Jump to content


Photo

Can Some Tell Me How To Make This Script Check For The Password Before It Starts The Upload Process Instead Of After The File Is Uploaded?

upload check password script php

  • Please log in to reply
8 replies to this topic

#1 Josparky

Josparky

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 28 December 2012 - 05:25 AM


Can some tell me how to make this script check for the password before it starts the upload process instead of after the file is uploaded? Some of the files I need uploaded are big and it sucks to wait till the file is uploaded before it tells me that the password was wrong.

Thanks for any help you can provide.


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" lang="en">
    <head>
      <title>ES Simple Uploader</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
      <meta name="generator" content="handmade" />
        <style type="text/css">
        <!--
            body {
                font-family: Arial, Helvetica, sans-serif;
                font-size: 14px;
                background-color: #DDDDDD;
            }
            .cnt {
                text-align: center;
            }
            .cnt_welcome {
                font-size: 16px;
                font-weight: bold;
                text-align: center;
            }
            .cnt_powered {
                font-size: 14px;
                font-weight: bold;
                text-align: center;
            }
            .cnt_small {
                font-size: 12px;
                text-align: center;
                padding-top: 50px;
            }
            .head_line {
                background-color: #BBBBBB;
            }
            .main_table {
                border: solid 1px #9D9992;
                font-size: 13px;
            }
            h4 {
                font-size: 12px;
                color: #DD0000;
                text-align: center;
            }
            .button {
                border: 1px solid #55555;
                font-weight: bold;
            }
    -->
    </style>
    </head>


    <body>
    <?
    include("config.php");


    function path_options()
    {
     global $upload_dirs;
      $option = "";
      foreach ($upload_dirs as $path => $pinfo)
      {
        $option .= '<option value="'.$path.'">'.$pinfo["name"].'</option>';
      }
     return $option;
    }


    function check_vals()
    {
     global $upload_dirs, $err;
        if (!ini_get("file_uploads")) { $err .= "HTTP file uploading is blocked in php configuration file (php.ini). Please, contact to server administrator."; return 0; }
        $pos = strpos(ini_get("disable_functions"), "move_uploaded_file");
        if ($pos !== false) { $err .= "PHP function move_uploaded_file is blocked in php configuration file (php.ini). Please, contact to server administrator."; return 0; }
      if (!isset($_POST["path"]) || (strlen($_POST["path"]) == 0)) { $err .= "Please fill out path"; return 0; }
      if (!isset($upload_dirs[$_POST["path"]])) { $err .= "Incorrect path"; return 0; }
      if (!isset($_POST["pwd"]) || (strlen($_POST["pwd"]) == 0)) { $err .= "Please fill out password"; return 0; }
      elseif ($_POST["pwd"] != $upload_dirs[$_POST["path"]]["password"]) { $err .= "The upload password is incorrect"; return 0; }
      if (!isset($_FILES["userfile"])) { $err .= "Empty file"; return 0; }
      elseif (!is_uploaded_file($_FILES['userfile']['tmp_name'])) { $err .= "Empty file"; return 0; }
     return 1;
    }


    $err = ""; $status = 0;
    if (isset($_POST["upload"])) {
      if (check_vals()) {
        if (filesize($_FILES["userfile"]["tmp_name"]) > $max_file_size) $err .= "Maximum file size limit: $max_file_size bytes";
        else {
          if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $upload_dirs[$_POST["path"]]["dir"].$_FILES["userfile"]["name"])) {
                    $status = 1;
                }
          else $err .= "There are some errors!";
        }
      }
    }


    if (!$status) {
      if (strlen($err) > 0) echo "<h4>$err</h4>";
    }
    else {
      echo "<h4>&quot;".$_FILES["userfile"]["name"]."&quot; was successfully uploaded.</h4>";
    }
    ?>
    <p class="cnt_welcome">Welcome to ES Simple Uploader v 1.1.</p>
    <p class="cnt">&laquo; <a href="http://www.energyscripts.com/Products/product2.html">Back to Product page</a> &laquo;</p>
    <p class="cnt">(Select folder, set it's password, then select a file to upload and click "Upload" button).
        <br />Note: 
            Folder: &quot;Images folder&quot;, Password: &quot;images&quot;;
            Folder: &quot;Docs&quot;, Password: &quot;docs&quot;;
            Folder: &quot;Common files&quot;, Password: &quot;common&quot;;
            Maximum file size: <?=$max_file_size/1024?> Kb.</p><br />
    <form enctype="multipart/form-data" action="index.php" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="<?=$max_file_size?>" />
    <table class="main_table" align="center">
      <tr>
        <td colspan="2" class="head_line">&nbsp;</td>
      </tr>
      <tr>
        <td>Folder:</td>
        <td><select name="path"><?=path_options()?></select></td>
      </tr>
      <tr>
        <td>Password:</td>
        <td><input type="password" name="pwd" style="width: 217px;" /></td>
      </tr>
      <tr>
        <td>Choose file:</td>
        <td><input type="file" name="userfile" style="width: 222px;" /></td>
      </tr>
      <tr>
        <td colspan="2" align="right"><input type="submit" name="upload" value="Upload" class="button" /></td>
      </tr>
    </table>
    </form>
    </p>
    <p class="cnt_powered">Powered by <a href="http://www.energyscripts.com" target="_blank">EnergyScripts</a></p>
    <p class="cnt_small">Find more power solution: <a href="http://www.energyscripts.com/Products/product1.html" target="_blank">ES File Upload &amp; Download Manager</a></p>
    </body>
    </html>


#2 trq

trq

    Advanced Member

  • Administrators
  • 31,023 posts
  • LocationSydney, Australia.

Posted 28 December 2012 - 05:34 AM

You would need to move it so that it is behind a password protected area.

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#3 Josparky

Josparky

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 28 December 2012 - 02:18 PM

I am just learning php can you show me what you mean?

#4 Josparky

Josparky

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 11 January 2013 - 12:33 AM

Anybody?? Please??

#5 PFMaBiSmAd

PFMaBiSmAd

    Advanced Member

  • Staff Alumni
  • 16,767 posts
  • LocationColorado, U.S.A.

Posted 11 January 2013 - 11:16 AM

Both the upload form and the form processing code would check that the current visitor is logged in before doing anything. This of course assumes you have a user authentication system in place that accepts the login credentials as a separate step (or uses AJAX on the upload form) to authenticate the visitor and remembers that the current visitor is logged in using a session.
Signature: (not a comment about anything you posted unless specifically indicated)
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.

Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.

#6 quasiman

quasiman

    Advanced Member

  • Members
  • PipPipPip
  • 194 posts
  • LocationPortland, Oregon

Posted 11 January 2013 - 01:59 PM

Josparky,

Did you set the password in the config.php file?

$upload_dirs = array(
  "images" => array(
	  "dir"	 =>"uploads/images/",
	  "name"    =>"Images folder",
	  "password"=>"images",
  ),
  "docs" => array(
	  "dir"	 =>"uploads/docs/",
	  "name"    =>"Docs",
	  "password"=>"docs",
  ),
  "common" => array(
	  "dir"	 =>"uploads/common/",
	  "name"    =>"Common files",
	  "password"=>"common",
  ),
);


#7 Josparky

Josparky

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 11 January 2013 - 02:57 PM

Thanks for your replies. Yes I set the password it is letting me log in the problem is after logging in and browsing to the file to upload it starts the upload and begins uploading the file. But if you mistakenly put the password in wrong it doesn't tell you till after you the file has tried to upload then it will say the password you entered was incorrect and makes you do it all over again? This is a real problem if it's a b ig file.
Here is a link to the scripts page I hope someone can help me out with this.
http://www.energyscr...s/product2.html

Thanks for any help

#8 PFMaBiSmAd

PFMaBiSmAd

    Advanced Member

  • Staff Alumni
  • 16,767 posts
  • LocationColorado, U.S.A.

Posted 11 January 2013 - 03:18 PM

We know what you are asking. Someone told you the structure changes that would be needed to accomplish it. If you cannot take the statement of what is needed and produce the code (which is what programming is, i.e. writing code to get a computer to do what you want), you should just hire someone to do this for you or find another script that requires the login to be submitted before the upload form will be displayed.
Signature: (not a comment about anything you posted unless specifically indicated)
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.

Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.

#9 PFMaBiSmAd

PFMaBiSmAd

    Advanced Member

  • Staff Alumni
  • 16,767 posts
  • LocationColorado, U.S.A.

Posted 13 January 2013 - 12:44 PM

Here are some specific hints -

1) You would add a session based login check to the start of your index.php code. If the current user is not logged in, redirect to a login page.

2) The login page would have a form with the path and password. Once the the correct password is entered for the selected path, you would set a session variable to indicate that the visitor is logged in. Since the index.php page needs to know the selected path, you could store that value and use it as the logged in flag. After logging in, redirect to the index.php page.

3) On the index.php page, use the path that was saved in a session variable in place of the $_POST['path'] value. The form would only need the type='file' field. You should probably display the path, something like - "You can upload a file to the images folder.", so that the visitor knows that they can upload a file and where it will be put.

4) After successfully uploading one file, you would probably want to clear the logged in flag so that someone must select a new path and enter the password again to upload more files.
Signature: (not a comment about anything you posted unless specifically indicated)
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.

Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com