File size validation in email form

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
meddler
Forum Newbie
Posts: 1
Joined: Tue Aug 28, 2007 7:58 am

File size validation in email form

Post by meddler »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


This is driving me up the wall...!

I have a form that is filled in for a job application and validates the fields before emailing the details plus an uploaded CV. The form also sends a confirmation email to the sender.

The problem i have is the checking of the file size.

The filesize should be limited to 200kb.

Firstly php.ini is set to 8mb default (which i don't have control over), so if someone uploads a file bigger than that i get a php POST CONTENT warning. I'd like to have my system stop this and error in the form before php.ini gets involved.

Secondly if the size is lower than 8mb but over 200kb it clears the cv directory path and displays the error message that says there is nothing in the upload field instead of the filesize error.

Please help as this is killing me now!

P.S. i've taken the inappropriate content out and the CSS

Code: Select all

<?php
//define the error messages for invalid data
define("errorName","INVALID NAME! minimum of 2 characters long");
define("errorAdd","INVALID ADDRESS! minimum of 5 characters long");
define("errorCity","INVALID CITY! Please enter a valid city name");
define("errorPost","INVALID POSTCODE!");
//define("errorGender","SELECT! please select your gender");
define("errorEmail","INVALID EMAIL! Please enter a valid email address!");
define("errorCV","Please enter a CV to upload!");
define("errorfile","NO CV! Please enter a path to upload your CV");
define("errorFormat","INVALID FILE FORMAT! Please upload zip, pdf, txt or doc file");
define("errorSizemes","INVALID FILE SIZE! Please upload a file smaller than 200kb");

ini_set("sendmail_from", " job-application@test.com ");

ini_set('display_errors', 0);

$max_file_size="200";


function createForm($sName="",$fName="",$address1="",$address2="",$city="",$county="",$pCode="",$telephone="",$mobile="",$email="",$fileatt="")
{
?>

<form name='contact' method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>' enctype='multipart/form-data'>
    <fieldset>
    <div id="formtext">
    <label for="sName">Surname *</label><br />
    <label for="fName" class="fields">Forename *</label><br />
    <label for="address1">Address *</label><br />
	<label for="address2"></label><br />
    <label for="city">City/Town *</label><br />
    <label for="county">County</label><br />
    <label for="pCode">Post Code *</label><br />
    <label for="telephone">Home Telephone</label><br />
    <label for="mobile">Mobile</label><br />
    <label for="email">Email Address *</label>
    <br />
    <label for="fileatt">Upload CV *</label>
    </div><!--close formtext-->
    <div id="formfields">
    <input name="sName" type="text" id="sName" class="fields" value="<?php echo $sName; ?>" tabindex="1" size="35"/><br />
	<input type="text" id="fName" name="fName" value="<?php echo $fName; ?>" tabindex="2" /><br />
    <input name="address1" type="text" value="<?php echo $address1; ?>" id="address1" class="fields" tabindex="3" size="35" maxlength="15" /><br />
    <input name="address2" type="text" id="address2" class="fields" value="<?php echo $address2; ?>" size="35" tabindex="4" maxlength="50" /><br />
    <input name="city" type="text" tabindex="5" class="fields" id="city" value="<?php echo $city; ?>" size="35" maxlength="50"/><br />
    <input name="county" type="text" class="fields" id="county" tabindex="6" value="<?php echo $county; ?>" size="35" maxlength="50" /><br />
    <input name="pCode" type="text" class="fields" id="pCode" tabindex="7" value="<?php echo $pCode; ?>" size="15" maxlength="10" />
    <br />
    <input name="telephone" type="text" class="fields" id="telephone" tabindex="8" value="<?php echo $telephone; ?>" size="25" maxlength="20" /><br />
    <input name="mobile" type="text" class="fields" id="mobile" tabindex="9" value="<?php echo $mobile; ?>" size="25" maxlength="20" /><br />
    <input name="email" type="text" class="fields" id="email" tabindex="10" value="<?php echo $email; ?>" size="35" maxlength="50" /><br />
    <input type="hidden" name="MAX_FILE_SIZE" value="200000">
    <input name="fileatt" type="file" class="fields" id="fileatt" value="<?php echo $fileatt; ?>" tabindex="11" size="35" max length="100"/><br />
    <p class="style2">File size cannot exceed 200kb. Accepted formats (.doc / .pdf / .txt / .zip)</p>
    <input type="submit" name="submit" class="submitbutton" value="submit" />
	</div><!--close formfields-->
    </fieldset>
    
</form>
  
  <?php
}

// This function validates an email address
function isValidEmail($email){
   $pattern = "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$";
     
   if (eregi($pattern, $email)){
      return true;
   }
   else {
      return false;
   }   
}

// Check file type 
function isCorrectFormat($fileatt_name){
	$pattern = "^.+\.(pdf|txt|doc|zip)";
	
	if (eregi($pattern, $fileatt_name)){
		return true;
		}
		else{
		return false;
		}
}
	
    // Redirects to another Page using HTTP-META Tag
     function redirect( $url, $delay = 0, $message = "" )
     {
        /* redirects to a new URL using meta tags */
        echo "<meta http-equiv='Refresh' content='".$delay."; url=".$url."'>";
        die;
     }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

</head>
<body>
<?php
if (!isset($_POST['submit']))  {
    createForm();
} else  {
      $sName = isset($_POST['sName']) ? $_POST['sName'] : "";
	  $fName = isset($_POST['fName']) ? $_POST['fName'] : "";
      $address1 = isset($_POST['address1']) ? $_POST['address1'] : "";
	  $address2 = isset($_POST['address2']) ? $_POST['address2'] : "";
	  $city = isset($_POST['city']) ? $_POST['city'] : "";
      $county = isset($_POST['county']) ? $_POST['county'] : "";
	  $pCode = isset($_POST['pCode']) ? $_POST['pCode'] : "";
	  $telephone = isset($_POST['telephone']) ? $_POST['telephone'] : "";
	  $mobile = isset($_POST['mobile']) ? $_POST['mobile'] : "";
	  $email = isset($_POST['email']) ? $_POST['email'] : "";
	  
	  
	  	//file upload
	  $fileatt      = $_FILES['fileatt']['tmp_name'];
	  $fileatt_type = $_FILES['fileatt']['type'];
	  $fileatt_name = $_FILES['fileatt']['name'];
	  $filebytes =    $_FILES['fileatt']['size'];
	  $max_bytes = $max_file_size*1024;
	  //$filebytes = filesize($fileatt);
	  
	  
	  //system information	  
	  $ip = getenv("REMOTE_ADDR");
	  $httpref = getenv ("HTTP_REFERER");
	  $httpagent = getenv ("HTTP_USER_AGENT");
	  
	  //error definition
      $error  = false;
      $errorsName = '';
      $errorfName = '';
      $erroraddress = '';
	  $errorcity = '';
	  $errorpCode = '';
	  $errortelephone = '';
	  $errormobile = '';
	  $erroremail = '';
	  $errorfileatt = '';
	  $errorformat = '';
	  $errorSize = '';

      
	  //error validation
	  	
	  if (strlen($sName)<2) {
          $error = true;
          $errorsName = errorName;
      }
	  
	  if (strlen($fName)<2) {
	  	  $error = true;
		  $errorfName = errorName;
	  }
	  
	  if (strlen($address1)<5) {
	  	  $error = true;
		  $erroraddress = errorAdd;
	  }
	  
	  if (strlen($city)<2) {
	      $error = true;
		  $errorcity = errorCity;
	  }
	  
      if (!isValidEmail($email)) {
          $error = true;
          $erroremail = errorEmail;
      }
	  
      if (strlen($pCode)<5) {
	  	  $error = true;
		  $errorpCode = errorPost;
	  }	  
	  
	  if (strlen($fileatt)<5) {
          $error = true;
		  $errorfileatt = errorfile;
	  }
	  
	  Elseif(!isCorrectFormat($fileatt_name)) {
	  		$error = true;
			$errorformat = errorFormat;
		}
	  Elseif ($filebytes > $max_bytes){
	  		$error = true;
			$errorSize = errorSizemes;
		}
		
		
      if ($error){
?>
<?php 
		if ($errorsName == errorName){
		    echo "<li> $errorsName </li>";
		} 

		if ($errorfName == errorName){
		    echo "<li> $errorfName </li>";
		}
			
		if ($erroraddress == errorAdd){
		    echo "<li> $erroraddress </li>";
		}
		
		if ($errorcity == errorCity){
		    echo "<li> $errorcity </li>";
		}
		
		if ($erroremail == errorEmail){
		    echo "<li> $erroremail </li>";
		}
 
		if ($errorpCode == errorPost){
			echo "<li> $errorpCode </li>";
		}
		
		if ($errorfileatt == errorfile){
			echo "<li> $errorfileatt </li>";
		}
		
		if ($errorformat == errorFormat){
			echo "<li> $errorformat </li>";
			}
			
		if ($errorSize == errorSizemes){
		    echo "<li> $errorSize </li>";
		} 
		
?>
</ul>

<?php
         createForm($sName,$fName,$address1,$address2,$city,$county,$pCode,$telephone,$mobile,$email,$fileatt);
      }
      else {
	    $todayis = date("l, F j, Y, g:i a") ;
		$subject = "Job Application";
		$sName = stripslashes($sName);
		$fName = stripslashes($fName);
		$address1 = stripslashes($address1);
		$address2 = stripslashes($address2);
		$city = stripslashes($city);
		$county = stripslashes($county);
		$pCode = stripslashes($pCode);
		$telephone = stripslashes($telephone);
		$mobile = stripslashes($mobile);
		$email = stripslashes($email);
		
		
//$headers = "From: $from";

if (is_uploaded_file($fileatt)) {
  // Read the file to be attached ('rb' = read binary)
  $file = fopen($fileatt,'rb');
  $data = fread($file,filesize($fileatt));
  fclose($file);

  // Generate a boundary string
  $semi_rand = md5(time());
  $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
  
  // Add the headers for a file attachment
  $headers .= "\nMIME-Version: 1.0\n" .
              "Content-Type: multipart/mixed;\n" .
              " boundary=\"{$mime_boundary}\"";

  // Add a multipart boundary above the plain message
  $message = "This is a multi-part message in MIME format.\n\n" .
             "--{$mime_boundary}\n" .
             "Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
             "Content-Transfer-Encoding: 7bit\n\n" .
             $message . "\n\n" .
			 "$todayis [GMT] \n" .
			"From: $fName $sName, ($email) \n\n" .
			"Address:   $address1 \n" .
			"           $address2 \n" .
			"           $city \n" .
			"           $county \n" .
			"           $pCode \n\n" .
            "Telephone: $telephone \n" .
			"Mobile:    $mobile \n \n";

  // Base64 encode the file data
  $data = chunk_split(base64_encode($data));

  // Add file attachment to the message
  $message .= "--{$mime_boundary}\n" .
              "Content-Type: {$fileatt_type};\n" .
              " name=\"{$fileatt_name}\"\n" .
              //"Content-Disposition: attachment;\n" .
              //" filename=\"{$fileatt_name}\"\n" .
              "Content-Transfer-Encoding: base64\n\n" .
              $data . "\n\n" .
              "--{$mime_boundary}--\n";

			mail('info@test.co.uk', $subject,  $message, $headers);
			
	$confirm = "This email is a confirmation for the job application\n\n" .
			   "On $todayis [GMT] \n\n" .
			   "The details you posted where as follows: \n" .
			   "Name: $fName $sName \n\n" .
			   "Address:   $address1 \n" .
			   "           $address2 \n" .
			   "           $city \n" .
			   "           $county \n" .
			   "           $pCode \n\n" .
               "Telephone: $telephone \n" .
			   "Mobile:    $mobile \n \n" .
			   "Email:     $email \n \n" .
			   "CV:        $fileatt_name \n \n \n" .
			   "filename: $filebytes \n \n" .
			   "PLEASE DO NOT REPLY";
			   
			mail($email, 'Job Application Confirmation - PLEASE DO NOT REPLY', $confirm);  
}

?>

<p>Your message has been sent, Thank you!</p>
<br />
<p>If your not redirected back to the Contact page within 5 seconds, <a href="careers.php">click here to return to the careers page</a></p>

<?php
redirect("job-application3.php", 5);
    }
}
?>

</body>
</html>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Steve Mellor
Forum Commoner
Posts: 49
Joined: Thu Aug 02, 2007 8:18 am

Post by Steve Mellor »

Try this. Make a directory called 'upload' and run this script:

Code: Select all

if(!isset($_FILES['myFile'])){	
		echo '
			<form action="#" method="post" enctype="multipart/form-data" name="form">
				<input name="myFile" type="file">
				<input name="" type="submit">
			</form>	';
	}else{
		$size_in_kb = 200;
		$maxSize = 1024 * $size_in_kb;
		if($_FILES['myFile']['size'] <= $maxSize){
			set_time_limit(0);
			$uploadDir = "upload/"; 
			$filename = ereg_replace("[^A-Za-z0-9.]", "", $_FILES['myFile']['name']);
			$uploadFile = $uploadDir . $filename;
			if(move_uploaded_file($_FILES['myFile']['tmp_name'], $uploadFile)){
				echo 'Your file has been uploaded.';
				chmod($uploadFile, 0777);
			}else{
				echo 'There was an error moving your file.';
			}
		}else{
			echo 'File size too large';
		}
	}
I know this script works so it will narrow down whether the problem is with your server or the script.

I'm not sure that you can do anything about the PHP.ini check. There is certainly no way to do it with Javascript and PHP is a server side language so that's no good. You might be able to do something if you can set up custom error pages for the domain perhaps? Maybe send the page back to your upload page with an error string attached to throw up the right message?
Post Reply