Upload script

[Fallen_angel]

I have made an upload script from a tutorial I was following ,  I have now edited it to include 3 files instead of just one and also add it's values to a database so I can referance it later, 

it is all working pretty well with one exception ,  when the files get uploaded , they are not named the way they should be

The first one is always fine , however the seccond and third get the previous file names included in their own  for example

firstfilename.jpg  <~~ first file nam e
firstfilename.jpgseccondfilename.jpg <~~~ seccond file name
firstfilename.jpgseccondfilename.jpgthirdfilename.jpg <~~~ third file name

the database side of it works fine and when I get the echo to tell me everythign went ok the names apear correct aswell however when I go into the tree structure I can see that they have been named useing the format i described before ,

anyways , here is the code I have , hopefully somone can tell me where i'm going wrong
[code]function findexts ($filename)
{
$filename = strtolower($filename) ;
$exts = split("[/\\.]", $filename) ;
$n = count($exts)-1;
$exts = $exts[$n];
return $exts;
}

//This applies the function to our file
$ext = findexts ($_FILES['uploaded']['name']) ;

    //This line assigns a random number to a variable. You could also use a timestamp here if you prefer.
    $ran = rand () ;

    //This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended.
    $ran2 = $ran.".";

    //This assigns the subdirectory you want to save into... make sure it exists!
    $target2 = "../uploads/";

    //This combines the directory, the random file name, and the extension
    $target2 = $target . $ran2.$ext;

if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target2))
{
echo "The first file has been uploaded as $ran2$ext</br>";
}
else
{
echo "Sorry, there was a problem uploading your first file.";
}
function findexts2 ($filename2)
{
$filename2 = strtolower($filename2) ;
$exts2 = split("[/\\.]", $filename2) ;
$n2 = count($exts2)-1;
$exts2 = $exts2[$n2];
return $exts2;
}

//This applies the function to our file
$ext2 = findexts2 ($_FILES['uploaded2']['name']) ;

    //This line assigns a random number to a variable. You could also use a timestamp here if you prefer.
    $ran3 = rand () ;

    //This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended.
    $ran4 = $ran3.".";
   
    $target3 = "../uploads/";
    //This combines the directory, the random file name, and the extension
    $target3 = $target . $ran4.$ext2;

if(move_uploaded_file($_FILES['uploaded2']['tmp_name'], $target3))
{
echo "The seccond file has been uploaded as $ran4$ext2</br>";
}
else
{
echo "Sorry, there was a problem uploading your seccond file.";
}
function findexts3 ($filename3)
{
$filename3 = strtolower($filename3) ;
$exts3 = split("[/\\.]", $filename3) ;
$n3 = count($exts3)-1;
$exts3 = $exts3[$n3];
return $exts3;
}

//This applies the function to our file
$ext3 = findexts3 ($_FILES['uploaded3']['name']) ;

    //This line assigns a random number to a variable. You could also use a timestamp here if you prefer.
    $ran5 = rand () ;

    //This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended.
    $ran6 = $ran5.".";
 
    $target4 = "../uploads/";
    //This combines the directory, the random file name, and the extension
    $target4 = $ran6.$ext3;

if(move_uploaded_file($_FILES['uploaded3']['tmp_name'], $target4))
{
echo "The Third file has been uploaded as $ran6$ext3</br>";
}
else
{
echo "Sorry, there was a problem uploading your Third file.";
}[/code]


My next step after this is to limit what file types can be uploaded so if anyone knows what i can add to the above for that i would apreciate that aswell

thankyou very muhc in advance for any assistance

[printf]

The object is to upload files, so make it easy on your self and turn this code into a dynamic process! Anytime you hardcode some function you limit that code to a single use. So instead of doing the same thing (3) different times, create a file array, then loop that array processing the uploads that are valid file uploads. Remember what I said, the object is to upload files, nobody cares what files are bogus, sure you will get lots of people who will try to see if they can break your script, but that doesn't matter, what does matter is that you only handle valid files and give information about those valid files, and let the bogus attempts just silently pass. Because the less information you give about bad attempts the better.

I attached an example...



[attachment deleted by admin]

[Fallen_angel]

thankyou very much for your assistance

the reason I split them is to make it easier for me  to put into the database after randomly renaming them ,

it is an important part of the script to be able to  differentiate the different files being uploaded so that they can be placed into the correct spot of the  database could you explain how I can do this  by using your example ?

user exploit is not of big concern to me atm as this is in an admin section protected buy a a htaccess login and then a webapp layer login

to give you more of an idea  the basic  objective of the script is the following

    html form , with 3 seperate upload area's all of which are for different things
      Files are renamed to a random file name
          Files are copied across to the uploads dir
              filenames are writen in as an  entry in the three apropriate  spots in the database

Basicly all of the above works with the exception of the renaming of the files which get renamed the way I described in my first post though

[printf]

If you need to keep track of the exact file, then all you would do is change the start of the array index, instead of using 0, use 1

Now say you upload 3 files... $return, would hold each file

$return[1] = array ( name, size, type );
$return[2] = array ( name, size, type );
$return[3] = array ( name, size, type );


changes attached....

[attachment deleted by admin]

[Fallen_angel]

ok cool so so far I have gotten to the stage that my script does pretty much everythign I want it to , it so far does the following ,

It accepts up to 3 files to be uploaded
  It checks that a file is under a certain file size
  It checks that the file is of an acceptable format
    It renames those three files to a random filename using an md5 and date  string
      It adds an entry to the database with the filename and extention
      It displays to me on the results page , what the file has been uplaoded as , the file size and also the file type

So the final step now is to create a thumbnail for the image as it is uploaded  and then I will finally be done

this is what i have so far as my code

[code]<?php

/* s - config */

/*
*
* The upload folder path to the upload directory!
* On windows use full path (c:/www/docs/uploads/)
*          !! INCLUDE TRAILING '/' !!
*
*/
define ( 'UPLOAD_PATH', '../uploads/' );

// max number of files allowed to upload at one tome

define ( 'MAX_FILES', '3' );

// define the max single file size (bytes)

define ( 'MAX_SIZE', '1048576' );

// allowed types

$allow = array ( 'png', 'gif', 'jpg' );

/* e - config */

if ( ! empty ( $_POST['send'] ) )
{
$return = array();

$x = 1;

for ( $i = 1; $i <= sizeof ( $_FILES['up'] ); $i++ )
{
if ( is_uploaded_file ( $_FILES['up']['tmp_name'][$i] ) )
{
if ( $_FILES['up']['tmp_name'][$i] != 'none' )
{
$ss = filesize ( $_FILES['up']['tmp_name'][$i] );

if ( $ss > 10 && $ss <= MAX_SIZE )
{
$sn = strtolower ( $_FILES['up']['name'][$i] );
$ran= md5(rand() * time()); // make a random filename
  $randName = $ran."." ;
$ce = substr ( $sn, ( strrpos ( $sn, '.' ) + 1 ) );
     
if ( in_array ( $ce, $allow ) )
{
if ( move_uploaded_file ( $_FILES['up']['tmp_name'][$i], UPLOAD_PATH . $randName.$ce ) )
{
$return[$x]['name'] = $randName;
$return[$x]['type'] = $ce;
$return[$x]['size'] = $ss;
$x++;
}
}
}
}
}
}
}

if ( ! empty ( $return ) )
{
?>
<div align='center'>
<table width='672'>
<tr>
<td align='center'>FILES UPLOADED</td>
</tr>
<tr>
<td>
<table width='100%'>
<tr>
<td align='center' width='4%' height='21'>#</td>
<td width='2%'></td>
<td align='center' width='52%' height='21'>FILE NAME</td>
<td width='2%'></td>
<td align='center' width='24%' height='21'>FILE SIZE</td>
<td width='2%'></td>
<td align='center' width='16%' height='21'>FILE TYPE</td>
</tr>

<?php
for ( $i = 1; $i <= sizeof ( $return ); $i++ )
{
echo " <tr>
<td align='center' width='4%' height='21'>" . ( $i < 10 ? '0' . $i : $i ) . "</td>
<td width='2%'></td>
<td align='center' width='52%' height='21'>" . $return[$i]['name'] . "</td>
<td width='2%'></td>
<td align='center' width='24%' height='21'>" . $return[$i]['size'] . " bytes</td>
<td width='2%'></td>
<td align='center' width='16%' height='21'>" . $return[$i]['type'] . "</td>
</tr>
";
}
$img1_name=$return[1]['name'];
$img1_type=$return[1]['type'];
$img2_name=$return[2]['name'];
$img2_type=$return[2]['type'];
$img3_name=$return[3]['name'];
$img3_type=$return[3]['type'];

?>[/code]


how can I modify this code so that it creates thumbnails for me  usign gd ?  I want to do it AFTER the file has been renamed to a random string that way I can simply add thumbs_ to the beginning of each name to make it easier to tie the thumb into the relivant image

[Fallen_angel]

bump... anyone out there that can help I would really apreciate it , I finaly have it so so close

[code]<?php

/* s - config */

/*
*
* The upload folder path to the upload directory!
* On windows use full path (c:/www/docs/uploads/)
*          !! INCLUDE TRAILING '/' !!
*
*/
define ( 'UPLOAD_PATH', '../uploads/' );

// max number of files allowed to upload at one tome

define ( 'MAX_FILES', '3' );

// define the max single file size (bytes)

define ( 'MAX_SIZE', '1048576' );

// allowed types

$allow = array ( 'png', 'gif', 'jpg' );

/* e - config */

if ( ! empty ( $_POST['send'] ) )
{
$return = array();

$x = 1;

for ( $i = 1; $i <= sizeof ( $_FILES['up'] ); $i++ )
{
if ( is_uploaded_file ( $_FILES['up']['tmp_name'][$i] ) )
{
if ( $_FILES['up']['tmp_name'][$i] != 'none' )
{
$ss = filesize ( $_FILES['up']['tmp_name'][$i] );

if ( $ss > 10 && $ss <= MAX_SIZE )
{
$sn = strtolower ( $_FILES['up']['name'][$i] );
$ran= md5(rand() * time()); // make a random filename
  $randName = $ran."." ;
$ce = substr ( $sn, ( strrpos ( $sn, '.' ) + 1 ) );
     
if ( in_array ( $ce, $allow ) )
{
if ( move_uploaded_file ( $_FILES['up']['tmp_name'][$i], UPLOAD_PATH . $randName.$ce ) )
{
$return[$x]['name'] = $randName;
$return[$x]['type'] = $ce;
$return[$x]['size'] = $ss;
$x++;
}
}
}
}
}
}
}

if ( ! empty ( $return ) )
{
?>
<div align='center'>
<table width='672'>
<tr>
<td align='center'>FILES UPLOADED</td>
</tr>
<tr>
<td>
<table width='100%'>
<tr>
<td align='center' width='4%' height='21'>#</td>
<td width='2%'></td>
<td align='center' width='52%' height='21'>FILE NAME</td>
<td width='2%'></td>
<td align='center' width='24%' height='21'>FILE SIZE</td>
<td width='2%'></td>
<td align='center' width='16%' height='21'>FILE TYPE</td>
</tr>

<?php
for ( $i = 1; $i <= sizeof ( $return ); $i++ )
{
echo " <tr>
<td align='center' width='4%' height='21'>" . ( $i < 10 ? '0' . $i : $i ) . "</td>
<td width='2%'></td>
<td align='center' width='52%' height='21'>" . $return[$i]['name'] . "</td>
<td width='2%'></td>
<td align='center' width='24%' height='21'>" . $return[$i]['size'] . " bytes</td>
<td width='2%'></td>
<td align='center' width='16%' height='21'>" . $return[$i]['type'] . "</td>
</tr>
";
}
                        $imagefile=$return[$i]['name'].$return[$i]['type'].
                        $thumbtarget= "../uploads/thumbs/";
$img1_name=$return[1]['name'];
$img1_type=$return[1]['type'];
$img2_name=$return[2]['name'];
$img2_type=$return[2]['type'];
$img3_name=$return[3]['name'];
$img3_type=$return[3]['type'];

function generate_thumbnail($imagefile, $thumb_max_dimension = 200, $quality = 90, $thumbtarget, $thumb_prefix = "thumb_")
{
  /* v1.0.1 (by acdx) */
  $filename_arr = explode(".", basename($imagefile));
  $filetype = $filename_arr[1];

  if($filetype == "jpg")
    $filetype = "jpeg";

  if($filetype != "jpeg" && $filetype != "gif" && $filetype != "png")
    return false;

  $original_size = getimagesize($imagefile);

  eval("\$image = imagecreatefrom".$filetype."(\$imagefile);");

  if($original_size[0] > $original_size[1])
  {
    if($original_size[0] > $thumb_max_dimension)
      $thumb_width = $thumb_max_dimension;
    else
      $thumb_width = $original_size[0];
    $thumb_height = $original_size[1]*($thumb_width/$original_size[0]);
  }
  else
  {
    if($original_size[1] > $thumb_max_dimension)
      $thumb_height = $thumb_max_dimension;
    else
      $thumb_height = $original_size[1];
    $thumb_width = $original_size[0]*($thumb_height/$original_size[1]);
  }

  $thumb = imagecreatetruecolor($thumb_width, $thumb_height);
  imagecopyresampled($thumb, $image, 0, 0, 0, 0, $thumb_width, $thumb_height, $original_size[0], $original_size[1]);
  imagejpeg($thumb, $thumbtarget.$thumb_prefix.basename($imagefile).".jpg", $quality);
  imagedestroy($thumb);
  imagedestroy($image);
}
?>
</table>
</td>
</tr>
<tr>
<td width='100%' height='8'></td>
</tr>
</table>
</div>[/code]

It's not giving me an error but it is also not doing what i want it to lol .  I am guessing that i may have done something wrong when defining the variable $imagefile or $thumbtarget however i have played around with it allot and I just can't get it working  thankyou again to anyone that can help

[Fallen_angel]

ok , so I understand that I somehow have to make a variable called imagefile our out of the value's of  $return[$i]['name']  and also $return[$i]['type'] however I seem to be doign something wrong ,


[code]function generate_thumbnail($imagefile, $thumb_max_dimension = 200, $quality = 90, $thumbtarget, $thumb_prefix = "thumb_")
{
  /* v1.0.1 (by acdx) */
  $filename_arr = explode(".", basename($imagefile));
  $filetype = $filename_arr[1];

  if($filetype == "jpg")
    $filetype = "jpeg";

  if($filetype != "jpeg" && $filetype != "gif" && $filetype != "png")
    return false;

  $original_size = getimagesize($imagefile);

  eval("\$image = imagecreatefrom".$filetype."(\$imagefile);");

  if($original_size[0] > $original_size[1])
  {
    if($original_size[0] > $thumb_max_dimension)
      $thumb_width = $thumb_max_dimension;
    else
      $thumb_width = $original_size[0];
    $thumb_height = $original_size[1]*($thumb_width/$original_size[0]);
  }
  else
  {
    if($original_size[1] > $thumb_max_dimension)
      $thumb_height = $thumb_max_dimension;
    else
      $thumb_height = $original_size[1];
    $thumb_width = $original_size[0]*($thumb_height/$original_size[1]);
  }

  $thumb = imagecreatetruecolor($thumb_width, $thumb_height);
  imagecopyresampled($thumb, $image, 0, 0, 0, 0, $thumb_width, $thumb_height, $original_size[0], $original_size[1]);
  imagejpeg($thumb, $thumbtarget.$thumb_prefix.basename($imagefile).".jpg", $quality);
  imagedestroy($thumb);
  imagedestroy($image);
}[/code]


I have done variations of $imagefile=$return[$i]['name'].$return[$i]['type']. however it's just not working ,

what i was thinking was what if I defined each seperately and then joined them into image file like i have done bellow

[code]$name=$return[$i]['name'] ;
        $type=$return[$i]['type'] ;
        $imagefile=$name$type [/code]

Would that work ? or am I at least on the right track to what i need to do

[Fallen_angel]

I ended up getting it working by usign the bellow script as my resize function

[code]/* resize script */
$im_file_name = '../uploads/'. $img1_name.$img1_type;
$image_attribs = getimagesize($im_file_name);
$im_old = imageCreateFromJpeg($im_file_name);
$th_max_width = 144;
$th_max_height = 144;
$ratio = ($width > $height) ? $th_max_width/$image_attribs[0] : $th_max_height/$image_attribs[1];
$th_width = $image_attribs[0] * $ratio;
$th_height = $image_attribs[1] * $ratio;
$im_new = imagecreatetruecolor($th_width,$th_height);
imageAntiAlias($im_new,true);
$th_file_name = '../uploads/thumbs/' . $img1_name.$img1_type;
imageCopyResampled($im_new,$im_old,0,0,0,0,$th_width,$th_height, $image_attribs[0], $image_attribs[1]);
imageJpeg($im_new,$th_file_name,100); [/code]

all works now

the script , uploads , checks extention , checks the size , puts the full sized version into a folder , comes back and resizes that file and places the thumbnail into a thumbnail directory , and then it writes the entries to the database .. yaaaaaaaaaaay !!!!!!!!!!