Jump to content

PHP $_FILES operation problem

oz11

By oz11
in PHP Coding Help

 Share
Go to solution Solved by mac_gyver,

Recommended Posts

oz11 Advanced Member

oz11

Posted
Posted (edited)

For some reason, my file upload is not running. Could someone glance over this code for me...

I'm having trouble POSTING (or whatever) the $_FILES array information. Never used this type much in the past.

proceed_2.php (goto: from form) 

<?php
    include 'includes/config.php';
    session_start();
    date_default_timezone_set('Europe/London');
    ?>
<div id='main'>
<?php
 
$err = 0;
if(isset($_POST["submit"])) {
  if(empty($_POST['title'])){
    echo "Missing title";
    $err=1;
  }
    if(empty($_POST['tags'])){
    echo "Missing tags";
    $err=1;
  }
  if(empty($_POST['descr'])){
    echo "Missing description";
    $err=1;
  }
  if( empty($_POST['descr']) OR empty($_POST['tags']) OR empty($_POST['title'])){
    echo "Eror missing values";
    exit();
  }

}


if (isset($_POST['title']) AND isset($_POST['descr']) AND $_POST['tags']){
        $newDate = date('Y-m-d H:i:s', strtotime($expired. ' +1 minutes'));
        $sql = "UPDATE `users` SET `expired` = ? WHERE `users`.`user_id` = ?;";
        $stmt= $pdo->prepare($sql);
        $stmt->execute([$newDate, $_SESSION['userID']]);
        echo "<b>Submitted thanks!</b>";

$le_random_string = 
bin2hex
(
random_bytes
(
2
));

// ------------ INSERT INTO DB - START ---------------- 
$sql = "INSERT INTO pending (url, title, terms, user_id, description, is_upload) VALUES (?,?,?,?,?,?)";
$stmt= $pdo->prepare($sql);
$stmt->execute([$_POST['fileuploadname'], $_POST['title'], $_POST['tags'], $_SESSION['userID'], $_POST['descr'], 1]);
// ------------ INSERT INTO DB - END ----------------


// -- FILE OPERATION -START
$target_dir = "data/pending/";
if(isset($_FILES["fileToUpload"]["name"])){
$target_file = $target_dir .  "11".$le_random_string.basename($_FILES["fileToUpload"]["name"]);

$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));

// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
  $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
  if($check !== false) {
    //echo "File is an image - " . $check["mime"] . ".";
    $uploadOk = 1;
  } else {
    //echo "File is not an image.";
    //$uploadOk = 0; //
    $uploadOk = 1; // <--
  }
}

// Check if file already exists
if (file_exists($target_file)) {
  echo "Sorry, file already exists.";
  $uploadOk = 0;
}

// Check file size
if (isset($_FILES["fileToUpload"]["size"]) AND $_FILES["fileToUpload"]["size"] > 500000) {
  echo "Sorry, your file is too large.";
  $uploadOk = 0;
}

// Allow certain file formats
if($imageFileType != "pdf" && $imageFileType != "txt") {
  echo "Sorry, only PDF & TXT files are allowed.";
  $uploadOk = 0;
}

// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
  echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
  if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
    echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
    echo "<br><br><b>Hash:</b><br>".hash_file('md5', 'data/pending/'.$_FILES["fileToUpload"]["name"]);
  } else {
    echo "Sorry, there was an error uploading your file.";
  }
}}
// -- FILE OPERATION -END*/


        header ("location: submit.php?back=201"); // SUBMITTED AND RETURNED TO MESSAGE
        include 'includes/top_bottom/footer.php';
        exit();
                }
        ?>
    //echo $status;
    
    <form name="form" method="post" action="">
            <input type="hidden" name="randcheck" value="<?php echo $_POST['randcheck']; ?>">
            <input type="hidden" name="title" value="<?php echo $_POST['title']; ?>">
            <input type="hidden" name="tags" value="<?php echo $_POST['tags']; ?>">
            <input type="hidden" name="descr" value="<?php echo $_POST['descr']; ?>">
       <input type="hidden" name="fileuploadname" value="<?php echo basename($_FILES['fileToUpload']['name']); ?>">



}

upload_file.php (form)
  

<form action="proceed_2.php" method="post" enctype="multipart/form-data">
<div class="boxer">
        <div class="box-row">
        <div class="box" style="padding: 10px; border: 0px;">Document title: </div>
        <div class="box" style="padding: 10px; border: 0px;"><input type="text" name="title" style="width:400px;" value="<?php if(isset( $_POST['title'])) echo $_POST['title']; ?>"><br></div>
    </div>
    <div class="box-row">
        <div class="box" style="padding: 10px; border: 0px;">Descriptive tags: </div>
        <div class="box" style="padding: 10px; border: 0px;"><input type="text" name="tags" placeholder="tag1, tag2, tag3, etc."  style="width:400px;" value="<?php if(isset($_POST['tags'])) echo $_POST['tags']; ?>"><br><small>Sperate by comma or space</small></div>
    </div>
      <div class="box-row">
        <div class="box" style="padding: 10px; border: 0px;">Description: </div>
        <div class="box" style="padding: 10px; border: 0px;"><textarea  name="descr" style="width:400px; height: 100px;" placeholder="(Optional)" ><?php if(isset($_POST['descr'])) echo $_POST['descr']; ?></textarea></div>
    </div>
       <div class="box-row">
        <div class="box" style="padding: 10px; border: 0px;">Published year: </div>
        <div class="box" style="padding: 10px; border: 0px;"><input type="text" name="tags" placeholder="Year, eg: '2028'"  style="width:400px;" value="<?php if(isset($_POST['publ_date'])) echo $_POST['publ_date']; ?>"><br><small></small></div>
    </div>


</div>

<div style="background-color: white; border: 1px solid black; padding: 20px; margin: 10px; border-radius: 20px;">
  <input type="file" name="fileToUpload" id="fileToUpload">
<input style="padding: 10px;" type="submit" value="Upload Document" name="submit">
</form>

I just keep an eye on the upload folder and nothing gets written. :S
I chopped up the code abit to be posted, if it fails then I can post the whole thing.. 

note: some mistakes here, because the code was chopped up to e shown here. But, generally, the question is still relevant. 

 

What me doing wrong :S I thought it would just work like any POST value..?..

...

Everything works fine.. just not getting the data into this [extract]... 
  

// -- FILE OPERATION -START
$target_dir = "data/pending/";
if(isset($_FILES["fileToUpload"]["name"])){
$target_file = $target_dir .  "11".$le_random_string.basename($_FILES["fileToUpload"]["name"]);

$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));

// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
  $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
  if($check !== false) {
    //echo "File is an image - " . $check["mime"] . ".";
    $uploadOk = 1;
  } else {
    //echo "File is not an image.";
    //$uploadOk = 0; //
    $uploadOk = 1; // <--
  }
}

// Check if file already exists
if (file_exists($target_file)) {
  echo "Sorry, file already exists.";
  $uploadOk = 0;
}

// Check file size
if (isset($_FILES["fileToUpload"]["size"]) AND $_FILES["fileToUpload"]["size"] > 500000) {
  echo "Sorry, your file is too large.";
  $uploadOk = 0;
}

// Allow certain file formats
if($imageFileType != "pdf" && $imageFileType != "txt") {
  echo "Sorry, only PDF & TXT files are allowed.";
  $uploadOk = 0;
}

// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
  echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
  if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
    echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
    echo "<br><br><b>Hash:</b><br>".hash_file('md5', 'data/pending/'.$_FILES["fileToUpload"]["name"]);




  } else {
    echo "Sorry, there was an error uploading your file.";
  }
}}
// -- FILE OPERATION -END*/

..where is $_FILES["fileToUpload"]? Is it reaching? ..

Quote

if(isset($_FILES["fileToUpload"]["name"])){

 

Edited by oz11
slight alt to code 3
Link to comment
Share on other sites
  • Solution
mac_gyver Prolific Member

mac_gyver

Posted
  • Solution
Posted

don't attempt to test if a submit button is set. there are cases where it won't be. one of these cases is if the total size of the form data exceeds the post_max_size setting on the server, both the $_POST and $_FILES arrays will be empty. you should instead test if a post method form was submitted - if($_SERVER['REQUEST_METHOD'] === 'POST'), then test if there is $_POST and/or $_FILES data, before referencing any of the form data.

after you have tested that there is data in $_FILES, you must test the ['error'] element to make sure that the file upload was successful. there's a list of the possible error values in the documentation - https://www.php.net/manual/en/features.file-upload.errors.php

after you have determined that the file uploaded without any error, you can test/use the uploaded file information.

Link to comment
Share on other sites
oz11 Advanced Member

oz11

Posted
  • Author
Posted (edited)

Hey! Thanks!

I updated a bit of code
Rendition:  

$err = 0;
if($_SERVER['REQUEST_METHOD'] === 'POST'){ if(isset($_POST["submit"])) {
  if(empty($_POST['title'])){
    echo "Missing title";
    $err=1;
  }
    if(empty($_POST['tags'])){
    echo "Missing tags";
    $err=1;
  }
  if(empty($_POST['descr'])){
    echo "Missing description";
    $err=1;
  }
  if( empty($_POST['descr']) OR empty($_POST['tags']) OR empty($_POST['title'])){
    echo "Eror missing values";
    exit();
  }
  if(empty($_FILES["fileToUpload"]["name"])){
        echo "Eror missing upload";
    exit();
  }
    if($_FILES["fileToUpload"]["error"]!='0'){
        echo "Eror in upload --";
        echo $_FILES["fileToUpload"]["error"];
        echo "--";
    exit();
  }
}}

It checks through without problem , echos name and error (which was zero/0).. but when the captcha form at the bottom of the page is run then the $_FILE goes blank.. ("form after form")
help. Maybe my code is just really problem'd. ? Sure,it looks troubled but, what do i do ? How do i make it persist...? I normally just shove them (like now) in hidden inputs.. security problem?

Edited by oz11
Link to comment
Share on other sites
oz11 Advanced Member

oz11

Posted
  • Author
Posted (edited)

Nevermind I think if i rejigg the parts of the code i can get it to "fit" better. Thanks again. :) I know the limitations of the code i posted especially with the capacha part and order.

Edited by oz11
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.