Jump to content

Recommended Posts

I found a very basic upload script I wanted to use that has no MySQL back end. Simply runs off a config.php file and the index.php file. It works fine and fits my needs except when a file larger than the one allowed is uploaded. Here is the script:

 

<?php
include('config.php');
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php print $title; ?> - Image Hosting Website</title>
<link rel="stylesheet" type="text/css" media="screen" title="<?php print $title; ?> Cascading Stylesheet" href="style.css" />
<script type="text/javascript">
//<![CDATA[

window.onload = function() {
    if(window.location.hash) {
        document.getElementById('showimg').src = '<?php print $filedir; ?>/' + window.location.hash.substring(1);
        document.getElementById('showdiv').style.display = 'block';
        
    }
}
//]]>
</script>
</head>
<body>
<h1>Image Host</h1>
</div>
<div id="showdiv"<?php if(empty($imgurl)) { ?> style="display: none;"<?php } ?>>
<img id="showimg" src="<?php if(!empty($imgurl)) print $imgurl; else { ?>about:blank<?php } ?>" alt="Loading image..." />
</div>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
    preg_match('/\.([a-zA-Z]+?)$/', $_FILES['file']['name'], $matches);
    if(in_array(strtolower($matches[1]), $accepted)) {
        if($_FILES['file']['size'] <= $maxsize) {
            $newname = md5_file($_FILES['file']['tmp_name']).'.'.$matches[1];
            move_uploaded_file($_FILES['file']['tmp_name'], $filedir.'/'.$newname);
            $linkurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).'#'.$newname;
            $imgurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).$filedir.'/'.$newname;
            print '<h2>Upload Succesful!</h2> <p><a href='.$imgurl.' target="_blank"><img src='.$imgurl.' width="400" /></a></p><p id="codes"><label for="codebb">Embed on bulletin boards:</label><br />
            <input type="text" id="codebb" value="[url=http://'.$linkurl.'][img=http://'.$imgurl.'][/url]" onclick="javascript:this.focus();this.select();" readonly="true" /><br />
            <label for="codehtml">Embed on webpages or MySpace: </label><br />
            <input type="text" id="codehtml" value=\'<a href="'.$linkurl.'"><img src="'.$imgurl.'" alt="Image hosting by '.$title.'" />&lt/a>\' onclick="javascript:this.focus();this.select();" readonly="true" /><br />
            <label for="codedirect">Direct link:</label><br />
            <input type="text" id="codedirect" value="'.$imgurl.'" onclick="javascript:this.focus();this.select();" readonly="true" /></p>';
        } else 
            print '<p>Sorry, that file is too big.</p>';
    } else
        print '<p>Sorry, that file type is not supported.</p>';
}
?>
<form enctype="multipart/form-data" action="<?php print preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']) ?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php print (ini_get('upload_max_filesize')>$maxsize)?ini_get('upload_max_filesize'):$maxsize; ?>" />
<label for="file">Upload an image: </label><input name="file" type="file" id="file" size="32" />  
<input name="submit" type="submit" value="Upload" />
<br />
(must not be bigger than <?php print ((ini_get('upload_max_filesize')>$maxsize)?ini_get('upload_max_filesize'):$maxsize)/1024; ?> KB) Excepted image types: jpg | bmp | gif | png<br />
</form>

<p id="footer"> </p>
</body>
</html>

 

When a file that is larger than the set amount I get this error:

 

Warning: md5_file(): Unable to open file in /home/content/xxxxxx/html/test/index.php  on line 33

 

Line 33 of the index.php is:

$newname = md5_file($_FILES['file']['tmp_name']).'.'.$matches[1];

 

I have looked online and can not find anything to help me figure this out... Any help would very much appreciated.

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/
Share on other sites

I don't see where you have set $maxsize, if it is in config.php, then that's ok.  If it is not defined, then the IF statement is a problem.

 

You should probably check the error code for the upload ($_FILES['file']['error']) before checking the size.  If the file is bigger than allowed, then it is not uploaded and the error code will be something other than zero (see http://us3.php.net/manual/en/features.file-upload.post-method.php).  In that case the file you are running md5_file against does not exist and you will get that error.

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/#findComment-1032233
Share on other sites

I don't see where you have set $maxsize, if it is in config.php, then that's ok.  If it is not defined, then the IF statement is a problem.

 

You should probably check the error code for the upload ($_FILES['file']['error']) before checking the size.  If the file is bigger than allowed, then it is not uploaded and the error code will be something other than zero (see http://us3.php.net/manual/en/features.file-upload.post-method.php).  In that case the file you are running md5_file against does not exist and you will get that error.

 

Yes the file size is defined in the config.php file:

<?php
$title = 'Image Host';
$filedir = 'pics';
$maxsize = 1024*1024; //in bytes, 1024*1024 is 1MB
$accepted = array('png', 'jpg', 'jpeg', 'gif', 'bmp');
?>

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/#findComment-1032236
Share on other sites

So when you say:

It works fine and fits my needs except when a file larger than the one allowed is uploaded.

 

Do you mean the file is larger than the limit you have set or that it is larger than is allowed by PHP?  If it is larger than PHP allows, the file is not uploaded so it DOES NOT EXIST.  Setting the MAX_FILE_SIZE larger than the PHP maximum allowed, does not allow a larger file to be uploaded (I think).  In fact, I believe that field on the form is more informational to the browser than anything else.  I have not worked with file uploads much, but I believe this is what I have read.  If you want to allow a file size larger than the PHP maximum, you have to change the ini setting IF THAT IS ALLOWED BY YOUR SERVER CONFIGURATION. You can try ini_set() in you php script to change it, but the main php.ini may disallow this change. 

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/#findComment-1032269
Share on other sites

So when you say:

It works fine and fits my needs except when a file larger than the one allowed is uploaded.

 

Do you mean the file is larger than the limit you have set or that it is larger than is allowed by PHP?  If it is larger than PHP allows, the file is not uploaded so it DOES NOT EXIST.  Setting the MAX_FILE_SIZE larger than the PHP maximum allowed, does not allow a larger file to be uploaded (I think).  In fact, I believe that field on the form is more informational to the browser than anything else.  I have not worked with file uploads much, but I believe this is what I have read.  If you want to allow a file size larger than the PHP maximum, you have to change the ini setting IF THAT IS ALLOWED BY YOUR SERVER CONFIGURATION. You can try ini_set() in you php script to change it, but the main php.ini may disallow this change.

 

My ini file is set to 50megs for uploads since I run a few forums on this domain. The script itself is set to 1024KB (1 meg) so that should not be the issue. So when I said a file larger than is allowed, I was referring to the $maxsize in the config.php, from what I have been able to find, it has something to do with it calling to to this line:

 

if($_FILES['file']['size'] <= $maxsize) {
            $newname = md5_file($_FILES['file']['tmp_name']).'.'.$matches[1];

 

But I'm only semi-fluent in php and can not figure out why this error is coming up. If I try to upload a file that is not allowed it works fine and tells me that file type is not allowed. The only time I get an error is when I try to upload a file that is over the 1 MB size limit set by the config.php file.

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/#findComment-1032388
Share on other sites

at this point, I would add a print_r($_FILES) just before the IF statement and see what the array contains.  Is the 'error' element something other than zero?  Is the 'size' element what you expect?  If the upload failed, then 'size' is probably zero (or empty) so your script is going to try to run.  I really think you need to check the 'error' element before (or instead of) testing the 'size' element.

 

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/#findComment-1032510
Share on other sites

Hi David, Thanks so much for taking the time to try and help me. If I understand you right I added the print_r($_FILES) like this:

 

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
    preg_match('/\.([a-zA-Z]+?)$/', $_FILES['file']['name'], $matches);
    if(in_array(strtolower($matches[1]), $accepted)) {
        print_r($_FILES);
	if($_FILES['file']['size'] <= $maxsize) {
            $newname = md5_file($_FILES['file']['tmp_name']).'.'.$matches[1];

 

and when I tried to upload an image that was over the size limit I got this error:

 

Array ( [file] => Array ( [name] => 3FX_Symbol_Wall_1024.bmp [type] => [tmp_name] => [error] => 2 [size] => 0 ) )
Warning: md5_file(): Unable to open file in /home/content/xxxxxx/html/test/index.php on line 34

 

I have no idea if I did it right or what the message means.

 

Sadly, I'm not sure what to do when you said "I really think you need to check the 'error' element before (or instead of) testing the 'size' element."

 

Also when I upload an image that is under the size limit it shows this:

 

Array ( [file] => Array ( [name] => elves.jpg [type] => image/jpeg [tmp_name] => /tmp/phpZJIcJd [error] => 0 [size] => 254509 ) ) 

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/#findComment-1032523
Share on other sites

Well, that output shows this

[error] => 2

 

A simple search opf php file upload error codes seems to suggest the error is:

Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.

Reference: http://www.php.net/manual/en/features.file-upload.errors.php

 

The file size you set in the configuration is only 1MB, what was the actual size of the file you uploaded?

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/#findComment-1032537
Share on other sites

Because the file size is over the limit, the upload aborts and the FILE DOES NOT EXIST.  Instead of checking the size using:

if($_FILES['file']['size'] <= $maxsize) {

 

you should check the error element of the array to see if the upload succeeded:

 

if($_FILES['file']['error'] == 0) {

Link to comment
https://forums.phpfreaks.com/topic/196600-help-with-md5_file/#findComment-1032611
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.