File upload script in PHP - File check fails.

PyroSama · January 9th, 2006, 03:52 PM

I am working on an upload script in PHP but it has some issues that I cant seem to resolve....

Every file I attempt to upload fails the file extention check and returns an error message. If some one would take a few moments to find the obvious mistake that I have made some place it would be much apricciated.

http://srcbin.com/viewcode.php?id=95

Implemented at http://www.srcbin.com/upload.php

Thanks,
PyroSama

VHockey86 · January 9th, 2006, 04:04 PM

put some echo statements in to see what its actually getting from

Code:

$file_ext = strtolower(substr($file_name, "."));

, cause I'm not sure if that substr command is right.

seems like all you need is

Code:

strtolower(substr($file_name, strlen($file_name)-4));

PyroSama · January 9th, 2006, 04:40 PM

I echo'd $file_ext and it returned the full name of the file I am attempting to upload when using your snippet it always returns the error that the file already exists (checks md5 vs database)

PyroSama

VHockey86 · January 9th, 2006, 05:03 PM

so let me get this straight... you are using the md5 output of the file itself, or the md5 of the filename as the name in the database?

large_nostril · January 9th, 2006, 05:55 PM

Try using this modified code... it should fix your extension issue, and your 'timeout' issue

PHP Code:

  <?

// Database Configuration

require("config.php");

 
//Set .INI params to support uploading

ini_set('post_max_size', 5242880);    // Set upload limit (5MB)

ini_set('upload_max_filesize', 5242880);    // Enforce upload limit

ini_set('max_execution_time', 2400);    // Increase 'timeout' time

 
//Set Variables

$uploadpath = 'uploads/files/';    // Directory For File Uploads

$upload = $_POST['file'];        // Code Field

$recipiant_email = $_POST['tbEmail22'];    // Email of Recipiant

$recipiant = $_POST['tbEmail2'];    // Recipiant Name

$comments = $_POST['textarea2'];    // File Comments

$type = $_POST['select'];    // File Type

$file_hash = md5($upload);    // Hash for File Name

$file_upload_hash = $uploadpath . $file_hash;    // Hash Path/File

$file = $_POST['file'];    // File Name

$file_name = $uploadpath . $file;    // Path/Name

$legal_extentions = array("zip","rar","gz","7z");    // Legal File Extentions

$file_size = '5242880';    // Maximum File Size - 5 MB

 
// Start PHP session cookie for users later on.

session_start();

 
// If connection fails...

if (!$conn){

    exit("Connection Failed: The server is down. Sorry for the dellay, please try again.");    // Print error message.

}

 
// Not sure but does this do what I did above?

@mysql_select_db("srcbin_srcbin") or die("Unexpected database error!");

 
if(file_exists($file_upload_hash)){

    $get_id = mysql_query("SELECT * FROM file where file = '" . $file_upload_hash . "'");    // Select row containing md5 of submited code

    if( $get_id && $file_upload_hash = mysql_fetch_object( $get_id ) )    // Get row based on $get_id

    $id = $file_upload_hash -> id;    // Select entry for ID

        die("Target already exists. - As soon as file renaming works properly this will redirect.");    // Print message and list path from $path echoing $viewpath and the entry for ID ($id)

}

 
//$file_type = $_FILES['userfile']['type'];    // Check File Type By MIME

$file_name = $_FILES['userfile']['name'];    // Get File Name

$file_ext = strtolower(end(explode(".",$file_name)));    // File Extension

 
// File Size Check - Need to set size right now it's some ungodly ammount.

if (!$_FILES['userfile']['size'] > $file_size)

{

    die("The file you are attempting to upload is too large.");

}

 
// File Extention Check

if (!in_array ($file_ext, $legal_extentions))

{

    die("The file you are attempting to upload is not supported by this server.");

}

 
// Add File to Database

$upload_file = "INSERT INTO file(recipeint, recipiant_email, file, name, type) VALUES ('" . $recipiant . "', '" . $recipiant_email . "', '" . $file_hash . "', '" . $file . "', '" . $type . "')";

mysql_query($upload_file);

 
$fp = fopen($file_upload_hash, w);    // Open file with wright permissions.

fwrite($fp, $upload);    // Write code to file.

fclose($fp);    // Close file.

 
$id = $_GET['id'];    // File ID

?>

If the above code doesn't fix your 'timeout' issue, remove this code:

PHP Code:

  //Set .INI params to support uploading

ini_set('post_max_size', 5242880);    // Set upload limit (5MB)

ini_set('upload_max_filesize', 5242880);    // Enforce upload limit

ini_set('max_execution_time', 2400);    // Increase 'timeout' time

And make a file named .htaccess put the following code into it, and upload it to the location your upload script is running from:

Code:

php_value post_max_size 5242880
php_value upload_max_filesize 5242880
php_value max_execution_time 2400

Also, in your database, make sure you've got "recipeint" spelled the same way:

Quote:

$upload_file = "INSERT INTO file(recipeint, recipiant_email, file, name, type) VALUES ('" . $recipiant . "', '" . $recipiant_email . "', '" . $file_hash . "', '" . $file . "', '" . $type . "')";

Quote:

// Not sure but does this do what I did above?
@mysql_select_db("srcbin_srcbin") or die("Unexpected database error!");

PyroSama · January 10th, 2006, 07:17 AM

Hey thank you so much!

That hit the spot

I have a few other things to work out with the script but the one major issue has been resolved

Thanks again,
PyroSama