[SOLVED] Renamming Image

[Clinton]

I've used the code here to upload my image and everything works just fine. http://uk3.php.net/manual/en/features.file-upload.post-method.php

 

 

<form enctype="multipart/form-data" action="imageup.php" method="POST">
    		    <input type="hidden" name="MAX_FILE_SIZE" value="60000" />
    			Send this file: <input name="userfile" type="file" /><br />
    			<input type="submit" value="Save Logo" />
</form>

 

 

imageup.php

<?php


$uploaddir = 'C:/xampp/htdocs/project/clogos/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

My question is this... I could save the location and name of the uploaded file to a database but chances are that more than one individual has their logo named 'logo'. I don't want to check the db to see if that name already exists and then tell the user if it does to rename their logo simply because i'm sure some users will not know how to do that. Instead, I would rather change the name of the image that they uploaded to their username, which is stored as a session variable. What's the best way to go about this? 

[premiso]

Use an md5 hash using time as a salt:

 

$uploaddir = 'C:/xampp/htdocs/project/clogos/';
$uploadfile = $uploaddir . md5(time() . basename($_FILES['userfile']['name']));

 

Should give you a unique hash, you could even throw the username in there too as part of the salt so it is unique to that user with the time etc.

[Clinton]

Ok, gotcha. One more question about this... I see that I sent the MAX_FILE_SIZE but I don't see any reference to it on the imageup.php page. Does there need to be something that will error out if one has tried to upload a file too big?

[premiso]

Usually any file over 2mb will time out the browser. I am not sure how to check this before upload (or if that is possible maybe JScript). But if the file is too big either A the browser will timeout or B the php will give an error.

 

I do not deal with file uploads too much, but maybe someone else can shed some light on it.

[Zhadus]

Partially, that will disallow someone to attempt to upload anything larger than that, but it is easy to get around. Because it's only HTML, people can just view the source, create their own external HTML page and upload to your site with as large a file as they would like.

 

I would recommend checking the file size in your PHP file before accepting the upload.

[Clinton]

I would recommend checking the file size in your PHP file before accepting the upload.

 

I just read that and am looking for an example on how to accomplish. But just in case someone beats me does n-e-one know where I might find one on how to do that?

[premiso]

echo '<pre>';
$file_size = $_FILES['userfile']['size'];
if ($file_size <= MAX_FILE_SIZE) {
  if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
  } else {
    echo "Possible file upload attack!\n";
  }
}

 

Something like that might do.

[Zhadus]

$_SERVER['CONTENT_LENGTH'] should do, check to make sure it's less than "blah" in bytes.

 

As a side note, this will still allow them to upload the file to a temporary folder, it just won't be completely saved on your system until it accepts it through that.

 

You can also change the php.ini file to change the max upload size.

[Clinton]

I just got on here and was going to post what I had then I saw what you guys had. :-)

 

I used "if (($_FILES['userfile']['size']) > 60000)" then do it or else say it's too big. That's 60kb, right?

 

 

 

[Clinton]

"this will still allow them to upload the file to a temporary folder,"

 

But I read in the manual that as soon as the process is done it deletes from the temporary folder. So if it gets to the tmp folder but is too large does it just sit there or will it delete?

[premiso]

"this will still allow them to upload the file to a temporary folder,"

 

But I read in the manual that as soon as the process is done it deletes from the temporary folder. So if it gets to the tmp folder but is too large does it just sit there or will it delete?

 

I believe if it is not moved via the script, it will be deleted on script completetion. But not 100% sure on that.

[Clinton]

Ok, i'll play around with it and see what it does for me. Thank you, as usual.

[Clinton]

Real quick... I'm using this now...

 

if ((($_FILES['userfile']['size']) < 60001) AND (($_FILES['userfile']['type']) == 'image/png' OR 'image/jpeg' OR 'image/gif' OR 'image/jpg'))

 

But it didn't error out when it recognized the type as application/octet-stream. Any ideas? I also tried

 

if (($_FILES['userfile']['size']) < 60001 AND ($_FILES['userfile']['type']) == 'image/png' OR 'image/jpeg' OR 'image/gif' OR 'image/jpg')

[premiso]

I would suggest this, the reason yours was not working is because you do not have the right conditionals in the OR

 

$allowedTypes = array("image/png", "image/jpeg", "image/gif", "image/jpg");

if (($_FILES['userfile']['size']) < 60001 AND in_array($_FILES['userfile']['type'], $allowedTypes)) {

 

That should be much easier =)

[Clinton]

:-) Yes... yes it was. Thank you.