Hi

I found some code on the net that basically sends an email from the form contents and uploads a file to the server. I've had to change parts of it to get it working but I can't get one vital part working.

The code does everything it's suppposed to apart from including the upload details in the email that's sent, I've messed about with it but can't get it to work.

<?php
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";
$msgban = "$file_name";

/************************************************************
* Create Upload Directory
************************************************************/
if (!is_dir("files")) {
if (!mkdir($upload_dir))
die ("upload_files directory doesn't exist and creation failed");
if (!chmod($upload_dir,0755))
die ("change permission to 755 failed.");
}

/************************************************************
* Process User's Request
************************************************************/

if ($_REQUEST[del]) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Y/m/d h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
fclose($resource);

if (strpos($_REQUEST[del],"/.")>0); //possible hacking
else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
else if (substr($_REQUEST[del],0,6)=="files/") {
unlink($_REQUEST[del]);
}
}
else if ($_FILES['userfile']) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Y/m/d h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
.$_FILES['userfile']['name']." "
.$_FILES['userfile']['type']."\n");
fclose($resource);

$message = do_upload($upload_dir, $upload_url);
}
else if (!$_FILES['userfile']);
else
$message = "Invalid File Specified.";

/************************************************************
* List Files
************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
if(!is_dir($file) && !is_link($file)) {
$filelist .= "<br><a href='$upload_dir$file'>".$file."</a>";
$filelist .= " <a href='?del=$upload_dir$file' title='delete'>x</a>";
}
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name'];
$file_name = str_replace("\\","",$file_name);
$file_name = str_replace("'","",$file_name);
$file_type = $_FILES['userfile']['type'];
$file_size = $_FILES['userfile']['size'];
$result = $_FILES['userfile']['error'];
$file_url = $upload_url.$file_name;
$file_path = $upload_dir.$file_name;

//File Name Check
if ( $file_name =="") {
$message = "Invalid File Name Specified";
return $message;
}
//File Size Check
else if ( $file_size > 2000000) {
//print $file_size;
// $message = "The file size is over 1MB.";
// return $message;
}
//File Type Check -- Prevent possible attacks
else if ( strpos($file_name,".php") !== false
|| strpos($file_name,".cgi") !== false
|| strpos($file_name,".htm") !== false
|| strpos($file_name,".phtm") !== false )
return;
else if ( strpos($file_type,"image") !== false
|| $file_type == "application/msword");
else {
//$message = "Sorry, demo. only allows image or ms-word upload." ;
//$message .= "<br>You may allow other types(i.e, .zip) on your own server." ;
//return $message;
}

$result = move_uploaded_file($temp_name, $file_path);
if (!chmod($file_path,0755))
$message = "change permission to 755 failed.";
else
$msgban = ($result)?"$file_name" :
$message = ($result)?"$file_name uploaded successfully. In cel mult 24 ore Bannerul va aparea pe site." :
"Somthing is wrong with uploading a file.";

return $message;
}



$name = $_REQUEST['name'];
$from = $_REQUEST['email'] ;
$type = $_REQUEST['type'] ;
$size = $_REQUEST['size'] ;
$message = $_REQUEST['message'] ;

$email = "Name: $name \n";
$email .= "E-Mail: $from \n\n";
$email .= "Type: $type \n";
$email .= "Size: $size \n";
$email .= "Message: $message \n\n";
$email .= "Uploaded File: $file_name \n\n";

$destination = "sales@tscustomshorts.co.uk";
$subject = "Purchase Enquiry from TS Custom Shorts";

$detail = "From: $from <> \n";
$detail .= "Reply-To: $_POST[email_expeditor]\n\n";

$send = mail($destination, $subject, $email, $detail);

if($send)
{header( "Location: [tscustomshorts.co.uk...] );}
?>

Can anyone help with this please?

Also, you'll notice some unnecessary code in there (demo stuff) can this be removed easily?

Thanks