Jump to content

Recommended Posts

The upload script I'm using performs successfully in Google, but not in IE or FF.
In Google, it doesn't fill the box with the path(see image), but it shows a message of successful upload.
In IE, it fills the box with the path, but the path begins with C:\fakepath\... and doesn't upload or show unsuccessful upload message. In FF, my computer shows something's uploading, but it doesn't appear in AmazonS3 nor does it fill the box, or show any message.
I'm not interested in starting over with a different script, I'd just like to get some suggestions/ideas/remedy for this one, please. Thanks for any help
 
<?php
session_start();
require_once 'phps3integration_lib.php';
$message = "";
if (@$_POST['submit'] != "") {
$allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip" , "mov", "flv", "mp4", "3gp", ");
$extension = end(explode(".", $_FILES["fileBrowser"]["name"]));
if (($_FILES["fileBrowser"]["size"] < 10485760) && in_array($extension, $allowed_ext)) {
if ($_FILES["fileBrowser"]["error"] > 0) {
//$message.="There is some error in upload, see: " . $_FILES["fileBrowser"]["error"] . "<br>";//Enable this to see actual error
$message.="There is some error in upload. Please try after some time.";
} else {
$uploaded_file = uploaded_file_to_s3($_FILES["fileBrowser"], "uploads", true);
if ($uploaded_file != FALSE) {
$user_name = @$_POST['user_name'] != "" ? @$_POST['user_name'] : "Anonymous";
$form_data = array(
'file' => $uploaded_file,
'user_name' => $user_name,
'type' => 'file'
);
mysql_query("INSERT INTO `phps3files` (`id`, `file`, `user_name`, `type`) VALUES (NULL, '" . $uploaded_file . "', '" . $user_name . "', 'file')") or die(mysql_error());
$message.= "File Successfully Uploaded.";
} else {
$message.="There is some error in upload. Please try after some time.";
}
}
} else {
$message.= "Upload Unsuccessful. Please Contact Administrator";
}
}
?>

<?php
require_once 'header.php';
?>

<html>
<head><br /><br /><br />
<font size="6" color="#c53800"><b>Upload:</b></font><br /><br />
</head>

<style>
button { background: #bi4e4e; color: red; }
</style>


<body>
<?php require_once 'header.php'; ?>

<!--<fieldset>-->
<form action="upload_file.php" method="post" enctype="multipart/form-data">

<div class="control-group">
<label for="file" class="control-label"><font size="6" color="#454545"><b>Choose a file to upload:</b></font></label>
<button type="button" onclick="getFilePathFromDialog();">ChooseFile</button>
<input type="text" id="filePath" name="filePath"/><br />
<input type="file" id="fileBrowser" name="fileBrowser"style="visibility:hidden; display:none;" />
<?php //echo form_error('file'); ?>
</div>

<script>
function getFilePathFromDialog() {
document.getElementById('fileBrowser').click();
document.getElementById('filePath').value =
document.getElementById('fileBrowser').value;
}
</script>
</html>

<div class="control-group">
<label></label>
<div class='controls'>
<input type="image" src="/images/upload.png" name="submit" value="Upload">
</div>
</div>
</form>


<?php
if ($message != "" || @$_SESSION['message'] != "") {
?>
<div class="alert alert-success">
<?php echo $message; ?>
<?php
echo @$_SESSION['message'];
@$_SESSION['message'] = '';
?>
</div>
<?php
}
?>
<div>
</div>

<?php require_once 'footer.php'; ?>

 

What is the meaning of the last qoute in this line? You have incorrect syntax here

$allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip" , "mov", "flv", "mp4", "3gp", ");

Maybe this is the only problem?

 

Also, you insert raw POST data into the MySQL. It's bad!

 

Then... What for do you "require_once 'header.php';" in 2 places???

Thanks for your reply.

I tried to quickly shorten the list of file formats, when copying it here, just so there would be less to read in this posting.

So, that last quote issue, isn't in the actual code.

And I was aware of the header in two places.

Which I've corrected. Not sure about your MySQL comment. Would that affect the browser issue?

Here's the revised code with no "last quote" and only one "header".

Any additional help will be greatly appreciated.

<?php
session_start();
require_once 'phps3integration_lib.php';
$message = "";
if (@$_POST['submit'] != "") {
$allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip" , "mov", "flv", "mp4", "3gp");
$extension = end(explode(".", $_FILES["fileBrowser"]["name"]));
if (($_FILES["fileBrowser"]["size"] < 10485760) && in_array($extension, $allowed_ext)) {
if ($_FILES["fileBrowser"]["error"] > 0) {
//$message.="There is some error in upload, see: " . $_FILES["fileBrowser"]["error"] . "<br>";//Enable this to see actual error
$message.="There is some error in upload. Please try after some time.";
} else {
$uploaded_file = uploaded_file_to_s3($_FILES["fileBrowser"], "uploads", true);
if ($uploaded_file != FALSE) {
$user_name = @$_POST['user_name'] != "" ? @$_POST['user_name'] : "Anonymous";
$form_data = array(
'file' => $uploaded_file,
'user_name' => $user_name,
'type' => 'file'
);
mysql_query("INSERT INTO `phps3files` (`id`, `file`, `user_name`, `type`) VALUES (NULL, '" . $uploaded_file . "', '" . $user_name . "', 'file')") or die(mysql_error());
$message.= "File Successfully Uploaded.";
} else {
$message.="There is some error in upload. Please try after some time.";
}
}
} else {
$message.= "Upload Unsuccessful. Please Contact Administrator";
}
}
?>

<html>
<head><br /><br /><br />
<font size="6" color="#c53800"><b>Upload:</b></font><br /><br />
</head>

<style>
button { background: #bi4e4e; color: red; }
</style>


<body>
<?php require_once 'header.php'; ?>

<!--<fieldset>-->
<form action="upload_file.php" method="post" enctype="multipart/form-data">

<div class="control-group">
<label for="file" class="control-label"><font size="6" color="#454545"><b>Choose a file to upload:</b></font></label>
<button type="button" onclick="getFilePathFromDialog();">ChooseFile</button>
<input type="text" id="filePath" name="filePath"/><br />
<input type="file" id="fileBrowser" name="fileBrowser"style="visibility:hidden; display:none;" />
<?php //echo form_error('file'); ?>
</div>

<script>
function getFilePathFromDialog() {
document.getElementById('fileBrowser').click();
document.getElementById('filePath').value =
document.getElementById('fileBrowser').value;
}
</script>
</html>

<div class="control-group">
<label></label>
<div class='controls'>
<input type="image" src="/images/upload.png" name="submit" value="Upload">
</div>
</div>
</form>


<?php
if ($message != "" || @$_SESSION['message'] != "") {
?>
<div class="alert alert-success">
<?php echo $message; ?>
<?php
echo @$_SESSION['message'];
@$_SESSION['message'] = '';
?>
</div>
<?php
}
?>
<div>
</div>

<?php require_once 'footer.php'; ?>

Well I just tried to piece this together on my server and I can tell you there are a ton of issues with the script in all sections of it.  You have huge html errors, like a closing </html> in the middle of the page.  You're also using the dreaded @ to supress php errors which is a totally terrible idea.  Then I still can't figure out why you are even trying to do it this way rather than using a normal file input form element.  The js you have isn't going to really do anything for you over the file input.  Plus you can't get the real file path of the client file in the browser for security reasons, it's just not possible.  I know you asy you don't want to start over but seriously you need to, this thing is a complete mess and will not work accurately in all browsers with this convoluted workaround of a standard file input.

 

Here is a decent file upload tutorial with basic security taken into account https://www.youtube.com/watch?v=PRCobMXhnyw

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.