Solved

php file uploader?

Posted on 2004-10-18
26
308 Views
Last Modified: 2010-04-17
I'm trying to make a simple php file uploader..
Would have 5 file upload places...
in the script a way to limit file size, file type and uploads allowed per ip, per day.

perfered when submited a window pops-up and says uplaoding then when done the popup closes and the user is redirected to X page.


I have tried and tried to make this baby but have failed...


thanks,
Caiapfas
0
Comment
Question by:Caiapfas
  • 15
  • 11
26 Comments
 
LVL 2

Expert Comment

by:youngad6
ID: 12342464
Here's an example form:

<form enctype="multipart/form-data" action="[YOUR URL]" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="[YOUR MAX FILE SIZE IN BYTES]" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

Set this variable in your php.ini:
upload_tmp_dir=/path/you/want/to/store/them/in/temporarily

Then your script (from the other question- http://www.experts-exchange.com/Programming/Q_21171295.html) could call:
$tempFileName = $_FILES['userfile']['tmp_name'];

 to get the temporary name of the file that was uploaded and you already know the location based on the upload_tmp_dir that you added to your php.ini. Passing this file location to the script I linked you to in your other question it could then mail the file. Tomorrow I have to do something similiar and will work on a complete solution to your questions if time permits.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12342668
yes, i dont want the file emailed, but uploaded to the server and a option to email would be good.


i await your solution..!!
0
 
LVL 2

Expert Comment

by:youngad6
ID: 12354749
config.php:
<?
define("MAX_FILE_SIZE", "20000"); //max file size in bytes
define("FILE_TYPE", "image/gif");   //acceptable file type
define("SAVE_DIR", "./files/");        //directory to save to
?>

uploadfiles.php:
<?
require('config.php');
?>
<form enctype="multipart/form-data" action="upload.php" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="<? echo MAX_FILE_SIZE; ?>" />
    File 1: <input name="file1" type="file" />
    File 2: <input name="file2" type="file" />
    File 3: <input name="file3" type="file" />
    File 4: <input name="file4" type="file" />
    File 5: <input name="file5" type="file" />
    <input type="submit" value="Send Files" />
</form>

upload.php:
<?
require('config.php');
for ($i=1; $i<6; $i++) {
if ($_FILES['file'.$i]['type'] != FILE_TYPE) continue;
if ($_FILES['file'.$i]['size'] > MAX_FILE_SIZE) continue;
move_uploaded_file($_FILES['file'$i]['tmp_name'], SAVE_DIR . $_FILES['file'.$i]['name']);
}
?>
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12355012
can we make it so that I allow file types but ext. ex. .exe|.php|.jpg
also
after file is uploaded I can redirect them to a certian page?


MUCH thanks
0
 
LVL 2

Expert Comment

by:youngad6
ID: 12359517
define("INVALID_EXTENSIONS","php,exe,jpg");

upload.php:
<?
require('config.php');
for ($i=1; $i<6; $i++) {
$ext = substr(strrchr($_FILES['file'.$i]['name'], '.'), 1);
if (stristr(INVALID_EXTENSIONS,$ext)) continue;
if ($_FILES['file'.$i]['size'] > MAX_FILE_SIZE) continue;
move_uploaded_file($_FILES['file'$i]['tmp_name'], SAVE_DIR . $_FILES['file'.$i]['name']);
}
?>
0
 
LVL 2

Expert Comment

by:youngad6
ID: 12359534
Forgot- at the bottom of upload.php add this:
header("Location: http://www.domain.com/"); //redirect
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12360154
I get this error when I try to upload a txt file...which isnt allowed
Parse error: parse error, expecting `']'' in upload.php on line 7
...no error handleing?

and a question

1. how can I make this
define("SAVE_DIR", "./uploads/");    
pathto.....so if I want to save the files 2 directories down and a few up...
ex. the script is in www.me.com/upload/ I want to save the file in www.me.com/james/brown/uploads

0
 
LVL 2

Expert Comment

by:youngad6
ID: 12361413
../ moves you up a directory so for your example it'd be:
define("SAVE_DIR","../james/brown/uploads/");

I missed a . on this line so replace it w/ the similiar one above:
move_uploaded_file($_FILES['file'.$i]['tmp_name'], SAVE_DIR . $_FILES['file'.$i]['name']);
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12362047
ok that worked....


last issue.....when a user tries to upload a file ext. thats not allowed.or break the file size limit....i want it to give an error about it on same page in bold /red at the top

ex.
File type not allowed only $file_types are...

also if the file size is broken

ex.
Error : the file size limit is $file_size...

with no redirect..
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12362057
and for some reason it allowed a disalloed file type?
0
 
LVL 2

Expert Comment

by:youngad6
ID: 12362432
It's not allowing anything it shouldn't over here.
-Did you put define("INVALID_EXTENSIONS","php,exe,jpg"); inside config.php?
-Has it blocked other files and just that one is getting through?
-What was the filename?

As for the bold, red:
<?
require('config.php');

for ($i=1; $i<6; $i++) {
$ext = substr(strrchr($_FILES['file'.$i]['name'], '.'), 1);
if (stristr(INVALID_EXTENSIONS,$ext)) {
      $error_msg .= "<b><font color=red>".$_FILES['file'.$i]['name'] .": INVALID FILE EXTENSION. Invalid extensions are: ".INVALID_EXTENSIONS."</font></b><br>";
      continue;
}
if ($_FILES['file'.$i]['size'] > MAX_FILE_SIZE) {
   $error_msg .= "<b><font color=red>".$_FILES['file'.$i]['name'] .": FILE SIZE TOO LARGE. Maximum size is: ".MAX_FILE_SIZE."</font></b><br>";
   continue;
}
move_uploaded_file($_FILES['file'.$i]['tmp_name'], SAVE_DIR . $_FILES['file'.$i]['name']);
}
if (!$error_msg) header("Location: http://www.domain.com/"); //redirect
echo $error_msg;
?>
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12362842
ok last thing I SWEAR. we had a misunderstanding...

instead of it being upacceptable file types..
can it be acceptable ext.

REASON: adding all the not accept file ext.s will take forever..
also, need to change the error. to read nNot accepted file type...these are the accepted $types


much thanks and sorry
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12362894
then error handling for no input...={}
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Expert Comment

by:youngad6
ID: 12363001
I'm not sure what this comment means:
then error handling for no input...={}

but as for the one above it, here's the fix:
define("VALID_EXTENSIONS","gif,jpg,etc");

<?
require('config.php');

for ($i=1; $i<6; $i++) {
$ext = substr(strrchr($_FILES['file'.$i]['name'], '.'), 1);
if (!stristr(VALID_EXTENSIONS,$ext)) {
     $error_msg .= "<b><font color=red>".$_FILES['file'.$i]['name'] .": INVALID FILE EXTENSION. Valid extensions are: ".VALID_EXTENSIONS."</font></b><br>";
     continue;
}
if ($_FILES['file'.$i]['size'] > MAX_FILE_SIZE) {
   $error_msg .= "<b><font color=red>".$_FILES['file'.$i]['name'] .": FILE SIZE TOO LARGE. Maximum size is: ".MAX_FILE_SIZE."</font></b><br>";
   continue;
}
move_uploaded_file($_FILES['file'.$i]['tmp_name'], SAVE_DIR . $_FILES['file'.$i]['name']);
}
if (!$error_msg) header("Location: http://www.domain.com/"); //redirect
echo $error_msg;
?>
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12363158
thanks...what i mean is when i hit go with noting in the upload boxes i get error city
0
 
LVL 2

Expert Comment

by:youngad6
ID: 12363189
Try adding this line:
if (!$_FILES['file'.$i]) continue;

right after:
for ($i=1; $i<6; $i++) {
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12363198
Warning: Empty Delimiter in upload.php on line 6

for EVERY box that doesnt have input

so 5 times?
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12363233
plus under that

: INVALID FILE EXTENSION. Valid extensions are: gif,jpg,php

for each empty box
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12363252
you code didnt fix it
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12363258
Warning: Empty Delimiter in upload.php on line 7
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12363264
and the error for each empty box
0
 
LVL 2

Expert Comment

by:youngad6
ID: 12363283
if (!$_FILES['file'.$i]['name']) continue;

should work instead
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12363356
ThaT did it


but if the user doesnt input something they get redirected..? can it give error msg stating please upload a file

and lastly VERY lastly (unless errors which wont happen) can we make the error msg load on the upload page

$error_msg

so all they have to do it try again?


0
 
LVL 2

Expert Comment

by:youngad6
ID: 12363423
Add this to the top:
if (!isset($_FILES)) $error_msg = "Please upload a file";


and replace this:
if (!$error_msg) header("Location: http://www.domain.com/"); //redirect
echo $error_msg;

with this:
if ($error_msg) header("Location: uploadfiles.php?error_msg=".$error_msg); //redirect to uploadfiles.php again
header("Location: http://www.domain.com/"); //redirect if no errors

then at the top of uploadfiles.php add this:
echo $error_msg;
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12363477
I didnt make it work
and it seems the file size limit doesnt work...but it doesnt upload..it just redirects

<?
require('config.php');

if (!isset($_FILES)) $error_msg = "Please upload a file";

for ($i=1; $i<6; $i++) {
if (!$_FILES['file'.$i]['name']) continue;
$ext = substr(strrchr($_FILES['file'.$i]['name'], '.'), 1);
if (!stristr(VALID_EXTENSIONS,$ext)) {
     $error_msg .= "<b><font color=red>".$_FILES['file'.$i]['name'] .": INVALID FILE EXTENSION. Valid extensions are: ".VALID_EXTENSIONS."</font></b><br>";
     continue;
}
if ($_FILES['file'.$i]['size'] > MAX_FILE_SIZE) {
   $error_msg .= "<b><font color=red>".$_FILES['file'.$i]['name'] .": FILE SIZE TOO LARGE. Maximum size is: ".MAX_FILE_SIZE."</font></b><br>";
   continue;
}
move_uploaded_file($_FILES['file'.$i]['tmp_name'], SAVE_DIR . $_FILES['file'.$i]['name']);
}
if ($error_msg) header("Location: index.php?error_msg=".$error_msg); //redirect to index.php again
header("Location: http://www.msn.com/"); //redirect if no errors
?>

==================

<?
require('config.php');
?>
<?
echo $error_msg;
?>
<form enctype="multipart/form-data" action="upload.php" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="<? echo MAX_FILE_SIZE; ?>" />
    <p style="margin-top: 0; margin-bottom: 0"><font face="Verdana" size="2">
    Upload your files..</font></p>
    <p style="margin-top: 0; margin-bottom: 0"><font face="Verdana" size="2">
    Just click browse find your file and click open...</font></p>
    <p style="margin-top: 0; margin-bottom: 0"><font face="Verdana" size="2">
    then click &quot;Send Files&quot;</font></p>
    <p><font face="Verdana"><font size="2">File 1: </font>
    <input name="file1" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p><font face="Verdana"><font size="2">File 2: </font>
    <input name="file2" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p><font face="Verdana"><font size="2">File 3: </font>
    <input name="file3" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p><font face="Verdana"><font size="2">File 4: </font>
    <input name="file4" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p><font face="Verdana"><font size="2">File 5: </font>
    <input name="file5" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p>
    <input type="submit" value="Send Files" /> </p>
</form>
0
 
LVL 2

Accepted Solution

by:
youngad6 earned 500 total points
ID: 12364746
I cleaned up the code a lot and tested it. This one will work for any number/name of files. Enjoy:
<?
define("MAX_FILE_SIZE", "20000");                      //max file size in bytes
define("VALID_EXTENSIONS","gif,jpg,php,txt,zip");  //acceptable file ext
define("SAVE_DIR", "./uploads/");                  //directory to save to

if (isset($_POST['submit'])) {
      if (!isset($_FILES)) $error_msg = "Please upload a file";

      foreach($_FILES as $key=>$value) {
            if ($_FILES[$key]['error'] == 4) continue; //if file DNE
            if ($_FILES[$key]['error'] == 2) {                //if file is too big
                  $error_msg .= "<b><font color=red>ERROR: ".$_FILES[$key]['name'] .": FILE SIZE TOO LARGE. Maximum size is: ".MAX_FILE_SIZE." bytes</font></b><br>";
                  continue;
            }
            $ext = substr(strrchr($_FILES[$key]['name'], '.'), 1);
            if (!stristr(VALID_EXTENSIONS,$ext)) {
                 $error_msg .= "<b><font color=red>ERROR: ".$_FILES[$key]['name'] .": INVALID FILE EXTENSION. Valid extensions are: ".VALID_EXTENSIONS."</font></b><br>";
                 continue;
            }
            move_uploaded_file($_FILES[$key]['tmp_name'], SAVE_DIR . $_FILES[$key]['name']);
      }
      if (!$error_msg) header("Location: http://www.msn.com/"); //redirect if no errors
      echo $error_msg;
}
?>

<form enctype="multipart/form-data" action="<? echo $_SERVER['PHP_SELF']; ?>" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="<? echo MAX_FILE_SIZE; ?>" />
    <p style="margin-top: 0; margin-bottom: 0"><font face="Verdana" size="2">
    Upload your files..</font></p>
    <p style="margin-top: 0; margin-bottom: 0"><font face="Verdana" size="2">
    Just click browse find your file and click open...</font></p>
    <p style="margin-top: 0; margin-bottom: 0"><font face="Verdana" size="2">
    then click &quot;Send Files&quot;</font></p>
    <p><font face="Verdana"><font size="2">File 1: </font>
    <input name="file1" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p><font face="Verdana"><font size="2">File 2: </font>
    <input name="file2" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p><font face="Verdana"><font size="2">File 3: </font>
    <input name="file3" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p><font face="Verdana"><font size="2">File 4: </font>
    <input name="file4" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p><font face="Verdana"><font size="2">File 5: </font>
    <input name="file5" type="file" size="20" /><font size="2"> </font></font>
    </p>
    <p>
    <input type="submit" name="submit" value="Send Files" /> </p>
</form>
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now