Page 1 of 1
multiple file upload
Posted: Sat Oct 18, 2008 6:12 pm
by awiedman
I been trying to make a multiple file upload with restrictions that only allow you to upload .gif, .jpg, .png, .mp3, .wav, and .mid file types.
So if someone could help me or supply a code that would be great.
Re: multiple file upload
Posted: Sat Oct 18, 2008 6:18 pm
by aceconcepts
What have you done so far?
Re: multiple file upload
Posted: Sat Oct 18, 2008 9:07 pm
by awiedman
So far this is what I have, but I can't figure out how to make it for it restricts certain format/filetypes and to make it multi upload.
Index.html
Code: Select all
<html>
<head>
<title>Upload Media</title>
</head>
<body>
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td>
</tr>
<tr>
<td><form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="120000000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form></td>
Uploader.php
Code: Select all
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td></tr>
<tr>
<td>
<?php
$target_path = "/home/rphost/public_html/upload/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
?>
</td>
</tr>
<tr>
<td>
<br>
<small>File Name:</small><br>
<?php echo "<input type='text' size='25' onclick='javascript:select();' value='". basename( $_FILES['uploadedfile']['name']).
"'>";?>
<br>
Preview:<br>
<?php echo "<img src='http://rphosting.net/uploads/". basename( $_FILES['uploadedfile']['name']).
"'>";?></td>
</tr>
<tr>
<td><center><form action="index.php" method="post"><input type="submit" value="Return to Upload Page"></center></td>
</tr>
</table>
Uploads folder must have file permissions of 777
But i also found this code at:
http://www.w3schools.com/php/php_file_upload.asp
It's supposed to put restricions on it but I can't figure out how to apply it to my upload script
Code: Select all
<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
?>
Re: multiple file upload
Posted: Fri Oct 24, 2008 11:57 am
by awiedman
If anyone could help that'de be great.

Re: multiple file upload
Posted: Fri Oct 24, 2008 12:47 pm
by TheBrandon
Just try using these parts:
Code: Select all
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
If you're using the $_FILES super global (which it looks like you are) then you just have to make an if/else for the filetype.
Basically, if the $_FILES super global's type is image/gif, do this.
Do a print_r($_FILES); in your script. It really opened my eyes to WHY that code worked and what data it contained.
I had to tackle a project similar to this and it drove me crazy because I didn't understand the $_FILES global array.
Try something like this:
Code: Select all
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td></tr>
<tr>
<td>
<?php
$target_path = "/home/rphost/public_html/upload/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
//////////////////////////////////////
if ((($_FILES["file"]["type"] == "image/gif"){
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
//////////////////////////////////////
}else{
echo "Sorry, not the write file type.";
}
?>
</td>
</tr>
<tr>
<td>
<br>
<small>File Name:</small><br>
<?php echo "<input type='text' size='25' onclick='javascript:select();' value='". basename( $_FILES['uploadedfile']['name']).
"'>";?>
<br>
Preview:<br>
<?php echo "<img src='http://rphosting.net/uploads/". basename( $_FILES['uploadedfile']['name']).
"'>";?></td>
</tr>
<tr>
<td><center><form action="index.php" method="post"><input type="submit" value="Return to Upload Page"></center></td>
</tr>
</table>
Re: multiple file upload
Posted: Sat Oct 25, 2008 5:01 am
by Hannes2k
Hi,
please
don't use this:
Code: Select all
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
The 'type' of a file is send by the http header, so you can easily modify it and upload e.g. a '.php' file with image/jpeg as type (just modify the header your browser send, there are many firefox plugins for this purpose).
To make sure, that someone can just upload mp3, gif and jpg files, check the extension:
Code: Select all
$ext = strrchr($_FILES["file"]["name], ".");
echo "Extension: $ext"; //I hope this work
But this is also insecure, because you can just change the file extension. (Change the extension of e.g. a html File to .gif and open this with IE6. IE6 will display correct html file. If the .html file now contains some javascript, you can redirect users who view this image or infect the user with a trojan horse).
So for images you can use:
Code: Select all
$info = getimagesize($_FILES['datei']['tmp_name']);
if($info[2] == IMAGETYPE_GIF || $info[2] == IMAGETYPE_JPEG)
echo "Thats an image!";
But this doesn't work for mp3.
So you have to move the uploaded files into a seperated folder, where the direct access is not possible (e.g. put a .htaccess with 'deny from all' into the folder). The user than can access the file via a php-script, which sends the correct mime header depending on the file extension.