Help with separating the html from the php

[Chrisj]

I'm trying to separate the HTML(form) into a separate .html file (from the php file below).
Someone suggested to "place the HTML in someFile.html and the PHP in someFile.php, and alter the <form> tag's 'action' element in the .html file to target someFile.php".

But I don't know how to alter the <form> tag's 'action' element in the .html file to target this upload_file.php file.

Any additional help will be appreciated.

<?php
session_start();
require_once 'phps3integration_lib.php';
$message = "";
if (@$_POST['submit'] != "") {
$allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip", "flv", "mp4");
$extension = end(explode(".", $_FILES["file"]["name"]));
if (($_FILES["file"]["size"] < 32428800) && in_array($extension, $allowed_ext)) {
if ($_FILES["file"]["error"] > 0) {
//$message.="There is some error in upload, see: " . $_FILES["file"]["error"] . "<br>";//Enable this to see actual error
$message.="There is some error in upload. Please try after some time.";
 } else {
$uploaded_file = uploaded_file_to_s3($_FILES["file"], "uploads", true);
 if ($uploaded_file != FALSE) {
$user_name = @$_POST['user_name'] != "" ? @$_POST['user_name'] : "Anonymous";
$form_data = array(
'file' => $uploaded_file,
'user_name' => $user_name,
'type' => 'file'
 );
mysql_query("INSERT INTO `phps3files` (`id`, `file`, `user_name`, `type`) VALUES (NULL, '" . $uploaded_file . "', '" . $user_name . "', 'file')") or die(mysql_error());
$message.= "File successfully uploaded in S3 Bucket.";
} else {
$message.="There is some error in upload. Please try after some time.";
}
}
} else {
$message.= "Invalid file, Please upload a gif/jpeg/jpg/png/pdf/doc/docs/zip file of maximum size 30 MB.";
}
}
?>
<?php
require_once 'header.php';
?>
<fieldset>
<legend>PHP AWS S3 integration library Demo1</legend>
Description: In this demo a file is being upload to an S3 bucket using "PHP AWS S3 integration library". After upload you can check the uploaded file in below table.
If you require some manipulation before uploading file to S3 then check <a href="upload_file_manually.php">Demo2</a> <br />
<br />

<form action="" method="post" enctype="multipart/form-data">

<div class="control-group">
<label for="file" class="control-label">Choose a file to upload: <span style="color:red">*</span></label>
<div class='controls'>
 <input id="file" type="file" name="file" />
<?php //echo form_error('file');   ?> </div>
</div>
<div class="control-group">
<label for="user_name" class="control-label">Your name:</label>
<div class='controls'>
<input id="user_name" type="text" name="user_name" maxlength="255" value=""  />
<?php //echo form_error('user_name');   ?> </div>
</div>
<div class="control-group">
<label></label>
<div class='controls'>
<input type="submit" name="submit" value="Submit" class="btn">
</div>
</div>
</form>
</fieldset>
<?php
if ($message != "" || @$_SESSION['message'] != "") {
?>
<div class="alert alert-success">
<?php echo $message; ?>     
<?php
echo @$_SESSION['message'];
@$_SESSION['message'] = '';
?>
</div>
<?php
}
?>
<div>
<table  class="table table-hover">
 <caption>
 <strong>Last 10 user uploaded files</strong>
</caption>
<?php
$files_result = mysql_query("SELECT * from `phps3files` WHERE type LIKE 'file' ORDER by id DESC LIMIT 10");
$i = 1;
while ($file = mysql_fetch_object($files_result)) {
?>
<tr>
<td><?php echo $i++; ?></td>
<td><a href="<?php echo site_url_s3("uploads/" . $file->file); ?>" target="_blank">View/Download</a> </td>
<td><a href="<?php echo site_url("delete_file.php?id=" . $file->id); ?>">Delete file from S3</a></td>
<td><?php echo "Uploaded by: " . $file->user_name; ?></td>
</tr>
<?php
}
if ($i == 1) {
?>
<tr>
 <td colspan="2"> No files uploaded yet</td>
</tr>
<?php
}
?>
</table>
</div>
<h4>Source Code Part of Demo</h4>
<pre class="prettyprint lang-php linenums">
<?php
session_start();
require_once 'phps3integration_lib.php';
$message = "";
if (@$_POST['submit'] != "") {
$allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip");
$extension = end(explode(".", $_FILES["file"]["name"]));
if (($_FILES["file"]["size"] < 32428800) && in_array($extension, $allowed_ext)) {
 if ($_FILES["file"]["error"] > 0) {
//$message.="There is some error in upload, see: " . $_FILES["file"]["error"] . "<br>";//Enable this to see actual error
$message.="There is some error in upload. Please try after some time.";
 } else {
$uploaded_file = uploaded_file_to_s3($_FILES["file"], "uploads", true);
if ($uploaded_file != FALSE) {
$user_name = @$_POST['user_name'] != "" ? @$_POST['user_name'] : "Anonymous";
$form_data = array(
 'file' => $uploaded_file,
 'user_name' => $user_name,
 'type' => 'file'
 );
mysql_query("INSERT INTO `phps3files` (`id`, `file`, `user_name`, `type`) VALUES (NULL, '" . $uploaded_file . "', '" . $user_name . "', 'file')") or die(mysql_error());
$message.= "File successfully uploaded in S3 Bucket.";
} else {
$message.="There is some error in upload. Please try after some time.";
}
}
} else {
$message.= "Invalid file, Please upload a gif/jpeg/jpg/png/pdf/doc/docs/zip file of maximum size 30 MB.";
}
}
?>
</pre>
<?php require_once 'footer.php'; ?>

[Psycho]

There's a lot of things that need to be fixed int hat code. Here are a few that stand out:

 

1. Don't suppress errors with the '@' symbol. There are very few scenarios where that really needs to be done.

2. Your query is open to SQL injection. Never, ever trust data from the user

3. The logic is really convoluted. If you have If/Else statements that are nested more than three times, chances are it can be simplified

4. You should be using mysqli_ or PDO for the database. The mysql_ extensions have been deprecated for years.

5. Don't mix and match PHP code within the HTML . Do all the logic first and create the output in variables. Then just have echo statement in the HTML as needed. So, the "HTML" page still needs to be a PHP page so those variables can be echo'd

6. There is a session start was down the page - after content is output. Either that is never executing or it is generating errors. It looks like you are using it for some messages, but I don't think it is really used.

 

As to your original question, the easiest solution is to make the PHP script with the 'logic' as the one that would be accessible to the user. The "HTML" file would only be included by the PHP page. So, you could just leave the 'target' of the form tag blank since it would load the same page by default. And, in this context the 'page' is the one which the user accessed via the URL. It doesn't matter what the actual pages on the server that are executed or loaded.

 

Here is a rewrite of the above into two pages. I didn't test this as I don't have your functions. It includes a lot of changes so there may be some minor errors to resolve. I also did not fix all of the problems I indicated above (e.g. still uses mysql_ extension).. This will take TWO pages. The first is the page the users will access, so name it something you would want the user to see in the browser address bar. The second is the HTML content and would only be included by the first. If you want to put a target in the FORM tag, use the name of the first page.

 

PHP page (i.e. the logic)

<?php
session_start();
require_once 'phps3integration_lib.php';
$message = "";
 
//Process form data is submitted
if (isset($_FILES["file"]["name"]))
{
    $allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip", "flv", "mp4");
    $extension = strtolower(end(explode(".", $_FILES["file"]["name"])));
    if (($_FILES["file"]["size"] >= 32428800) || !in_array($extension, $allowed_ext))
    {
        $message.= "Invalid file, Please upload a gif/jpeg/jpg/png/pdf/doc/docs/zip file of maximum size 30 MB.";
    }
    elseif($_FILES["file"]["error"] > 0)
    {
        //$message.="There is some error in upload, see: " . $_FILES["file"]["error"] . "<br>";//Enable this to see actual error
        $message.="There is some error in upload. Please try after some time.";
    }
    elseif(!uploaded_file_to_s3($_FILES["file"], "uploads", true))
    {
        $message.="There is some error in upload. Please try after some time.";
    }
    else
    {
        $user_name = (isset($_POST['user_name']) ? trim($_POST['user_name']) : "Anonymous";
        $form_data = array(
            'file' => $uploaded_file,
            'user_name' => $user_name,
            'type' => 'file'
        );
        $query = "INSERT INTO `phps3files`
                      (`file`, `user_name`, `type`)
                  VALUES
                      ('{$uploaded_file}', '{$user_name}', 'file')";
        mysql_query($query) or die(mysql_error());
        $message.= "File successfully uploaded in S3 Bucket.";
    }
}
 
//Create the file llist output
$file_list_HTML = '';
$query = "SELECT * from `phps3files` WHERE type LIKE 'file' ORDER by id DESC LIMIT 10"
$files_result = mysql_query($query) or die(mysql_error());
if(!mysql_num_rows($result))
{
    $file_list_HTML .= "<tr>\n";
    $file_list_HTML .= "<td colspan=\"2\"> No files uploaded yet</td>\n";
    $file_list_HTML .= "</tr>\n";
}
else
{
    $fileCount = 0;
    while ($file = mysql_fetch_object($files_result))
    {
        $fileCount++;
        $fileUrl = site_url_s3("uploads/" . $file->file);
        $deleteUrl = site_url("delete_file.php?id=" . $file->id);
        $file_list_HTML .= "<tr>\n";
        $file_list_HTML .= "<td>{$fileCount}</td>\n";
        $file_list_HTML .= "<td><a href=\"{$fileUrl}\" target=\"_blank\">View/Download</a></td>\n";
        $file_list_HTML .= "<td><a href=\"{$deleteUrl}\">Delete file from S3</a></td>\n";
        $file_list_HTML .= "<td>Uploaded by: {$file->user_name}</td>\n";
        $file_list_HTML .= "</tr>\n";
    }
}
 
include('the_form.php');
 
?>

The Content/Output Page, i.e. the_form.php

 

<html>
<head></head>
<body>
    <?php require_once 'header.php'; ?>
    <fieldset>
        <legend>PHP AWS S3 integration library Demo1</legend>
        Description: In this demo a file is being upload to an S3 bucket using "PHP AWS S3 integration library". After upload you can check the uploaded file in below table.
        If you require some manipulation before uploading file to S3 then check <a href="upload_file_manually.php">Demo2</a> <br />
        <br />
 
        <form action="" method="post" enctype="multipart/form-data">
 
        <div class="control-group">
            <label for="file" class="control-label">Choose a file to upload: <span style="color:red">*</span></label>
            <div class='controls'>
                <input id="file" type="file" name="file" />
                <?php /*echo form_error('file');*/ ?>
            </div>
        </div>
        <div class="control-group">
            <label for="user_name" class="control-label">Your name:</label>
            <div class='controls'>
                <input id="user_name" type="text" name="user_name" maxlength="255" value=""  />
                <?php /*echo form_error('user_name');*/ ?>
            </div>
        </div>
        <div class="control-group">
            <div class='controls'>
                <input type="submit" name="submit" value="Submit" class="btn">
            </div>
        </div>
        </form>
    </fieldset>
    <?php echo "<div class=\"alert alert-success\">{$message}</div>"; ?>
    <div>
        <table  class="table table-hover">
            <caption>
                <strong>Last 10 user uploaded files</strong>
            </caption>
            <?php echo $file_list_HTML; ?>
        </table>
    </div>
    <h4>Source Code Part of Demo</h4>
    <pre class="prettyprint lang-php linenums">
 
    </pre>
    <?php require_once 'footer.php'; ?>
 
</body>
</html>

Edited June 10, 2014 by Psycho