file_exists isn't working. I've looked at a few examples and still no go. Program does not detect the file. The path of my file is /var/www/osbs/PHPAPI/recording.mp3 and the website root is inside osbs. The location of this file is inside PHPAPI that is why I do not put full path in file_put_contents. The program is able to make the original recording.mp3 but not any appended versions of it.
<?php
$actual_name = pathinfo("PHPAPI/recording.mp3",PATHINFO_FILENAME);
$original_name = $actual_name;
$extension = pathinfo("PHPAPI/recording.mp3",PATHINFO_EXTENSION);
if ($_GET["RecordingUrl"]) {
if (file_exists("/var/www/osbs/PHPAPI/".$actual_name.".".$extension)) {
$actual_name = find_new_name($original_name, $extension);
}
else {
$actual_name = $original_name;
}
$name = $actual_name.".".$extension;
file_put_contents($name, file_get_contents($_GET["RecordingUrl"]));
}
function find_new_name ( $file, $extension ) {
$name = $file.".".$extension;
$i = 0;
while(file_exists("/var/www/osbs/PHPAPI/".$name)){
$new_name = $file.$i;
$name = $new_name.".".$extension;
$i++;
}
return $new_name;
}
?>
Your issue is with the file_put_contents. You need to specify a full path, and you only specify a file name. Try echoing $name just before using it, you'll see it's not a path, just a filename.
I would recommend you to set a constant at the begining of the file with the path instead of sometimes relying on relative paths and sometimes relying on absolute paths.
<?php
const SAVE_PATH = "/var/www/osbs/";
$actual_name = pathinfo(SAVE_PATH."PHPAPI/recording.mp3",PATHINFO_FILENAME);
$original_name = $actual_name;
$extension = pathinfo(SAVE_PATH."PHPAPI/recording.mp3",PATHINFO_EXTENSION);
if (isset($_GET["RecordingUrl"]) && $_GET["RecordingUrl"]) {
if (file_exists(SAVE_PATH."PHPAPI/".$actual_name.".".$extension)) {
$actual_name = find_new_name($original_name, $extension);
}
else {
$actual_name = $original_name;
}
$name = $actual_name.".".$extension;
file_put_contents(SAVE_PATH.'PHPAPI/'.$name, file_get_contents($_GET["RecordingUrl"]));
}
function find_new_name ( $file, $extension ) {
$name = $file.".".$extension;
$i = 0;
while(file_exists(SAVE_PATH."PHPAPI/".$name)){
$new_name = $file.$i;
$name = $new_name.".".$extension;
$i++;
}
return $new_name;
}
?>
What I changed:
Defined a const SAVE_PATH = "/var/www/osbs/";
Use the new constant everywhere. No more relative sometimes and absolute sometimes, it's all absolute.
Used the constant in file_put_contents (THIS IS THE ACTUAL FIX, YOU NEED A FULL PATH HERE)
Added an additional check to make sure RecordingUrl isset, otherwise you get a PHP warning when it's not set.
The problem seems to be in the first line of your script:
$actual_name = pathinfo("PHPAPI/recording.mp3", PATHINFO_FILENAME);
This will assign recording.mp3 to $actual_filename. You are then checking for recording.mp3.mp3 by concatenating the extension to the filename. I think you want to use PATHINFO_BASENAME which will return the filename sans extension.
Are you sure about the path? /PHPAPI looks for the file inside /PHPAPI, not the expected /var/www/osbs/PHPAPI/. You should check for PHPAPI/$filename instead.
You have to put your all logical in the find_new_name() function. That would made your code clearer
if ($_GET["RecordingUrl"]) {
$name = find_new_name("PHPAPI/recording.mp3");
file_put_contents($name, file_get_contents($_GET["RecordingUrl"]));
}
function find_new_name($name) {
$info = pathinfo($name);
$name = $info['basename'];
$i = 0;
while (file_exists("$info[dirname]/$name")) {
$name = sprintf('%s%d.%s', $info['filename'], ++$i, $info['extension']);
}
return "$info[dirname]/$name";
}
You forgot the path with the file_put_contents().
It should be:
file_put_contents("PHPAPI/".$name, file_get_contents($_GET["RecordingUrl"]));
Or:
file_put_contents("/var/www/osbs/PHPAPI/".$name, file_get_contents($_GET["RecordingUrl"]));
You are confused between URL of a file and its PATH
Your httdoc(or public_html ) root is /var/www/osbs/PHPAPI
But Your filesystem root is '/'
Try
file_put_contents( __DIR__.'/'.$name, file_get_contents($_GET["RecordingUrl"]));
there are lots of bad practices in your code
'file_exists' and a few other file calls like fstat are cached by php. This is documented in the manual for file_exists. Your first call when the file does not exists is saved and returned in subsequent calls. Use 'clearstatcache()' between calls to clear the cache.
A "little" refactoring:
Absolute path everywhere
Transparent function, more self-explanatory name, simpler use of argument
Protection against malicious input ($_POST really doesn't cut it)
Why file_put_contents() when you want to actually copy()
<?php
define("SRC_PATH", "/var/www/osbs/whereverYourSrcIs/");
define("SAVE_PATH", "/var/www/osbs/PHPAPI/");
function findAvailableName($name) {
$i = 1;
$pathinfo = pathinfo($name);
while(file_exists($name)) {
$name = $pathinfo['dirname'] . '/' . $pathinfo['filename'] . "." . $i++ . "." . $pathinfo['extension'];
}
return $name;
}
if (isset($_GET["RecordingUrl"]) && $_GET["RecordingUrl"]) {
if (strpos('/' . $_GET['RecordingUrl'] . '/', '/../') !== false) {
die("invalid input, don't be evil");
}
copy(SRC_PATH . $_GET["RecordingUrl"], findAvailableName(SAVE_PATH . "recording.mp3"));
}
Related
I am writing an application in PHP where the user submits a form of data and a file name is chosen based off of the data, like so:
$filename = "./savelocation/".$name."_".$identification."_".$date.'.txt';
I am trying to use the file_exists() function to check to see if a file with the same name exists. If it does, the final name is changed to prevent overwriting the submitted form data. Here is my implementation:
$file = "./savelocation/".$name."_".$identification."_".$date.'.txt';
$file = preg_replace('/\s+/', '', $file);
$filepath = "./savelocation/".$name."_".$identification."_".$date.'.txt';
if(file_exists($filepath))
{
$file = "./savelocation/"."INVALIDFILE".'.txt';
}
This prevents people from overwriting applications by changing the name to a single file which acts as the 'default file' in which it doesn't matter if it is overwritten. However, I know this is wrong. My logic was that the if statement would return true, which would execute the code inside of the statement changing the file name to the 'default file'. Is this even a good way to prevent duplicate submissions?
Try this...if there is a match on the file name, break from the loop and redirect
$userFile = $name."_".$identification."_".$date.'.txt;
$fileArray = glob('./savelocation/*');
$arrCount = count($fileArray);
$i = 1;
$msg = null;
foreach ($fileArray as $FA) {
$fileSubstring = str_replace("\.\/savelocation\/", "", $FA);
if ($i > $arrCount) {
break;
} else if ($userFile === $fileSubstring) {
$msg = 'repeat';
break;
} else null;
$i++;
}
if (isset($msg)) header('location: PageThatChastisesUser.php');
Alternatively, if you tweak your code a bit to change your file name, this should work:
if(file_exists($file)) {
$file = str_replace("\.txt", "duplicate\.txt", $file);
}
Change the file name in a way that identifies itself to you as a duplicate.
Here's one way of doing it:
$file = "./savelocation/".$name."_".$identification."_".$date.'.txt';
$file = preg_replace('/\s+/', '', $filen);
$filepath = "./savelocation/".$name."_".$identification."_".$date.'.txt';
$i = 1;
while(file_exists($filepath))
{
$filepath = "./savelocation/".$name."_".$identification."_".$date.'_'.$i.'.txt';
$i++;
}
The script I made is.
<?php
$source_file = 'http://www.domain.tld/directory/img.png';
$dest_file = '/home/user/public_html/directory/directory/img.png';
copy($source_file, $dest_file);
?>
I need that image to not be delete and reuploaded every time the script is running. I would either want it to be img1.png, img2.png, img3.png, etc. Or img(Date,Time).png, img(Date,Time).png, etc. Is this possible and if so, how do I do this?
If you're concerned with overwriting a file, you could just drop in a timestamp to ensure uniqueness:
$dest_file = '/home/user/public_html/directory/directory/img.png';
// /home/user/public_html/directory/directory/img1354386279.png
$dest_file = preg_replace("/\.[^\.]{3,4}$/i", time() . "$0", $dest_file);
Of if you wanted simpler numbers, you could take a slightly more tasking route and change the destination file name as long as a file with that name already exists:
$file = "http://i.imgur.com/Z92wU.png";
$dest = "nine-guy.png";
while (file_exists($dest)) {
$dest = preg_replace_callback("/(\d+)?(\.[^\.]+)$/", function ($m) {
return ($m[1] + 1) . $m[2];
}, $dest);
}
copy($file, $dest);
You may need to be using a later version of PHP for the anonymous function callback; I tested with 5.3.10 and everything worked just fine.
<?php
$source_file = 'http://www.domain.tld/directory/img.png';
$dest_file = '/home/user/public_html/directory/directory/img.png';
if(!is_file($dest_file)){
copy($source_file, $dest_file);
}
else{
$fname = end(explode('/',$dest_file));
$fname = time().'-'.$fname;
$dest_file = dirname($dest_file).'/'.$fname;
copy($source_file,$dest_file);
}
?>
use this code
This will add time before filename
$source_file = 'http://www.domain.tld/directory/img.png';
$dest_file = '/home/user/public_html/directory/directory/img'.uniqid().'.png';
copy($source_file, $dest_file);
uniquid gives you a unique Id which is rarely possible to overwrite...
also i would make folders for each month or related to the id of the image
like
mkdir(ceil($imgId / 1000), 0777);
You can use rename().
For Example:
rename ("/var/www/files/file.txt", "/var/www/sites/file1.txt");
Or
You can also use copy
$source_file = 'http://www.domain.tld/directory/img.png';
$dest_file = '/home/user/public_html/directory/directory/img.png';
if(!is_file($dest_file)){
copy($source_file, $dest_file);
}
Or if you want to add time it ,you can try like this.
$source="http://www.domain.tld/directory/";
$destn ="/home/user/public_html/directory/directory/";
$filename="image.png";
$ex_name = explode('.',$filename));
$newname = $ex_name[0].'-'.time().$ex_name[1]; //where $ex_name[0] is filename and $ex_name[1] is extension.
copy($source.filename,$destn.$newname );
How do I create a temporary file with a specified extension in php.
I came across tempnam() but using it the extension can't be specified.
Easiest way i have found is to create tempfile and then just rename it. For example:
$tmpfname = tempnam(sys_get_temp_dir(), "Pre_");
rename($tmpfname, $tmpfname .= '.pdf');
my way is using tempnam
$file = tempnam(sys_get_temp_dir(), 'prefix');
file_put_contents($file.'.extension', $data);
{
//use your file
}
unlink($file);//to delete an empty file that tempnam creates
unlink($file.'.extension');//to delete your file
This might simulate mkstemp() (see http://linux.die.net/man/3/mkstemp) a bit, achieving what you want to do:
function mkstemp( $template ) {
$attempts = 238328; // 62 x 62 x 62
$letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = strlen($letters) - 1;
if( mb_strlen($template) < 6 || !strstr($template, 'XXXXXX') )
return FALSE;
for( $count = 0; $count < $attempts; ++$count) {
$random = "";
for($p = 0; $p < 6; $p++) {
$random .= $letters[mt_rand(0, $length)];
}
$randomFile = str_replace("XXXXXX", $random, $template);
if( !($fd = #fopen($randomFile, "x+")) )
continue;
return $fd;
}
return FALSE;
}
So you could do:
if( ($f = mkstemp("test-XXXXXX.txt")) ) {
fwrite($f, "test\n");
fclose($f);
}
Let's say tempnam() gives you a file of "filename". You move it to "filename.ext". At any point, tempnam() can give you "filename" again. If you check for "filename.ext", reject the filename given by tempnam(), and call it again, you still end up with the possibility that between one step and another, a file will get created with the same name. (This is discussed in the user comments on the documentation page for tempnam(): https://www.php.net/manual/en/function.tempnam.php.)
However, if you just leave the file created by tempnam() alone (not deleting "filename" until you delete "filename.ext") and work with that filename + the extension, then there is no chance that tempnam() will use that filename again (as far as I can see). Yes, it is messy to have "filename" and "filename.ext" for every single file. On the other hand, it solves the problem.
public static function makeTempFileInFolder($prefix, $suffix, $folder="")
{
if (strlen($folder)==0) $folder = sys_get_temp_dir();
do {
$file = $folder."/".$prefix.rand(1,99999).time().$suffix;
} while (file_exists($file));
return $file;
}
The same as tempnam() except the additional parameter:
function tempnamp($dir, $prefix, $postfix) {
$maxAttempts = 1000;
// Trim trailing slashes from $dir.
$dir = rtrim($dir, DIRECTORY_SEPARATOR);
// If we don't have permission to create a directory, fail, otherwise we will
// be stuck in an endless loop.
if (!is_dir($dir) || !is_writable($dir)) return false;
// Make sure characters in prefix and postfix are safe.
if (strpbrk($prefix, '\\/:*?"<>|') !== false) return false;
if (strpbrk($postfix, '\\/:*?"<>|') !== false) return false;
// Attempt to create a random file until it works.
$attempts = 0;
do
{
$path = $dir.DIRECTORY_SEPARATOR.$prefix.mt_rand(100000, mt_getrandmax()).$postfix;
$fp = #fopen($path, 'x+');
} while (!$fp && $attempts++ < $maxAttempts);
if ($fp) fclose($fp);
return $path;
}
That 'p' at the end of the name stands for 'postfix'.
I prefer this solution:
$uid = uniqid('', true);
$path = sys_get_temp_dir() . "some_prefix_$uid.myextension";
Note: I do not put the prefix in uniqid because, IMHO, it's not its duty
Maybe using
move_uploaded_file($tmp_name, "$uploads_dir/$name.myextension");
See http://php.net/manual/en/function.move-uploaded-file.php#example-2209
Rename does it, find the extension with pathinfo and then replace with the extension you want.
$tmpfname = tempnam(sys_get_temp_dir(), 'FOO');
$newname = str_replace(pathinfo($tmpfname, PATHINFO_EXTENSION),'pdf',$tmpfname);
rename($tmpfname, $newname);
//do what you want with $newname
unlink($newname);
I've run into a typical problem here. Till now i was doing
strstr($filename,".");
$filename is the file i got from $_FILE i.e uploaded file.It was running fine until i hit a filename of the type i mentioned.
Even doing
pathinfo($filename);
gives me
.gz
I need to see whether it is EXACTLY
.tar.gz
Technically, pathinfo is correct: the one and only extension for that file is .gz. The fact that it has .tar in the name is as coincidental as the fact that it has 5.0.1 in it.
That doesn't make your interest in checking for .tar.gz files invalid, but it does raise the question: what specifically do you want to find?
The most direct solution to your specific question is: first look for the extension (via pathinfo or the strpos function) and then if it happens to be .gz look for the "extension" in the remaining filename (via the same technique).
$parts = pathinfo($filename);
$extension = $parts['extension'];
if ($extension == '.gz') {
$parts = pathinfo($parts['filename']);
$extension = $parts['extension'] . $extension;
}
The most simple way would be to check for the last 7 characters of the filename - this ensures that every file ends with .tar.gz:
if (substr($filename, -7) == '.tar.gz') {
// continue
}
And if you needed to parse 'this.is.a.very.long.file.name.with.lots.of.full.stops' then what part of that is the file extension? Relying on a particular part of a filename to convey semantic, machine readable information about the contents of the file is, at best dangerous.
It's not clear what the problem you are trying is - why do you need to know what the extension is?
C.
I just posted the following enhanced version of pathinfo() in comments over on PHP.net. This version groups all of the parts of the file extension in as the extension (e.g. "tar.gz" instead of just "gz"), leaving the rest as the filename:
<?php
function pathinfo_enhanced($file_path) {
$core_path_info = pathinfo($file_path);
$filename = $core_path_info['filename'];
if (isset($core_path_info['extension'])) {
$extension = $core_path_info['extension'];
} else {
$extension = '';
}
$extension_parts = array();
while (!empty($extension)) {
array_unshift($extension_parts, $extension);
$remaining_path_info = pathinfo($filename);
$filename = $remaining_path_info['filename'];
if (isset($remaining_path_info['extension'])) {
$extension = $remaining_path_info['extension'];
} else {
$extension = '';
}
}
$revised_path_info = array(
'filename' => $filename,
'extension' => implode('.', $extension_parts),
);
return array_merge($core_path_info, $revised_path_info);
}
Here are some examples you can run to show how it handles the different cases:
// Directory; two extensions
$path = '/www/htdocs/inc/file.tar.gz';
$info = pathinfo_enhanced($path);
echo "$path\n";
print_r($info);
echo "\n";
// Directory; one extension
$path = '/www/htdocs/inc/file.tgz';
$info = pathinfo_enhanced($path);
echo "$path\n";
print_r($info);
echo "\n";
// Directory; no extension
$path = '/www/htdocs/inc/lib';
$info = pathinfo_enhanced($path);
echo "$path\n";
print_r($info);
echo "\n";
// No directory; one extension
$path = 'test.php';
$info = pathinfo_enhanced($path);
echo "$path\n";
print_r($info);
echo "\n";
// No directory; dot file
$path = '.example';
$info = pathinfo_enhanced($path);
echo "$path\n";
print_r($info);
echo "\n";
// Directory only
$path = '/www/htdocs/inc/';
$info = pathinfo_enhanced($path);
echo "$path\n";
print_r($info);
echo "\n";
THIS is the answer:
strstr(pathinfo('asdasd/qweqwe/asdasd.tar.gz')['basename'], '.');
will return you '.tar.gz'
This should be a simple question, but I just can't recall the relevant API. A search on google with the term "combine directory name php" doesn't yield any results . So I guess I am doing both myself and the programming community a service by asking this question. this is now the top entry returned by Google and DDG!
How to combine directory and file name to form a full file path in PHP? Let's say the directory name is "D:\setup program", and the file name is "mj.txt". The method should return me, on Windows "D:\setup program\mj.txt". Of course the method should return the correct file path in Linux or other OS.
The related function in .Net is Path.Combine, but in PHP, I couldn't recall that, even though I must have seen it before.
$filepath = $path . DIRECTORY_SEPARATOR . $file;
Although in newer versions of PHP it doesn't matter which way the slashes go, so it is fine to always use forward slashes.
You can get a correct absolute path using realpath(), this will also remove things like extra unnecessary slashes and resolve references like ../. It will return false if the path is not valid.
I think the most clean and flexible way to do it would be using the join function plus the DIRECTORY_SEPARATOR constant:
$fullPath = join(DIRECTORY_SEPARATOR, array($directoryPath, $fileName));
All given answers don't encouter empty values in the $directoryPath and don't handle duplicates slashes. While it is true that PHP is very error tolerant the first point can be fatal and the second point shouldn't be ignored if you're writing clean code.
So the correct solution is:
function PathCombine($one, $other, $normalize = true) {
# normalize
if($normalize) {
$one = str_replace('/', DIRECTORY_SEPARATOR, $one);
$one = str_replace('\\', DIRECTORY_SEPARATOR, $one);
$other = str_replace('/', DIRECTORY_SEPARATOR, $other);
$other = str_replace('\\', DIRECTORY_SEPARATOR, $other);
}
# remove leading/trailing dir separators
if(!empty($one) && substr($one, -1)==DIRECTORY_SEPARATOR) $one = substr($one, 0, -1);
if(!empty($other) && substr($other, 0, 1)==DIRECTORY_SEPARATOR) $other = substr($other, 1);
# return combined path
if(empty($one)) {
return $other;
} elseif(empty($other)) {
return $one;
} else {
return $one.DIRECTORY_SEPARATOR.$other;
}
}
Only limitation is that the second parameter must not be an absolute path.
10 years later, but maybe this will help the next ones.
Here's what I've done to make it compatible with PHP 7.4+.
It works just like Path.Combine except that the \ or / at the beginning of the string will not exclude the previous arguments.
class Path
{
public static function combine (): string
{
$paths = func_get_args();
$paths = array_map(fn($path) => str_replace(["\\", "/"], DIRECTORY_SEPARATOR, $path), $paths);
$paths = array_map(fn($path) => self::trimPath($path), $paths);
return implode(DIRECTORY_SEPARATOR, $paths);
}
private static function trimPath(string $path): string
{
$path = trim($path);
$start = $path[0] === DIRECTORY_SEPARATOR ? 1 : 0;
$end = $path[strlen($path) - 1] === DIRECTORY_SEPARATOR ? -1 : strlen($path);
return substr($path, $start, $end);
}
}
Path::combine("C:\Program Files", "/Repository", "sub-repository/folder/", "file.txt");
//return "C:\Program Files\Repository\sub-repository\folder\file.txt"
Path::combine("C:\Program Files", "/Repository/", "\\sub-repository\\folder\\", "sub-folder", "file.txt");
//return "C:\Program Files\Repository\sub-repository\folder\sub-folder\file.txt"
Path::combine("C:\file.txt");
//return "C:\file.txt"
Path::combine();
//return ""
You can just concatenate it with the php constant DIRECTORY_SEPARATOR, or just use forward slashes. Windows probably won't mind =D
This is not exactly what you were looking for but it should get an array of path parts, then join the parts using DIRECTORY_SEPARATOR then split the joined parts using DIRECTORY_SEPARATOR and remove the empty path parts. It should return the remaining path parts joined by DIRECTORY_SEPARATOR.
function path_combine($paths) {
for ($i = 0; $i < count($paths); ++$i) {
$paths[$i] = trim($paths[$i]);
}
$dirty_paths = explode(DIRECTORY_SEPARATOR, join(DIRECTORY_SEPARATOR, $paths));
for ($i = 0; $i < count($dirty_paths); ++$i) {
$dirty_paths[$i] = trim($dirty_paths[$i]);
}
$unslashed_paths = array();
for ($i = 0; $i < count($dirty_paths); ++$i) {
$path = $dirty_paths[$i];
if (strlen($path) == 0) continue;
array_push($unslashed_paths, $path);
}
$first_not_empty_index = 0;
while(strlen($paths[$first_not_empty_index]) == 0) {
++$first_not_empty_index;
}
$starts_with_slash = $paths[$first_not_empty_index][0] == DIRECTORY_SEPARATOR;
return $starts_with_slash
? DIRECTORY_SEPARATOR . join(DIRECTORY_SEPARATOR, $unslashed_paths)
: join(DIRECTORY_SEPARATOR, $unslashed_paths);
}
Example usage:
$test = path_combine([' ', '/cosecheamo', 'pizze', '///// 4formaggi', 'GORGONZOLA']);
echo $test;
Will output:
/cosecheamo/pizze/4formaggi/GORGONZOLA
Try this function. I use this function to meet my own needs.
If you want to check the path, you must set $isReal to true
public static function path($base, $com = null, $isReal = false)
{
if(substr($base, -1)!=DIRECTORY_SEPARATOR) $base.=DIRECTORY_SEPARATOR;
if($com) $base.=$com;
$base = preg_replace('/(\/+|\\\\+)/', DIRECTORY_SEPARATOR, $base);
while(preg_match('/(\/[\w\s_-]+\/\.\.)/', $base)){
$base = preg_replace('/(\/[\w\s_-]+\/\.\.)/', "", $base);
if(preg_match('/\/\.\.\//', $base))
throw new \Exception("Error directory don't have parent folder!", 1);
}
if($isReal){
$base = realpath($base);
if(is_dir($base)) $base .= DIRECTORY_SEPARATOR;
}
return $base;
}
Example output:
var_dump(Combine::path("www///system", "Combine/../"));
// string(11) "www/system/"
var_dump(Combine::path("System", "Combine/../", true));
// string(40) "/home/snow/Desktop/localhost/www/System/"
var_dump(Combine::path("System", "Combine", true));
// string(48) "/home/snow/Desktop/localhost/www/System/Combine/"
var_dump(Combine::path("System", "Combine/notPath", true)); // if you try to create a path that does not exist
// bool(false)
var_dump(Combine::path("System", "Combine/class.Combine.php", true)); // you can also select a file
//string(65) "/home/snow/Desktop/localhost/www/System/Combine/class.Combine.php"
var_dump(Combine::path("/home/testuser\\badPath///////repair"));
// string(30) "/home/testuser/badPath/repair/"