Page 3 of 3

Posted: Thu Jul 08, 2004 5:31 pm
by markl999
list($filename, $fileext) = split(".", $HTTP_POST_FILES['file']); is an array, you want:
list($filename, $fileext) = split(".", $HTTP_POST_FILES['file']['name']);
If you put error_reporting(E_ALL); as the first line of your script you'll see it's full of buggets ;)
I've tweaked your version a bit (and used the superglobals as there's no reason not to unless you're using PHP < 4.1.0):

Code: Select all

<?php
error_reporting(E_ALL);
include("dbconnection/connect_db.inc.php");
if (!empty($_POST['submit'])) {
  list($filename, $fileext) = split(".", $_FILES['file']['name']);
  print_r($HTTP_POST_FILES);
  print_r($fileext);
  if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
    $error = "You did not upload a file!";
    unlink($_FILES['file']['tmp_name']);
    // assign error message, remove uploaded file, redisplay form.
  } else {
    //a file was uploaded
    $maxfilesize=3000000;

    if ($fileext == "php")
    {
      $error = "This file type is not allowed.";
      unlink($HTTP_POST_FILES['file']['tmp_name']);
      // assign error message, remove uploaded file, redisplay form.
    } elseif ($_FILES['file']['size'] > $maxfilesize) {
      $error = "This file is too large";
      unlink($_FILES['file']['tmp_name']);
      // assign error message, remove uploaded file, redisplay form.
    } elseif ($_FILES['file']['type'] != "text/plain") {
        $error = "This file type is not allowed";
        unlink($_FILES['file']['tmp_name']);
        // assign error message, remove uploaded file, redisplay form.
      } else {
       //File has passed all validation, copy it to the final destination and remove the temporary file:
       copy($_FILES['file']['tmp_name'],"faqs/".$_FILES['file']['name']);
       unlink($_FILES['file']['tmp_name']);
       print "File has been successfully uploaded!";
       print "$filename";
       print "$fileext";
       exit;
     }
   }
}

?>
<html>
<head></head>
<body>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data">
<?php if(!empty($error)) echo $error; ?>
<br><br>
Choose a file to upload:<br>
<input type="file" name="file"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>

Posted: Thu Jul 08, 2004 5:37 pm
by jonas
It still uploads a PHP file :(

http://www.bolt3.com/uploadtest.php

Posted: Thu Jul 08, 2004 5:40 pm
by markl999
Your link shows:
This file type is not allowed
When i upload a .php file? :o

Posted: Thu Jul 08, 2004 5:42 pm
by jonas
Not for me :(


ACtually the .php file I am trying to upload is the uploadtest.php file.

Maybe uploading the same file is automatically allowed?

So yes, it does work unless it's uploading itself.

Odd.

Posted: Thu Jul 08, 2004 5:46 pm
by markl999
Try this one, the previous did have a logic problem :o

Code: Select all

<?php
error_reporting(E_ALL);
include("dbconnection/connect_db.inc.php");
if (!empty($_POST['submit'])) {
  $fileext = end(explode('.', $_FILES['file']['name']));
  print_r($HTTP_POST_FILES);
  print_r($fileext);
  if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
    $error = "You did not upload a file!";
    unlink($_FILES['file']['tmp_name']);
    // assign error message, remove uploaded file, redisplay form.
  } else {
    //a file was uploaded
    $maxfilesize=3000000;

    if ($fileext != 'txt')
    {
      $error = "This file type is not allowed.";
      unlink($HTTP_POST_FILES['file']['tmp_name']);
      // assign error message, remove uploaded file, redisplay form.
    } elseif ($_FILES['file']['size'] > $maxfilesize) {
      $error = "This file is too large";
      unlink($_FILES['file']['tmp_name']);
      // assign error message, remove uploaded file, redisplay form.
    } else {
       //File has passed all validation, copy it to the final destination and remove the temporary file:
       copy($_FILES['file']['tmp_name'],"faqs/".$_FILES['file']['name']);
       unlink($_FILES['file']['tmp_name']);
       print "File has been successfully uploaded!";
       print $_FILES['file']['name'];
       print '<br />Ext: '.$fileext;
       exit;
     }
   }
}

?>
<html>
<head></head>
<body>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data">
<?php if(!empty($error)) echo $error; ?>
<br><br>
Choose a file to upload:<br>
<input type="file" name="file"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>

Posted: Thu Jul 08, 2004 5:47 pm
by Joe
I am unable to upload .php files to your server. Thats strange!