Help with the 'checkbox' to agree to terms prior to upload

[Chrisj]

I'm using an upload script (I did not write it) that works successfully.

 

I'm trying to add the function where you 'must check box to agree to terms' prior to uploading a file.

 

I've added lines 67 thru 75, and lines 88 thru 92, but it is missing something, because, whether the box is checked or not, a file can still be uploaded.

 

Any guidance will be appreciated.

<?php
session_start();
require_once 'phps3integration_lib.php';
$message = "";
if (@$_POST['submit'] != "") {
$allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip", "mov", "MOV", "flv", "mp4", "3gp", "3GP");
$extension = end(explode(".", $_FILES["file"]["name"]));
if (($_FILES["file"]["size"] < 10485760000) && in_array($extension, $allowed_ext)) {
if ($_FILES["file"]["error"] > 0) {
//$message.="There is some error in upload, see: " . $_FILES["file"]["error"] . "<br>";//Enable this to see actual error
$message.="There is some error in upload. Please try after some time.";
} else {
$uploaddir = '../Upload/';
$uploadfile = $uploaddir . basename($_FILES['file']['name']);
$uploaded_file = false;
if(move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
{
$uploaded_file = $_FILES['file']['name'];
}
if ($uploaded_file != FALSE) {
$user_name = @$_POST['user_name'] != "" ? @$_POST['user_name'] : "Anonymous";
$form_data = array(
'file' => $uploaded_file,
'user_name' => $user_name,
'type' => 'file'
);
mysql_query("INSERT INTO `phps3files` (`id`, `file`, `user_name`, `type`) VALUES (NULL, '" . $uploaded_file . "', '" . $user_name . "', 'file')") or die(mysql_error());
$message.= "File Successfully Uploaded";
} else {
$message.="There is some error in upload. Please try after some time.";
}
}
} else {
$message.= "Invalid file, Please upload a gif/jpeg/jpg/png/pdf/doc/docs/zip/mov/flv/mp4/3gp file of maximum size 25 MB.";
}
}
?>

<?php
require_once 'header.php';
?>
<head>

<script>
var ids = ['input', 'message', 'button'];
var obj = {};

ids.forEach(function (v) {
    obj[v] = document.getElementById(v);
});

obj.input.style.display = 'none';
obj.button.style.display = 'block';

obj.input.addEventListener('change', function () {
    obj.message.innerText = this.value;
    obj.message.style.display = 'block';
});

obj.button.addEventListener('click', function (e) {
    e.preventDefault();

    obj.input.click();
});
</script>

<script type="text/javascript">
function validate()
{
if(false == document.getElementById("agree").checked)
{
alert("If you agree with the terms, check the Agree check box");
}
}
</script>

</head>
<html>
<fieldset>
<form action="" method="post" enctype="multipart/form-data">

<div class="control-group">
<label for="file" class="control-label"><font size="6" color="#454545"><b>Choose a file to upload:</b></font></label><br /><br />
<input id="input" name="file" type="file" /></input>
<button id="button"><font size="3" color="#454545">Click To<br /> Select File</font></button>
<div id="message"><font size="3" color="#454545">No File Chosen</font></div>
</div>
<div>
<input type="checkbox" name="agree" id="agree" value="agree" /> <label for='agree'>
<a href="../Terms1.php" target="_blank"><span style="color: #454545; font-size: 10px">By uploading a file here, you agree to these <u>Upload Terms/Agreement</u></a></span>
</label>
</div>
<div class="control-group">
<div class='controls'>
<label class="myLabel1">
<input type="submit" name="submit" value="Submit" class="btn" style="opacity: 0">
</label><
</div>
</form>
</fieldset>

<script>
var ids = ['input', 'message', 'button'];
var obj = {};

ids.forEach(function (v) {
    obj[v] = document.getElementById(v);
});

obj.input.style.display = 'none';
obj.button.style.display = 'inline-block';

obj.input.addEventListener('change', function () {
    var filename = this.value.replace(/^.*[\\\/]/, '');
		obj.message.innerHTML  = filename;
    obj.message.style.display = 'inline-block';
});

obj.button.addEventListener('click', function (e) {
    e.preventDefault();

    obj.input.click();
});

</script>
<?php
if ($message != "" || @$_SESSION['message'] != "") {
    ?>
    <div class="alert alert-success">
    <?php echo $message; ?>
    <?php
    echo @$_SESSION['message'];
    @$_SESSION['message'] = '';
    ?>
    </div>
    <?php
}
?>
<div>
</div>

<?php require_once 'footer.php'; ?>

Edited February 25, 2017 by Chrisj

[ginerjm]

What a mess of code! Didn't even try to figure out what you are attempting to do here but did search for how you handled the checkbox.

 

You have a JS function that is trying to check the checkbox being checked. You have no php code trying to do that. Personally that would be the first thing I would do in the script - look for the checkbox being set (!!!) since if it is not checked it won't show up in your $_POST array. Currently you do all the file upload logic without checking if your "requirements" have been met. That is backwards.

 

So - the real problem. Where do you call the 'validate()' function? I couldn't find the word 'validate' in your entire script(s) so that means it is not being used.