Edit a PHP upload script

Ericsson · Oct 28, 2005

Code:

<?
// Upload settings
$folder = "img/files/"; // Folder in which to store files
$maxlimit = 50000; // Set maximum file limit (in bits)
$allowed_ext = "jpg,gif,png,jpeg,bmp,png"; // Set allowed extensions (split using comma)
$overwrite = "no"; // Allow file overwrite? yes/no

$match = ""; // Clear match variable; for security purposes
$filesize = $_FILES['userfile']['size']; // Get file size (in bits)
$filename = strtolower($_FILES['userfile']['name']); // Get file name; make it all lowercase


if(!$filename || $filename==""){ // File not selected
   $error = "- No file selected for upload.<br>";
}elseif(file_exists($folder.$filename) && $overwrite=="no"){ // Check if file exists
   $error = "- File already exists: $filename<br>";
}

// Check if file size
if($filesize < 1){ // File is empty
   $error .= "- File size is empty.<br>";
}elseif($filesize > $maxlimit){ // File is more than maximum
   $error .= "- File size is too big.<br>";
}

$file_ext = preg_split("/\./",$filename); // Split filename at period (name.ext)
$allowed_ext = preg_split("/\,/",$allowed_ext); // Create array of extensions
foreach($allowed_ext as $ext){
   if($ext==$file_ext[1]) $match = "1"; // File is allowed
}

// File extension not allowed
if(!$match){
   $error .= "- File type isn't allowed: $filename<br>";
}

if($error){
   print "Error trying to upload file:<br> $error"; // Display error messages
}else{
   if(move_uploaded_file($_FILES['userfile']['tmp_name'], $folder.$filename)){ // Upload file
      print "Success! The file has been uploaded: Http://www.freephotohost.co.uk/img/files/$filename";
   }else{
      print "Error! File size might exceed upload limit of server. Try again."; // Display error
   }
}

?>

How can I make it so the files names are changed?

Eric · Oct 28, 2005

Gave it a quick look over, here's what I ended up with, this should work:

PHP:

<?php

//Upload settings

//Folder in which to store files
$folder = "img/files/"; 

//Set maximum file limit (in bites)
$maxlimit = 50000; 

//Set allowed extensions (split using comma)
$allowed_ext = "jpg, gif, png, jpeg, bmp, png";

//Allow file overwrite? yes/no
$overwrite = "no"; 

//Clear match variable; for security purposes
$match = ""; 

//Get file size (in bites)
$filesize = $_FILES['userfile']['size'];

//Get file name; make it all lowercase
$filename = strtolower($_FILES['userfile']['name']); 

if(!$filename || $filename == "")
{//File not selected
  $error = "- No file selected for upload.<br>";
}
elseif(file_exists($folder.$filename) && $overwrite == "no")
{//Check if file exists
  $error = "- File already exists: $filename<br>";
}

//Check if file size
if($filesize < 1)
{ //File is empty
   $error .= "- File size is empty.<br>";
}
elseif($filesize > $maxlimit)
{ //File is more than maximum
   $error .= "- File size is too big.<br>";
}

//Split filename at period (name.ext)
$file_ext = explode(".", $filename);

// Create array of extensions
$allowed_ext = explode(",", $allowed_ext);

foreach($allowed_ext as $ext)
{
  if($ext == $file_ext[1])
  {
    $match = "1"; // File is allowed
  }
}

//Assign a unique/random name
$unique = substr(md5(uniqid(rand())), 0, 10);

//File extension not allowed
if(!$match)
{
   $error .= "- File type isn't allowed: $filename<br>";
}

if($error)
{
   print "Error trying to upload file:<br> $error"; // Display error messages
}
else
{
  if(move_uploaded_file($_FILES['userfile']['tmp_name'], $folder.$unique.".".$file_ext))
  {//Upload file
    print "Success! The file has been uploaded: Http://www.freephotohost.co.uk/img/files/".$unique.".".$file_ext;
  }
  else
  {
    print "Error! File size might exceed upload limit of server. Try again."; // Display error
  }
 }
 
?>

Ericsson · Oct 28, 2005

Thanks for the help

But it doesnt work, says Error trying to upload file:
- File already exists: user.gif

Eric · Oct 28, 2005

Hmm well still waking up so can't get a good look over it, but since you are now randomizing the names, should be able to remove:

PHP:

elseif(file_exists($folder.$filename) && $overwrite == "no") 
{//Check if file exists 
  $error = "- File already exists: $filename<br>"; 
}

iNod · Oct 29, 2005

SecondVersion said:

Gave it a quick look over, here's what I ended up with, this should work:

PHP:

<?php

//Upload settings

//Folder in which to store files
$folder = "img/files/"; 

//Set maximum file limit (in bites)
$maxlimit = 50000; 

//Set allowed extensions (split using comma)
$allowed_ext = "jpg, gif, png, jpeg, bmp, png";

//Allow file overwrite? yes/no
$overwrite = "no"; 

//Clear match variable; for security purposes
$match = ""; 

//Get file size (in bites)
$filesize = $_FILES['userfile']['size'];

//Get file name; make it all lowercase
$filename = strtolower($_FILES['userfile']['name']); 

if(!$filename || $filename == "")
{//File not selected
  $error = "- No file selected for upload.<br>";
}
elseif(file_exists($folder.$filename) && $overwrite == "no")
{//Check if file exists
  $error = "- File already exists: $filename<br>";
}

//Check if file size
if($filesize < 1)
{ //File is empty
   $error .= "- File size is empty.<br>";
}
elseif($filesize > $maxlimit)
{ //File is more than maximum
   $error .= "- File size is too big.<br>";
}

//Split filename at period (name.ext)
$file_ext = explode(".", $filename);

// Create array of extensions
$allowed_ext = explode(",", $allowed_ext);

foreach($allowed_ext as $ext)
{
  if($ext == $file_ext[1])
  {
    $match = "1"; // File is allowed
  }
}

//Assign a unique/random name
$unique = substr(md5(uniqid(rand())), 0, 10);

//File extension not allowed
if(!$match)
{
   $error .= "- File type isn't allowed: $filename<br>";
}

if($error)
{
   print "Error trying to upload file:<br> $error"; // Display error messages
}
else
{
  if(move_uploaded_file($_FILES['userfile']['tmp_name'], $folder.$unique.".".$file_ext))
  {//Upload file
    print "Success! The file has been uploaded: Http://www.freephotohost.co.uk/img/files/".$unique.".".$file_ext;
  }
  else
  {
    print "Error! File size might exceed upload limit of server. Try again."; // Display error
  }
 }
 
?>

PHP:

  if(move_uploaded_file($_FILES['userfile']['tmp_name'], $folder.$unique.".".$file_ext))

Should be

PHP:

  if(move_uploaded_file($_FILES['userfile']['tmp_name'], $folder.$unique.".".$file_ext['1']))

I see nothing really wrong with it. I will give it a go over tomorrow.

iNod

Ericsson · Oct 29, 2005

Thats fixed, thannks

I tried uploading a gif and it said file type not allowed, but its on the allowed list. Ant ideas? It was working before.

JFS · Oct 31, 2005

this should work...

Code:

$extensiones=array("jpeg","jpg","gif");
$num = count($extensiones);
$valor = $num-1;
$bol="n";
for($i=0; $i<=$valor; $i++) {
    if($extensiones[$i] == $var[1]) {
    $bol="y";
    }
}
if ($bol=="n"){
    echo "File type not permited...";
    echo "File types permited are blablablablabla...";
}
if ($bol=="y"){
    //do upload routine mine is 40 lines long ehehe
}

hope it helps...

edited:
fixed typo

Edit a PHP upload script

VIP Member

VIP Member

VIP Member

VIP Member

Eating PieVIP Member

VIP Member

VIP Member

Similar threads

We're social

Avix.net

DetectBit.com

jishu.xyz

Linkea.com

mangiarotti.com

MelonWallet.com

COVIDpass.org

SeniorLivingPremium.com

PublicCoin.org

Strovolos.Apartments

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling