Page 1 of 1

multiple file upload

Posted: Sat Oct 18, 2008 6:12 pm
by awiedman
I been trying to make a multiple file upload with restrictions that only allow you to upload .gif, .jpg, .png, .mp3, .wav, and .mid file types.

So if someone could help me or supply a code that would be great.

Re: multiple file upload

Posted: Sat Oct 18, 2008 6:18 pm
by aceconcepts
What have you done so far?

Re: multiple file upload

Posted: Sat Oct 18, 2008 9:07 pm
by awiedman
So far this is what I have, but I can't figure out how to make it for it restricts certain format/filetypes and to make it multi upload.


Index.html

Code: Select all

<html>
<head>
<title>Upload Media</title>
</head>
<body>
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td>
</tr>
<tr>
<td><form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="120000000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form></td>
Uploader.php

Code: Select all

 
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td></tr>
<tr>
<td>
<?php
$target_path = "/home/rphost/public_html/upload/";
 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
 ?>
</td>
</tr>
<tr>
<td>
<br>
<small>File Name:</small><br>
<?php echo "<input type='text' size='25' onclick='javascript&#058;select();' value='".  basename( $_FILES['uploadedfile']['name']). 
    "'>";?>
<br>
Preview:<br>
<?php echo "<img src='http://rphosting.net/uploads/".  basename( $_FILES['uploadedfile']['name']). 
    "'>";?></td>
</tr>
<tr>
<td><center><form action="index.php" method="post"><input type="submit" value="Return to Upload Page"></center></td>
</tr>
</table>
 
Uploads folder must have file permissions of 777

But i also found this code at: http://www.w3schools.com/php/php_file_upload.asp
It's supposed to put restricions on it but I can't figure out how to apply it to my upload script

Code: Select all

<?php
 
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Error: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Stored in: " . $_FILES["file"]["tmp_name"];
    }
  }
else
  {
  echo "Invalid file";
  }
 
?>

Re: multiple file upload

Posted: Fri Oct 24, 2008 11:57 am
by awiedman
If anyone could help that'de be great. :D

Re: multiple file upload

Posted: Fri Oct 24, 2008 12:47 pm
by TheBrandon
Just try using these parts:

Code: Select all

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
If you're using the $_FILES super global (which it looks like you are) then you just have to make an if/else for the filetype.

Basically, if the $_FILES super global's type is image/gif, do this.

Do a print_r($_FILES); in your script. It really opened my eyes to WHY that code worked and what data it contained.

I had to tackle a project similar to this and it drove me crazy because I didn't understand the $_FILES global array.

Try something like this:

Code: Select all

<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td></tr>
<tr>
<td>
<?php
$target_path = "/home/rphost/public_html/upload/";
 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
 
////////////////////////////////////// 
if ((($_FILES["file"]["type"] == "image/gif"){
 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']).
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
 
//////////////////////////////////////
}else{
echo "Sorry, not the write file type.";
}
 ?>
</td>
</tr>
<tr>
<td>
<br>
<small>File Name:</small><br>
<?php echo "<input type='text' size='25' onclick='javascript&#058;select();' value='".  basename( $_FILES['uploadedfile']['name']).
    "'>";?>
<br>
Preview:<br>
<?php echo "<img src='http://rphosting.net/uploads/".  basename( $_FILES['uploadedfile']['name']).
    "'>";?></td>
</tr>
<tr>
<td><center><form action="index.php" method="post"><input type="submit" value="Return to Upload Page"></center></td>
</tr>
</table>

Re: multiple file upload

Posted: Sat Oct 25, 2008 5:01 am
by Hannes2k
Hi,
please don't use this:

Code: Select all

   if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/pjpeg"))
    && ($_FILES["file"]["size"] < 20000))
The 'type' of a file is send by the http header, so you can easily modify it and upload e.g. a '.php' file with image/jpeg as type (just modify the header your browser send, there are many firefox plugins for this purpose).

To make sure, that someone can just upload mp3, gif and jpg files, check the extension:

Code: Select all

$ext = strrchr($_FILES["file"]["name], ".");
echo "Extension: $ext"; //I hope this work
 

But this is also insecure, because you can just change the file extension. (Change the extension of e.g. a html File to .gif and open this with IE6. IE6 will display correct html file. If the .html file now contains some javascript, you can redirect users who view this image or infect the user with a trojan horse).


So for images you can use:

Code: Select all

 
$info = getimagesize($_FILES['datei']['tmp_name']); 
if($info[2] == IMAGETYPE_GIF || $info[2] == IMAGETYPE_JPEG) 
   echo "Thats an image!";
 
But this doesn't work for mp3.


So you have to move the uploaded files into a seperated folder, where the direct access is not possible (e.g. put a .htaccess with 'deny from all' into the folder). The user than can access the file via a php-script, which sends the correct mime header depending on the file extension.