File upload errors also how do I restrict uploaded file type

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

File upload errors also how do I restrict uploaded file type

Post by andylyon87 »

Hey guys sorry to b a pain again but this isn't workin now, all the thing is meant to do is write the file to the folder but it seems to ignore the variable $shop and just places it in the folder 'focus'. As can be seen $shop represents a folder, the folder is correctly chmod 0777 so any ideas of why its screwed? :?

Code: Select all

<?php
if($File){
          print("<TR><TD colspan=2>File name:$File_name</TD></TR>");
          print("<TR><TD colspan=2>File size:$File_size</TD></TR>");
          opendir("php/form_data/focus/".$shop);
          if(copy($File, "php/form_data/focus/$shop/$File_name")){
                mail("lyonclan@onetel.net.uk", "new focus images", $File_name);
                print("<TR><TD colspan=2>Your file, $File_name, was successfully uploaded!</TD></TR>");
          }else{
                print("<TR><TD colspan=2>Your file, $File_name, could not be copied.</TD></TR>");
          }
          unlink($File);
          }

print("<center>
               <table cellspacing=0 cellpadding=0 width=540 border=0>
                      <TR><TD colspan=2>Please remember you need to have filled in your details prior to submitting information else an error will occur. If you haven't already filled out your details please do so now. Please upload any documents and images you have related to your spotlight month. If you are returning and have entered your details previously you will be able to add files to your directory.<BR><BR>
                      <TR><TD colpsan=2>&nbsp;</TD></TR>
                      <TR><TD>Validation Code Sent Via Email:
                      <TD><input type=text name=shop size=28 class=box></TD>
                      <TR><TD><form action="?id=spotlight_upload" method=post enctype="multipart/form-data">File:
                      <TD><input type=file name=File size=28 class=box>
                      <TR><TD><input type=hidden name=MAX_FILE_SIZE value=1000000>
                      <TR><TD colspan=2><BR><BR><center><input type=submit name="submit" value=Submit! class=box></form>
               </TABLE>");
?>
The code shouldn't be too sketchy but it is an open upload due to the fact I need it to accept .doc .txt and all images. Does anyone know how to restrict it for this!!!

Any help is greatly appreciated

Andy
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

If you have register_globals Off (and even if you don't) you should use:
opendir('php/form_data/focus/'.$_POST['shop']);
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the only "safe" way to restrict file types, is you have to check the file's data. Simple enough for image types: [php_man]getimagesize[/php_man]() will tell you if it's a known image type (to php).. .txt files are ASCII (7-bit) only files. And .doc has a certain file structure you may want to look up with google...
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Post by andylyon87 »

cheers guys
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Post by andylyon87 »

oh dear, it still isn't workin it jus doesnt wanna uload to the right file
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

to the right file? Uploads don't save on the server as their original name...
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Post by andylyon87 »

I know thats why it has an operation to copy the file name to, it saves it as .../$File_Name

Still aint workin though
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Code: Select all

if(copy($File, "php/form_data/focus/$shop/".$File_name)){
could be wrong but that should solve it i guess
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

stick the following before the code you've posted, and tell us what it says:

Code: Select all

echo '<pre>'.var_dump($_FILES,true).'</pre>';
Post Reply