Uploading files, multi-upload, disallow file extensions

Release your script here.
State:
- Author
- What it does
- Perhaps a little guide.
- Also, if the snippet is of any use to the community, it has a chance of getting posted on the main page, so don't hesitate to submit/ask!

Uploading files, multi-upload, disallow file extensions

Postby Dandy » Mon Jul 07, 2008 12:00 pm

Use this as a guide or an introduction to file uploads in php.

To upload files to a server over HTTP protocol the form tag must have an enctype set, and it must be set to form-data/multipart ie. <form enctype="form-data/multipart"> or else it just won't transfer the file.

So heres a sample form:
Code: Select all
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>" enctype="form-data/multipart">
<table cellpadding="0" cellspacing="2" width="600">
<? for ($i = 0; $i < 5; $i++): ?>
<tr>
<td>
File <?php echo $i+1; ?>.
</td>
<td>
<input type="file" name="files[]" />
</td>
</tr>
<?php endfor; ?>
</table>
<input type="submit" value="Upload" name="process" />
</form>

This will create a form that holds 5 file inputs (note type=file and the name is set to files[] to support multiple fileuploads with just one name) and it submits to the page itself.

Code: Select all
<?php
$extensions = array('jpg','jpeg','png','gif','bmp'); // this is some image filetypes we would like to support
$maxfilesize = 200*1024; // limit file uploads to 200 kb, yea thats why we are multiplying with 1024, to get kb. Note this is perfile
$uploaddir = "./upload/"; // this is a dir that is in the same path as this file, it must have 0777 permissions.

// All file uploads are contained in the array $_FILES in php
// print_r($_FILES); // for more information

if (count($_FILES['files']['tmp_name']) > 1) { // are we serving a multi upload?
  for ($i = 0; $i < count($_FILES['files']['tmp_name']); $i++)
  {
    if ($_FILES['files']['size'][$i] > 0) { // if size is over 0 there was no error uploading a file
    $ext = strtolower(pathinfo($_FILES['files']['name'][$i],PATHINFO_EXTENSION));
    if (!in_array($ext,$extensions)) { // are we allowed to upload a .$ext file?
      echo "You cannot upload a $ext file, only ".join(", ",$extensions)." are allowed<br />";
    } else {
      if ($_FILES['files']['size'][$i] > $maxfilesize)
      {
        echo "Your file is too big, $maxfilesize bytes allowed<br />";
      } else {
        if (!move_uploaded_file($_FILES['files']['tmp_name'][$i],$uploaddir.time().'_'.$_FILES['files']['name'][$i])) {
          // fall back on copy
          if (!copy($_FILES['files']['tmp_name'][$i],$uploaddir.time().'_'.$_FILES['files']['name'][$i])) {
            echo "Sorry could not upload your file.<br />";
          }
        }
      }
    }
  }
}
} else { // single upload
    if ($_FILES['files']['size'] > 0) { // if size is over 0 there was no error uploading a file
    $ext = strtolower(pathinfo($_FILES['files']['name'],PATHINFO_EXTENSION));
    if (!in_array($ext,$extensions)) { // are we allowed to upload a .$ext file?
      echo "You cannot upload a $ext file, only ".join(", ",$extensions)." are allowed<br />";
    } else {
      if ($_FILES['files']['size'] > $maxfilesize)
      {
        echo "Your file is too big, $maxfilesize bytes allowed<br />";
      } else {
        if (!move_uploaded_file($_FILES['files']['tmp_name'],$uploaddir.time().'_'.$_FILES['files']['name'])) {
          // fall back on copy
          if (!copy($_FILES['files']['tmp_name'],$uploaddir.time().'_'.$_FILES['files']['name'])) {
            echo "Sorry could not upload your file.<br />";
          }
        }
      }
    }
  }
}

?>


The comments should explain much of the script

This should serve as an example only, and i cannot be held responsible if this script somehow affects or damages your system (uploading malicous files?).
Dandy
 

Re: Uploading files, multi-upload, disallow file extensions

Postby Cristian » Tue Jul 08, 2008 2:06 pm

It looks good, I hope my scripting experience will get better so I can use your releases on some new projects.

Good work.
Cristian
proof of advance
proof of advance
 
Posts: 282
Joined: Sun Nov 04, 2007 3:02 pm
Location: Denmark
Authnick: Sumsar


Return to PHP Release

Who is online

Users browsing this forum: Majestic-12 [Bot] and 0 guests

cron