I have a really weird problem. I'm using the CodeIgniter Upload Class for managing the upload of a simple jpg image. If I upload a file with extension .JPG, even if I set the property file_ext_tolower to TRUE, my file gets uploaded with the .JPG extension. Which is something that I don't want! Here is some code..
$this->load->library('upload');
$config['upload_path'] = './resources/img/content';
$config['allowed_types'] = 'jpg';
$config['overwrite'] = FALSE;
$config['file_ext_tolower'] = TRUE;
$config['remove_spaces'] = TRUE;
$this->upload->initialize($config, true);
if ( ! $this->upload->do_upload('cover')) {
$this->session->set_flashdata('message','Cover: ' . $this->upload->display_errors());
redirect('admin');
break;
} else {
// Whatever
}
Problem is, this doesn't run even on localhost. It always goes ahead and uploads the file with the .JPG. I just cannot understand. I'm using CodeIgniter 3.1.0 on both the server and the localhost. Any thoughts? On the server I've also enabled the fileinfo extension in the php.ini.
Another thing that this brings is that..if I have a file named myfile.JPG and myfile.jpg, CodeIgniter isn't able to see that they're the same file..which is ultimately what would be likely it does if only file_ext_tolower was working properly.
On server, myfile.JPG gets saved as myfile.JPG. I think that, when file_ext_tolower is set to TRUE, it should save as myfile.jpg...and eventually, before doing that, actually search for another file with this name..if file with this name is already on the server, it should follow the overwrite setting: either overwrite it or rename with a progressive number.
I have solution for you :)
Create file: application/libraries/MY_Upload.php
<?php
class MY_Upload extends CI_Upload
{
/**
* Force filename to lowercase
*
* #var string
*/
public $file_name_tolower = FALSE;
function _prep_filename($filename)
{
if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR ($ext_pos = strrpos($filename, '.')) === FALSE)
{
return $filename;
}
$ext = substr($filename, $ext_pos);
$filename = substr($filename, 0, $ext_pos);
//change ext tolower
$filename = ($this->file_name_tolower)?strtolower($filename):$filename;
//change ext tolower
$ext = ($this->file_ext_tolower)?strtolower($ext):$ext;
return str_replace('.', '_', $filename).$ext;
}
}
I modyfication file_ext_tolower and add file_name_tolower
Example for file: coVEr.JPG
...
$config['file_ext_tolower'] = TRUE;
$config['file_name_tolower'] = TRUE;
...
Result: cover.jpg
...
$config['file_ext_tolower'] = TRUE;
$config['file_name_tolower'] = FALSE;
...
Result: coVEr.jpg
...
$config['file_ext_tolower'] = FALSE;
$config['file_name_tolower'] = TRUE;
...
Result: cover.JPG
...
$config['file_ext_tolower'] = FALSE;
$config['file_name_tolower'] = FALSE;
...
Result: coVEr.JPG
I have the same problem. It is silly mistake, no matter how much code i edit on this file also no effect on result. So I start guess I refer to wrong file :
maybe member-site file but I edit admin-site file.
maybe order-model file but I edit invoice-model file.
After echo "alert("abc");" to find the correct file, then i edit the code then finally I get the result output perfectly.
Related
I've been trying to figure it out for a while now and can't seem to find any solution posted anywhere before. I want to allow almost all file types excluding some in codeigniter controller method. Here's my code:
function checkFileType($ext){
if(in_array($ext, array('ade','adp','bat','chm','cmd','com','cpl','dll','dmg','exe','hta','ins','isp','jar','js','jse','lib','lnk','mde','msc','msi','msp','mst','nsh','pif','scr','sct','shb','sys','vb','vbe','vbs','vxd','wsc','wsf','wsh')))
return '';
else
return $ext;
}
/* Upload files */
public function store_files(){
$data='';
$userdir = 'uploads/files/'.$this->getCategory().$this->getID();
$this->load->library('upload');
if (!file_exists($userdir)) {
mkdir($userdir, 0777, true);
}
$file = $_FILES['userfile']['name'];
$ext = substr(strrchr($file, '.'), 1);
$config = array(
'upload_path'=>$userdir,
'allowed_types'=>checkFileType($ext),
'max_width'=>0,
'max_height'=>0,
'max_size'=>0,
'encrypt_name'=>TRUE,
'file_ext_tolower'=>TRUE,
);
$this->upload->initialize($config);
if ( ! $this->upload->do_upload('userfile')) {
print_r($this->upload->display_errors());
} else {
foreach($this->upload->data() as $key=>$value){
if($value)
$data.= '<b>'.$key.'</b> : '.$value.'<br><br>';
}
echo $data;
}
}
Note:
On echoing $ext in the store_files() function, it shows the correct extension as string.
I'm trying to allow all extension types except those that match in the checkFileType() method.
If I manually specify the file extensions in the order (gif|png|pdf|pptx...) it works fine, but I can't seem to make use of '*' either because it allows all file extensions including the ones I want to block.
I am trying to upload a .qif file in php codeigniter but it returns an error
The filetype you are attempting to upload is not allowed.
When I try to upload another type file (PDF, CSV, docs, etc.) they upload successfully.
Here is my code:
function do_upload($field_name, $files, $folder_path,$save_name="",$prefix="bk_"){
$ci = & get_instance();
//create upload folder if not exists
if (!is_dir($folder_path)) {
mkdir($folder_path, 0777, TRUE);
}
$save_name = $prefix.time()."_".$files['name'];
$data = array();
$config = array();
$config['upload_path'] = $folder_path;
//$config['max_size'] = 0;
$config['allowed_types'] = 'csv|CSV|txt|TXT|pdf|PDF|zip|ZIP|doc|DOC|docx|DOCX|xlsx|xls|XLS|XLSX|QIF|qif';
$config['file_name'] = $save_name;
$ci->load->library('upload');
$ci->upload->initialize($config);
// echo "hello 1"; die;
if ($ci->upload->do_upload($field_name)){
$data = $ci->upload->data();
$data['status'] = 1;
}
else{
$data['status'] = 0;
$data['error'] = $ci->upload->display_errors();
}
return $data;
}
You get the "filetype is not allowed" error, because the original Codeigniter mime-type configuration file doesn't list an qif entry:
in your config/mimes.php file add to the $mimes array this line:
'qif' => 'application/qif'
and eventually
'qif' => 'image/x-quicktime'
mime-type source: http://fileformats.archiveteam.org/wiki/Ext:qif
the native php move_uploaded_file method without checking for mime-types can turn into a security problem
I got a solution after lot of searches
I just use move_uploaded_file function and it's work
move_uploaded_file($_FILES["file"]["tmp_name"], $path);
if someone have a better answer answer please share that.
thanks
In a larger project, have a form which uploads 2 files. I am using codeigniter as the framework. After the form upload it should send these 2 files as an email.
In order to attach it to an email, we should have a local copy of the file. Hence I move the files to a temporary folder and use the naming convention of [session-id]_my_file_1 and [session-id]_my_file_2
Finally after sending out the email I try to delete the these temporary files. But unlink is not deleting these files. I donot know the reason for this.
My guess is: It may be still being used by the mail command to upload/send. Below are the code outline I have written.
$config['upload_path'] = './tmp_holder/';
$config['allowed_types'] = 'doc|docx|pdf|rtf';
$config['max_size'] = '10240';
$config['file_name'] = $this->session->userdata('session_id').'_1';
$config['overwrite'] = TRUE;
$config2['upload_path'] = './tmp_holder/';
$config2['allowed_types'] = 'doc|docx|pdf|rtf';
$config2['max_size'] = '10240';
$config2['file_name'] = $this->session->userdata('session_id').'_2';
$config2['overwrite'] = TRUE;
$this->load->library('upload',$config);
if ($this->form_validation->run() == FALSE)
{
$this->load->view('init_app_form');
}
else
{
if($this->upload->do_upload('cvFile') === FALSE) {
$this->load->view('init_app_form');
}
else {
$file1Return = $this->upload->data();
$this->upload->initialize($config2);
if($this->upload->do_upload('researchFile') === FALSE) {
$this->load->view('init_app_form');
}
else {
//process data here
$file2Return = $this->upload->data();
$this->config->load('email');
$this->email->initialize($this->config->item('email_conf'));
$this->email->from($this->config->item('email_from'), $this->input->post('tname').' '.$this->input->post('fname').' '.$this->input->post('lname'));
$this->email->to($this->config->item('email_to'));
$this->email->subject('something');
$this->email->message('something');
$this->email->attach($file1Return['full_path']);
$this->email->attach($file2Return['full_path']);
if( $this->email->send() == false ) {
//error
echo $this->email->print_debugger(); exit;
}
$this->email->clear();
////////////////////////////////
#unlink($this->session->userdata('session_id').'_2');
////////////////////////////////
$this->load->view('init_app_success');
}
////////////////////////////////
#unlink($this->session->userdata('session_id').'_1');
////////////////////////////////
}
}
The Solution I did was to delete the files in the temp folder before I do this so that previous files are cleared. But this is not a clean approach right? This is because:
It may be trying deleting other files currently being used by other parallel instances
I want the tmp folder to be empty after I send itself.
Its better to use file_helper which is in code igniter.
$this->load->helper("file");
delete_files($this->session->userdata('session_id').'_1');
here is documentation for this
I am having a spot of trouble with Codeigniter and getting files to rename within the upload process from the Upload Library it has to offer. Now before anyone says it, I am not looking for "encrypted" file names.
My Problem is in uploading images you have a good handful of types you could be dealing with. So how does one change the file name using the file_name config option to a specific schema (which I already have the schema part up and working). But maintain the same file type?
Right now I am attempting
$upload_config['file_name'] = $generated_filename_from_schema
Only problem is $generated_filename_from_schema doesnt have a file extension, and leaving the file extension out of the equation CI seems to ignore it altogether and just takes the file and append_1, _2, _3 as it goes up if the files have the same name, otherwise it just leaves the name intact.
Now I have to pass the $config to CI so it will upload the file, but how can I determin what kind of file I am working with before it trys to upload so I can use my name generation schema.
*edit*
$upload_config['upload_path'] = realpath(APPPATH.'../images/');
$upload_config['allowed_types'] = 'gif|jpg|png';
$upload_config['max_size'] = 0;
$upload_config['max_width'] = 0;
$upload_config['max_height'] = 0;
$upload_config['remove_spaces'] = true;
$upload_config['file_name'] = $this->genfunc->genFileName($uid);
if($this->input->post('uploads'))
{
$this->load->library('upload');
$this->upload->initialize($upload_config);
if (!$this->upload->do_upload())
{
//echo 'error';
echo $config['upload_path'];
$this->data['errors'] = $this->upload->display_errors();
}
else
{
//echo 'uploaded';
$this->data['upload_data'] = $this->upload->data();
}
}
You can use $_FILES array to get original name of file.
Extract extension of original file.Then, append to your new file name.
Try as below
$ext = end(explode(".", $_FILES[$input_file_field_name]['name']));
$upload_config['file_name'] = $this->genfunc->genFileName($uid).'.'.$ext;
Personally, I find CodeIgniter's file uploading class to be somewhat cumbersome. If you want a vanilla PHP solution:
function submit_image(){
$f = $_FILES['image'];
$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
$detectedType = exif_imagetype($f['tmp_name']);
if(in_array($detectedType, $allowedTypes)){
$pi = pathinfo($f['name']);
$ext = $pi['extension'];
$target = $this->genfunc->genFileName($uid) "." . $ext;
if(move_uploaded_file($f['tmp_name'], $target)){
/*success*/
}
else {/*couldn't save the file (perhaps permission error?*/}
}
else {/*invalid file type*/}
}
I'm using the following CodeIgniter function to upload files which works fine:
function uploadFiles(){
$this->load->library('upload');
$error = 0;
$projectName = $_POST['projectname'];
$projectID = $_POST['maxid'];
$folderName = $this->config->item('upload_dest')."/".$projectName."_".$projectID;
if(!file_exists ($folderName)){
$aa = mkdir($folderName);
}
$config['upload_path'] = $folderName;
$config['allowed_types'] = 'xml';
//$config['allowed_types'] = '*';
$config['max_size'] = '0';
$config['overwrite'] = TRUE;
$this->upload->initialize($config);
for($i=0; $i<count($_FILES['files']['name']); $i++)
{
$_FILES['userfile']['name'] = $_FILES['files']['name'][$i];
$_FILES['userfile']['type'] = $_FILES['files']['type'][$i];
$_FILES['userfile']['tmp_name'] = $_FILES['files']['tmp_name'][$i];
$_FILES['userfile']['error'] = $_FILES['files']['error'][$i];
$_FILES['userfile']['size'] = $_FILES['files']['size'][$i];
if($this->upload->do_upload())
{
$error += 0;
}else{
$error += 1;
}
}
if($error > 0){
$this->upload->display_errors();
return FALSE;
}
else{
return TRUE;
}
}
What I need to do is - check to make sure that at least one of the files which are being uploaded is named "etl". If there's no such a file in the file list the user chosen - stop the action, don't upload anything and return a form validation error. Could anybody advise over this?
Thanks.
Firstly, from php there is no way to get the name of the file(s) before uploading, you must upload to get the properties of the file. So, the options available are:
(1) Allow the files to be uploaded, then get the names and check if any contains "etl". If non contains what you are looking for, then delete the just uploaded files, and set a custom error message yourself.
This approach have a very large overhead cost of allowing you to first upload what is not need, then deleting it. Very poor but solves the problem.
(2) On the otherhand, is the javascript solution. Give the upload fields a common class name
e.g "userfile1", "userfile2", .......
then from your javascript and using jquery, intercept the submission of the form, then use a for loop to get the values of each of the file upload field, from which you can get the full name and extension of the file and then do your "etl" comparison.
i.e
<script type="text/javascript" >
$("#formname").submit(function(){
$(".classname").each(function(){
if($(this).val().indexOf("etl") != -1 ){
return true;
}
});
/*
*whatever makes it finish executing that loop and the execution of code gets
*to this point, then the string "etl" was not found in any of the names.
*/
// write a piece of code to show an hidden error field
$("#hidden_error_div").text("Your error message").show();
return false; //makes sure the form is not submitted.
});
</script>
Hope this helps.
Oyekunmi gives a good javascript solution to intercept before it actually gets to the server. As Oyekunmi points out, once it gets there, it gets there as a package, so you could then store and process it in a temporary directory, eval each file there and process accordingly.