PHP woes...

Are you computarded and need some help?
Post Reply
User avatar
Nessus
Moderator
Moderator
Posts: 185
Joined: 26-03-04, 11:48 am

PHP woes...

Post by Nessus »

Hi all, hope all is well with each of you. I'm adding an image upload and comment thing to a website i'm creating and i need some help with the php side of things, i've been looking around for help, but it all seems like not what i want.

I have this image upload script that i got from a web site (here) and i have created a script to deal with the verification of variables:

Code: Select all

  $fname = ($_POST['fname']);
	$email = ($_POST['email']);
	$comment = ($_POST['comment']);
  
  function check_form_text($email) {

  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    return false;
  }
  $email_array = explode("@", $email);
  $local_array = explode(".", $email_array[0]);
  for ($i = 0; $i < sizeof($local_array); $i++) {
     if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
      return false;
    }
  }  
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { 
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
        return false; 
    }
    for ($i = 0; $i < sizeof($domain_array); $i++) {
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
       return false;
      }
    }
  }
  return true;
}
this called in the HTML with:

Code: Select all

<html>
<head><title>test page</title
</head>

<body>
	<form action="submit3.php" method="post" enctype="multipart/form-data">
	
	<p><h4>File*</h4><input type="file" name="single" size="27px" /></p>
	<h5>*max filesize 1mb</h5>
	<h5>*only image files accepted (.gif .jpg etc.)</h5>
	
	<p><h4>Name*</h4><input type="text" name="fname" /></p>
	<p><h4>Email*</h4><input type="text" name="email" /></p>
	<p><h4>Comment*</h4><textarea rows="2" cols="20" name="comment"></textarea></p>
	<h5>*all fields are required</h5>
	<p>
		<input type="hidden" name="form_submitted" value="true" />
		<input type="submit" value="Submit" />
	</p>

	</form>
<?PHP

if (isset($_REQUEST['form_submitted'])) {
	require("email.class.php");
	
		if (check_form_text()) {
		echo '<p style="color:green">';
		echo 'success!';
		echo '</p>';
	} else {
		echo '<p style="color:red">';
		echo 'Failure';
		echo '</p>';
	}

	
}
?>
</body>
</html>
I also have:

Code: Select all

if (empty($fname) && empty($comment)){
			return FALSE;
		}
to check for empty name and comment fields.

How can i comine all of them so that they all work together so that if any part fails it display an appropriate message and the rest of the script also fails, ie no file is uploaded? Also if it verifies i want it to do the following:

Code: Select all

		$textfile = ($a_variable_eventually . '.txt');
		$fh = fopen($textfile, 'w');
	
		$stringData = "Name: $fname \r";
		fwrite($fh, $stringData);
	
		$stringData = "Email: $email \r";
		fwrite($fh, $stringData);
	
		$stringData = "--------------------------------------------------------- \r";
		fwrite($fh, $stringData);
	
		$stringData = "$comment \r";
		fwrite($fh, $stringData);
	
		$stringData = "--------------------------------------------------------- \r";
		fwrite($fh, $stringData);
	
		fclose($fh);
Thankies
[url=http://www.last.fm/user/nessus/][img]http://nessus.smamhosting.com/np/nowplaying.png[/img][/url]

[url=http://www.aaronjdesign.com/]hire me[/url] | [url=http://www.flickr.com/photos/blueface/][b][color=#0063DC]flick[/color][color=#FF0084]r[/color][/b][/url]
User avatar
v0id
Administrator
Administrator
Posts: 1982
Joined: 11-08-03, 2:33 am

Post by v0id »

That's one fuckin' huge script for a simple uploader :o

Try this, which only allows certain file types, of a certain size

NB: Might need tweaking, as it IS 1:30AM, and I just whipped it up without testing it

Code: Select all

<form enctype="multipart/form-data" action="image_upload.php" method="post">
Upload File: <input type="file" name="userfile">
<input type="submit" value="Upload">
</form>

<?php

$path = "";
$max_size = 100000;

if (!isset($HTTP_POST_FILES['userfile'])) exit;

if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {

if ($HTTP_POST_FILES['userfile']['size']>$max_size) { echo "The file is too big<br>\n"; exit; }
if (($HTTP_POST_FILES['userfile']['type']=="image/gif") || ($HTTP_POST_FILES['userfile']['type']=="image/pjpeg") || ($HTTP_POST_FILES['userfile']['type']=="image/jpeg")) {

if (file_exists($path . $HTTP_POST_FILES['userfile']['name'])) { echo "The file already exists<br>\n"; exit; }

$res = copy($HTTP_POST_FILES['userfile']['tmp_name'], $path .
$HTTP_POST_FILES['userfile']['name']);
if (!$res) { echo "upload failed!<br>\n"; exit; } else { echo "upload sucessful<br>\n"; }

echo "File Name: ".$HTTP_POST_FILES['userfile']['name']."<br>\n";
echo "File Size: ".$HTTP_POST_FILES['userfile']['size']." bytes<br>\n";
echo "File Type: ".$HTTP_POST_FILES['userfile']['type']."<br>\n";
} else { echo "Wrong file type<br>\n"; exit; }

}

?>
*burp :kickcan:
User avatar
Nessus
Moderator
Moderator
Posts: 185
Joined: 26-03-04, 11:48 am

Post by Nessus »

cool, i knew there had to be a way to do it a lot simpler! Thanks v0id.

Edited code:

Code: Select all

<?php

$path = "uploads/";
$max_size = 1000000;

if (!isset($HTTP_POST_FILES['userfile'])) exit;

if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {

if ($HTTP_POST_FILES['userfile']['size']>$max_size) { echo '<h3 style="color:red">Failed: The file is too big</h3>'; exit; }
if (($HTTP_POST_FILES['userfile']['type']=="image/gif") || ($HTTP_POST_FILES['userfile']['type']=="image/png") || ($HTTP_POST_FILES['userfile']['type']=="image/jpeg")) {

if (file_exists($path . $HTTP_POST_FILES['userfile']['name'])) { echo '<h3 style="color:red">Failed: The file already exists</h3>'; exit; }

$res = copy($HTTP_POST_FILES['userfile']['tmp_name'], $path .
$HTTP_POST_FILES['userfile']['name']);
if (!$res) { echo '<h3 style="color:red">Failed: No file uploaded</h3>'; exit; } else { echo '<h3 style="color:green">Sucess! You\'ll be hearing from us soon</h3>'; }

echo '<p style="color:green">';
echo "File Name: ".$HTTP_POST_FILES['userfile']['name']."<br/>\n";
echo "File Size: ".$HTTP_POST_FILES['userfile']['size']." bytes<br/>\n";
echo "File Type: ".$HTTP_POST_FILES['userfile']['type']."<br/>\n";
echo '</p>';
} else { echo '<h3 style="color:red">Failed: Wrong file type</h3>'; exit; }

}

?>
Just need to know how to integrate it with:

Code: Select all

<?PHP

	$fname = ($_POST['fname']);
	$email = ($_POST['email']);
	$comment = ($_POST['comment']);
	$date = time();

if (isset($_REQUEST['form_submitted'])) {
	
  function check_form_text() {
	$fname = ($_POST['fname']);
	$email = ($_POST['email']);
	$comment = ($_POST['comment']);
	$date = time();

  //empty name / comment
  if (empty($fname) || empty($comment)){
	echo "empty name and comment";
	return FALSE;
	}

  //valid and regular email
  if (!eregi("^[a-z0-9~!#$%&_-]([.]?[a-z0-9~!#$%&_-]+)*@[a-z0-9~!#$%&_-]+([.]?[a-z0-9~!#$%&_-]+)*(\.[a-z]{2,6})$", $email)){
	echo "Invalid email";
	return FALSE;
	}
	else {
	echo "passed";
	return true;
	}
}	

	if (check_form_text()) {
		echo '<p style="color:green">';
		echo 'success!';
		echo '</p>';

		//write the text file
		$textfile = ($date . '.txt');
		$fh = fopen($textfile, 'w');
	
		$stringData = "Name: $fname \r";
		fwrite($fh, $stringData);
	
		$stringData = "Email: $email \r";
		fwrite($fh, $stringData);
	
		$stringData = "--------------------------------------------------------- \r";
		fwrite($fh, $stringData);
	
		$stringData = "$comment \r";
		fwrite($fh, $stringData);
	
		$stringData = "--------------------------------------------------------- \r";
		fwrite($fh, $stringData);
	
		fclose($fh);
	}

		else {
		 echo '<p style="color:red">';
		 echo 'Failure';
		 echo '</p>';
		 return FALSE;
		}
  }

?>
So that if they both validate, the file is uploaded and the text file is written.

Also:
anyway to rename the file if it already exists, rather than reject it?
use the filename of the uploaded file in place of the $date variable? (should be easy if they're both in the same <?php ?> right? :/)
may be adding captcha in the not too distant future.
what would be really cool is for all this to happen and for the php to create a nice html email with all the text info in it, and the image attached... 8)
[url=http://www.last.fm/user/nessus/][img]http://nessus.smamhosting.com/np/nowplaying.png[/img][/url]

[url=http://www.aaronjdesign.com/]hire me[/url] | [url=http://www.flickr.com/photos/blueface/][b][color=#0063DC]flick[/color][color=#FF0084]r[/color][/b][/url]
Post Reply