twilitegxa Posted September 5, 2010 Share Posted September 5, 2010 Can someone help me in renaming an uploaded file with parameters from the input fields named firstname and lastname? I would like to name each uploaded file with the firstname and lastname along with a random number and then the file extension, but I am having trouble getting it right. Here is what I have so far: <?php $firstname = ""; $lastname = ""; $address = ""; $city = ""; $state = ""; $zip = ""; $phone = ""; $position = ""; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>KulaE_WDP4451_U2IP</title> </head> <body> <form action="process_U2IP.php" method="post" enctype="multipart/form-data"> <h3>Please fill out the form below and upload your resume to apply for a position within our company:</h3> <table> <tr> <td><label for="firstname"><b>First Name*</b></label></td> <td><input name="firstname" type="text" size="20" id="firstname" value="<?php echo $lastname; ?>" /></td> </tr> <tr> <td><label for="lastname"><b>Last Name*</b></label></td> <td><input name="lastname" type="text" size="20" id="lastname" value="<?php echo $lastname; ?>" /></td> </tr> <tr> <td><label for="address"><b>Address*</b></label></td> <td><input name="address" type="text" size="20" id="address" value="<?php echo $address; ?>" /></td> </tr> <tr> <td><label for="city"><b>City*</b></label></td> <td><input name="city" type="text" size="20" id="city" value="<?php echo $city; ?>" /></td> </tr> <tr> <td><label for="state"><b>State*</b></label></td> <td><input name="state" type="text" size="20" id="state" value="<?php echo $state; ?>" /></td> </tr> <tr> <td><label for="zip"><b>Zip*</b></label></td> <td><input name="zip" type="text" size="20" id="zip" value="<?php echo $zip; ?>" /></td> </tr> <tr> <td><label for="phone"><b>Phone*</b></label></td> <td><input name="phone" type="text" size="20" id="phone" value="<?php echo $phone; ?>" /></td> </tr> <tr> <td><label for="position"><b>Position*</b></label></td> <td><input name="position" type="text" size="20" id="position" value="<?php echo $position; ?>" /></td> </tr> <tr> <td><b>Upload Resume*</b></td> <td><input type="file" name="file" id="file" /> </td> </tr> <tr> <td colspan="2"><p><i>Your information will not be sold or shared with others.</i></p></td> </tr> <tr> <td colspan="2"><p style="color: red;">* denotes required field</p></td> </tr> <tr> <td colspan="2" align="center"><input type="hidden" name="submitted" value="1" /> <input type="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" /></td> </tr> </table> </form> </body> </html> <?php if (@$_POST['submitted']){ $firstname = (@$_POST['firstname']); $lastname = (@$_POST['lastname']); $address = (@$_POST['address']); $city = (@$_POST['city']); $state = (@$_POST['state']); $zip = (@$_POST['zip']); $phone = (@$_POST['phone']); $position = (@$_POST['position']); $file = (@$_POST['file']); if (get_magic_quotes_gpc()){ $firstname = stripslashes($firstname); $lastname = stripslashes($lastname); $address = stripslashes($address); $city = stripslashes($city); $state = stripslashes($state); $zip = stripslashes($zip); $phone = stripslashes($phone); $position = stripslashes($position); } $error_msg=array(); if ($firstname==""){ $error_msg[]="Please enter your first name"; } if(!preg_match("/^\b[a-zA-Z]+\b$/", $firstname)){ $error_msg[]="First Name can only contain letters"; } if ($lastname==""){ $error_msg[]="Please enter your last name"; } if(!preg_match("/^\b[a-zA-Z]+\b$/", $lastname)){ $error_msg[]="Last Name can only contain letters"; } if ($address==""){ $error_msg[]="Please enter your address"; } if(!preg_match('/^[a-z0-9 ]*$/i', $address)){ $error_msg[]="Address can only contain numbers, letters and spaces"; } if ($city==""){ $error_msg[]="Please enter your city"; } if (!preg_match("/^\b[a-zA-Z]+\b$/", $city)){ $error_msg[]="City can only contain letters"; } if ($state==""){ $error_msg[]="Please enter your state"; } if (strlen($state)<>2){ $error_msg[]="State can only contain 2 letters; use state abbreviation"; } if (!preg_match("/^\b[a-zA-Z]+\b$/", $state)){ $error_msg[]="State can only contain letters"; } if ($zip==""){ $error_msg[]="Please enter your zip code"; } if (strlen($zip)<>5){ $error_msg[]="Zip code can only contain 5 digits"; } if(!is_numeric($zip)){ $error_msg[]="Zip code must contain only numbers"; } if ($phone==""){ $error_msg[]="Please enter your phone number"; } if (strlen($phone)<>10){ $error_msg[]="Phone number can only contain 10 digits"; } if(!is_numeric($phone)){ $error_msg[]="Phone number must contain only numbers"; } if ($position==""){ $error_msg[]="Please enter your desired position"; } if(!preg_match('/^[a-z0-9 ]*$/i', $position)){ $error_msg[]="Position can only contain numbers, letters and spaces"; } if (file_exists("upload/" . $_FILES["file"]["name"])) { $error_msg[]= $_FILES["file"]["name"] . " already exists"; } if ((($_FILES["file"]["type"] != "document/msword") || ($_FILES["file"]["type"] != "document/pdf")) && ($_FILES["file"]["size"] > 20000)) { $error_msg[]= "Uploaded file can only be in MSWord or PDF format and can only be under 20KB in size"; } } if ($error_msg){ $display_errors = "<h3>There were errors in your submission.</h3> <p>Please review the following errors, press the Back button on your browser, and make corrections before re-submitting.</p> <ul style=color:red>\n"; foreach ($error_msg as $err){ $display_errors .= "<li>".$err."</li>\n"; } $display_errors .= "</ul>\n"; } if (!$error_msg){ echo " <h3>Thank you for applying! Applicants we are interested in interviewing will be contacted within 48 hours.</h3> <p>You have submitted the following information:</p> <table> <tr> <td><b>First Name:</b></td> <td>$firstname</td> </tr> <tr> <td><b>Last Name:</b></td> <td>$lastname</td> </tr> <tr> <td><b>Address:</b></td> <td>$address</td> </tr> <tr> <td><b>City:</b></td> <td>$city</td> </tr> <tr> <td><b>State:</b></td> <td>$state</td> </tr> <tr> <td><b>Zip Code:</b></td> <td>$zip</td> </tr> <tr> <td><b>Phone Number:</b></td> <td>$phone</td> </tr> <tr> <td><b>Position Desired:</b></td> <td>$position</td> </tr>"; move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "<tr> <td><b>Uploaded File:</b></td> <td><a href=upload/" . $_FILES["file"]["name"] . ">" . $_FILES["file"]["name"] . "</a></td> </tr> </table>"; exit(); } echo $display_errors; ?> I found the following help online, but I can't get it right. Can anyone help? <?php //This function separates the extension from the rest of the file name and returns it function findexts ($filename) { $filename = strtolower($filename) ; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } //This applies the function to our file $ext = findexts ($_FILES['uploaded']['name']) ; //This line assigns a random number to a variable. You could also use a timestamp here if you prefer. $ran = rand () ; //This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended. $ran2 = $ran."."; //This assigns the subdirectory you want to save into... make sure it exists! $target = "images/"; if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "The file has been uploaded as ".$ran2.$ext; } else { echo "Sorry, there was a problem uploading your file."; } ?> Quote Link to comment Share on other sites More sharing options...
turkman Posted September 6, 2010 Share Posted September 6, 2010 move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); change the file name bit to what you want to rename the file too. Also when you check file type - you are only checking the mime type. These can be faked and allow people to upload php files and malicious code and execute it. take the [file] [name] and split it and compare the extension to make sure its a pdf or a doc Quote Link to comment Share on other sites More sharing options...
inversesoft123 Posted September 6, 2010 Share Posted September 6, 2010 take the [file] [name] and split it and compare the extension to make sure its a pdf or a doc $extension = end(explode('.',$filename)); Quote Link to comment Share on other sites More sharing options...
twilitegxa Posted September 6, 2010 Author Share Posted September 6, 2010 move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); change the file name bit to what you want to rename the file too. Also when you check file type - you are only checking the mime type. These can be faked and allow people to upload php files and malicious code and execute it. take the [file] [name] and split it and compare the extension to make sure its a pdf or a doc Can you help me out a little more with this? I think I sort of understand what you are saying, but I am still unsure of how to code this properly. Currently I don't have that file upload renaming code within my code, so where do I need to put it exactly? With the part of my code that saves the file to my folder I suppose? I have never messed with the file upload code much before, so I really need help here! Please :-) Quote Link to comment Share on other sites More sharing options...
inversesoft123 Posted September 7, 2010 Share Posted September 7, 2010 Here we are moving uploaded file to specific folder and renaming it to mynewname.jpg and deleting temporary file. $newfilename = "mynewname.jpg"; copy($HTTP_POST_FILES['uploadedfile']['tmp_name'],"/home/domain/public_html/files/".$newfilename); unlink($HTTP_POST_FILES['uploadedfile']['tmp_name']); In previous steps you can free extensions from original file $extensionorig = end(explode('.', $filename)); if ($extensionorig == 'jar') { $ext = ".jar"; } else if ($extensionorig == 'jad') { $ext = ".jad"; } else { echo "Untrusted File"; $flag++ // push to error page } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.