enjoirock Posted November 6, 2010 Share Posted November 6, 2010 Hello all - I'm fairly new to PHP and have been following some online tutorials to learn more, but hit a wall concerning a form that would allow a user to upload an image to his/her specified directory. Basically, I'd like the user to have to put in a password to upload. This "password" would actually just be the name of their directory on the server, so if a user put in "michael83" in as their password, the image would upload to "http://www.mysite.com/images/uploaded/michael83/". Here's my code so far: <form name="newad" method="post" enctype="multipart/form-data" action="upload.php" onSubmit="return validate_form ( );"> <table> <tr><td><input type="file" name="image"></td></tr> <tr><td> </td></tr> <tr><td>Password:</td></tr> <tr><td><input type="text" name="password"></td></tr> <tr><td> </td></tr> <tr><td><input name="Submit" type="submit" value="Upload"></td></tr> </table> </form> <?php define ("MAX_SIZE","1536"); function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } $errors=0; if(isset($_POST['Submit'])) { $image=$_FILES['image']['name']; $dir=$_POST['username']; if ($image) { $filename = stripslashes($_FILES['image']['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "pdf") && ($extension != "gif")) { echo '<h4>Sorry, your file is an unknown extension.</h4>'; $errors=1; } else { $size=filesize($_FILES['image']['tmp_name']); if ($size > MAX_SIZE*1024) { echo '<h4>Sorry, you have exceeded the size limit.</h4>'; echo '<p>If you need more help with this, please <a href="#">contact us</a> directly.</p>'; $errors=1; } $newname="images/uploaded/".$image_name; $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo '<h4>Oops, looks like the upload was unsuccessfull.</h4>'; echo '<p>If you continue to have problems, please <a href="#">contact us</a>.</p>'; $errors=1; }}}} if(isset($_POST['Submit']) && !$errors) { echo "<h4>Your file was uploaded successfully!</h4><br><br>"; echo '<a href="http://www.mysite.com/' . $newname . '">http://www.mysite.com/' . $newname . '</a><br><br>'; } ?> Any help would be greatly appreciated. Many thanks in advance! EDIT Note: I would be the one setting the directories up, so if the user enters a "password" (directory) that doesn't exist, the form would return an error. Quote Link to comment Share on other sites More sharing options...
enjoirock Posted November 6, 2010 Author Share Posted November 6, 2010 Another note, the following line shouldn't be in there: $dir=$_POST['username']; Quote Link to comment Share on other sites More sharing options...
litebearer Posted November 6, 2010 Share Posted November 6, 2010 Didn't peruse all the codel however, You are using an undefined variable $newname="images/uploaded/" . $image_name; should be (psuedo code) $image_name = THE USERS NAME/PASSWORD . THE PICTURE NAME $newname="images/uploaded/".$image_name; Also make sure you cleanse/sanitize any user input prior to using it Quote Link to comment Share on other sites More sharing options...
enjoirock Posted November 6, 2010 Author Share Posted November 6, 2010 Thanks a lot, Litebearer. Looks like I had another typo in there: $newname="images/uploaded/".$image_name; should be: $newname="images/uploaded/".$filename; Basically, from that point, how do I get the "password" value from the form to point to the correct directory? So if "doe" is entered as a password, the image will be uploaded to "images/uploaded/doe/" and if "smith" was entered as a password, the image will be uploaded to "images/uploaded/smith/", and so on. Also note: I think I'm causing confusion when I use the term password. That's how I have the field labeled in the form, but technically that field will be used to specify the directory or folder name. Quote Link to comment Share on other sites More sharing options...
litebearer Posted November 6, 2010 Share Posted November 6, 2010 you had the right idea with $_POST['password'] $newname="images/uploaded/". $_POST['password'] . "/" . $filename; Quote Link to comment Share on other sites More sharing options...
enjoirock Posted November 6, 2010 Author Share Posted November 6, 2010 Thanks so much, litebearer! That did the trick. Apparently, I was making things much more complicated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.