PHP: If $ _FILES is empty, ignore the code. ERROR: but this always jumps when $ _FILES is not empty

advertisements

I am trying to give my contact form the ability to submit the form without a file attached. I have been recommended to use something like this:

if(isset($_FILES["fileToUpload"]) && !empty($_FILES["fileToUpload"]["tmp_path"])){
 // code here
}

I have tried implementing this to my form it seems to work correctly on skipping the code when I don't upload a file but when I do upload a file the checks don't work anymore and lets me send any format file type and doesn't check it its already exists.

What am I doing wrong and is the code implemented properly if not what do I need to change?


PHP CODE


$to = '[email protected]';
$subject = 'Website Submission';
$company_name = $_POST['company_name'];
$ref = $_POST['ref'];
$website = $_POST['website'];
$email = $_POST['email'];
$tel = $_POST['tel'];
$fromweb = $_POST['fromweb'];
$qr = $_POST['qr'];
$message = $_POST['message'];

$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image

if(isset($_FILES["fileToUpload"]) && !empty($_FILES["fileToUpload"]["tmp_path"])){

    // Check if file already exists
    if (file_exists($target_file)) {
        echo '<p style="color:red;">Sorry, file already exists.</p>';
        $uploadOk = 1;
    }
    // Check file size
    if ($_FILES["fileToUpload"]["size"] > 150000000) { // Byte = 150MB
        echo '<p style="color:red;">Sorry, your file is larger than 150MB.</p>';
        $uploadOk = 0;
    }
    // Allow certain file formats
    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
    && $imageFileType != "gif" && $imageFileType != "eps" && $imageFileType != "tiff"
    && $imageFileType != "psd") {
        echo '<p style="color:red;">Sorry, only JPG, JPEG, PNG, GIF, TIF, EPS and PSD files are allowed.</p>';
        if($imageFileType !=null) {
            echo "no file uploaded";
        }
        $uploadOk = 0;

    }
    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        die('<p style="color:red;">Sorry, your file was not uploaded.</p>');
    // if everything is ok, try to upload file
    } else {
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
            echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
        } else {
            echo '<p style="color:red;">Sorry, there was an error uploading your file.</p>';

        }
    }

} //skip code when no file uploaded

$body = <<<EMAIL

    <html>

    <p><h3>Email from website.</h3></p>

    <p><strong>Company Name:</strong> $company_name</p>
    <p><strong>Ref:</strong> $ref</p>
    <p><strong>Website:</strong> $website</p>
    <p><strong>Email:</strong> $email</p>
    <p><strong>Tel:</strong> $tel</p>
    <p><strong>Create From Website:</strong> $fromweb</p>
    <p><strong>Add QR Code:</strong> $qr</p>
    <p><strong>File Location:</strong> $target_file</p>
    <p><strong>Message:</strong> $message</p>

    </html>

EMAIL;

/* Attachment File
Attachment location */
$file_name = $target_file;

$path = $file_name;

// Read the file content

$file = $file_name;
$file_size = filesize($file_name);
$handle = fopen($file, "r");
$content = fread($handle, $file_size);
fclose($handle);
$content = chunk_split(base64_encode($content));

/* Set the email header
Generate a boundary */
$boundary = md5(uniqid(time()));

// Email header
// $header = "From: ".$from_name." \r\n";

$header = 'From: <[email protected]>' . "\r\n";
// $header .= "Reply-To: ".$reply_to."\r\n";
$header .= "MIME-Version: 1.0\r\n";

// Multipart wraps the Email Content and Attachment
$header .= "Content-Type: multipart/mixed;\r\n";
$header .= " boundary=\"".$boundary."\"";

$message .= "This is a multi-part message in MIME format.\r\n\r\n";
$message .= "--".$boundary."\r\n";

/* Email content
Content-type can be text/plain or text/html */
// $message .= "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n";

// this header below is the important one if you want HTML message
$message .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

$message .= "Content-Transfer-Encoding: 7bit\r\n";
$message .= "\r\n";
$message .= "$body\r\n";
$message .= "--".$boundary."\r\n";

/* Attachment
Edit content type for different file extensions */
$message .= "Content-Type: application/xml;\r\n";
$message .= " name=\"".$file_name."\"\r\n";
$message .= "Content-Transfer-Encoding: base64\r\n";
$message .= "Content-Disposition: attachment;\r\n";
$message .= " filename=\"".$file_name."\"\r\n";
$message .= "\r\n".$content."\r\n";
$message .= "--".$boundary."--\r\n";

if ($_POST['submit']){
    mail($to, $subject, $message, $header);
    echo '<p style="color:green;">Message Successfully Sent.</p>';
} else {
    die('<p>Error Email Not Sent</p>');
}


To answer your question for @Ares Draguna:

When the correct file type is uploaded, then you set $uploadOk to 0 in this part:

// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" && $imageFileType != "eps" && $imageFileType != "tiff"
&& $imageFileType != "psd") {
    echo '<p style="color:red;">Sorry, only JPG, JPEG, PNG, GIF, TIF, EPS and PSD files are allowed.</p>';
    if($imageFileType !=null) {
        echo "no file uploaded";
    }
    $uploadOk = 0;
}

So $uploadOk = 0; has to be in the second if-Statement and not outside. So it should be:

// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" && $imageFileType != "eps" && $imageFileType != "tiff"
&& $imageFileType != "psd") {
    echo '<p style="color:red;">Sorry, only JPG, JPEG, PNG, GIF, TIF, EPS and PSD files are allowed.</p>';
    if($imageFileType !=null) {
        echo "no file uploaded";
        $uploadOk = 0;
    }
}

Hope this helps!