Page 1 of 1

mail() function send multiple emails, need help...

Posted: Fri Nov 11, 2005 3:17 pm
by WithHisStripes
Heya,
My script below is using the mail() function, everything works fine, but it sends three emails everytime it's sent. Can anyone tell me why and how I can fix this? Thanks!

-Spence

Code: Select all

<link href="style.css" rel="stylesheet" type="text/css">
<?php
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "../upload/";
$upload_url = $url_dir."../upload/";
$message ="";

mail('spencerhill@hookmedia.biz', "A client has uploaded a file to your server!", "This is an automatic notification that someone has uploaded a file to your server. Thank you for choosing Hook Media http://www.HookMedia.biz", "From: Your Website");

/************************************************************
 *     Create Upload Directory
 ************************************************************/
if (!is_dir("upload")) {
  if (!mkdir($upload_dir))
  	die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
  	die ("change permission to 755 failed.");
}

/************************************************************
 *     Process User's Request
 ************************************************************/
 
if ($_REQUEST[del])  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
  
  if (strpos($_REQUEST[del],"/.")>0);  //possible hacking
  else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)=="files/") {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

  $message = do_upload($upload_dir, $upload_url);
  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else 
	$message = "Invalid File Specified.";

/************************************************************
 *     List Files
 ************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<br><a href='$upload_dir$file'>".$file."</a>";
      $filelist .= "    <a href='?del=$upload_dir$file' title='delete'>x</a>";
   }
}

function do_upload($upload_dir, $upload_url) {

	$temp_name = $_FILES['userfile']['tmp_name'];
	$file_name = $_FILES['userfile']['name']; 
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
	$file_type = $_FILES['userfile']['type']; 
	$file_size = $_FILES['userfile']['size']; 
	$result    = $_FILES['userfile']['error'];
	$file_url  = $upload_url.$file_name;
	$file_path = $upload_dir.$file_name;

	//File Name Check
    if ( $file_name =="") { 
    	$message = "Invalid File Name Specified";
    	return $message;
    }
    //File Size Check
    else if ( $file_size > 2000000) {
    //	print $file_size;
    //    $message = "The file size is over 1MB.";
    //    return $message;
    }
    //File Type Check  -- Prevent possible attacks
    else if ( strpos($file_name,".php") !== false 
           || strpos($file_name,".cgi") !== false 
           || strpos($file_name,".htm") !== false 
           || strpos($file_name,".phtm") !== false ) 
      return;
    else if ( strpos($file_type,"image") !== false
      || $file_type == "application/msword");
    else {
        //$message = "Sorry, demo. only allows image or ms-word upload." ;
        //$message .= "<br>You may allow other types(i.e, .zip) on your own server." ;
        //return $message;
    }

    $result  =  move_uploaded_file($temp_name, $file_path);
    if (!chmod($file_path,0755))
     	$message = "change permission to 755 failed.";
    else
      $message = ($result)?"$file_name uploaded successfully." :
       	      "Somthing is wrong with uploading a file, please contact us via our Contact Us page.";

    return $message;
}

?>
<style type="text/css">
<!--
body,td,th {
	color: #000000;
}
body {
	background-image: url(images/left.gif);
}
.style1 {
	font-family: Tahoma;
	color: #707070;
	font-size: 12px;
}
-->
</style><center class="style1">
  <p>&nbsp;</p>
  <form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
     Upload File <input type="file" id="userfile" name="userfile">
     <input type="submit" name="upload" value="Upload">
  </form>
   
   <p><?=$_REQUEST[message]?>
  </p>
   </center>

Posted: Sun Nov 13, 2005 1:17 pm
by twigletmac
That's a bit odd - does the same thing happen if you just run the code below in its own file?

Code: Select all

mail('spencerhill@hookmedia.biz', "A client has uploaded a file to your server!", "This is an automatic notification that someone has uploaded a file to your server. Thank you for choosing Hook Media http://www.HookMedia.biz", "From: Your Website");
Mac