I have a form with 3 textboxes where users upload at least 1 file and their details. Only problem I have is that when file is not uploaded to the server it still sends the email without the attachment. how can I stop that and is my validation for only photos and pdf good enough? Thanks, My current code is:
$to="myemailaddress";
$subject = "Subject of email";
// get the sender's name and email address
// we'll just plug them a variable to be used later
$from = "<".stripslashes($_POST['customer_email']).">";
// generate a random string to be used as the boundary marker
$mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
// now we'll build the message headers
$headers = "From: $from\r\n" .
"MIME-Version: 1.0\r\n" .
"Content-Type: multipart/mixed;\r\n" .
" boundary=\"{$mime_boundary}\"";
// here, we'll start the message body.
// this is the text that will be displayed
// in the e-mail
$message = "$body\n";
$message .="This is an automated email";
$message .="Clients files attached:\n\n";
// next, we'll build the invisible portion of the message body
// note that we insert two dashes in front of the MIME boundary
// when we use it
$message = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"utf-8\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
// now we'll process our uploaded files
foreach($_FILES as $userfile){
// store the file information to variables for easier access
$tmp_name = $userfile['tmp_name'];
$type = $userfile['type'];
$name = $userfile['name'];
$size = $userfile['size'];
$allowedExtensions = array("pdf","jpg","jpeg", "png");
foreach ($_FILES as $userfile) {
if ($userfile['tmp_name'] > '') {
if (!in_array(end(explode(".",
strtolower($userfile['name']))),
$allowedExtensions)) {
echo "not an accepted file type";
exit();
}
}
}
// if the upload succeded, the file will exist
if (file_exists($tmp_name)){
// check to make sure that it is an uploaded file and not a system file
if(is_uploaded_file($tmp_name)){
// open the file for a binary read
$file = fopen($tmp_name,'rb');
// read the file content into a variable
$data = fread($file,filesize($tmp_name));
// close the file
fclose($file);
// now we encode it and split it into acceptable length lines
$data = chunk_split(base64_encode($data));
}
// now we'll insert a boundary to indicate we're starting the attachment
// we have to specify the content type, file name, and disposition as
// an attachment, then add the file content.
// NOTE: we don't set another boundary to indicate that the end of the
// file has been reached here. we only want one boundary between each file
// we'll add the final one after the loop finishes.
$message .= "--{$mime_boundary}\n" .
"Content-Type: {$type};\n" .
" name=\"{$name}\"\n" .
"Content-Disposition: attachment;\n" .
" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n";
}
}
// here's our closing mime boundary that indicates the last of the message
$message.="--{$mime_boundary}--\n";
// now we just send the message
mail($to, $subject, $message, $headers);
echo "mail sent";
}
By validating that there is at least one uploaded file. That can be as simple as:
No. Because you're only looking at the file extension. That's not validation at all, the file name is completely arbitrary and does not necessarily have anything to do with the actual file content. You should validate a file by its MIME type, which you try to figure out with the appropriate functions. For example see How to get the content-type of a file in PHP?.