我想修改这个我目前用来限制申请人附件的文档类型为doc, docX, rtf和PDF的简历上传代码。我从SourceForge.net上找到的东西修改了这个。
我也想在成功提交后重定向。现在完成后页面是空白的。我大概能算出来。
我的PHP技能不是很好,所以我真的不知道在哪里放置文件类型验证代码。
<?php
if ($_SERVER['REQUEST_METHOD']=="POST"){
$to="myemail@domain.com";
$subject= stripslashes($_POST['apply']);
$from = stripslashes($_POST['fromname'])."<".stripslashes($_POST['fromemail']).">";
$mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
$headers = "From: $from'r'n" .
"MIME-Version: 1.0'r'n" .
"Content-Type: multipart/mixed;'r'n" .
" boundary='"{$mime_boundary}'"";
$message= stripslashes($_POST['msg']);
$message = "This is a multi-part message in MIME format.'n'n" .
"--{$mime_boundary}'n" .
"Content-Type: text/plain; charset='"iso-8859-1'"'n" .
"Content-Transfer-Encoding: 7bit'n'n" .
$message . "'n'n";
foreach($_FILES as $userfile){
$tmp_name = $userfile['tmp_name'];
$type = $userfile['type'];
$name = $userfile['name'];
$size = $userfile['size'];
if (file_exists($tmp_name)){
if(is_uploaded_file($tmp_name)){
$file = fopen($tmp_name,'rb');
$data = fread($file,filesize($tmp_name));
fclose($file);
$data = chunk_split(base64_encode($data));
}
$message .= "--{$mime_boundary}'n" .
"Content-Type: {$type};'n" .
" name='"{$name}'"'n" .
"Content-Disposition: attachment;'n" .
" filename='"{$fileatt_name}'"'n" .
"Content-Transfer-Encoding: base64'n'n" .
$data . "'n'n";
}
}
$message.="--{$mime_boundary}--'n";
if (@mail($to, $subject, $message, $headers))
echo '<script type="text/javascript">alert("Resume Uploaded Successfully");</script>';
else
echo '<script type="text/javascript">alert("Sorry Failed to Upload Your Resume");</script>';
} else {
?>
还有一个表单验证器来检查可能使用的空字段。
在PHP文档
var frmvalidator = new Validator("form1");
frmvalidator.addValidation("fromname","req","Please enter your name");
frmvalidator.addValidation("fromemail","req","Please enter your email");
frmvalidator.addValidation("apply","req","Please enter the position you are applying for");
frmvalidator.addValidation("file1","req","Please Upload Your resume");
如果有人建议我在js中添加文件类型验证器,我可以发布该代码。它很长,我相信它是一个常用的文件。
服务器端验证在这里是不可避免的....
您应该在*if(file_exists($tmp_name))*之前验证file-type,即覆盖整个if-condition。
Like:
if($userfile['type'] == in_array('filetype1','filetype2','filetype3')))
{
if(file_exists($tmp_name))
{
........
}
}
希望有帮助
可以通过查看上传文件的MIME-type来查看文件类型。遗憾的是,还没有一个可移植的解决方案来查找文件的MIME-type。您可以尝试使用FileInfo库:
$finfo = finfo_open(FILEINFO_MIME_TYPE);
foreach($_FILES as $userfile){
$tmp_name = $userfile['tmp_name'];
$type = $userfile['type'];
$name = $userfile['name'];
$size = $userfile['size'];
$mime_type = finfo_file($finfo, $tmp_name);
if($mime_type != "application/pdf" &&
$mime_type != "application/msword" &&
$mime_type != "application/vnd.openxmlformats-officedocument.wordprocessingml.document" &&
$mime_type != "application/rtf" &&
$mime_type != "text/rtf" &&
$mime_type != "text/richtext")
continue;
...
}
finfo_close($finfo);
另一个选择是使用$type变量而不是$mime_type进行比较。但这是不可靠的。
最后,作为最后的手段,您只需使用以下命令执行文件扩展名嗅探:
$filename = basename($tmp_name);
$fileExt = strtolower(substr(strrchr($filename, "."), 1));
并将$fileExt与所需的文件扩展名进行比较。(doc, docx, rtf, and pdf)