PDA

View Full Version : File field attributes


Rich_A06
03-25-2007, 01:53 PM
I've searched file+field but couldn't find what I was after.

I have a form with some text fields and one file field. The text fields work but I think the .PHP script might need some more code to handle the upload. Is it possible to add code to the current script as I don't want to have to add another form.

Before adding the file field to my site I'd like to set some parameters, i.e. max file size and file type. How can I do this? I'd like the file to be sent to my Inbox along with the text field results?

domedia
03-25-2007, 04:01 PM
What do you want your form to do with the file and the values in the fields?

Rich_A06
03-25-2007, 04:26 PM
OK go here http://www.eoaa.org/Main/GTR2/driver%20qualification.htm

That page is obviously not right at all but that form at the bottom is all one form. The form includes a table, 8 text fields and a file field. The text fields work and I receive them by mail. If I try to browse to a small file it's not attached to the post.

What I want is to have it all sent by post when I press that Submit button. And I'd also like to set max file size and set file types. Seems a little over my head but I've done difficult things before. :)

domedia
03-25-2007, 08:49 PM
Gotcha, you want to attach a file to an email.
Moving to the scripting forum.

Rich_A06
03-25-2007, 10:11 PM
Seems both my post were deleted. Not to worry, I'll start again.

I basically want to have file fields and text fields in the same form and press one button 'Submit' to send it all to me by email. The text fields work , I get an email as I've made the correct .PHP file. So how can I add file fields to the same form? I've looked at guides and it doens't look as simple as the text fields method. But I'd like to know first if it's even possible to add some code to the .PHP so that the file fields work? I imagine I'd get the files as an attachment in an email?

chriskq
03-26-2007, 12:57 AM
good question actually Rich.

something that i havnt done. But im sure someone here knows how to do this. I assume it would involve in using a php function to parse the attachment into the body of variables your sending to your email address.

This is were the php manual becomes useful.

chriskq
03-26-2007, 12:59 AM
is ur input element coded like this:

<input name="userfile[]" type="file" />

domedia
03-26-2007, 06:28 AM
This is the third thread you've started on this Rich :)
I'm merging this with the original

Rich_A06
03-26-2007, 04:54 PM
I'm not bothered if I get the file by email or if it's put on my domain. I've searched around and found some script that uploads to my domain. I don't mind if there are two seperate forms either, one for text and another for the file. The problem is I don't know what lines to change in the .PHP or where to put the .PHP file!

I found this code for the form code.

<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
<input type="file" name="uploadFile">
<input type="submit" value="Upload File">
</form>

These values seem to be in the .PHP I found too. This is the script I found.

<?php
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv vvvvvvvvvv
// You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 2000000;

//Allowable file ext. names. you may add more extension names.
$FILE_EXTS = array('.zip','.jpg','.png','.gif','.doc');

//Allow file delete? no, if only allow upload only
$DELETABLE = true;


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv vvvvvvvvvv
// Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^
/************************************************** **********
* Setup variables
************************************************** **********/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

/************************************************** **********
* Create Upload Directory
************************************************** **********/
if (!is_dir("files")) {
if (!mkdir($upload_dir))
die ("upload_files directory doesn't exist and creation failed");
if (!chmod($upload_dir,0755))
die ("change permission to 755 failed.");
}

/************************************************** **********
* Process User's Request
************************************************** **********/
if ($_REQUEST[del] && $DELETABLE) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
fclose($resource);

if (strpos($_REQUEST[del],"/.")>0); //possible hacking
else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking
else if (substr($_REQUEST[del],0,6)==$upload_dir) {
unlink($_REQUEST[del]);
print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
}
}
else if ($_FILES['userfile']) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
.$_FILES['userfile']['name']." "
.$_FILES['userfile']['type']."\n");
fclose($resource);

$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

//File Size Check
if ( $_FILES['userfile']['size'] > $MAX_SIZE)
$message = "The file size is over 2MB.";
//File Extension Check
else if (!in_array($file_ext, $FILE_EXTS))
$message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
else
$message = do_upload($upload_dir, $upload_url);

print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else
$message = "Invalid File Specified.";

/************************************************** **********
* List Files
************************************************** **********/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
if(!is_dir($file) && !is_link($file)) {
$filelist .= "<a href='$upload_dir$file'>".$file."</a>";
if ($DELETABLE)
$filelist .= " <a href='?del=$upload_dir".urlencode($file)."' title='delete'>x</a>";
$filelist .= "<sub><small><small><font color=grey> ".date("d-m H:i", filemtime($upload_dir.$file))
."</font></small></small></sub>";
$filelist .="<br>";
}
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name'];
$file_name = str_replace("\\","",$file_name);
$file_name = str_replace("'","",$file_name);
$file_path = $upload_dir.$file_name;

//File Name Check
if ( $file_name =="") {
$message = "Invalid File Name Specified";
return $message;
}

$result = move_uploaded_file($temp_name, $file_path);
if (!chmod($file_path,0777))
$message = "change permission to 777 failed.";
else
$message = ($result)?"$file_name uploaded successfully." :
"Somthing is wrong with uploading a file.";
return $message;
}

?>

<center>
<font color=red><?=$_REQUEST[message]?></font>
<br>
<form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
Upload File <input type="file" id="userfile" name="userfile">
<input type="submit" name="upload" value="Upload">
</form>

<br><b>My Files</b>
<hr width=70%>
<?=$filelist?>
<hr width=70%>
<small><sup>Developed By
<a style="text-decoration:none" href="http://tech.tailoredweb.com">TailoredWeb.com</a>
</sup></small>
</center>

Rich_A06
03-26-2007, 11:06 PM
Right I've managed to get the upload form working and I think I can merge the two fields into one but I have this one problem where it only works if I put the php file in the root directory. The text form works no matter where I put it so there must be some invalid paths in the php for my file fields.

Here's what I use for the file fields.

<?php
// ==============
// Configuration
// ==============
$uploaddir = "uploads/GTR2/hotlaps"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!
$allowed_ext = "Vcr"; // These are the allowed extensions of the files that are uploaded
$max_size = "1000000"; // 50000 is the same as 50kb
$max_height = ""; // This is in pixels - Leave this field empty if you don't want to upload images
$max_width = ""; // This is in pixels - Leave this field empty if you don't want to upload images

// The Upload Part
if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}
print "Your file has been uploaded successfully! Yay!";
} else {
print "Incorrect file extension!";
}
?>

And it works but only if the php file is in my root. If I put the php in another folder i.e. uploads/GTR2/ and direct the form to that same php file I get this error.

Warning: move_uploaded_file(uploads/GTR2/hotlaps/Anderstorp_070313_2311 HOT LAP.Vcr) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/eoaaaorg/public_html/uploads/GTR2/hotlaps.php on line 43

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpiX2Uxt' to 'uploads/GTR2/hotlaps/Anderstorp_070313_2311 HOT LAP.Vcr' in /home/eoaaaorg/public_html/uploads/GTR2/hotlaps.php on line 43
Your file has been uploaded successfully! Yay!

Is it 'The Upload Part' paths that needs changing? I really do appreciate any help you can give and I sure would like to understand this error.

Rich_A06
03-27-2007, 03:05 PM
Right I really need to learn a bit of basic PHP but this is what I threw together and it works so you could use it too.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>EOAA Join</title>
</head>

<body><?php
//--------------------------Set these paramaters--------------------------

// Subject of email sent to you.
$subject = 'Driver qualification';

// Your email address. This is where the form information will be sent.
$emailadd = 'admin@eoaa.org';

// Where to redirect after form is processed.
$url = 'http://www.eoaa.org/Main/GTR2/driver%20qualification%20redirect.htm';

// Makes all fields required. If set to '1' no field can not be empty. If set to '0' any or all fields can be empty.
$req = '1';

// --------------------------Do not edit below this line--------------------------
$text = "Results from form: Driver qualification\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 20)
{echo "Name of form element $key cannot be longer than 20 characters";die;}
$j = 20 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
?>
<?php
// ==============
// Configuration
// ==============
$uploaddir = "uploads/GTR2/hotlaps"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!
$allowed_ext = "Vcr"; // These are the allowed extensions of the files that are uploaded
$max_size = "1000000"; // 50000 is the same as 50kb
$max_height = ""; // This is in pixels - Leave this field empty if you don't want to upload images
$max_width = ""; // This is in pixels - Leave this field empty if you don't want to upload images

// Check Entension
$extension = pathinfo($_FILES['file']['name']);
$extension = $extension[extension];
$allowed_paths = explode(", ", $allowed_ext);
for($i = 0; $i < count($allowed_paths); $i++) {
if ($allowed_paths[$i] == "$extension") {
$ok = "1";
}
}

// Check File Size
if ($ok == "1") {
if($_FILES['file']['size'] > $max_size)
{
print "";
exit;
}

// Check Height & Width
if ($max_width && $max_height) {
list($width, $height, $type, $w) =
getimagesize($_FILES['file']['tmp_name']);
if($width > $max_width || $height > $max_height)
{
print "";
exit;
}
}

// The Upload Part
if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}
print "";
} else {
print "";
}
?>
</body>
</html>

It is two PHP scripts in the same file! This is the result http://www.eoaa.org/Main/GTR2/driver%20qualification.htm

I get an email and the .Vcr file is uploaded to my FTP. So I assume that .php files can't jump directly from one folder to another and that is why the .php file has to go in the root directory.

Well I'm very please with that page, but the only thing I was concerned about is whether or not it's secure? There is a max file size rule and file type rule but could someone possible upload a mallicious program by somehow disguising a file as a .Vcr file?

Rich_A06
03-28-2007, 02:18 AM
Yes I can rename any file to .Vcr and it uploads so it can't be secure unless it's impossible to write a mallicious program with a .Vcr extension?

Rich_A06
03-30-2007, 11:45 PM
PLEASE tell me if you think this could potentially lead to a nasty program being run on the server and causing havok? If there's even the slightest risk I'll close it down.

??