SteveH Posted December 22, 2009 Share Posted December 22, 2009 Hello Could I ask, please, someone to cast their eye over this PHP emailing script (my PHP is less than basic, I'm afraid). The script sends an email but not the attachment, so I am mainly concerned with whether there is an error (or errors) in that part of the script which relates to attachments. If there is no error with the script, I least that is something I can elimibate from the puzzle. Many thanks. Steve <?php // User settings $to = "[email protected]"; $subject = "Proofreading Contact Form"; // Include extra form fields and/or submitter data? // false = do not include $extra = array( "form_subject" => true, "form_cc" => true, "ip" => true, "user_agent" => true ); $action = isset($_POST["action"]) ? $_POST["action"] : ""; if (empty($action)) { // Send back the contact form HTML $output = "<div style='display:none'> <div class='contact-top'></div> <div class='contact-content'> <h1 class='contact-title'>Send us a message:</h1> <div class='contact-loading' style='display:none'></div> <div class='contact-message' style='display:none'></div> <form action='#' style='display:none' enctype='multipart/form-data'> <label for='contact-name'>Name:</label> <input type='text' id='contact-name' class='contact-input' name='name' tabindex='1001' /> <label for='contact-email'>Email:</label> <input type='text' id='contact-email' class='contact-input' name='email' tabindex='1002' />"; if ($extra["form_subject"]) { $output .= " <label for='contact-subject'>Subject:</label> <input type='text' id='contact-subject' class='contact-input' name='subject' value='' tabindex='1003' />"; } $output .= "<label for='contact-subject'>Attachment:</label> <input type='file' name='documents' id='documents' value='' /> <input type='hidden' name='documentsname' id='documentsname' /><span id='documentnamedisplay'></span>"; $output .= " <label for='contact-message'>Message:</label> <textarea id='contact-message' class='contact-input' name='message' cols='40' rows='4' tabindex='1005'></textarea> <br/>"; if ($extra["form_cc"]) { $output .= " <label> </label> <input type='checkbox' id='contact-cc' name='cc' value='1' tabindex='1006' /> <span class='contact-cc'>Send me a copy</span> <br/>"; } $output .= " <label> </label> <button type='submit' class='contact-send contact-button' tabindex='1007'>Send</button> <button type='submit' class='contact-cancel contact-button simplemodal-close' tabindex='1008'>Cancel</button> <br/> <input type='hidden' name='token' value='" . smcf_token($to) . "'/> </form> <div id='loader' style='padding:10px;display:none;'><img src='images/ajax-loader.gif' /> Please wait</div> </div> </div>"; echo $output; } else if ($action == "send") { // Send the email $name = isset($_POST["name"]) ? $_POST["name"] : ""; $email = isset($_POST["email"]) ? $_POST["email"] : ""; $subject = isset($_POST["subject"]) ? $_POST["subject"] : $subject; $message = isset($_POST["message"]) ? $_POST["message"] : ""; $cc = isset($_POST["cc"]) ? $_POST["cc"] : ""; $token = isset($_POST["token"]) ? $_POST["token"] : ""; // make sure the token matches if ($token === smcf_token($to)) { smcf_send($name, $email, $subject, $message, $cc); echo "Thank you for your message"; } else { echo "Unfortunately, your message could not be sent"; } } function smcf_token($s) { return md5("smcf-" . $s . date("WY")); } // Validate and send email function smcf_send($name, $email, $subject, $message, $cc) { global $to, $extra; // Filter and validate fields $name = smcf_filter($name); $subject = smcf_filter($subject); $email = smcf_filter($email); if (!smcf_validate_email($email)) { $subject .= " - invalid email"; $message .= "<br /><br />Bad email: $email"; $email = $to; $cc = 0; // do not CC "sender" } // Add additional info to the message if ($extra["ip"]) { $message .= "<br /><br />IP: " . $_SERVER["REMOTE_ADDR"]; } if ($extra["user_agent"]) { $message .= "<br /><br />USER AGENT: " . $_SERVER["HTTP_USER_AGENT"]; } $attachment=trim($_POST['documentsname']); require("phpmailer/class.phpmailer.php"); $mail = new PHPMailer(); $mail->IsHTML(true); $mail->FromName=$name; $mail->From = '[email protected]'; $mail->AddAddress($to); //if($cc==true) //$mail->AddCC($email); if(isset($cc)) $mail->AddCC($email); $mail->CharSet ="utf-8"; $mail->Subject = $subject; $mail->Body = $message; if($attachment!='') $mail->AddAttachment('../upload/'.$attachment); $x=$mail->Send(); if($x==false) die("Unfortunately, a server issue prevented delivery of your message."); } // Remove any un-safe values to prevent email injection function smcf_filter($value) { $pattern = array("/\n/","/\r/","/content-type:/i","/to:/i", "/from:/i", "/cc:/i"); $value = preg_replace($pattern, "", $value); return $value; } // Validate email address format in case client-side validation "fails" function smcf_validate_email($email) { $at = strrpos($email, "@"); // Make sure the at (@) sybmol exists and // it is not the first or last character if ($at && ($at < 1 || ($at + 1) == strlen($email))) return false; // Make sure there aren't multiple periods together if (preg_match("/(\.{2,})/", $email)) return false; // Break up the local and domain portions $local = substr($email, 0, $at); $domain = substr($email, $at + 1); // Check lengths $locLen = strlen($local); $domLen = strlen($domain); if ($locLen < 1 || $locLen > 64 || $domLen < 4 || $domLen > 255) return false; // Make sure local and domain don't start with or end with a period if (preg_match("/(^\.|\.$)/", $local) || preg_match("/(^\.|\.$)/", $domain)) return false; // Check for quoted-string addresses // Since almost anything is allowed in a quoted-string address, // we're just going to let them go through if (!preg_match('/^"(.+)"$/', $local)) { // It's a dot-string address...check for valid characters if (!preg_match('/^[-a-zA-Z0-9!#$%*\/?|^{}`~&\'+=_\.]*$/', $local)) return false; } // Make sure domain contains only valid characters and at least one period if (!preg_match("/^[-a-zA-Z0-9\.]*$/", $domain) || !strpos($domain, ".")) return false; return true; } exit; ?> Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/ Share on other sites More sharing options...
Buddski Posted December 22, 2009 Share Posted December 22, 2009 Can you tell us what $_POST['documentsname'] refers to? is this a file on your server or is it from an upload form? Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-982460 Share on other sites More sharing options...
SteveH Posted December 22, 2009 Author Share Posted December 22, 2009 Hello Buddski I am not sure what that refers to, but there is no file on my server by that name. I have my main httpdocs folder (Linux hosting service). In there I have my main HTML pages, plus the following PHP files: upload_file.php, upload.php, upload.html, info.php, and odbc.php. The only part of the site related to PHP is the email form, so I imagine those files are somehow connected to that email form. There are no databases of any kind. Furthermore, within the httpdocs folder, there is another folder called upload (I think this is where any attachments end up), a js folder, and image folder, and a data folder. Inside the data folder is the file I posted above, plus the PHPmailer. Sorry I can't be more informative. Steve Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-982474 Share on other sites More sharing options...
Buddski Posted December 22, 2009 Share Posted December 22, 2009 that $_POST['documentname'] I was referring to is a variable that is posted to your mailing script via a form.. Can you tell us, by looking at the form source code WHAT that actually is..? Is it a text input, a file? Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-982482 Share on other sites More sharing options...
SteveH Posted December 22, 2009 Author Share Posted December 22, 2009 Hello Buddski Thanks again for your post. Yes, it is a text input - it's a JavaScript file. The form is actually here: www.proofreading4students.com ('Contact' tab). The JS file looks like this: $(document).ready(function () { $('#contact-form input.contact, #contact-form a.contact').click(function (e) { e.preventDefault(); // load the contact form using ajax $.get("data/contact.php", function(data){ // create a modal dialog with the data $(data).modal({ closeHTML: "<a href='#' title='Close' class='modal-close'>x</a>", position: ["15%",], overlayId: 'contact-overlay', containerId: 'contact-container', onOpen: contact.open, onShow: contact.show, onClose: contact.close }); }); }); // preload images var img = ['cancel.png', 'form_bottom.gif', 'form_top.gif', 'loading.gif', 'send.png']; $(img).each(function () { var i = new Image(); i.src = 'img/contact/' + this; }); }); var contact = { message: null, open: function (dialog) { // add padding to the buttons in firefox/mozilla if ($.browser.mozilla) { $('#contact-container .contact-button').css({ 'padding-bottom': '2px' }); } // input field font size if ($.browser.safari) { $('#contact-container .contact-input').css({ 'font-size': '.9em' }); } // dynamically determine height var h = 280; if ($('#contact-subject').length) { h += 26; } if ($('#contact-cc').length) { h += 22; } new AjaxUpload('#documents', { //action: 'upload.php', action: 'upload.php', // I disabled uploads in this example for security reaaons name: 'myfile', responseType: 'json', onSubmit: function(file, extension) { $("#loader").css('display','block'); }, onComplete : function(file,json){ if(json.error=='No error') { $('#documents').css('display','none'); $('#documentsname').val(json.filename); $('#documentnamedisplay').text(json.filename); } else { alert(json.error); } $("#loader").css('display','none'); } }); var title = $('#contact-container .contact-title').html(); $('#contact-container .contact-title').html('Loading...'); dialog.overlay.fadeIn(200, function () { dialog.container.fadeIn(200, function () { dialog.data.fadeIn(200, function () { $('#contact-container .contact-content').animate({ height: h }, function () { $('#contact-container .contact-title').html(title); $('#contact-container form').fadeIn(200, function () { $('#contact-container #contact-name').focus(); $('#contact-container .contact-cc').click(function () { var cc = $('#contact-container #contact-cc'); cc.is(':checked') ? cc.attr('checked', '') : cc.attr('checked', 'checked'); }); // fix png's for IE 6 if ($.browser.msie && $.browser.version < 7) { $('#contact-container .contact-button').each(function () { if ($(this).css('backgroundImage').match(/^url[("']+(.*\.png)[)"']+$/i)) { var src = RegExp.$1; $(this).css({ backgroundImage: 'none', filter: 'progid:DXImageTransform.Microsoft.AlphaImageLoader(src="' + src + '", sizingMethod="crop")' }); } }); } }); }); }); }); }); }, show: function (dialog) { $('#contact-container .contact-send').click(function (e) { e.preventDefault(); // validate form if (contact.validate()) { var msg = $('#contact-container .contact-message'); msg.fadeOut(function () { msg.removeClass('contact-error').empty(); }); $('#contact-container .contact-title').html('Sending...'); $('#contact-container form').fadeOut(200); $('#contact-container .contact-content').animate({ height: '80px' }, function () { $('#contact-container .contact-loading').fadeIn(200, function () { $.ajax({ url: 'data/contact.php', data: $('#contact-container form').serialize() + '&action=send', type: 'post', cache: false, dataType: 'html', success: function (data) { $('#contact-container .contact-loading').fadeOut(200, function () { $('#contact-container .contact-title').html('Thank you!'); msg.html(data).fadeIn(200); }); }, error: contact.error }); }); }); } else { if ($('#contact-container .contact-message:visible').length > 0) { var msg = $('#contact-container .contact-message div'); msg.fadeOut(200, function () { msg.empty(); contact.showError(); msg.fadeIn(200); }); } else { $('#contact-container .contact-message').animate({ height: '30px' }, contact.showError); } } }); }, close: function (dialog) { $('#contact-container .contact-message').fadeOut(); $('#contact-container .contact-title').html('Goodbye...'); $('#contact-container form').fadeOut(200); $('#contact-container .contact-content').animate({ height: 40 }, function () { dialog.data.fadeOut(200, function () { dialog.container.fadeOut(200, function () { dialog.overlay.fadeOut(200, function () { $.modal.close(); }); }); }); }); }, error: function (xhr) { alert(xhr.statusText); }, validate: function () { contact.message = ''; if (!$('#contact-container #contact-name').val()) { contact.message += 'Please type your name '; } var email = $('#contact-container #contact-email').val(); if (!email) { contact.message += 'Please type your email '; } else { if (!contact.validateEmail(email)) { contact.message += 'Invalid email address '; } } if (!$('#contact-container #contact-message').val()) { contact.message += 'Please type your message'; } if (contact.message.length > 0) { return false; } else { return true; } }, validateEmail: function (email) { var at = email.lastIndexOf("@"); // Make sure the at (@) sybmol exists and // it is not the first or last character if (at < 1 || (at + 1) === email.length) return false; // Make sure there aren't multiple periods together if (/(\.{2,})/.test(email)) return false; // Break up the local and domain portions var local = email.substring(0, at); var domain = email.substring(at + 1); // Check lengths if (local.length < 1 || local.length > 64 || domain.length < 4 || domain.length > 255) return false; // Make sure local and domain don't start with or end with a period if (/(^\.|\.$)/.test(local) || /(^\.|\.$)/.test(domain)) return false; // Check for quoted-string addresses // Since almost anything is allowed in a quoted-string address, // we're just going to let them go through if (!/^"(.+)"$/.test(local)) { // It's a dot-string address...check for valid characters if (!/^[-a-zA-Z0-9!#$%*\/?|^{}`~&'+=_\.]*$/.test(local)) return false; } // Make sure domain contains only valid characters and at least one period if (!/^[-a-zA-Z0-9\.]*$/.test(domain) || domain.indexOf(".") === -1) return false; return true; }, showError: function () { $('#contact-container .contact-message') .html($('<div class="contact-error"></div>').append(contact.message)) .fadeIn(200); } }; Is the 'document' you referred to at the top of the JS file? The structure referred to in the JS file, that is, url: 'data/contact.php' is correct and mirrored on ther server. Thanks again for any help. Steve Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-982611 Share on other sites More sharing options...
Buddski Posted December 22, 2009 Share Posted December 22, 2009 Ok.. I looked through your form and the attachment that you have there is called documents and when being referenced in php must be called using $_FILES['documents']. Now, Ive never used the mail class which you are using so I cannot tell you HOW the attachment is to be passed into it.. It might need to be on your server and a file name passed in, or you could be able to enter the raw binary data.. If you can find out more information on the attachment functionality of that mail class I can continue to help you further, or perhaps somebody with some experience with that class can give you some more advice.. Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-982618 Share on other sites More sharing options...
SteveH Posted December 23, 2009 Author Share Posted December 23, 2009 Hello Buddski the only reference IU can find in the other files (apart from the js file I posted yesterday) is a bak file: $(document).ready(function () { $('#contact-form input.contact, #contact-form a.contact').click(function (e) { e.preventDefault(); // load the contact form using ajax $.get("data/contact.php", function(data){ // create a modal dialog with the data $(data).modal({ closeHTML: "<a href='#' title='Close' class='modal-close'>x</a>", position: ["15%",], overlayId: 'contact-overlay', containerId: 'contact-container', onOpen: contact.open, onShow: contact.show, onClose: contact.close }); }); }); // preload images var img = ['cancel.png', 'form_bottom.gif', 'form_top.gif', 'loading.gif', 'send.png']; $(img).each(function () { var i = new Image(); i.src = 'img/contact/' + this; }); }); var contact = { message: null, open: function (dialog) { // add padding to the buttons in firefox/mozilla if ($.browser.mozilla) { $('#contact-container .contact-button').css({ 'padding-bottom': '2px' }); } // input field font size if ($.browser.safari) { $('#contact-container .contact-input').css({ 'font-size': '.9em' }); } // dynamically determine height var h = 280; if ($('#contact-subject').length) { h += 26; } if ($('#contact-cc').length) { h += 22; } new AjaxUpload('#documents', { //action: 'upload.php', action: 'upload.php', // I disabled uploads in this example for security reaaons name: 'myfile', responseType: 'json', onSubmit: function(file, extension) { //$("#loader").css('display','block'); }, onComplete : function(file,json){ if(json.error=='No error') { $('#documents').css('display','none'); $('#documentsname').val(json.filename); $('#documentnamedisplay').text(json.filename); } else { alert(json.error); } //$("#loader").css('display','none'); } }); var title = $('#contact-container .contact-title').html(); $('#contact-container .contact-title').html('Loading...'); dialog.overlay.fadeIn(200, function () { dialog.container.fadeIn(200, function () { dialog.data.fadeIn(200, function () { $('#contact-container .contact-content').animate({ height: h }, function () { $('#contact-container .contact-title').html(title); $('#contact-container form').fadeIn(200, function () { $('#contact-container #contact-name').focus(); $('#contact-container .contact-cc').click(function () { var cc = $('#contact-container #contact-cc'); cc.is(':checked') ? cc.attr('checked', '') : cc.attr('checked', 'checked'); }); // fix png's for IE 6 if ($.browser.msie && $.browser.version < 7) { $('#contact-container .contact-button').each(function () { if ($(this).css('backgroundImage').match(/^url[("']+(.*\.png)[)"']+$/i)) { var src = RegExp.$1; $(this).css({ backgroundImage: 'none', filter: 'progid:DXImageTransform.Microsoft.AlphaImageLoader(src="' + src + '", sizingMethod="crop")' }); } }); } }); }); }); }); }); }, show: function (dialog) { $('#contact-container .contact-send').click(function (e) { e.preventDefault(); // validate form if (contact.validate()) { var msg = $('#contact-container .contact-message'); msg.fadeOut(function () { msg.removeClass('contact-error').empty(); }); $('#contact-container .contact-title').html('Sending...'); $('#contact-container form').fadeOut(200); $('#contact-container .contact-content').animate({ height: '80px' }, function () { $('#contact-container .contact-loading').fadeIn(200, function () { $.ajax({ url: 'data/contact.php', data: $('#contact-container form').serialize() + '&action=send', type: 'post', cache: false, dataType: 'html', success: function (data) { $('#contact-container .contact-loading').fadeOut(200, function () { $('#contact-container .contact-title').html('Thank you!'); msg.html(data).fadeIn(200); }); }, error: contact.error }); }); }); } else { if ($('#contact-container .contact-message:visible').length > 0) { var msg = $('#contact-container .contact-message div'); msg.fadeOut(200, function () { msg.empty(); contact.showError(); msg.fadeIn(200); }); } else { $('#contact-container .contact-message').animate({ height: '30px' }, contact.showError); } } }); }, close: function (dialog) { $('#contact-container .contact-message').fadeOut(); $('#contact-container .contact-title').html('Goodbye...'); $('#contact-container form').fadeOut(200); $('#contact-container .contact-content').animate({ height: 40 }, function () { dialog.data.fadeOut(200, function () { dialog.container.fadeOut(200, function () { dialog.overlay.fadeOut(200, function () { $.modal.close(); }); }); }); }); }, error: function (xhr) { alert(xhr.statusText); }, validate: function () { contact.message = ''; if (!$('#contact-container #contact-name').val()) { contact.message += 'Name is required. '; } var email = $('#contact-container #contact-email').val(); if (!email) { contact.message += 'Email is required. '; } else { if (!contact.validateEmail(email)) { contact.message += 'Email is invalid. '; } } if (!$('#contact-container #contact-message').val()) { contact.message += 'Message is required.'; } if (contact.message.length > 0) { return false; } else { return true; } }, validateEmail: function (email) { var at = email.lastIndexOf("@"); // Make sure the at (@) sybmol exists and // it is not the first or last character if (at < 1 || (at + 1) === email.length) return false; // Make sure there aren't multiple periods together if (/(\.{2,})/.test(email)) return false; // Break up the local and domain portions var local = email.substring(0, at); var domain = email.substring(at + 1); // Check lengths if (local.length < 1 || local.length > 64 || domain.length < 4 || domain.length > 255) return false; // Make sure local and domain don't start with or end with a period if (/(^\.|\.$)/.test(local) || /(^\.|\.$)/.test(domain)) return false; // Check for quoted-string addresses // Since almost anything is allowed in a quoted-string address, // we're just going to let them go through if (!/^"(.+)"$/.test(local)) { // It's a dot-string address...check for valid characters if (!/^[-a-zA-Z0-9!#$%*\/?|^{}`~&'+=_\.]*$/.test(local)) return false; } // Make sure domain contains only valid characters and at least one period if (!/^[-a-zA-Z0-9\.]*$/.test(domain) || domain.indexOf(".") === -1) return false; return true; }, showError: function () { $('#contact-container .contact-message') .html($('<div class="contact-error"></div>').append(contact.message)) .fadeIn(200); } }; My hosting service seems to think the problem is related to my SMTP settings, so I will investigate that and post back. Thanks for all your help so far. Steve Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-983084 Share on other sites More sharing options...
Buddski Posted December 23, 2009 Share Posted December 23, 2009 After reading through your code again, and downloading the class you are using for your mail out.. I have come up with some debugging things for you.. Find the line if($attachment!='') $mail->AddAttachment('../upload/'.$attachment); and replace it with if ($attachment != '') { $add = $mail->AddAttachment('../upload/'.$attachment); var_dump($add); print($mail->ErrorInfo); } And post the results here.. Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-983169 Share on other sites More sharing options...
SteveH Posted January 8, 2010 Author Share Posted January 8, 2010 Hello Buddski Thanks for going over the script. These are the results I get when I try to attach a file (a photo in this case) and click 'Submit'. bool(false) Could not access [../upload/winter6.jpg] fileThank you for your message A Happy New Year! Steve Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-990986 Share on other sites More sharing options...
SteveH Posted January 12, 2010 Author Share Posted January 12, 2010 Hello Just wondering if this makes sense to anyone? bool(false) Could not access [../upload/winter6.jpg] fileThank you for your message Thanks for any advice. Steve Link to comment https://forums.phpfreaks.com/topic/186040-any-errors-in-this-script-please/#findComment-993422 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.