This is really a small-ish project, you're correct, not sure what you're asking, for code or a reference to a script? Personally I wouldn't waste time looking for one, an afternoon and several cups of coffee should do it.

Yeah, thing is I'm not sure what code I should be using.

Should I try and hack a script out there or attempt to bodge one together? I have not worked with file uploading before.

Hi there Surrealillusions,

>>I have not worked with file uploading before.

No time like the present then, it isn't as difficult as you think to get a simple uploader script going, just start off 'bare bones' and when you get stuck, just post and there are loads of people here who can assist in getting it right ;)

Just remember declare your form like this:-

<form method="post" enctype="multipart/form-data" action="path/to/file/ProcessUpload.php"> <--main declartion
<input type="files" name="Upload_file"><-- This opens the choose file dialogue
<input type="submit" name="submit" value="Upload Files!">
</form>

Then in the php receiver script you need the: $_FILES array:-

$file_name = $_FILES['Upload_file']['name'];
$file_temp = $_FILES['Upload_file']['tmp_name'];
$file_size = $_FILES['Upload_file']['size'];

for handling the file submitted, you can check the file size with this data, but any other data sent within the form is still treated as $_POST data, $_FILES is only associated with the input with the attribute type="file"

Just a couple of pointers there, as Rocknbil suggests, pot of coffee half an afternoon should get this working nicely I think.

Good Luck!

Cheers,
MRb

Thanks.

You missed one bit off the input form:
<input type="hidden" name="MAX_FILE_SIZE" value="500000" />

Anyway, have got somewhere. Managed to implement the form inputs, and have got the php script to detect if its 0kb, then it says no photo is uploaded, and if its over 500kb, then it displays an error saying photo is too large.

Now I need a way of moving the temp. file to an actual location but my first attempts have been met with quite a few errors:

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpLOUsj2' to '/uploads/uploadedphoto.jpg' in /var/www/larc/quote.php on line 142

lines 141 and 142 are:

$uploads_dir = '/uploads';
move_uploaded_file($file_temp, "$uploads_dir/$file_name");

Any further guidance would be appreciated :)

Hi there surrealillusions,

>>You missed one bit off the input form:
<input type="hidden" name="MAX_FILE_SIZE" value="500000" />

Not really, though it was only an example :), I usually go by what's set in the ini file, which by default is 2MB I think, then if I need to I can dynamically alter that using ini_set('upload_max_filesize', '3145728') and what ever I have as a value in the DB, that example sets it to 3MB (1024*1024*3 = 3145728)

Your error's
$uploads_dir = '/uploads';//if it's the same directory just use $uploads_dir = 'uploads'; instead :)
move_uploaded_file($file_temp, $uploads_dir."/".$file_name);

I usually do this:-

if (is_uploaded_file($file_temp)){

//If the file is present, move it to the upload dir
//This is where the name is over written if you have another file name in mind..
move_uploaded_file($file_temp, $uploads_dir."/".$file_name);
//
.
rest of the script
.

Other than that, make sure that the directory is writable and that the filepath is correct, I assume that your process file is in the same directory as the form file?

Also, just referencing the ini file settings, just check that this: "file_uploads = On" is on :)

Good luck, and again, once the basics are there you can tweek as you need to. This is weird really as I have been considering doing this as a class just recently.

Cheers,
MRb

An aside, max file size is not needed in the form, you should keep this OFF your form and configure it via php.ini or .htaccess, per directory (safer.) A comparison is putting the send-to email address in a mailer form; don't give the malicious any more info than required.

The problem with your error:

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpLOUsj2' to '/uploads/uploadedphoto.jpg' in /var/www/larc/quote.php on line 142

You're confusing browser paths with full server paths. PHP refers to includes, etc. via the full server path. What's confusing is that sometimes these are the same as what you use in web page output, sometimes they are not. See the bolded above? When you move your file you are doing

/uploads/uploadedphoto.jpg

but note how this will try to put it at your server root, next to the /var directory. Your script won't have permissions to do that.

Here is what you probably want:

$display_dir = '/uploads';
$uploads_dir = $_SERVER['DOCUMENT_ROOT'] . $display_dir;
move_uploaded_file($file_temp, "$uploads_dir/$file_name");
// this will move it to /var/www/uploads/$file_name

Use $uploads_dir for any file operations, but use $display_dir in any page output:

echo "<img src=\"$display_dir/$file_name\">";

Keep in mind some servers append document_root with a / as revealed by Readie recently, if that happens strip it off.

I seem to have gone backwards, and I dont know why.

I have this as the check for the right file type and size:

$extensions = array('.png', '.gif', '.jpg', '.jpeg','.PNG', '.GIF', '.JPG', '.JPEG');
$valid_extensions = '.png , .gif, .jpg, .jpeg';
$extension = strrchr($_FILES['userfile']['name'], '.');

if($_FILES['uploadfile']['size'] === 0 || empty($_FILES['uploadfile']['tmp_name'])) {
$errorArray['fileupload'] = "No Photo found. Please upload one.";
$errornum++;
} else if (!in_array($extension, $extensions))
{
$errorArray['fileupload'] = "Wrong file type. Please upload only jpg's.";
$errornum++;
} else if($_FILES['uploadfile']['size'] > 500000) {
$errorArray['fileupload'] = "Photo is too large. Please use a smaller one.";
$errornum++;
} 

No matter what I do, submit a blank entry, or the right file type and well within the size limit, I get the "Wrong file type. Please upload only jpg's." Error in the form.

I've gone back to when it was working properly, but it still behaves this way.


Edit: aahh! So simple..
$extension = strrchr($_FILES['userfile']['name'], '.');
should be
$extension = strrchr($_FILES['uploadfile']['name'], '.');

:D

Anyway..moving on..to moving files...lets see...

Hi there Surrealillusions,

Well, that catches us all out from time to time ;), the moving files part isn't that difficult to achieve either so good luck with that.

Just a note though, you can use strtolower() around the $_FILES['uploadfile']['name'] so that you can get rid of the uppercase entries in the array :)

Cheers,
MRb

Thanks all for the help.

Script is now more or less working all how I need it to be.

:)

Before you go much further with this,

aahh! So simple.

Let's make it even more simple but more importantly, more secure. Why can't I just write nasty-virus.exe and rename it innocent-image.jpg? I can . . . . so instead of

$extension = strrchr($_FILES['userfile']['name'], '.');

do something like this.
$img_type = $_FILES['userfile']['type'];
if (! preg_match('/jpe*g|gif|png/i',$img_type)) {
$errorArray['fileupload'] = '<li>You can only upload images in jpg, gif, or png format.</li>';
}

^^^
lol - lets keep the conventions the same eh? :)

should be
$extension = strrchr($_FILES['uploadfile']['name'], '.');

But yes, I like Rocknbils example there, I didn't know as there was another part to the files array called 'type' or is that just an example, as I thought there were only three parts to that? Either that or I have missed the point <AGAIN>.

So you even have it incrementally doing the file names then too and storing the URL's - that's work well done then, and another tick on the CV part 'Can do'!

Cheers,
MRb

Right, use whatever field you named the input type="file", there are four of them in this thread, I just picked one. Wrong one, apparently. :-P

lol

Thanks guys. Will add more in as I find more ways of securing the script.

:)

<OOP's>

I have just read up on the $_FILES array on php.net:[php.net ]
I had only ever thought as there were three - I should RTFM more often ;p

There are 5 parts to the files array! This is from php.net - I quote:-

[name] => MyFile.jpg
[type] => image/jpeg
[tmp_name] => /tmp/php/php6hst32
[error] => UPLOAD_ERR_OK
[size] => 98174

I didn't know about type & error, I think I shall vist my uploader class to see what I can change/add/improve, thanks Rocknbil for drawing my attention to that.

Cheers,
MRb