Solved

Making restriction of "file size" and "file format" when upload file?

Posted on 2006-07-05
23
1,265 Views
Last Modified: 2013-12-24
Hello,
I want put some restriction for user when he upload file to server, on "file size" and "file format", how can do it?
Thanks
0
Comment
Question by:MOSTAGHASSI
  • 10
  • 8
  • 5
23 Comments
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 17045145
You can use the "ACCEPT=" attribute of CFFILE to specify the mime types.

The size of the file can only be controlled globally (not on a per form basis), and is in the CFADMIN under setting: "Maximum size of post data (MB)".  Keep in mind that this controls the form post, and not just the file, so if you have 20 fields at 10byte each (200 bytes) and a 1mb attachment, and you set the max to 10mb, it may fail.
0
 
LVL 10

Expert Comment

by:js_vaughan
ID: 17046304
As for the file size, you will need to check "cffile.FileSize" after the file is already uploaded (measured in bytes).  So for example, if you dont want anything over 1MB, you could handle this with a CFIF like below:

<cfif cffile.FileSize GT 1048576>
    ... error ...
</cfif>

Personally, I like to use a series of <cfif ... > <cfthrow> </cfif> blocks in conjunction with a larger scale CFTRY / CFCATCH model to handle any other problems that may arise.  Dont forget to delete the file back off the server (if it exists) before displaying your error messages.
0
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 17046335
Keep in mind that by the time CFFILE has gotten a hold of the FileSize, it's because the file has already been uploaded to your server.  The word "upload" is misleading, since all CF is doing is moving it from a temporary place on your server to the place that you want it "uploaded" to.
0
 

Author Comment

by:MOSTAGHASSI
ID: 17050512
I have tested accept like this code but i could upload a text file,

<cfinput type="file" name="uploadFile" label="License File: " required="no" accept="image/jpg">

what is the problem?
0
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 17050798
You are using the ACCEPT attribute for CFINPUT, which I don't think exists, this is a CFFILE attribute.
0
 

Author Comment

by:MOSTAGHASSI
ID: 17052965
please let me know that where must i put this ACCEPT attribute ?
0
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 17053010
It should be in the CFFILE tag that you're using to UPLOAD.
0
 

Author Comment

by:MOSTAGHASSI
ID: 17053046
the code of cffile is:

 <cfif form.uploadFile neq ''>
 <cffile action="upload" filefield="form.uploadFile" destination="#variables.uploadFolder#" nameconflict="makeunique">
</cfif>

do i must like this accept="image/jpg"   ?
0
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 17053058
That's it :)
0
 
LVL 10

Expert Comment

by:js_vaughan
ID: 17053141
MOSTAGHASSI,

You should be writing up your cfinput to use a regular expression to limit file types to jpg/jpeg file types.  Like so ...

<cfinput type="file" name="uploadFile" label="License File: " required="no" message="File must be a JPG" pattern="(\w|\W)+\.(jpg|jpeg)" validate="regular_expression">

Then on your CFFILE, for JPGs to work with all browsers, set you accept like so:

ACCEPT="image/jpg, image/jpeg, image/pjpeg"

As a personal preference I always like to handle things like this on both the front, and back end.  Its good to have the CFINPUT create your javascript so to let the user know of the JPG requirement before the page is passed.  However, as all developers know, not everybody has javascript enabled, so this is where you want your CFFILE's ACCEPT to catch anything that got through.
0
 

Author Comment

by:MOSTAGHASSI
ID: 17056601
js_vaughan, thanks
Your code works good please let me know regarding file size,my mean is this that you complete your code  what must be error part? if i want  10 kb  it must be 10240 for byte?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 10

Accepted Solution

by:
js_vaughan earned 500 total points
ID: 17056751
How you handle the size is really dependent on how you handle errors.  Here is a simple example just using CFIF's:

<cfset CurrentFile = "#cffile.ServerDirectory#\#cffile.ServerFileName#.#cffile.ServerFileExt#">

<cfif cffile.FileSize GT 10240>
    <cffile action="delete" file="#CurrentFile#">
    <cfabort showerror="File too large. Photos cannot be greater than 10 kb.">
</cfif>

<cfif cffile.ClientFileExt NEQ "gif" AND cffile.ClientFileExt NEQ "jpg" AND cffile.ClientFileExt NEQ "jpeg">
    <cffile action="delete" file="#CurrentFile#">
    <cfabort showerror="File is wrong type. You can only upload GIF and JPG file types.">
</cfif>

<cfif NOT FileExists(CurrentFile)>
    <cfabort showerror="Unknown Error Occured.">
</cfif>

If you are comfortable using CFTRY with CFTHROW and CFCATCH blocks, there's nothing you can't handle.


Here are some links you might find helpful:

Uploading Files
http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/managef4.htm

CFFILE
http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/tags-p27.htm

CFTRY / CFCATCH / CFTHROW
http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/tags-c18.htm
0
 
LVL 10

Expert Comment

by:js_vaughan
ID: 17056761
0
 

Author Comment

by:MOSTAGHASSI
ID: 17058592
I added this part of your code for size handling to my actionpage(this page email my form to my address and send thank you message to user) ,it act but the error is standard error of coldfusion ,is it possible that in this case we send a message in a box for user?


 <cfset variables.uploadFolder = "c:\websites\myserver\tablighat">
 <cfif form.uploadFile neq ''>
 <cffile action="upload" filefield="form.uploadFile" destination="#variables.uploadFolder#" nameconflict="makeunique" ACCEPT="image/jpg, image/jpeg, image/pjpeg">
</cfif>
---your code----
   <cfset CurrentFile = "#cffile.ServerDirectory#\#cffile.ServerFileName#.#cffile.ServerFileExt#">
<cfif cffile.FileSize GT 10240>
    <cffile action="delete" file="#CurrentFile#">
    <cfabort showerror="File too large. Photos cannot be greater than 10 kb.">
</cfif>
---your code----
 <cfmail from="someone@yoursite.com" to="info@myserver.com" subject="I love Experts Exchange">
   This is the file:
   Name:#familyname#
    <cfif form.uploadFile neq ''>
   <cfmailparam file="#ExpandPath(File.ServerFile)#">
   </cfif>
   
 </cfmail>

      thanks for your contact!
        
0
 

Author Comment

by:MOSTAGHASSI
ID: 17058660
another thing,when i added your code in state that don't fill an image i receive also this error while before when the box of image was empty i didn't get this error:
Element SERVERDIRECTORY is undefined in CFFILE.
0
 
LVL 10

Expert Comment

by:js_vaughan
ID: 17061940
First, lets fix your SERVERDIRECTORY problem.  My code needs to be inside your origional <CFIF> block like so :

<cfif form.uploadFile neq ''>
    <cffile action="upload" filefield="form.uploadFile" destination="#variables.uploadFolder#" nameconflict="makeunique" ACCEPT="image/jpg, image/jpeg, image/pjpeg">
    <--- my code --->
    <cfset CurrentFile = "#cffile.ServerDirectory#\#cffile.ServerFileName#.#cffile.ServerFileExt#">
    <cfif cffile.FileSize GT 10240>
        <cffile action="delete" file="#CurrentFile#">
        <cfabort showerror="File too large. Photos cannot be greater than 10 kb.">
    </cfif>
    <--- END OF my code --->
</cfif>


As for how the error is displayed, this is all up to you.  What I personally do is this...
1) Replace <cfabort> with <cfset SESSION.message = "File too large. Photos cannot be greater than 10 kb.">
2) While still inside the <CFIF>, add a <CFINCLUDE> to go back to your origional upload page
3) On the origional page, add this where you want the error to display:  <cfif isDefined("SESSION.message")> ... your error message ... </cfif>
4) Make sure to destroy SESSION.message inside the <cfif> block

If you dont want to go through all that, you can always just replace the <cfabort> with a simple message and a text link to go back to the origional upload page.


Laslty, keep in mind that the ACCEPT attribute of the CFFILE tag will throw a standard coldfusion error message if the file is not the correct type.  The only way to handle this is using <CFTRY> / <CFCATCH>.  If you DO NOT want to go that route, then you will have to do this:

1) Remove the accept attribute from cffile
2) Use this : <cfif cffile.ClientFileExt NEQ "gif" AND cffile.ClientFileExt NEQ "jpg" AND cffile.ClientFileExt NEQ "jpeg">
3) Use the above <CFIF> exactly as you would with the file size, and just change your message to let them know that the file type was bad (instead of their file size)
0
 

Author Comment

by:MOSTAGHASSI
ID: 17065232
Hi js_vaughan
I realy thanks for your help ,now error has removed but regarding sending message for user instead of coldfusion error is it possible that you write the code for these steps:

As for how the error is displayed, this is all up to you.  What I personally do is this...
1) Replace <cfabort> with <cfset SESSION.message = "File too large. Photos cannot be greater than 10 kb.">
2) While still inside the <CFIF>, add a <CFINCLUDE> to go back to your origional upload page
3) On the origional page, add this where you want the error to display:  <cfif isDefined("SESSION.message")> ... your error message ... </cfif>
4) Make sure to destroy SESSION.message inside the <cfif> block

If you dont want to go through all that, you can always just replace the <cfabort> with a simple message and a text link to go back to the origional upload page.

e.g i don't know to destroy SESSION.message inside the <cfif> block and ...

I have increased point to 500
0
 
LVL 10

Expert Comment

by:js_vaughan
ID: 17066631
This code assumes the file uploaded came from index.cfm.  So wherever you see index.cfm, just replace it with the proper page.

<cfif cffile.FileSize GT 10240>
    <cffile action="delete" file="#CurrentFile#">
    <cfset SESSION.message = "File too large. Photos cannot be greater than 10 kb.">
    <cflocation = "index.cfm">
</cfif>

On index.cfm, put this where you want your error message to be displayed ...

<cfif isDefined("SESSION.message")>
    Attention : <cfoutput>#SESSION.message#</cfoutput>
    <cfset temp = structDelete(SESSION,"message")>
</cfif>

Of course, use whatever HTML / CSS you want to use to make the error message stand out.
0
 

Author Comment

by:MOSTAGHASSI
ID: 17067765
I have put the codes as you have explained,my upload file comes from my form AdsForm1.cfm  ,instead of index i put this file, for these conditions i get error:

1-When i don't upload file,the error is :
Invalid CFML construct found on line 214 at column 17.

this refer to this line: <cflocation = "AdsForm1.cfm">

2-when i upload a file also get this error like above
0
 
LVL 10

Expert Comment

by:js_vaughan
ID: 17068999
Sorry about that.  I don't know where my mind was on that one. =)

Here is the correct code:

<cflocation url="AdsForm1.cfm" addtoken="no">
0
 

Author Comment

by:MOSTAGHASSI
ID: 17070735
No problem,Now ,i don't have error and for normal condition is ok,but i don't have message if e.g file size is more than 10k i redirect to  AdsForm1.cfm but the message is not on the page.

The code that i have put on AdsForm1.cfm is:

 <cfif isDefined("SESSION.message")>
    Attention : <cfoutput>#SESSION.message#</cfoutput>
    <cfset temp = structDelete(SESSION,"message")>
</cfif>  
 
0
 

Author Comment

by:MOSTAGHASSI
ID: 17075422
Hi js_vaughan
 Thanks for your help,thanks also for usachrisk1983 .

If you had time ,please send a comment regarding my last comment.

Many Thanks -mostaghassi
0
 
LVL 10

Expert Comment

by:js_vaughan
ID: 17077976
mostaghassi,

You have probably just not set up your application.cfm to enable session management.

If you do not already have a file on your server called application.cfm, create one with this code:

<cfapplication name="yourApp"
               applicationTimeout="#CreateTimeSpan(2,0,0,0)#"
               sessionManagement="yes"
               sessionTimeout="#CreateTimeSpan(0,0,15,0)#">

If you already have an application.cfm, make sure to set sessionManagement to "yes" and set the sessionTimeout as shown above. (Days, Hours, Minutes, Seconds)


For more information on application.cfm : http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/appfram5.htm

For more information on CFAPPLICATION : http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/tags-pa3.htm#wp1097308
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now