How can I restrict PHP form mail attachment to certain doc types?
I would like to modify this resume uploader c开发者_JAVA技巧ode I currently use to restrict the doc types of the applicant's attachment to doc, docX, rtf and PDF. I modified this from something I believe I found on SourceForge.net.
I would also like to redirect upon successful submission. Right now the page is blank upon completion. I can probably figure that out.
My PHP skills are not great, so I don't really know where to place the filetype validation code.
<?php
if ($_SERVER['REQUEST_METHOD']=="POST"){
$to="myemail@domain.com";
$subject= stripslashes($_POST['apply']);
$from = stripslashes($_POST['fromname'])."<".stripslashes($_POST['fromemail']).">";
$mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
$headers = "From: $from\r\n" .
"MIME-Version: 1.0\r\n" .
"Content-Type: multipart/mixed;\r\n" .
" boundary=\"{$mime_boundary}\"";
$message= stripslashes($_POST['msg']);
$message = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
foreach($_FILES as $userfile){
$tmp_name = $userfile['tmp_name'];
$type = $userfile['type'];
$name = $userfile['name'];
$size = $userfile['size'];
if (file_exists($tmp_name)){
if(is_uploaded_file($tmp_name)){
$file = fopen($tmp_name,'rb');
$data = fread($file,filesize($tmp_name));
fclose($file);
$data = chunk_split(base64_encode($data));
}
$message .= "--{$mime_boundary}\n" .
"Content-Type: {$type};\n" .
" name=\"{$name}\"\n" .
"Content-Disposition: attachment;\n" .
" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n";
}
}
$message.="--{$mime_boundary}--\n";
if (@mail($to, $subject, $message, $headers))
echo '<script type="text/javascript">alert("Resume Uploaded Successfully");</script>';
else
echo '<script type="text/javascript">alert("Sorry Failed to Upload Your Resume");</script>';
} else {
?>
There's also a form validator to check for empty fields that might be of use.
This is in the PHP document
var frmvalidator = new Validator("form1");
frmvalidator.addValidation("fromname","req","Please enter your name");
frmvalidator.addValidation("fromemail","req","Please enter your email");
frmvalidator.addValidation("apply","req","Please enter the position you are applying for");
frmvalidator.addValidation("file1","req","Please Upload Your resume");
If anyone suggests that I add the filetype validator in the js, I can post that code. It is long and I believe it is a commonly used file.
Server-side validation is inevitable here ....
You should validate file-type just before *if(file_exists($tmp_name))* i.e. covering up this whole if-condition.
Like :
if($userfile['type'] == in_array('filetype1','filetype2','filetype3')))
{
if(file_exists($tmp_name))
{
........
}
}
Hope it helps :)
File types can be checked by checking the MIME-type
of the file uploaded. And sadly, there hasn't been a portable solution into finding the MIME-type
of a file. You can try using the FileInfo
library:
$finfo = finfo_open(FILEINFO_MIME_TYPE);
foreach($_FILES as $userfile){
$tmp_name = $userfile['tmp_name'];
$type = $userfile['type'];
$name = $userfile['name'];
$size = $userfile['size'];
$mime_type = finfo_file($finfo, $tmp_name);
if($mime_type != "application/pdf" &&
$mime_type != "application/msword" &&
$mime_type != "application/vnd.openxmlformats-officedocument.wordprocessingml.document" &&
$mime_type != "application/rtf" &&
$mime_type != "text/rtf" &&
$mime_type != "text/richtext")
continue;
...
}
finfo_close($finfo);
Another option would be to use the $type
variable for comparison instead of the $mime_type
. But this is unreliable.
Finally, as a last resort, you just do a file extension sniffing using this:
$filename = basename($tmp_name);
$fileExt = strtolower(substr(strrchr($filename, "."), 1));
And compare $fileExt
with your desired file extensions. (doc
, docx
, rtf
, and pdf
)
精彩评论