PHP Email, IP address

B

bigjoe4

New Member
Messages
907
Reaction score
0
Points
0
I have an image upload thingy on my site: http://www.lights4yourpc.com/pictures.html and it emails me to tell me an image has been uploaded and sends the name and comments of the person who uploaded it.

Can anyone help me to make it email me the person's IP address also, so that I can block people who upload millions of inapropriate images?

Thanks.
Joe


here is the code of the upload_file.php
Code: 
<?php

//Email function.
function send_email($name, $comments) {
    //Set vars.
    $to = "upload@lights4yourpc.com";
    $subject = "Image uploaded by " . $name;
    $message = "An image has been uploaded, the details are below.\n\nName: " . $name . "\nComments: " . $comments . "\n\nThanks, your website";
    $from = "From: <$name>";
    
    //Send email.
    mail($to, $subject, $message, $from);
}

//Check for image types.
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 5000000) && isset($_POST['name']) && isset($_POST['comments'])) {
    //Check for an error.
    if ($_FILES["file"]["error"] > 0) {
        //If an error, tell the user.
        echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    } else {
        //Show upload details.
        echo "Image upload successful: <br>" . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        
        //Check if the file exists.
        if (file_exists("upload/" . $_FILES["file"]["name"])) {
            //If the file exists, tell the user.
            echo $_FILES["file"]["name"] . " already exists. ";
        } else {
            //Upload the image.
            move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
            //Inform the user.
            echo "Stored in: " . "folder/" . $_FILES["file"]["name"];
            
            //Send the email.
            send_email($_POST['name'], $_POST['comments']);
        }
    }
    
} else {
    //Tell the user file is invalid or they have left a field blank.
    echo "You have either left a field blank in the form or have uploaded the wrong kind of file, please go <a href=\"pictures.html\" >back</a> and try again.";
}

?>
and here is the code of the pictures.html page:
Code: 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>High power lights for your computer</title>
<link href="Favicon.ico" rel="SHORTCUT ICON">
<META NAME="description" CONTENT="Make your PC look cool! High power flashing LED Lights for your desktop PC."><META NAME="keywords" CONTENT=
"Computer, lights, PC, laser, leds, flashing, leds, kit, multicolor, Case, 12, 12V, volt, volts">
<script type="text/javascript">
<!--
function SwapImage()
{
   var doc=document, args=arguments;
   doc.$imgSwaps = new Array();
   for(var i=2; i<args.length; i+=2)
   {
      var elem=FindObject(args[i]);
      if(elem)
      {
         doc.$imgSwaps[doc.$imgSwaps.length]=elem;
         elem.$src=elem.src;
         elem.src=args[i+1];
      }
   }
}
// -->
</script>
<script type="text/javascript">
<!--
function FindObject(id, doc)
{
   var child, elem;
   if(!doc)
      doc=document;
   if(doc.getElementById)
      elem=doc.getElementById(id);
   else
   if(doc.layers)
      child=doc.layers;
   else
   if(doc.all)
      elem=doc.all[id];
   if(elem)
      return elem;
   if(doc.id==id || doc.name==id)
      return doc;
   if(doc.childNodes)
      child=doc.childNodes;
   if(child)
   {
      for(var i=0; i<child.length; i++)
      {
         elem=FindObject(id,child[i]);
         if(elem)
            return elem;
      }
   }
   var frm=doc.forms;
   if(frm)
   {
      for(var i=0; i<frm.length; i++)
      {
         var elems=frm[i].elements;
         for(var j=0; j<elems.length; j++)
         {
            elem=FindObject(id,elems[i]);
            if(elem) return elem;
         }
      }
   }
   return null;
}
// -->
</script>
</head>
<body background="purple-tile.gif" bgcolor="#330066" text="#FFFFFF" alink="#0000FF">
<img src="Lights4yourPC.png" id="Image1" alt="" align="top" border="0" width="704" height="150" style="position:absolute;left:0px;top:0px;width:704px;height:150px;z-index:0">
<div id="bv_" style="position:absolute;left:0px;top:150px;width:118px;height:124px;z-index:1" align="center">
<table border="0" cellpadding="0" cellspacing="0" id="NavigationBar1">

<tr>
<td align="left" valign="top" width="118" height="31"><a href="/"><img id="home" src="home.gif" alt="home" align="top" border="0" width="118" height="31" onmouseover="SwapImage(1,0,'home','home-over.gif')" onmouseout="SwapImage(0,0,'home','home.gif')"></a></td>
</tr>
<tr>
<td align="left" valign="top" width="118" height="31"><a href="pictures.html"><img id="pictures" src="pictures-over.gif" alt="pictures" align="top" border="0" width="118" height="31" onmouseover="SwapImage(1,0,'pictures','pictures-over.gif')" onmouseout="SwapImage(0,0,'pictures','pictures-over.gif')"></a></td>
</tr>
<tr>
<td align="left" valign="top" width="118" height="31"><a href="buy.html"><img id="buy" src="buy.gif" alt="buy" align="top" border="0" width="118" height="31" onmouseover="SwapImage(1,0,'buy','buy-over.gif')" onmouseout="SwapImage(0,0,'buy','buy.gif')"></a></td>
</tr>
<tr>
<td align="left" valign="top" width="118" height="31"><a href="links.html"><img id="links" src="links.gif" alt="links" align="top" border="0" width="118" height="31" onmouseover="SwapImage(1,0,'links','links-over.gif')" onmouseout="SwapImage(0,0,'links','links.gif')"></a></td>
</tr>
</table>
</div>
<img src="line.gif" id="Image2" alt="" align="top" border="0" width="1" height="536" style="position:absolute;left:118px;top:150px;width:1px;height:2296px;z-index:2">
<img src="fade.gif" id="Image3" alt="" align="top" border="0" width="118" height="348" style="position:absolute;left:0px;top:274px;width:118px;height:2172px;z-index:3">
<div id="b_" style="position:absolute;left:124px;top:152px;width:574px;height:32px;z-index:4" align="left">

<font style="font-size:27px" color="#FFFF99" face="Verdana"><b><u>Upload your images!</u></b></font></div>
<div id="v_" style="position:absolute;left:124px;top:202px;width:560px;height:559px;z-index:5" align="left">

<!-- PayPal Logo -->
<a href="#" onclick="javascript:window.open('https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/popup/OLCWhatIsPayPal-outside','olcwhatispaypal','toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=yes, resizable=yes, width=400, height=350');"><img  src="space.gif" border="0" width="1" height="1" alt="Acceptance Mark" style="position:absolute;left:600px;top:0px"></a><!-- PayPal Logo -->

<font style="font-size:16px" color="#FFFFFF" face="Verdana">Here you can upload pictures of your PC mods!<br>
<br>
Images will be checked by the administrator before being displayed.<br><br>
Files must be in JPG format for upload.<br><br>

<form action="upload_file.php" method="post" 
enctype="multipart/form-data">
<label for="file">File:<img src="space.gif" width="61" height="1" /></label>

<input type="file" name="file" id="file" /> <br />
<label for="name" >Your Name:</label>
<input type="text" name="name" id="name" /><br />
<label for="comments" >Comments:<img src="space.gif" width="3" height="1" /></label>
<textarea name="comments" id="comments" ></textarea>
<input type="submit" name="submit" value="Submit" />
</form>
<img src="Computer_fan _light.jpg" id="Image4" alt="" align="top" border="0" width="500" height="375" style="position:absolute;left:1px;top:240px;width:500px;height:375px;z-index:7">
<img src="grey.png" id="grey.png" alt="" align="top" border="0" width="600" height="800" style="position:absolute;left:1px;top:615px;width:500px;height:60px;z-index:-9">
<div id="a" style="position:absolute;left:0px;top:625px;width:500px;height:124px;z-index:1" align="center">UPLOADED BY: Joe<br>COMMENTS:</div>
<img src="Glowing_USB.jpg" id="Image5" alt="" align="top" border="0" width="500" height="375" style="position:absolute;left:1px;top:700px;width:500px;height:375px;z-index:8">
<img src="grey.png" id="grey.png" alt="" align="top" border="0" width="600" height="800" style="position:absolute;left:1px;top:1075px;width:500px;height:60px;z-index:-9">
<div id="z" style="position:absolute;left:0px;top:1085px;width:500px;height:124px;z-index:1" align="center">UPLOADED BY: Joe<br>COMMENTS:</div>
<img src="Pimp_My_PC.jpg" id="Image5" alt="" align="top" border="0" width="600" height="800" style="position:absolute;left:1px;top:1160px;width:600px;height:800px;z-index:8">
<img src="grey.png" id="grey.png" alt="" align="top" border="0" width="600" height="800" style="position:absolute;left:1px;top:1960px;width:600px;height:60px;z-index:-9">
<div id="c" style="position:absolute;left:0px;top:1970px;width:600px;height:124px;z-index:1" align="center">UPLOADED BY: Saidmalachi<br>COMMENTS:</div>
<div id="d" style="position:absolute;left:0px;top:2100px;width:600px;height:124px;z-index:1" align="center">
<!-- x10 Exchange code begin -->
<!-- DO NOT ALTER THIS CODE! -->
<script type="text/javascript">
  <!--
   document.write('<s'+'cript type="text/javascript" src="http://www.x10exchange.com/work.php?n=118&amp;size=1&amp;j=1&amp;c=&code='+new Date().getTime()+'"></s'+'cript>');
  //-->
</script>
<noscript>
  <iframe src="http://www.x10exchange.com/work.php?n=118&amp;size=1&amp;c=" width="468" height="60" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>
</noscript>
<!-- x10 Exchange code -->
</font>
</div>
</div>
</body>
</html>
 
Last edited:
marshian

marshian

New Member
Messages
526
Reaction score
9
Points
0
All you have to do is add a little to the contents of the mail you're sending.
Change
PHP: 
    $message = "An image has been uploaded, the details are below.\n\nName: " . $name . "\nComments: " . $comments . "\n\nThanks, your website";
to
PHP: 
    $message = "An image has been uploaded, the details are below.\n\nName: " . $name . "\nIP: ".$_SERVER["REMOTE_ADDR"]."\nComments: " . $comments . "\n\nThanks, your website";

Note that ip's can change.
 
Last edited:
W

woiwky

New Member
Messages
390
Reaction score
0
Points
0
That "Thanks, your website" part made me laugh :p

Anyway, just to warn you, the value of $_FILES["file"]["type"] isn't reliable. I would check the extension as well to ensure that it's something the server won't execute when loaded.
 
marshian

marshian

New Member
Messages
526
Reaction score
9
Points
0
Since you can have a dynamic ip and a static internet host name:
PHP: 
    $message = "An image has been uploaded, the details are below.\n\nName: " . $name . "\nIP: ".$_SERVER["REMOTE_ADDR"]." ISP: ".gethostbyaddr($_SERVER["REMOTE_ADDR"])."\nComments: " . $comments . "\n\nThanks, your website";

EDIT: it's not ISP, it's internet host name, according to php.net
 
Last edited:
W

woiwky

New Member
Messages
390
Reaction score
0
Points
0
I'm not sure how useful that would be since blocking a whole ISP could block many legitimate users. What's more, if the malicious user just uses a proxy to get past the ban, then you've only blocked legitimate users.
 
marshian

marshian

New Member
Messages
526
Reaction score
9
Points
0
*sigh*
Run the code, then complain again...
Sorry for the wrong nameing, according to php.net, it's internet host name, and indeed not isp.
an internet host name is something.isp
and since a lot of providers don't care about their customers safety, there's a lot of internet host names like user.something.com, which stays always the same, even if the user has a dynamic ip.
 
Last edited:
W

woiwky

New Member
Messages
390
Reaction score
0
Points
0
Actually you can usually get the ISP from the hostname since most of the time there's a common component in hostnames from the same ISP, so I assumed that's what you were referring to. But regardless, it's been my experience that most ISP's assign hostnames to IP's in a form similar to "xxx-xxx-xxx-xxx.some.isp.server.name", meaning that the hostname is most often as dynamic as the IP.
 
marshian

marshian

New Member
Messages
526
Reaction score
9
Points
0
There's also isp's that don't use the ip, but their customer's id instead.
 
W

woiwky

New Member
Messages
390
Reaction score
0
Points
0
That's true, and some may be even more static than that. It can be useful to know a visitor's hostname, but I just wanted to make sure he knew the limitations of it ;-)
 
VPmase

VPmase

New Member
Messages
914
Reaction score
1
Points
0
woiwky said:
That "Thanks, your website" part made me laugh :p

Anyway, just to warn you, the value of $_FILES["file"]["type"] isn't reliable. I would check the extension as well to ensure that it's something the server won't execute when loaded.
Click to expand...
I wouldn't even do that.
I'd use getimagesize's Index 2 function.
I.E.:
PHP: 
$imgsizes = getimagesize("http://us2.php.net/images/php.gif");
switch($imgsizes[2]){
case 1: GIF
case 2: JPEG
case 3: etc...
}
I use it in my thumbnail scripts.
http://us2.php.net/images/php.gif
http://saumpro.com/EsamTests/thumbnail.php?img=http://us2.php.net/images/php.gif
(You can change the link at the end to any image that is online.)
 
Last edited:
W

woiwky

New Member
Messages
390
Reaction score
0
Points
0
I think it should work fine if you modify that if statement to this:

PHP: 
$valid_img = array('jpg', 'png', 'gif', 'jpeg');

//Check for image types.
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 5000000) && isset($_POST['name']) && isset($_POST['comments']) && in_array(strtolower(pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION)), $valid_img)) {
Of course you can add/remove image extensions from the $valid_img array.
 
Last edited:
B

bigjoe4

New Member
Messages
907
Reaction score
0
Points
0
I know nothing about PHP, can you tell exactly what code I have to replace please :)
 
Last edited:
W

woiwky

New Member
Messages
390
Reaction score
0
Points
0
PHP: 
<?php

//Email function.
function send_email($name, $comments) {
    //Set vars.
    $to = "upload@lights4yourpc.com";
    $subject = "Image uploaded by " . $name;
    $message = "An image has been uploaded, the details are below.\n\nName: " . $name . "\nComments: " . $comments . "\n\nThanks, your website";
    $from = "From: <$name>";
    
    //Send email.
    mail($to, $subject, $message, $from);
}

$valid_img = array('jpg', 'png', 'gif', 'jpeg');

//Check for image types.
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 5000000) && isset($_POST['name']) && isset($_POST['comments']) && in_array(strtolower(pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION)), $valid_img)) {
    //Check for an error.
    if ($_FILES["file"]["error"] > 0) {
        //If an error, tell the user.
        echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    } else {
        //Show upload details.
        echo "Image upload successful: <br>" . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        
        //Check if the file exists.
        if (file_exists("upload/" . $_FILES["file"]["name"])) {
            //If the file exists, tell the user.
            echo $_FILES["file"]["name"] . " already exists. ";
        } else {
            //Upload the image.
            move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
            //Inform the user.
            echo "Stored in: " . "folder/" . $_FILES["file"]["name"];
            
            //Send the email.
            send_email($_POST['name'], $_POST['comments']);
        }
    }
    
} else {
    //Tell the user file is invalid or they have left a field blank.
    echo "You have either left a field blank in the form or have uploaded the wrong kind of file, please go <a href=\"pictures.html\" >back</a> and try again.";
}

?>
That should work ;-)
 
You must log in or register to reply here.
Top