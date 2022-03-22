Here is the upload process code:
<?php
session_start();
//This page uploads the user's MT4 statement, Changes the file name to a distincrive user-related name, and moves it to uploads folder
if(isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])){
// Get user id to concatenate with detaoled statement to get user unique file name
$user_id = $_SESSION['user_id'];
$_SESSION['upload_time'] = date("Y-m-d-h-i-s");
// Check if submit button in upload file form was clicked
if(isset($_POST['submit'])){
// Get file data aray
$file = $_FILES['fileToUpload'];
$fileName = $_FILES['fileToUpload']['name'];
$fileTmpName = $_FILES['fileToUpload']['tmp_name'];
$fileSize = $_FILES['fileToUpload']['size'];
$fileError = $_FILES['fileToUpload']['error'];
$fileTYpe = $_FILES['fileToUpload']['type'];
// Get uploaded file extention
$fileExt = explode('.', $fileName);
$fileActualExt = strtolower(end($fileExt));
// Create an array of allowed file extensions
$allowed = array('htm', 'html');
// Check if file is a correct file type
if(in_array($fileActualExt, $allowed)){
//File extention O.K., CHock for upload errors
if($fileError ===0){
//No upload errors, check file size
if($fileSize < 300000){
// All O.K.
//Change file name to a distinct user related file name
$fileNameNew = $user_id.$_SESSION['upload_time'].'.'.$fileActualExt;
//Move file to uploads folder
//var_dump($fileNameNew);
//die();
$fileDestination = "uploads/".$fileNameNew;
move_uploaded_file($fileTmpName, $fileDestination);
//Process statement data
header("Location: insert_data_to_db_balance_ver2.php");
}else { //End filesize
$_SESSION['upload_error'] = "Upload error: file size too big";
header("Location: ../upload_statement.php"); // File is too big
exit();
}
} else { //End file error
$_SESSION['upload_error'] = "Upload error: upload process failure";
header("Location: ../upload_statement.php");
exit();
}
}else { //End extension
$_SESSION['upload_error'] = "Upload error: wrong file type";
header("Location: ../upload_statement.php");
exit();
}
}// Endif(isset($_POST['submit'])
}else // End isset($_SESSION['user_id'])
{
header("Location: ../ooops.php");
}
?>
And here is the relevant problematic code of the file insert_data_to_db_balance_ver2.php
<?php
if(!isset($_SESSION['user_id'])){
session_start();
}
$user_id = $_SESSION['user_id'];
//var_dump($user_id);
//Insert statement into a string
//require 'uploads/'.$user_id.$_SESSION['upload_time'].'.html';
$path = __DIR__.$user_id.$_SESSION['upload_time'].".html";
file_get_contents($path, "r+") or die("Unable to open file!");
and here is a link to a typical statement being uploaded
detailedstatement.html (23.9 KB)
And here is a screenshot of the folder containing both quoted files and uploads folder