fileupload issue expert opinion appreciated

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

fileupload issue expert opinion appreciated

Post by scarface222 »

Hey guys let me start by saying I understand if no one knows what the heck my problem is because I am scratching my head. I have a file upload script that works on my local server when I tested it but when I uploaded it onto my remote server it is non responsive, and seems to bypass all my checks and script and just upload the file. I compared the php ini files and the settings are quite similar. The only extension I needed to add which might have been an issue was the php gd2. I already have php fileinfo installed which was another possible issue. The only part of the script that works is the part that say please select a file to upload when the input is empty. I even tried putting another comment directly after the if statement and it didn't run...:

Code: Select all

 echo"<script>
alert(\"test!\");
</script>";
return;
Here is an example of my mp3 upload which is non responsive...IF anyone has any clue whatsoever as to my problem, I would greatly appreciate anything you can teach me or say that may guide me. This is my first website so I am learning a lot as I go.

Code: Select all

 
//file is mp3   
if($_POST["selection"]==2){
# edit #
    $username=$_POST["username"];
    
    $max_filesize = 4024000;
 
    $uploads = "../usercontent/$username/audio";
    $types_array = array('audio/mpeg','audio/mpeg3','audio/mpg','audio/mp3');
# end edit #
 
if($_FILES['file']['name'] == "")
{
     echo"<script>
alert(\"Please select a file to upload!\");
</script>";
return;
 
}
 
   $finfo = finfo_open(FILEINFO_MIME_TYPE);
   if(!in_array(finfo_file($finfo, $_FILES['file']['tmp_name']), $types_array)) {
         echo"<script>
alert(\"Only Mp3s are allowed!\");
</script>";
return;// error
    }
    finfo_close($finfo);
    
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".js", ".shtml", ".pl" ,".py");
foreach ($blacklist as $item) {
if(preg_match("/$item\$/i", $_FILES['file']['name'])) {
echo "We do not allow uploading of this type of file\n";
     echo"<script>
alert(\"We do not allow uploading of this type of file. Your account has been flagged!\");
</script>";
return;
}
}
    $max_filesize_kb = ($max_filesize / 1024);
 
if($_FILES['file']['size'] > $max_filesize)
{
     echo"<script>
alert(\"Your file is too large it must be.$max_filesize_kb.kb\");
</script>";
return;
 
}
$mp3=urlencode($_FILES['file']['name']);
$length=strlen($mp3);
if ($length>55){
     echo"<script>
alert(\"Please shorten your filename.\");
</script>";
return;
}
 
$checkmp3="SELECT * FROM mp3 WHERE mp3='$mp3' AND username='$username'";
    $querymp3=mysql_query($checkmp3) or die('Error, select query failed');
$countmp3 = mysql_num_rows($querymp3);
 
if ($countmp3>=1){
     echo"<script>
alert(\"This file already exists in your file.\");
</script>";
return;
}
 
$checkmp3="SELECT * FROM mp3 WHERE username='$username'";
    $querymp3=mysql_query($checkmp3) or die('Error, select query failed');
$countmp3 = mysql_num_rows($querymp3);
if ($countmp3==3){
     echo"<script>
alert(\"You can only store 3 mp3 files at once.\");
</script>";
return;
}
 
else{
        $mp3=$_FILES['file']['name'];
$second_query = "INSERT INTO mp3
(username, mp3) VALUES('$username', '$mp3')";
mysql_query($second_query) or die('Error, insert query failed');
 
move_uploaded_file($_FILES['file']['tmp_name'], $uploads.'/'.$_FILES['file']['name'])
or die ("Couldn't upload ".$_FILES['file']['name']."\n");
 
 
 echo"<script>
alert(\"File uploaded Refresh the page to view it\");
</script>";
return;
}   
 
}
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: fileupload issue expert opinion appreciated

Post by scarface222 »

I think it just skips all the checks except the first one, and yet the file name is defined because I was testing it and I uploaded a file but the process does not seem to discriminate which was the whole point of the checks. As soon as I press upload regardless of what file type it is, I just get the hour glass next to my mouse pointer which signifies a connection and the file starts uploading. I think it may be a problem with the php ini file now but I have no idea what since it works on my local server. IF anyone has an idea let me know please.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: fileupload issue expert opinion appreciated

Post by scarface222 »

I figured out the problem, the script is just extremely slow to respond. Does anyone know how to speed it up? Should I use some sort of server optimizer or something?
Post Reply