Capture log-in name, rename & move file

**ChrisjChrisj** · Jun 8, 2007 11:33

I have an upload page script (not created by me). On the upload page a Browse Box appears along with a Submit Button.

Also, the logged-in User Name appears on the page, because of the line of code:
<?php ECHO $account->get_user_name(); ?>

How can I add the functionality where the uploaded file is automatically renamed with the logged-in User's Name (but the uploaded file keeps the same file extension?

On this forum someone directed me to a php Rename example as shown here:
<?php
rename("/tmp/tmp_file.txt", "/home/user/login/docs/my_file.txt");
?>

How can this line of code be modified to capture the User Name and make it the (uploaded) file name?

And then move it to a certain directory?

Someone suggested this line of code:

move_uploaded_file([uploadedfile],[path/to/filename.ext]);

Can someone please provide an example of how I can make all this happen together?

Thank you.

**php_daemon** · Jun 8, 2007 16:31

Assuming that the file input has a name 'file':

Code php:

$ext=pathinfo($_FILES['file']['name'],PATHINFO_EXTENSION);
move_uploaded_file($_FILES['file']['tmp_name'],'path/to/'.$account->get_user_name().'.'.$ext);

Note that $account->get_user_name() should be validated.

**ChrisjChrisj** · Jun 8, 2007 20:04

Thank you for your reply.

Could you please explain, for my education, what this code does, please?
And when you say "$account->get_user_name() should be validated", would you mind telling me what that means. Is that something I need to do? Thanks

**php_daemon** · Jun 9, 2007 05:36

pathinfo gets the extension of a file, that you want to keep.

move_uploaded_file, as the name suggests, moves the uploaded file to the specified path.

If you're aware of the string concatenation, 'path/to/'.$account->get_user_name().'.'.$ext would produce somthing like 'path/to/someuser.jpg'

For validation I mean, the username should not contain characters that may affect the expected behavior of the code, such as ../ would change the destination directory one level up.

**ChrisjChrisj** · Jun 9, 2007 09:05

Thanks so much for enlightening me. I greatly appreciate it.

I hope I'm not a pest to ask an additional question.

$ext=pathinfo($_FILES['file']['name'],PATHINFO_EXTENSION);move_uploaded_file($_FILES['file']['tmp_name'],'path/to/'.$account->get_user_name().'.'.$ext);

I'm not so clear on where I'd add where the files move to.

And, once a file gets uploaded this code will automatically change the name of the file to the User Name, keep the extension, and move it to the location specified, as is? Or is there something I need to add, modify or substitute?

Thanks again so much for any help.

**php_daemon** · Jun 9, 2007 09:24

Hard to say without seeing your code, but place it wherever you check if the file is uploaded.

All you need to change is 'path/to'.

**luigifalco** · Jun 9, 2007 11:37

i typed in my membersarea index page:
<?php ECHO $account->get_user_name(); ?>

result:
Fatal error: Call to a member function on a non-object in /home/smarttra/public_html/membersarea/index.php on line 47

**php_daemon** · Jun 9, 2007 11:39

luigifalco, unless you're running the same application as Chris, you will get nothing but that error.

**luigifalco** · Jun 9, 2007 11:44

php_daemon

pls check priv msg i sent u my problem and the site is smarttrax.biz

**ChrisjChrisj** · Jun 10, 2007 16:06

Thanks again so much for your help. I really appreciate it.
I added your code to this file, which is where I believe it should go, but I'm guessing. It didn't change the file name. So I am hoping you could please just look this file over. You'll see that the code shows a directory named "Files" that upload files are sent to. So I don't know if the code you provided to me conflicts with this code or not. Or if your code should replace some code in the file I've pasted below (without your code). If you could look at it and give me your expert opinion, I'd be very grateful Thanks.

<?
// Begin options

$allow_file_deletion = false; // To allow visitors to delete files, leave this at true; otherwise, change it to false

$file_extensions = array(".doc", ".rtf", ".htm", ".html", ".pdf", ".txt"); // Add or delete the file extensions you want to allow

$file_extensions_list = ".doc, .rtf, .htm, .html, .pdf, .txt"; // Type the same as above, without the quotes separating them

$max_length = 30; // The maximum character length for a file name

$maximum_file_size = "2048000"; // In bytes

$upload_log_file = "upload_log.txt"; // Change this to the log file you want to use

// End options

$folder_directory = "http://".$_SERVER["HTTP_HOST"].dirname($_SERVER["PHP_SELF"]);
$message = "";
$set_chmod = 0;
$site_uri = "http://".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"];
$upload_directory = "files/";
$upload_uri = $folder_directory."/files/";

if($allow_file_deletion == true) $status = "enabled";
else $status = "disabled";

if($_REQUEST["delete"] && $allow_file_deletion) {
$resource = fopen($upload_log_file,"a");
fwrite($resource,date("F d, Y / h:i:sa")." - ".$_REQUEST["delete"]." deleted by ".$_SERVER["REMOTE_ADDR"]."\n");
fclose($resource);

if(strpos($_REQUEST["delete"],"/.") > 0);
elseif(strpos($_REQUEST["delete"],$upload_directory) === false);
elseif(substr($_REQUEST["delete"],0,6) == $upload_directory) {
unlink($_REQUEST["delete"]);
$message = "File has been deleted.";
header("Location: $site_uri?message=$message");
}
}

elseif($_FILES["userfile"]) {
$resource = fopen($upload_log_file,"a");
fwrite($resource,date("F d, Y / h:i:sa")." - ".$_FILES["userfile"]["name"]." "
.$_FILES["userfile"]["type"]." uploaded by ".$_SERVER["REMOTE_ADDR"]."\n");
fclose($resource);

$file_type = $_FILES["userfile"]["type"];
$file_name = $_FILES["userfile"]["name"];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));
@chmod($upload_uri."".$file_name, 0755);
if($_FILES["userfile"]["size"] > $maximum_file_size) {
$message = "ERROR: File size cannot be over ".$maximum_file_size." bytes.";
}

elseif($file_name == "") $message = "ERROR: Please select a file to upload.";
elseif(strlen($file_name > $max_length)) $message = "ERROR: The maximum length for a file name is ".$max_length." characters.";
elseif(!preg_match("/^[A-Z0-9_.\- ]+$/i",$file_name)) $message = "ERROR: Your file name contains invalid characters.";
elseif(!in_array($file_ext, $file_extensions))
$message = "ERROR: <ins>$file_ext</ins> is not an allowed file extension.";
else $message = upload_file($upload_directory, $upload_uri);
header("Location: $site_uri?message=$message");
}

elseif(!$_FILES["userfile"]);
else $message = "ERROR: Invalid file specified.";

$open = opendir($upload_directory);
$uploaded_files = "";
while($file = readdir($open)) {
if(!is_dir($file) && !is_link($file)) {
$uploaded_files .= " <tr>
<td style=\"background: #fff; color: #000; text-align: left; width: 70%\"><a href=\"$upload_directory$file\" title=\"$file (".filesize($upload_directory."".$file)." bytes)\">".$file."</a> (".filesize($upload_directory."".$file)." bytes)</td>";
if($allow_file_deletion)
$uploaded_files .= "
<td style=\"background: #fff; color: #000; text-align: right; width: 30%\"><a href=\"?delete=$upload_directory".urlencode($file)."\" title=\"Delete File\">Delete File</a></td>";
else
$uploaded_files .= "
<td style=\"background: #fff; color: #000; text-align: right; width: 30%\"><del>Delete File</del></td>";
$uploaded_files .= "
</tr>
<tr>
<td colspan=\"2\" style=\"background: #eee; color: #000; text-align: left; text-indent: 20px\">Uploaded ".date("F d, Y / h:ia", filemtime($upload_directory.$file))."</td>";
$uploaded_files .="
</tr>
";
}
}

function upload_file($upload_directory, $upload_uri) {
$file_name = $_FILES["userfile"]["name"];
$file_name = str_replace(" ","_",$file_name);
$file_path = $upload_directory.$file_name;
$temporary = $_FILES["userfile"]["tmp_name"];

$result = move_uploaded_file($temporary, $file_path);
if(!chmod($file_path,0777))
$message = "ERROR: A folder to place the files was not found, or the files need to be CHMODed to 777.";
else $message = ($result)?"File has been uploaded." : "An error has occurred.";
return $message;
}
?>

**php_daemon** · Jun 10, 2007 21:20

Code php:

function upload_file($upload_directory, $upload_uri) {
$file_name = $_FILES["userfile"]["name"];
$file_name = str_replace(" ","_",$file_name);
$ext=pathinfo($file_name,PATHINFO_EXTENSION);
$file_path = $upload_directory.$account->get_user_name().'.'.$ext;
$temporary = $_FILES["userfile"]["tmp_name"];
 
$result = move_uploaded_file($temporary, $file_path);
if(!chmod($file_path,0777))
$message = "ERROR: A folder to place the files was not found, or the files need to be CHMODed to 777.";
else $message = ($result)?"File has been uploaded." : "An error has occurred.";
return $message;
}

**ChrisjChrisj** · Jun 11, 2007 06:58

I really do appreciate your assistance, however, I did get an error when I uploaded a text file.

Fatal error: Call to a member function on a non-object in /home/public_html/FileDirectory/uploader.php on line 100

I believe this is line 100:
$file_path = $upload_directory.$account->get_user_name().'.'.$ext;

I don't know what the error means. Thanks for any assistance you can provide. I look forward to your reply.

**php_daemon** · Jun 11, 2007 07:13

Oh, yes, right. Add global $account to the function:

Code php:

function upload_file($upload_directory, $upload_uri) {
global $account;
//...

**ChrisjChrisj** · Jun 11, 2007 07:24

Thanks again for your help.

The error is gone.

However, I thought the uploaded files would be renamed and moved to the "files' directory, but I don't see them there.

Once uploaded, where do these files go?

Thanks again.

**php_daemon** · Jun 11, 2007 07:59

Should go to the files directory. Did it work correctly before the changes?

**ChrisjChrisj** · Jun 11, 2007 08:06

thanks for your prompt reply.

Yes. The uploaded files went to the files directory, prior to these changes.

**ChrisjChrisj** · Jun 11, 2007 08:09

This is what the file looks like now>
I hope I added your code correctly:

<?
// Begin options

$allow_file_deletion = false; // To allow visitors to delete files, leave this at true; otherwise, change it to false

$file_extensions = array(".doc", ".rtf", ".htm", ".html", ".pdf", ".txt"); // Add or delete the file extensions you want to allow

$file_extensions_list = ".doc, .rtf, .htm, .html, .pdf, .txt"; // Type the same as above, without the quotes separating them

$max_length = 30; // The maximum character length for a file name

$maximum_file_size = "2048000"; // In bytes

$upload_log_file = "upload_log.txt"; // Change this to the log file you want to use

// End options

$folder_directory = "http://".$_SERVER["HTTP_HOST"].dirname($_SERVER["PHP_SELF"]);
$message = "";
$set_chmod = 0;
$site_uri = "http://".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"];
$upload_directory = "files/";
$upload_uri = $folder_directory."/files/";

if($allow_file_deletion == true) $status = "enabled";
else $status = "disabled";

if($_REQUEST["delete"] && $allow_file_deletion) {
$resource = fopen($upload_log_file,"a");
fwrite($resource,date("F d, Y / h:i:sa")." - ".$_REQUEST["delete"]." deleted by ".$_SERVER["REMOTE_ADDR"]."\n");
fclose($resource);

if(strpos($_REQUEST["delete"],"/.") > 0);
elseif(strpos($_REQUEST["delete"],$upload_directory) === false);
elseif(substr($_REQUEST["delete"],0,6) == $upload_directory) {
unlink($_REQUEST["delete"]);
$message = "File has been deleted.";
header("Location: $site_uri?message=$message");
}
}

elseif($_FILES["userfile"]) {
$resource = fopen($upload_log_file,"a");
fwrite($resource,date("F d, Y / h:i:sa")." - ".$_FILES["userfile"]["name"]." "
.$_FILES["userfile"]["type"]." uploaded by ".$_SERVER["REMOTE_ADDR"]."\n");
fclose($resource);

$file_type = $_FILES["userfile"]["type"];
$file_name = $_FILES["userfile"]["name"];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));
@chmod($upload_uri."".$file_name, 0755);
if($_FILES["userfile"]["size"] > $maximum_file_size) {
$message = "ERROR: File size cannot be over ".$maximum_file_size." bytes.";
}

elseif($file_name == "") $message = "ERROR: Please select a file to upload.";
elseif(strlen($file_name > $max_length)) $message = "ERROR: The maximum length for a file name is ".$max_length." characters.";
elseif(!preg_match("/^[A-Z0-9_.\- ]+$/i",$file_name)) $message = "ERROR: Your file name contains invalid characters.";
elseif(!in_array($file_ext, $file_extensions))
$message = "ERROR: <ins>$file_ext</ins> is not an allowed file extension.";
else $message = upload_file($upload_directory, $upload_uri);
header("Location: $site_uri?message=$message");
}

elseif(!$_FILES["userfile"]);
else $message = "ERROR: Invalid file specified.";

$open = opendir($upload_directory);
$uploaded_files = "";
while($file = readdir($open)) {
if(!is_dir($file) && !is_link($file)) {
$uploaded_files .= " <tr>
<td style=\"background: #fff; color: #000; text-align: left; width: 70%\"><a href=\"$upload_directory$file\" title=\"$file (".filesize($upload_directory."".$file)." bytes)\">".$file."</a> (".filesize($upload_directory."".$file)." bytes)</td>";
if($allow_file_deletion)
$uploaded_files .= "
<td style=\"background: #fff; color: #000; text-align: right; width: 30%\"><a href=\"?delete=$upload_directory".urlencode($file)."\" title=\"Delete File\">Delete File</a></td>";
else
$uploaded_files .= "
<td style=\"background: #fff; color: #000; text-align: right; width: 30%\"><del>Delete File</del></td>";
$uploaded_files .= "
</tr>
<tr>
<td colspan=\"2\" style=\"background: #eee; color: #000; text-align: left; text-indent: 20px\">Uploaded ".date("F d, Y / h:ia", filemtime($upload_directory.$file))."</td>";
$uploaded_files .="
</tr>
";
}
}
function upload_file($upload_directory, $upload_uri) {global $account;
$file_name = $_FILES["userfile"]["name"];
$file_name = str_replace(" ","_",$file_name);
$ext=pathinfo($file_name,PATHINFO_EXTENSION);
$file_path = $upload_directory.$account->get_user_name().'.'.$ext;
$temporary = $_FILES["userfile"]["tmp_name"];

$result = move_uploaded_file($temporary, $file_path);
if(!chmod($file_path,0777))
$message = "ERROR: A folder to place the files was not found, or the files need to be CHMODed to 777.";
else $message = ($result)?"File has been uploaded." : "An error has occurred.";
return $message;
}
?>

**ChrisjChrisj** · Jun 12, 2007 14:21

It seems I've solved this mystery. Your code IS working in the Upload page. It seems there was one file in the /files/ directory with the user name, and because I was testing this with the same User Name, files were being renamed, but weren't being allowed into the /files/ directory because there was already one single file with that same name.

So I don't know where the disallowed files were going, but obviously I need to empty the /files/ directory often.

Would you be interested in telling me how I might direct files to an email address instead of the /files/ directory? So the several files, with the same name, could be stored? Or you may have another (better) idea?

Thanks again.