如何将 PHP 表单邮件附件限制为某些文档类型?
我想修改我目前使用的简历上传器代码,将申请人附件的文档类型限制为 doc、docX、rtf 和 PDF。我根据我在 SourceForge.net 上找到的内容修改了此内容。
我还想在成功提交后重定向。现在完成后页面是空白的。我大概能弄清楚。
我的 PHP 技能不太好,所以我真的不知道在哪里放置文件类型验证代码。
<?php
if ($_SERVER['REQUEST_METHOD']=="POST"){
$to="[email protected]";
$subject= stripslashes($_POST['apply']);
$from = stripslashes($_POST['fromname'])."<".stripslashes($_POST['fromemail']).">";
$mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
$headers = "From: $from\r\n" .
"MIME-Version: 1.0\r\n" .
"Content-Type: multipart/mixed;\r\n" .
" boundary=\"{$mime_boundary}\"";
$message= stripslashes($_POST['msg']);
$message = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
foreach($_FILES as $userfile){
$tmp_name = $userfile['tmp_name'];
$type = $userfile['type'];
$name = $userfile['name'];
$size = $userfile['size'];
if (file_exists($tmp_name)){
if(is_uploaded_file($tmp_name)){
$file = fopen($tmp_name,'rb');
$data = fread($file,filesize($tmp_name));
fclose($file);
$data = chunk_split(base64_encode($data));
}
$message .= "--{$mime_boundary}\n" .
"Content-Type: {$type};\n" .
" name=\"{$name}\"\n" .
"Content-Disposition: attachment;\n" .
" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n";
}
}
$message.="--{$mime_boundary}--\n";
if (@mail($to, $subject, $message, $headers))
echo '<script type="text/javascript">alert("Resume Uploaded Successfully");</script>';
else
echo '<script type="text/javascript">alert("Sorry Failed to Upload Your Resume");</script>';
} else {
?>
还有一个表单验证器来检查可能有用的空字段。
这是在 PHP 文档中
var frmvalidator = new Validator("form1");
frmvalidator.addValidation("fromname","req","Please enter your name");
frmvalidator.addValidation("fromemail","req","Please enter your email");
frmvalidator.addValidation("apply","req","Please enter the position you are applying for");
frmvalidator.addValidation("file1","req","Please Upload Your resume");
如果有人建议我在 js 中添加文件类型验证器,我可以发布该代码。它很长,我相信它是一个常用的文件。
I would like to modify this resume uploader code I currently use to restrict the doc types of the applicant's attachment to doc, docX, rtf and PDF. I modified this from something I believe I found on SourceForge.net.
I would also like to redirect upon successful submission. Right now the page is blank upon completion. I can probably figure that out.
My PHP skills are not great, so I don't really know where to place the filetype validation code.
<?php
if ($_SERVER['REQUEST_METHOD']=="POST"){
$to="[email protected]";
$subject= stripslashes($_POST['apply']);
$from = stripslashes($_POST['fromname'])."<".stripslashes($_POST['fromemail']).">";
$mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
$headers = "From: $from\r\n" .
"MIME-Version: 1.0\r\n" .
"Content-Type: multipart/mixed;\r\n" .
" boundary=\"{$mime_boundary}\"";
$message= stripslashes($_POST['msg']);
$message = "This is a multi-part message in MIME format.\n\n" .
"--{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
foreach($_FILES as $userfile){
$tmp_name = $userfile['tmp_name'];
$type = $userfile['type'];
$name = $userfile['name'];
$size = $userfile['size'];
if (file_exists($tmp_name)){
if(is_uploaded_file($tmp_name)){
$file = fopen($tmp_name,'rb');
$data = fread($file,filesize($tmp_name));
fclose($file);
$data = chunk_split(base64_encode($data));
}
$message .= "--{$mime_boundary}\n" .
"Content-Type: {$type};\n" .
" name=\"{$name}\"\n" .
"Content-Disposition: attachment;\n" .
" filename=\"{$fileatt_name}\"\n" .
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n";
}
}
$message.="--{$mime_boundary}--\n";
if (@mail($to, $subject, $message, $headers))
echo '<script type="text/javascript">alert("Resume Uploaded Successfully");</script>';
else
echo '<script type="text/javascript">alert("Sorry Failed to Upload Your Resume");</script>';
} else {
?>
There's also a form validator to check for empty fields that might be of use.
This is in the PHP document
var frmvalidator = new Validator("form1");
frmvalidator.addValidation("fromname","req","Please enter your name");
frmvalidator.addValidation("fromemail","req","Please enter your email");
frmvalidator.addValidation("apply","req","Please enter the position you are applying for");
frmvalidator.addValidation("file1","req","Please Upload Your resume");
If anyone suggests that I add the filetype validator in the js, I can post that code. It is long and I believe it is a commonly used file.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
服务器端验证在这里是不可避免的......
您应该在 *if(file_exists($tmp_name))* 之前验证文件类型,即覆盖整个 if 条件。
喜欢:
希望有帮助:)
Server-side validation is inevitable here ....
You should validate file-type just before *if(file_exists($tmp_name))* i.e. covering up this whole if-condition.
Like :
Hope it helps :)
可以通过检查上传文件的
MIME-type来检查文件类型。遗憾的是,还没有一个可移植的解决方案来查找文件的MIME 类型。您可以尝试使用FileInfo库:另一种选择是使用
$type变量而不是$mime_type进行比较。但这是不可靠的。最后,作为最后的手段,您只需使用以下命令进行文件扩展名嗅探:
并将
$fileExt与您想要的文件扩展名进行比较。 (doc、docx、rtf和pdf)File types can be checked by checking the
MIME-typeof the file uploaded. And sadly, there hasn't been a portable solution into finding theMIME-typeof a file. You can try using theFileInfolibrary:Another option would be to use the
$typevariable for comparison instead of the$mime_type. But this is unreliable.Finally, as a last resort, you just do a file extension sniffing using this:
And compare
$fileExtwith your desired file extensions. (doc,docx,rtf, andpdf)