Ignore empty file input

nigelwong · Aug 8, 2006

Hello,

If i have a file input in a form, how do i make it optional so that the php script doesnt return me an error when i upload it? (Im just using a very simple script where it gets the file and uploads to temp dir, then moves it over).

Help appreciated, Thanks!

nick-8318 · Aug 8, 2006

if ($_POST['filename'] == "")
{
echo "bad filename";
exit;
}

nigelwong · Aug 9, 2006

Thankyou, i figured a wayaround that. However i have this script now, which cannot process any of the values submitted from a form.

PHP:

<?php
    /*********************************************
    * Publish On : Jan 10th, 2004                *
    * Scripter   : Hermawan Haryanto             *
    * Version    : 1.0                           *
    * License    : GPL (General Public License)  *
    **********************************************/
    function sendmail ($from_name, $from_email, $to_name, $to_email, $subject, $text_message="", $html_message, $attachment="")
    {
        $from = "$from_name <$from_email>";
        $to   = "$to_name <$to_email>";
        $main_boundary = "----=_NextPart_".md5(rand());
        $text_boundary = "----=_NextPart_".md5(rand());
        $html_boundary = "----=_NextPart_".md5(rand());
        $headers  = "From: $from\n";
        $headers .= "Reply-To: $from\n";
        $headers .= "X-Mailer: Hermawan Haryanto (http://hermawan.com)\n";
        $headers .= "MIME-Version: 1.0\n";
        $headers .= "Content-Type: multipart/mixed;\n\tboundary=\"$main_boundary\"\n";
        $message .= "\n--$main_boundary\n";
        $message .= "Content-Type: multipart/alternative;\n\tboundary=\"$text_boundary\"\n";
        $message .= "\n--$text_boundary\n";
        $message .= "Content-Type: text/plain; charset=\"ISO-8859-1\"\n";
        $message .= "Content-Transfer-Encoding: 7bit\n\n";
        $message .= ($text_message!="")?"$text_message":"Text portion of HTML Email";
        $message .= "\n--$text_boundary\n";
        $message .= "Content-Type: multipart/related;\n\tboundary=\"$html_boundary\"\n";
        $message .= "\n--$html_boundary\n";
        $message .= "Content-Type: text/html; charset=\"ISO-8859-1\"\n";
        $message .= "Content-Transfer-Encoding: quoted-printable\n\n";
        $message .= str_replace ("=", "=3D", $html_message)."\n";
        if (isset ($attachment) && $attachment != "" && count ($attachment) >= 1)
        {
            for ($i=0; $i<count ($attachment); $i++)
            {
                $attfile = $attachment[$i];
                $file_name = basename ($attfile);
                $fp = fopen ($attfile, "r");
                $fcontent = "";
                while (!feof ($fp))
                {
                    $fcontent .= fgets ($fp, 1024);
                }
                $fcontent = chunk_split (base64_encode($fcontent));
                @fclose ($fp);
                $message .= "\n--$html_boundary\n";
                $message .= "Content-Type: application/octetstream\n";
                $message .= "Content-Transfer-Encoding: base64\n";
                $message .= "Content-Disposition: inline; filename=\"$file_name\"\n";
                $message .= "Content-ID: <$file_name>\n\n";
                $message .= $fcontent;
            }
        }
        $message .= "\n--$html_boundary--\n";
        $message .= "\n--$text_boundary--\n";
        $message .= "\n--$main_boundary--\n";
        @mail ($to, $subject, $message, $headers);
    }
    # Example
    # Sender Name
    $from_name  = $_POST['mr']." ".$_POST['givenname']." ".$_POST['familyname'];
    # Sender Email
    $from_email = $HTTP_POST_VARS['email'];
    # Recipient Name
    $to_name    = "*****";
    # Recipient Email
    $to_email   = "****";
    # Email Subject
    $subject    = "Online Form Response";
    # Text Portion
    $text_message = "This is a HTML email. Please open it in a supported HTML email client.";
    # HTML Portion
    $html_message = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
    $html_message.= "<html><head><title></title>\n";
    $html_message.= "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n";
    $html_message.= "<style type=\"text/css\">\n";
    $html_message.= "body, td {\nfont-family: Trebuchet MS;\nfont-size: 12px;\n}\n";
    $html_message.= "</style>\n";
    $html_message.= "</head>\n";
    $html_message.= "<body>\n";
    $html_message.= "<b>Client Data</b><br/>\n";
    $html_message.= "Full Name: ".$_POST['mr']." ".$_POST['givenname']." ".$_POST['familyname']."<br/>\n";
    $html_message.= "Address: ".$_POST['address1']." ".$_POST['address2']."<br/>\n";
    $html_message.= "Telephone: ".$_POST['telephone']."<br/>\n";
    $html_message.= "Email: ".$_POST['email']."<br/>\n";
	$html_message.= "Date of Birth: ".$_POST['daydob']." ".$_POST['month']." ".$_POST['year']."<br/>\n";
    $html_message.= "Marital Status: ".$_POST['maritalstatus']."<br/>\n";
    $html_message.= "Child Name: ".$_POST['childname']."<br/>\n";
    $html_message.= "Child DOB: ".$_POST['childdaydob']." ".$_POST['childmonth']." ".$_POST['childyear']."<br/>\n";
    $html_message.= "<b>Criminal Offences:</b><br/>\n";
	$html_message.= "Criminal Offences: ".$_POST['criminal']."<br/>\n";
    $html_message.= "If Yes, Details: ".$_POST['criminalyes']."<br/>\n";
    $html_message.= "<b>Health:</b><br/>\n";
    $html_message.= "Health Problems: ".$_POST['health']."<br/>\n";
    $html_message.= "If Yes, Details: ".$_POST['healthyes']."<br/>\n";
	$html_message.= "<b>Communication</b><br/>\n";
    $html_message.= "How well can they communicate in English? ".$_POST['communicate']."<br/>\n";
    $html_message.= "<b>Education</b><br/>\n";
    $html_message.= "1) Period: ".$_POST['studyday1']." ".$_POST['studymonth1']." ".$_POST['studyyear1']." to ".$_POST['studyday1end']." ".$_POST['studymonth1end']." ".$_POST['studyyear1end']."<br/>\n";
    $html_message.= "Institution Name & Location: ".$_POST['institution1']."<br/>\n";
	$html_message.= "Qualification Achieved: ".$_POST['qualification1']."<br/>\n";
	$html_message.= "Language of Instruction: ".$_POST['language1']."<br/>\n";
	$html_message.= "Main Subjects: ".$_POST['subjects1']."<br/>\n";
	$html_message.= "2) Period: ".$_POST['studyday2']." ".$_POST['studymonth2']." ".$_POST['studyyear2']." to ".$_POST['studyday2end']." ".$_POST['studymonth2end']." ".$_POST['studyyear2end']."<br/>\n";
    $html_message.= "Institution Name & Location: ".$_POST['institution2']."<br/>\n";
	$html_message.= "Qualification Achieved: ".$_POST['qualification2']."<br/>\n";
	$html_message.= "Language of Instruction: ".$_POST['language2']."<br/>\n";
	$html_message.= "Main Subjects: ".$_POST['subjects2']."<br/>\n";
	$html_message.= "3) Period: ".$_POST['studyday3']." ".$_POST['studymonth3']." ".$_POST['studyyear3']." to ".$_POST['studyday3end']." ".$_POST['studymonth3end']." ".$_POST['studyyear3end']."<br/>\n";
    $html_message.= "Institution Name & Location: ".$_POST['institution3']."<br/>\n";
	$html_message.= "Qualification Achieved: ".$_POST['qualification3']."<br/>\n";
	$html_message.= "Language of Instruction: ".$_POST['language3']."<br/>\n";
	$html_message.= "Main Subjects: ".$_POST['subjects3']."<br/>\n";
	$html_message.= "<b>Employment History</b><br/>\n";
	$html_message.= "1) Period: ".$_POST['employday1']." ".$_POST['employmonth1']." ".$_POST['employyear1']." to ".$_POST['employday1end']." ".$_POST['employmonth1end']." ".$_POST['employyear1end']."<br/>\n";
	$html_message.= "Company Name and Location: ".$_POST['companyname1']."<br/>\n";
	$html_message.= "Position: ".$_POST['position1']."<br/>\n";
	$html_message.= "Main Duties: ".$_POST['duties1']."<br/>\n";
	$html_message.= "2) Period: ".$_POST['employday2']." ".$_POST['employmonth2']." ".$_POST['employyear2']." to ".$_POST['employday2end']." ".$_POST['employmonth2end']." ".$_POST['employyear2end']."<br/>\n";
	$html_message.= "Company Name and Location: ".$_POST['companyname2']."<br/>\n";
	$html_message.= "Position: ".$_POST['position2']."<br/>\n";
	$html_message.= "Main Duties: ".$_POST['duties2']."<br/>\n";
	$html_message.= "3) Period: ".$_POST['employday3']." ".$_POST['employmonth3']." ".$_POST['employyear3']." to ".$_POST['employday3end']." ".$_POST['employmonth3end']." ".$_POST['employyear3end']."<br/>\n";
	$html_message.= "Company Name and Location: ".$_POST['companyname3']."<br/>\n";
	$html_message.= "Position: ".$_POST['position3']."<br/>\n";
	$html_message.= "Main Duties: ".$_POST['duties3']."<br/>\n";
	$html_message.= "<b>Australian Links</b><br/>\n";
	$html_message.= "Relative who is Australian Pernament Resident or Citizen: ".$_POST['resident']."<br/>\n";
	$html_message.= "Yes Details: Relative Type: ".$_POST['relative']."<br/>\n";
	$html_message.= "Relative Name: ".$_POST['relname']."<br/>\n";
	$html_message.= "Relative Address: ".$_POST['relstreet']." ".$_POST['reltown']." ".$_POST['relpost']."<br/>\n";
	$html_message.= "Date of grant of Pernament Residence: ".$_POST['relday']." ".$_POST['relmonth']." ".$_POST['relyear']."<br/>\n";
	$html_message.= "<b>Business</b><br/>\n";
	$html_message.= "Do they own a business? ".$_POST['business']."<br/>\n";
	$html_message.= "Yes Details: Name of Business: ".$_POST['businessname']."<br/>\n";
	$html_message.= "Industry: ".$_POST['industry']."<br/>\n";
	$html_message.= "If employed turnover: ".$_POST['turnover']."<br/>\n";
	$html_message.= "Is position in top 3 management: ".$_POST['position']."<br/>\n";
	$html_message.= "Are they the sole owner? If not, what is your perc. interest in the business?<br/>\n";
	$html_message.= "<table><tr><td></td><td>2001</td><td>2002</td><td>2003</td><td>2004</td><td>2005</td></tr>\n";
	$html_message.= "<tr><td>Turnover (Sales)</td><td>".$_POST['2001turnover']."</td><td>".$_POST['2002turnover']."</td><td>".$_POST['2003turnover']."</td><td>".$_POST['2004turnover']."</td><td>".$_POST['2005turnover']."</td></tr>\n";
	$html_message.= "<tr><td>Net Value of Business</td><td>".$_POST['2001netbusiness']."</td><td>".$_POST['2002netbusiness']."</td><td>".$_POST['2003netbusiness']."</td><td>".$_POST['2004netbusiness']."</td><td>".$_POST['2005netbusiness']."</td></tr>\n";
	$html_message.= "<tr><td>Net Value of Personal Assets</td><td>".$_POST['2001netpersonal']."</td><td>".$_POST['2002netpersonal']."</td><td>".$_POST['2003netpersonal']."</td><td>".$_POST['2004netpersonal']."</td><td>".$_POST['2005netpersonal']."</td></tr></table><br/>\n";
	$html_message.= "Plans for establishing a business in Australia: ".$_POST['plans']."<br/>\n";
	$html_message.= "<b>Resume</b><br/>\n";
	$html_message.= "If the attachment is named noresume.txt, it means they did not upload their resume.<br/>\n";
	$html_message.= "Otherwise, the resume should be attached.";
    $html_message.= "</body></html>";


    # Attachment Location
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 2000000;
                            
//Allowable file ext. names. you may add more extension names.            
$FILE_EXTS  = array('.zip','.jpg','.png','.gif','.doc','.txt'); 

//Allow file delete? no, if only allow upload only
$DELETABLE  = true;                               


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
 *     Setup variables
 ************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

/************************************************************
 *     Create Upload Directory
 ************************************************************/
if (!is_dir("files")) {
  if (!mkdir($upload_dir))
  	die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
  	die ("change permission to 755 failed.");
}

/************************************************************
 *     Process User's Request
 ************************************************************/
	//File Name Check
  //if ($_FILES['userfile'] =="") { 

//sendmail ($from_name, $from_email, $to_name, $to_email, $subject, $text_message, $html_message);
  //}
 
  if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
  
  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)==$upload_dir) {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

  $file_type = $_FILES['userfile']['type']; 
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //File Size Check
  if ( $_FILES['userfile']['size'] > $MAX_SIZE) 
     $message = "The file size is over 2MB.";
  //File Extension Check
  else if (!in_array($file_ext, $FILE_EXTS))
     $message = "noattachment.txt";
  else
     $message = do_upload($upload_dir, $upload_url);
  
  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else 
	$message = "Invalid File Specified.";

/************************************************************
 *     List Files
 ************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'>".$file."</a>";
      if ($DELETABLE)
        $filelist .= " <a href='?del=$upload_dir".urlencode($file)."' title='delete'>x</a>";
      $filelist .= "<sub><small><small><font color=grey>  ".date("d-m H:i", filemtime($upload_dir.$file))
                   ."</font></small></small></sub>";
      $filelist .="<br>";
   }
}

function do_upload($upload_dir, $upload_url) {

	global $file_name, $temp_name, $file_path;
	
	$temp_name = $_FILES['userfile']['tmp_name'];
	$file_name = $_FILES['userfile']['name']; 
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
  $file_name = str_replace("&","",$file_name);
  $file_name = str_replace(" ","",$file_name);
	$file_path = $upload_dir.$file_name;

	//File Name Check
  if ( $file_name =="") { 

  	$message = "noattachment.txt";
  	return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0777))
   	$message = "change permission to 777 failed.";
  else
    $message = ($result)?"$file_name" : "Somthing is wrong with uploading a file.";
	
	$message2 = $file_name;
	
  return $message;
  return $message2;

}
//$file_path = "http://www.aspireaustralia.com.au/test/files/$_FILES['userfile']['name']";
    $attachment = array ("http://www.aspireaustralia.com.au/test/files/".$_REQUEST[message]);
	//$attachment = array ("http://www.aspireaustralia.com.au/test/files/Sunset.jpg");
    # Execute SendMail Function
    sendmail ($from_name, $from_email, $to_name, $to_email, $subject, $text_message, $html_message, $attachment);
?>

Do you know any idea why it is not accepting any $_POST variables? (Ive tried another script where the form submits to which echo's $_POST, but that works fine =/)

Thanks!

RavenDR · Aug 9, 2006

I can give this a quick fix for 10$

Ignore empty file input

More options

nigelwong

Established Member

nick-8318

Established Member

nigelwong

Established Member

RavenDR

Established Member

Similar threads

We're social

New posts ➔

Auction activity ➔

How do you think a potential buyer first checks if your domain is for sale?

Polls of interest ➔

Hot this week ➔

Community favorite ➔

Hot this month ➔

Blog favorites

AnimatedAF.com

773.ae

OrdinalPro.xyz

Sunifier.com

Transact.cc

earfx.com

GardenContest.com

educationdepot.com

nexyus.com

therapylogs.com

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling