Page 1 of 1

File upload errors also how do I restrict uploaded file type

Posted: Sat Jul 03, 2004 12:44 pm
by andylyon87
Hey guys sorry to b a pain again but this isn't workin now, all the thing is meant to do is write the file to the folder but it seems to ignore the variable $shop and just places it in the folder 'focus'. As can be seen $shop represents a folder, the folder is correctly chmod 0777 so any ideas of why its screwed? :?

Code: Select all

<?php
if($File){
          print("<TR><TD colspan=2>File name:$File_name</TD></TR>");
          print("<TR><TD colspan=2>File size:$File_size</TD></TR>");
          opendir("php/form_data/focus/".$shop);
          if(copy($File, "php/form_data/focus/$shop/$File_name")){
                mail("lyonclan@onetel.net.uk", "new focus images", $File_name);
                print("<TR><TD colspan=2>Your file, $File_name, was successfully uploaded!</TD></TR>");
          }else{
                print("<TR><TD colspan=2>Your file, $File_name, could not be copied.</TD></TR>");
          }
          unlink($File);
          }

print("<center>
               <table cellspacing=0 cellpadding=0 width=540 border=0>
                      <TR><TD colspan=2>Please remember you need to have filled in your details prior to submitting information else an error will occur. If you haven't already filled out your details please do so now. Please upload any documents and images you have related to your spotlight month. If you are returning and have entered your details previously you will be able to add files to your directory.<BR><BR>
                      <TR><TD colpsan=2>&nbsp;</TD></TR>
                      <TR><TD>Validation Code Sent Via Email:
                      <TD><input type=text name=shop size=28 class=box></TD>
                      <TR><TD><form action="?id=spotlight_upload" method=post enctype="multipart/form-data">File:
                      <TD><input type=file name=File size=28 class=box>
                      <TR><TD><input type=hidden name=MAX_FILE_SIZE value=1000000>
                      <TR><TD colspan=2><BR><BR><center><input type=submit name="submit" value=Submit! class=box></form>
               </TABLE>");
?>
The code shouldn't be too sketchy but it is an open upload due to the fact I need it to accept .doc .txt and all images. Does anyone know how to restrict it for this!!!

Any help is greatly appreciated

Andy

Posted: Sat Jul 03, 2004 2:53 pm
by markl999
If you have register_globals Off (and even if you don't) you should use:
opendir('php/form_data/focus/'.$_POST['shop']);

Posted: Sat Jul 03, 2004 3:51 pm
by feyd
the only "safe" way to restrict file types, is you have to check the file's data. Simple enough for image types: [php_man]getimagesize[/php_man]() will tell you if it's a known image type (to php).. .txt files are ASCII (7-bit) only files. And .doc has a certain file structure you may want to look up with google...

Posted: Sun Jul 04, 2004 3:56 am
by andylyon87
cheers guys

Posted: Sun Jul 04, 2004 4:09 am
by andylyon87
oh dear, it still isn't workin it jus doesnt wanna uload to the right file

Posted: Sun Jul 04, 2004 9:48 am
by feyd
to the right file? Uploads don't save on the server as their original name...

Posted: Mon Jul 05, 2004 6:36 am
by andylyon87
I know thats why it has an operation to copy the file name to, it saves it as .../$File_Name

Still aint workin though

Posted: Mon Jul 05, 2004 8:37 am
by ol4pr0

Code: Select all

if(copy($File, "php/form_data/focus/$shop/".$File_name)){
could be wrong but that should solve it i guess

Posted: Mon Jul 05, 2004 12:24 pm
by feyd
stick the following before the code you've posted, and tell us what it says:

Code: Select all

echo '<pre>'.var_dump($_FILES,true).'</pre>';