Basic academic submission script

uni-submit.php

<?php
session_start();

/*********************************
 * START of Configuration Options
 *********************************/

// set the timezone the server should use when working with dates
date_default_timezone_set('America/Toronto');

// should the files be stored on the server or just emailed directly to recipient
$store_files = './submissions/'; // either "false" or path to submissions

// email settings
$recipient = "[email protected]";
$from = "Submission Website <[email protected]>";
$subject_prefix = "Submission from Student: ";

// A really dumb password auth system (this is so lame)
$password = "Open Sesame";

// an array of text fields in the submission form
$fields = array(
  "Given Name",
  "Family Name",
  "Student Number",
  "Class"
);

// DISABLED / TODO:
// the list of labs/assignments that may be submitted during a time window
// an item will be disabled to the student until the server's clock falls within the begin & end timestamps
// examples use ISO 8601 timestamp formatting (Canada's official format)
#$submitable_items = array(
#  "Lab 1" => array(
#    "begin" => strtotime("2013-02-20T00:00:00Z"),
#    "end" => strtotime("2013-02-27T23:59:59Z")
#  ),
#  "Lab 2" => array(
#    "begin" => strtotime("2013-03-02T00:00:00Z"),
#    "end" => strtotime("2013-03-09T23:59:59Z")
#  )
#);

// the order of the values that will appear in the new filename. Must match to $fields array.
$order = array("Class", "Family Name", "Given Name", "Student Number");

// the character or string used to delimit the values in the new filename
$delimiter = " - ";

/*******************************
 * END of Configuration Options
 *******************************/

if(isset($_POST['submit'])) {
  // password check
  if(!isset($_POST['password']) || $_POST['password'] != $password) {
    $_SESSION['error'] = "Invalid or missing password";
    header("Location: ".$_SERVER['PHP_SELF']);
    exit();
  }  

  // empty fields check
  foreach($fields as $field) {
    $post_name = str_replace(' ', '_', strtolower(trim($field)));
    if(!isset($_POST[$post_name]) || $_POST[$post_name] == '') {
      $_SESSION['error'] = "Missing required fields";
      header("Location: ".$_SERVER['PHP_SELF']);
      exit();    
    }
  }

  // filename renamer thingy
  $new_filename = '';
  foreach($order as $field) {
    foreach($_POST as $post_key => $post_val) {
      if( str_replace(' ', '_', strtolower(trim($field))) == $post_key) {
        $new_filename .= trim($post_val).$delimiter;
      }
    }
  }
  $new_filename .= date("c").'.'.pathinfo($_FILES['submission']['name'], PATHINFO_EXTENSION);

  // file storage
  if($store_files !== false) {
    if(move_uploaded_file($_FILES['submission']['tmp_name'], $store_files.$new_filename)) {
      // do nothing?
    } else {
      $_SESSION['error'] = "An error occured. Please manually email file to ".$recipient;
      header("Location: ".$_SERVER['PHP_SELF']);
      exit();
    }
  }
  
  // mail stuff:
  $separator = md5(time());
  
  // carriage return type (we use a PHP end of line constant)
  $eol = PHP_EOL;
  
  // get bytes of file and make it ASCII-friendly
  if($store_files === false) {
    $attachment = chunk_split(base64_encode(file_get_contents($_FILES['submission']['tmp_name'])));
  } else {
    $attachment = chunk_split(base64_encode(file_get_contents($store_files.$new_filename)));
  }
  
  // main header
  $headers  = "From: ".$from.$eol;
  $headers .= "MIME-Version: 1.0".$eol; 
  $headers .= "Content-Type: multipart/mixed; boundary=\"".$separator."\"";
  
  // no more headers after this, we start the body! //
  
  $body = "--".$separator.$eol;
  $body .= "Content-Transfer-Encoding: 7bit".$eol.$eol;
  $body .= "This is a MIME encoded message.".$eol;
  
  // message
  $body .= "--".$separator.$eol;
  $body .= "Content-Type: text/html; charset=\"iso-8859-1\"".$eol;
  $body .= "Content-Transfer-Encoding: 8bit".$eol.$eol;
  $body .= "Attached!".$eol;
  
  // attachment
  $body .= "--".$separator.$eol;
  $body .= "Content-Type: application/octet-stream; name=\"".$new_filename."\"".$eol; 
  $body .= "Content-Transfer-Encoding: base64".$eol;
  $body .= "Content-Disposition: attachment".$eol.$eol;
  $body .= $attachment.$eol;
  $body .= "--".$separator."--";
  
  // send message
  if (mail($recipient, $subject_prefix.$_POST['family_name'].", ".$_POST['given_name'], $body, $headers)) {
    $_SESSION['notice'] = "Successfully submitted!";
    header("Location: ".$_SERVER['PHP_SELF']);
    exit();
  } else {
    $_SESSION['error'] = "An error occured in submission mailer. Please manually email file to ".$recipient;
    header("Location: ".$_SERVER['PHP_SELF']);
    exit();
  }
  
  
  // always redirect, even if there's no message.
  header("Location: ".$_SERVER['PHP_SELF']);
  exit();
}

?>

<!DOCTYPE html>
<html>
<head>
  <meta charset=utf-8 />
	<title>Submission Form</title>
	<!--[if IE]>
		<script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
	<![endif]-->
</head>
<body>

<h1>Submission Form</h1>

<?php if(isset($_SESSION['notice'])) { ?>
<div style="padding:15px;background-color:#EEE;border:1px solid #AAA">
<?php echo htmlspecialchars($_SESSION['notice']); unset($_SESSION['notice']); ?>
</div>
<hr />
<?php } ?>
<?php if(isset($_SESSION['error'])) { ?>
<div style="padding:15px;background-color:#C00;border:1px solid #900;color:#FFF">
<?php echo htmlspecialchars($_SESSION['error']); unset($_SESSION['error']); ?>
</div>
<hr />
<?php } ?>


<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<?php foreach($fields as $field) {
  $html_field = str_replace(' ', '_', strtolower(trim($field)));
  echo '<label for="'.$html_field.'">'.$field.' *: </label>';
  echo '<input type="text" name="'.$html_field.'" id="'.$html_field.'" /><br />';
} ?>
<hr>
<input type="file" name="submission" /><br />
Password: <input type="password" name="password" /><br /><br />
<input type="submit" name="submit" value="Submit File" />
</form>

</body>
</html>