receive uploaded file by email - REVISED to show entire code

[Jamcan]

Can't seem to get the attached file emailed to me with the content of the form. Form information works fine but no attachment - just a link to the visitor' hard drive


Here is the script for the attached file portion in the php file: -

<?
/*

*/

$mailto = 'timmytiger32@hotmail.com' ;

$subject = "Awardee Nomination" ;

$formurl = "http://www.cast-utech.ca/awardees/nonform.html" ;
$errorurl = "http://www.cast-utech.ca/awardees/err.html" ;
$thankyouurl = "http://www.cast-utech.ca/awardees/thanks.html" ;


$name = $_POST['name'] ;
$address = $_POST['address'] ;
$city = $_POST['city'] ;
$province = $_POST['province'] ;
$postal = $_POST['postal'] ;
$email = $_POST['email'] ;
$telephone = $_POST['telephone'] ;
$start = $_POST['start'] ;
$end = $_POST['end'] ;
$job = $_POST['job'] ;
$utech = $_POST['utech'] ;
$prof = $_POST['prof'] ;
$society = $_POST['society'] ;
$cuaa = $_POST['cuaa'] ;
$community = $_POST['community'] ;
$other = $_POST['other'] ;
$comments = $_POST['comments'] ;

$nomname = $_POST['nomname'] ;
$nomadd = $_POST['nomadd'] ;
$nomcity = $_POST['nomcity'] ;
$nomprov = $_POST['nomprov'] ;
$nomcode = $_POST['nomcode'] ;
$nomemail = $_POST['nomemail'] ;
$nomtele = $_POST['nomtele'] ;

// Obtain file upload vars
$fileatt = $_FILES['fileatt']['tmp_name'];
$fileatt_type = $_FILES['fileatt']['type'];
$fileatt_name = $_FILES['fileatt']['name'];

$http_referrer = getenv( "HTTP_REFERER" );

if (is_uploaded_file($fileatt)) {
// Read the file to be attached ('rb' = read binary)
$file = fopen($fileatt,'rb');
$data = fread($file,filesize($fileatt));
fclose($file);

// Generate a boundary string
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";

// Add the headers for a file attachment
$headers .= "\nMIME-Version: 1.0\n" .
"Content-Type: multipart/mixed;\n" .
" boundary=\"{$mime_boundary}\"";

// Base64 encode the file data
$data = chunk_split(base64_encode($data));

/* Add a multipart boundary above the plain message
$message = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";

*/







if (!isset($_POST['email'])) {
header( "Location: $formurl" );
exit ;
}
if (empty($name) || empty($email) || empty($comments)) {
header( "Location: $errorurl" );
exit ;
}
if (get_magic_quotes_gpc()) {
$comments = stripslashes( $comments );
}


$messageproper =

"------------------------- AWARDEE INFORMATION -------------------------\n" .
"Name: -$name\n" .
"Address: -$address\n" .
"City: -$city\n" .
"Province: -$province\n" .
"Postal Code: -$postal\n" .
"E-mail: -$email\n" .
"Telephone: -$telephone\n" .
"Attended Cast from: -$start\n" .
"to: -$end\n" .
"Profession: -$job\n" .
"Contribution: -\n" .
"Utech: -$utech\n" .
"prof: -$prof\n" .
"society: -$society\n" .
"cuaa: -$cuaa\n" .
"community: -$community\n" .
"other: -$other\n" .

"Other Information for this Nominatiom\n" .
"$comments\n" .
// Add file attachment to the message
$comments .= "--{$mime_boundary}\n" .
"Content-Type: {$fileatt_type};\n" .
" name=\"{$fileatt_name}\"\n" .
"Content-Disposition: attachment;\n" .
" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n" .
"--{$mime_boundary}--\n";
}


"----------------------------------------------------------------------\n\n" .
"This message was sent from:\n" .
"$http_referrer\n" .
"By;\n" .
"$nomname\n" .
"$nomadd\n" .
"$nomcity\n" .
"$nomprov\n" .
"$nomcode\n" .
"$nomemail\n" .
"$nomtele\n" .



"\n\n-----------------------------------------------------------------------\n" ;

mail($mailto, $subject, $messageproper, "From: \"$nomname\" <$nomemail>\nReply-To: \"$nomname\" <$nomemail>\nX-Mailer: chfeedback.php 2.03" );
header( "Location: $thankyouurl" );
exit ;


?>


code in the HTML file: -

<FORM action="feedback.php" method="post" enctype="multipart/form-data">

File Attachment:
<form enctype="multipart/form-data" action="feedback.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="file" name="fileatt">
</form></TD>


Thanks for your help.

(JAMCAN) timmytiger32@hotmail.com

[Twey]

That's not all the code; there is no call to mail() or, indeed, any socket connection at all in the above code.

P.S. using a hidden input to specify the maximum file size is daft, as the user can override it with a bit of Javascript or by spoofing the Referer.

P.P.S. microtime() makes a much better random seed.

[Xiong Chiamiov]

Whoah there. This *is* the html forum, y'know.

[Twey]

Well, if the OP doesn't know where the problem lies, the best idea is just to post in the most likely forum and hope it gets moved after we've worked it out. It's that or cross-post.

[Xiong Chiamiov]

True, true. It's just that PHP beyond <?php echo() ?> makes my brain dizzy. I suppose those over in the php forum would know about html and forms, though. Right?

[djr33]

Twey, the stuff at php.net and other places say to use the max file size in the form. You're saying that's a bad idea.... what would you suggest?
Maybe you just mean verifying it is indeed that length within the php to be sure?

Also, what's the general idea of file attachments in emails... like... do they get sent as part of the body or another parameter of the mail() tag?

Hope I'm not dragging this off topic. I'd start a new one, but seems to pretty much fit here...

[Twey]

Twey, the stuff at php.net and other places say to use the max file size in the form. You're saying that's a bad idea?

Yes. Say the user ran the following bookmarklet:

Code:

javascript:void(document.forms[0].elements['max_file_size'].value = "200000000000000");

They could then completely bypass the filesize checks, and upload a file of whatever size they wanted.

Maybe you just mean verifying it is indeed that length within the php to be sure?

Yes.

Also, what's the general idea of file attachments in emails... like... do they get sent as part of the body or another parameter of the mail() tag?

They're sent in the headers, thanks to MIME (Multipurpose Internet Mail Extensions). Read these RFCs to get an idea of the format.

[djr33]

Hmm... ok. I'm still not seeing in that code where the attachment is sent.... but... alright.

[Twey]

If you read through the RFCs, you will.