Irap Posted March 7, 2010 Share Posted March 7, 2010 I'm not sure how to go about a public upload form. So far I have a basic file submission input that allows only .rar and .zip, which is what I want. But other things are confusing me: <?php error_reporting(E_ALL); $allowed_filetypes = array('.rar','.zip'); $MAX_FILE_SIZE = ini_get('upload_max_filesize'); if($MAX_FILE_SIZE >= 15360) { $MAX_FILE_SIZE = 15360; } $upload_path = "../forums/downloads/"; $upload_real_path = "/forums/downloads/"; $filename = $_FILES['file']['name']; $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); if(!in_array($ext,$allowed_filetypes)) { die('The file you attempted to upload is not allowed.'); } $file['file_size'] = $_FILES['file']['size']; /*if( $_FILES['file']['size'] < 1 && !$file['file_url'] ) { $file['file_size'] = $_FILES['file']['size']; }*/ if(filesize($_FILES['file']['size']) > $MAX_FILE_SIZE) { die('The file you attempted to upload is too large.'); } if(!is_writable($upload_path)) { die('A permissions error occured.'); } if(move_uploaded_file($_FILES['file']['tmp_name'],$upload_path . $filename)) { echo "Your file upload was successful, view the file <a href=\"{$upload_real_path}{$filename}\" title=\"Your File\">here</a>"; } else { echo 'There was an error during the file upload. Please try again.'; } ?> My code so far seems quite minimal so I'm thinking there may be many wholes security wise... But the main problem is I'm getting this error: Notice: Undefined index: file in upload.php on line 18 I can't quite figure out what I've done wrong. Apparently it's the browsers job to send the size info. Hasn't the browser done that or something? And now I've even started getting a: The file you attempted to upload is not allowed. Even though I'm uploading .rar. Quote Link to comment https://forums.phpfreaks.com/topic/194389-upload-form-troubles/ Share on other sites More sharing options...
Rustywolf Posted March 7, 2010 Share Posted March 7, 2010 Your getting the 'not allowed' error because your exploading at the dot (.) but include the dot in the array aka file.rar has an extension of rar when you try to get the extension but 'rar' isnt an enxtension in your array, .rar is So change .rar and .zip to rar and zip in your array Quote Link to comment https://forums.phpfreaks.com/topic/194389-upload-form-troubles/#findComment-1022555 Share on other sites More sharing options...
Irap Posted March 7, 2010 Author Share Posted March 7, 2010 I added: $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); $ext = str_replace(".rar", "rar", $ext); $ext = str_replace(".zip", "zip", $ext); But now it returns: The file you attempted to upload is not allowed. Unlike before... The array is set to scan for ".zip" or ".rar" anyway. Not "zip" and "rar". The main problem was the filesize limit issue, anyway. It says: Warning: filesize() [function.filesize]: stat failed for 6544 in upload.php on line 39 And I want there to be a limit on the filesize. Code: $file['file_size'] = $_FILES['file']['size']; // < unused if(filesize($_FILES['file']['size']) > $MAX_FILE_SIZE) // < line 39 { die('The file you attempted to upload is too large.'); } Quote Link to comment https://forums.phpfreaks.com/topic/194389-upload-form-troubles/#findComment-1022698 Share on other sites More sharing options...
Irap Posted March 7, 2010 Author Share Posted March 7, 2010 Okay... Fixed it. ini_get('upload_max_filesize'); Seemed to return a filesize in MB followed by M (8M). $MAX_FILE_SIZE = ini_get('upload_max_filesize'); $NUM_SIZE_VAL = strpos($MAX_FILE_SIZE,"M"); $MAX_FILE_SIZE = substr($MAX_FILE_SIZE, 0,$NUM_SIZE_VAL); $MAX_FILE_SIZE *= 1024; if($MAX_FILE_SIZE >= 15360){ $MAX_FILE_SIZE = 15360; } Quote Link to comment https://forums.phpfreaks.com/topic/194389-upload-form-troubles/#findComment-1022702 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.