Resy Posted April 16, 2008 Share Posted April 16, 2008 I've put together this script from examples and tutorials and am unable to get it to work correctly, any help would be much appreciated. The problem is after it attempts to upload an image, that for example is supposed to be too big, it returns the error...but still uploads the image anyway. Basically its supposed to upload the picture and rename it, but restrict the filetype and filesize and not upload images that I set as too large of a file size, and not upload image/filetypes that I havent allowed. I dont know much about PHP but I've somehow managed to throw this together. It's heavily commented for my own refference. (I've cut out a chunk of html like the CSS and text and things) <head> <script language="JavaScript"> <!-- function showProgress() { document.getElementById("progress").style.visibility = 'visible'; document.getElementById("submit").disabled = true; } //--> </script> </head> <?php //define a maxim size for the uploaded images in Kb define ("MAX_SIZE","100"); //This function reads the extension of the file. It is used to determine if the file is an image by checking the extension. function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } //This variable is used as a flag. The value is initialized with 0 (meaning no error found) //and it will be changed to 1 if an errro occures. //If the error occures the file will not be uploaded. $errors=0; //checks if the form has been submitted if(isset($_POST['Submit'])) { //reads the name of the file the user submitted for uploading $image=$_FILES['image']['name']; //if it is not empty if ($image) { //get the original name of the file from the clients machine $filename = stripslashes($_FILES['image']['name']); //get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); //if it is not a known extension, we will suppose it is an error and will not upload the file, //otherwise we will do more tests if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { //print error message echo '<h1>Unknown extension!</h1>'; $errors=1; } else { //get the size of the image in bytes //$_FILES['image']['tmp_name'] is the temporary filename of the file //in which the uploaded file was stored on the server $size=filesize($_FILES['image']['tmp_name']); //compare the size with the maxim size we defined and print error if bigger if ($size > MAX_SIZE*1024) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name=time().'.'.$extension; //the new name will be containing the full path where will be stored (images folder) $newname="images/photos/19860308-onwards/".$image_name; //we verify if the image has been uploaded, and print error instead $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; }}}} //If no errors registred, print the success message if(isset($_POST['Submit']) && !$errors) { echo "<h1>File Uploaded Successfully</h1>"; } ?> <!--next comes the form, you must set the enctype to "multipart/frm-data" and use an input type "file" --> <form name="newad" method="post" enctype="multipart/form-data" action=""> <table align="center"> <tr><td><input type="file" name="image"></td></tr> <tr><td><input name="Submit" type="submit" value="Upload image" onClick="javascript:showProgress();"></td></tr> <tr><td><span id="progress" style="visibility:hidden"><img src="http://mywebsite.com/upload.gif"/></td></tr> </table> </form> </div> </body> </html> Any help or pointers would be greatly apreciated. Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/101353-image-upload-withr-ename/ Share on other sites More sharing options...
Cep Posted April 16, 2008 Share Posted April 16, 2008 You could set this in your php.ini file, it will affect all your other websites though. Look for upload_max_filesize in the ini file. If your file extention filter is not working have you tested the getExtension function to see what it actually returns? You may find that all your If statement conditions are failing to filter because the value they are receiving is not what you expect. Sorry I don't have time at this moment to look more (lunch ) Link to comment https://forums.phpfreaks.com/topic/101353-image-upload-withr-ename/#findComment-518394 Share on other sites More sharing options...
Resy Posted April 16, 2008 Author Share Posted April 16, 2008 Thanks for the reply. I'm on shared hosting so I dont think I'll be allowed to edit the php.ini When I upload a jpg/jpeg or gif if works fine, renames the file and puts its original extension back on, if its an invalid file for example exe or lnk it returns "Invalid File" and doesnt upload it so I think that side of it is fine. I'm thinking my problem is here if ($size > MAX_SIZE*1024) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name=time().'.'.$extension; //the new name will be containing the full path where will be stored (images folder) $newname="images/photos/19860308-onwards/".$image_name; //we verify if the image has been uploaded, and print error instead $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; }}}} //If no errors registred, print the success message if(isset($_POST['Submit']) && !$errors) { echo "<h1>File Uploaded Successfully</h1>"; } Maybe needing an "else" so it would be "if the file exceeds size show message... else...finish script and upload file", but im not sure how this will affect the rest of the script. As I said I dont know much about php and this was built from other peoples examples and tutorials, so im happy I've got this far. Just frustrating this last bit doesnt work propperly. Anyone have any ideas? I appreciate that you took the time to even read my post. Thanks again Link to comment https://forums.phpfreaks.com/topic/101353-image-upload-withr-ename/#findComment-518419 Share on other sites More sharing options...
Resy Posted April 16, 2008 Author Share Posted April 16, 2008 After re-reading the script a few times, it looks like it uploads the file then reads+edits it... not sure because it doesnt keep invalid file types but keeps oversized files ??? Link to comment https://forums.phpfreaks.com/topic/101353-image-upload-withr-ename/#findComment-518454 Share on other sites More sharing options...
Resy Posted April 16, 2008 Author Share Posted April 16, 2008 I think I've fixed the problem with the added else. Thank you cep for posting some suggestions. Link to comment https://forums.phpfreaks.com/topic/101353-image-upload-withr-ename/#findComment-518475 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.