I have that basic, well known multiple file upload form. Something like that...
<input type="file" multiple="multiple" name="something[]" />
Is there a way (preferable a hard coded option) to limit the number of files that user can select? By limit i mean strictly blocked, not just a warning if number is exceeded.
Thanks in advance. :)
You can implement a javascript solution to check the number of files that have been selected, which you can then use to forbid uploading to the server. There are really only going to be client-side solutions to this problem though, as there is really nothing stopping a user from posting these files to your php script anyway. You can specify a maximum upload size limit, but it isn't specific to the number of files that are being uploaded.
Your best bet is to implement some javascript checking, specifying a reasonable maximum upload size for your http server (or in PHP), and then ignoring any file uploaded if it exceeds your maximum count.
Read about the HTML5 File API here to restrict the count of selected files: http://dev.w3.org/2006/webapi/FileAPI/
Here is the php.ini docs which explain how to make a size limitation on uploads: http://php.net/manual/en/ini.core.php
As was suggested in the comments, check out: http://php.net/manual/en/ini.core.php#ini.max-file-uploads
we all know that in an array first element is stored in 0 th index, 2nd in 1st index......nth in (n-1)th index
now you cant take count($_FILES['something']) which will always return 5 since there are 5 keys in the array
now the question is what does $_FILES['something']['name'][0] contains? => name of first file uploaded
so check like
if(empty($_FILES['something']['name'][0]))
{
//checking whether a single file uploaded or not
//if enters here means no file uploaded
//so if you want you may put a check/validation here to make file
//upload a must in your website
}
if(isset($_FILES['something']['name'][5]))
{
//checking whether 6 files uploaded or not
//so here you can put a check/validation to restrict user from
//uploading more than 5 files
}
Pure Js alternatives that do that and much more:
FineUploader. Demo
bluimp's jQuery File Upload Plugin. Usage: jquery file upload restricting number of files
They are also available at https://cdnjs.com/
Some plugins seem to assist with this, such as: Uploadify (flash based). However I haven't used this one or others enough to know if they how restricting they can limit uploads.
More info on Uploadify Multiple Uploads.
Related
I want to have php script that uploads partial files. Like the first 1 MB of a very large file. Can this be done in PHP with a regular form upload? Like, it close off the connection after 1mb upload...
I've looked a lot of uploaders (html5/javascript/flash), and it seems some support 'chunking', and file size limits which sounds 1/2 of what I want.. but I'd of course somehow need to know that it's only a partial of a full file.
If you are open to using javascript you can read the file into a blob on the client (which is far quicker than uploading), cut out everything after the first 1mb, and send it to php via ajax. It wouldn't technically be a traditional php upload form, but it would seem like one to the user.
I'm making a real simple "backend" (PHP5) for two flash/air-applications. One of them will upload a photo, the backend will save it to a folder, and the second app will poll the backend for new photo's and show them.
I don't got any access to a database, so the backend has to be pure PHP5 and nothing more. That's why I chose to save the images to a folder (with a timestamp in their names) and use readdir() to get them back.
This all works like a charm. Nevertheless, I would really like to make sure the backend only returns photo's that are completely uploaded, preventing the second app to try to load an unfinished image. Are there any methods/tricks that I can use to validate a file?
You could check the filesize a couple hundred milliseconds apart and see if it changes:
$first = filesize($file);
// wait 100ms
usleep(100000);
$second = filesize($file);
if($first == $second) {
// file is no longer being actively uploaded
}
The usual trick for atomic filesystem operations is to write into a temporary file that is not matched by the reader (e.g. XXX.jpg.tmp) and once it's completely uploaded, rename it to it's target name. Renames on the same volume are atomic, so there is no point where the file is either uncomplete or unavailable.
A really easy and common way to do so would be to create a trigger file based on the files name, so that you get something like
123.jpg
123.rdy
or
123.jpg
123.jpg.rdy
You create that file (just an empty stub) as soon as the upload is complete. The application that grabs files to load only cares about files with a trigger file and then processes those. Alternatively, you could also save the uploaded file as ie. 123.bsy or 123.jpg.bsy while it is still being uploaded and then rename it to the finale name 123.jpg after the upload is done. Since renames in the same directory are usually really cheap operations in term of processing time, the chances of running in a race condition should be pretty low. (This might or might now depend on the OS used, though ...)
If you need to keep the files in that place, you could, of course, use a database where you add a record for each file, as the upload is complete. The other app could then just provide files with a matching database record.
After writing this all down I figgered it out myself. What I did was adding the exact amount of bytes in the filename as well and validate that while outputting the list of images. The .tmp/.bsy-sollution is nice also, but I read it a bit to late :)
Upside to my solution is that no more renaming is required after the upload is done. Thanks everybody for your fast answers!
I can't figure out a good solution for limiting the storage amount a user may access with his files.
In the application users are allowed to upload a limit amount of files. The limitation is based on total file size. I.e. a user might be allowed to store 50 Mb on the server.
This number is stored in a database so that it can be easily increased/decreased.
The language used is PHP, but I guess the solution isn't depended on the scripting language.
Very sorry if the question is unclear. I don't really know what to ask for more than a strategy to implement.
Thanks!
Keeping track of how much space has been used should be straightforward - with each upload you could store the space used in another table. The PHP filesize() function will tell you the size of a file on disk. Use a SUM() SQL query to get the total size of all the files uploaded by each user, and compare it against their quota limit.
The tricky bit is when you're approaching the limit - you can't tell how big the file is going to be before it's uploaded. So you'll have to get the user to upload a file and then check its size and see if it takes them over quota. If the file's too big, delete and let the user know they're out of space.
A simple approach would be to store the filename, dates and sizes of a users uploads in the database too. Then you can easily reject an upload when it exceeds their total storage.
This also makes it easy to show a list of files sorted in a variety of ways, allowing a user close to their limit to select some files for removal.
You could even use the average size of the files the user uploads to warn them when they are getting close to using up all their space.
You can use a script (something like that) that iterates through a directory contents, calculates filesizes and then deletes files that don't fit or rejects new uploads. But I think that this better be done with some sort of directory restrictions on a server. Unfortunately, I'm not a linux guy, so I don't know exactly how to do that, but this post might be helpful.
Solution of drewm is good, I just want to add few words about tricky part he mentioned.
Yes, it is impossible to predict file size before file is uploaded, as you cannot check filesize using javascript on user`s file upload page. However you can do it using flash based file uploader (swfupload.org for example). By using it you can check files size before upload is started and check it against upload limit you have. This way you will save time for user (no need to upload file to get "limit exceed error" message).
As a bonus you can show user upload progress bar as well.
Don' forget about OS solutions. If the files are stored in a "user" specific directory, then you can use the OS to find the disk spaced used in that directory. A Linux solution would something like this:
$dirSize = explode("\t", `du -ks $userDir`); // Will return an array of size, dirName
if ($dirSize[0] > MAX_DIR_LIMIT) print "USER IS OVER QUOTA";
I'm building a site were users can upload images and then "use" them. What I would like is some thoughts and ideas about how to manage temporary uploads.
For example, a user uploads an image but decides not to do anything with it and just leaves the site. I have then either uploaded the file to the server, or loaded it to the server memory, but how do I know when the image can be removed? First, I thought of just having a temporary upload folder which is emptied periodically, but it feels like there must be something better?
BTW I'm using cakePHP and MySQL. Although images are stored on the server, only the location is stored in the dbb.
Save the information about file to MySQL, and save the last time the image was viewed - can be done via some script that would be altered everytime the image is being used.. and check the database for images not used for 30 days, delete them..
You could try to define a "session" in some way and give the user some information about it. For example, in SO, there is a popup when you started an answer but try to leave the site (and your answer would be lost). You could do the same and delete the uploaded image if the user proceeds. Of course, you can still use a timeout or some other rules (maximum image folder size etc.).
I'm not sure what does "temporary upload" mean in your app. The file is either uploaded or not, and under the ownership of a user. If a user doesn't want to do anything at the moment, you have no other choice but to leave the file where it is.
What you can do is put a warning somewhere on your image management page about unused images, but removing them yourself seems like a bad practice (at least from the user perspective).
As a user,When I upload the image to a server(assuming I want to use it later) and leave the site, I don't expect it to be deleted if I am a registered user.
I would prefer it to be there in my acct until I come back.I would suggest thinking in those lines and implementing a solution to save the users' images if possible.
Check the last accessed/modified time of file to see it if has been used.
I have a PHP form for uploading files and it works fine and displays an error message if something went wrong. This is all good.
The problem is when I test with a really big file, it just refreshes the page as if I hadn't sent a file at all, and none of the $_POST variables from the form are even sent to the server.
I want to display an error to the user, letting them know that the file is too big. However, I can't do this.
Does anyone know what is happening?
Check your PHP ini file, which governs how large a file PHP will allow to be uploaded. These variables are important:
max upload filesize (upload_max_filesize)
max post data size (post_max_size)
memory limit (memory_limit)
Any uploads outside these bounds will be ignored or errored-out, depending on your settings.
This section in the docs has the best summary: http://ca3.php.net/manual/en/features.file-upload.common-pitfalls.php
EDIT: Also note that most browsers won't send uploads over 2GB in size. This link is outdated, but gives an idea: http://www.motobit.com/help/scptutl/pa98.htm. Anyone have a better source of info on this?
There are also limits that can be imposed by the server, such as Apache: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody
To truly see what's going on, you should probably check your webserver logs, check the browser upload limit (if you're using firefox), and try seeing if print_r($_FILES) generates any useful error numbers. If all else fails, try the net traffic monitor in firebug. The key is to determine if the request is even going to the server, and if it is what the request (including headers) looks like. Once you've gotten that far in the chain, then you can go back and see how PHP is handling the upload.
Your $_POST is most likely empty because the upload exceeded the post_max_size directive:
From PHP's directives page:
If the size of post data is greater
than post_max_size, the $_POST
and $_FILES superglobals are empty.
This can be tracked in various ways,
e.g. by passing the $_GET variable to
the script processing the data, i.e.
<form
action="edit.php?processed=1">, and
then checking if $_GET['processed']
is set.
you can not know the size of the file that is being uploaded, until it gets fully uploaded. so if you want to determine the file size, and then show an error for large files, first you must have the file uploaded, then check the file size. inorder to have a large file uploaded, you should set 2 settings in your php configuration file, php.ini.
open it up and search for "upload_max_filesize" and set the value to maximum value you want. then you must set the maximum value for POST parameters, because uploaded files are recieved via HTTP POST method. find "post_max_size" and set it to a large value to.
apart form the options as the former users answered:
max upload filesize (upload_max_filesize)
max post data size (post_max_size)
memory limit (memory_limit)
there is also one, when the file is very large, or the line is busy, there need to much time to execute this operation, which will hit to ceil of the script execution limit.
max_execution_time
I would implement a simple script that does regular ajax calls to know how much of the upload has been done. You can then implement some sort of progress bar. There are a couple of examples on the net:
http://martinjansen.com/2007/04/28/file-upload-progress-bars-with-php/
max upload filesize (upload_max_filesize)
max post data size (post_max_size)
are the directives you need to set. I have tested it with multiple OS, browsers etc and these are the only two thing you need be worried about.