multiple file upload

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
awiedman
Forum Newbie
Posts: 7
Joined: Wed Sep 24, 2008 6:58 pm

multiple file upload

Post by awiedman »

I been trying to make a multiple file upload with restrictions that only allow you to upload .gif, .jpg, .png, .mp3, .wav, and .mid file types.

So if someone could help me or supply a code that would be great.
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Re: multiple file upload

Post by aceconcepts »

What have you done so far?
awiedman
Forum Newbie
Posts: 7
Joined: Wed Sep 24, 2008 6:58 pm

Re: multiple file upload

Post by awiedman »

So far this is what I have, but I can't figure out how to make it for it restricts certain format/filetypes and to make it multi upload.


Index.html

Code: Select all

<html>
<head>
<title>Upload Media</title>
</head>
<body>
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td>
</tr>
<tr>
<td><form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="120000000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form></td>
Uploader.php

Code: Select all

 
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td></tr>
<tr>
<td>
<?php
$target_path = "/home/rphost/public_html/upload/";
 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
 ?>
</td>
</tr>
<tr>
<td>
<br>
<small>File Name:</small><br>
<?php echo "<input type='text' size='25' onclick='javascript&#058;select();' value='".  basename( $_FILES['uploadedfile']['name']). 
    "'>";?>
<br>
Preview:<br>
<?php echo "<img src='http://rphosting.net/uploads/".  basename( $_FILES['uploadedfile']['name']). 
    "'>";?></td>
</tr>
<tr>
<td><center><form action="index.php" method="post"><input type="submit" value="Return to Upload Page"></center></td>
</tr>
</table>
 
Uploads folder must have file permissions of 777

But i also found this code at: http://www.w3schools.com/php/php_file_upload.asp
It's supposed to put restricions on it but I can't figure out how to apply it to my upload script

Code: Select all

<?php
 
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Error: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Stored in: " . $_FILES["file"]["tmp_name"];
    }
  }
else
  {
  echo "Invalid file";
  }
 
?>
awiedman
Forum Newbie
Posts: 7
Joined: Wed Sep 24, 2008 6:58 pm

Re: multiple file upload

Post by awiedman »

If anyone could help that'de be great. :D
TheBrandon
Forum Commoner
Posts: 87
Joined: Tue May 20, 2008 8:55 am

Re: multiple file upload

Post by TheBrandon »

Just try using these parts:

Code: Select all

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
If you're using the $_FILES super global (which it looks like you are) then you just have to make an if/else for the filetype.

Basically, if the $_FILES super global's type is image/gif, do this.

Do a print_r($_FILES); in your script. It really opened my eyes to WHY that code worked and what data it contained.

I had to tackle a project similar to this and it drove me crazy because I didn't understand the $_FILES global array.

Try something like this:

Code: Select all

<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td></tr>
<tr>
<td>
<?php
$target_path = "/home/rphost/public_html/upload/";
 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
 
////////////////////////////////////// 
if ((($_FILES["file"]["type"] == "image/gif"){
 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']).
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
 
//////////////////////////////////////
}else{
echo "Sorry, not the write file type.";
}
 ?>
</td>
</tr>
<tr>
<td>
<br>
<small>File Name:</small><br>
<?php echo "<input type='text' size='25' onclick='javascript&#058;select();' value='".  basename( $_FILES['uploadedfile']['name']).
    "'>";?>
<br>
Preview:<br>
<?php echo "<img src='http://rphosting.net/uploads/".  basename( $_FILES['uploadedfile']['name']).
    "'>";?></td>
</tr>
<tr>
<td><center><form action="index.php" method="post"><input type="submit" value="Return to Upload Page"></center></td>
</tr>
</table>
Hannes2k
Forum Contributor
Posts: 102
Joined: Fri Oct 24, 2008 12:22 pm

Re: multiple file upload

Post by Hannes2k »

Hi,
please don't use this:

Code: Select all

   if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/pjpeg"))
    && ($_FILES["file"]["size"] < 20000))
The 'type' of a file is send by the http header, so you can easily modify it and upload e.g. a '.php' file with image/jpeg as type (just modify the header your browser send, there are many firefox plugins for this purpose).

To make sure, that someone can just upload mp3, gif and jpg files, check the extension:

Code: Select all

$ext = strrchr($_FILES["file"]["name], ".");
echo "Extension: $ext"; //I hope this work
 

But this is also insecure, because you can just change the file extension. (Change the extension of e.g. a html File to .gif and open this with IE6. IE6 will display correct html file. If the .html file now contains some javascript, you can redirect users who view this image or infect the user with a trojan horse).


So for images you can use:

Code: Select all

 
$info = getimagesize($_FILES['datei']['tmp_name']); 
if($info[2] == IMAGETYPE_GIF || $info[2] == IMAGETYPE_JPEG) 
   echo "Thats an image!";
 
But this doesn't work for mp3.


So you have to move the uploaded files into a seperated folder, where the direct access is not possible (e.g. put a .htaccess with 'deny from all' into the folder). The user than can access the file via a php-script, which sends the correct mime header depending on the file extension.
Post Reply