Solved

Uploading Files in PHP

Posted on 2006-06-16
9
1,411 Views
Last Modified: 2012-08-14
Another day, another question about PHP. Right now I am trying to make a feature that allows special users upload PDF files to the website I am building. I have found some file uploading scripts on the Internet but I do not like how they work. So my question is, how can I create a form with a dialogue Open window that only supports PDF files, the PHP checks that its a PDF file and it gets uploaded to a specified folder. Code would be a great help.

Thank you for the help.

EDIT: my PHP version is 4.3.10
0
Comment
Question by:Linky
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:jmar_click
ID: 16921511
What don't you like about the scripts you've found on the internet? We can start from there.
Also, as far as I know, I don't think you can make the file select dialog box only accept PDF files, but after the file is selected, you can check to make sure that the file extension is one that you permit.
0
 
LVL 2

Author Comment

by:Linky
ID: 16921896
The thing I don't like is how some of them upload files but are incomplete. For example, this is one I found:

that is in a file called, upload.php

<?php
      $target = "upload/";
      $target = $target . basename( $_FILES['uploaded']['name']);
      $ok=1;

      //This is our size condition
      if ($uploaded_size > 350000)
      {
            echo "Your file is too large.<br>";
            $ok=0;
      }

      //This is our limit file type condition
      if ($uploaded_type == "text/php")
      {
            echo "No PHP files<br>";
            $ok=0;
      }

      //Here we check that $ok was not set to 0 by an error
      if ($ok==0)
      {
            echo "Sorry your file was not uploaded";
      }

      //If everything is ok we try to upload it
      else
      {
            if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
            {
                  echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            }
            else
            {
                  echo "Sorry, there was a problem uploading your file.";
            }
      }
?>

Here is the form in the other PHP file

<form enctype="multipart/form-data" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>

Here are the errors i get:


Notice: Undefined variable: uploaded_size in c:\program files\easyphp1-8\www\cebatech\upload.php on line 7

Notice: Undefined variable: uploaded_type in c:\program files\easyphp1-8\www\cebatech\upload.php on line 14

Notice: Undefined index: uploadedfile in c:\program files\easyphp1-8\www\cebatech\upload.php on line 31

And finally the site I got it from: http://php.about.com/od/advancedphp/ss/php_file_upload.htm
0
 
LVL 16

Accepted Solution

by:
dr_dedo earned 250 total points
ID: 16921944
you can always do a type check on the uploaded file to detect its type and allow only pdf files

echo $_FILES['FILE_NAME']['type'] and this will print the file type,

you can filter uploaded files

if ($_FILES['FILE_NAME']['type']== "application/pdf"){
  ok with upload
}else {
abort upload and delete the temp file
}
0
 
LVL 16

Expert Comment

by:dr_dedo
ID: 16921958
note that these notices are because you got register global off (for security reasons)
instead of uploaded_type use $_FILES['FILE_NAME']['type']

etc...
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 2

Author Comment

by:Linky
ID: 16922068
Alright so using $_FILES['uploaded']['type'] == whatever works. Is there a similiar thing for size aswell? Because I would rather not have those Notice: errors or enable register globals.
0
 
LVL 2

Author Comment

by:Linky
ID: 16922276
Alright the script I wrote seems to be working fine without any Notice: or globals. Thanks for the help guys, I'll divide up the points.
0
 
LVL 2

Author Comment

by:Linky
ID: 16922286
Never mind. Only one person helped answer. Thanks dr dedo.
0
 
LVL 3

Expert Comment

by:jmar_click
ID: 16922347
yep yep...I could've fixed it, but ya know ;)

jk, good job dr_dedo , I think i've seen your posts in other questions.
0
 

Expert Comment

by:cgustaf
ID: 24445373
OK  I've got a problem with the same script.  It must be in the area addressed by dr_dedo because the script runs through the first part fine, but the final error message, "Sorry, there was a problem uploading your file.";  appears.

I tried to implement the fix by dr_dedo but could not make it work.

If I could have exact and explicit help with the piece of code needed to be fixed, I'd appreciate it -- i.e. if I could avoid having to guess what you mean.  Here is the script as I have it now :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<style type="text/css">
<!--
body,td,th {
      font-family: Geneva, Arial, Helvetica, sans-serif;
      font-size: 12px;
}
-->
</style></head>

<body>
<table width="800" align="center">
  <tr>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;

//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}

//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}

//This is the only file type allowed
if (!($uploaded_type=="application/pdf")) {
echo "You may only upload PDF files.<br>";
$ok=0;
}


//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}

//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?> &nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>
</body>
</html>

The form, and upload.php are in the same directory, and the uploaded file shold go to that directory as well.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now