Page 1 of 1

PHP formmail, upload photos

Posted: Sun May 29, 2005 12:03 am
by marinajc
I do not know much about PHP. I would like to be able to allow visitors to upload photos via my php formmail. Anyone have straight forward info on how to do this? I've looked at a few tutorials, but they are a little too advanced for me.

Thanks in advance! :D

Posted: Sun May 29, 2005 4:00 am
by timvw
What is wrong with the section in the manual?

http://www.php.net/manual Chapter 38

WILLING TO PAY SOMEONE - php upload

Posted: Mon May 30, 2005 11:40 am
by marinajc
Willing to pay someone to set this up for me and show me how it was done so I can replicate it on other sites. Name your price if you accept PayPal.

Thanks



"The __URL__ in the above example should be replaced, and point to a PHP file. "

Which file?

"$_FILES['userfile']['name']
The original name of the file on the client machine."

Huh???

$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".

user file? what goes there? what goes in type?

$_FILES['userfile']['tmp_name']
The temporary filename of the file in which the uploaded file was stored on the server.

Huh????????

$_FILES['userfile']['error']
The error code associated with this file upload. This element was added in PHP 4.2.0


Files will, by default be stored in the server's default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The server's default directory can be changed by setting the environment variable TMPDIR in the environment in which PHP runs. Setting it using putenv() from within a PHP script will not work. This environment variable can also be used to make sure that other operations are working on uploaded files, as well.


DOUBLE HUH??????

Posted: Mon May 30, 2005 11:58 am
by Ambush Commander
"The __URL__ in the above example should be replaced, and point to a PHP file. "

Which file?
It's HTML code. When you submit a form, it has an "action" value, basically where the browser sends the form. Obviously, the PHP file that they're talking about is the one that processes the file upload.
"$_FILES['userfile']['name']
The original name of the file on the client machine."

Huh???
It's pretty self explanatory. If I upload "somesmiley.gif" to a server, this will be filled with "somesmiley.gif" even though PHP may end up renaming it or something.
$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".

user file? what goes there? what goes in type?
Okay. Remember the form?

Code: Select all

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype=&quote;multipart/form-data&quote; action=&quote;__URL__&quote; method=&quote;POST&quote;>
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type=&quote;hidden&quote; name=&quote;MAX_FILE_SIZE&quote; value=&quote;30000&quote; />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name=&quote;userfile&quote; type=&quote;file&quote; />
    <input type=&quote;submit&quote; value=&quote;Send File&quote; />
</form>
There is an input, this one specifically:

Code: Select all

Send this file: <input name=&quote;userfile&quote; type=&quote;file&quote; />
It's name? "userfile". So, the associated information for that file gets put in $_FILES['userfile']. Had we named the field "ooglyboo", it would be located in $_FILES['ooglyboo']
$_FILES['userfile']['tmp_name']
The temporary filename of the file in which the uploaded file was stored on the server.

Huh????????
Hey, we gotta put the file somewhere. This is the path to where the file resides on the server: the server wrote it down temporarily, we have to decide whether or not we want to keep it (in the script).
$_FILES['userfile']['error']
The error code associated with this file upload. This element was added in PHP 4.2.0
In case something bad happened. ;)
Files will, by default be stored in the server's default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The server's default directory can be changed by setting the environment variable TMPDIR in the environment in which PHP runs. Setting it using putenv() from within a PHP script will not work. This environment variable can also be used to make sure that other operations are working on uploaded files, as well.

DOUBLE HUH??????
http://www.zend.com/zend/spotlight/uploading.php (hmm... I shouldn't have written all that)

Didnt work - Using Jacks formmail

Posted: Mon May 30, 2005 7:07 pm
by marinajc
Here's what I have at the top of my form:

Code: Select all

&lt;form name=&quote;WorkForUs&quote; method=&quote;Post&quote; action=&quote;formmail/formmail.php&quote; enctype=&quote;multipart/form-data&quote;&gt;
				&lt;FORM METHOD=POST ACTION=&quote;formmail/formmail.php&quote;&gt;
				&lt;INPUT TYPE=hidden NAME=&quote;recipient&quote; VALUE=&quote;admin@mydomain.com&quote;&gt;
				  &lt;INPUT TYPE=hidden NAME=&quote;redirect&quote; VALUE=&quote;http://www.mydomain.com/thankyou.htm&quote;&gt;
				 &lt;input type=&quote;hidden&quote; name=&quote;MAX_FILE_SIZE&quote; value=&quote;100000&quote; /&gt;

I submitted the form which arrived in my mail fine. However, there were no photos attached that I uploaded from the form. What am I doing wrong?

Thanks

Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting. Review   [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Mon May 30, 2005 7:42 pm
by Burrito
you only need one opening form tag and the top one looks more correct than the second if you're trying to upload files...

Code: Select all

<form name=&quote;MyForm&quote; action=&quote;formmail/formmail.php&quote; enctype=&quote;multipart/form-data&quote; method=&quote;post&quote;> 
<input type=&quote;file&quote; name=&quote;MyFile&quote;>
<input type=&quote;submit&quote; value=&quote;Upload File&quote;>
</form>

then on formmail.php you'll have to to code your script to do something with the file once it's uploaded.

I suggest you familiarize yourself with the $_FILES[] array.

formmail.php

Posted: Mon May 30, 2005 8:19 pm
by marinajc
Below is my script. What do I need to change or add so that the photos end up in my mail?

Thanks

Code: Select all

<?
/*
##############################################################################
# PLEASE DO NOT REMOVE THIS HEADER!!!
#
# COPYRIGHT NOTICE
#
# FormMail.php v4.2
# (Originally v4.1b -- Fixed to illiminate spam gateway exploit)
# Fixed by Tom Parkison ( trparky@toms-world.org )
#
# Copyright 2000,2001 Ai Graphics and Joe Lumbroso (c) All rights reserved.
# Created 07/06/00   Last Modified 08/06/2001
# Joseph Lumbroso, http://www.aigraphics.com, http://www.dtheatre.com
#                  http://www.lumbroso.com/scripts/
##############################################################################
#
# This cannot and will not be inforced but I would appreciate a link back
# to any of these sites:
# http://www.dtheatre.com
# http://www.aigraphics.com
# http://www.lumbroso.com/scripts/
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
##############################################################################
*/

// formmail version (for debugging mostly)
$version = "4.2";

$allowed_email_recipients_array = array('canadacompanions.com');
# THIS IS REQUIRED FOR THE SCRIPT TO RUN.  YOU MUST FILL IT IN WITH YOUR
# DOMAIN NAME.  THIS IS TO CORRECT THE SPAM GATEWAY EXPLOIT IN v4.1b.
#
# THE VALUES CAN BE FULL EMAIL ADDRESSES OR JUST DOMAIN NAMES.

// referers.. domains/ips that you will allow forms to
// reside on.
$referers = array('canadacompanions.com');

// banned emails, these will be email addresses of people
// who are blocked from using the script (requested)
$banlist = array();

// our mighty error function..
function print_error($reason,$type = 0) {
   global $version;
   build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet);
   // for missing required data
   if ($type == "missing") {
      ?>
      The form was not submitted for the following reasons:<p>
     <ul><?
     echo $reason."\n";
     ?></ul>
     Please use your browser's back button to return to the form and try again.<?
   } else { // every other error
      ?>
      The form was not submitted because of the following reasons:<p>
      <?
   }
   echo "<br><br>\n";
   echo "<small>This form is powered by <a href=\"http://www.lumbroso.com/scripts/\">Jack's Formmail.php $version!</a></small>\n\n";
   exit;
}

// function to check the banlist
// suggested by a whole lot of people.. Thanks
function check_banlist($banlist, $email) {
   if (count($banlist)) {
      $allow = true;
      foreach($banlist as $banned) {
         $temp = explode("@", $banned);
         if ($temp[0] == "*") {
            $temp2 = explode("@", $email);
            if (trim(strtolower($temp2[1])) == trim(strtolower($temp[1])))
               $allow = false;
         } else {
            if (trim(strtolower($email)) == trim(strtolower($banned)))
               $allow = false;
         }
      }
   }
   if (!$allow) {
      print_error("You are using from a <b>banned email address.</b>");
   }
}

// function to check the referer for security reasons.
// contributed by some one who's name got lost.. Thanks
// goes out to him any way.
function check_referer($referers) {
   if (count($referers)) {
      $found = false;
      $temp = explode("/",getenv("HTTP_REFERER"));
      $referer = $temp[2];
      for ($x=0; $x < count($referers); $x++) {
         if (eregi ($referers[$x], $referer)) {
            $found = true;
         }
      }
      if (!getenv("HTTP_REFERER"))
         $found = false;
      if (!$found){
         print_error("You are coming from an <b>unauthorized domain.</b>");
         error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
      }
         return $found;
      } else {
         return true; // not a good idea, if empty, it will allow it.
   }
}
if ($referers)
   check_referer($referers);

if ($banlist)
   check_banlist($banlist, $email);

// parse the form and create the content string which we will send
function parse_form($array) {
   // build reserved keyword array
   $reserved_keys[] = "MAX_FILE_SIZE";
   $reserved_keys[] = "required";
   $reserved_keys[] = "redirect";
   $reserved_keys[] = "email";
   $reserved_keys[] = "require";
   $reserved_keys[] = "path_to_file";
   $reserved_keys[] = "recipient";
   $reserved_keys[] = "subject";
   $reserved_keys[] = "bgcolor";
   $reserved_keys[] = "text_color";
   $reserved_keys[] = "link_color";
   $reserved_keys[] = "vlink_color";
   $reserved_keys[] = "alink_color";
   $reserved_keys[] = "title";
   $reserved_keys[] = "missing_fields_redirect";
   $reserved_keys[] = "env_report";
   if (count($array)) {
      while (list($key, $val) = each($array)) {
         // exclude reserved keywords
         $reserved_violation = 0;
         for ($ri=0; $ri<count($reserved_keys); $ri++) {
            if ($key == $reserved_keys[$ri]) {
               $reserved_violation = 1;
            }
         }
         // prepare content
         if ($reserved_violation != 1) {
            if (is_array($val)) {
               for ($z=0;$z<count($val);$z++) {
                  $content .= "$key: $val[$z]\n";
               }
            } else {
               $content .= "$key: $val\n";
            }
         }
      }
   }
   return $content;
}

// mail the content we figure out in the following steps
function mail_it($content, $subject, $email, $recipient, $allowed_email_recipients_array) {

// INCLUDED TO FIX SPAM GATEWAY EXPLOIT

$recipient_array = explode(",", $recipient);
$size_of_recipients_array = count($recipient_array);
$size_of_allowed_recipients_array = count($allowed_email_recipients_array);
for ($recipients_array_count = 0; $recipients_array_count != $size_of_recipients_array; $recipients_array_count++) {
 for ($allowed_recipients_array_count = 0; $allowed_recipients_array_count != $size_of_allowed_recipients_array; $allowed_recipients_array_count++) {
  if ( stristr($recipient_array[$recipients_array_count],$allowed_email_recipients_array[$allowed_recipients_array_count]) ) {
   if ($new_recipient == "") {
    $new_recipient = $recipient_array[$recipients_array_count];
   }
   else {
    $new_recipient .= ",";
    $new_recipient .= "$recipient_array[$recipients_array_count]";
   }
  }
 }
}

$recipient = $new_recipient;

// INCLUDED TO FIX SPAM GATEWAY EXPLOIT

        mail($recipient, $subject, $content, "From: $email\r\nReply-To: $email\r\nX-Mailer: DT_formmail");
}

// take in the body building arguments and build the body tag for page display
function build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet) {
   if ($style_sheet)
      echo "<LINK rel=STYLESHEET href=\"$style_sheet\" Type=\"text/css\">\n";
   if ($title)
      echo "<title>$title</title>\n";
   if (!$bgcolor)
      $bgcolor = "#FFFFFF";
   if (!$text_color)
      $text_color = "#000000";
   if (!$link_color)
      $link_color = "#0000FF";
   if (!$vlink_color)
      $vlink_color = "#FF0000";
   if (!$alink_color)
      $alink_color = "#000088";
   if ($background)
      $background = "background=\"$background\"";
   echo "<body bgcolor=\"$bgcolor\" text=\"$text_color\" link=\"$link_color\" vlink=\"$vlink_color\" alink=\"$alink_color\" $background>\n\n";
}

// check for a recipient email address and check the validity of it
// Thanks to Bradley miller (bradmiller@accesszone.com) for pointing
// out the need for multiple recipient checking and providing the code.
$recipient_in = split(',',$recipient);
for ($i=0;$i<count($recipient_in);$i++) {
   $recipient_to_test = trim($recipient_in[$i]);
   if (!eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,3}$", $recipient_to_test)) {
      print_error("<b>I NEED VALID RECIPIENT EMAIL ADDRESS ($recipient_to_test) TO CONTINUE</b>");
   }
}

// This is because I originally had it require but too many people
// were used to Matt's Formmail.pl which used required instead.
if ($required)
   $require = $required;
// handle the required fields
if ($require) {
   // seperate at the commas
   $require = ereg_replace( " +", "", $require);
   $required = split(",",$require);
   for ($i=0;$i<count($required);$i++) {
      $string = trim($required[$i]);
      // check if they exsist
      if((!(${$string})) || (!(${$string}))) {
         // if the missing_fields_redirect option is on: redirect them
         if ($missing_fields_redirect) {
            header ("Location: $missing_fields_redirect");
            exit;
         }
         $require;
         $missing_field_list .= "<b>Missing: $required[$i]</b><br>\n";
      }
   }
   // send error to our mighty error function
   if ($missing_field_list)
      print_error($missing_field_list,"missing");
}

// check the email fields for validity
if (($email) || ($EMAIL)) {
   $email = trim($email);
   if ($EMAIL)
      $email = trim($EMAIL);
   if (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $email)) {
      print_error("your <b>email address</b> is invalid");
   }
   $EMAIL = $email;
}

// check zipcodes for validity
if (($ZIP_CODE) || ($zip_code)) {
   $zip_code = trim($zip_code);
   if ($ZIP_CODE)
      $zip_code = trim($ZIP_CODE);
   if (!ereg("(^[0-9]{5})-([0-9]{4}$)", trim($zip_code)) && (!ereg("^[a-zA-Z][0-9][a-zA-Z][[]][0-9][a-zA-Z][0-9]$", trim($zip_code))) && (!ereg("(^[0-9]{5})", trim($zip_code)))) {
      print_error("your <b>zip/postal code</b> is invalid");
   }
}

// check phone for validity
if (($PHONE_NO) || ($phone_no)) {
   $phone_no = trim($phone_no);
   if ($PHONE_NO)
      $phone_no = trim($PHONE_NO);
   if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $phone_no)) {
      print_error("your <b>phone number</b> is invalid");
   }
}

// check phone for validity
if (($FAX_NO) || ($fax_no)) {
   $fax_no = trim($fax_no);
   if ($FAX_NO)
      $fax_no = trim($FAX_NO);
   if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $fax_no)) {
      print_error("your <b>fax number</b> is invalid");
   }
}

// prepare the content
$content = parse_form($HTTP_POST_VARS);

// check for a file if there is a file upload it
if ($file_name) {
   if ($file_size > 0) {
      if (!ereg("/$", $path_to_file))
         $path_to_file = $path_to_file."/";
      $location = $path_to_file.$file_name;
      if (file_exists($path_to_file.$file_name))
         $location .= ".new";
      copy($file,$location);
      unlink($file);
      $content .= "Uploaded File: ".$location."\n";
   }
}

// second file.
if ($file2_name) {
   if ($file_size > 0) {
      if (!ereg("/$", $path_to_file))
         $path_to_file = $path_to_file."/";
      $location = $path_to_file.$file2_name;
      if (file_exists($path_to_file.$file2_name))
         $location .= ".new";
      copy($file2,$location);
      unlink($file2);
      $content .= "Uploaded File: ".$location."\n";
   }
}

// if the env_report option is on: get eviromental variables
if ($env_report) {
   $env_report = ereg_replace( " +", "", $env_report);
   $env_reports = split(",",$env_report);
   $content .= "\n------ eviromental variables ------\n";
   for ($i=0;$i<count($env_reports);$i++) {
      $string = trim($env_reports[$i]);
      if ($env_reports[$i] == "REMOTE_HOST")
         $content .= "REMOTE HOST: ".$REMOTE_HOST."\n";
      else if ($env_reports[$i] == "REMOTE_USER")
         $content .= "REMOTE USER: ". $REMOTE_USER."\n";
      else if ($env_reports[$i] == "REMOTE_ADDR")
         $content .= "REMOTE ADDR: ". $REMOTE_ADDR."\n";
      else if ($env_reports[$i] == "HTTP_USER_AGENT")
         $content .= "BROWSER: ". $HTTP_USER_AGENT."\n";
   }
}

// if the subject option is not set: set the default
if (!$subject)
   $subject = "Form submission";

// send it off
mail_it(stripslashes($content), stripslashes($subject), $email, $recipient, $allowed_email_recipients_array);

// if the redirect option is set: redirect them
if ($redirect) {
   header ("Location: $redirect");
   exit;
} else {
   print "Thank you for your submission\n";
   echo "<br><br>\n";
   echo "<small>This form is powered by <a href=\"http://www.lumbroso.com/scripts/\">Jack's Formmail.php $version!</a></small>\n\n";
   exit;
}

// <----------    THE END    ----------> //
Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting. Review   [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Mon May 30, 2005 8:20 pm
by shiznatix
8O please add the php code tags to your php code! nobody can/wants to read that
seriously please add the php code tags to your posts. the buttons are right there above the posting textarea and they are very very very helpful.

Posted: Mon May 30, 2005 8:52 pm
by Burrito
shiznatix wrote:
8O please add the php code tags to your php code! nobody can/wants to read that
seriously please add the php code tags to your posts. the buttons are right there above the posting textarea and they are very very very helpful.
ugghhh!!

Posted: Mon May 30, 2005 8:57 pm
by John Cartwright
Note: Thread will be locked if you continue to post code with the proper tags. Please

Review :arrow: Posting Code in the Forums

Thank you.

Posted: Mon May 30, 2005 9:47 pm
by John Cartwright
Posting very lenghthy code without any follow up writting is literaly useless. You'll find a lot more people will reply if you can pick up relevant pieces of code and show that, instead of the whole script.

Since you mentioned it before, let me know if you would like me to move this to the Volunteer section or Job Hunt.

As I said...

Posted: Mon May 30, 2005 10:23 pm
by marinajc
Obviously I've come to the wrong place. I said I didnt know much about php. I've even offered to pay.....adios amigos

Posted: Tue May 31, 2005 3:54 am
by timvw
That's a lot of code for a relatively simple task...

I would be ashamed if the following code was mine :p
It would think me@timvw.info is invalid...

Code: Select all

// check for a recipient email address and check the validity of it
// Thanks to Bradley miller (bradmiller@accesszone.com) for pointing
// out the need for multiple recipient checking and providing the code.
$recipient_in = split(',',$recipient);
for ($i=0;$i<count($recipient_in);$i++) {
   $recipient_to_test = trim($recipient_in&#1111;$i]);
   if (!eregi(&quote;^&#1111;_\\.0-9a-z-]+@(&#1111;0-9a-z]&#1111;0-9a-z-]+\\.)+&#1111;a-z]{2,3}$&quote;, $recipient_to_test)) {
      print_error(&quote;<b>I NEED VALID RECIPIENT EMAIL ADDRESS ($recipient_to_test) TO CONTINUE</b>&quote;);
   }
}

Actually, your code is ancient.. Everybody uses $_GET/$_POST/$_FILES nowadays. All it does is accept an uploaded file and copy it to somewhere.new.

You can find a glood class, and examples of how to use it at http://www.phpclasses.org/browse/package/9.html.