Yesideez Posted April 4, 2008 Share Posted April 4, 2008 Hi, Got a script where users can upload an MP3 or OGG file up to 10MB and I also use a captcha code. Problem is, when the users get the code wrong the file still has to be uploaded before the code is checked and as we're not perfect there's bound to be some people out there who'll have problems with it - the captcha code cannot be removed. Add to the fact that the file can be up to 10MB this can cause some frustration. Is there any way I can validate the captcha code before the file is processed? As it stands I've tried to verify the code first but it still insists on uploading the file first. Link to comment https://forums.phpfreaks.com/topic/99527-validate-captcha-before-uploading-attachment/ Share on other sites More sharing options...
Yesideez Posted April 4, 2008 Author Share Posted April 4, 2008 Apologies for this "bump" but this script is a favour for a friend and I'm sat here not knowing which way to go... Link to comment https://forums.phpfreaks.com/topic/99527-validate-captcha-before-uploading-attachment/#findComment-509187 Share on other sites More sharing options...
soycharliente Posted April 4, 2008 Share Posted April 4, 2008 I guess this sounds really simple to me, but then again I cannot see the code... Just check to see if what they typed is right before you call the code that uploads the file. Link to comment https://forums.phpfreaks.com/topic/99527-validate-captcha-before-uploading-attachment/#findComment-509206 Share on other sites More sharing options...
Yesideez Posted April 4, 2008 Author Share Posted April 4, 2008 The browser itself is uploading the file as the first thing I'm doing is to check the captcha code. Here's the entire script anyway... <?php session_start(); //NEEDS TO HAVE THIS AS FIRST LINE BECAUSE WE'RE USING A SESSION VARIABLE define("INT_MAXFILESIZE",1024*1024*10); //LIMIT THE ATTACHMENT TO 10MB $arrAllowed=array('mp3','ogg'); //THE ALLOWED FILE TYPES $opMode='gather'; $strMsg='Please complete the following form:'; $strName=$_POST['strname']; $txtAddress=$_POST['txtaddress']; $strPhone=$_POST['strphone']; //TREAT IT AS A STRING AS USER MAY ADD THEIR STD IN BRACKETS $strWebsite=str_replace('http://','',strtolower($_POST['strwebsite'])); //REMOVE THE HTTP HEADER - SAVES TROUBLE LATER $strEmail=strtolower($_POST['stremail']); $strPPEmail=strtolower($_POST['strppemail']); $txtLyrics=$_POST['txtlyrics']; $txtMessage=$_POST['txtmessage']; $strHearAbout=$_POST['strhearabout']; $strSpamCode=$_POST['strspamcode']; echo 'File: '.$_FILES['attachment']['name'].'<br />'; //DEBUG ONLY if ($_POST['subsend']) { if (md5($_POST['vcode'])==$_SESSION['vercode']) { if (strlen($strName)>1) { if (strlen($txtAddress)>1) { if (strlen($strPhone)>1) { if (preg_match('/^[a-z0-9_-]+(\.[a-z0-9_-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.[a-z]{2,4}$/i',$strEmail)==1) { if (strlen($txtLyrics)>1) { if (strlen($txtMessage)>1) { $txtBody='Phone: '.stripslashes($strPhone)."\n\n".stripslashes($txtMessage); $retCode=mailAttachment($_FILES['attachment']['tmp_name'],$_FILES['attachment']['name'],'REMOVED',stripslashes($strEmail),stripslashes($strName),stripslashes($strEmail),stripslashes($strSubject),$txtBody); switch ($retCode['success']) { case 0:echo 'FAILED<br />';break; case 1: //header('Location: thanks.html'); //header('Location: thanks.php?name='.$retCode['filename'].'&size='.$retCode['filesize']); //exit; echo 'SUCCESS<br />'; echo 'Filename: '.$retCode['filename'].'<br />'; echo 'Filesize: '.number_format($retCode['filesize']).' bytes<br />'; break; case 2: echo 'FAILED - ATTACHMENT<br />'; case 3: echo 'FAILED - UNABLE TO OPEN ATTACHMENT<br />'; } } else {$strMsg='!You need to enter a message';} } else {$strMsg='!You need to enter your lyrics';} } else {$strMsg='!The email you\'ve provided doesn\'t appear to be valid';} } else {$strMsg='!You need to enter a phone number';} } else {$strMsg='!You need to supply your postal address';} } else {$strMsg='!You need to enter a contact name';} } else {$strMsg='!The verification code is incorrect';} } ?> <html> <head> <title>Test</title> <style type="text/css"> .gadstr { border: 1px #000000 solid; background-color: #dddddd; font: 12px verdana; } .gadtxt { border: 1px #000000 solid; background-color: #dddddd; font: 12px verdana; } .gadbtn { border: 1px #000000 solid; background-color: #ddffdd; font: 12px verdana; } </style> </head> <body> <?php if ($opMode=='gather') { ?> <strong><?=(substr($strMsg,0,1)=='!' ? '<span style="color: #ff0000">'.substr($strMsg,1,strlen($strMsg)-1).'</span>' : $strMsg)?></strong><br /><br /> <form action="<?=$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="<?=INT_MAXFILESIZE?>" /> Name <input type="text" name="strname" size="40" value="<?=stripslashes($strName)?>" class="gadstr" /><br /> Address <textarea name="txtaddress" cols="60" rows="7" class="gadtxt"><?=stripslashes($txtAddress)?></textarea><br /> Phone <input type="text" name="strphone" size="20" maxlength="14" value="<?=stripslashes($strPhone)?>" class="gadstr" /><br /> Website <input type="text" name="strwebsite" size="40" value="<?=stripslashes($strWebsite)?>" class="gadstr" /><br /> Contact Email <input type="text" name="stremail" size="40" value="<?=stripslashes($strEmail)?>" class="gadstr" /><br /> PayPal Email <input type="text" name="strppemail" size="40" value="<?=stripslashes($strPPEmail)?>" class="gadstr" /> (If different from above)<br /> Lyrics <textarea name="txtlyrics" cols="60" rows="10" class="gadtxt"><?=stripslashes($txtLyrics)?></textarea><br /> Message <textarea name="txtmessage" cols="60" rows="10" class="gadtxt"><?=stripslashes($txtMessage)?></textarea><br /> Hear About? <input type="text" name="strhearabout" size="40" value="<?=stripslashes($strHearAbout)?>" class="gadstr" /><br /> Music File <input type="file" name="attachment" size="50" class="gadstr" /> (MP3 or OGG files only)<br /><br /> <img src="includes/makeimg.php" alt="" width="130" height="34" border="0" /> Enter the code: <input type="text" name="vcode" size="8" maxlength="6" class="gadstr" /><br /><br /> <input type="submit" name="subsend" value="Send Email" class="gadbtn" /> </form> <?php } else if ($opMode=='sent') { ?> The email has been sent. <?php } else { ?> There was an error sending the email. <?php } ?> </body> </html> <?php /* This function returns an array depending on the outcome: ** success: ** 0=Failed sending the email ** 1=Success ** 2=Fail (Reason: attachment) ** 3=Fail (Reason: attachment uploaded but cannot be opened) ** ** If 'success' is 1 then the following fields are also returned: ** 'filename' Name of the file ** 'filesize' Size of the file in bytes *********************************************************************/ function mailAttachment($filename,$realfilename,$mailto,$from_mail,$from_name,$replyto,$subject,$message) { global $arrAllowed; $retCode=array('success' => 0,'filename' => '','filesize' => 0); $file=$filename; if (is_uploaded_file($filename)) { //DID THE FILE UPLOAD SUCCESSFULLY? $intFileSize=filesize($file); if ($handle=fopen($file,"r")) { $content=fread($handle,$intFileSize); fclose($handle); $content=chunk_split(base64_encode($content)); $uid=md5(uniqid(time())); $name=basename($file); $header="From: ".$from_name." <".$from_mail.">\r\n"; $header.="Reply-To: ".$replyto."\r\n"; $header.="MIME-Version: 1.0\r\n"; $header.="Content-Type: multipart/mixed; boundary=\"".$uid."\"\r\n\r\n"; $header.="This is a multi-part message in MIME format.\r\n"; $header.="--".$uid."\r\n"; $header.="Content-type:text/plain; charset=iso-8859-1\r\n"; $header.="Content-Transfer-Encoding: 7bit\r\n\r\n"; $header.=$message."\r\n\r\n"; $header.="--".$uid."\r\n"; $header.="Content-Type: application/octet-stream; name=\"".$realfilename."\"\r\n"; // use diff. types here $header.="Content-Transfer-Encoding: base64\r\n"; $header.="Content-Disposition: attachment; filename=\"".$realfilename."\"\r\n\r\n"; $header.=$content."\r\n\r\n"; $header.="--".$uid."--"; if (mail($mailto,$subject,"ITEM REMOVED",$header)) { $retCode['success']=1; //SUCCEEDED $retCode['filename']=$realfilename; $retCode['filesize']=$intFileSize; } else { $retCode['success']=0; //FAILED } } else { $retCode['success']=3; //FAILED - UNABLE TO OPEN ATTACHMENT } } else { $retCode['success']=2; //FAILED DUE TO ATTACHMENT } return $retCode; } ?> Link to comment https://forums.phpfreaks.com/topic/99527-validate-captcha-before-uploading-attachment/#findComment-509211 Share on other sites More sharing options...
Yesideez Posted April 4, 2008 Author Share Posted April 4, 2008 bump Link to comment https://forums.phpfreaks.com/topic/99527-validate-captcha-before-uploading-attachment/#findComment-509282 Share on other sites More sharing options...
soycharliente Posted April 7, 2008 Share Posted April 7, 2008 So you want the file to be uploaded no matter if the CAPTCHA code is correct or not? Then just moved the function outside all the if statements. Link to comment https://forums.phpfreaks.com/topic/99527-validate-captcha-before-uploading-attachment/#findComment-511103 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.