Page 1 of 2
PHP Form attachment corrupt, and tiny
Posted: Wed Jun 24, 2009 7:18 pm
by cardi777
Hi all.
I recently have been put the the task of making a form which sends an email with an attachment.
This works fine on our company server, but not on the one I need it to. I am talking file sizes of 6kb just don't attach properly.
Emails are showing up, but the attachments are 300 bytes aprox!?!?
I have been researching high and low trying to figure out why this happens and I just can't figure it out. Here is the code for what its worth. since this works on other servers, i doubt its the code.
max_execution_time = 30
max_input_time = 60
memory_limit = 128
upload_max_filesize = 2m
post_max_size = 8m
Error reporting is on E_ALL and im not getting any notices!?
Code: Select all
<?php
// Read POST request params into global vars
$to = "me@somewhere.com";
$replyTo = $_POST['email'];
$from = $_POST['firstname'] . " " . $_POST['lastname'];
$subject = "Job Application Submission";
//
$action = "send";
$todo = "mail";
// Obtain file upload vars
$fileatt = $_FILES['cv_attachment']['tmp_name'];
$fileatt_type = $_FILES['cv_attachment']['type'];
$fileatt_name = $_FILES['cv_attachment']['name'];
$fileatt_size = $_FILES['cv_attachment']['size'];
//echo "File size is: $fileatt_size";
//
intval($fileatt_size);
//
if($fileatt_size > 2000000){
header('Location: job-form.php?response=File size must be less than 2mb.');
$confirm = "false";
}
//
$first_name = $_REQUEST['first_name'];
$last_name = $_REQUEST['last_name'];
$address_1 = $_REQUEST['address_1'];
$address_2 = $_REQUEST['address_2'];
$suburb = $_REQUEST['suburb'];
$state = $_REQUEST['state'];
$postcode = $_REQUEST['postcode'];
$phone = $_REQUEST['phone'];
$mobile = $_REQUEST['mobile'];
$email = $_REQUEST['email'];
$interested = $_REQUEST['interested'];
$applying = $_REQUEST['applying'];
$work_type = $_REQUEST['work_type'];
$comments = $_REQUEST['comments'];
//
$message = "Name: $first_name $last_name\n
Address 1: $address_1\n
Address 2: $address_2\n
Suburb: $suburb\n
State: $state\n
Postcode: $postcode\n
Phone: $phone\n
Mobile: $mobile\n
Email: $email\n
Position of interest: $interested\n
Company of interest: $applying\n
Work Type: $work_type\n
General Comments: $comments";
$headers = "From: " . $from . "\r\nReply-To: " . $replyTo;
if (is_uploaded_file($fileatt)) {
// Read the file to be attached ('rb' = read binary)
$file = fopen($fileatt,'rb');
$data = fread($file,filesize($fileatt));
//$data = implode('', file($fileatt));
fclose($file);
// Generate a boundary string
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
// Add the headers for a file attachment
$headers .= "\nMIME-Version: 1.0\n" .
"Content-Type: multipart/mixed;\n" .
" boundary=\"{$mime_boundary}\"";
// Add a multipart boundary above the plain message
$message = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
// Base64 encode the file data
$data = chunk_split(base64_encode($data));
// Add file attachment to the message
$message .= "--{$mime_boundary}\n" .
"Content-Type: {$fileatt_type};\n" .
" name=\"{$fileatt_name}\"\n" .
//"Content-Disposition: attachment;\n" .
//" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n" .
"--{$mime_boundary}--\n";
}
// Send the message
if($confirm != "false"){
mail($to, $subject, $message, $headers);
}
?>
If anyone can solve this mystery, .. i applaud you
Cheers,
Doug
Re: PHP Form attachment corrupt, and tiny
Posted: Thu Jun 25, 2009 11:28 am
by Eric!
Have you compared the raw text email messsages you are receiving on the server that is not working with the one that is? Perhaps the mime / encoding isn't working quite right somewhere along the chain. How are you checking the attachments, outlook?
One other unimportant thing is if the filesize is passed in bytes 2mb=2097152.
Also this appears to be a form open to the general public. You need to filter the input fields to avoid injection attacks and embarrassing your company.
Re: PHP Form attachment corrupt, and tiny
Posted: Fri Jun 26, 2009 1:45 am
by cardi777
McInfo wrote:May I see the form that is being submitted to this script?
Code: Select all
<form action="job-form-thankyou.php" method="post" [b]enctype="multipart/form-data"[/b] name="submitJob" id="submitJob">
bla bla
</form>
Re: PHP Form attachment corrupt, and tiny
Posted: Fri Jun 26, 2009 1:54 am
by cardi777
McInfo wrote:Instead of using fread() to read the entire contents of the file, try file_get_contents().
ill give file_get_contents() a shot!
McInfo wrote:
If that doesn't work, instead of sending the email, echo $message to see if the entire file is attached. Can you provide more information about the two servers (operating system, PHP server, versions, etc.)?
What am I looking for in the $message to indicate is attached?
Its php version is 5.2.8 operating with IIS 7
max_execution_time = 30
max_input_time = 60
memory_limit = 128
upload_max_filesize = 2m
post_max_size = 8m
McInfo wrote:Here are some other problems that aren't necessarily related.
- There are two naming conventions used for first/last names. One has an underscore (lines 30-31), the other doesn't (line 5).
- On line 21, intval() does not change $fileatt_size because intval() operates on a variable by value, not by reference.
1. You are right, I didn't notice that. Ill fix that up.
2. So I can delete that line? I don't fully understand that part of the code to be honest.
wow thanks so much McInfo
Re: PHP Form attachment corrupt, and tiny
Posted: Fri Jun 26, 2009 2:06 am
by cardi777
Eric! wrote:Have you compared the raw text email messsages you are receiving on the server that is not working with the one that is? Perhaps the mime / encoding isn't working quite right somewhere along the chain. How are you checking the attachments, outlook?
How do you look at meesages raw? I am using outlook. Attachments always appear, just really tiny and not openable. This isn' the case on other servers
I echoed the message in php and this is what I got:
Code: Select all
This is a multi-part message in MIME format. --==Multipart_Boundary_x8d903d21d1464d913b9abcc8aad47044x Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Name: first_name last_name Address 1: address_1 Address 2: address_2 Suburb: suburb State: state Postcode: postcode Phone: phone Mobile: mobile Email: example@example.com Position of interest: interested Company of interest: -- Select -- Work Type: -- Select -- General Comments: comments --==Multipart_Boundary_x8d903d21d1464d913b9abcc8aad47044x Content-Type: image/jpeg; name="Friday, April 03, 2009_img01.jpg" Content-Transfer-Encoding: base64 --==Multipart_Boundary_x8d903d21d1464d913b9abcc8aad47044x--
Eric! wrote:One other unimportant thing is if the filesize is passed in bytes 2mb=2097152.
How can I figure this out or change it?
Eric! wrote: Also this appears to be a form open to the general public. You need to filter the input fields to avoid injection attacks and embarrassing your company.
Can you tell me what you mean - are you talking about live attacks from spammers when it goes live, and installing some input stripping tags? Id like to know what you mean by this comment
fread
Posted: Fri Jun 26, 2009 2:18 am
by cardi777
I tried replacing this....
Code: Select all
$file = fopen($fileatt,'rb');
$data = fread($file,filesize($fileatt));
with this
Code: Select all
$file = fopen($fileatt,'rb');
$data = file_get_contents($file);
Mail delivered, but it didn't fix the problem. Is this how you would use it?
Is this code recommended ...
Code: Select all
$data = chunk_split(base64_encode($data));
Thanks guys
Doug!
Re: PHP Form attachment corrupt, and tiny
Posted: Fri Jun 26, 2009 9:45 am
by Eric!
Lets just focus on the biggest problems. What is your form doing? There are no input fields and nothing to setup $_FILE data. Looking at your $message output shows your variables are empty. But then how did this get set
name="Friday, April 03, 2009_img01.jpg"
Is that a valid file? How did you get this filename info when your form is empty? Is the php you posted from "job-form-thankyou.php"? Did you post the wrong form?
This is a typical input html form for just a file
Code: Select all
<form enctype="multipart/form-data" action="YourScriptHere.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="200000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>
Edit: added form example
Re: PHP Form attachment corrupt, and tiny
Posted: Fri Jun 26, 2009 7:33 pm
by Eric!
McInfo wrote:I think cardi777 misunderstood what I was asking for and only provided the <form> tags.
I thought that too, but all the post data is empty, the filename looks suspect (what would IE return in this case? junk, cached stuff, null, ?) and then I saw there was no encoded data. Maybe cardi777 is just removing these things to add to the challenge. Or could cardi777 be trying to run the php script directly?
Perhaps the chunks do need to be smaller. I have also had problems getting outlook to handle attachments, but the code output looks ok to me (excluding the missing data).
Re: PHP Form attachment corrupt, and tiny
Posted: Sat Jun 27, 2009 1:19 am
by cardi777
Eric! wrote:Lets just focus on the biggest problems. What is your form doing? There are no input fields and nothing to setup $_FILE data. Looking at your $message output shows your variables are empty. But then how did this get set
name="Friday, April 03, 2009_img01.jpg"
Is that a valid file? How did you get this filename info when your form is empty? Is the php you posted from "job-form-thankyou.php"? Did you post the wrong form?
This is a typical input html form for just a file
Code: Select all
<form enctype="multipart/form-data" action="YourScriptHere.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="200000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>
Edit: added form example
I thought that maybe for security reasons I shouldn't post the html form stuff, so i posted the form header. Someone elses message about security spooked me a little. Please forgive me for confusing anyone

As I mentioned in other posts, the textfields and $_FILE comes through fine, and the form/job-form-thankyou.php works 100% on other servers. File is attached and the correct file size, completely downloadable and previewable. But the clients server just can't do it, attachments get corrupt.
"Friday, April 03, 2009_img01.jpg" is a valid file, i have been using screen grabs to send, and other scrap files i have on my desktop that are small enough to use as test files.
Re: PHP Form attachment corrupt, and tiny
Posted: Sat Jun 27, 2009 1:28 am
by cardi777
McInfo wrote:cardi777 wrote:<form...bla bla</form>
I was hoping you would include the <input> tags. I wanted to check which naming convention was used in the form for first/last names. Nevermind.
Eric! wrote:What is your form doing? There are no input fields and nothing to setup $_FILE data.
I think cardi777 misunderstood what I was asking for and only provided the <form> tags.
cardi777 wrote:Its php version is 5.2.8 operating with IIS 7
Was the server that worked running IIS or Apache?
cardi777 wrote:So I can delete that line? (21)
Yes.
cardi777 wrote:I tried replacing this....with this
The file_get_contents() function takes a string path, not a file resource. Replace fopen(), fread(), and fclose() with file_get_contents().
Code: Select all
$data = file_get_contents($fileatt);
$data = chunk_split(base64_encode($data));
cardi777 wrote:What am I looking for in the $message to indicate is attached?
There should be some characters between the "Content-Transfer-Encoding: base64" and the "--==Multipart_Boundary". I see from your later post that this is missing.
By looking at the message in your browser before it is mailed, you can determine where the problem is occurring. If the message looks correct in the browser, maybe the problem is not necessarily with the script. You could try mailing the message to a GMail/Hotmail/Yahoo! account to see if the problem is with Outlook.
PHP Manual wrote:mail() -- Each line should be separated with a LF (\n). Lines should not be larger than 70 characters.
chunk_split() -- The line ending sequence defaults to "\r\n". The chunk length defaults to 76.
The script works the way it is on Apache, but maybe IIS is more picky about the line lengths.
Code: Select all
$data = chunk_split(base64_encode($data), 68);
// or
$data = chunk_split(base64_encode($data), 68, "\n");
1. Sorry, didn't know if I was being too insecure about giving that out. I assure you, the form is fine.
2. Server that worked was running IIS 6 with php ver 5.2.3.
3. I had a go at your code before you gave me that code example - i did it wrong

Will try your way
4. Geez you are right.... maybe it is a matter of sending to gmail/hotmail etc. Its so obvious, why didn't i try that!?!?
5. I will have a go at incorporating that line break restriction. I had no idea about that either. People at this forum have a pretty rich knowledge of this technical html mail stuff
Thanks
HEAPS! I have been working on this form for 2 weeks now, when it was due 1 and a half weeks ago. I really hope I can resolve this with your help.
Cheers,
Doug
Re: PHP Form attachment corrupt, and tiny
Posted: Sat Jun 27, 2009 7:48 am
by Eric!
Doug,
You can also log into your server via telnet and directly inspect the text content of your mailbox using 'more', before outlook transfers it. You can the see if there is a difference between the servers. Outlook isn't good about showing the raw message. You can also send the same file via outlook and compare the differences to your script right inside your mailbox folders in raw text.
Before you put this live, make sure to filter the input fields. As your code is now spammers can inject messages to other people and it will originate from your domain (via your reply to field).
Example injection:
http://www.damonkohler.com/2008/12/email-injection.html
For filtering header fields:
Code: Select all
function InjectionAttempt($input) // this returns 1 if any injection characters are present
{
if (eregi("%0a", $input) ||
eregi("%0d", $input) ||
eregi("Content-Type:", $input) ||
eregi("bcc:", $input) ||
eregi("to:", $input) ||
eregi("cc:", $input))
{
return 1; // bastards
}
else
{
return 0;
}
}
Re: PHP Form attachment corrupt, and tiny
Posted: Sun Jun 28, 2009 11:02 pm
by cardi777
McInfo wrote:cardi777 wrote:People at this forum have a pretty rich knowledge of this technical html mail stuff
It's all in the manual.
sure is in the manual, but there are concepts, and principles I can't really understand until I have gone through a few hoops

Re: PHP Form attachment corrupt, and tiny
Posted: Mon Jun 29, 2009 7:39 pm
by cardi777
None of the above solutions worked for my problem, but i got some good advice along the way! Thanks guys
I have figured it out though. The issues is php.ini related.
Uploading to a location which isn't inside the same address as what is in OPEN_BASEDIR causes a restriction the be imposed.
So either make open_basedir the same location as upload_tmp_dir, or give open_basedir no value!
I hope this helps others. I'm sure they are out there!
Cheers,
Doug
Re: PHP Form attachment corrupt, and tiny
Posted: Mon Jun 29, 2009 10:56 pm
by Eric!
Strange that it would do a partial upload. Maybe outlook was just confused with blank data. I didn't think of the ini file...good one!
Re: PHP Form attachment corrupt, and tiny
Posted: Mon Jun 29, 2009 11:39 pm
by cardi777
i looked high and low to figure this out. I'm sure this is happening to other people