Uploading files and checking file size

[daneth1712]

Hi guys,

 

I am having a problem with an upload script.

Just for reference, I am using a windows server and the MAX FILE SIZE in php.ini file is set to 8M.

Here is the code below;

 

<?php
//check session is registered
include('../includes/sess_user.php');

//config settings
include('../includes/conf.php');

//connect to database and set variables for file info, directory path and ID
$db = mysql_connect("$hostname", "$adminuser", "$adminpass") or die ("Error connecting to database.");
mysql_select_db("$database", $db) or die ("Couldn't select the database.");
$result=mysql_query("SELECT ID FROM $table1 WHERE username='$field_id'", $db);
$row = mysql_num_rows($result);
if($row == 1){
while($row = mysql_fetch_array($result)){
$id=$row['ID'];
$name=$_FILES['user_file']['name'];
$type=$_FILES['user_file']['type'];
$size=$_FILES['user_file']['size'];
$datetime = date("Y-m-d H:i:s",time()); 
$path= "uploads\\". $id . "\\" . $name;
$path2= "http://www.domain-name/test3/uploads/$id/$name";
$dir= "C:/wamp/www/domain/test3/uploads/$id";
}
}

//if first time uploading and no directory created, then make directory
if (!is_dir($dir))
{
mkdir($dir,0777);
}

//check total size of directory and set variable $totalsize
function dir_size($dir) {
$totalsize=0;
if ($dirstream = @opendir($dir)) {
while (false !== ($filename = readdir($dirstream))) {
if ($filename!="." && $filename!="..")
{
if (is_file($dir."/".$filename))
$totalsize+=filesize($dir."/".$filename);

if (is_dir($dir."/".$filename))
$totalsize+=dir_size($dir."/".$filename);
}
}
}
closedir($dirstream);
return $totalsize;
}

//set variable for filesize + foldersize to check combined amount
$total=($totalsize+$size);

//if folder size is more than 20MB(ish)
if($totalsize > 20000000)
{
header ('Location: upload_errorlimit.php');
}

//if folder size and file size (combined) is more than 20MB(ish)
if($total > 20000000)
{
header ('Location: upload_errorlimit.php');
}

//if file size is more than 2MB


if(($_FILES["user_file"]["size"] > 2097153))
{
header ('Location: upload_errorsize.php');
}

//if file size is under 2MB, save file in directory and database
elseif(($_FILES["user_file"]["size"] < 2097152))
{
move_uploaded_file($_FILES['user_file']['tmp_name'],$path);
$link=mysql_connect($hostname, $adminuser, $adminpass) or die("couldnt connect to database");
mysql_select_db("$database") or die("Could not select database");
$query = "INSERT INTO $dbuploads SET username = '$field_id', file = '$name', link = '$path2', size = '$size', ID = '$id', time = '$datetime'";
$result2 = mysql_query($query,$link);
header ('Location: upload_complete.php');
}

//if NOT OK
if(!$result2){
header ('Location: upload_error.php');
}

//if no results from $result
if(!$result){
header ('Location: upload_error.php');
}
?>

 

The script works fine when uploading under 2MB, it stores the file in correct location, and enters into database. When I try and test a file that is more than 2MB, it doesnt read the following lines...

 

if(($_FILES["user_file"]["size"] > 2097153))

{

header ('Location: upload_errorsize.php');

}

 

//if file size is under 2MB, save file in directory and database

elseif(($_FILES["user_file"]["size"] < 2097152))

{

 

instead it reads the following ...

 

//if NOT OK

if(!$result2){

header ('Location: upload_error.php');

}

 

Can anyone give me some help and advise where I am going wrong?

[rhodesa]

What is the output of:

print_r($_FILES["user_file"]);

when the file is > 2MB?

[daneth1712]

Hi rhodesa,

 

Thanks for your reply!

When I change

 

if(($_FILES["user_file"]["size"] > 2097153))

{

header ('Location: upload_errorsize.php');

}

 

to

 

if(($_FILES["user_file"]["size"] > 2097153))

{

print_r($_FILES["user_file"]);

}

 

it still does nothing and ignores that line, I just get sent to the upload_error.php page which is from the line ...

 

if(!$result2){

header ('Location: upload_error.php');

}

 

 

[rhodesa]

put this as the first line in the script:

print_r($_FILES["user_file"]);exit;

[daneth1712]

Hi,

 

Ok I tried uploading a file around 3MB, this is the result I got.

 

Array ( [name] => file.zip [type] => application/x-zip-compressed [tmp_name] => C:\wamp\tmp\php6A.tmp [error] => 0 => 3263109 )

[rhodesa]

ok...couple of things....

 

first: you don't set $totalsize...it's in your function, but not in your script

 

second: after any header() call, you should always have an exit; to make sure the script doesn't keep working:

if(($_FILES["user_file"]["size"] > 2097153))
{
  header ('Location: upload_errorsize.php');
  exit;
}

...do that for all your header()s

 

third: make sure you sql is working by changing this:

$result2 = mysql_query($query,$link);

to this:

$result2 = mysql_query($query,$link) or die (mysql_error($link));

 

fourth: these lines are redundant and should be removed since it already happens at the top:

  $link=mysql_connect($hostname, $adminuser, $adminpass) or die("couldnt connect to database");
  mysql_select_db("$database") or die("Could not select database");

[daneth1712]

Hi,

 

Firstly, thank you for all your help, I really appreciate it!

 

I made the changes but it was mainly the 'exit;' that seems to do the job.... would never have thought of that.

 

I have made all the edits except the $totalsize being added to the script, to be honest I am not sure  how to do this, I am still fairly new to PHP.

 

But the script seems to work fine, but it would be handy if I can get the total folder size check working also

 

Thanks again for all your help!

 

[daneth1712]

Hi guys,

 

OK I have ironed out all the problems rhodesa mentioned in the script, however I am still having a problem with the totalsize check now.

 

this part of the code (below) should check the folder size of the directory, and if over 20MB, return to error page. It should also check the combined amount of the file that is being uploaded and the folder size, and again if over 20MB, return to the error page. Right now I have included over 20MB of files into the directory and I can still upload to it... which ofcourse it shouldnt....

 

//check total size of directory and set variable $totalsize
function dir_size($dir) {
$totalsize=0;
if ($dirstream = @opendir($dir)) {
while (false !== ($name = readdir($dirstream))) {
if ($name!="." && $name!="..")
{
if (is_file($dir."/".$name))
$totalsize+=filesize($dir."/".$name);

if (is_dir($dir."/".$name))
$totalsize+=dir_size($dir."/".$name);
}
}
}
closedir($dirstream);
return $totalsize;
$_SESSION['totalsize'] = $totalsize;
}

//set variable for filesize + foldersize to check combined amount
$total=($_SESSION['totalsize']+$size);

//if folder size is more than 20MB
if($_SESSION['totalsize'] > 20971520)
{
header ('Location: upload_errorlimit.php');
exit;
}

//if folder size and file size (combined) is more than 20MB
if($total > 20971520)
{
header ('Location: upload_errorlimit.php');
exit;
}

 

Can anyone help me find out why its not working and help me to get this working correctly?

I would really appreciate it!

 

Thanks

[rhodesa]

you are defining all the code in a function, but never executing the function...it should be more like this:

 

//check total size of directory and set variable $totalsize
function dir_size($dir) {
$totalsize=0;
if ($dirstream = @opendir($dir)) {
while (false !== ($filename = readdir($dirstream))) {
if ($filename!="." && $filename!="..")
{
if (is_file($dir."/".$filename))
$totalsize+=filesize($dir."/".$filename);

if (is_dir($dir."/".$filename))
$totalsize+=dir_size($dir."/".$filename);
}
}
}
closedir($dirstream);
return $totalsize;
}

$totalsize = dir_size($dir);