lou28 Posted December 2, 2009 Share Posted December 2, 2009 Hello. I need a little advice regarding php scripting on a form with file attachment capabilities. Basically I am a novice when it comes to php, but I am able to implement it ok. So I used the following script and slightly adapted it so that it contains the fields I need: <?php // Read POST request params into global vars $to = $_POST['to']; $from = $_POST['from']; $subject = $_POST['subject']; $message = $_POST['message']; // Obtain file upload vars $fileatt = $_FILES['fileatt']['tmp_name']; $fileatt_type = $_FILES['fileatt']['type']; $fileatt_name = $_FILES['fileatt']['name']; $headers = "From: $from"; if (is_uploaded_file($fileatt)) { // Read the file to be attached ('rb' = read binary) $file = fopen($fileatt,'rb'); $data = fread($file,filesize($fileatt)); fclose($file); // Generate a boundary string $semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; // Add the headers for a file attachment $headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; // Add a multipart boundary above the plain message $message = "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type: text/plain; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . $message . "\n\n"; // Base64 encode the file data $data = chunk_split(base64_encode($data)); // Add file attachment to the message $message .= "--{$mime_boundary}\n" . "Content-Type: {$fileatt_type};\n" . " name=\"{$fileatt_name}\"\n" . //"Content-Disposition: attachment;\n" . //" filename=\"{$fileatt_name}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data . "\n\n" . "--{$mime_boundary}--\n"; } // Send the message $ok = @mail($to, $subject, $message, $headers); if ($ok) { echo "<p>Mail sent! Yay PHP!</p>"; } else { echo "<p>Mail could not be sent. Sorry!</p>"; } ?> However I now need to make sure that this is secure and can't be spammed.. as I don't want spammers sending my customer virus's in the attachment as it will be sent straight to them in an email without going via the server. I also need it so users can only upload excel or word files. Does anyone have any ideas how I can do this? Thanks Link to comment https://forums.phpfreaks.com/topic/183717-php-form-to-email-with-file-attachment-help/ Share on other sites More sharing options...
Deoctor Posted December 2, 2009 Share Posted December 2, 2009 u can use this function $ft = array(); $ft['settings'] = array(); $ft["settings"]["FILETYPEBLACKLIST"] = "php phtml php3 php4 php5"; // File types that are not allowed for upload. $ft["settings"]["FILETYPEWHITELIST"] = ""; // Add file types here to *only* allow those types to be uploaded. function ft_check_filetype($file) { $type = strtolower(ft_get_ext($file)); // Check if we are using a whitelist. if (FILETYPEWHITELIST != "") { // User wants a whitelist $whitelist = explode(" ", FILETYPEWHITELIST); if (in_array($type, $whitelist)) { return TRUE; } else { return FALSE; } } else { // Check against file blacklist. if (FILETYPEBLACKLIST != "") { $blacklist = explode(" ", FILETYPEBLACKLIST); if (in_array($type, $blacklist)) { return FALSE; } else { return TRUE; } } else { return TRUE; } } } Link to comment https://forums.phpfreaks.com/topic/183717-php-form-to-email-with-file-attachment-help/#findComment-969653 Share on other sites More sharing options...
lou28 Posted December 2, 2009 Author Share Posted December 2, 2009 Thanks for this! So can I just put this in anywhere within the original code? Thanks Link to comment https://forums.phpfreaks.com/topic/183717-php-form-to-email-with-file-attachment-help/#findComment-970031 Share on other sites More sharing options...
lou28 Posted December 3, 2009 Author Share Posted December 3, 2009 Actually this code didn't work for me.. I now have the following: <?php // Read POST request params into global vars $name = stripslashes($_POST['name']); $email = stripslashes($_POST['email']); $tel = $_POST['telephone']; $address1 = stripslashes($_POST['address1']); $address2 = stripslashes($_POST['address2']); $address3 = stripslashes($_POST['address3']); $postcode = stripslashes($_POST['postcode']); $to = '[email protected]'; $subject = "Order"; $headers = "From: $name"; $message = "Name: $name \nEmail: $email \nTelephone: $tel \nAddress: $address1 \n$address2 \n$address3 \nPostcode: $postcode"; // Obtain file upload vars $fileatt = $_FILES['fileatt']['tmp_name']; $fileatt_type = $_FILES['fileatt']['type']; $fileatt_name = $_FILES['fileatt']['name']; $ft = array(); $ft['settings'] = array(); $ft["settings"]["FILETYPEBLACKLIST"] = "html pdf"; // File types that are not allowed for upload. $ft["settings"]["FILETYPEWHITELIST"] = "doc docx xls"; // Add file types here to *only* allow those types to be uploaded. if (is_uploaded_file($fileatt)) { // Read the file to be attached ('rb' = read binary) $file = fopen($fileatt,'rb'); $data = fread($file,filesize($fileatt)); fclose($file); // Generate a boundary string $semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; // Add the headers for a file attachment $headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; // Add a multipart boundary above the plain message $message = "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type: text/plain; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . $message . "\n\n"; // Base64 encode the file data $data = chunk_split(base64_encode($data)); // Add file attachment to the message $message .= "--{$mime_boundary}\n" . "Content-Type: {$fileatt_type};\n" . " name=\"{$fileatt_name}\"\n" . //"Content-Disposition: attachment;\n" . //" filename=\"{$fileatt_name}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data . "\n\n" . "--{$mime_boundary}--\n"; } function ft_check_filetype($file) { $type = strtolower(ft_get_ext($file)); // Check if we are using a whitelist. if (FILETYPEWHITELIST != "") { // User wants a whitelist $whitelist = explode(" ", FILETYPEWHITELIST); if (in_array($type, $whitelist)) { return TRUE; } else { return FALSE; } } else { // Check against file blacklist. if (FILETYPEBLACKLIST != "") { $blacklist = explode(" ", FILETYPEBLACKLIST); if (in_array($type, $blacklist)) { return FALSE; } else { return TRUE; } } else { return TRUE; } } } // Send the message $ok = @mail($to, $subject, $message, $headers); if ($ok) { echo "<p>Mail sent! Yay PHP!</p>"; } else { echo "<p>Mail could not be sent. Sorry!</p>"; } // Redirect header("Location: index.html"); ?> and this: <form method="post" action="process-form.php" enctype="multipart/form-data" name="uploadfile" id="uploadfile"> <label for="name">*Name:</label> <input type="text" name="name" id="name" class="inputbox" /> <label for="telephone">Tel no:</label> <input type="text" name="telephone" id="telephone" class="inputbox" /> <label for="email">*Email:</label> <input type="text" name="email" id="email" class="inputbox" /> <label for="address1">*Address:</label> <input type="text" name="address1" id="address1" class="inputbox" /> <label for="address2">*Address:</label> <input type="text" name="address2" id="address2" class="inputbox" /> <label for="address3">Address:</label> <input type="text" name="address3" id="address3" class="inputbox" /> <label for="postcode">*Postcode:</label> <input type="text" name="postcode" id="postcode" class="inputbox" /> <label for="cv">Upload last CV</label> <input type="file" name="fileatt" id="cv" class="uploadbox" value="Browse" /> <p id="small"><br />*Please ensure your CV is in Word, Excel or pdf format to upload successfully<br /> **If you don't have a CV, we can supply you with a form to fill out <br /> so we have all the information we need to help you.</p> <input class="button" type="image" value="send" alt="submit" src="images/submit.gif" width="116" height="29"/> </form> If anyone has any ideas that would be great! Thanks Link to comment https://forums.phpfreaks.com/topic/183717-php-form-to-email-with-file-attachment-help/#findComment-970353 Share on other sites More sharing options...
Deoctor Posted December 3, 2009 Share Posted December 3, 2009 where are u calling the function ft_check_file($fileatt) u need to change the function a little bit to your needs. if the function value returns true then u can proceed with the file uploading and if not then u can give some message. u have just pasted the function down in your code. change it to your exact requirement Link to comment https://forums.phpfreaks.com/topic/183717-php-form-to-email-with-file-attachment-help/#findComment-970367 Share on other sites More sharing options...
lou28 Posted December 3, 2009 Author Share Posted December 3, 2009 I am a total novice at php so can just about undertand what's written, but cannot tell if there's anything missing.. so all I can do is copy at this stage. I shall try changing to fileatt then and see if that works Thanks Link to comment https://forums.phpfreaks.com/topic/183717-php-form-to-email-with-file-attachment-help/#findComment-970383 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.