Announcement

Collapse
No announcement yet.

[FAQ] How do I upload a file to a directory ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [FAQ] How do I upload a file to a directory ?

    The following outlines all the necessary steps needed to upload a file to the server, and then relocate the file to another directory.

    Also see the FAQ on permissions at:
    http://criminalexistence.com/ceforums/i ... ic=18419.0

    Permissions must be set on the destination directory before this method will work.

    Basically only two fields are required to upload a file, a 'file' input field, and a 'MAX_FILE_SIZE' hidden field. This is required, and will prevent the user from trying to upload a file that is too large on the client-side. This can be easily circumvented by the user and should be accompanied by server-side file validation. It accepts a file size in Bytes, I have set this to accept a file of 10000 bytes, or roughly 10KB. One attribute *must* also appear in the form tag to trigger the browser to upload data, and that is: enctype='multipart/form-data'.

    The following should be pretty straight forward:


    Code:
    <?php
        //upload2dir.php
    
            echo "<html>\n",
                 "    <head>\n",
                 "        <title>UPLOAD TO A DIRECTORY</title>\n",
                 "    </head>\n",
                 "    <body>\n";
    
        if (!isset($_POST['do_action']))
        {
    
            echo "        <form action='{$_SERVER['PHP_SELF']}' method='post' enctype='multipart/form-data'>\n",
                 "            <input type='file' name='userfile' />\n",
                 "            <input type='hidden' name='MAX_FILE_SIZE' value='10000' />\n",
                 "            <input type='submit' name='do_action' value='Upload' />\n",
                 "        </form>\n";
        }
        else
        {
            // You may also use if (is_uploaded_file($_FILES['userfile']['tmp_name']))
            // IMO using if isset is an identical test
    
            if (isset($_FILES['userfile']['tmp_name']))
            {
                // In this line I'm examining the file size and the MIME type of the file
                // to verify that the file is in the acceptable size range and is a jpeg
                // image.  MIME type testing isn't foolproof, it is possible to spoof this.
                // The size testing, however, is not spoofable.
    
                if (($_FILES['userfile']['size'] <= 10000) && ($_FILES['userfile']['type'] == 'image/jpeg' || $_FILES['userfile']['type'] == 'image/pjpeg'))
                {
                    // Give the file a new name to prevent one user from overwriting files 
                    // uploaded by another. mktime(), which creates a UNIX timestamp in 
                    // addition to the user name is good for this.
    
                    $new_file_name = mktime().'.jpg';
    
                    // $_SERVER['DOCUMENT_ROOT'] will provide an absolute path to the base directory
                    // fill in the rest of the path from there, if necessary.
                    // echo the value of $_SERVER['DOCUMENT_ROOT'] to do this!
                    
                    $file_path     = '/images/users/'.$new_file_name;
    
                    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $_SERVER['DOCUMENT_ROOT'].$file_path))
                    {
                        echo "Upload successful!
    
    \n";
                        echo 'File: '.$_FILES['userfile']['name'].' ('.$_FILES['userfile']['size'].") Bytes
    \n";
                        echo "Renamed: $new_file_name
    \n";
                    }
                    else
                    {
                        echo 'Upload failed: There was likely a permissions error.';
                    }
                }
                else
                {
                    echo 'Upload failed: File must be a JPEG file type and 10KB or less in size';
                }
            }
            else
            {
                echo 'Upload failed: A valid file has not been uploaded!';
            }
        }
    
            echo "    </body>\n",
                 "</html>";
    ?>

    Also have a look at:
    http://www.php.net/manual/en/features.f ... ost-method

    Which explains the $_FILES superglobal and the information available in it.
Working...
X