<?php
/*************************************************************************
php easy :: protected form scripts set - Attachment Version
==========================================================================
Author: php easy code, www.phpeasycode.com
Web Site: http://www.phpeasycode.com
Contact: hide@address.com
*************************************************************************/
// SETTINGS:
$sitemail = "hide@address.com"; // specify your email address here to receive emails
$mtextmax = 2000; // limit message text in number of characters allowed
$fnum = 3; // number of file attachment fields
$fsizemax = 100; // limit each attached file size in kB
$enc = "iso-8859-1"; // email text encoding
// Request form data
$name = $_POST["name"];
$email = $_POST["email"];
$subject = $_POST["subject"];
$mtext = $_POST["mtext"];
$securitycode = $_POST["securitycode"];
$submit = $_POST["submit"];
if($submit) {
session_start();
if(!isset($_SESSION["SecurityCode"])) {
die("Error: Illegal form access!");
}
}
?>
<html>
<head>
<title>Protected form with file attachment</title>
</head>
<body>
<?php
if(!$submit) {
echo "<p><b>Bold</b> fields are required.</p>\n";
echo "<form action='" . $_SERVER['PHP_SELF'] . "' method='post' enctype='multipart/form-data'>\n";
echo "<table align='center' border='1' cellspacing='0' cellpadding='4'>\n";
echo "<tr>\n";
echo "<td ><p><b><label for='name'>Your name:</label></b></p></td>\n";
echo "<td><input type='text' name='name' id='name' size='40' maxlength='50'></td>\n";
echo "</tr><tr>\n";
echo "<td ><p><b><label for='email'>Your email address:</label></b></p></td>\n";
echo "<td><input type='text' name='email' id='email' size='40' maxlength='50'></td>\n";
echo "</tr><tr>\n";
echo "<td ><p><b><label for='subject'>Message subject:</label></b></p></td>\n";
echo "<td><input type='text' name='subject' id='subject' size='40' maxlength='100'></td>\n";
echo "</tr><tr>\n";
echo "<td ><p><b><label for='mtext'>Message text:</label></b><br><small>(".$mtextmax." Chars Max)</small></p></td>\n";
echo "<td><textarea name='mtext' id='mtext' rows='5' cols='34'></textarea></td>\n";
echo "</tr><tr>\n";
for($i=1;$i<=$fnum;$i++) {
echo "<td ><p><label for='attachment".$i."'>Attachment ".$i."</label> <small>(".$fsizemax." KB Max)</small></p></td>\n";
echo "<td><input type='file' class='file' name='attachment".$i."' id='attachment".$i."' size='35'></td>\n";
echo "</tr><tr>\n";
}
echo "<td ><p><b><label for='securitycode'>Security Code:</label></b><img src='codeimg.php' width='44' height='14' border='0' alt='Security Code'></p></td>\n";
echo "<td><input type='text' name='securitycode' id='securitycode' size='12' maxlength='4'></td>\n";
echo "</tr><tr>\n";
echo "<td ><p><b>Submit:</b></p></td>\n";
echo "<td><input type='submit' name='submit' value=' Submit '></td>\n";
echo "</tr>\n</table>\n</form>\n<br>\n";
}
else { // Processing received data
$formerror = "";
if(!$name) {
$formerror.= "You did not enter your name!\n";
}
elseif(strlen($name) > 50) {
$formerror.= "Name length should NOT exceed 50 chars!\n";
}
if(!$email) {
$formerror.= "You did not enter your email address!\n";
}
elseif(strlen($email) > 50) {
$formerror.= "Email address length should NOT exceed 50 chars!\n";
}
elseif(!preg_match("/^([\w\.-]+)@([\w\.-]+)\.([\w]+)$/", $email)) { // check email address against the regular expression
$formerror.= "The email address is not valid!\n";
}
if(!$subject) {
$formerror.= "You did not enter the message subject!\n";
}
if(strlen($subject) > 100) {
$formerror.= "Message subject length should NOT exceed 100 chars!\n";
}
if(!$mtext) {
$formerror.= "You did not enter the message text!\n";
}
elseif(strlen($mtext) > $mtextmax) {
$formerror.= "Message text length should NOT exceed 1000 chars!\n";
}
if($_FILES["attachment"]["size"]>($fsizemax*1024)){
$formerror.= "The attached file size is larger than ".$fsizemax." KB!\n";
}
if(!$securitycode) {
$formerror.= "You did not enter the security code!\n";
}
if($securitycode != $_SESSION["SecurityCode"]) {
$formerror.= "The security code is wrong!\n";
}
if($formerror) {
echo "<p><b>Errors filling Form:</b></p>\n";
echo "<p>" . nl2br($formerror) . "</p>\n";
echo "<p>Please go <a href=\"javascript:history.back()\">Back</a> and fill the form correctly.</p>\n";
exit;
}
$boundary = md5(uniqid(time()));
$headers = "From: " . $name . "<" . $email . ">\n";
$headers .= "Reply-To: " . $name . "<" . $email . ">\n";
$headers .= "Mime-Version: 1.0\n";
$headers .= "Content-Type: multipart/mixed;\n";
$headers .= "\tboundary=\"----------" . $boundary . "\"\n";
$message = "------------" . $boundary . "\n";
$message .= "Content-Type: text/plain;\n";
$message .= "\tcharset=" . $enc . "\n";
$message .= "Content-Transfer-Encoding: 8bit\n\n";
$message .= stripslashes($mtext) . "\n\n";
for($i=1;$i<=$fnum;$i++) {
if(is_uploaded_file($_FILES['attachment'.$i]['tmp_name'])) {
$attach = $_FILES['attachment'.$i]['tmp_name'];
$filename = basename($_FILES['attachment'.$i]['name']);
$fp = fopen($attach,"r");
$fdata = fread($fp, filesize($attach));
fclose($fp);
$message .= "------------" . $boundary . "\n";
$message .= "Content-Type: " . $_FILES['attachment'.$i]['type'] . ";\n";
$message .= "\tname=\"" . $filename . "\"\n";
$message .= "Content-Transfer-Encoding: base64\n";
$message .= "Content-Disposition: attachment;\n";
$message .= "\tfilename=\"" . $filename . "\"\n\n";
$message .= chunk_split(base64_encode($fdata)) . "\n";
}
}
mail($sitemail, $subject, $message, $headers);
echo "<p>Message successfully sent to " . $sitemail . "</p>\n";
}
?>
</body>
</html>