PHP - Reviewing / Critiquing Uploaded Document

Why does the following code not detect the following file? After I select a file and I click upload, it goes back to the upload form.


<?php
include_once("includes/config.php");

//grab their type
if(!$_COOKIE['user'])
{

//they are a guest

$info = "Guest";
}
else
{

//they are a user

$info = $_COOKIE['user'];
}


if(!$_FILE['file'])
{

$content = '<form action="submit.php" method="post" enctype="multipart/form-data">
<label for="file">SELECT SKIN:</label>
<input type="file" name="file" id="file" />
<input type="submit" name="submit" value="Submit" />
</form>';
}
else
{

if($_FILES['file']['error'] > 0)

{

$content = "There was an error trying to upload the skin ".$_FILES['file']['name'].".".$_FILES['file']['error'];

}

}

?>
<html>
<head>
<title><?php $title; ?></title>
<link rel="stylesheet" type="text/css" href="theme/style.css" />
</head>
<body>
<div id="header">

MCSkins
</div>

<?php echo "Submitting as: ".$info."<br/><br/>".$content; ?>
</body>
</html>

Hi Guys,

I have this script below which inserts the file name and path into my datebase and uploads the file into the customers folders (which is creates dynamically).

The is no error checking as I want it to be as flexible as possible but mostly(99.999%) the files I upload are JPEG and PDF's.

I would like my script to be able to resize the files above automatically to be smaller.

Please is this possible thanks!

Here is script:
<?php 
//Will create a directory once a customer is clicked and will not if page is refreshed an so forth 
 if (file_exists('customerUploads/' . $check_id . ', ' . $c_name . '')) {
 
} else {
  mkdir('customerUploads/' . $check_id . ', ' . $c_name . '');
}
?>
<?php 
//This php block of code will takecare of inserting the upload variables into the db

if(isset($_POST['submitbutton'])) {

$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';
$target_path = str_replace("'","",$target_path);
$target_path = $target_path . basename( $_FILES['upload']['name']);
$manager= mysql_real_escape_string($_POST['username']);
$upload =  $_FILES['upload']['name'];
$upload = str_replace("'","",$upload);
$check_id = mysql_real_escape_string($_POST['id']);
$submitbutton= mysql_real_escape_string($_POST['submitbutton']);


if($submitbutton)
{
if($manager&&$upload)
{
if (file_exists($target_path))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path);

echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"];

$insert=mysql_query("INSERT INTO img_up (username,upload,id,target_path,img_date) VALUES ('$manager','$upload','$check_id','$target_path', now()) ");

// Where the file is going to be placed 
$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['upload']['name']); 

$target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/';

$target_path = $target_path . basename( $_FILES['upload']['name']); 

if (file_exists($target_path))
{
echo $_FILES["upload"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path);
echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"];
}


}
}
else
{
echo "There was an error uploading the file, please try again!";
}
}
 header("location: mainupload_complete.php?id=$check_id"); 
}
?>

Hi Everyone,
I've been studying the topics at this site and others on ways to count uploaded images; and what I've tried hasn't worked. I have seen this question posed and answered many times and most of the answers are something akin to this:

        Code: [Select]
$count = count($_FILES['userfile'] ['name']);
echo "the number of photos is ".$count;
The explanation usually states that "count($_FILES['userfile'])" will simply count the number of elements in the array and return 5. But including ['name'] will return the number of files (images) uploaded. I will allow up to five photos to be uploaded (less is OK too) and want to count them in order to iterate through the proper number of loops to filter and process the photos. I've tested both of the above and get 5 (elements) when I count the ['userfile']; but get 0 (zero) when I test "['userfile'] ['name']". Here's the html code:

Code: [Select]
<!-- html here to input form data -->
<label></label><input type="hidden" name="MAX_FILE_SIZE" value="500000000" /><br />
<label for="userfile">Upload photo 1</label>
<input type="file" name="userfile1" id="userfile1" /><br />
<label for="userfile">Upload photo 2</label>
<input type="file" name="userfile2" id="userfile2" /><br />
<label for="userfile">Upload photo 3</label>
<input type="file" name="userfile3" id="userfile3" /><br />
<label for="userfile">Upload photo 4</label>
<input type="file" name="userfile4" id="userfile4" /><br />
<label for="userfile">Upload photo 5</label>
<input type="file" name="userfile5" id="userfile5" /><br /><br />
<label></label><input type="submit" name="userfile" value="Send Ad" />
</form>
I've been testing the uploads with two files (jpg) and have tried to come up with an alternative that can iterate through the file arrays and determine how many photos I have. The code I've been testing is as follows:

    Code: [Select]
$num = 1;
$count = 0;
while ($num <=5) {
  foreach ($_FILES['userfile'.$num] as $upload){
    if ($upload ['error'] != 4){
  }
$count ++;
  }
  $num++;
}
echo "the number of photos is ".$count;
I'm using "['error'] !=4" because some times people won't have 5 photos to upload. The result I get is 25 or 5 (files) x 5 (elements) for a total of 25. Does anyone know the proper way of doing this? Thanks for you input!
Cheers,
Rick

Hi

I need to change the name of a file being uploaded by a user. The reason i need this is because there is a strong possibility that duplicate filenames would be logged.

This is the code i have currently:

Code: [Select]
   $upload_path = 'cv/'; // The place the files will be uploaded to (currently a 'files' directory).

   $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
   $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.

   // Check if we can upload to the specified path, if not DIE and inform the user.
   if(!is_writable($upload_path))
  die('You cannot upload to the specified directory, please CHMOD it to 777.');

   // Upload the file to your specified path.
   if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename));

This code works fine to upload the file in the current name.

I assume i need to seperate the filename from the file extension, and i can then assign a new variable to the filename. Easier said than done though as Ive tried many combinations of things.

Is there a simple way using this script? or will i need to start from scratch?

Cheers

I have this script where it uploads the file name to a database plus a few more things.

Main Upload form. (img_add.php)
 <form enctype="multipart/form-data" action="img_add.php" method="POST"> 
 Name: <input type="text" name="name"><br> 
 E-mail: <input type="text" name = "email"><br> 
 Phone: <input type="text" name = "phone"><br> 
 Photo: <input type="file" name="photo"><br> 
 <input type="submit" value="Add"> 
 </form>

Uploader. (img_add.php)
<?php 
 
 //This is the directory where images will be saved 
 $target = "mainnewsimg/"; 
 $target = $target . basename( $_FILES['photo']['name']); 
 
 //This gets all the other information from the form 
 $name=$_POST['name']; 
 $email=$_POST['email']; 
 $phone=$_POST['phone']; 
 $pic=($_FILES['photo']['name']); 
 
 // Connects to your Database 
 mysql_connect("localhost", "root", "") or die(mysql_error()) ; 
 mysql_select_db("chat") or die(mysql_error()) ; 
 
 //Writes the information to the database 
 mysql_query("INSERT INTO `images` VALUES ('$name', '$email', '$phone', '$pic')") ; 
 
 //Writes the photo to the server 
 if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) 
 { 
 
 //Tells you if its all ok 
 echo "The file ". basename( $_FILES['photo']['name']). " has been uploaded, and your information has been added to the directory"; 
 } 
 else { 
 
 //Gives and error if its not 
 echo "Sorry, there was a problem uploading your file."; 
 } 
 ?>

And the one that views it. (img_view.php)
It uses a get function so do it with img_view.php?img=2
<?php 
 mysql_connect("localhost", "root", "") or die(mysql_error()) ; 
 mysql_select_db("chat") or die(mysql_error()) ; 
 
 //Retrieves data from MySQL 
         $newsid = $_GET['img'];
 $data = mysql_query("SELECT * FROM `images` WHERE id ='$newsid'") or die(mysql_error()); 

//Puts it into an array
 while($info = mysql_fetch_array( $data )) { 
//Outputs the image and other data
 Echo "<img src=mainnewsimg/".$info['photo'] ."> <br>";
 }
 ?> 

And my database sql.

CREATE TABLE IF NOT EXISTS `images` (
  `name` varchar(30) DEFAULT NULL,
  `email` varchar(30) DEFAULT NULL,
  `phone` varchar(30) DEFAULT NULL,
  `photo` varchar(30) DEFAULT NULL,
  `id` int(11) NOT NULL AUTO_INCREMENT,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--
-- Dumping data for table `images`
--

INSERT INTO `images` (`name`, `email`, `phone`, `photo`, `id`) VALUES
('sdf', 'sdfdsdsf', 'dsffsfsdf', 'arrow_forward_last.gif', 1),
('sadd', 'sadd', 'adsadasdad', 'artbottomshadr.png', 2);


The values inside I had to put in manually to test if it worked for the img_view.php

Anyways, It doesnt want to upload the images at all, even tho it says it did and gives the message
The file ". basename( $_FILES['photo']['name']). " has been uploaded, and your information has been added to the directory

I would greatly appreciate some help, I also provided everything so you can try it on your own server too.

Hello dear friends,

i've very simple php script for my website and it has feature that visitor can register and upload image for own profile.

somone has uploaded PHP Shell as image and succeed to control on my website using that shell.

so the problem is in uploading image can pass any file so can someone please help me how how to prevent it and here are the codes of image upload form and function.


* Image upload form code

Code: [Select]
<form action="profile.php" method="post" enctype="multipart/form-data" name="form" id="form">

My Picture : <input name="userpic" type="file" id="userpic"/>

<input type="submit" name="Submit" value="Update"/>
* Profile.php code
(it rename the image by add time to its name then put the image in path /users/ then insert the new name of the image into the database table)

$ImageName = $_FILES[userpic][name]; // Get the image
$t = time(); // Get Time
$NewImageName = "$t$ImageName"; // New name
copy($_FILES[userpic][tmp_name], "users/$NewImageName");

$sql= "update users SET userpic='$NewImageName'";

How then i can stop they upload shell 

thanks

My photo files are not being displayed in my table?

They get sent to the mySQL database, then the server and it does grab all the other variables in the table and displays them, but the .jpg's are not shown, instead theres just the file name??

Code: [Select]
<?php 
 error_reporting(E_ALL);
 ini_set("display_errors", 1);
 echo '<pre>' . print_r($_FILES, true) . '</pre>';

 
 //This is the directory where images will be saved 
 $target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES"; 
 $target = $target . basename( $_FILES['upload']['name']); 
 
 //This gets all the other information from the form 
 $company_name=$_POST['company_name']; 
 $basicpackage_description=$_POST['basicpackage_description']; 
 $location=$_POST['location']; 
 $postcode=$_POST['postcode'];
 $upload=($_FILES['upload']['name']); 
 
 // Connects to your Database 
 mysql_connect("server****", "username***", "password****") or die(mysql_error()) ; 
 mysql_select_db("DB") or die(mysql_error()) ; 
 
 //Writes the information to the database 
 mysql_query("INSERT INTO `Companies` (company_name, basicpackage_description, location, postcode,  upload) VALUES ('$company_name', '$basicpackage_description', '$location', '$postcode',  '$upload')") ; 
 echo mysql_error();
 
 //Writes the photo to the server 
 if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) 
 { 
 
 //Tells you if its all ok 
 echo "The file ". basename( $_FILES['upload']['name']). " has been uploaded, and your information has been added to the directory"; 
 } 
 else { 
 
 //Gives and error if its not 
 echo "Sorry, there was a problem uploading your file."; 
 } 
 ?>

"upload" is the variable that isnt displaying in my table how i want it to? Have you guys any ideas how to get it displayed correctly?

What's the maximum file size I can upload through a regular form ? If it's server dependant, how do I find out my max ?

I tried to handle a 550MB file (on localhost) - I only wanted to show the filename, but it hung up for about 10secs, then returned nothing.

I am working on this pictures to upload and when I submit it gives the message below for success but I get this error message which is on the line of $place file

Warning: move_uploaded_file(members/5/image01.jpg) [function.move-uploaded-file]: failed to open stream:



        $check_pic = "members/$id/image01.jpg";
$default_pic = "members/0/image01.jpg";


                        $newname = "image01.jpg";
                        $place_file = move_uploaded_file( $_FILES['fileField']['tmp_name'], "members/$id/".$newname);
                        $success_msg = '<font color="#009900">Your image has been updated, it may take a few minutes for the changes to show... please                                                    be patient.</font>';

Hi everyone, im a newbie and have written this script, has taken me a day to get here.
The form inserts data into the database, uploads a file and sends an email.
All this works fine, what i am trying to do is rename the file to the id of the record and check to make sure it is a pdf.
I would really appreciate any help. I've tried and tried and just cant get it to work.

<?php
switch ($_REQUEST['action']) {
case 'recruit':
foreach($_POST as $key=>$value){
$$key = $value;
}
if ((!$name) || (!$email) || (!$phone)) {
$error_msg = 'Fields marked<span class="gold"> * </span>are required to submit the form';
}elseif (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { 
    $error_msg = 'Invalid email address'; 
}
echo "$error_msg","<br><br>";
if ($error_msg == ''){

$date=date("d/m/y", time());
$add="recruitment/".$_FILES[userfile][name];
$cleaned = stripit($add);
    $add2 = $cleaned;

   if(move_uploaded_file ($_FILES[userfile][tmp_name], $add2));
    $Q = mysql_query("INSERT INTO recruitment (`name`,`phone`,`email`, `qual`,`exper`,`file`) VALUES ('$name','$phone','$email','$qual','$exper','$cleaned')");
  
foreach($_POST as $key=>$value){
$$key = htmlentities(stripslashes($value));
}
$companyname = 'Mead Business college';
$companyemail = 'ross@emediastudios.com.au';
$headers  = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: ".$name." <".$email.">\r\n";
$headers .= "Reply-To: ".$name." <".$email.">\r\n";
$to = "".$companyname."<".$companyemail.">";
$subject = "Mead Business College Recruitment Form Submission";
$message = '<style type="text/css>";


<!--
.style {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
}
-->
</style>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td class="style">
<b>Details:</b><br /><br />
<b>Name:</b> '.$name.'<br />
<b>Email:</b> '.$email.'<br />
<b>Mobile No:</b> '.$phone.'<br />
<b>Qualifications:</b><br> '.$qual.'<br />
<b>Experience:</b><br /><br />'.$exper.'<br /><br />
<b>Uploaded resume:</b> http://www.mydomain.com.au/'.$cleaned.'
    </td>
   </tr>
</table>';
mail($to, $subject, $message, $headers);

echo '<table width="99%" border="0" cellpadding="0" cellspacing="0">

   <tr>

    <td class="mybody">Hi '.$name.',<p />Thank you for your enquiry. An MBC Consultant will contact you shortly.<br />
      <br />
      </td>
   </tr>
</table>';

}else{

foreach($_POST as $key=>$value){

$$key = htmlentities(stripslashes($value));

}
echo '
<FORM ENCTYPE="multipart/form-data" id="form" name="Contact Form" method="post" action="'.$_SERVER['PHP_SELF'].'?action=recruit">
  <table width="489" border="0" cellspacing="5" cellpadding="0" class="formsw">
    <tr>
      <td width="227">Name:</td>
      <td width="358"><input type="text" name="name" id="name" value="'.$name.'" /></td>
    </tr>
    <tr>
      <td>Contact Mobile:</td>
      <td><input type="text" name="phone" id="phone" value="'.$phone.'" /></td>
    </tr>
    <tr>
      <td>Email:</td>
      <td><input type="text" name="email" id="email" value="'.$email.'" /></td>
    </tr>
    <tr>
      <td>Relevent Qualifications:</td>
      <td><textarea name="qual" id="qual" cols="45" rows="5" value="'.$qual.'"></textarea></td>
    </tr>
    <tr>
      <td>Recent Experience:</td>
      <td><textarea name="exper" id="exper" cols="45" rows="5" value="'.$exper.'"></textarea></td>
    </tr>
    <tr>
      <td>Upload Resume:</td>
      <td><input type="file" name="userfile" id="userfile" /></td>
    </tr>
    <tr>
      <td><input type="submit" name="submit" id="submit" value="Submit" /></td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>';

}

break;
}
?>

I want to be able to grab any new images uploaded and display them right away on the front page, at the moment I can grab the id of each but that won't update the gallery. Once 4 images are uploaded, the next one to be uploaded pushes the last out of the gallery.   At the moment, I only have 2 images on the db, but I want it ready to be used by a community

<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post"  
	enctype="multipart/form-data"> 
	Upload:<br><br> 
	<input type="file" name="image"><br><br> 
	<input type="submit" name="submit" value="Upload"> 
	</form>
	
	<?php
	
	if(isset($_POST['submit']))
	{
		mysql_connect("localhost","____","____");
		mysql_select_db("moduni_images");
		
		$imageName = mysql_real_escape_string($_FILES["image"]["name"]);
		$imageData = mysql_real_escape_string(file_get_contents($_FILES["image"]["tmp_name"]));
		$imageType = mysql_real_escape_string($_FILES["image"]["type"]);
		
		if(substr($imageType,0,5) == "image")
		{
			mysql_query("INSERT INTO `images` VALUES('','$imageName','$imageData')");
			echo "Image uploaded!";
		}
		else
		{
			echo '<br>O<font color="#8B0000">nly images are allowed!</font>';
		}
		
	}
	
	?>

<?php 

	mysql_connect("localhost","____","____");
	mysql_select_db("moduni_images");
	
	if(isset($_GET['id']))
	{
		$id = mysql_real_escape_string($_GET['id']);
		$query = mysql_query("SELECT * FROM `images` WHERE `id`='$id'");
		while($row = mysql_fetch_assoc($query))
		{
			$imageData = $row["image"];
		}
		header("content-type: image/jpeg");
		echo $imageData;
	}
	
	else
	
	{
		echo "Error!";
	}
?> 

<div id="user-gallery">
			<h2>Gallery</h2>
			
						
			<div class="img">
			  <a href="scripts/show_image.php?id=2" data-lightbox="image-1">
				<img src="scripts/show_image.php?id=2" width="125px" height="71px">
				</a>
			</div>
			<div class="img">
			  <a href="scripts/show_image.php?id=2" data-lightbox="image-1">
				<img src="scripts/show_image.php?id=2" width="125px" height="71px">
				</a>
			</div>
			<div class="img">
			 <a href="scripts/show_image.php?id=2" data-lightbox="image-1">
				<img src="scripts/show_image.php?id=2" width="125px" height="71px">
				</a>
			</div>
			<div class="img">
			  <a href="scripts/show_image.php?id=2" data-lightbox="image-1">
				<img src="scripts/show_image.php?id=2" width="125px" height="71px">
				</a>
			</div>
		</div>

Hi, I want to be able to let user upload XML form, and then in the action page it needs to extract that so that I can add it to the database.

Here is the upload form:
Code: [Select]
<html>
<head></head>
<body>
<form method='post' action="uploadFileToDB.php" enctype="multipart/form-data">
<p>
<label>
                    Upload image<input type='file' name='imageFileType' id='imageFileType' />
                </label>
            </p>

            <p>
                <input type='submit' value='Upload this image' name='upload' id='upload' />
            </p>
</form>
 </body>
</html>

Here is the uploadFileToDB.php:
Code: [Select]
<?php
require("PHP_xml_parsing_via_DOM.php");
//NB: this script does the actual shreddering (XML to SQL)

//IF User uploaded dir or XML file successful, then:
if(isset($_POST['upload'])) {
//SHRED NOW
//NB: how to retrieve the uploaded xml file
$_filePath=??
$node=basename($_filePath);
$dom=new DOMDocument();
$dom->load($node);
$labelPath=array();
mysql_connect("localhost","root");
mysql_select_db("dummydpev7");

$isXdocExist=mysql_query("SELECT file_Path,file_Name FROM xdocument WHERE file_Path='$_filePath' AND file_Name='$node'");
$docId=0;

if(mysql_num_rows($isXdocExist)==1) {
print "Entry already exists!";
$docId=mysql_next_id("xdocument")-1;
}
else {
mysql_query("INSERT INTO xdocument (file_Path,file_Name) VALUES ('$_filePath','$node')");
$docId=mysql_next_id("xdocument")-1;
}
print "<br />".$docId;

writeXMLtoDBViaDOM($dom->documentElement,$labelPath,$docId,$_filePath);
}
//ELSE
else
//Please upload Valid XML
print "Problem with XML file being uploaded.";

?>

The question in point is how do I extract the file I uploaded to set to $_filePath?? in the script so that I pass it to my function writeXMLtoDBviaDOM??

Please any help much appreciated!

Hi guys,
I need some PHP/jquery code that constantly checks a folder for when files are added to it, then grabs the file/s and processes them through a php function.

Any ideas how I can automate this, I am happy for a browser window to have to be open to do it (that would be the only way I think) but now I just need the web based code to go with it.


Any help/suggestions are much appreciated.

Cheers in advance.