I hate to post a thread on this since I know this topic has been discussed ad nauseum, but I've been searching for weeks and cannot find exactly the answer I've been looking for. I'm new to arrays and loops - I get the concept, but not the syntax.
Here's my conundrum: I have a list of email contacts in my DB (MySQL). I can query the DB, list every contact that has opted in, it displays as desired on my screen, I can put in an email address as "from", a message and upload an image and I can send all to one contact. Works just fine. Only took me two weeks to write that. :)
I figured if I could get one email to work, it would be an easy transition to select multiple "TOs". I've done it with comma separated inputs, easy peasy. BUT, to select from the DB and send has got me stumped. I'm pretty sure it is a combo of my lack of array/foreach/checkbox knowledge.
(If you don't recognize the mail() function, it's a PEAR module to help with file uploads => MIME types.)
Here's my code (not working); any help, as always, is appreciated.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Test Email Distro</title>
<style>
label,a, body
{
font-family : Arial, Helvetica, sans-serif;
font-size : 12px;
}
</style>
<!-- Java form validation-->
<script language="JavaScript" src="scripts/gen_validatorv31.js" type="text/javascript"></script>
</head>
<body>
<?php
if(!empty($errors))
{
echo nl2br($errors);
}
?>
<form method="POST" name="testing.php"
action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" enctype="multipart/form-data">
<p>
<label for='name'>Name: </label><br>
<input type="text" name="name" >
</p>
<p>
<label for='email'>Email: </label><br>
<input type="text" name="vemail" >
</p>
<p>
<label for='message'>Message:</label> <br>
<textarea name="message"></textarea>
</p>
<?php
mysql_connect($hostname,$username,$password);
mysql_select_db($dbname) or die("Unable to select database");
$query="SELECT * FROM userlist WHERE substat = 'optin'";
$result=mysql_query($query);
$num=mysql_numrows($result);
echo "<table border='1'>
<tr>
<th>Select to Mail</th>
<th>First Name</th>
<th>Email</th>
<th>Opt-In Status</th>
</tr>";
while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td><input type='checkbox' name='contacts[]' value='contacts[]'></td>";
echo "<td>" . $row['other'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['substat'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
<p>
<label for='uploaded_file'>Select A File To Upload:</label> <br>
<input type="file" name="uploaded_file">
</p>
<input type="submit" value="Submit" name='submit'>
</form>
<?
//File Upload Settings
$max_allowed_file_size = 100; // size in KB
$allowed_extensions = array("jpg", "jpeg", "gif", "bmp", "png");
$upload_folder = './uploads/'; //<-- this folder must be writeable by the script
$your_email = 'jarett@thumbstakes.com';//<<-- update this to your email address
$errors ='';
if(isset($_POST['submit']))
{
//This gets the uploaded file information
$name_of_uploaded_file = basename($_FILES['uploaded_file']['name']);
//get the file extension of the file
$type_of_uploaded_file = substr($name_of_uploaded_file,
strrpos($name_of_uploaded_file, '.') + 1);
$size_of_uploaded_file = $_FILES["uploaded_file"]["size"]/1024;
//Validations
if(empty($_POST['name'])||empty($_POST['email']))
{
$errors .= "\n Name and Email are required fields. ";
}
if(IsInjected($visitor_email))
{
$errors .= "\n Bad email value!";
}
if($size_of_uploaded_file > $max_allowed_file_size )
{
$errors .= "\n Size of file should be less than $max_allowed_file_size";
}
//Validate the file extension
$allowed_ext = false;
for($i=0; $i<sizeof($allowed_extensions); $i++)
{
if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file) == 0)
{
$allowed_ext = true;
}
}
if(!$allowed_ext)
{
$errors .= "\n The uploaded file is not supported file type.".
"Only the following file types are supported: ".implode(',',$allowed_extensions);
}
//upload the file
if(empty($errors))
{
//copy the temp. uploaded file to uploads folder
$path_of_uploaded_file = $upload_folder . $name_of_uploaded_file;
$tmp_path = $_FILES["uploaded_file"]["tmp_name"];
if(is_uploaded_file($tmp_path))
{
if(!copy($tmp_path,$path_of_uploaded_file))
{
$errors .= '\n error while copying the uploaded file';
}
}
//THIS IS WHERE, I SUSPECT, IS MY DOWNFALL
$contacts = array('other', 'email', 'substat');
foreach ($contacts as $email) {
$email = $to;
if($contacts=='1')
{
$to = $_POST['email'];
$name = $_POST['name'];
$visitor_email = $_POST['vemail'];
$user_message = $_POST['message'];
$subject="New form submission";
$from = $your_email;
$text = "A user $name has sent you this message:\n $user_message";
$message = new Mail_mime();
$message->setHTMLBody($text);
$message->addHTMLImage($path_of_uploaded_file);
$body = $message->get();
$extraheaders = array("From"=>$from, "Subject"=>$subject,"Reply- To"=>$visitor_email);
$headers = $message->headers($extraheaders);
$mail = Mail::factory("mail");
$mail->send($to, $headers, $body);
//redirect to 'thank-you page
header('Location: thank-you.html');
}
}
}
}
///////////////////////////Functions/////////////////
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
mysql_close();
?>
<script language="JavaScript">
// Code for validating the form
// Visit http://www.javascript-coder.com/html-form/javascript-form-validation.phtml
// for details
var frmvalidator = new Validator("testing.php");
frmvalidator.addValidation("name","req","Please provide your name");
frmvalidator.addValidation("email","req","Please provide your email");
frmvalidator.addValidation("email","email","Please enter a valid email address");
</script>
</body>
</html>