File Upload Help

[zymn]

yeah, i would like to be able to limit the file size and limit what can be uploaded...

heres the code.

 

<?php
function display_upload_form()
{
echo <<<DISPLAY_UPLOAD_FORM

    <html>
    <style type="text/css" media="screen">
        <!--
        html body
        {background:#fff; font: 76%/1.5em arial, helvetica, sans-serif; color:#333;}

        input
        {color:#333;}
        -->
    </style>
    </head>

    <body>

    <form method="post" action="{$_SERVER['PHP_SELF']}" enctype="multipart/form-data">

<center>
    <p>Pick a File Already.<br />
    <input type="file" name="myfile" tabindex="1" /></p>

    <p><input type="hidden" name="execute" value="1" /></p>

    <p><input type="submit" value="Upload File" tabindex="2" />
</center>

    </form>

    </body>
    </html>

DISPLAY_UPLOAD_FORM;
}

// File Upload ****************************************************************

function execute_upload()
{
    // root path
    $path = $_SERVER['DOCUMENT_ROOT'];

    // upload directory. path will originate from root.
    $dirname = '/zymn/uploads/';

    // permission settings for newly created folders
    $chmod = 0755;

    // create file vars to make things easier to read.
    $filename = $_FILES['myfile']['name'];
    $filesize = $_FILES['myfile']['size'];
    $filetype = $_FILES['myfile']['type'];
    $file_tmp = $_FILES['myfile']['tmp_name'];
    $file_err = $_FILES['myfile']['error'];
    $file_ext = strrchr($filename, '.');

    // check if user actually put something in the file input field.
    if (($file_err == 0) && ($filesize != 0))
    {
        // Check extension.
        if (!$file_ext)
        {
            unlink($file_tmp);
            die('File must have an extension.');
        }

        // extra check to prevent file attacks.
        if (is_uploaded_file($file_tmp))
        {
            /*
            * check if the directory exists
            * if it doesnt exist, make the directory
            */
            $dir = $path . $dirname;

            if (!is_dir($dir))
            {
                $dir = explode('/', $dirname);

                foreach ($dir as $sub_dir)
                {
                    $path .= '/' . $sub_dir;
                    if (!is_dir($path))
                    {
                        if (!mkdir($path, $chmod))
                        {
                            unlink($file_tmp);
                            die('<strong>Error:</strong> Directory does not exist and was unable to be created.');
                        }
                    }
                }
            }

            /*
            * copy the file from the temporary upload directory
            * to its final detination.
            */
            if (@move_uploaded_file($file_tmp, $dir . '/' . $filename))
            {
                // success!
                echo "
<center>
                <p>Done. Be happy.</p>
                <p><strong>View Your Stupid Friggin File:</strong> <a href=\"$dirname/$filename\">$filename</a></p>
</center>
                ";
            }
            else
            {
                // error moving file. check file permissions.
                unlink($file_tmp);
                echo '<strong>Error:</strong> Unable to move file to designated directory.';
            }
        }
        else
        {
            // file seems suspicious... delete file and error out.
            unlink($file_tmp);
            echo '<strong>Error:</strong> File does not appear to be a valid upload. Could be a file attack.';
        }
    }
    else
    {
        // Kill temp file, if any, and display error.
        if ($file_tmp != '')
        {
            unlink($file_tmp);
        }

        switch ($file_err)
        {
            case '0':
                echo 'That is not a valid file. 0 byte length.';
                break;

            case '1':
                echo 'This file, at ' . $filesize . ' bytes, exceeds the maximum allowed file size as set in <em>php.ini</em>. '.
                'Please contact your system admin.';
                break;

            case '2':
                echo 'This file exceeds the maximum file size specified in your HTML form.';
                break;

            case '3':
                echo 'File was only partially uploaded. This could be the result of your connection '.
                'being dropped in the middle of the upload.';

            case '4':
                echo 'You did not upload anything... Please go back and select a file to upload.';
                break;
        }
    }
}

// Logic Code *****************************************************************

if (isset($_POST['execute']))
{
    execute_upload();
}
else
{
    display_upload_form();
}


?>

[chad101]

File size limit.

<?php
if($_FILES['myfile']['size'] > 1048576) { 
die('ERROR: 1 MB file limit');
}
?>

 

ext restrict

 
<?php
$allowed_ext = array('doc','txt','rtf'); //add file extensions here...
$ext = end(explode('.',$_FILES['myfile']['name']);
if(!in_array($ext,$allowed_ext)){ 
die('File extension not allowed');
}
?>

[zymn]

thanks.

but, umm... where do i put them?

[zymn]

bump.

 

i'm BEGGIN for help here.

[Adam]

Best to put them at the start of the execute_upload function ..

[zymn]

that doesn't work...

 

i'm gettin tired of this...

i just want an answer.

[MatthewJ]

I hear being a jerk on a community forum is the way to get help... If you want somone to code it for you, pay them... if not, LEARN

[zymn]

i'm not bein a jerk.

i've just been waiting for an answer for 3 days.

i've tried every way...

[DeanWhitehouse]

This forum is powered by people giving up there spare time, so don't moan if you don't get an answer or one that works, maybe try and work it out your self.

[zymn]

i have tried.

but none of them work...