Help with the 'checkbox' to agree to terms prior to upload

I’m using an upload script (I did not write it) that works successfully.

I’m trying to add the function where you ‘must check box to agree to terms’ prior to uploading a file.

I’ve added lines 67 thru 75, and lines 88 thru 92, but it is missing something, because, whether the box is checked or not, a file can still be uploaded.

Any guidance will be appreciated.

<?php
session_start();
require_once 'phps3integration_lib.php';
$message = "";
if (@$_POST['submit'] != "") {
$allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip", "mov", "MOV", "flv", "mp4", "3gp", "3GP");
$extension = end(explode(".", $_FILES["file"]["name"]));
if (($_FILES["file"]["size"] < 10485760000) && in_array($extension, $allowed_ext)) {
if ($_FILES["file"]["error"] > 0) {
//$message.="There is some error in upload, see: " . $_FILES["file"]["error"] . "<br>";//Enable this to see actual error
$message.="There is some error in upload. Please try after some time.";
} else {
$uploaddir = '../Upload/';
$uploadfile = $uploaddir . basename($_FILES['file']['name']);
$uploaded_file = false;
if(move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
{
$uploaded_file = $_FILES['file']['name'];
}
if ($uploaded_file != FALSE) {
$user_name = @$_POST['user_name'] != "" ? @$_POST['user_name'] : "Anonymous";
$form_data = array(
'file' => $uploaded_file,
'user_name' => $user_name,
'type' => 'file'
);
mysql_query("INSERT INTO `phps3files` (`id`, `file`, `user_name`, `type`) VALUES (NULL, '" . $uploaded_file . "', '" . $user_name . "', 'file')") or die(mysql_error());
$message.= "File Successfully Uploaded";
} else {
$message.="There is some error in upload. Please try after some time.";
}
}
} else {
$message.= "Invalid file, Please upload a gif/jpeg/jpg/png/pdf/doc/docs/zip/mov/flv/mp4/3gp file of maximum size 25 MB.";
}
}
?>

<?php
require_once 'header.php';
?>
<head>

<script>
var ids = ['input', 'message', 'button'];
var obj = {};

ids.forEach(function (v) {
    obj[v] = document.getElementById(v);
});

obj.input.style.display = 'none';
obj.button.style.display = 'block';

obj.input.addEventListener('change', function () {
    obj.message.innerText = this.value;
    obj.message.style.display = 'block';
});

obj.button.addEventListener('click', function (e) {
    e.preventDefault();

    obj.input.click();
});
</script>

<script type="text/javascript">
function validate()
{
if(false == document.getElementById("agree").checked)
{
alert("If you agree with the terms, check the Agree check box");
}
}
</script>

</head>
<html>
<fieldset>
<form action="" method="post" enctype="multipart/form-data">

<div class="control-group">
<label for="file" class="control-label"><font size="6" color="#454545"><b>Choose a file to upload:</b></font></label><br /><br />
<input id="input" name="file" type="file" /></input>
<button id="button"><font size="3" color="#454545">Click To<br /> Select File</font></button>
<div id="message"><font size="3" color="#454545">No File Chosen</font></div>
</div>
<div>
<input type="checkbox" name="agree" id="agree" value="agree" /> <label for='agree'>
<a href="../Terms1.php" target="_blank"><span style="color: #454545; font-size: 10px">By uploading a file here, you agree to these <u>Upload Terms/Agreement</u></a></span>
</label>
</div>
<div class="control-group">
<div class='controls'>
<label class="myLabel1">
<input type="submit" name="submit" value="Submit" class="btn" style="opacity: 0">
</label><
</div>
</form>
</fieldset>

<script>
var ids = ['input', 'message', 'button'];
var obj = {};

ids.forEach(function (v) {
    obj[v] = document.getElementById(v);
});

obj.input.style.display = 'none';
obj.button.style.display = 'inline-block';

obj.input.addEventListener('change', function () {
    var filename = this.value.replace(/^.*[\\\/]/, '');
		obj.message.innerHTML  = filename;
    obj.message.style.display = 'inline-block';
});

obj.button.addEventListener('click', function (e) {
    e.preventDefault();

    obj.input.click();
});

</script>
<?php
if ($message != "" || @$_SESSION['message'] != "") {
    ?>
    <div class="alert alert-success">
    <?php echo $message; ?>
    <?php
    echo @$_SESSION['message'];
    @$_SESSION['message'] = '';
    ?>
    </div>
    <?php
}
?>
<div>
</div>

<?php require_once 'footer.php'; ?>

I can see you’ve added a validate() function to check whether the check-box is checked, but I can’t see anywhere that you call the function. Not that well up on JS, so maybe I’ve missed it.

Thanks for looking at my posting and the code. Much appreciated.
Can you please give me an example of “call the function”?

He is referring to something like

function validate() {

    // .....

}

validate();
1 Like

Thanks for your reply.
So, this (in my code above) isn’t it?

<script type="text/javascript">
function validate()
{
if(false == document.getElementById("agree").checked)
{
alert("If you agree with the terms, check the Agree check box");
}
}
</script>

My code needs something to go with that?

Yes, you need to add that into a form click or an onclick trigger. I also highly suggest that you don’t check for extensions when checking if the file uploaded was an image. This is a legacy way of doing an upload system. You need to check the mime type of the file. You need to make sure that the mime type of the file is either image/png, image/jpg, image/jpeg, or image/gif. Anyone can create a file out of thin air from a text document and change the file extension to .jpg or .png. But the mime type will always remain the same no matter what extension the file is put through. So if the file was created from a text document, the mime type of that file is text/plain. If the user changes that text document to say test.jpg, that file will always have the mime type of text/plain no matter what. If the user created the file with a legitimate image editor or image software, the mime type will always remain either image/png, image/jpg, image/jpeg, or image/gif.

Yes, all you do there is define a function called validate, you don’t actually call it from anywhere. I don’t know enough JavaScript to tell you where you should call it from.

1 Like

Thanks for your replies. Greatly appreciate it.
Becuase of the point about mime types, I’m going to start another posting, and start again.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.