File size validation in email form
Posted: Tue Aug 28, 2007 8:00 am
feyd | Please use
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
This is driving me up the wall...!
I have a form that is filled in for a job application and validates the fields before emailing the details plus an uploaded CV. The form also sends a confirmation email to the sender.
The problem i have is the checking of the file size.
The filesize should be limited to 200kb.
Firstly php.ini is set to 8mb default (which i don't have control over), so if someone uploads a file bigger than that i get a php POST CONTENT warning. I'd like to have my system stop this and error in the form before php.ini gets involved.
Secondly if the size is lower than 8mb but over 200kb it clears the cv directory path and displays the error message that says there is nothing in the upload field instead of the filesize error.
Please help as this is killing me now!
P.S. i've taken the inappropriate content out and the CSSCode: Select all
<?php
//define the error messages for invalid data
define("errorName","INVALID NAME! minimum of 2 characters long");
define("errorAdd","INVALID ADDRESS! minimum of 5 characters long");
define("errorCity","INVALID CITY! Please enter a valid city name");
define("errorPost","INVALID POSTCODE!");
//define("errorGender","SELECT! please select your gender");
define("errorEmail","INVALID EMAIL! Please enter a valid email address!");
define("errorCV","Please enter a CV to upload!");
define("errorfile","NO CV! Please enter a path to upload your CV");
define("errorFormat","INVALID FILE FORMAT! Please upload zip, pdf, txt or doc file");
define("errorSizemes","INVALID FILE SIZE! Please upload a file smaller than 200kb");
ini_set("sendmail_from", " job-application@test.com ");
ini_set('display_errors', 0);
$max_file_size="200";
function createForm($sName="",$fName="",$address1="",$address2="",$city="",$county="",$pCode="",$telephone="",$mobile="",$email="",$fileatt="")
{
?>
<form name='contact' method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>' enctype='multipart/form-data'>
<fieldset>
<div id="formtext">
<label for="sName">Surname *</label><br />
<label for="fName" class="fields">Forename *</label><br />
<label for="address1">Address *</label><br />
<label for="address2"></label><br />
<label for="city">City/Town *</label><br />
<label for="county">County</label><br />
<label for="pCode">Post Code *</label><br />
<label for="telephone">Home Telephone</label><br />
<label for="mobile">Mobile</label><br />
<label for="email">Email Address *</label>
<br />
<label for="fileatt">Upload CV *</label>
</div><!--close formtext-->
<div id="formfields">
<input name="sName" type="text" id="sName" class="fields" value="<?php echo $sName; ?>" tabindex="1" size="35"/><br />
<input type="text" id="fName" name="fName" value="<?php echo $fName; ?>" tabindex="2" /><br />
<input name="address1" type="text" value="<?php echo $address1; ?>" id="address1" class="fields" tabindex="3" size="35" maxlength="15" /><br />
<input name="address2" type="text" id="address2" class="fields" value="<?php echo $address2; ?>" size="35" tabindex="4" maxlength="50" /><br />
<input name="city" type="text" tabindex="5" class="fields" id="city" value="<?php echo $city; ?>" size="35" maxlength="50"/><br />
<input name="county" type="text" class="fields" id="county" tabindex="6" value="<?php echo $county; ?>" size="35" maxlength="50" /><br />
<input name="pCode" type="text" class="fields" id="pCode" tabindex="7" value="<?php echo $pCode; ?>" size="15" maxlength="10" />
<br />
<input name="telephone" type="text" class="fields" id="telephone" tabindex="8" value="<?php echo $telephone; ?>" size="25" maxlength="20" /><br />
<input name="mobile" type="text" class="fields" id="mobile" tabindex="9" value="<?php echo $mobile; ?>" size="25" maxlength="20" /><br />
<input name="email" type="text" class="fields" id="email" tabindex="10" value="<?php echo $email; ?>" size="35" maxlength="50" /><br />
<input type="hidden" name="MAX_FILE_SIZE" value="200000">
<input name="fileatt" type="file" class="fields" id="fileatt" value="<?php echo $fileatt; ?>" tabindex="11" size="35" max length="100"/><br />
<p class="style2">File size cannot exceed 200kb. Accepted formats (.doc / .pdf / .txt / .zip)</p>
<input type="submit" name="submit" class="submitbutton" value="submit" />
</div><!--close formfields-->
</fieldset>
</form>
<?php
}
// This function validates an email address
function isValidEmail($email){
$pattern = "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$";
if (eregi($pattern, $email)){
return true;
}
else {
return false;
}
}
// Check file type
function isCorrectFormat($fileatt_name){
$pattern = "^.+\.(pdf|txt|doc|zip)";
if (eregi($pattern, $fileatt_name)){
return true;
}
else{
return false;
}
}
// Redirects to another Page using HTTP-META Tag
function redirect( $url, $delay = 0, $message = "" )
{
/* redirects to a new URL using meta tags */
echo "<meta http-equiv='Refresh' content='".$delay."; url=".$url."'>";
die;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<?php
if (!isset($_POST['submit'])) {
createForm();
} else {
$sName = isset($_POST['sName']) ? $_POST['sName'] : "";
$fName = isset($_POST['fName']) ? $_POST['fName'] : "";
$address1 = isset($_POST['address1']) ? $_POST['address1'] : "";
$address2 = isset($_POST['address2']) ? $_POST['address2'] : "";
$city = isset($_POST['city']) ? $_POST['city'] : "";
$county = isset($_POST['county']) ? $_POST['county'] : "";
$pCode = isset($_POST['pCode']) ? $_POST['pCode'] : "";
$telephone = isset($_POST['telephone']) ? $_POST['telephone'] : "";
$mobile = isset($_POST['mobile']) ? $_POST['mobile'] : "";
$email = isset($_POST['email']) ? $_POST['email'] : "";
//file upload
$fileatt = $_FILES['fileatt']['tmp_name'];
$fileatt_type = $_FILES['fileatt']['type'];
$fileatt_name = $_FILES['fileatt']['name'];
$filebytes = $_FILES['fileatt']['size'];
$max_bytes = $max_file_size*1024;
//$filebytes = filesize($fileatt);
//system information
$ip = getenv("REMOTE_ADDR");
$httpref = getenv ("HTTP_REFERER");
$httpagent = getenv ("HTTP_USER_AGENT");
//error definition
$error = false;
$errorsName = '';
$errorfName = '';
$erroraddress = '';
$errorcity = '';
$errorpCode = '';
$errortelephone = '';
$errormobile = '';
$erroremail = '';
$errorfileatt = '';
$errorformat = '';
$errorSize = '';
//error validation
if (strlen($sName)<2) {
$error = true;
$errorsName = errorName;
}
if (strlen($fName)<2) {
$error = true;
$errorfName = errorName;
}
if (strlen($address1)<5) {
$error = true;
$erroraddress = errorAdd;
}
if (strlen($city)<2) {
$error = true;
$errorcity = errorCity;
}
if (!isValidEmail($email)) {
$error = true;
$erroremail = errorEmail;
}
if (strlen($pCode)<5) {
$error = true;
$errorpCode = errorPost;
}
if (strlen($fileatt)<5) {
$error = true;
$errorfileatt = errorfile;
}
Elseif(!isCorrectFormat($fileatt_name)) {
$error = true;
$errorformat = errorFormat;
}
Elseif ($filebytes > $max_bytes){
$error = true;
$errorSize = errorSizemes;
}
if ($error){
?>
<?php
if ($errorsName == errorName){
echo "<li> $errorsName </li>";
}
if ($errorfName == errorName){
echo "<li> $errorfName </li>";
}
if ($erroraddress == errorAdd){
echo "<li> $erroraddress </li>";
}
if ($errorcity == errorCity){
echo "<li> $errorcity </li>";
}
if ($erroremail == errorEmail){
echo "<li> $erroremail </li>";
}
if ($errorpCode == errorPost){
echo "<li> $errorpCode </li>";
}
if ($errorfileatt == errorfile){
echo "<li> $errorfileatt </li>";
}
if ($errorformat == errorFormat){
echo "<li> $errorformat </li>";
}
if ($errorSize == errorSizemes){
echo "<li> $errorSize </li>";
}
?>
</ul>
<?php
createForm($sName,$fName,$address1,$address2,$city,$county,$pCode,$telephone,$mobile,$email,$fileatt);
}
else {
$todayis = date("l, F j, Y, g:i a") ;
$subject = "Job Application";
$sName = stripslashes($sName);
$fName = stripslashes($fName);
$address1 = stripslashes($address1);
$address2 = stripslashes($address2);
$city = stripslashes($city);
$county = stripslashes($county);
$pCode = stripslashes($pCode);
$telephone = stripslashes($telephone);
$mobile = stripslashes($mobile);
$email = stripslashes($email);
//$headers = "From: $from";
if (is_uploaded_file($fileatt)) {
// Read the file to be attached ('rb' = read binary)
$file = fopen($fileatt,'rb');
$data = fread($file,filesize($fileatt));
fclose($file);
// Generate a boundary string
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
// Add the headers for a file attachment
$headers .= "\nMIME-Version: 1.0\n" .
"Content-Type: multipart/mixed;\n" .
" boundary=\"{$mime_boundary}\"";
// Add a multipart boundary above the plain message
$message = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n" .
"$todayis [GMT] \n" .
"From: $fName $sName, ($email) \n\n" .
"Address: $address1 \n" .
" $address2 \n" .
" $city \n" .
" $county \n" .
" $pCode \n\n" .
"Telephone: $telephone \n" .
"Mobile: $mobile \n \n";
// Base64 encode the file data
$data = chunk_split(base64_encode($data));
// Add file attachment to the message
$message .= "--{$mime_boundary}\n" .
"Content-Type: {$fileatt_type};\n" .
" name=\"{$fileatt_name}\"\n" .
//"Content-Disposition: attachment;\n" .
//" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n" .
"--{$mime_boundary}--\n";
mail('info@test.co.uk', $subject, $message, $headers);
$confirm = "This email is a confirmation for the job application\n\n" .
"On $todayis [GMT] \n\n" .
"The details you posted where as follows: \n" .
"Name: $fName $sName \n\n" .
"Address: $address1 \n" .
" $address2 \n" .
" $city \n" .
" $county \n" .
" $pCode \n\n" .
"Telephone: $telephone \n" .
"Mobile: $mobile \n \n" .
"Email: $email \n \n" .
"CV: $fileatt_name \n \n \n" .
"filename: $filebytes \n \n" .
"PLEASE DO NOT REPLY";
mail($email, 'Job Application Confirmation - PLEASE DO NOT REPLY', $confirm);
}
?>
<p>Your message has been sent, Thank you!</p>
<br />
<p>If your not redirected back to the Contact page within 5 seconds, <a href="careers.php">click here to return to the careers page</a></p>
<?php
redirect("job-application3.php", 5);
}
}
?>
</body>
</html>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]