From 3731f5054a6809f8c9be48290335af3f959a5bbf Mon Sep 17 00:00:00 2001
From: Steve Sutton <steve@gaslightmedia.com>
Date: Fri, 26 May 2017 12:47:54 -0400
Subject: [PATCH] Setup file size max for the upload.

Also setting up javascript which will check the file size to make sure
it no larger than 1MB.

File is uploaded to uploads/glm-support and remove from the server when
the file get's sent in the email as an attachment.
---
 controllers/admin.php | 24 ++++++++++++++++++------
 views/supportForm.php | 25 +++++++++++++++++++++++--
 2 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/controllers/admin.php b/controllers/admin.php
index 0cd3cc0..27a894c 100644
--- a/controllers/admin.php
+++ b/controllers/admin.php
@@ -123,13 +123,19 @@ class SupportAdmin
                     $attachment = '';
                     if ( isset( $_FILES ) && is_array( $_FILES )
                         && isset( $_FILES['file_upload'] ) && !$_FILES['file_upload']['error'] ) {
+                        // Create a directory in uploads for support files if needed
+                        $upPath   = wp_upload_dir();
+                        $filePath = $upPath['basedir'] . '/glm-support';
+                        if ( !is_dir( $filePath ) ) {
+                            $oldumask = umask( 0 );
+                            mkdir( $filePath, 0770 );
+                            umask( $oldumask );
+                        }
                         // move the uploaded file
-                        $upload_path = wp_upload_dir();
-                        $file_name = $upload_path['basedir'] . '/' . $_FILES['file_upload']['name'];
-                        $fileUploaded = move_uploaded_file( $_FILES['file_upload']['tmp_name'], $file_name );
-                        echo '<pre>$_FILES: ' . print_r( $_FILES, true ) . '</pre>';
-                        if ( $fileUploaded ) {
-                            $attachment = $fileUploaded;
+                        $fileName     = wp_unique_filename( $filePath, $_FILES['file_upload']['name'] );
+                        $fileUploaded = move_uploaded_file( $_FILES['file_upload']['tmp_name'], $fileName );
+                        if ( $fileUploaded && $fileName ) {
+                            $attachment = $fileName;
                         }
                     }
 
@@ -140,6 +146,12 @@ class SupportAdmin
                         $hdrs,
                         $attachment
                     );
+
+
+                    // If there's a file attachment then delete file from server
+                    if ( isset( $fileName ) && $fileName && is_file( $filePath . '/' . $fileName ) ) {
+                        unlink( $filePath . '/' . $fileName );
+                    }
                 }
             }
         }
diff --git a/views/supportForm.php b/views/supportForm.php
index 5017e35..a3c22ad 100644
--- a/views/supportForm.php
+++ b/views/supportForm.php
@@ -72,9 +72,11 @@
             <div id="supportIntro">
                 <p>Use this support form to quickly report an issue with your web site.</p>
                 <p>Please provide as much information as you can.</p>
+                <p>If you have a screenshot to upload the file must be no larger than 1MB.</p>
             </div>
             <div>
                 <form action="<?php echo $supportFormActionUrl;?>" method="post" enctype="multipart/form-data">
+                <input type="hidden" name="MAX_FILE_SIZE" value="1048576" />
                     <table>
                         <tr>
                             <td colspan="2"><b>Please help us provide the proper support</b></td>
@@ -129,10 +131,11 @@
                         </tr>
                         <tr>
                             <td>
-                                <span class="req">*</span>&nbsp;Upload&nbsp;a&nbsp;screenshot: (jpg,gif,png)
+                                <span class="req">*</span>&nbsp;Upload&nbsp;a&nbsp;screenshot:
+                                (1MB Max)
                             </td>
                             <td>
-                                <input type="file" name="file_upload" />
+                                <input id="myfile" type="file" name="file_upload" />
                             </td>
                         </tr>
                         <tr>
@@ -144,6 +147,24 @@
                     </table>
                     <p><span style="color:red">*</span> denotes required field</p>
                 </form>
+
             </div>
         </div><!-- #supportWrapper -->
     </div>
+<script>
+function init() {
+    var myfiles = document.getElementById( 'myfile' );
+    myfiles.addEventListener('change', process);
+}
+function process(event) {
+    var files = event.target.files;
+    var myfile = files[0];
+    if ( myfile.size > 1048576 ) {
+        alert( 'Your file is too large!\nPlease try another file.' );
+        var myfiles = document.getElementById( 'myfile' );
+        myfiles.value = '';
+    }
+    console.log( myfile );
+}
+window.addEventListener('load', init);
+</script>
-- 
2.17.1