SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    May 2014
    Posts
    7
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    PHP secure PDF upload

    Hello guys,

    I'm trying to develop upload script which i have made referenced to other tutorials available on the net. i was wondering if this is clean and secured script?

    Code:
    <html>
    
    <head>
    
    <title>PHP Upload Test</title>
    
    </head>
    
    <body>
    
    <form action ="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
        File: <input type="file" name="file" size="30"> <input type="submit" value="upload">
        </form>
    
    <?php
    
    $allowedExts = array("pdf");
    $extension = end(explode(".", $_FILES["file"]["name"]));
    
    if ((($_FILES["file"]["type"] == "application/pdf")) && ($_FILES["file"]["size"] < 5243000) && in_array($extension, $allowedExts)) {
    
        if ($_FILES["file"]["error"] > 0) {
            echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
        }
        else
        {
            echo "you have successfully upload your note" . "<br>";
            
            if (file_exists("fileupload/" . $_FILES["file"]["name"]))
            {
                echo $_FILES["file"]["name"] . " the file you are trying to upload is already exists. ";
            }
            else
            {
                move_uploaded_file($_FILES["file"]["tmp_name"], "fileupload/" . $_FILES["file"]["name"]);
                echo "you have succesfully upload your note! ";
            }
        }
    }
    else
    {
        echo "Please upload your file in PDF only";
    }
    
    ?>
    
    </body>
    
    </html>

  2. #2
    SitePoint Member
    Join Date
    May 2014
    Posts
    7
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    hi all,

    i have made and update to my script. but i'm still getting warning where the uploaded file cannot be moved to my server upload folder.

    below is my folder directory:

    C:\xampp\htdocs\uplodednotes\upload\aclass\dave

    I have tried change the above upload path to "C:\xampp\htdocs\uplodednotes" and it works fine. But when i'm putting more sub-folder like the above directory, below is the warnings i've encountered

    Warning: move_uploaded_file(uplodednotes/upload/aclass/dave/skippMay.pdf): failed to open stream: No such file or directory in C:\xampp\htdocs\uplodednotes\upload\upen.php on line 48

    Warning: move_uploaded_file(): Unable to move 'C:\xampp\tmp\phpAB9E.tmp' to 'uplodednotes/upload/aclass/dave/skippMay.pdf' in C:\xampp\htdocs\uplodednotes\upload\upen.php on line 48
    you have successfully uploaded your note!skippMay.pdf

    I'm sure to have made the folder named "dave" has write permission. Any advise of what went wrong would be much appreciated..

    Code:
    <?php
    
    $fileName = $_FILES['filename']['name'];//file name from the HTML form
    $fileTmpLoc = $_FILES['filename']['tmp_name'];//file in the PHP tmp folder
    $fileDirectory = 'uplodednotes/upload/aclass/dave/'. basename( $_FILES['filename']['name']);//location where files to be uploaded
    $fileType = $_FILES['filename']['type'];//type of files to be uploaded
    $allowed_ext = 'application/pdf'; // allowable file-type
    $fileSize = $_FILES['filename']['size'];//file size limitation
    $fileError = $_FILES['filename']['error'];//error message code
    
    if(!$fileTmpLoc)
        {
            echo "ERROR: Please select a file before clicking submit button.";
            exit();
        }
        else
            if(!$fileSize > 5242880)
            {
                echo "Warning: Please ensure file size is less than 5 Megabytes";
    
                unlink($fileTmpLoc);
                exit();
            }
            else
                if($allowed_ext != $allowed_ext)
                {
                    echo "Warning: Please upload your note in PDF file type only";
                    unlink($fileTmpLoc);
                    exit();
                }
                else
                    if($fileError > 0)
                    {
                        echo "ERROR: An error occurred while processing the file. Please try again.";
                        unlink($fileTmpLoc);
    					exit();
    				}
    				else
    				
    	// End PPHP file checking			
        {
        if(file_exists('uplodednotes/upload/aclass/dave/' . $fileName))
        {
            echo $fileName . " already exists. ";
        }
        else
        {
    		move_uploaded_file($fileTmpLoc, 'uplodednotes/upload/aclass/dave/' . $fileName);
    		echo "you have successfully uploaded your note!" . $fileName;
        }
    	}
    ?>


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •