Ne0_Dev Posted January 21, 2009 Share Posted January 21, 2009 Hi all, Just wondered if someone could take a look at my code below and point out where I am going wrong. This form should send the information and an attached file to the recipient using the Swift Mailer class, however I am having a few issues with the validation. I am still getting to grips with php so apologize if this is a relativel simple fix. <?php // define a constant for the maximum upload size define ('MAX_FILE_SIZE', 1048576); //mail processing script if (array_key_exists('send', $_POST)) { // remove escape characters from POST array if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); } // convert the maximum size to KB $max = number_format(MAX_FILE_SIZE/1024, 1).'KB'; // create an array of permitted MIME types $permitted = array('application/msword', 'application/pdf', 'application/vnd.ms-powerpoint'); // begin by assuming the file is unacceptable $sizeOK = false; $typeOK = false; // check that file is within the permitted size if ($_FILES['image']['size'] > 0 && $_FILES['image']['size'] <= MAX_FILE_SIZE) { $sizeOK = true; } // check that file is of an permitted MIME type foreach ($permitted as $type) { if ($type == $_FILES['image']['type']) { $typeOK = true; break; } } //set sender information for SMTP authentication $senderEmail = "info@email.co.uk"; $senderName = "Website"; //check for suspected SPAM Bots if (!empty($_POST['address'])) { $subject = 'SUSPECTED SPAM'; } else { $subject = 'Form'; } // list expected fields $expected = array('name', 'company', 'email', 'phone', 'projecttype', 'enquiry', 'bestcontact', 'besttime', 'file'); // set required fields $required = array('name', 'email', 'phone', 'enquiry'); // create empty array for any missing fields $missing = array(); // assume that there is nothing suspect $suspect = false; // create a pattern to locate suspect phrases $pattern = '/Content-Type:|Bcc:|Cc:/i'; // function to check for suspect phrases function isSuspect($val, $pattern, &$suspect) { // if the variable is an array, loop through each element // and pass it recursively back to the same function if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } else { // if one of the suspect phrases is found, set Boolean to true if (preg_match($pattern, $val)) { $suspect = true; } } } // check the $_POST array and any subarrays for suspect content isSuspect($_POST, $pattern, $suspect); if ($suspect) { $mailSent = false; unset($missing); } else { // process the $_POST variables foreach ($_POST as $key => $value) { // assign to temporary variable and strip whitespace if not an array $temp = is_array($value) ? $value : trim($value); // if empty and required, add to $missing array if (empty($temp) && in_array($key, $required)) { array_push($missing, $key); } // otherwise, assign to a variable of the same name as $key elseif (in_array($key, $expected)) { ${$key} = $temp; } } } // validate the email address if (!empty($email)) { // regex to identify illegal characters in email address $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/'; // reject the email address if it deosn't match if (!preg_match($checkEmail, $email)) { $suspect = true; $mailSent = false; unset($missing); } } $file_path = $_FILES["attachment"]["tmp_name"]; $file_name = $_FILES["attachment"]["name"]; $file_type = $_FILES["attachment"]["type"]; // go ahead only if not suspsect and all required fields OK if (!$suspect && empty($missing)) { //Everything looks ok, we can start Swift require_once "../../../../swiftMailer/Swift.php"; require_once "../../../../swiftMailer/Swift/Connection/SMTP.php"; //Enable disk caching if we can if (is_writable("/tmp")) { Swift_CacheFactory::setClassName("Swift_Cache_Disk"); Swift_Cache_Disk::setSavePath("/tmp"); } //Create a Swift instance $swift =& new Swift(new Swift_Connection_SMTP("smptaddress")); //Create the sender from the details we've been given $sender =& new Swift_Address($senderEmail, $senderName); // build the message $body .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:14px; color:#666666;\">\n"; $body .= "<b>Name:</b> $name<br><br>\n"; $body .= "<b>Company Name:</b> $company<br><br>\n"; $body .= "<b>Email:</b> $email<br><br>\n"; $body .= "<b>Telephone Number:</b> $phone<br><br>\n"; $body .= "<b>Project Type:</b> $projecttype<br><br>\n"; $body .= "<b>Enquiry Details:</b> $enquiry<br><br>\n"; $body .= "<b>Best contact method:</b> $bestcontact<br><br>\n"; $body .= "<b>Best time to contact:</b> $besttime<br><br>\n"; $body .= "</body>\n"; //Create the message to send $message =& new Swift_Message($subject); $message->setContentType("text/html"); $message->attach(new Swift_Message_Part($body)); //If an attachment was sent, attach it if ($file_path && $file_name && $file_type && sizeOK && typeOK) { $message->attach( new Swift_Message_Attachment(new Swift_File($file_path), $file_name, $file_type)); } //Try sending the email $sent = $swift->send($message, "recipient@email.com", $sender); //Disconnect from SMTP, we're done $swift->disconnect(); if ($sent) { unset($missing); } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/141778-basic-form-validation/ Share on other sites More sharing options...
revraz Posted January 21, 2009 Share Posted January 21, 2009 Would be helpful if you post the actual problem/issue/error. Hi all, Just wondered if someone could take a look at my code below and point out where I am going wrong. This form should send the information and an attached file to the recipient using the Swift Mailer class, however I am having a few issues with the validation. I am still getting to grips with php so apologize if this is a relativel simple fix. Quote Link to comment https://forums.phpfreaks.com/topic/141778-basic-form-validation/#findComment-742230 Share on other sites More sharing options...
Ne0_Dev Posted January 21, 2009 Author Share Posted January 21, 2009 This is the error message I get when browsing to the page. Parse error: syntax error, unexpected $end in Thanks in advance Quote Link to comment https://forums.phpfreaks.com/topic/141778-basic-form-validation/#findComment-742232 Share on other sites More sharing options...
revraz Posted January 21, 2009 Share Posted January 21, 2009 Means you are missing a closing bracket somewhere. Quote Link to comment https://forums.phpfreaks.com/topic/141778-basic-form-validation/#findComment-742436 Share on other sites More sharing options...
Ne0_Dev Posted January 30, 2009 Author Share Posted January 30, 2009 Hi, I have managed to get the form to process ok, however I think I may have got the validation mixed up. At present the form submits ok if all required fields are completed. As the file attachment is not a required field this works as intended. However if a file is attached that is either too large or not of the permitted file types the form still sends the rest of the information minus the file. The correct error message is being output to the form, but the mail processing script is not being halted if there is a problem with file being attached. I think it must be pretty simple but it's driving me mad! Any suggestions/help will be greatly appreciated. Here is my code: <?php ini_set('display_errors', 1); error_reporting(E_ALL); // define a constant for the maximum file size define ('MAX_FILE_SIZE', 1048576); //mail processing script if (array_key_exists('send', $_POST)) { // remove escape characters from POST array if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); } $to = 'test@foo.co.uk'; if (!empty($_POST['address'])) { $subject = 'SUSPECTED SPAM'; } else { $subject = 'Project Brief Form'; } // Obtain file upload vars $fileatt = $_FILES['fileatt']['tmp_name']; $fileatt_type = $_FILES['fileatt']['type']; $fileatt_name = $_FILES['fileatt']['name']; // convert the maximum size to KB $max = number_format(MAX_FILE_SIZE/1024, 1).'KB'; // create an array of permitted MIME types $permitted = array('application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 'application/pdf', 'application/vnd.ms-powerpoint'); // begin by assuming the file is unacceptable $sizeOK = false; $typeOK = false; // check that file is within the permitted size if ($_FILES['fileatt']['size'] > 0 && $_FILES['fileatt']['size'] <= MAX_FILE_SIZE) { $sizeOK = true; } else { $error = 'The attachment exceeds the maximum file size of 1mb.'; } // check that file is of an permitted MIME type foreach ($permitted as $type) { if ($type == $_FILES['fileatt']['type']) { $typeOK = true; break; } } if (!$typeOK) { $error = 'The file is not one of the permitted types (see below).'; } if ($_FILES['fileatt']['error'] == 4) { $error = ''; } // list expected fields $expected = array('name', 'company', 'email', 'phone', 'projecttitle', 'projectdetails', 'fileatt'); // set required fields $required = array('name', 'email', 'phone', 'projecttitle', 'projectdetails'); // create empty array for any missing fields $missing = array(); // assume that there is nothing suspect $suspect = false; // create a pattern to locate suspect phrases $pattern = '/Content-Type:|Bcc:|Cc:/i'; // function to check for suspect phrases function isSuspect($val, $pattern, &$suspect) { // if the variable is an array, loop through each element // and pass it recursively back to the same function if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } else { // if one of the suspect phrases is found, set Boolean to true if (preg_match($pattern, $val)) { $suspect = true; } } } // check the $_POST array and any subarrays for suspect content isSuspect($_POST, $pattern, $suspect); if ($suspect) { $mailSent = false; unset($missing); } else { // process the $_POST variables foreach ($_POST as $key => $value) { // assign to temporary variable and strip whitespace if not an array $temp = is_array($value) ? $value : trim($value); // if empty and required, add to $missing array if (empty($temp) && in_array($key, $required)) { array_push($missing, $key); } // otherwise, assign to a variable of the same name as $key elseif (in_array($key, $expected)) { ${$key} = $temp; } } } // validate the email address if (!empty($email)) { // regex to identify illegal characters in email address $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/'; // reject the email address if it deosn't match if (!preg_match($checkEmail, $email)) { $suspect = true; $mailSent = false; unset($missing); } } // go ahead only if not suspsect and all required fields OK if (!$suspect && empty($missing)) { // Generate a boundary string $semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; // build the message $htmlmsg = "<html>\n"; $htmlmsg .= "<body style=\"font-family:Arial, Helvetica, sans-serif; font-size:14px; color:#666666;\">\n"; $htmlmsg .= "<b>Name:</b> $name<br><br>\n"; $htmlmsg .= "<b>Company Name:</b> $company<br><br>\n"; $htmlmsg .= "<b>Email:</b> $email<br><br>\n"; $htmlmsg .= "<b>Telephone Number:</b> $phone<br><br>\n"; $htmlmsg .= "<b>Project Title:</b> $projecttitle<br><br>\n"; $htmlmsg .= "<b>Project Details:</b> $projectdetails<br><br>\n"; $htmlmsg .= "</body>\n"; $htmlmsg .= "</html>\n"; // Add a multipart boundary above the html message $message = "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . $htmlmsg . "\n\n"; //check if file has been uploaded and is of allowed MIME type and size if (is_uploaded_file($fileatt) && $typeOK && $sizeOK) { // Read the file to be attached ('rb' = read binary) $file = fopen($fileatt,'rb'); $data = fread($file,filesize($fileatt)); fclose($file); // Base64 encode the file data $data = chunk_split(base64_encode($data)); // Add file attachment to the message $message .= "--{$mime_boundary}\n" . "Content-Type: {$fileatt_type};\n" . " name=\"{$fileatt_name}\"\n" . //"Content-Disposition: attachment;\n" . //" filename=\"{$fileatt_name}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data . "\n\n" . "--{$mime_boundary}--\n"; } // create additional headers $headers = "From: www.foo.co.uk<enquiry@foo.co.uk>"; // Add the headers for a file attachment $headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; if (!empty($email)) { $headers .= "\nReply-To: $email"; } // send it $mailSent = mail($to, $subject, $message, $headers); if ($mailSent) { // $missing is no longer needed if the email is sent, so unset it unset($missing); } } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/141778-basic-form-validation/#findComment-750504 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.