faulty file upload script
Posted: Wed Dec 24, 2008 11:13 pm
Season's Greetings php technorati! Ok, here is the two problems with the below script:
1-it does not remove the old file in the directory inspite of the unlink function.
2- when it creates a new file name to be stored in the MySQL db it gets the correct file type
(doc or pdf) but it leaves out the "." between the file name and file type!?!
I can't figure it out. Please help! here is the code:
PS: Oh I should mention that I am trying to adapt a image upload class into a file upload class.
thanks in advance.
Batoe
1-it does not remove the old file in the directory inspite of the unlink function.
2- when it creates a new file name to be stored in the MySQL db it gets the correct file type
(doc or pdf) but it leaves out the "." between the file name and file type!?!
Code: Select all
<?php
/*
- PHP5 Image upload script
*/
class imageupload
{
//pblic variables
public $path = '';
public $errorStr = '';
public $imgurl = '';
//private variables
private $_errors = array();
private $_params = array();
private $_lang = array();
private $_maxsize = 1048576;
public $_im_status = false;
//public methods
public function __construct ()
{
require 'config_2.php';
$this->_types = $types;
$this->_lang = $lang;
$this->_upload_dir = $upload_dir;
$this->_maxsize = $maxsize;
$this->path = $PHP_SELF;
if (is_array($_FILES['__upload']))
{
$this->_params = $_FILES['__upload'];
if (function_exists('exif_filetype'))
$this->_doSafeUpload();
else
$this->_doUpload();
if (count($this->_errors) > 0)
$this->_errorMsg();
}
}
public function allowTypes ()
{
$str = '';
if (count($this->_types) > 0) {
$str = 'Allowed types: (';
$str .= implode(', ', $this->_types);
$str .= ')';
}
return $str;
}
// private methods
private function _doSafeUpload ()
{
preg_match('/\.([a-zA-Z]+?)$/', $this->_params['name'], $matches);
if (exif_filetype($this->_params['tmp_name']) && in_array(strtolower($matches[1]), $this->_types))
{
if ($this->_params['size'] > $this->_maxsize)
$this->_errors[] = $this->_lang['E_SIZE'];
else
$this->_im_status = true;
if ($this->_im_status == true)
{
$ext = substr($this->_params['name'], -4);
$this->new_name = md5(time()).$ext;
$file_stat= $_POST['file_stat'];
$userID= $_POST['userID'];
$file_name = $this->new_name;
mysql_connect('************************', 'js_info', '*******************') or die(mysql_error());
mysql_select_db('js_info') or die(mysql_error());
$select_query="SELECT file_name from js_resume WHERE userID = '$userID' ";
$select_result = mysql_query($select_query) or die(mysql_query());
if(mysql_num_rows($select_result) > 0)
{
$imgrow=mysql_fetch_assoc($select_result);
$imgfilename=$imgrow['file_name'];
unlink($this->_upload_dir.$imgfilename);
}
$query = "UPDATE js_resume SET file_name = '$file_name', file_stat = '$file_stat' WHERE userID = '$userID'";
$result = mysql_query($query) or die(mysql_query());
mysql_close();
move_uploaded_file($this->_params['tmp_name'], $this->_upload_dir.$this->new_name);
$this->imgurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).$this->_upload_dir.$this->new_name;
}
}
else
$this->_errors[] = $this->_lang['E_TYPE'];
}
private function _doUpload ()
{
preg_match('/\.([a-zA-Z]+?)$/', $this->_params['name'], $matches);
if(in_array(strtolower($matches[1]), $this->_types))
{
if ($this->_params['size'] > $this->_maxsize)
$this->_errors[] = $this->_lang['E_SIZE'];
else
$this->_im_status = true;
if ($this->_im_status == true)
{
$ext = substr($this->_params['name'], -3);
$this->new_name = md5(time()).$ext;
$file_stat= $_POST['file_stat'];
$userID= $_POST['userID'];
$file_name = $this->new_name;
mysql_connect('***************', 'js_info', '****************') or die(mysql_error());
mysql_select_db('js_info') or die(mysql_error());
$select_query="SELECT file_name from js_resume WHERE userID = '$userID' ";
$select_result = mysql_query($select_query) or die(mysql_query());
if(mysql_num_rows($select_result) > 0)
{
$imgrow=mysql_fetch_assoc($select_result);
$imgfilename=$imgrow['file_name'];
unlink($this->_upload_dir.$imgfilename);
}
$query = "UPDATE js_resume SET file_name = '$file_name', file_stat = '$file_stat' WHERE userID = '$userID'";
$result = mysql_query($query) or die(mysql_query());
mysql_close();
move_uploaded_file($this->_params['tmp_name'], $this->_upload_dir.$this->new_name);
$this->imgurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).$this->_upload_dir.'/'.$this->new_name;
}
}
else
$this->_errors[] = $this->_lang['E_TYPE'];
}
function _errorMsg()
{
$this->errorStr = implode('<br />', $this->_errors);
}
}
?>thanks in advance.
Batoe