|
PHP - How To Stop Users Uploading -huge- Files....
Hi,
I'm pretty new to this, so apologies if there's some simple solution/misunderstanding. It seems to me that when the user uploads a file, PHP pulls in the file into the temporary directory and then you can query it using the $_FILES array. Assuming I am correct so far, I have two questions: 1. Is there anyway to prevent the upload to the temporary folder based on file size? Seems to me a good way to overload a server to upload 10GB files, even if they are picked up as "errors" and deleted from the temp folder. 2. How long do files stay in the temporary folder? Does PHP delete them automatically, and if so, when? Thanks. Similar TutorialsThe code works but it puts the files into /uploadir/. The users directories go by their email addresses ($email). How would I incorporate a function to simply check the "name" and "message" for a certain amount of chars, like 15 & 150? Code: [Select] <form method="post" action="chat.php"> <p><input name="name" type="text" id="name" value="your name" size="10" maxlength="15"> <input name="message" type="text" id="message" value="your message" size="20" maxlength="150"> <input name="submit" type="submit" id="submit"></p> </form> </body> </html> <?php // when the submit button is clicked if(isset($_POST['submit'])) { // strip any html tags before continuing $name=strip_tags($_POST['name']); $message=strip_tags($_POST['message']); // stop if nothing was entered if($name!='') if($message!='') { // trim any extra whitespace $data=trim($name)."\n"; $data.=trim($message)."\n"; //open the text file and enter the data $file_ar=file("db.txt"); $fp=fopen("db.txt","w"); fputs($fp,$data); if($file_ar!=NULL) { $loop=0; foreach($file_ar as $line) { // do not store more than 20 messages if($loop>=19*3) break; fputs($fp,$line); $loop++; } } fclose($fp); } } // display the messages $fp=fopen("db.txt","r"); while(!feof($fp)) { $name=trim(fgets($fp,999)); $message=trim(fgets($fp,999)); if($name!='') { echo "<p><b>$name: </b>$message</p>"; } } fclose($fp); ?> people on my forum (speakwhatsreal.com) submitting blank spaces Code: [Select] like they just copy/paste the blank space in the textarea and how do I check input on that, does strlen work? I am using xammp with FileZilla running on it. I've changed my php.ini settings to "C:/xxx/tmp" directory but am unable to upload a file. Th cod is running but it dos not seem to upload the temporary fil. Plase somebody help me. ALso my form in upload.html has <form action="upload_file.php" method="post" enctype="multipart/form-data"> Hello everyone, I'm writing a script that allows a user to upload multiple attachments to an email from PHP. So far, everything seems to be working except the multiple attachments part. If I upload one file, it works. If I upload 2, it's messing up the file names so the files don't exist. So if I upload a.jpg, it works. If I upload a.jpg and b.jpg, b.jpg gets named a b.jpg. Can someone help me understand why this is happening and how to fix it? I'm almost certain its happening on my while loop around lune 72, but the more I look at the syntax the more it looks okay to me. I had it appending the path to the file names (so a.jpg become uploads/a.jpg) so I commented that out in hopes that was causing the error but it didn't fix it. Below is the full script. <?php /******************************************* /* contact_us_process.php /* Author: Brandon Pence (brandonpence@gmail.com) /* /* Desc: This page process and checks the submitted form. /* /* variable meaning /* -------- ------- /* $FieldCheck Instance of the FieldCheck class. /* /******************************************/ //start session session_start(); //include files require ("./inc/include.inc.php"); //include Field Check Class include("classes/FieldCheck.php"); //instantiate fieldcheck class $FieldCheck = new FieldCheck; extract($_POST); /*****DEBUG*********/ echo '<h1>POST ARRAY:</h1>'; print_r($_POST); echo '<hr/>'; echo '<h1>DATAFILE:</h1>'; print_r($datafile); echo 'foreach: <hr/>'; echo '<h1>FILES ARRAY:</h1>'; print_r($_FILES); echo '<hr/>'; echo 'File name test: '.$_FILES['uploadedfile']['name']['0'].'<br/>'; echo 'File name test: '.$_FILES['uploadedfile']['name']['1'].'<br/>'; echo 'File name test: '.$_FILES['uploadedfile']['name']['2'].'<br/>'; /********************/ //foreach($datafile as $key=>$value){ //echo 'Datafile: '.$datafile.' || Key: '.$key.' || Value: '.$value.'<br/>'; //$value = $id.'/'.$value; //echo 'Datafile: '.$datafile.' || Key: '.$key.' || Value: '.$value.'<br/>'; //} if(file_exists("uploads/$id")){ echo 'Folder Exists!'; }else{ echo 'Folder does not exist. Create folder.'; //create directory mkdir("uploads/$id",0777,true); } //path we want the files stored in $target_path = "uploads/$id/"; //begin counter $i = 0; $files = array(); //begin loop while($i < 3){ //make sure each array key has valid data if(!is_null($_FILES['uploadedfile']['name'][$i])){ //append path to filenames in array //$target_path = $target_path . basename($_FILES['uploadedfile']['name'][$i]); //upload files if(move_uploaded_file($_FILES['uploadedfile']['name'][$i], $target_path)) { echo "The file ". basename($_FILES['uploadedfile']['name'][$i]). " has been uploaded"; $files[$i] = 'uploads/'.$id.'/'.$_FILES['uploadedfile']['name'][$i]; } //if file upload failed }else{ echo "There was an error uploading the file, please try again!"; } $i++; } //validate input if (!$FieldCheck->checkName($your_name)){ $errors['your_name'] = "Your name is not valid.";} if (!$FieldCheck->isEmpty($your_date)){ $errors['your_date'] = "Your date is not valid.";} if (!$FieldCheck->isEmpty($your_message)){ $errors['your_message'] = "Your message is not valid.";} foreach($_POST as $key=>$value){ $fields[$key] = $value; } //print_r($_POST); //check for error messages if (isset($errors)) { $_SESSION['errors'] = $errors; $_SESSION['fields'] = $fields; $_SESSION['error_msg'] = "Errors found! Please review your entries."; $url = "./testimonials.php?action=errors"; header ("Location: $url"); exit; }else{ echo '$files ARRAY:'; print_r($files); // email fields: to, from, subject, and so on $to = "a@c.om"; $from = "a@b.com"; $subject ="Testing Script"; $message = "My message"; $headers = "From: $from"; // boundary $semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; // headers for attachment $headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; // multipart boundary $message = "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type: text/plain; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . $message . "\n\n"; $message .= "--{$mime_boundary}\n"; // preparing attachments for($x=0;$x<count($files);$x++){ $file = fopen($files[$x],"rb"); $data = fread($file,filesize($files[$x])); fclose($file); $data = chunk_split(base64_encode($data)); $message .= "Content-Type: {\"application/octet-stream\"};\n" . " name=\"$files[$x]\"\n" . "Content-Disposition: attachment;\n" . " filename=\"$files[$x]\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data . "\n\n"; $message .= "--{$mime_boundary}\n"; } // send $ok = @mail($to, $subject, $message, $headers); if ($ok) { echo "<p>mail sent to $to!</p>"; } else { echo "<p>mail could not be sent!</p>"; } echo 'EMAIL SENT!'; } ?> Hi, I have a script where employees of a company can upload invoices to their clients. This is done via a simple upload form. My question is, What would be most secure way to do this? How should i upload files, should i make different directories for each customer, or should i have one huge, where file names will be random or, what would you do? hello all, i moved my inhouse website to a hosting company. now i have a few files that i used to upload data to the website, but every time i try uploading it gives me this error. Warning: move_uploaded_file(..\pdfs\htdocs\pdfs\citysect/03152011CCRM.pdf) [function.move-uploaded-file]: failed to open stream: No such file or directory in /data/26/2/13/16/2502179/user/2740540/htdocs/loginscripts/uploadpdf.php on line 34 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/data/20/tmp_new/php2GMXs3' to '..\pdfs\htdocs\pdfs\citysect/03152011CCRM.pdf' in /data/26/2/13/16/2502179/user/2740540/htdocs/loginscripts/uploadpdf.php on line 34 could not moved can anyone help me? Hi All, I am having trouble with this script that was from a example script online, basically I am getting the last error message everytime I try an up a zip file? Unknown Error: No file uploaded <?php include('dbconnect.php'); session_start(); $user_id = $_SESSION['user_id']; $query = " SELECT * FROM roms WHERE user_id = '$user_id' ORDER BY rom_date DESC LIMIT 1"; $result = mysql_query($query); if (!mysql_query($query)) { die('Error: ' . mysql_error()); } while($row = mysql_fetch_array($result)) { $_SESSION['rom_version'] = $row['rom_version']; } if ((!empty($_FILES["rom"])) && ($_FILES['rom']['error'] == 0)) { $filename = $user_id . $_SESSION['rom_version'] . '.zip'; $ext = substr($filename, strrpos($filename, '.') + 1); if (($ext == "zip") && ($_FILES["rom"]["type"] == "application/zip") && ($_FILES["rom"]["size"] < 2500000)) { $newname = dirname(__FILE__).'roms/'.$filename; if (!file_exists($newname)) { if ((move_uploaded_file($_FILES['uploaded_file'][ 'tmp_name'],$newname))) { echo "It's done! The file has been saved as: ".$newname; } else { echo "Error: A problem occurred during file upload!"; } } else { echo "Error: File ".$_FILES["rom"]["name"]." already exists"; } } else { echo "Error: Only .zip images under 250mb are accepted for upload"; } } else { echo "Unknown Error: No file uploaded"; } ?> Hi, I have a strange problem with uploading files. My script was working fine on the test server but since moving to the live server it isn't working. Here is a printout of the FILES variable: Code: [Select] Array ( [file] => Array ( [name] => filename.ppt [type] => [tmp_name] => [error] => 1 [size] => 0 ) ) Does anyone know what the problem might be? The error message that comes back is 'Invalid file'. Code: [Select] function upload_ppt_files() { echo 'print_r($_FILES) = '.print_r($_FILES).'<br />'; global $CFG; if (($_FILES["file"]["type"] == "application/vnd.ms-powerpoint") && ($_FILES["file"]["size"] > 100)) { if ($_FILES["file"]["error"] > 0) { $CFG->message = "Error code:". $_FILES["file"]["error"]; manage_ppt_files(); } else { if (file_exists("../../uploads/" . $_FILES["file"]["name"])) { $CFG->message = $_FILES["file"]["name"] . " already exists."; manage_ppt_files(); } else { move_uploaded_file($_FILES["file"]["tmp_name"], "../../uploads/" . $_FILES["file"]["name"]); $CFG->message = "File uploaded successfully."; manage_ppt_files(); } } } else { $CFG->message = "Invalid File."; manage_ppt_files(); } } Hi, I have a script that currently works for uploading images and I have tried to modify it to upload PDF's and DOC's too, but I can't get it to work - it works fine with JPG or GIF. Any ideas? Thanks in advance. Code: [Select] <?php include "scripts/connect.php"; $idir = "../documents/"; // Path To Images Directory if (isset ($_FILES['fupload'])){ $randomd=rand(0000,9999); //upload the image to tmp directory $url = $_FILES['fupload']['name']; // Set $url To Equal The Filename For Later Use if ($_FILES['fupload']['type'] == "image/jpg" || $_FILES['fupload']['type'] == "image/jpeg" || $_FILES['fupload']['type'] == "image/pjpeg" || $_FILES['fupload']['type'] == "image/gif" || $_FILES['fupload']['type'] == "image/pdf" || $_FILES['fupload']['type'] == "image/doc") { $file_ext = strrchr($_FILES['fupload']['name'], '.'); // Get The File Extention In The Format Of , For Instance, .jpg, .gif or .php $copy = copy($_FILES['fupload']['tmp_name'], "$idir" . "$randomd" . $_FILES['fupload']['name']); // Move Image From Temporary Location To Permanent Location } } error_reporting (E_ALL ^ E_NOTICE); if ($_POST['submit']) { $document = mysql_real_escape_string("$idir" . "$randomd" . $_FILES['fupload']['name']); $name = mysql_real_escape_string($_POST['name']); $description = mysql_real_escape_string($_POST['description']); $SQL = " INSERT INTO documents"; $SQL .= " (document, name, description) VALUES "; $SQL .= " ('$document', '$name', '$description') "; $result = mysql_db_query($db,$SQL,$cid); $last=mysql_insert_id(); if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n"); } header("location:document-added.php?ref=$last"); exit(); } ?>[code] Hey everyone, I'm having an intermittent problem with my upload script. It works all the time I've tested it both locally and in its live environment, and it works nearly 100% of the time in its live environment during normal usage. I've coded it so it logs any errors as and when they happen, and the log tells me that move_uploaded_file fails so returns false and that $_FILES['Filedata']['tmp_name'] is empty. I think the empty tmp_name is causing move_uploaded_file to fail, but I can't work out the cause of that problem. This is the code in question: public function upload() { if (!empty($_FILES)) { $uploadDir = 'uploads'; $subDir = uniqid(); $targetPath = $uploadDir . '/' . $subDir; $mkDir = mkdir($targetPath); $targetFile = $targetPath . '/' . $_FILES['Filedata']['name']; $tempFile = $_FILES['Filedata']['tmp_name']; $mvFile = move_uploaded_file($tempFile,$targetFile); if(!$mkDir || !$mvFile) { // Something went wrong $debug['FILES'] = $_FILES; $debug['mkdir'] = var_export($mkDir, true); $debug['mvFile'] = var_export($mvFile, true); Application_Models_Log::append($debug); echo '1'; }else { echo $targetFile; } } } The server's error_log doesn't contain anything that happened at the time of the error and as I've mentioned, I've been unable to recreate the problem. Does anybody know why the tmp_name would be empty on rare occasions? Or am I going about this in the wrong way? What else could be the problem? Hi, I am trying upload files to a remote server using CURL however It is not sending all the values in the array. $auth_local='testing123'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $auth_remote_url[$auth_no] ); curl_setopt($ch, CURLOPT_POST, TRUE); $post_array = array( "auth"=>$auth_local, "auth_e"=>$auth_e, "my_file"=>"@".$myfile, "md5"=>$md5, "check"=>"0", "upload"=>"Upload"); curl_setopt($ch, CURLOPT_USERAGENT, "Test Upload"); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_array); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $response = curl_exec($ch ); curl_close($ch ); When I check the value of $_POST['auth'] it is blank. When I remove "my_file"=>"@".$myfile, It does read the correct value Why is this not returning a value? Thanks, mme Hey Guys, I need a solution for uploading very large files. As I found PHP has some memory limits. Is it even possible to upload files with a size of 4GB? I have a flash application that talks to upload.php Say I upload a 500mb file; it will obviously take a little while to upload. Will the max_execution_time settings cause this to fail? Its set at 60 right now and the upload is obviously taking longer than 1 minute. I need to be able to upload multiple files with the use of one form. Right now I have support for one file and it works great. I am stuck on what route I should take for times sake and reliability and functionality. Can I run each file on its own through the PHP script to upload the file; I would have to create a loop to run through the script as many times as there are files. OR Do I create new functionality and add the files through the use of an array? This is where I am getting the ARRAY idea: http://www.phpeasystep.com/phptu/2.html This is the PHP code that is submitting the image and uploading to file system. This is what I would use to loop through multiple files if I take the loop method. <? header("location: /classifieds/index.php"); echo '<html><center>'; //first lets upload any files that were selected// $date = date("m/d/y",time()); //check that we have a file if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) { //Check if the file is JPEG image and it's size is less than 350Kb $filename = basename($_FILES['uploaded_file']['name']); $ext = substr($filename, strrpos($filename, '.') + 1); if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") && ($_FILES["uploaded_file"]["size"] < 2500000)) { //Determine the path to which we want to save this file $newname = dirname(__FILE__).'/uploads/'.$filename; //Check if the file with the same name is already exists on the server if (!file_exists($newname)) { //Attempt to move the uploaded file to it's new place if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) { //strip off file path for $newname variable so path is not accessible via html// $tempnewname = explode('/', $newname); echo $tempnewname; $newname=$tempnewname[9].'/'.$tempnewname[10]; echo "It's done! The file has been saved as: ".$filename; } else { echo "Error: A problem occurred during file upload!"; } } else { //echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";// $timestampname = str_replace('.jpg', date('j-n-Y_g:i:s').'.jpg', (basename($_FILES['uploaded_file']['name']))); $path = dirname(__FILE__).'/uploads/'; $fullname = $path.$timestampname; //strip off file path for $newname variable so path is not accessible via html// $tempnewname = explode('/', $fullname); $newname=$tempnewname[7].'/'.$tempnewname[8]; $picname=$tempnewname[8]; ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))); } } else { echo "Error: Only .jpg images under 2.5MB are accepted for upload"; } } else { echo "Error: No file uploaded"; } ?> Thanks for hte help -Beemer I'm trying out a script that lets users upload files into a directory, the file path then should be saved on the user information in the database. This script keeps throwing "Undefined index: file" errors, even though I;m sure it should be defined. Could someone take a look please? Here's the form I'm using: Code: [Select] <form id ='change0' action ='pic_up.php' method ='post' accept-charset='UTF-8'> <fieldset > <legend>Confirm Details</legend> <input type ='hidden' name ='file' id ='file' value ='800000'/> <label for ='file' >Upload Profile Pictu </label> <input type ='file' name ='file' id ='file' /> <input type ='submit' name ='Submit' value ='Submit' /> </fieldset> </form> Here's the PHP script: Code: [Select] <?php include 'connect.php'; session_start(); $_SESSION['username']; $username = $_SESSION['username']; if(!(isset($_SESSION['login']) && $_SESSION['login']!= " ")){ header("Location: login.php"); } $tablename = 'usr_test'; $targ = "localhost/img/"; $targ = $targ . basename($_FILES['file']['name']); $file = ($_FILES['file']['name']); mysql_query("INSERT INTO $tablename (pic) VALUES ($file) WHERE usr = '$username'"); if(move_uploaded_file($_FILES['file']['tmp_name'], $targ)) { echo "File ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else { echo "Sorry, not happening"; } ?> Hey all, I done some research and can only seem to find solutions that involve a java applet in the browser to break up the files into parts, does anyone else know of any other pure php solutions to uploading large files and using chunks? cheers Hi I am creating an e-commerce website, where users who pay with their credit card are able to download pdf books. how can I make a PDF file only accessible for those users (who pay and validate their credit card) and not for everyone ? I want to know the main idea about securing these files. I have a bunch of users in a database (id, name, etc).
I have a bunch of documents which belong to users (id, filename, users_id, etc), and expect 500 or less per user.
The documents will be renamed to the document_id, and X-Sendfile (since they are stored under the document root) will be used to retrieve them and a header will be used to return them to their original name.
Is it recommended to make a separate folder for each user and store each individual user's documents in that folder, or create one folder for all documents?
If I go with the one folder approach, I will need some method from keeping the total files per folder below some reasonable limit (1,000?). My thought is to estimate the maximum potential number of folders, and creating subfolders under the main document folder. I will likely hash the ID, and use the first character to create the first subfolder, the second character to create a second subfolder in the first subfolder, and continue as long as needed to accommodate the maximum potential documents (if there are 1,000,000 potential folders, then three levels will keep the maximum per folder under 244).
Please provide rational for one approach over the other.
Thank you
i am trying to make a page to upload music to my website and add the information of the songs into a database, but i cannot get php to let me upload a file bigger than 2mb even after i went into the php.ini and changed the max_upload_size and a few others to 99mb. So i was wondering if i could put my music in a folder on my website and pull the data from the items in the folder and make database entries(probably doubtful) or if i could get some help with getting php to upload bigger files? thanks, Adam |
|||||||