PHP file upload limit size and best practises

Question

I have a website and I am trying to get a form working that will upload a file selected from the users computer. When they click the submit button on the form it should email me the data they filled in the fields and upload the file to a folder on my server. Here is what I have got so far:

Form section of HTML page:

   <form class="registration-form" id="contact-form" action="upload_file.php" method="post" enctype="multipart/form-data">
      <input type="text" id="cf-name" name="name" class="form-test input-box" placeholder="Name">
      <input type="email" id="cf-email" name="email" class="form-test input-box" placeholder="Email">
      <input type="text" class="form-test bfh-address" placeholder="Address">
      <textarea name="message" id="cf-message" class="form-test textarea-box" rows="4" placeholder="Please enter your description"></textarea>
      <input type="file">
      <br>
      <button class="btn btn-primary standard-button" type="submit" name="submit" value="Submit">Upload</button>
   </form>

PHP script:

  <?php

$allowedExts = array("jpg", "jpeg", "gif", "png", "mp3", "mp4", "wma", "zip", "rar", "7zip", "avi", "mov", "wmv", "div");
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);

if ((($_FILES["file"]["type"] == "video/mp4")
|| ($_FILES["file"]["type"] == "video/avi")
|| ($_FILES["file"]["type"] == "video/mov")
|| ($_FILES["file"]["type"] == "video/wmv")
|| ($_FILES["file"]["type"] == "video/div")
|| ($_FILES["file"]["type"] == "compressed/zip")
|| ($_FILES["file"]["type"] == "compressed/rar")
|| ($_FILES["file"]["type"] == "compressed/7zip")
|| ($_FILES["file"]["type"] == "audio/mp3")
|| ($_FILES["file"]["type"] == "audio/wma")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg"))

&& ($_FILES["file"]["size"] < 6000000)
&& in_array($extension, $allowedExts))

  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>

I also have some other questions: 1. Because of storage limit on server how can I prevent people trying to fill up the server space by uploading large files over and over as an attack? 2. Is there a way to simply email the content of the fieldsand the name of the uploaded file to an email address when they click submit. 3. Is there a way to upload the file to an off-server location such as uploading it to mega or some other site for safe storage?

Here are some of the errors on the php script: http://postimg.org/image/qv2rg9qft/

Answer 1

When they click the submit button on the form it should email me the data they filled in the fields and upload the file to a folder on my server.

// ...
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
mail("your@email.com", "Subject", "Text", "From: sender <sender@email.com>");
// ...

1. Because of storage limit on server how can I prevent people trying to fill up the server space by uploading large files over and over as an attack?

Make a CAPTCHA, for example reCAPTCHA .

2. Is there a way to simply email the content of the fieldsand the name of the uploaded file to an email address when they click submit.

Yes. Using PHPMailer for attachments is a very easy solution.

3. Is there a way to upload the file to an off-server location such as uploading it to mega or some other site for safe storage?

There are possibilities with FTP or Amazon S3 for example.

Answer 2

To fix the errors you have to give your html file element the exact name youre using in the $_FILES Array:

So your full HTML code looks like:

<form class="registration-form" id="contact-form" action="upload_file.php" method="post" enctype="multipart/form-data">
  <input type="text" id="cf-name" name="name" class="form-test input-box" placeholder="Name">
  <input type="email" id="cf-email" name="email" class="form-test input-box" placeholder="Email">
  <input type="text" class="form-test bfh-address" placeholder="Address">
  <textarea name="message" id="cf-message" class="form-test textarea-box" rows="4" placeholder="Please enter your description"></textarea>
  <input type="file" name="file">
  <br>
  <button class="btn btn-primary standard-button" type="submit" name="submit" value="Submit">Upload</button>

To prevent people from uploading large files over and over, you could implement a captcha script like phpcaptcha, for example. https://www.phpcaptcha.org/ .

Uploading to mega or any other public file service could be a good option as well. Take a look at http://julien-marchand.fr/blog/using-the-mega-api-with-php-examples/ for an example of uploading to mega with php. But depending on what you want to do with the files i would not recommend that since you are loosing flexibility in displaying or deploying these files to the clients later on.

For an e-mail service, i would recommend swiftmailer: http://swiftmailer.org . It is currently the best way to send emails from php.