upload with file checking

@razstecMar 13.2012

Hi guys, i have this script that uploads thru ftp, the upload is working now i need to make some verifications but im new to php i belive its something like this, can someone take a look?

thanks

[code=php]<html> <head> </head> <body> <?php ini_set(‘display_errors’, 1); ini_set(‘log_errors’, 1); ini_set(‘error_log’, dirname(__FILE__) . ‘/log/error_log.txt’); error_reporting(E_ALL);

set_time_limit(0);

if( $_SERVER[‘REQUEST_METHOD’]==’POST’ ) { echo ($_GET[‘stud’]); echo ($_GET[‘exam’]); echo ($_GET[‘center’]); echo ($_GET[‘pat’]); echo ($_GET[‘visit’]); $data == date()

if ($_POST[“arquivo”]==””) echo “<script>alert(‘File is empty’);windows.close();</script>”

if substr($arquivo, -4) <> “.zip” echo “<script>alert(‘Only Zip files are allowed’);windows.close();</script>”

$filepath = ($_GET[‘stud’]”/”$_GET[‘pat’]);

if (file_exists($filepath) else {mkdir($filepath);}

$nomefile = ($stud+_+$exam+_+$center+_+$pat+_+$visit+_+$data+”.zip”)

rename($_POST[“arquivo”], $nomefile);

var_dump( $_FILES );//apenas para debug retirar no fim

$servidor = ‘22.22.20.2’; $caminho_absoluto = $filepath; $arquivo = $_FILES[‘arquivo’];

$con_id = ftp_connect($servidor) or die( ‘No conectou em: ‘.$servidor ); ftp_login( $con_id, ‘c12c’, ‘1234’ );

ftp_put( $con_id, $caminho_absoluto.$arquivo[‘name’], $arquivo[‘tmp_name’], FTP_BINARY ); }

?> <form action=”” method=”post” enctype=”multipart/form-data”> <input type=”file” name=”arquivo” /> <input type=”submit” name=”enviar” value=”Enviar” /> </form> </body> </html> [/code]

to post a comment

PHP

5 Comments(s) _↴

@badbenMar 13.2012 — #when uploading a file you should check not only the extension but also that is the correct mime type also and that the filesize is not too large.

I would also use the native php functions for checking the extension.

There is an example script here php file upload that you can take as an example or just take the necessary bits from.

You may not need the whole function as it also checks for valid images if necessary although from the code you have posted I am assuming that you I am assuming that you only need zip files.

I list of mime types is available here MIME types.

@razstecauthorMar 15.2012 — #thanks, i will defenelly check them.

@razstecauthorMar 15.2012 — #Hi, made some experiments with your example and others from the web, think i made something wrong with the myme check and the rename :s

the rest seems to work

[code=php]<html>
 <head>
 </head>
 <body>
 <?php
 ini_set('display_errors', 1);
 ini_set('log_errors', 1);
 ini_set('error_log', dirname(__FILE__) . 'error_log.txt');
 error_reporting(E_ALL);
 
 
 set_time_limit(0); 
 
 if( $_SERVER['REQUEST_METHOD']=='POST' )
 {
 
 
 $arquivo = $_FILES[&#8216;arquivo&#8217;];
 
 print_r($arquivo);
 
 
 
 
 $stud=(estudo);
 $exam=(exame);
 $center=(centro);
 $pat=(pat);
 $visit=(visit);
 $data = date (&#8220;j/m/Y&#8221;);
 $path1=(upload);
 $path2=(xpto);
 
 
 
 $filepath = ($path1. '/' .$path2); 
 
 /**
 * $_GET['stud']'/'$_GET['pat']
 */
 
 if ($_FILES["arquivo"]=="") echo "<script>alert('File is empty');</script>";
 
 
 if ($arquivo['size']>15000000)
 
 {
 
  exit('Arquivo muito grande. Tamanho m&#225;ximo permitido 15MB. O arquivo enviado cont&#233;m '.round($arquivo['size']/1024).'kb'); 
 
 }
 
 
 
 
 if (substr($arquivo, -4) <> ".zip" || $arquivo['type'] == "multipart/x-zip" || $arquivo['type']== "application/zip" || $arquivo['type'] == "application/x-zip-compressed" || $arquivo['type'] == "application/x-compressed") echo "<script>alert('Only Zip files are allowed');</script>";
 
 
 
 if (file_exists($filepath)== "") {mkdir($filepath);}
 
 
 $nomefile = (nomemaradoblablabla.zip);
 
 /**
 *  $stud'.'$exam'.'$center'.'$pat'.'$visit'.'$data'.zip'
 */
 
  rename($_FILES["arquivo"], $nomefile);
 
  echo $_FILES["arquivo"];
 
 
   var_dump( $_FILES ); //apenas para debug retirar no fim
 
   $servidor = '22.22.22.22';
   $caminho_absoluto = $filepath;
   $arquivo = $_FILES['arquivo'];
 
   $con_id = ftp_connect($servidor) or die( 'No conectou em: '.$servidor );
   ftp_login( $con_id, 'user', '1234' );
 
   ftp_put( $con_id, $arquivo['name'], $arquivo['tmp_name'], FTP_BINARY );
 }
 
 ?>
 <form action="" method="post" enctype="multipart/form-data">
 <input type="file" name="arquivo" />
 <input type="submit" name="enviar" value="Enviar" />
 </form>
 </body>
 </html>
 [/code]

thanks

@kristovaherMar 15.2012 — #Oh gosh this code looks ugly, would you please try to write it consistently using at least some coding standards?

You basically throw the alert there right now with the following conditions:
[LIST]

[*]If the file extension [B]IS NOT[/B] .zip

[*]If all MIME type [B]IS [/B]zip

[/LIST]

@razstecauthorMar 15.2012 — #iv change the since this post, now im just having trouble checking folder and file and creating folder.

is this better?

[code=php]
 <html>
 <head></head>
 <body>
 
 <?php
 
 ini_set('display_errors', 1);
 ini_set('log_errors', 1);
 ini_set('error_log', dirname(__FILE__) . 'error_log.txt');
 error_reporting(E_ALL);
 
 set_time_limit(0); 
 
 
 if( $_SERVER['REQUEST_METHOD']=='POST' )
 {
 
 $stud=(estudo);
 $exam=(exame);
 $center=(centro);
 $pat=(pat);
 $visit=(visit);
 $data = date("d/m/Y"); 
 $path1=(upload);
 $path2=(xpto);
 
 
 $arquivo = $_FILES['arquivo'];
 
 
 if ($_FILES["arquivo"]=="") echo "<script>alert('File is empty');</script>";
 
 
 if (substr($arquivo, -4) == ".zip" || $arquivo['type'] == "multipart/x-zip" || $arquivo['type']== "application/zip" || $arquivo['type'] == "application/x-zip-compressed" || $arquivo['type'] == "application/x-compressed")
 
 {
 if ($arquivo['size']>500000000)
 {
 exit('Arquivo muito grande. Tamanho m&#225;ximo permitido 500MB. O arquivo enviado cont&#233;m '.round($arquivo['size']/1024).'kb'); 

 }
 
   $novonome =  $data.'_'.$stud.'_'.$exam.'_'.$center.'_'.$pat.'_'.$visit.'.zip';
 
   /**
   * $_GET['stud']'/'$_GET['pat']
   */
 
   $dir = "upload/".$stud."/".$pat."/"; 
 
   var_dump( $_FILES );          //apenas para debug retirar no fim
 
   $servidor = '22.22.22.22';
   $caminho = $dir.$novonome;
   $arquivo = $_FILES['arquivo'];
 
   $con_id = ftp_connect($servidor) or die( 'No Connection at: '.$servidor );
  ftp_login( $con_id, 'user', '1234' );
 
 
   if (file_exists($dir)) {
   } else {
   if (ftp_mkdir($con_id, $dir)) {
   echo "successfully created $dirn";
   } else {
   echo "There was a problem while creating $dirn";
   }
   }
 
   if (file_exists($caminho )) {
   echo "<script>alert('That file already exist!');</script>";
   } else {
   ftp_put( $con_id, $caminho, $arquivo['tmp_name'], FTP_BINARY );
   ftp_close($con);
   }
 }
 else
 {
 echo "<script>alert('Only Zip files are allowed');</script>";
 }
 }
 ?>
 <form action="" method="post" enctype="multipart/form-data">
 <input type="file" name="arquivo" />
 <input type="submit" name="enviar" value="Enviar" />
 </form>
 </body>
 </html>
 
 
 [/code]

im sorry if its a little messy but this is my first script in php.

Also in #PHP _↴

php mysql help unexpected T_ENCAPSED_AND_WHITESPACE Extracting specific data from XML

Success!

Help @razstec spread the word by sharing this article on Twitter...

Tweet This

upload with file checking

5 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

upload with file checking

5 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

5 Comments(s) _↴

Also in #PHP _↴