Jump to content

Basic form validation


Ne0_Dev

Recommended Posts

Hi all,

 

Just wondered if someone could take a look at my code below and point out where I am going wrong.  This form should send the information and an attached file to the recipient using the Swift Mailer class, however I am having a few issues with the validation.  I am still getting to grips with php so apologize if this is a relativel simple fix.

 

<?php
// define a constant for the maximum upload size
define ('MAX_FILE_SIZE', 1048576);
//mail processing script
if (array_key_exists('send', $_POST)) {
  // remove escape characters from POST array
  if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value) {
      $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
      return $value;
      }
    $_POST = array_map('stripslashes_deep', $_POST);
    }
// convert the maximum size to KB
  $max = number_format(MAX_FILE_SIZE/1024, 1).'KB';
  // create an array of permitted MIME types
  $permitted = array('application/msword', 'application/pdf', 'application/vnd.ms-powerpoint');
  // begin by assuming the file is unacceptable
  $sizeOK = false;
  $typeOK = false;
  
  // check that file is within the permitted size
  if ($_FILES['image']['size'] > 0 && $_FILES['image']['size'] <= MAX_FILE_SIZE) {
    $sizeOK = true;
}

  // check that file is of an permitted MIME type
  foreach ($permitted as $type) {
    if ($type == $_FILES['image']['type']) {
      $typeOK = true;
  break;
  }
}
//set sender information for SMTP authentication  
  $senderEmail = "info@email.co.uk";
  $senderName = "Website";
//check for suspected SPAM Bots
  if (!empty($_POST['address'])) {
  	$subject = 'SUSPECTED SPAM';
}
else {
  $subject = 'Form';
  }
  // list expected fields
  $expected = array('name', 'company', 'email', 'phone', 'projecttype', 'enquiry', 'bestcontact', 'besttime', 'file');
  // set required fields
  $required = array('name', 'email', 'phone', 'enquiry');
  // create empty array for any missing fields
  $missing = array();
  
  // assume that there is nothing suspect
  $suspect = false;
  // create a pattern to locate suspect phrases
  $pattern = '/Content-Type:|Bcc:|Cc:/i';
  
  // function to check for suspect phrases
  function isSuspect($val, $pattern, &$suspect) {
    // if the variable is an array, loop through each element
// and pass it recursively back to the same function
if (is_array($val)) {
      foreach ($val as $item) {
    isSuspect($item, $pattern, $suspect);
    }
  }
    else {
      // if one of the suspect phrases is found, set Boolean to true
  if (preg_match($pattern, $val)) {
        $suspect = true;
    }
  }
    }

  // check the $_POST array and any subarrays for suspect content
  isSuspect($_POST, $pattern, $suspect);
  
  if ($suspect) {
    $mailSent = false;
unset($missing);
}
  else {
    // process the $_POST variables
    foreach ($_POST as $key => $value) {
      // assign to temporary variable and strip whitespace if not an array
      $temp = is_array($value) ? $value : trim($value);
      // if empty and required, add to $missing array
      if (empty($temp) && in_array($key, $required)) {
        array_push($missing, $key);
        }
      // otherwise, assign to a variable of the same name as $key
      elseif (in_array($key, $expected)) {
        ${$key} = $temp;
        }
      }  
    }

  // validate the email address
  if (!empty($email)) {
    // regex to identify illegal characters in email address
    $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
// reject the email address if it deosn't match
if (!preg_match($checkEmail, $email)) {
  $suspect = true;
  $mailSent = false;
  unset($missing);
  }
}
$file_path = $_FILES["attachment"]["tmp_name"];
    $file_name = $_FILES["attachment"]["name"];
    $file_type = $_FILES["attachment"]["type"];
  
  // go ahead only if not suspsect and all required fields OK
  if (!$suspect && empty($missing)) {

//Everything looks ok, we can start Swift

require_once "../../../../swiftMailer/Swift.php";
require_once "../../../../swiftMailer/Swift/Connection/SMTP.php";

//Enable disk caching if we can
if (is_writable("/tmp"))
{
    Swift_CacheFactory::setClassName("Swift_Cache_Disk");
    Swift_Cache_Disk::setSavePath("/tmp");
}

//Create a Swift instance
$swift =& new Swift(new Swift_Connection_SMTP("smptaddress"));

//Create the sender from the details we've been given
$sender =& new Swift_Address($senderEmail, $senderName);

// build the message	
$body .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:14px; color:#666666;\">\n";
$body .= "<b>Name:</b> $name<br><br>\n";
$body .= "<b>Company Name:</b> $company<br><br>\n";
$body .= "<b>Email:</b> $email<br><br>\n";
$body .= "<b>Telephone Number:</b> $phone<br><br>\n";
$body .= "<b>Project Type:</b> $projecttype<br><br>\n";
$body .= "<b>Enquiry Details:</b> $enquiry<br><br>\n";
$body .= "<b>Best contact method:</b> $bestcontact<br><br>\n";
$body .= "<b>Best time to contact:</b> $besttime<br><br>\n";
$body .= "</body>\n";

//Create the message to send
$message =& new Swift_Message($subject);
$message->setContentType("text/html");
$message->attach(new Swift_Message_Part($body));

//If an attachment was sent, attach it
if ($file_path && $file_name && $file_type && sizeOK && typeOK)
{
    $message->attach(
        new Swift_Message_Attachment(new Swift_File($file_path), $file_name, $file_type));
}

//Try sending the email
$sent = $swift->send($message, "recipient@email.com", $sender);
//Disconnect from SMTP, we're done
$swift->disconnect();

if ($sent)
{
    unset($missing);
}
}
    
?>

Link to comment
Share on other sites

Would be helpful if you post the actual problem/issue/error.

 

Hi all,

 

Just wondered if someone could take a look at my code below and point out where I am going wrong.  This form should send the information and an attached file to the recipient using the Swift Mailer class, however I am having a few issues with the validation.  I am still getting to grips with php so apologize if this is a relativel simple fix.

 

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

 

I have managed to get the form to process ok, however I think I may have got the validation mixed up.  At present the form submits ok if all required fields are completed.  As the file attachment is not a required field this works as intended.  However if a file is attached that is either too large or not of the permitted file types the form still sends the rest of the information minus the file.  The correct error message is being output to the form, but the mail processing script is not being halted if there is a problem with file being attached.

 

I think it must be pretty simple but it's driving me mad!  Any suggestions/help will be greatly appreciated.

 

Here is my code:

 

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
// define a constant for the maximum file size
define ('MAX_FILE_SIZE', 1048576);
//mail processing script
if (array_key_exists('send', $_POST)) {
  // remove escape characters from POST array
  if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value) {
      $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
      return $value;
      }
    $_POST = array_map('stripslashes_deep', $_POST);
    }
  
  $to = 'test@foo.co.uk';
  if (!empty($_POST['address'])) {
  	$subject = 'SUSPECTED SPAM';
}
else {
  $subject = 'Project Brief Form';
  }
  // Obtain file upload vars
  $fileatt      = $_FILES['fileatt']['tmp_name'];
  $fileatt_type = $_FILES['fileatt']['type'];
  $fileatt_name = $_FILES['fileatt']['name'];
  // convert the maximum size to KB
  $max = number_format(MAX_FILE_SIZE/1024, 1).'KB';
  // create an array of permitted MIME types
  $permitted = array('application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 'application/pdf', 'application/vnd.ms-powerpoint');
  // begin by assuming the file is unacceptable
  $sizeOK = false;
  $typeOK = false;
  // check that file is within the permitted size
  if ($_FILES['fileatt']['size'] > 0 && $_FILES['fileatt']['size'] <= MAX_FILE_SIZE) {
    $sizeOK = true;
} 
else {
	$error = 'The attachment exceeds the maximum file size of 1mb.';
}

  // check that file is of an permitted MIME type
  foreach ($permitted as $type) {
    if ($type == $_FILES['fileatt']['type']) {
      $typeOK = true;
  break;
}
   }
   
    if (!$typeOK) {
  	$error = 'The file is not one of the permitted types (see below).';
	 }

 if ($_FILES['fileatt']['error'] == 4) {
  	$error = '';
  }

  // list expected fields
  $expected = array('name', 'company', 'email', 'phone', 'projecttitle', 'projectdetails', 'fileatt');
  // set required fields
  $required = array('name', 'email', 'phone', 'projecttitle', 'projectdetails');
  // create empty array for any missing fields
  $missing = array();
  
  // assume that there is nothing suspect
  $suspect = false;
  // create a pattern to locate suspect phrases
  $pattern = '/Content-Type:|Bcc:|Cc:/i';
  
  // function to check for suspect phrases
  function isSuspect($val, $pattern, &$suspect) {
    // if the variable is an array, loop through each element
// and pass it recursively back to the same function
if (is_array($val)) {
      foreach ($val as $item) {
    isSuspect($item, $pattern, $suspect);
    }
  }
    else {
      // if one of the suspect phrases is found, set Boolean to true
  if (preg_match($pattern, $val)) {
        $suspect = true;
    }
  }
    }

  // check the $_POST array and any subarrays for suspect content
  isSuspect($_POST, $pattern, $suspect);
  
  if ($suspect) {
    $mailSent = false;
unset($missing);
}
  else {
    // process the $_POST variables
    foreach ($_POST as $key => $value) {
      // assign to temporary variable and strip whitespace if not an array
      $temp = is_array($value) ? $value : trim($value);
      // if empty and required, add to $missing array
      if (empty($temp) && in_array($key, $required)) {
        array_push($missing, $key);
        }
      // otherwise, assign to a variable of the same name as $key
      elseif (in_array($key, $expected)) {
        ${$key} = $temp;
        }
      }  
    }

  // validate the email address
  if (!empty($email)) {
    // regex to identify illegal characters in email address
    $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
// reject the email address if it deosn't match
if (!preg_match($checkEmail, $email)) {
  $suspect = true;
  $mailSent = false;
  unset($missing);
  }
}
   
  // go ahead only if not suspsect and all required fields OK
  if (!$suspect && empty($missing)) {

  
  // Generate a boundary string
  $semi_rand = md5(time());
  $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";

// build the message	
$htmlmsg = "<html>\n";
$htmlmsg .= "<body style=\"font-family:Arial, Helvetica, sans-serif; font-size:14px; color:#666666;\">\n";
$htmlmsg .= "<b>Name:</b> $name<br><br>\n";
$htmlmsg .= "<b>Company Name:</b> $company<br><br>\n";
$htmlmsg .= "<b>Email:</b> $email<br><br>\n";
$htmlmsg .= "<b>Telephone Number:</b> $phone<br><br>\n";
$htmlmsg .= "<b>Project Title:</b> $projecttitle<br><br>\n";
$htmlmsg .= "<b>Project Details:</b> $projectdetails<br><br>\n";
$htmlmsg .= "</body>\n";
$htmlmsg .= "</html>\n";

  // Add a multipart boundary above the html message
  $message = "This is a multi-part message in MIME format.\n\n" .
             "--{$mime_boundary}\n" .
             "Content-Type: text/html; charset=\"iso-8859-1\"\n" .
             "Content-Transfer-Encoding: 7bit\n\n" .
             $htmlmsg . "\n\n";

  //check if file has been uploaded and is of allowed MIME type and size
  if (is_uploaded_file($fileatt) && $typeOK && $sizeOK) {	

  // Read the file to be attached ('rb' = read binary)
  $file = fopen($fileatt,'rb');
  $data = fread($file,filesize($fileatt));
  fclose($file);
  // Base64 encode the file data
  $data = chunk_split(base64_encode($data));

  // Add file attachment to the message
  $message .= "--{$mime_boundary}\n" .
              "Content-Type: {$fileatt_type};\n" .
              " name=\"{$fileatt_name}\"\n" .
              //"Content-Disposition: attachment;\n" .
              //" filename=\"{$fileatt_name}\"\n" .
              "Content-Transfer-Encoding: base64\n\n" .
              $data . "\n\n" .
              "--{$mime_boundary}--\n";	
}
       // create additional headers
$headers = "From: www.foo.co.uk<enquiry@foo.co.uk>";
// Add the headers for a file attachment
    $headers .= "\nMIME-Version: 1.0\n" .
              "Content-Type: multipart/mixed;\n" .
              " boundary=\"{$mime_boundary}\"";

if (!empty($email)) {
  $headers .= "\nReply-To: $email";
  }

    // send it  
    $mailSent = mail($to, $subject, $message, $headers);
  if ($mailSent) {
      // $missing is no longer needed if the email is sent, so unset it
      unset($missing);
      }
}
  }
?>

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.