Unique filename upload, and filename extract...

[Mostly Ghostly]

Hello everyone,

 

I'm new here, so please bear with me.

 

Basically, I have this code to upload files to a server, and e-mail the rest of the content of the form to me.

 

What I need to know are 2 things. Most importantly, I'd like the filename to be changed to a random unique name (to avoid an uploaded file overwriting another). Secondly, I would like the name of this unique filename included in the e-mail with the rest of the text.

 

Is there an easy way to do this?

 

The form entry:

 

                <tr> 
                  <td height="18" valign="top">Please upload the file:</td>
                  <td valign="top"><input name="userfile" type="file" id="userfile"> </td>
                  <td> </td>
                  <td></td>

[oni-kun]

You can use this in your PHP code to randomize the file name..

$suffix = substr (md5(uniqid(rand(),1)), 3, 10); 
$filename = $file."_".$suffix;

As for e-mailing yourself the file, you cannot. You have to link it with HTML.. such as something roughly like..

<a href="__FILE__$filename">$filename</a>

PHP's mail() does not support attachments..

 

Edit: What's with your code? Create a form so that it can upload the file, lol.

<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>

[MadTechie]

As for e-mailing yourself the file, you cannot. You have to link it with HTML.. such as something roughly like..

<a href="__FILE__$filename">$filename</a>

PHP's mail() does not support attachments..

 

Really?

and all this time i have been encoding file and emailing them..

Note: Email with attachments and special types of content (e.g. HTML) can be sent using this function. This is accomplished via MIME-encoding

[Mostly Ghostly]

The code itself uploads the file perfectly well.

 

Where abouts in the script would I add the code to randomize the filename? Do I have to remove something else?

 

I don't want to email myself the attachment, just the filename - so I know which file I'm looking for on the FTP when the form is filled in.

 

Thanks.

[Mostly Ghostly]

Can anyone help here?

 

Thanks.

[MadTechie]

Where abouts in the script would I add the code to randomize the filename?

 

You can use this in your PHP code to randomize the file name..

$suffix = substr (md5(uniqid(rand(),1)), 3, 10); 
$filename = $file."_".$suffix;

As for e-mailing yourself the file, you cannot. You have to link it with HTML.. such as something roughly like..

<a href="__FILE__$filename">$filename</a>

PHP's mail() does not support attachments..

 

Do I have to remove something else?

 

Yes your need to update your php code to use the new filename

[Mostly Ghostly]

How do I do that though?

 

Sorry if I sound like a complete noob, but I am... :-(

[MadTechie]

Without seeing the code its kinda hard to say,

 

the code will probably be close to the move_uploaded_file() function, but without seeing it I can't say!

[Mostly Ghostly]

Okay, here's more, but I've had to censor certain parts:

 

This is "submission.php" - The file which handles the submitted form. Do you need to see the form?

 

<html>
<head>
<title>Submission</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.style3 {font-size: 16px}
-->
</style>
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<div align="center" class="style3">
  <?php
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$formurl = "http://www.*******.com/**/**html" ;
$errorurl = "http://www.*******.com/**/**html" ;
$thankyouurl = "http://www.*******.com/**/**html" ;

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";
$msgban = "$file_name";

/************************************************************
*     Create Upload Directory
************************************************************/
if (!is_dir("files")) {
  if (!mkdir($upload_dir))
  	die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
  	die ("change permission to 755 failed.");
}

/************************************************************
*     Process User's Request
************************************************************/

if ($_REQUEST[del])  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Y/m/d h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);

  if (strpos($_REQUEST[del],"/.")>0);  //possible hacking
  else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)=="files/") {
    unlink($_REQUEST[del]);
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Y/m/d h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

  $message = do_upload($upload_dir, $upload_url);
}
else if (!$_FILES['userfile']);
else 
$message = "Invalid File Specified.";

/************************************************************
*     List Files
************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<br><a href='$upload_dir$file'>".$file."</a>";
      $filelist .= "    <a href='?del=$upload_dir$file' title='delete'>x</a>";
   }
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name']; 
$file_name = str_replace("\\","",$file_name);
$file_name = str_replace("'","",$file_name);
$file_type = $_FILES['userfile']['type']; 
$file_size = $_FILES['userfile']['size']; 
$result    = $_FILES['userfile']['error'];
$file_url  = $upload_url.$file_name;
$file_path = $upload_dir.$file_name;


//File Name Check
    if ( $file_name =="") { 
    	$message = "Invalid File Name Specified";
    	return $message;
    }
    //File Size Check
    else if ( $file_size > 990000000000) {
    //	print $file_size;
    //    $message = "The file size is over 1MB.";
    //    return $message;
    }
    //File Type Check  -- Prevent possible attacks
    else if ( strpos($file_name,".php") !== false 
           || strpos($file_name,".cgi") !== false 
           || strpos($file_name,".htm") !== false 
           || strpos($file_name,".phtm") !== false ) 
      return;
   else if ( strpos($file_type,"image") !== false
   || $file_type == "application/msword");
   else {
        //$message = "Sorry, demo. only allows image or ms-word upload." ;
        //$message .= "<br>You may allow other types(i.e, .zip) on your own server." ;
        //return $message;
    }

    $result  =  move_uploaded_file($temp_name, $file_path);
    if (!chmod($file_path,0755))
     	$message = "change permission to 755 failed.";
    else
  $msgban = ($result)?"$file_name" :
      $message = ($result)?"$file_name uploaded successfully. In cel mult 24 ore Bannerul va aparea pe site." :
       	      "Somthing is wrong with uploading a file.";

    return $message;
}

?>
  <?php 

$email = "1:\t$_POST[1]\n";
$email .= "2\t$_POST[2]\n";
$email .= "3:\t$_POST[3]\n";
$email .= "4:\t$_POST[4]\n";
$email .= "5:\t$_POST[5]\n";
$email .= "6:\t$_POST[6]\n";
$email .= "7:\t$_POST[7]\n";
$email .= "8:\t$_POST[8]\n\n"; 

$destinatar = "**@****.com"; 
$subiect = "Submission"; 

$detalii = "From: Submission@*** <> \n"; 
$detalii .= "Reply-To: $_POST[email_expeditor]\n\n"; 

mail($destinatar, $subiect, $email, $detalii); 


header( "Location: $thankyouurl" );
exit ;


?>
</div>
<div align="center" class="style3"></div>
</body>
</html>