Validation of File Upload Field

[twilitegxa]

I'm having some trouble validating a file upload. I have it set to display a message if the file upload name already exists, but it is also displaying the same message when the field is left blank. I tried adding in a message to display when the field was blank, but it always displays the previous message, plus the new message, and on top of that, the error message about the file field being blank displays even if the user has uploaded a file. can anyone help??

 

<?php

$firstname = "";
$lastname = "";
$address = "";
$city = "";
$state = "";
$zip = "";
$phone = "";
$position = "";

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>KulaE_WDP4451_U2IP</title>
</head>

<body>

<form action="process_U2IP.php" method="post" enctype="multipart/form-data">
<h3>Please fill out the form below and upload your resume to apply for a position within our company:</h3>

<table>
<tr>
<td><label for="firstname"><b>First Name*</b></label></td>
<td><input name="firstname" type="text" size="20" id="firstname" value="<?php echo $lastname; ?>" /></td>
</tr>
<tr>
<td><label for="lastname"><b>Last Name*</b></label></td>
<td><input name="lastname" type="text" size="20" id="lastname" value="<?php echo $lastname; ?>" /></td>
</tr>
<tr>
<td><label for="address"><b>Address*</b></label></td>
<td><input name="address" type="text" size="20" id="address" value="<?php echo $address; ?>" /></td>
</tr>
<tr>
<td><label for="city"><b>City*</b></label></td>
<td><input name="city" type="text" size="20" id="city" value="<?php echo $city; ?>" /></td>
</tr>
<tr>
<td><label for="state"><b>State*</b></label></td>
<td><input name="state" type="text" size="20" id="state" value="<?php echo $state; ?>" /></td>
</tr>
<tr>
<td><label for="zip"><b>Zip*</b></label></td>
<td><input name="zip" type="text" size="20" id="zip" value="<?php echo $zip; ?>" /></td>
</tr>
<tr>
<td><label for="phone"><b>Phone*</b></label></td>
<td><input name="phone" type="text" size="20" id="phone" value="<?php echo $phone; ?>" /></td>
</tr>
<tr>
<td><label for="position"><b>Position*</b></label></td>
<td><input name="position" type="text" size="20" id="position" value="<?php echo $position; ?>" /></td>
</tr>
<tr>
<td><b>Upload Resume*</b></td>
<td><input type="file" name="file" id="file" /> </td>
</tr>
<tr>
<td colspan="2"><p><i>Your information will not be sold or shared with others.</i></p></td>
</tr>
<tr>
<td colspan="2"><p style="color: red;">* denotes required field</p></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="hidden" name="submitted" value="1" />

<input type="submit" value="Submit" />
<input type="reset" name="reset" value="Reset" /></td>
</tr>
</table>
</form>

</body>
</html>

 

<?php

if (@$_POST['submitted']){
    $firstname = (@$_POST['firstname']);
    $lastname = (@$_POST['lastname']);
    $address = (@$_POST['address']);
    $city = (@$_POST['city']);
    $state = (@$_POST['state']);
    $zip = (@$_POST['zip']);
    $phone = (@$_POST['phone']);
    $position = (@$_POST['position']);
    $file = (@$_POST['file']);
    
    if (get_magic_quotes_gpc()){
        $firstname = stripslashes($firstname);
        $lastname = stripslashes($lastname);
        $address = stripslashes($address);
        $city = stripslashes($city);
        $state = stripslashes($state);
        $zip = stripslashes($zip);
        $phone = stripslashes($phone);
        $position = stripslashes($position);
        
    }
    
    $error_msg=array();
    if ($firstname==""){
        $error_msg[]="Please enter your first name";
    }
    
    if(!preg_match("/^\b[a-zA-Z]+\b$/", $firstname)){
        $error_msg[]="First Name can only contain letters";
    }
    
    if ($lastname==""){
        $error_msg[]="Please enter your last name";
    }
    
    if(!preg_match("/^\b[a-zA-Z]+\b$/", $lastname)){
        $error_msg[]="Last Name can only contain letters";
    }
    
    if ($address==""){
        $error_msg[]="Please enter your address";
    }
    
    if(!preg_match('/^[a-z0-9 ]*$/i', $address)){
        $error_msg[]="Address can only contain numbers, letters and spaces";
    }
    
    
    if ($city==""){
        $error_msg[]="Please enter your city";
    }
    
    if (!preg_match("/^\b[a-zA-Z]+\b$/", $city)){
        $error_msg[]="City can only contain letters";
    }
    
    if ($state==""){
        $error_msg[]="Please enter your state";
    }
    
    if (strlen($state)<>2){
        $error_msg[]="State can only contain 2 letters; use state abbreviation";
    }
    
    if (!preg_match("/^\b[a-zA-Z]+\b$/", $state)){
        $error_msg[]="State can only contain letters";
    }
    
    if ($zip==""){
        $error_msg[]="Please enter your zip code";
    }
    
    if (strlen($zip)<>5){
        $error_msg[]="Zip code can only contain 5 digits";
    }
    
    if(!is_numeric($zip)){
        $error_msg[]="Zip code must contain only numbers";
    }
    
    if ($phone==""){
        $error_msg[]="Please enter your phone number";
    }
    
    if (strlen($phone)<>10){
        $error_msg[]="Phone number can only contain 10 digits";
    }
    
    if(!is_numeric($phone)){
        $error_msg[]="Phone number must contain only numbers";
    }
    
    if ($position==""){
        $error_msg[]="Please enter your desired position";
    }
    
    if(!preg_match('/^[a-z0-9 ]*$/i', $position)){
        $error_msg[]="Position can only contain numbers, letters and spaces";
    }
    
    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      $error_msg[]= $_FILES["file"]["name"] . " already exists";
      }
      
      if ((($_FILES["file"]["type"] != "document/msword")
|| ($_FILES["file"]["type"] != "document/pdf"))
&& ($_FILES["file"]["size"] > 50000))
  {
      $error_msg[]= "Uploaded file can only be in MSWord or PDF format and can only be under 50KB in size";
    }
      
      
      

    }
    
    if ($error_msg){
        $display_errors =  "<h3>There were errors in your submission.</h3>
        <p>Please review the following errors, press the Back button on your browser, and make corrections before re-submitting.</p>
        <ul style=color:red>\n";
            foreach ($error_msg as $err){
                $display_errors .= "<li>".$err."</li>\n";
            }
        $display_errors .= "</ul>\n";
        
    }
    
    if (!$error_msg){
        echo  "
<h3>Thank you for applying! Applicants we are interested in interviewing will be contacted within 48 hours.</h3>

<p>You have submitted the following information:</p>

<table>
<tr>
<td><b>First Name:</b></td>
<td>$firstname</td>
</tr>
<tr>
<td><b>Last Name:</b></td>
<td>$lastname</td>
</tr>
<tr>
<td><b>Address:</b></td>
<td>$address</td>
</tr>
<tr>
<td><b>City:</b></td>
<td>$city</td>
</tr>
<tr>
<td><b>State:</b></td>
<td>$state</td>
</tr>
<tr>
<td><b>Zip Code:</b></td>
<td>$zip</td>
</tr>
<tr>
<td><b>Phone Number:</b></td>
<td>$phone</td>
</tr>
<tr>
<td><b>Position Desired:</b></td>
<td>$position</td>
</tr>";

move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      
      echo "<tr>
      <td><b>Uploaded File:</b></td>
      <td><a href=upload/" . $_FILES["file"]["name"] . ">" . $_FILES["file"]["name"] . "</a></td>
      </tr>
      </table>";
      
        exit();
    }
    
    echo $display_errors;
?>