I am trying to create a form with an attachment option that will be sent to an email when the form is submitted on a word press site.
My code work fine and it sends email in a HTML table format to my email address. Also I am able to send attachment using the code. The issue arises when I consider the attachment file extensions and file size. I do not know that how to restrict big size of files and set attachments for some allowed extensions only.
My code is:
<?php
//Setup an empty array.
$errors = array();
if($_POST["submit"]) {
$to = "myemail@gmail.com";
$subject = "New reservations request";
$hotel = $_POST["hotel_url"];
$sender = $_POST["sendername"];
$senderEmail = $_POST["senderEmail"];
//Check the name and make sure that it isn't a blank/empty string.
if(empty($sender)){
//Blank string, add error to $errors array.
$errors['sendername'] = "Please enter your name!";
}
/* attachment */
move_uploaded_file($_FILES["attachment"]["tmp_name"],WP_CONTENT_DIR .'/uploads/'.basename($_FILES['attachment']['name']));
$attachments = array(WP_CONTENT_DIR ."/uploads/".$_FILES["attachment"]["name"]);
if(empty($errors)){
$mailBody = "<table border='1'>
<tr>
<th>No</td>
<th>Item</td>
<th>Description</td>
</tr>
<tr>
<td>01</td>
<td>Hotel</td>
<td>$hotel</td>
</tr>
<tr>
<td>02</td>
<td>Name</td>
<td>$sender</td>
</tr>
<tr>
<td>03</td>
<td>E-Mail</td>
<td>$senderEmail</td>
</tr>
</table>";
$headers = array('From: '.$_POST['sendername'].' <'.$_POST['senderEmail'].'>');
$mail_sent = wp_mail( $to, $subject, $mailBody, $headers, $attachments );
}
}
if ($mail_sent) {
?>
<p>Request sent</p>
<?php
} else {
?>
<form id="" name="" action="<?php echo get_permalink(); ?>" method="post" enctype="multipart/form-data">
<input type="hidden" name="hotel_url" value="<?php echo get_permalink();?>" />
<div class="section-heading"><h6>Your Details</h6></div>
<div class="label-input-wrapper">
<div class="form-label">Name</div>
<div class="form-input">
<input type="text" name="sendername"/>
<?php if(isset($errors['sendername'])) { echo '<span style="color: red">'.$errors['sendername'].'</span>'; } ?>
</div>
</div>
<div class="label-input-wrapper">
<div class="form-label">E-Mail</div>
<div class="form-input">
<input type="email" name="senderEmail" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+.[a-z]{2,4}$" required value="<?PHP if(!empty($errors)) { echo $senderEmail;} ?>"/>
</div>
</div>
<label for='uploaded_file'>Select A File To Upload:</label>
<input type="file" name="attachment">
<input type="submit" value="Submit" name="submit">
</form>
<?php
}
?>
The above code send the attachment to my mail and gets saved into my uploads directory.
I know I have to do something around this area /* attachment */ to allow specific extensions and size of the file. but how to do that?
eg: if I have to allow .png, .jpg, .pdf only and the maximum file is 1mb how can I do that? where and what code I have to amend into the above codes?
It is possible to check the extension of the uploaded file, however this is not a good guarantee that it is actually that file type (since you are trusting the client to send you the info). A better way to do this would be to check the file on the server after it has been uploaded, but before it is attached to the email. You can do this for images with
exif_imagetype()
. The file size can be gotten in bytes using the aptly namedfilesize()
function.To check for different image mime types (assuming they are all images from your question)