PHP contact form with upload

Nulty · 15-04-2010 8:52pm #1

I'm building a contact form with upload. I'm trying to get the upload as an option behind a radio button. Unfortunately I can't wrap my brain around coding it. I'm pretty green on writing code but I understand it. Can anyone suggest a snippet?

I've put it in english so here it is:

If radio1 is checked, disable and clear input2 and add input1 to required
else disable and clear input1 and run upload script.

I put the upload code in the if $mailsent statement so is won't be excecuted unless the mail has been sent.

My problems are

The radio button coding
the page opens a new page when its submitted and shows a blank page while the upload is processing. I want to make this stay on the original page and have a "processing feedback" widget - if you know what I mean

Heres the address of the form http://www.fingerstyle-ireland.com/contact_media.php EDITED URL!

[PHP]<?php
if (array_key_exists('send', $_POST)) {

//mail processing script
// remove escape characters from POST array
if (PHP_VERSION < 6 && get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
}
$to = 'webmaster@fingerstyle-ireland.com';

//list expected fields
$expected = array('mediatype', 'title', 'author', 'artist', 'RadioGroup1', 'upload', 'firstname', 'lastname', 'country', 'email', 'homepage', 'comments');
//set required fields
$required = array('mediatype', 'title', 'author', 'artist', 'RadioGroup1', 'firstname', 'lastname', 'country', 'email', 'comments');
// assume that there is nothing suspect
$suspect = false;
// create pattern to locate suspect phrases
$pattern = '/Content-Type:|Bcc:|Cc:/i';

// function to check for suspect phrases
function isSuspect($val, $pattern, &$suspect) {
// if the variable is an array, loop through each element
// and pass it recursively back to the same function
if (is_array($val)) {
foreach ($val as $item) {
isSuspect($item, $pattern, $suspect);
}
}
else {
// if one of the suspect phrases is found, set Boolean to true
if (preg_match($pattern, $val)) {
$suspect = true;
}
}
}
// check the $_POST array and any subarrays for suspect content
isSuspect($_POST, $pattern, $suspect);
//create empty array for missing fields
$missing = array();

if ($suspect) {
$mailSent = false;
unset($missing);
} else {

// process the $_POST variables
foreach ($_POST as $key => $value) {
// assign to temporary variable and strip out whitespace if not an array
$temp = is_array($value) ? $value : trim($value);
// if empty and required, add to $missing array
if (empty($temp) && in_array($key, $required)) {
array_push($missing, $key);
} elseif (in_array($key, $expected)) {
// otherwise, assign to a variable of the same name as $key
${$key} = $temp;
}
}
}
//validate the email address
if (!empty($email)) {

// regex to identify illegal characters in email address
$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
// reject the email address if it doesn't match
if (!preg_match($checkEmail, $email)) {
$suspect = true;
$mailSent = false;
unset($missing);
}
}
//go ahead only if not suspect and all required fields OK
if( !$suspect && empty($missing)) {

//build the message
$message = "Name: \r\n $firstname $lastname\r\n\r\n";
$message .= "Email: \r\n $email\r\n\r\n";
$message .= "Country: \r\n $country\r\n\r\n";
$message .= "My Home Page: \r\n $homepage\r\n\r\n\r\n\r\n";
$message .= "Media Type: \r\n $mediatype\r\n\r\n";
$message .= "Title: \r\n $title\r\n\r\n";
$message .= "Author: \r\n $author\r\n\r\n";
$message .= "Artist: \r\n $artist\r\n\r\n";
$message .= "File Location: \r\n $filelocation\r\n\r\n";
$message .= "Comments: \r\n $comments";

//Limit line length to 70 cahracters
$message = wordwrap($message, 70);

$subject = "$mediatype Feedback from Fingerstyle-Ireland.com";

$headers = "From: $email /r/n ";
$headers .= 'Content-Type: text/plain; charset=utf-8';

//send it
$mailSent = mail($to, $subject, $message, $headers);
if ($mailSent && in_array('upload', $_POST)) {
//$missing is no longer needed if the email is sent, so unset it
unset($missing);
// The upload part of the script
//Define a constant for the maximum upload size
define ('MAX_FILE_SIZE', 3145728);

//define constant for upload folder
define('UPLOAD_DIR', 'D:/hshome/nulty16/fingerstyle-ireland.com/uploads/');
//replace any spaces in origial filename with underscores
//at the same tim, assign to a simpler variable
$file = str_replace(' ', '_', $_FILES);
//convert the maximum size to KB
$max = number_format(MAX_FILE_SIZE/1024, 1).'KB';
//begin by assuming the file is unacceptable
$sizeOK = false;

//check that file is within the permitted size
if ($_FILES > 0 && $_FILES <= MAX_FILE_SIZE) {
$sizeOK = true;
}
if ($sizeOK) {
switch($_FILES) {
case 0:

// move the file to the upload folder and rename it
$success = move_uploaded_file($_FILES, UPLOAD_DIR.$file);
if ($success) {
$result = "$file upload successfully";
}
else {
$result = "Error uploading $file. Please try again.";
}
break;
case 3:
$result = "Error uploading $file. Please try again.";
default:
$result = "System error uploading $file. Contact webmaster.";
}
}
elseif ($_FILES == 4) {
$result = 'No file selected';
}
else {
$result = "$file cannot be uploaded. Maximum size: $max.";
}
}
}
}
?>[/PHP]

and the html

[HTML]
<form action="<?php echo $_SERVER; ?>" enctype="multipart/form-data" method="post" name="form2" target="_blank" id="form2">
<table border="1" cellpadding="2" style="background-color:#CdC">
<tr>
<td><table width="600" border="0" cellpadding="2">
<tr>
<td colspan="3" align="center" nowrap="nowrap"><span style="font-size: 22px;">Submit Media</span></td>
</tr>
<tr>
<td width="120" align="right" nowrap="nowrap"> </td>
<td align="right" nowrap="nowrap"> </td>
<td width="397" align="right">* = Required Field</td>
</tr>
<tr>
<td align="right" nowrap="nowrap">Media type *</td>
<td align="right" nowrap="nowrap"> </td>
<td><label>
<select name="mediatype" id="mediatype">
<option value="0" selected="selected">Choose..</option>
<option value="Article">Article</option>
<option value="Audio">Audio</option>
<option value="Tabs">Tabs</option>
<option value="Video">Video</option>
</select>
</label><?php if (isset($missing) && in_array('mediatype', $missing)) { ?> <span class="warning">Please choose a Media Type</span><?php } ?></td>
</tr>
<tr>
<td align="right" nowrap="nowrap">Title *</td>
<td align="right" nowrap="nowrap"> </td>
<td><label>
<input name="title" type="text" id="title" size="30" maxlength="20" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST, ENT_COMPAT, 'UTF-8').'"';
} ?>/>
</label><?php if (isset($missing) && in_array('title', $missing)) { ?> <span class="warning">Please choose a Title</span><?php } ?></td>
</tr>
<tr>
<td align="right" nowrap="nowrap">Author *</td>
<td align="right" nowrap="nowrap"> </td>
<td><input name="author" type="text" id="author" size="30" maxlength="20" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST, ENT_COMPAT, 'UTF-8').'"';
} ?>/><?php if (isset($missing) && in_array('author', $missing)) { ?> <span class="warning">Please specify an Author</span><?php } ?></td>
</tr>
<tr>
<td align="right" nowrap="nowrap">Artist *</td>
<td align="right" nowrap="nowrap"> </td>
<td><label>
<input name="artist" type="text" id="artist" size="30" maxlength="20" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST, ENT_COMPAT, 'UTF-8').'"';
} ?>/>
</label><?php if (isset($missing) && in_array('artist', $missing)) { ?> <span class="warning">Please specify a performer</span><?php } ?></td>
</tr>
<tr>
<td height="84" align="right" nowrap="nowrap" style="line-height: 1.2em;">File Location*<br />
<span style="font-size: 10px;">(Links or Upload)</span></td>
<td align="right" nowrap="nowrap" style="line-height: 1.2em;"><p>
<label>
<input name="RadioGroup1" type="radio" id="RadioGroup1_0" value="link" checked="checked" />
</label>
<br />
<label>
<input name="RadioGroup1" type="radio" id="RadioGroup1_1" value="upload" />
</label>
<br />
</p></td>
<td><label>
<input name="link" type="text" id="link" size="30" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST, ENT_COMPAT, 'UTF-8').'"';
} ?>/>
</label>
<?php if (isset($missing) && in_array('filelocation', $missing)) { ?> <span class="warning">Please specify a source of File</span><?php } ?><br />
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
<input name="upload" type="file" id="upload" size="30" />
</label></td>
</tr>
<tr>
<td align="right" nowrap="nowrap"> </td>
<td align="right" nowrap="nowrap"> </td>
<td> </td>
</tr>
<tr>
<td align="right" nowrap="nowrap">First Name *</td>
<td align="right" nowrap="nowrap"> </td>
<td><input name="firstname" type="text" id="firstname" size="30" maxlength="10" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST, ENT_COMPAT, 'UTF-8').'"';
} ?>/> <?php if (isset($missing) && in_array('firstname', $missing)) { ?> <span class="warning">Please enter your name</span><?php } ?></td>
</tr>
<tr>
<td align="right" nowrap="nowrap">Last Name *</td>
<td align="right" nowrap="nowrap"> </td>
<td><input name="lastname" type="text" id="lastname" size="30" maxlength="15" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST, ENT_COMPAT, 'UTF-8').'"';
} ?>/> <?php if (isset($missing) && in_array('lastname', $missing)) { ?> <span class="warning">Please enter your name</span><?php } ?></td>
</tr>
<tr>
<td align="right" nowrap="nowrap">Country *</td>
<td align="right" nowrap="nowrap"> </td>
<td><?php if (isset($missing) && in_array('country', $missing)) { ?> <span class="warning">Please choose you location</span> <?php } ?><select name="country" id="country">
<option value="0" selected="selected">Select a Country...</option>
<option value="Ireland">Ireland</option>
<option value="0">...</option>
<option value="United States">United States</option>
</select></td>
</tr>
<tr>
<td align="right" nowrap="nowrap">E-mail *</td>
<td align="right" nowrap="nowrap"> </td>
<td><input name="email" type="text" id="email" size="30"
<?php if (isset($missing)) { echo 'value="'.htmlentities($_POST, ENT_COMPAT, 'UTF-8').'"';
} ?>
/> <?php if (isset($missing) && in_array('email', $missing)) { ?> <span class="warning">Please enter your email</span><?php } ?> </td>
</tr>
<tr>
<td align="right" nowrap="nowrap">Home Page</td>
<td align="right" nowrap="nowrap"> </td>
<td><input name="homepage" type="text" id="homepage" size="30" /></td>
</tr>
<tr>
<td align="right" nowrap="nowrap">Comment *</td>
<td height="120" align="right" nowrap="nowrap"> </td>
<td><?php if (isset($missing) && in_array('comments', $missing)) { ?> <span class="warning">You forgot to leave a message!</span><?php } ?><textarea name="comments" id="comments" cols="60" rows="5" ><?php if (isset($missing)) { echo htmlentities($_POST, ENT_COMPAT, 'UTF-8');
} ?></textarea></td>
</tr>
<tr>
<td align="right" nowrap="nowrap"> </td>
<td align="right" nowrap="nowrap"> </td>
<td align="right"> </td>
</tr>
<tr>
<td nowrap="nowrap"> </td>
<td nowrap="nowrap"><input type="reset" /></td>
<td align="left"><input type="submit" name="send" id="send" value="Submit" /></td>
</tr>
</table></td>
</tr>
</table>
</form>
[/HTML]

Nulty · 16-04-2010 4:35pm

Ok I stupidly didn't notice that there was a target _Blank in the form tag. I didn't put it there so it must have got there by recreating the form at some stage.

I would still like some suggestion on the radio button coding if anyone has any ideas.

Thanks

RobertFoster · 16-04-2010 5:09pm

I'm a little confused as to what the problem is. Would something like this help?

[php]//set required fields
$required = array('mediatype', 'title', 'author', 'artist', 'RadioGroup1', 'firstname', 'lastname', 'country', 'email', 'comments');

// add the required field to the array based on which radio button is selected
if($_POST["RadioGroup1"]=="link"){
$required[] = 'link';
}else{
$required[] = 'upload';
}[/php]

Nulty · 16-04-2010 7:27pm

That looks like part of what I need. I've got such a headache looking at this. Is that like an array_push() function? I think maybe javascript would be better for this. I want the choice of radio to disable one of the fields. That would have to be client side.

I'm all over the place here! I'm also trying to get the upload only to process if none of the fields are missing. As it stands, the upload goes to the temp folder (basically uploads) and then checks the $missing. I only want the upload to begin if the $missing is empty. Does $_FILES process before $_POST?

I'm coming to the conclusion that when 'send' is added to $_POST, the upload has to process, then the whole lot is checked server side and then when $missing is found not to be empty, the upload is trashed and the feedback is sent back to the browser. It's unavoidable unless the upload is in a seperate form from the email.

Reckon thats right?

Nulty · 16-04-2010 10:50pm

I resolved the radio button fiasco with javascript:

[HTML] <input name="RadioGroup1" type="radio" id="RadioGroup1_0" value="link" onclick="javascript:document.form1.link.disabled=false; javascript:document.form1.upload.disabled=true"/>
</label>
<br />
<label>
<input type="radio" name="RadioGroup1" value="upload" id="RadioGroup1_1" onclick="javascript:document.form1.link.disabled=true; javascript:document.form1.upload.disabled=false"/>

<input name="link" type="text" id="link" size="30" disabled="disabled" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST, ENT_COMPAT, 'UTF-8').'"';
} ?>/>
</label>
<?php if (isset($missing) && in_array('link', $missing)) { ?> <span class="warning">Please specify a source of File</span><?php } ?><br />
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
<input name="upload" type="file" id="upload" size="30" disabled="disabled" /><?php if(isset($result)) { echo "<p><strong>$result</strong></p>"; } ?>[/HTML]

I made both fields disabled and then used the radio buttons to toggle the disabled attribute.

Radio1 checked = input1 enabled; input2 disabled
Radio2 checked = input1 disabled; input2 enabled

RobertFoster · 16-04-2010 11:27pm

Yeah, $array[]=etc.; does the same thing. It's recommended over array_push when you're only adding one element to reduce overhead.

As for the file upload, since the validation is done server side, the form will upload the file to temp before it'll validate. You can get around this is a couple of ways. Either validate the form on the client side (with JavaScript), or make the form a two parter. You could validate the other fields, and if everything's in order, present the browser with the upload form.

Nulty · 17-04-2010 12:43am

RobertFoster wrote: »

Yeah, $array[]=etc.; does the same thing. It's recommended over array_push when you're only adding one element to reduce overhead.

As for the file upload, since the validation is done server side, the form will upload the file to temp before it'll validate. You can get around this is a couple of ways. Either validate the form on the client side (with JavaScript), or make the form a two parter. You could validate the other fields, and if everything's in order, present the browser with the upload form.

This is the kind of thing that makes a programmer huh? Excellent thinking.
I think that would be too essy if I'm using the radio buttons. Screw people who don't have javascript enabled:D
Thanks for you help RobertFoster.

If someone clicks the upload input and selects a file, they cant unselect (or reset it independently) if they change their mind because its a read-only field. With the radio-disable feature, if the user fills the upload input but changes their mind, the field is ignored by the server even if it has a file assigned for upload.

No pain no gain!