0

I'm working on a form to use with WordPress. What I have problems with is to allow only certain files to be uploaded and have a check for that. If a file is not allowed, an error-message should be displayed.

Here is my form so far:

<form method="post" id="campaignform" enctype="multipart/form-data" name="campaignform" onSubmit="return CheckForm();">
    Name: <?php if(isset($empty_yourname)){ echo $empty_yourname;}?><br />
    <input type="text" id="yourname" name="yourname" value="<?php if(isset($_POST['yourname'])){ echo $_POST['yourname'];}?>"><br /><br /><br />
    E-mail: <?php if(isset($empty_email)){ echo $empty_email;} if(isset($invalid_email)){ echo $invalid_email;}?><br />
    <input type="text" id="email" name="email" value="<?php if(isset($_POST['email'])){ echo $_POST['email'];}?>"><br /><br /><br />
    Telephone: <?php if(isset($empty_telephone)){ echo $empty_telephone;}?><br />
    <input type="text" id="telephone" name="telephone" value="<?php if(isset($_POST['telephone'])){ echo $_POST['telephone'];}?>"><br /><br /><br />
    Description: <?php if(isset($empty_description)){ echo $empty_description;}?><br />
    <textarea id="description" name="description"><?php if(isset($_POST['description'])){ echo htmlspecialchars($_POST['description']);}?></textarea><br /><br /><br />
    fileupload<br />
    <input type="file" id="file" name="file"><br />
    <input type="file" id="file2" name="file2"><br />
    <input type="file" id="file3" name="file3"><br />
    <input type="file" id="file4" name="file4"><br />
    <input type="file" id="file5" name="file5"><br /><br /><br />
    <input type="checkbox" id="agreement" name="agreement">I accept the agreement. <?php if(isset($empty_agreement)){ echo $empty_agreement;}?><br />
    <input type="submit" name="submit">
</form>

And the PHP I have written so far (right now I'm only testing with one upload-field but this should be applied for all file fields):

<?php
/* on submit */
if( $_SERVER['REQUEST_METHOD'] == 'POST') {

/* check fields */
if(is_array($_POST) && empty($_POST['yourname']) OR empty($_POST['email']) OR empty($_POST['telephone']) OR empty($_POST['description']) OR empty($_POST['agreement']) OR !empty($_FILES['file']['name'])) {

if (empty($_POST['yourname'])) {
    $empty_yourname = "Please enter your name.";
}

if (empty($_POST['email'])) {
    $empty_email = "Please enter your e-mail adress.";
} else {

$email = $_POST["email"];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  $invalid_email = "Invalid email format";
}
}

if (empty($_POST['telephone'])) {
    $empty_telephone = "Please enter your telephone number.";
}

if (empty($_POST['description'])) {
    $empty_description = "Please enter a description.";
}

if (empty($_POST['agreement'])) {
    $empty_agreement = "You must accept the agreement.";
}

/* this check is not working properly */
if (!empty($_FILES['file']['name'])) {
    $allowed =  array('gif','png','jpg');
    $filename = $_FILES['file']['name'];
    $ext = pathinfo($filename, PATHINFO_EXTENSION);
    if(!in_array($ext,$allowed)) {
        /* Output temporary error-message */
        echo 'Error';
    }
}


}

    /* We are successfull and post to DB */
    else {

        global $wpdb;
        $table = wp_verk1_campaign;
        $data = array(
            'contributorname'   => $_POST['yourname'],
            'email'             => $_POST['email'],
            'telephone'         => $_POST['telephone'],
            'description'       => $_POST['description'],
            'date'              => date('Y-m-d'),
            'time'              => date('H:i:s'),
            'upload'            => upload_user_file($_FILES['file']),
            'upload2'           => upload_user_file($_FILES['file2']),
            'upload3'           => upload_user_file($_FILES['file3']),
            'upload4'           => upload_user_file($_FILES['file4']),
            'upload5'           => upload_user_file($_FILES['file5'])
        );
        $format = array(
            '%s',
            '%s'
        );

        $success=$wpdb->insert( $table, $data, $format );

        if($success){
            echo 'data has been saved... ' ; 
        }

    }

    }
?>

How can I make this work?

Kind regards Johan

Improve this question
1
  • Are you sure you're getting inside you second if statement containing is_array($_POST)? Commented Nov 5, 2014 at 15:14

1 Answer 1

Reset to default
1

This conditional is redundant since your are making all these checks individually anyway.

if (is_array($_POST) && empty($_POST['yourname']) OR empty($_POST['email']) OR empty($_POST['telephone']) OR empty($_POST['description']) OR empty($_POST['agreement']) OR ! empty($_FILES['file']['name'])) {....}

Just remove that whole line and the matching end curly.

Since you were using an if-else to determine if your data is valid and we just removed the if part, we'll have to do something else to determine if your file is vaild for upload. A simple boolean will do it.

/* on submit */
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $error = false;

    /* check fields */
    if (empty($_POST['yourname'])) {
        $empty_yourname = "Please enter your name.";
        $error = true;
    }

    if (empty($_POST['email'])) {
        $empty_email = "Please enter your e-mail adress.";
        $error = true;
    } else {

        $email = $_POST["email"];
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $invalid_email = "Invalid email format";
            $error = true;
        }
    }

    if (empty($_POST['telephone'])) {
        $empty_telephone = "Please enter your telephone number.";
        $error = true;
    }

    if (empty($_POST['description'])) {
        $empty_description = "Please enter a description.";
        $error = true;
    }

    if (empty($_POST['agreement'])) {
        $empty_agreement = "You must accept the agreement.";
        $error = true;
    }

    /* this check is not working properly */
    if (!empty($_FILES['file']['name'])) {
        $allowed = array('gif', 'png', 'jpg');
        $filename = $_FILES['file']['name'];
        $ext = pathinfo($filename, PATHINFO_EXTENSION);
        if (!in_array($ext, $allowed)) {
            /* Output temporary error-message */
            echo 'Error';
            $error = true;
        }
    }

    /* We are successfull and post to DB */ 
    if(!$error){

        global $wpdb;
        $table = wp_verk1_campaign;
        $data = array(
            'contributorname' => $_POST['yourname'],
            'email' => $_POST['email'],
            'telephone' => $_POST['telephone'],
            'description' => $_POST['description'],
            'date' => date('Y-m-d'),
            'time' => date('H:i:s'),
            'upload' => upload_user_file($_FILES['file']),
            'upload2' => upload_user_file($_FILES['file2']),
            'upload3' => upload_user_file($_FILES['file3']),
            'upload4' => upload_user_file($_FILES['file4']),
            'upload5' => upload_user_file($_FILES['file5'])
        );
        $format = array(
            '%s',
            '%s'
        );

        $success = $wpdb->insert($table, $data, $format);

        if ($success) {
            echo 'data has been saved... ';
        }
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for the reply. I have actually tested to remove the line you suggest, but the problem is that if this is removed, no checks will work and it will just post to database. Even an total empty form with no fields filled will post to db if that line is removed. :( Any thougts on this?
@JohanNdiyoLinnarsson Yea, I noticed that shortly after I posted it. I've since updated my answer and the code in it. Try the new code I posted.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.