Page 1 of 1

faulty file upload script

Posted: Wed Dec 24, 2008 11:13 pm
by cap2cap10
Season's Greetings php technorati! Ok, here is the two problems with the below script:

1-it does not remove the old file in the directory inspite of the unlink function.

2- when it creates a new file name to be stored in the MySQL db it gets the correct file type
(doc or pdf) but it leaves out the "." between the file name and file type!?!

:banghead: I can't figure it out. Please help! here is the code:

Code: Select all

<?php
/*
 
- PHP5 Image upload script
 
*/
 
class imageupload
{
    //pblic variables
    public $path = '';
    public $errorStr = '';
    public $imgurl = '';
 
    //private variables
    private $_errors = array();
    private $_params = array();
    private $_lang = array();
    private $_maxsize = 1048576;
 
    public $_im_status = false;
 
    //public methods
    public function __construct ()
    {
        require 'config_2.php';
        $this->_types = $types;
        $this->_lang = $lang;
        $this->_upload_dir = $upload_dir;
        $this->_maxsize = $maxsize;
 
        $this->path = $PHP_SELF;
 
        if (is_array($_FILES['__upload']))
        {
            $this->_params = $_FILES['__upload'];
            if (function_exists('exif_filetype'))
                $this->_doSafeUpload();
            else
                $this->_doUpload();
 
            if (count($this->_errors) > 0)
                $this->_errorMsg();
        }
    }
 
    public function allowTypes ()
    {
        $str = '';
        if (count($this->_types) > 0) {
            $str = 'Allowed types: (';
            $str .= implode(', ', $this->_types);
            $str .= ')';
        }
 
        return $str;
    }
 
    // private methods
    private function _doSafeUpload ()
    {
        preg_match('/\.([a-zA-Z]+?)$/', $this->_params['name'], $matches);
        if (exif_filetype($this->_params['tmp_name']) && in_array(strtolower($matches[1]), $this->_types))
        {
            if ($this->_params['size'] > $this->_maxsize)
                $this->_errors[] = $this->_lang['E_SIZE'];
            else
                $this->_im_status = true;
 
            if ($this->_im_status == true)
            {
                $ext = substr($this->_params['name'], -4);
                $this->new_name = md5(time()).$ext;
 
   $file_stat= $_POST['file_stat'];
             $userID= $_POST['userID'];
             $file_name = $this->new_name;
 
             mysql_connect('************************', 'js_info', '*******************') or die(mysql_error());
             mysql_select_db('js_info') or die(mysql_error());
 
             $select_query="SELECT file_name from js_resume WHERE userID = '$userID' ";
 
              $select_result = mysql_query($select_query) or die(mysql_query());
 
              if(mysql_num_rows($select_result) > 0)
                {
 
                  $imgrow=mysql_fetch_assoc($select_result);
                  $imgfilename=$imgrow['file_name'];
 
                  unlink($this->_upload_dir.$imgfilename);
 
                }
 
             $query = "UPDATE js_resume SET file_name = '$file_name', file_stat = '$file_stat' WHERE userID = '$userID'";
 
             $result = mysql_query($query) or die(mysql_query());
             mysql_close();
 
                move_uploaded_file($this->_params['tmp_name'], $this->_upload_dir.$this->new_name);
 
                $this->imgurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).$this->_upload_dir.$this->new_name;
            }
        }
        else
            $this->_errors[] = $this->_lang['E_TYPE'];
    }
 
    private function _doUpload ()
    {
        preg_match('/\.([a-zA-Z]+?)$/', $this->_params['name'], $matches);
        if(in_array(strtolower($matches[1]), $this->_types))
        {
            if ($this->_params['size'] > $this->_maxsize)
                $this->_errors[] = $this->_lang['E_SIZE'];
            else
                $this->_im_status = true;
 
            if ($this->_im_status == true)
            {
                $ext = substr($this->_params['name'], -3);
                $this->new_name = md5(time()).$ext;
                $file_stat= $_POST['file_stat'];
             $userID= $_POST['userID'];
             $file_name = $this->new_name;
 
             mysql_connect('***************', 'js_info', '****************') or die(mysql_error());
             mysql_select_db('js_info') or die(mysql_error());
 
              $select_query="SELECT file_name from js_resume WHERE userID = '$userID' ";
 
              $select_result = mysql_query($select_query) or die(mysql_query());
 
              if(mysql_num_rows($select_result) > 0)
                {
 
                  $imgrow=mysql_fetch_assoc($select_result);
                  $imgfilename=$imgrow['file_name'];
 
                  unlink($this->_upload_dir.$imgfilename);
 
                }
 
              $query = "UPDATE js_resume SET file_name = '$file_name', file_stat = '$file_stat' WHERE userID = '$userID'";
 
             $result = mysql_query($query) or die(mysql_query());
             mysql_close();
 
            move_uploaded_file($this->_params['tmp_name'], $this->_upload_dir.$this->new_name);
 
                $this->imgurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).$this->_upload_dir.'/'.$this->new_name;
 
 
            }
        }
        else
            $this->_errors[] = $this->_lang['E_TYPE'];
    }
 
    function _errorMsg()
    {
        $this->errorStr = implode('<br />', $this->_errors);
    }
}
 
?>
PS: Oh I should mention that I am trying to adapt a image upload class into a file upload class.

thanks in advance.

Batoe

Re: faulty file upload script

Posted: Thu Dec 25, 2008 1:23 am
by requinix
1. $upload_dir (in config_2.php I guess) needs to have a / at the end.

2. Line 122: change that -3 to a -4.

Re: faulty file upload script

Posted: Thu Dec 25, 2008 9:28 am
by cap2cap10
Thanks! It worked like a charm. :drunk:

Happy Holidays!!

Batoe