Upload script help

andrewjs18 · April 28, 2010, 12:25pm

Hello all…my php knowledge isn’t advanced enough to fully write any decent php scripts so I found this upload script online and I can’t seem to get it to work right. here’s the code:


<?php
   // Configuration - Your Options
      $allowed_filetypes = array('.jpg','.gif','.bmp','.png','.jpeg',); // These will be the types of file that will pass the validation.
      $max_filesize = 3145728; // Maximum filesize in BYTES (currently 0.5MB).
      $upload_path = 'removed for security'; // The place the files will be uploaded to (currently a 'files' directory).
 
   $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
   $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
 
   // Check if the filetype is allowed, if not DIE and inform the user.
   if(!in_array($ext,$allowed_filetypes))
      die('The file you attempted to upload is not allowed.');
 
   // Now check the filesize, if it is too large then DIE and inform the user.
   if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
      die('The file you attempted to upload is too large.');
 
   // Check if we can upload to the specified path, if not DIE and inform the user.
   if(!is_writable($upload_path))
      die('You cannot upload to the specified directory, please CHMOD it to 777.');
 
   // Upload the file to your specified path.
   if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))
         echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked.
      else
         echo 'There was an error during the file upload.  Please try again.'; // It failed :(.
 
?>

when I go to actually upload a .jpg file, it returns this:
The file you attempted to upload is not allowed.

I just checked a different file type…the file type was a .gif image from a site I manage…it gave me this error:
You cannot upload to the specified directory, please CHMOD it to 777.

the directory where the upload goes to is chmod to 777 and I have the entire path in the upload path:
public_html/X/X/X/uploads

also, while I’m asking on here…would simple adding .zip to the allowable file types allow users to upload zips?

AnthonySterling · April 28, 2010, 12:32pm

I would assum that the jp(e)g image you’re uploading contains more than 1 period (.)?

For example, my-birthday-v1.0.jpg.

This will throw the ‘validation’ this script offers.

andrewjs18 · April 28, 2010, 12:36pm

actually…it involves some spaces and 1 period…for example, the file name I was trying to upload was:
02(space)Apr.(space)28.jpg

AnthonySterling · April 28, 2010, 12:41pm

I can see 2 in that filename…

Actually.

andrewjs18 · April 28, 2010, 12:43pm

well, yes… 1 after Apr and 1 before the extension, but the 2nd 1 is normal.

I renamed the file to test.jpg and it’s returning the 2nd above mentioned error:
You cannot upload to the specified directory, please CHMOD it to 777.

edit-I got the script working…It didn’t like my uploads folder path…anyhow…how can I make it be able to process file names with a period in it?

AnthonySterling · April 28, 2010, 1:08pm

You’re welcome.

andrewjs18 · April 28, 2010, 1:14pm

I’m still wondering how to make it allow files with more than 1 period.

AnthonySterling · April 28, 2010, 1:17pm

I’m still waiting to see if you have manners.

andrewjs18 · April 28, 2010, 1:22pm

I have plenty of manners…

thanks for telling me it was failing the validation. can you please tell me how to remove the restriction of uploading files with more than 1 period?

also…would you mind telling me whether or not simply adding .zip to the allowable file types will allow users to upload zip files?

thanks!

AnthonySterling · April 28, 2010, 1:33pm

Much better. Thankyou.

Take a look at [fphp]pathinfo/fphp to obtain the extension, you’ll need to remove the periods from your $allowed_filetypes array though.

Yup, adding ‘zip’ the previously mentioned array should suffice.

andrewjs18 · April 28, 2010, 1:42pm

ok, so I removed the . before the allowed file types
$allowed_filetypes = array(‘jpg’,‘gif’,‘bmp’,‘png’,‘jpeg’,‘zip’,); // These will be the types of file that will pass the validation.

and tried uploading a file named:
04 Apr. 28.jpg

and got this error:

The file you attempted to upload is not allowed.

I assume by the pathinfo link you referenced, you’re talking about this area in the .php code?


$filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
    $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.

I’m not actually sure what to do to remove the restriction…can I simply remove strpos($filename,‘.’) ?

AnthonySterling · April 28, 2010, 2:13pm

Replace:-

if(!in_array($ext,$allowed_filetypes))

With:-

if(false === in_array(pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION), $allowed_filetypes))

andrewjs18 · April 28, 2010, 2:25pm

thank you…now let me ask you…

for my upload path, I have it set to:
$upload_path = ‘./uploads’;

it keeps dumping the photos in the ./form path which is where the upload.php file exists…if I try to do the full path to upload folder it gives me
You cannot upload to the specified directory, please CHMOD it to 777.

if I move the upload.php file into the ./uploads folder to just have it dump it right into there and specify ./uploads/upload.php it returns this:
500 error

what gives?!!?!