faulty file upload script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

faulty file upload script

Post by cap2cap10 »

Season's Greetings php technorati! Ok, here is the two problems with the below script:

1-it does not remove the old file in the directory inspite of the unlink function.

2- when it creates a new file name to be stored in the MySQL db it gets the correct file type
(doc or pdf) but it leaves out the "." between the file name and file type!?!

:banghead: I can't figure it out. Please help! here is the code:

Code: Select all

<?php
/*
 
- PHP5 Image upload script
 
*/
 
class imageupload
{
    //pblic variables
    public $path = '';
    public $errorStr = '';
    public $imgurl = '';
 
    //private variables
    private $_errors = array();
    private $_params = array();
    private $_lang = array();
    private $_maxsize = 1048576;
 
    public $_im_status = false;
 
    //public methods
    public function __construct ()
    {
        require 'config_2.php';
        $this->_types = $types;
        $this->_lang = $lang;
        $this->_upload_dir = $upload_dir;
        $this->_maxsize = $maxsize;
 
        $this->path = $PHP_SELF;
 
        if (is_array($_FILES['__upload']))
        {
            $this->_params = $_FILES['__upload'];
            if (function_exists('exif_filetype'))
                $this->_doSafeUpload();
            else
                $this->_doUpload();
 
            if (count($this->_errors) > 0)
                $this->_errorMsg();
        }
    }
 
    public function allowTypes ()
    {
        $str = '';
        if (count($this->_types) > 0) {
            $str = 'Allowed types: (';
            $str .= implode(', ', $this->_types);
            $str .= ')';
        }
 
        return $str;
    }
 
    // private methods
    private function _doSafeUpload ()
    {
        preg_match('/\.([a-zA-Z]+?)$/', $this->_params['name'], $matches);
        if (exif_filetype($this->_params['tmp_name']) && in_array(strtolower($matches[1]), $this->_types))
        {
            if ($this->_params['size'] > $this->_maxsize)
                $this->_errors[] = $this->_lang['E_SIZE'];
            else
                $this->_im_status = true;
 
            if ($this->_im_status == true)
            {
                $ext = substr($this->_params['name'], -4);
                $this->new_name = md5(time()).$ext;
 
   $file_stat= $_POST['file_stat'];
             $userID= $_POST['userID'];
             $file_name = $this->new_name;
 
             mysql_connect('************************', 'js_info', '*******************') or die(mysql_error());
             mysql_select_db('js_info') or die(mysql_error());
 
             $select_query="SELECT file_name from js_resume WHERE userID = '$userID' ";
 
              $select_result = mysql_query($select_query) or die(mysql_query());
 
              if(mysql_num_rows($select_result) > 0)
                {
 
                  $imgrow=mysql_fetch_assoc($select_result);
                  $imgfilename=$imgrow['file_name'];
 
                  unlink($this->_upload_dir.$imgfilename);
 
                }
 
             $query = "UPDATE js_resume SET file_name = '$file_name', file_stat = '$file_stat' WHERE userID = '$userID'";
 
             $result = mysql_query($query) or die(mysql_query());
             mysql_close();
 
                move_uploaded_file($this->_params['tmp_name'], $this->_upload_dir.$this->new_name);
 
                $this->imgurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).$this->_upload_dir.$this->new_name;
            }
        }
        else
            $this->_errors[] = $this->_lang['E_TYPE'];
    }
 
    private function _doUpload ()
    {
        preg_match('/\.([a-zA-Z]+?)$/', $this->_params['name'], $matches);
        if(in_array(strtolower($matches[1]), $this->_types))
        {
            if ($this->_params['size'] > $this->_maxsize)
                $this->_errors[] = $this->_lang['E_SIZE'];
            else
                $this->_im_status = true;
 
            if ($this->_im_status == true)
            {
                $ext = substr($this->_params['name'], -3);
                $this->new_name = md5(time()).$ext;
                $file_stat= $_POST['file_stat'];
             $userID= $_POST['userID'];
             $file_name = $this->new_name;
 
             mysql_connect('***************', 'js_info', '****************') or die(mysql_error());
             mysql_select_db('js_info') or die(mysql_error());
 
              $select_query="SELECT file_name from js_resume WHERE userID = '$userID' ";
 
              $select_result = mysql_query($select_query) or die(mysql_query());
 
              if(mysql_num_rows($select_result) > 0)
                {
 
                  $imgrow=mysql_fetch_assoc($select_result);
                  $imgfilename=$imgrow['file_name'];
 
                  unlink($this->_upload_dir.$imgfilename);
 
                }
 
              $query = "UPDATE js_resume SET file_name = '$file_name', file_stat = '$file_stat' WHERE userID = '$userID'";
 
             $result = mysql_query($query) or die(mysql_query());
             mysql_close();
 
            move_uploaded_file($this->_params['tmp_name'], $this->_upload_dir.$this->new_name);
 
                $this->imgurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).$this->_upload_dir.'/'.$this->new_name;
 
 
            }
        }
        else
            $this->_errors[] = $this->_lang['E_TYPE'];
    }
 
    function _errorMsg()
    {
        $this->errorStr = implode('<br />', $this->_errors);
    }
}
 
?>
PS: Oh I should mention that I am trying to adapt a image upload class into a file upload class.

thanks in advance.

Batoe
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: faulty file upload script

Post by requinix »

1. $upload_dir (in config_2.php I guess) needs to have a / at the end.

2. Line 122: change that -3 to a -4.
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Re: faulty file upload script

Post by cap2cap10 »

Thanks! It worked like a charm. :drunk:

Happy Holidays!!

Batoe
Post Reply