|
PHP - Image Uploads And Malicious Scripts
I've been surfing the web and reading various articles, and probably have more questions than answers, so any guidance or direction to resources will (hopefully) be useful. I'm trying to connect the dots to more adequately understand the security issues within uploading image files. From its inception, light hits a camera sensor and an image is created. Is it in binary form? ASCII? Other? Now suppose additional code is added to the image. (For this example, let's say it's a simple script that says Hello - which I suppose would STILL be considered malicious). If it's simply placed into the image code, how can I open the image (as the recipient) to see the code in its TEXT form? (I'm assuming that the code would need to be activated either by clicking the script or calling the code in order to actual function) And if the code is hidden or camouflaged by using an alternate character set, how would it be translated from the unnoticeable character set into something more meaningful in order to perform? Edited April 20 by phppupTypos Similar TutorialsCan someone advise me how to check for malicious PHP code? If I download a script from somewhere, how can I make sure it's not malicious? If bad, maybe it could delete files?? Or send spam? Or EVEN 'send home' code - so that they can track your usage - OK if I consent - not OK if haven't consented and they're doing it sneakily! Sending spam has been a problem when installing Joomla plugins Are there specific commands I should watch out for in PHP scripts? Like send mail or something? I'm sure the baddies would be clever and maybe use IP numbers to send out to instead of domain names? Is there a PHP code checker online? Something that tells you what your PHP script does? Simple things: like tell you if it sends out mail or makes contact outside or deletes files This would be great - it would save a lot of time going through hundreds/thousands of lines of code Thanks OM I am relatively new to PHP, so I need help why this script is not functioning **T if ($actionis=='Add Resource'){ //declaration of directory where files are saved if(isset($_POST['file'])) { //setting of variables $uploaddir = "resources/"; $fileName = $_FILES['userfile']['name']; $tmpName = $_FILES['userfile']['tmp_name']; $fileSize = $_FILES['userfile']['size']; $fileType = $_FILES['userfile']['type']; $fileErr = $_FILES['userfile']['error']; $filePath= $uploaddir . basename($_FILES['userfile']['name']); global $filePath; //filters extension filename $fileX = strrchr($fileName,"."); /* * UPLOAD FILTERING OPTIONS */ if ($fileSize>1000000){ die ("File too large! Must be below 1Mb."); } else{ if (($fileX==".txt")||($fileX==".doc")||($fileX==".docx")||($fileX==".pdf")||($fileX==".ppt")||($fileX==".pptx")){ if (move_uploaded_file($_FILES['userfile']['tmp_name'], $filePath)){ echo "<code>SUCCESS! File Uploaded.</code> ".$fileErr; } else{ echo "<code class='red'>Upload Failed.</code>"; } } else{ die ("Wrong file format!"); } } } The above script does not generate an error. But my problem is that I cannot save the uploaded file into my selected directory. This doesn't seem to be working. Any help? if (isset ($_POST['edit_poser'])){ $errormsg = ""; if (!$_FILES['userfile']['tmp_name']){ $errormsg = "<font style='color: #ff0000;'>Select an Image</font>"; } else { $maxfilesize = 51200; if ($_FILES['userfile']['size'] > $maxfilesize){ $errormsg = "<font style='color: #ff0000;'>Image is too large, select a smaller one</font>"; unlink($_FILES['userfile']['tmp_name']); } else if (!preg_match("/\.(gif|jpg|png)$/i" , $_FILES['userfile']['name'])){ $errormsg = "<font style='color: #ff0000;'>Image needs to be gif, jpg, or png</font>"; unlink($_FILES['userfile']['tmp_name']); } else { $newname = "image01.jpg"; $place_file = move_uploaded_file($_FILES['userfile']['tmp_name'], "Members/$id/".$newname); $errormsg = "<font style='color: #ff0000;'>Your image has successfully been updated</font>"; } } } // ends first if statement I need some quick help with this, This is my file upload row loop, I want to add the if <b>k = 4</b>, then you have reached the maximum upload. Or something to that Effect. PRetty much only allowing 4-upload per user, before stoping the upload feature.. row count Code: [Select] <?php $k = 4; //$n=5; for ($i=0, $n=count( $this->songs ); $i < $n; $i++) //for ($i=0, $n=count( $this->songs ); $i < $n; $i++) { $song = &$this->songs[$i]; $checked = JHTML::_('grid.id', $i, $song->id ); $link_edit = JRoute::_( 'index.php?userid='.$this->xxx->user_id.'&layout=form&id=' . $song->id .'&from=xxx'); $tick = JHTML::image("images/tick.png",JText::_('Yes')); $tick_file = JHTML::image("images/tick.png",JText::_('Yes'),array("title" => $xxx->filename)); $cross = JHTML::image("images/publish_x.png",JText::_('No')); ?> End row count Code: [Select] <?php $k = 1 - $k; } ?> My goal is to allow the user to select whether or not they want to replace the current img files. If so delete all current ones in select dir and upload into it. If not then began uploading at a specific point such that. 1.jpg 2.jpg 3.jpg ... and so on (replace yes deletes all and no deletes none) The directories are assigned previously and are accessed via sql database These are the two current sets i have <?php $page_title = "Central Valley LLC | Photo Addition" ?><?php include("header.php"); ?><?php include("nav.html"); ?> <div id="content"> <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="which">Choose A Product:</label> <?php $con = mysql_connect("localhost","phoenixi_cv","centraladmin"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("phoenixi_cvproducts", $con); $result = mysql_query("SELECT * FROM Products"); echo "<select>"; while($row = mysql_fetch_array($result)) { echo "<option "; echo "value=\"" . $row['num'] . "\">"; echo $row['Name'] . "</option>"; } echo "</select>"; mysql_close($con); ?> <br /> <h3 id="center">Do You Wish To Replace Current Images?</h3> <br /> <input type="radio" name="replace" value="y" />YES<br /> <input type="radio" name="replace" value="n" />NO <br /> <input name="uploads[]" type="file" multiple="multiple" /> <br /> <input type="submit" name="submit" value="Submit" /> </form> </div><!--#content--><?php include("footer.html") ?>() and this is the upload script so far <?php $count = 1; if($_POST[replace]=='y') { $mydir = 'assets/images/' . $_POST['which'] . '/'; $d = dir($mydir); while($entry = $d->read()) { if($entry!="." && $entry!="..") { unlink($entry); } } } else { $loop = true; while($loop == true) { $filename = 'assets/images/' . $_POST['which'] . '/' . $count . '.jpg'; if(file_exists($filename)) { $count++; } else { $loop = false; } } } if(!is_dir("uploads/".$id)) { //this checks to make sure the directory does not already exist mkdir("uploads/".$id, 0777, true); //if the directory doesn't exist then make it chmod("uploads/".$id, 0777); //chmod to 777 lets us write to the directory } $uploaddir = 'assets/images/' . $_POST['which'] . '/'; foreach($_FILES["uploads"]["name"] as $bla=> $boo) { //we have to do a loop to get all the filenames $file=$uploaddir.$boo; //we will check the filename in the upload directory, see if it exists if (file_exists($file)) { //if it exists then ...... die("Filename already exists, please rename this file"); //if filename exists in the directory then we die!!! :P } } foreach ($_FILES["uploads"]["error"] as $key => $error) { if ($error == UPLOAD_ERR_OK) { echo"$error_codes[$error]"; // let you know if there was an error on any uploads move_uploaded_file( //php function to move the file $_FILES["uploads"]["tmp_name"][$key], //from the temporary directory $uploaddir. $_FILES["uploads"]["name"][$key] //to the directory you chose ) or die("Problems with upload"); } } foreach($_FILES["uploads"]["name"] as $bla=> $boo) { $file=$uploaddir.$boo; $movepoint = $uploaddir . $count . '.jpg'; rename($file, $movepoint); $count++; } ?>() Thanks in advance for any help that you can give me.Also if you can suggest any easier ways i would certainly be obliged. I'm now having a problem with PHP uploads on the test site I'm working on. There is a special page called "cart_import.php" that directs CSV files selected for uploading to the "files" directory in the same location as the the page mentioned, and from there works on updating the website's front end with the data in the CSV file. But, when I try and upload the file, the page reports that it's failing to receive the upload entirely. I've confirmed with the host that the php.ini file does allow uploads, the "files" directory is set to write access and upload size allowed is a little over 2MB. Is there perhaps another thing I'm missing to allow uploads, something that I haven't found yet with Google? I have a form with 2 inputs specific to file uploads (where one day I may add more either through a dynamic layer of adding more than, or just might put 2 or 3 more fields). I can get a single file to upload without issue, but i seem to be having issues trying to get more than one at a time. What is the best way to handle this? I seem to be completely lost on this. Hello I am trying to make this a multiple file upload. It uploads a 1 file just fine. but I can't get it to upload several. I am a newbie at this. Can you please help me with this script. Thank you. Code: [Select] // My form <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">file1:</label> <input type="file" name="file" id="file" /> <label for="file">file2:</label> <input type="file" name="file" id="file" /> <label for="file">file3:</label> <input type="file" name="file" id="file" /> <input type="submit" name="submit" value="Submit" /> </form> // my upload script <?php $path1= "upload/" . $_FILES["file"]["name"]; if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 10000000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Front of Press Kit:<br /><br />"; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. Please change the name. Try adding more letters to the file name. Thank You. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "<img src=\"$path1\" width=\"360\" height=\"278\">"; } } } else { echo "Invalid file"; } ?> Hi Im building a file hosting script and need to do two things. I have two sets of users FREE and PAID. Both users can upload files to thier own folder, but free users can upload only 2gb of files and paid users can upload 10gb. Is there anyone who could give some pointers on how i can: Allow different folder quotas/sizes for both users Stop both users exceeding their quota. inform them when thier quota is full. Hope someone can give me help on this thanks Lee I'm looking for ideas thoughts that anyone might have regarding disappearing ID3 tags in .mp3 files after they are uploaded to a web server via $_FILES method. In order, the steps occur at time of upload a 1) File upload is initiated 2) File is uploaded to temp dir on server 3) File is re-assigned a hash value for a file name, with .mp3 appended 4) File is moved from temp dir to the given users dir 5) Meta Data is supposed to be read, and a row inserted into the DB. Now, everything works as intended - not having any issues... Other than, of course, the mystery of the vanishing ID3 tags. Can anyone shed some light on this? I am 100% certain that I can read the meta data - giving two different parameters on two different files (one uploaded manually via sftp, the other via http through the use of $_FILES) Example of what's happening: http://69.164.222.60/test2.php nji.mp3 was uploaded via SFTP. The hashed .mp3 was uploaded via my web form. Thoughts / Comments / Suggestions / Ideas / Saving Grace? ^^ Hey everyone. I have a form that is working fine. Basically it will upload files to an email address. The files do arrive at the email address, but the problem is that they show up as 0KB in my inbox. Photos, text docs etc., that I upload via the form are arriving in my email at 0KB for some reason. I know the code is messy, but hopefully someone can figure out why the files are uploading as 0KB. **Please see attached code Heya guys The other day i got the error: [28-Jan-2011 12:07:40] PHP Warning: POST Content-Length of 16970062 bytes exceeds the limit of 8388608 bytes in Unknown on line 0 Basically this means my server provider doesn't allow the total $_POST data on one page to be above 8MB, and being on shared hosting i cannot fix this So, whats the best way to get around this? Ajax? Options and code samples please I think this will help a lot of people as i haven't seen many answers after lots of research on the web. Thanks Danny. This is my code [Page where user uploads files -Edit-Page.php] <?php session_start(); if ($_SESSION['adminlogin'] == 1){ //Run } else { header('Location: Log-In.php'); exit; } $url = $_POST['url']; ?> <!DOCTYPE HTML> <html lang="en-GB"> <head> <meta charset="utf-8"> <!--Search Engine Meta Tags--> <meta name="author" content="Worldwide Lighthouses"> <meta name="keywords" content="Lighthouses,Lightships,Trinity House,Fog Signals,Fog Horns,Fresnel"> <meta name="description" content="Worldwide Lighthouses is the number 1 source of information, pictures and videos on the Subject of Lighthouses and Lightships"> <!--Stylesheets/Javascript--> <link rel="stylesheet" href="../../Page-Layout.css" media="screen and (min-width: 481px)"> <link rel="stylesheet" href="../../Mobile-Page-Layout.css" media="only screen and (max-width:480px)"> <!--Mobile Browser Support--> <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;"> <!--IE Support--> <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <link rel="stylesheet" href="../Page-Layout.css"><![endif]--> <meta name="application-name" content="Worldwide Lighthouses"> <meta name="msapplication-starturl" content="http://worldwidelighthouses.com/"> <meta name="msapplication-tooltip" content="Worldwide Lighthouses: Your number one source of Lighthouse Information, Videos and Pictures"> <meta name="msapplication-task" content="name=Lighthouses;action-uri=http://worldwidelighthouses.com/Lighthouses.php;icon-uri=http://worldwidelighthouses.com/IE9/Lighthouses.ico"> <meta name="msapplication-task" content="name=Lightships;action-uri=http://worldwidelighthouses.com/Lightships.php;icon-uri=http://worldwidelighthouses.com/IE9/Lightships.ico"> <meta name="msapplication-task" content="name=Fog Signals;action-uri=http://worldwidelighthouses.com/Fog-Signals.php;icon-uri=http://worldwidelighthouses.com/IE9/Fog-Signals.ico"> <meta name="msapplication-task" content="name=Glossary;action-uri=http://worldwidelighthouses.com/Glossary.php;icon-uri=http://worldwidelighthouses.com/IE9/Glossary.ico"> <title>Edit Page | Worldwide Lighthouses</title> <script> <!-- function fixForm(select) { var inputCount = parseInt(select); var newHTML = ''; for(i=1; i<=inputCount; i++) { newHTML += '<label>Thumbnail '+i+' | Size: 200px x 430px | Format: PNG</label>\n'+ '<input type="file" name="thumbnail'+i+'" size="100" accept="image/x-png" class="File">\n'+ '<label>Accompanying Large Image | Size : Large | Format: PNG</label>\n'+ '<input type="file" name="large'+i+'" size="100000000" accept="image/x-png" class="File"><br><br>\n' ; if(i < inputCount) { newHTML += '<br>\n\n'; } else { newHTML += '\n\n'; } } document.getElementById('formInputs').innerHTML=newHTML; } //--> function setVisibility(id, visibility) { document.getElementById(id).style.display = visibility; } </script> <style> input:focus, textarea:focus { background:#9CDCCB; } form#Page { width:80%; margin-top:10px; margin-bottom:10px; margin-left:auto; margin-right:auto; background-colour: rgb(33, 33, 33); /* The Fallback */ background: rgba(33, 33, 33, 0.8); border-radius:10px; padding:20px; } label { display:block; width:100%; color:#FFF; } .TitleInput { width:660px; } .info { width:260px; height:80px; } .url { width:660px; } #IntroParagraph{ width:660px; height:120px; } #MainParagraph{ width:660px; height:240px; } .File { width:660px; } #loading { position: fixed; top: 25%; left: 25%; width: 50%; height: 50%; background:url(../../layout-resources/article-background.jpg); border:3px #333 solid; border-radius:10px; text-align:center; color:#1D5A4B; display:none; } #loadinginfo { position: absolute; top: 25%; left: 25%; width: 50%; height: 50%; } </style> </head> <body> <div id="loading"><div id="loadinginfo"><img src="upload.gif" width="128" height="15" alt="Uploading"><br><h1>Uploading images...</h1><p>Please Wait, this could take a while.</p></div></div> <header> <h1 id="WWLH">Worldwide Lighthouses</h1> <form method="get" action="http://www.worldwidelighthouses.com/Search/search.php" id="Search-Box"> <input type="search" placeholder="Search Worldwide Lighthouses" name="query" id="query" size="30" value="" autocomplete="off"> <input type="submit" value="Search"> <input type="hidden" name="search" value="1"> </form> </header> <nav> <ul id="Nav"> <li class="MenuButton" id="Index"><a href="http://www.worldwidelighthouses.com/Index.php"><p class="Nav">Home</p></a></li> <li class="MenuButton" id="Lighthouses"><a href="http://www.worldwidelighthouses.com/Lighthouses.php"><p class="Nav">Lighthouses</p></a></li> <li class="MenuButton" id="Lightships"><a href="http://www.worldwidelighthouses.com/Lightships.php"><p class="Nav">Lightships</p></a></li> <li class="MenuButton" id="FogSignals"><a href="http://www.worldwidelighthouses.com/Fog-Signals.php"><p class="Nav">Fog Signals</p></a></li> <li class="MenuButton" id="Daymarks"><a href="http://www.worldwidelighthouses.com/Daymarks.php"><p class="Nav">Daymarks</p></a></li> <li class="MenuButton" id="Buoys"><a href="http://www.worldwidelighthouses.com/Buoys.php"><p class="Nav">Buoys</p></a></li> <li id="MenuButtonLast"><a href="http://www.worldwidelighthouses.com/Glossary.php"><p class="Nav">Glossary</p></a></li> </ul> </nav> <?php if ($_SESSION['adminlogin']==1) { echo '<div id="logout"> <div style="float:left; width:30%; text-align:left;!important"> <a href="Log-In-Accept-Deny.php">Back to Admin Home</a> </div> <div style="float:right; width:70%;"> <a href="Logout.php">Log Out of Admin</a> <p style="font-size:10px;">Always Sign Out when Finished!</p> </div></div>';} ?> <article> <h1 class="Title">Enter Page Information</h1> <div class="Textbox"> <form action="Preview-and-Confirm-Page-Changes.php" enctype="multipart/form-data" method="post" id="Page"> <input type="hidden" value="<?php echo $url ?>" name="url"> <label>Type of Page</label> <br> <input type="radio" name="typeofpage" value="englandtrinityhouse" checked> English - Trinity House <br> <input type="radio" name="typeofpage" value="englandprivate"> English - Privately Owned <br> <input type="radio" name="typeofpage" value="welshtrinityhouse"> Welsh - Trinity House <br> <input type="radio" name="typeofpage" value="welshprivate"> Welsh - Privately Owned <br> <input type="radio" name="typeofpage" value="northernlighthouseboard"> Scottish - Northern Lighthouse Board <br> <input type="radio" name="typeofpage" value="scottishprivate"> Scottish - Privately Owned <br> <input type="radio" name="typeofpage" value="channelislandstrinityhouse"> Channel Islands - Trinity House <br> <input type="radio" name="typeofpage" value="channelislandsprivate"> Channel Islands - Privately Owned <br> <input type="radio" name="typeofpage" value="francelb"> French - Lighthouse Board <br> <input type="radio" name="typeofpage" value="franceprivate"> French - Privately Owned <br> <input type="radio" name="typeofpage" value="switzerland"> Switzerland <br> <input type="radio" name="typeofpage" value="norway"> Norway <br> <input type="radio" name="typeofpage" value="lightshiptrinityhouse"> Lightship - Trinity House <br> <input type="radio" name="typeofpage" value="lightshipprivate"> Lightship - Private <br> <br> <label>Folder Name (Usually title of page with hyphens eg. Beachy-Head) Just provide the last section</label> <input type="text" name="foldername"> <label>Title of Page<br>(eg.Beachy Head Lighthouse. Dont Include | Worldwide Lighthouses, this is automatically added)</label><input type="text" placeholder="Title of Page" name="title" class="TitleInput"><br><br> <input type="hidden" name="MAX_FILE_SIZE" value="100000000000000000000000000000" /> <label>Main Page Image | Size: 170x170px Format:PNG</label><input type="file" name="mainpageimage" size="100" accept="image/x-png" class="File"><br><br> <h2>Information</h2> <label>Date Established:</label><input type="text" placeholder="Date Established" name="established" required="true" class="TitleInput"><br> <label>Current Lighthouse Built:</label><input type="text" placeholder="Date Current Lighthouse Established" name="currentlighthousebuilt" required="true" class="TitleInput"><br> <label>Height (In Metres, Will automatically convert to show feet and metres on same page)</label><input type="number" placeholder="Heigtht in metres" name="height" required="true" class="TitleInput"><br> <label>Date Automated:</label><input type="text" placeholder="Date Automated" name="automated" required="true" class="TitleInput"><br> <label>Date Electrified:</label><input type="text" placeholder="Date Electrified" name="electrified" required="true" class="TitleInput"><br> <label>Range (In Nautical Miles):</label><input type="number" placeholder="Range in Nautical Miles" name="range" required="true" class="TitleInput"><br> <label>Operator:</label><input type="text" placeholder="Operator" name="operator" required="true" class="TitleInput"><br><br> <h2>Media</h2> <label>Link to Video Page: (if none leave blank)</label><input type="url" name="video"> <label>Link to Audio Page: (if none leave blank)</label><input type="url" name="audio"> <h2>Write up</h2> <label>Paragraph:</label><textarea id="MainParagraph" name="paragraph"></textarea> <h2>Thumbnails</h2> <label> Number of Thumbnails </label> <select name="numberofthumbnails" onChange="fixForm(this.options[selectedIndex].text);"> <option value="0">0</option> <option value="2">2</option> <option value="4">4</option> <option value="6">6</option> <option value="8">8</option> <option value="10">10</option> <option value="12">12</option> <option value="14">14</option> <option value="16">16</option> <option value="18">18</option> <option value="20">20</option> <option value="22">22</option> <option value="24">24</option> </select> <br><br> <span id="formInputs"> </span> <input type="submit" value="Preview Page" onClick="setVisibility('loading', 'block');"> </form> <?php if ($_SESSION['adminlogin'] == 1){ echo "<br>Logged in on server side."; }?> </div> </article> <footer> <ul> <li><a href="http://www.worldwidelighthouses.com/About.php">About</a></li> <li><a href="http://www.worldwidelighthouses.com/Contact-us.php">Contact</a></li> <li><a href="http://www.worldwidelighthouses.com/Use-Our-Media.php">Use our media</a></li> <li><a href="http://www.worldwidelighthouses.com/Search/search.php">Search</a></li> <li><a href="http://www.worldwidelighthouses.com/Social-Networking.php">Social</a></li> <li><a href="#Top">Back to top</a></li> </ul> <br> <br> &#169; Worldwide Lighthouses <?php echo date("Y"); ?> </footer> </body> I have a form that lets a user upload an image, aswell as another file. I want the image to go into the images directory, and the pdf file to go into the PDF directory once uploaded. The names of the files will then be uploaded to the database. At the moment I can get the image to upload to the database and directory, but the PDF is only uploading the name to the database, it is not going into the PDF directory aswell. I'm not sure if there is a way you can do this, I am trying to use "move_uploaded_file()" to physically move the files but not sure if you can use it twice. here is my code, if you can point anything out or where im going wrong that would be great. <?php include "include/conn.php"; include "include/session.php"; ?> <?php // Check to see if the type of file uploaded is a valid image type function is_valid_type($file) { $valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif"); if (in_array($file['type'], $valid_types)) return 1; return 0; } function showContents($array) { echo "<pre>"; print_r($array); echo "</pre>"; } //Target path for image $TARGET_PATH = dirname(__FILE__) . "/images/"; //Target path for PDF files $PDF_TARGET_PATH = dirname(_FILE_) . "/PDF/"; // Get POST variables $image = $_FILES['image']; $pdf = $_FILES['pdf']; $date= date("Y-m-d "); $time = date("H:i:s"); $title = $_POST['title']; $title_escape = mysql_escape_string($title); $title_slashes = stripslashes($title_escape); $content = $_POST['content']; $image['name'] = mysql_real_escape_string($image['name']); $pdf['name'] = mysql_real_escape_string($pdf['name']); //image path $TARGET_PATH .= $image['name']; //PDF path $PDF_TARGET_PATH .= $pdf['file_name']; // Make sure all the fields from the form have inputs if ($image['name'] == "" ) { $_SESSION['error'] = "All fields are required"; header("Location: add_media.php"); exit; } // Verify file is an image if (!is_valid_type($image)) { $_SESSION['error'] = "You must upload a jpeg, gif, or bmp"; header("Location: add_media.php"); exit; } // move file into the directory and the path name into the database / along with the rest of the form fields if (move_uploaded_file($image['tmp_name'], $TARGET_PATH)) { if(move_uploaded_file($pdf['tmp_name'], $PDF_TARGET_PATH)) { $sql = "INSERT INTO media_table(title, text, time, date, image, PDF) VALUES ('" . $title_slashes . "','" . $content . "', '" . $time . "', '" . $date . "', '" . $image['name'] . "', '" . $pdf['name'] . "')"; $result = mysql_query($sql) or die (mysql_error()); header("Location: add_media.php"); exit; } else { print "did not upload"; } } else { $_SESSION['error'] = "Could not upload file. Check read/write persmissions on the directory"; exit; } ?> Code: [Select] $newid = 9; ?> <html> <head> <title>Used Cars : Add Stock</title> <?php if ($_SERVER['REQUEST_METHOD'] == "POST") { $uploaddir = "../usedcars/images"; $imgfile = ($_FILES['imgfile']['tmp_name']); $imgfile_name = ($_FILES['imgfile']['name']); $imgfile1 = ($_FILES['imgfile1']['tmp_name']); $imgfile_name1 = ($_FILES['imgfile1']['name']); $imgfile2 = ($_FILES['imgfile2']['tmp_name']); $imgfile_name2 = ($_FILES['imgfile2']['name']); $imgfile3 = ($_FILES['imgfile3']['tmp_name']); $imgfile_name3 = ($_FILES['imgfile3']['name']); $imgfile4 = ($_FILES['imgfile4']['tmp_name']); $imgfile_name4 = ($_FILES['imgfile4']['name']); $pext = getFileExtension($imgfile_name); $pext = strtolower($pext); if (($pext != "jpg")) { print "<h1>ERROR</h1>Image Extension Unknown.<br>"; print "<p>Please upload only a JPEG image with the extension .jpg or .jpeg ONLY<br><br>"; print "The file you uploaded had the following extension: $pext</p>\n"; unlink($imgfile); exit(); } $pext1 = getFileExtension($imgfile_name1); $pext1 = strtolower($pext1); if (($pext1 != "jpg")) { print "<h1>ERROR</h1>Image Extension Unknown.<br>"; print "<p>Please upload only a JPEG image with the extension .jpg or .jpeg ONLY<br><br>"; print "The file you uploaded had the following extension: $pext1</p>\n"; unlink($imgfile1); exit(); } $pext2 = getFileExtension($imgfile_name2); $pext2 = strtolower($pext2); if (($pext2 != "jpg")) { print "<h1>ERROR</h1>Image Extension Unknown.<br>"; print "<p>Please upload only a JPEG image with the extension .jpg or .jpeg ONLY<br><br>"; print "The file you uploaded had the following extension: $pext2</p>\n"; unlink($imgfile2); exit(); } $pext3 = getFileExtension($imgfile_name3); $pext3 = strtolower($pext3); if (($pext3 != "jpg")) { print "<h1>ERROR</h1>Image Extension Unknown.<br>"; print "<p>Please upload only a JPEG image with the extension .jpg or .jpeg ONLY<br><br>"; print "The file you uploaded had the following extension: $pext3</p>\n"; unlink($imgfile3); exit(); } $pext4 = getFileExtension($imgfile_name4); $pext4 = strtolower($pext4); if (($pext4 != "jpg")) { print "<h1>ERROR</h1>Image Extension Unknown.<br>"; print "<p>Please upload only a JPEG image with the extension .jpg or .jpeg ONLY<br><br>"; print "The file you uploaded had the following extension: $pext4</p>\n"; unlink($imgfile4); exit(); } $imgsize = GetImageSize($imgfile); $imgsize1 = GetImageSize($imgfile1); $imgsize2 = GetImageSize($imgfile2); $imgsize3 = GetImageSize($imgfile3); $imgsize4 = GetImageSize($imgfile4); /*== check size 0=width, 1=height ==*/ if (($imgsize[0] > 235) || ($imgsize[1] > 176)) if (($imgsize1[0] > 547) || ($imgsize1[1] > 366)) if (($imgsize2[0] > 182) || ($imgsize2[1] > 122)) if (($imgsize3[0] > 182) || ($imgsize3[1] > 122)) if (($imgsize4[0] > 182) || ($imgsize4[1] > 122)) { $tmpimg = tempnam("/tmp", "MKUP"); $tmpimg1 = tempnam("/tmp", "MKUP"); $tmpimg2 = tempnam("/tmp", "MKUP"); $tmpimg3 = tempnam("/tmp", "MKUP"); $tmpimg4 = tempnam("/tmp", "MKUP"); system("djpeg $imgfile >$tmpimg"); system("djpeg $imgfile1 >$tmpimg1"); system("djpeg $imgfile2 >$tmpimg2"); system("djpeg $imgfile3 >$tmpimg3"); system("djpeg $imgfile4 >$tmpimg4"); system("pnmscale -xy 235 176 $tmpimg | cjpeg -smoo 10 -qual 50 >$imgfile"); system("pnmscale -xy 547 366 $tmpimg1 | cjpeg -smoo 10 -qual 50 >$imgfile1"); system("pnmscale -xy 182 122 $tmpimg2 | cjpeg -smoo 10 -qual 50 >$imgfile2"); system("pnmscale -xy 182 122 $tmpimg3 | cjpeg -smoo 10 -qual 50 >$imgfile3"); system("pnmscale -xy 182 122 $tmpimg4 | cjpeg -smoo 10 -qual 50 >$imgfile4"); /*== remove temp image ==*/ unlink($tmpimg); unlink($tmpimg1); unlink($tmpimg2); unlink($tmpimg3); unlink($tmpimg4); } $final_file = str_replace(" ", "_", $imgfile_name); $final_filename = $newid.$final_file; $newfile = $uploaddir . "/$final_filename"; $final_file1 = str_replace(" ", "_", $imgfile_name1); $final_filename1 = $newid.$final_file1; $newfile1 = $uploaddir . "/$final_filename1"; $final_file2 = str_replace(" ", "_", $imgfile_name2); $final_filename2 = $newid.$final_file2; $newfile2 = $uploaddir . "/$final_filename2"; $final_file3 = str_replace(" ", "_", $imgfile_name3); $final_filename3 = $newid.$final_file3; $newfile3 = $uploaddir . "/$final_filename3"; $final_file4 = str_replace(" ", "_", $imgfile_name4); $final_filename4 = $newid.$final_file4; $newfile4 = $uploaddir . "/$final_filename4"; if (is_uploaded_file($imgfile)) { if (!copy($imgfile,"$newfile")) { print "Error Uploading File."; exit(); } } if (is_uploaded_file($imgfile1)) { if (!copy($imgfile1,"$newfile1")) { print "Error Uploading File."; exit(); } } if (is_uploaded_file($imgfile2)) { if (!copy($imgfile2,"$newfile2")) { print "Error Uploading File."; exit(); } } if (is_uploaded_file($imgfile3)) { if (!copy($imgfile3,"$newfile3")) { print "Error Uploading File."; exit(); } } if (is_uploaded_file($imgfile4)) { if (!copy($imgfile4,"$newfile4")) { print "Error Uploading File."; exit(); } } /*== delete the temporary uploaded file ==*/ unlink($imgfile); unlink($imgfile1); unlink($imgfile2); unlink($imgfile3); unlink($imgfile4); print("<img src=../usedcars/images/".$final_filename.">"); /*== DO WHATEVER ELSE YOU WANT SUCH AS INSERT DATA INTO A DATABASE ==*/ } ?> </head> <body bgcolor="#FFFFFF"> <h2>Add Used Car</h2> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="250000"> <p>Title: <input type="text" name="title" size="40" /> <p>Description: <input type="text" name="description" size="40" /> <p>Tags: <input type="text" name="tags" size="40" /> <p>Price: <input type="text" name="price" size="40" /> <p>Full details:<br /> <textarea cols="50" rows="10" name="notes"></textarea> <p>List Image: <input type="file" name="imgfile"> <p>Main Image: <input type="file" name="imgfile1"> <p>Page Image1 : <input type="file" name="imgfile2"> <p>Page Image2: <input type="file" name="imgfile3"> <p>Page Image3: <input type="file" name="imgfile4"> <br> <input type="submit" value="Add Entry"> </form> </body> </html> <?php /*== FUNCTIONS ==*/ function getFileExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } ?> I am going kinda crazy. I'm a newby to php but I'm getting the hang of it. I'm having a problem with adding restrictions on multiple uploads. I want to make sure that they are "jpg" and "giff" only. and that they are not larger than 10 mb. can you help please. this is what i have. Code: [Select] $path1= "upload/".$HTTP_POST_FILES['ufile']['name'][0]; $path2= "upload/".$HTTP_POST_FILES['ufile']['name'][1]; $path3= "upload/".$HTTP_POST_FILES['ufile']['name'][2]; copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1); copy($HTTP_POST_FILES['ufile']['tmp_name'][1], $path2); copy($HTTP_POST_FILES['ufile']['tmp_name'][2], $path3); echo "File Name :".$HTTP_POST_FILES['ufile']['name'][0]."<BR/>"; echo "File Size :".$HTTP_POST_FILES['ufile']['size'][0]."<BR/>"; echo "File Type :".$HTTP_POST_FILES['ufile']['type'][0]."<BR/>"; echo "<img src=\"$path1\" width=\"150\" height=\"150\">"; echo "<P>"; echo "File Name :".$HTTP_POST_FILES['ufile']['name'][1]."<BR/>"; echo "File Size :".$HTTP_POST_FILES['ufile']['size'][1]."<BR/>"; echo "File Type :".$HTTP_POST_FILES['ufile']['type'][1]."<BR/>"; echo "<img src=\"$path2\" width=\"150\" height=\"150\">"; echo "<P>"; echo "File Name :".$HTTP_POST_FILES['ufile']['name'][2]."<BR/>"; echo "File Size :".$HTTP_POST_FILES['ufile']['size'][2]."<BR/>"; echo "File Type :".$HTTP_POST_FILES['ufile']['type'][2]."<BR/>"; echo "<img src=\"$path3\" width=\"150\" height=\"150\">"; $filesize1=$HTTP_POST_FILES['ufile']['size'][0]; $filesize2=$HTTP_POST_FILES['ufile']['size'][1]; $filesize3=$HTTP_POST_FILES['ufile']['size'][2]; if($filesize1 && $filesize2 && $filesize3 != 0) { echo "We have received your files"; } else { echo "ERROR....."; } if($filesize1==0) <br /> { echo "There was something wrong with your first file"; echo "<BR />"; } if($filesize2==0) { echo "There was something wrong with your second file"; echo "<BR />"; } if($filesize3==0) { echo "There was something wrong with your third file"; echo "<BR />"; } ?> I hope I'm posting in the correct forum. If not, I'm super sorry! Anyways, I need help with a website I'm working on. We have been asked to redesign our "Apply Online" page. My supervisor has asked that I find the correct code to make an upload button that will allow users to upload their resumes to our server, and send a copy to the specific branch they indicate (we have 17 branches). Could any of you point me in the correct direction for this code? I've seen several sites for Uploads to servers, but I'm worried this isn't exactly what we are looking for. Hi, I want to let users upload multiple images to my online picture book, so after they press submit, HOW do I count the total $_FILES[someName]['name'] uploaded. I want to allow users to type in html form the total uploads they want and this will then display that many desired upload forms. I'm going to try count($_FILES[][]) and go from there first... Any help much appreciated! Hello. My script is set to upload files upto 5GB large. For that script I've currently set memory_limit to 5GB. Is it alright? I mean what is the ideal value (for large upload scripts) If you feel, 5GB is large. I can make script to upload 2GB files and set memory_limit accordingly. Also, max_execution_time has been set by me to 86400 currently. Assuming, on a 500Kbps broadband, it would require upto 24 hours to upload a 3-5GB file. Please suggest. Thank you. I've got a typical form with an input type="file" for users to upload photos to my site (2mb max to be exact). If you view my code below, you'll notice that I set a variable as the uploaded file's size, and a variable for the max file size I want in bytes. When making sure that the uploaded file's size is LESS than the limit size I set, it should push an error. However, I've noticed that my variable $uploadSize that is supposed to grab the upload file size is only returning "0" (zero). I've tried var_dump($_FILES) to see what was going on and it shows the array with the proper name of the uploaded file, etc. but the file size returns 0. So any file size I upload will bypass my test to see if the file size is less than the limit size. I've tested uploading images 2mb or less and the photos have successfully been queried, moved and resized. However, if I try and upload images LARGER than 2mb, the form still queries all the inputted data into the database but the image isn't successfully moved. I've used this same form and approach on a previous project and I didn't have any trouble. Can I get your guys' eyes on this and see if I'm missing anything small? Code: [Select] <?php if(isset($_POST['submit'])){ // ------------------------------------------------------------- // // A. SET VARIABLES // A1. set variables for inputted data $first = filter_var($_POST['first'], FILTER_SANITIZE_STRING); $last = filter_var($_POST['last'], FILTER_SANITIZE_STRING); $email = filter_var($_POST['email'], FILTER_SANITIZE_STRING); $email2 = filter_var($_POST['email2'], FILTER_SANITIZE_STRING); $name = filter_var($_POST['name'], FILTER_SANITIZE_STRING); $description = filter_var($_POST['description'], FILTER_SANITIZE_STRING); // A2. set variables for uploaded submission $uploadPath = $_FILES['uploadFile']['tmp_name']; $uploadSize = $_FILES['uploadFile']['size']; $uploadLimit = 2097152; /* 2mb max file size */ // A3. create error array $errors = array(); // ------------------------------------------------------------- // // B. VALIDATE FIELDS // B1. validate required fields if (empty($first)){ array_push($errors, 'first'); } if (empty($last)){ array_push($errors, 'last'); } if (empty($email)){ array_push($errors, 'email'); } if (empty($email2)){ array_push($errors, 'email2'); } if (empty($name)){ array_push($errors, 'name'); } // B2. validate emails if ($email != $email2){ array_push($errors, 'emailmismatch'); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)){ array_push($errors, 'invalidemail'); } // B3. validate uploaded image file size if ($uploadSize > $uploadLimit){ array_push($errors, 'filesize'); } // ------------------------------------------------------------- // // if no errors, continue query if (sizeof($errors) == 0){ // continue query } } ?> Code: [Select] <form method="post" enctype="multipart/form-data" id="submit-form"> <label for="first">First Name:</label> <input name="first" type="text" value="<?php echo $first; ?>"<?php if(in_array('first', $errors)){ echo ' class="error"'; } ?>> <label for="last">Last Name:</label> <input name="last" type="text" value="<?php echo $last; ?>"<?php if(in_array('last', $errors)){ echo ' class="error"'; } ?>> <label for="email">Email Address:</label> <input name="email" type="text" value="<?php echo $email; ?>"<?php if(in_array('email', $errors)){ echo ' class="error"'; } else if (in_array('emailmismatch', $errors)){ echo ' class="error"'; } ?>> <label for="email2">Confirm Email Address:</label> <input name="email2" type="text" value="<?php echo $email2; ?>"<?php if(in_array('email2', $errors)){ echo ' class="error"'; } else if (in_array('emailmismatch', $errors)){ echo ' class="error"'; } ?>> <br><br><br><br> <label for="name">Your Photo Name:</label> <input name="name" type="text" value="<?php echo $name; ?>"<?php if(in_array('name', $errors)){ echo ' class="error"'; } ?>> <label for="description">Describe The Photo: <span class="optional">(optional)</span> <div class="right"><span class="optional">300 characters max</span></div></label> <textarea name="description" onKeyDown="limitInput(this.form.description,this.form.countdown,300);" onKeyUp="limitInput(this.form.description,this.form.countdown,300);"><?php echo stripslashes($description); ?></textarea> <label for="upload">Photo Image: <span class="optional">(.JPG's only, max 2mb file size)</span></label> <input type="hidden" name="MAX_FILE_SIZE" value="2097152"> <input id="uploadFile" name="uploadFile" type="file"<?php if(in_array('badimage', $errors)){ echo ' class="error"'; } ?> /> <input type="submit" name="submitFeature" class="submit" value="Submit Your Feature"> </form> Awhile ago I wrote a simple form to except image specific uploads from users and chmoded the directory to 777... worked great... Till there was a hack and then I found that chmod 777 is bad So changed the folder to 775, but now the upload script won't work. Can somebody point me to a post or article on how to give a file ownership or group permissions so it can safely run its uploads to the folder? I have tried google but keep getting Linux and Window OS results.. its a tough question to google. Any help is very much appreciated. |
|||||||