please remove the links and try again.</p>'; } if($failure == false) { if(mail($toEmail, $subject, $wholeBody, "From: $senderName <$senderEmail>\r\nContent-Type: text/plain; charset=\"UTF-8\"\r\n$headers")) { if($successPage != '') { header('Location: '.$successPage); } $output .= '<p class="success">Thank you, your message has been sent.</p>'; } else { $output .= '<p class="error">Sorry, there was an error sending your message. Feel free to try again.</p>'; } } } else { $senderName = $senderEmail = $subject = $message = ''; //Prevent XSS via GET when register_globals is on }; ?> Can anyone offer any help on how to achieve this please? Thank you

Sorry to bump this but I'm still look for a solution if anyone can help. Thank you.

Has anyone else come across this please? Thank you

OK, thanks for your reply and the ideas.

Sorry, I should have added that I obscurred the IP simply to save posting what, to some, may be personal information on a public forum. The IP address was initially a full, correct IP address. Should I post the whole IP ? The script detects IP addresses correctly almost always, but for some reason, this particular IP shows as blank in my SQL database, thus failing to recognise a banned IP and the score is recorded - but with a blank for the IP in the database. Does this clarify the issue? Thank you