PHP sends emails twice and does not download images correctly: /

advertisements

I have been designing a website and everything has been working perfectly, until I started adding in little extras so it would work EXACTLY how I wanted it to work.

This is the script for a website that uploads a title, description, name of a person, image, email address and password for the advert that they are putting online. However it no longer wants to correctly name the image and it sends out an email twice, once in the instance that there may be an image and it instantly does it in the instance where someone may not upload an image, but it is reading it as if it is doing both because there is an error with the file upload.

Btw this is the first PHP script I have ever created so it may seem mashy as I have been kind of mixing it up from different things that I have found online :)

p.s the page where the magic happens is www.afterswap.com/give.php

p.p.s I have a global config file that sets all of the DB connection info etc, hence it being non-existent here.

<?PHP
include("inc/header.php");
foreach ($_POST as $key => $val)
    $_POST[$key] = mysqli_real_escape_string($con, $val);
$back = "<a href='give.php'>Click Here To Go Back And Try Again</a>";
if (isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) {
    $title          = mysqli_real_escape_string($title123);
    $title123       = mysqli_real_escape_string($_POST['title']);
    $description    = mysqli_real_escape_string($description123);
    $description123 = mysqli_real_escape_string($_POST['description']);
    $Sell_by        = $_POST['Sell_by'];
    $name           = mysqli_real_escape_string($name123);
    $name123        = mysqli_real_escape_string($_POST['name']);
    $email          = $_POST['email'];
    $password       = $_POST['password'];
    $imagename      = basename($_FILES['userfile']['name']);
    $uploadedfile   = $_FILES['userfile']['tmp_name'];
    if (empty($imagename)) {
        $error = 1;
        echo "<h2 class='error'>The name of the image was not found.</h2>" . $back;
    }

    if ($error != 1 && $noimg != 1) {

        $filename  = stripslashes($_FILES['userfile']['name']);
        $extension = substr(strrchr($filename, '.'), 1);
        $extension = strtolower($extension);
    }

    if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) {
        echo '<h2 class="error">Error. Images Must Be Jpg, Gif, or Png Format! Please Go Back And Try Another Image.</h2>' . $back . '';
        $errors = 1;
    } else {

        $time     = time();
        $newimage = "/photos/" . $time . $imagename;
        $result   = move_uploaded_file($_FILES['userfile']['tmp_name'], $newimage);
        if (empty($result)) {
            $error = 1;
            echo "<h2 class='error'>There was an error uploading your image.</h2><br/>" . $back . "";
        }

        $date  = date("Y/m/d H:i:s");
        $query = "INSERT INTO classifieds (adid, title, description, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$Sell_by', '$name123', '$email', '$password', '$newimage', '$date', '0', '0')";
        mysqli_query($query) or die(mysqli_error());

        $pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
        $query2 = mysqli_query($pullback) or die(mysqli_error());
        while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
            $newid = $row['adid'];
            $pass  = $row['pass'];
        }

        $url = "http://";
        $url .= getenv("HTTP_HOST");
        $Name      = "AfterSwap";
        $emailf    = "[email protected]";
        $recipient = $email;
        $mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
        $subject   = "AfterSwap Ad Details";
        $headers   = "From: " . $Name . " <" . $emailf . ">\r\n";
        $headers .= "Content-type: text/html\r\n";

        mail($recipient, $subject, $mail_body, $headers);

        echo "<div align='justify'><div class='success'>Your listing '" . $name123 . "' Has Been Submitted Successfully! <br/><br/>Please take note: Your listing will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";

    }
} elseif (isset($_POST['upload'])) {
    $title          = mysqli_real_escape_string($title123);
    $title123       = mysqli_real_escape_string($_POST['title']);
    $description    = mysqli_real_escape_string($description123);
    $description123 = mysqli_real_escape_string($_POST['description']);
    $Sell_by        = $_POST['Sell_by'];
    $name           = mysqli_real_escape_string($name123);
    $name123        = mysqli_real_escape_string($_POST['name']);
    $email          = $_POST['email'];
    $password       = $_POST['password'];
    $date           = date("Y/m/d H:i:s");
    $query          = "INSERT INTO classifieds (adid, title, description, cat, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$category', '$Sell_by', '$name123', '$email', '$password', 'images/noimage.jpg', '$date', '0', '0')";
    mysqli_query($query) or die(mysqli_error());

    $pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
    $query2 = mysqli_query($pullback) or die(mysqli_error());
    while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
        $newid = $row['adid'];
        $pass  = $row['pass'];
    }

    $url = "http://";
    $url .= getenv("HTTP_HOST");
    $Name      = "AfterSwap";
    $emailf    = "[email protected]";
    $recipient = $email;
    $mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
    $subject   = "AfterSwap Ad Details";
    $headers   = "From: " . $Name . " <" . $emailf . ">\r\n";
    $headers .= "Content-type: text/html\r\n";

    mail($recipient, $subject, $mail_body, $headers);

    echo "<div align='justify'><div class='success'>Thank you " . $name123 . ", your listing has been submitted successfully! <br/><br/>Please take note: Your isting will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";

} else {
?>

/* HTML Form here */

<?PHP } ?>


Try this

Change this line

} elseif (isset($_POST['upload'])) {

to

} elseif (isset ( $_POST ['upload'] ) && empty($_FILES)) {