multiple file upload

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nayeemmz
Forum Commoner
Posts: 32
Joined: Fri Jun 29, 2007 7:19 pm

multiple file upload

Post by nayeemmz »

Hi,

I am facing a weird problem.

I am uploading multiple files using a form.
Right now I am trying to upload the following 4
files:

file 1, size = 2686 bytes
file 2, size = 746 bytes
file 3, size = 3516 bytes
file 4, size = 3277 bytes

If I try to upload them in that order the size of file 4 is shown to be 0 bytes on the file server

If I swap file 3 and 4 then I have the same problem of file size being 0 on the file server.

However, if I upload in the order file 1, file 3, file 4, file 2 then everything works fine and all the files show the right size.

As long as I don't upload files 3 and 4 last, the file ize of the last uploaded file is shown to be correct otherwise 0.

Any help would be appreciated.

Thanks

-Nayeem
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Code please.
nayeemmz
Forum Commoner
Posts: 32
Joined: Fri Jun 29, 2007 7:19 pm

Post by nayeemmz »

Here is the code:

Code: Select all

<form enctype="multipart/form-data" action="uploadfilesonly.php" method="post">
  <input type="hidden" name="MAX_FILE_SIZE" value="2097152"></input>
   <table>
  <?
    $uploadNeed = $_POST['uploadNeed'];
    for($x=0;$x<$uploadNeed;$x++){
  ?>
    <tr><td>
    <? if($x>0) {?>
    file <?echo $x;?>:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input          name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>"         size=100></td></tr>  <?  }    // Save the driver class file name.
   else {
  ?>      Dr file:<input name="uploadFile<? echo $x;?>" type="file"      id="uploadFile<? echo $x;?>" size=100></td></tr>  <?      }     }  ?>  <tr><td align=right>
  <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
     <input type="submit" name="Submit" value="Submit"> </td></tr>  </table>
  </p> </form>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Upload handling code, please.
nayeemmz
Forum Commoner
Posts: 32
Joined: Fri Jun 29, 2007 7:19 pm

Post by nayeemmz »

Here is the upload handling code:

Code: Select all

for($x=0; $x<$uploadNeed;$x++)
 {
  $file_name = $_FILES['uploadFile'.$x]['name'];
  // strip file_name of slashes
  $file_name = stripslashes($file_name);
  $file_name = str_replace("'","",$file_name);
if(!ssh2_scp_send ($ss_connect,$_FILES['uploadFile'.$x]['tmp_name'],'/tmp/'.$file_name,0644))
     {
       echo "Problem: Could not move $file_name into directory";
       exit;
     }

       echo "$file_name uploaded successfully<br><br>";
  }
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

What have you added/tried to aid in debugging?
nayeemmz
Forum Commoner
Posts: 32
Joined: Fri Jun 29, 2007 7:19 pm

Post by nayeemmz »

Here are some of the tests that I run. I am just including the if statements:

Code: Select all

1. if($file_name =="")
2. if($_FILES['uploadFile'.$x]['size']==0)
3. if($_FILES['uploadFile'.$x]['type'] != "application/octet-stream")
4. if(!is_uploaded_file($_FILES['uploadFile'.$x]['tmp_name']))
I also check that the user is logged in.

Thanks

-Nayeem
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

What is the purpose of the 'type' check? Why is there no 'error' check?

basename() is important to use on the 'name' field as some browsers supply full paths (and your script will accept full paths, thereby allowing someone to overwrite just about any file they wish)
nayeemmz
Forum Commoner
Posts: 32
Joined: Fri Jun 29, 2007 7:19 pm

Post by nayeemmz »

Hi,

The type check is there because I want to upload only a particular type of files.

I understand about the basename() part but I don't think I understand how basename() could possibly solve the problem that I am having, though.

Thanks

-Nayeem
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

nayeemmz wrote:The type check is there because I want to upload only a particular type of files.
'type' is supplied by the submitting agent and isn't verified by PHP. It's a bad idea to rely on it. Checking the file's content itself is, unfortunately, the only way to verify the file is acceptable. mime_content_type() and/or getimagesize() may be of interest.
nayeemmz wrote:I understand about the basename() part but I don't think I understand how basename() could possibly solve the problem that I am having, though.
It wasn't intended to fix your issue, only help close a gaping security hole in your script.
nayeemmz
Forum Commoner
Posts: 32
Joined: Fri Jun 29, 2007 7:19 pm

Post by nayeemmz »

Okay.

Thanks for pointing out about the basename() and the file type check.
Post Reply