<?php //SETTING UP LOCAL VARIABLES$username = trim($_POST['username']);$pass

1. <?php
2.  
3. //SETTING UP LOCAL VARIABLES
4. $username = trim($_POST['username']);
5. $password = trim($_POST['password']);
6. $name = trim($_POST['name']);
7. $email = trim($_POST['email']);
8. $message = trim($_POST['message']);
9.  
10. //STRIPPED OUT ALL NON ASCII CHARACTERS
11. $username = preg_replace('/[^(x20-x7F)]*/','', $username);
12. $password = preg_replace('/[^(x20-x7F)]*/','', $password);
13. $name = preg_replace('/[^(x20-x7F)]*/','', $name);
14. //$email = preg_replace('/[^(x20-x7F)]*/','', $email);
15.  
16. //SETTING UPLOAD DIR
17. $upload_dir = $_SERVER['DOCUMENT_ROOT'] . "/beta_images/";
18.  
19. //CREATING A RANDOM HASH TO PROTECT FROM DUPLICATE FILES
20. $random = rand(1, 100);
21.  
22. $user_hash = $random . $name;
23.  
24. $hash = sha1($user_hash);
25. $hash = substr($hash, 32, $random);
26.  
27. foreach ($_FILES['file']['error'] as $key => $error) {
28.  
29. $counter++;
30.  
31. if (
32. (
33. ($_FILES['file']['type'][$key] == "image/jpeg")
34. || ($_FILES['file']['type'][$key] == "image/pjpeg")
35. || ($file['file']['type'][$key] == "image/jpg")
36. )
37.  
38. && ($error == UPLOAD_ERR_OK)
39. && ($_FILES['file']['size'][$key] < 20971520)
40. ) {
41.  
42. $temp_name = $_FILES['file']['tmp_name'][$key];
43. $image_name = $hash . '_' . $name . $counter . '.jpg';
44. move_uploaded_file($temp_name, $upload_dir . $image_name);
45.  
46. } else {
47.  
48. $body_fail = "Someone forgot to do something and wound up on the Sorry page. You might want to contact them and try and convince them to join still. Here are the details nn Username: $username n Password: $password n Email: $email n Name: $name n Message: $message";
49.  
50. mail("bla", "Failed beta sign up", $body_fail);
51.  
52. header("Location: ../sorry.html");
53.  
54. }
55.  
56. }
57.  
58. //EMAIL INTERNAL
59.  
60. $body_internal = "Success! $name has submitted a beta entry!nn Their username is n $username n Their password is n $password n Their email address is $email.nn The images are located in n /beta_images/{$hash}_{$name}1/2/3.jpg nn They also wrote a little message for us: n$message";
61.  
62. mail("bla", "New Beta Sign Up", $body_internal);
63.  
64. //EMAIL INTERNAL
65.  
66. //EMAIL EXTERNAL
67.  
68. $body_external = "Thank you for applying to join the Stylistic Gallery, we just wanted to let you know that we have received everything and will be in touch shortly.nn Best Wishes n Stylistic Gallery nn The Stylistic Gallery, a portal for creative individuals and businesses to showcase and sell their work online";
69.  
70. mail($email, "Thank you for your application", $body_external);
71.  
72. //EMAIL EXTERNAL
73.  
74. header("Location: ../thanks.html");
75.  
76. if (
77. (
78. ($_FILES['file']['type'] == "image/jpeg")
79. || ($_FILES['file']['type'] == "image/pjpeg")
80. || ($_FILES['file']['type'] == "image/jpg")
81. )
82.  
83. && ($error == UPLOAD_ERR_OK)
84. && ($_FILES['file']['size'] < 20971520)
85. ) {
86.  
87. /* ideally you would move those messages to some text files, to make it
88. * easy to change any content and eventually localize it.
89. */
90.  
91. // mail if upload fails
92. $failure_mail_body_to_admin = "Someone ...";
93.  
94. // mail to admin after successful upload
95. $sucess_mail_body_to_admin = "Success! ...";
96.  
97. // mail to user after successful upload
98. $sucess_mail_body_to_user = "Thank you ...";
99.  
100. // mime types of allowed images, I know that those can be spoofed
101. $allowed_mime_types = array("image/jpeg", "image/pjpeg", "image/jpg");
102. $fileCount = 0;
103.  
104. foreach ($_FILES as $filename => $file) {
105. $file_is_ok = true;
106. // test general errors
107. if ($file['error'] != UPLOAD_ERR_OK) {
108. $file_is_ok = false;
109. }
110.  
111. // test size (< 20MB)
112. if ($file['size'] >= 20971520) {
113. $file_is_ok = false;
114. }
115.  
116. if (!in_array($file['type'], $allowed_mime_types) {
117. $file_is_ok = false;
118. }
119.  
120. if ($file_is_ok) {
121. $fileCount++;
122.  
123. // store image
124. $temp_name = $file['tmp_name'];
125. $image_name = $hash . '_' . $name . $counter . '.jpg';
126. move_uploaded_file($temp_name, $upload_dir . $image_name);
127. }
128. }
129.  
130. if ($fileCount > 0) {
131. // send confirmation mails
132. mail("bla", "New Beta Sign Up", $sucess_mail_body_to_user);
133. mail($email, "Thank you for your application", $sucess_mail_body_to_admin);
134.  
135. // redirect user
136. header("Location: ../thanks.html");
137. die();
138. } else {
139. mail("bla", "Failed beta sign up", $failure_mail_body_to_admin);
140.  
141. // redirect user
142. header("Location: ../sorry.html");
143. die;
144. }
145.  
146. die(<<< ERRORTEXT
147. <!doctype html>
148. <html><head><title>Error: Foo</title></head><body>
149. <h1>We're sorry, your call could not be completed as dialed.</h1>
150. <p><a href="../sorry.html">Click here to continue to your final destination.</a></p>
151. </body></html>
152. ERRORTEXT
153. );
154.  
155. ($_FILES['file']['size'][$key] < 20971520)
156.  
157. ($_FILES['file']['size'][$key] < 20 * 1024 * 1024)
158.  
159. define('MAX_FILE_SIZE', 20 * 1024 * 1024); // 20 MB
160. ($_FILES['file']['size'][$key] < MAX_FILE_SIZE)
161.  
162. if (
163. preg_match('/^image/(pjpe|jpe?)g$/', $_FILES['file']['type'][$key])
164. && $error == UPLOAD_ERR_OK
165. && $_FILES['file']['size'][$key] < 20971520
166. ) {