This is an experiment for a proof of concept. I created a VPS where I have a simple upload form and PHP form processor script. The point of this is to test an iOS and Android app we are developing. This question is not about security or efficiency (yet), just functionality. I need to modify the PHP below to receive an image using POST without the aid of an HTML FORM. We are currently POSTing to Dropbox and Google Drive no problem. We are now looking into what it would take to store images on our own servers, we just need to formulate a proof of concept to receive this image with PHP that was submitted with POST.
With that out of the way; I want to send an image to a server from a mobile device over the only upload method available without additional libraries - HTTP. Using FTP or SSH requires additional code and we're trying to keep it light. So I was going to send an image with HTTP POST which I am pulling off with an HTML FORM currently. However, I need to formulate a POST that sends only an image - no other variables. This is my current HTML form:
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="__URL__" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
This is my processor PHP:
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Potential error.\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
Works perfectly over a browser, no problems. Now I need to modify the PHP portion to allow a POST over URL - essentially dropping the use of an HTML form. It would be great to distinguish the files uploaded by using the name of the file I am sending or I can provide that variable from my app. Any guidance would be appreciated.
Reference: http://php.net/manual/en/features.file-upload.post-method.php
You don't need to modify your PHP. Just send file from your iOS/Android application as if it was sent by the form, i.e. using multipart/form-data encoding.
Or if you want to send it another way, explain how exactly you want it sent, there is no another standard way to send files "POST over URL".
Related
I can upload other file without error. But whenever I tried to upload rtf file in php it fails. My code it below:
if(isset($_POST['pid'])){
if($_FILES['uploadname']['name']==''){
//Failed
}else{
//upload the file
}
}
HTML form:
<form method="post" enctype="multipart/form-data">
<input type="file" accept=".csv,.doc,.pdf,.docx,.xls,.xlsx,.rtf,.txt, image/*"
name="uploadname" style="width:100%;">
<input type="hidden" name="pid" value="<?php echo $id; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max; ?>">
</form>
$max = 62914560 bytes
I got undefined index uploadname
The server log:
PHP Warning: POST Content-Length of 24783980 bytes exceeds the limit
of 8388608 bytes in Unknown on line 0
I upload the same file (resaved as doc format using msword) without problem. But when it comes to rtf it fails. I can upload other files like doc, docx, xls, xlsx, pdf, txt and all image files without problem.
What could be the problem. I am using php 7.1.19 Thanks
See the documentation:
The MAX_FILE_SIZE hidden field (measured in bytes) must precede the file input field, and its value is the maximum filesize accepted by PHP. This form element should always be used as it saves users the trouble of waiting for a big file being transferred only to find that it was too large and the transfer failed. Keep in mind: fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. It is merely a convenience feature for users on the client side of the application.
You put that field after the file input, so it will be ignored.
The PHP settings (on the server side) for maximum-size, however, cannot be fooled.
… and it looks like your server-side configuration is set to a lower value anyway, so you need to increase that.
Check if your HTML form has enctype="multipart/form-data".
If your file input tag name is "uploadname".
I´ve a multipart form with a mixture of default inputs (text, select etc.) and a file upload (<input type="file">).
I´m using a combination of form validation class and upload library of Codeigniter for form submission. That works great.
I´ve only one problem for what I haven´t found a solution yet: If the user selects an image but misses to fill another required field (like "name"), then the form validation class blocks the request and shows an error message to the customer.
But now I´ve the problem, that the image was already submitted successfully and I don´t want to let the user add the file again. So I want to pre-fill the file input with this data.
I´ve tried different things like:
<input type="file" name="image" value="<?php echo set_value('image','');?>" />
and also spent time on finding a solution on the web but without success.
On the server side, you do not get any information about where the file is located on the client's computer, so in the scenario of a user uploading an image successfully but the user hasn't filled out the rest of the fields properly, you have to simply omit the input type="file" field entirely but keep a store of where the file is located on your server. There's a few ways to go about this, but it all involves taking the absolute location of the uploaded file and:
Inserting it back as a hidden value using <input type="hidden" name="uploadedFile" value="<?php echo $absPath; ?>" /> then checking for the existence of $_POST['uploadedFile'] and utilizing it appropriately. But this isn't a solid idea as you're now exposing server paths to the end-user (opens yourself up to malicious attack.)
Starting a session and saving the absolute path in the $_SESSION variable while presenting the user with a simple token in their re-attempt form.
I'd stick with method 2, so assuming you've done all the work to validate the form and upload the file and your file is located in $absFilePath, you could do the following:
session_start(); // This needs to be at the very top of you PHP file
// ...
$formToken = md5(time());
$_SESSION['uploadedFile'][$formToken] = $absFilePath;
Then render the token as a hidden variable using:
if (!empty($_SESSION['uploadedFile'][$formToken]))
echo '<input type="hidden" name="formToken" value="'.$formToken.'" />';
and hide the file upload portion using
if (empty($_SESSION['uploadedFile'][$formToken]))
echo // <input type="file" output here...
finally inside of your form submission code check for the existence of a formToken value before attempting to load $_FILES['image'] using isset($_POST['formToken']), and handle it using:
$absFilePath = $_SESSION['uploadedFile'][$_POST['formToken']];
Bam! Now you have your absolute file path as if the file had been uploaded just like before.
Since you haven't given enough code, I can only given you enough instruction to get you started, but this should be more than enough.
Below Code is working fine for a .TXT file, but when I am selecting any .PDF file, it does not copies it to the destination path, Could someone please suggest me what should be the problem.
THE HTML code and PHP code as follows:
<form enctype="multipart/form-data" action="upload.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
<?php
$uploaddir = 'C:\xampp\htdocs\upload\\';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo $uploadfile;
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
Error number 2, given by the $_FILES array, represents UPLOAD_ERR_FORM_SIZE. From the PHP manual:
The uploaded file exceeds the MAX_FILE_SIZE directive that was
specified in the HTML form.
In your HTML you have a hidden form field named MAX_FILE_SIZE. The field value represents the maximum file size of the uploaded file in bytes.
Either adjust the value of the field or remove it. I believe the field was a try from the PHP developers to implement client side browser check for the file size, stopping users from uploading too big files. However to date there is still no browser that enforces the value of that field.
How big is your PDF file?
You may be reaching your web servers in-built MAX_FILE size (which I know you can change if using Apache).
Check your web server configuration.
I am trying to make simple script that would allow user to upload image to my database. I have problem with php fopen function.
I need to allow user upload any image file on his computer so path to the file is different every time.
<form method="POST">
<input type="file" name="img">
<input type="submit" value="uload">
</form>
This simple form is returning only string value of file and i need to open the file using fopen function that needs direct path to the file.
fopen($_POST["img"],"r");
This works only if file is in the same directory as php script.
So I am asking if there is a way how to find where the file is stored so i could open it using fopen function.
I would advice you first to have look to PHP manual about file uploads: http://www.php.net/manual/en/features.file-upload.post-method.php
Because such code may open security hall in your system. Generally speaking it is not recommended to directly execute users files before doing some check like virus scan, binary signature of the images, image validaty by trying to resize it, etc.. From performance perspective it is not recommended to save them in database. In addition if you choose to upload to a directory its permission should set proper.
I will copy here sample file upload code modified to your case from the PHP manual:
HTML Part:
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="YOUR_Upload_FILE.php" method="POST">
<!-- Name of input element determines name in $_FILES array -->
<input name="img" type="file" />
<input type="submit" value="Send File" />
</form>
PHP Part:
<?php
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['img']['name']);
//At this point you may like to check:
/*
1. Upload Errors in $_FILES
2. Do virus check.
3. Do binary check for the images type
4. Do size check for the image
5. Do actual image resize to confirm it is valid image.
*/
//After everything is safe, you move the temporary file to your permanent store.
echo '<pre>';
if (move_uploaded_file($_FILES['img']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
if ($_FILES["file"]["error"] == 0) {
fopen($_FILES["img"]["tmp_name"], 'r');
}
i have to generate jasper reports in my php website.
I want to know what all are needed to make this work. I was told that i needed php-java bridge. But i hope that is for the sole purpose of generating a .jrxml file.
I already have the jrxml file with me.
Now how can i call this file from my php code, for generating jasper report in pdf format ?
In case this file is located on your server you can open it using file_open from any php script.
EDIT: The easiest way to do it seems to be using something like the php-jasper-integration. This way you don't need to use a java-php bridge.
In case you do not have it onyour server but client side only you will need to upload it to your web site and treat this file as you need to using your website script.
Here is some example code to do it:
if(!isset($_FILES['userfile']['tmp_name'])){
// starte Session
//session_start(); // Headers sent out
?>
<form enctype="multipart/form-data" action="myscript.php" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="500000" />
<!-- Name of input element determines name in $_FILES array -->
Please upload a file.
<br>
<br>
<input name="userfile" type="file" />
<input type="submit" value="UPLOAD" />
</form>
<?php
}
else {
?>
if ($_FILES['userfile']['tmp_name'] == '') die ('No file submitted!');
$target = "uploaded/";
$target = $target . basename( $_FILES['userfile']['name']) ;
$ok=1;
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['userfile']['name']). " has been uploaded. Parsing will start soon. ";
}
else {
echo "Sorry, there was a problem uploading your file.<br>";
}
// now do what you need with your file in $_FILES['userfile']['tmp_name']
Well, i could get what i wanted by using PHP Jasper XML. It is opensource too.
Well jrxml is created with ireports and its executed with java, you need a server like tomcat. look for information of jru-php it will help you