I am building a php application.
I can easily upload an image or any other type of data, but not a .jar. Below my code:
Upload.php
<form action="getfile.php" method="post" name="uploadForm" id="uploadForm" enctype="multipart/form-data" ><br>
<?php echo gettext("Image "); ?>
<input name="imagen" value="" type="file" id="imagen" />
<?php echo gettext("Jar "); ?>
<input name="jarFile" value="" type="file" id="jarFile" />
</form>
getfile.php
$fileName = $_FILES['jar']['name'];
$fileType = $_FILES['jar']['type'];
//Check the extension
if (!strpos($fileType, "jar") ) {
echo gettext("The simulation must be jar extension. Try again.");
}else{
if (move_uploaded_file($_FILES['jar']['tmp_name'], $path)){
echo gettext("Simulation stored succesfully.");
}else{
echo gettext("Something happened. Try again. ");
}
}
For images I am following the same aproach, but when I try to upload a jar file, I am always getting the error
The simulation must be jar extension. Try again
and $fileType is empty. Is there some restriction at this point? Am I missing something??
Thanks in advance
The type property is unreliable (and populated by the browser). Your best bet is to retrieve the MIME file type:
$fhandle = finfo_open(FILEINFO_MIME);
$mime_type = finfo_file($fhandle, $_FILES['jar']['tmp_name']);
The $mime_type should be application/java-archive.
PHP >= 5.3.0
Related
I have server running on PHP with file uploading script which I have typed in index.php. I want to upload the image file from designated path to server automatically.
PHP code:
<?php
if(isset($_POST['submit'])){
if(isset($_FILES['file'])){
$err=array();
$f_name=$_FILES['file']['name'];
//echo $f_name;
$size=$_FILES['file']['size'];
$type=$_FILES['file']['type'];
$file_tmp =$_FILES['file']['tmp_name'];
echo $file_tmp;
$file_ext=strtolower(end(explode('.',$_FILES['file']['name'])));
$allowed_ext= array('jpg','jpeg','png');
if(in_array($file_ext,$allowed_ext)==FALSE){
$err[]="extension not allowed";
}
if($size > 1000000){
$err[]='size is greater than 1MB';
}
if(empty($err)==TRUE){
//chmod('upload_image',755);
echo $_FILES['file']['tmp_name'];
$newname = dirname(__FILE__).'/upload_image/'.$f_name;
move_uploaded_file($_FILES['file']['tmp_name'],$newname);
echo 'success';
}
else{
print_r($err);
}
}
}
?>
<hr>
<form action="upload.php" method="post" enctype="multipart/form-data">
Upload your file here:<br>
<input type="file" name="file" />
<input type="submit" name="submit" value="submit"/>
</form>
Now I am trying to automate the form submission using a python script, something like:
def upload_file(path):
url='http://localhost/phptestprogram/upload.php'
files = {file: open(path,'rb')}
r = requests.post(url, files=files)
print r.text
but I am not able achieve my result.
Your php script is checking for isset($_POST['submit']) before it processes the file, but your python does not appear to be setting the post variable submit. You probably need to do something similar to:
r = requests.post(url, data = {"submit": "submit"}, files = files)
I am writing an app from which user will upload files on the server. I have found a php script from internet but I don't know how am I going to tell the script where to upload the data. This might be a silly question but I am no PHP programmer. I am using this php script in my java code.
Here is the script.
<?php
$filename="abc.xyz";
$fileData=file_get_contents('php://input');
echo("Done uploading");
?>
Regards
This is a terrible way of uploading files, you are much better off using a form and the $_FILES superglobal.
Take a look at the W3Schools PHP File Upload Tutorial; please read all of it. For further reading take a look at the PHP Manual pages on file upload.
The file input type will create the upload box in the html form:
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
After error checking and validating that the file is what you are expecting (very important: allowing users to upload anything to your server is a huge security risk), you can move the uploaded file to your final destination on the server in PHP.
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/abc.xyz");
The filename is actualy the file path along with the name of the new file, set the path there and a file will be created with write permissions.
Make sure you give the servers full path not the relative one and that you have the required permission to create a file there.
Always refer to the PHP Manual
Here's a basic example to get you started:
HTML:
<html>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name="uploaded_file" type="file" />
<input type="submit" value="Upload" />
</form>
</body>
</html>
PHP:
<?php
//Сheck that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {
//Check if the file is JPEG image and it's size is less than 350Kb
$filename = basename($_FILES['uploaded_file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") &&
($_FILES["uploaded_file"]["size"] < 350000)) {
//Determine the path to which we want to save this file
$newname = dirname(__FILE__).'/upload/'.$filename;
//Check if the file with the same name is already exists on the server
if (!file_exists($newname)) {
//Attempt to move the uploaded file to it's new place
if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
echo "It's done! The file has been saved as: ".$newname;
} else {
echo "Error: A problem occurred during file upload!";
}
} else {
echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
}
} else {
echo "Error: Only .jpg images under 350Kb are accepted for upload";
}
} else {
echo "Error: No file uploaded";
}
?>
Refer to the documention for more information.
Hope this helps!
htm code :
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
Movie :<br />
<input name="fileField" type="file" size="30" /><br />
<input name="submit" type="submit" class="submit" value="Send" />
</form>
php code :
if ($_FILES['fileField']['tmp_name'] !=""){
$fileName = $_FILES["fileField"]["name"];
$fileType = $_FILES["fileField"]["type"];
$fileTmpLoc = $_FILES["fileField"]["tmp_name"];
$fileName = preg_replace('#[^a-z.0-9]#i', '', $fileName);
move_uploaded_file($fileTmpLoc, '../upload/video.flv');
}
this code not work for VIDEO file but work correct for other file ( jpeg , mp3 , png and ,,, )
Perhaps change your directory to
move_uploaded_file($fileTmpLoc, '../upload/ ');
this problem from php setting
php set to Max 2MB size for upload
You have absolutely no error handling on the code, meaning you have no way of telling when an upload failed. Add:
if ($_FILES['fileField']['error'] !== UPLOAD_ERR_OK) {
die("Upload failed with error " . $_FILES['fileField']['error']);
}
as some bare-minimum error handling. The error codes are defined here: http://php.net/manual/en/features.file-upload.errors.php. Checking for the absence of a 'tmp_name' is NOT a proper check.
Below is my code where the user can upload a file. What I want to know is that is there a way so that via server side is there a way to first of all restrict the file formats of the files to jpeg and png only and then when the user clicks on the submit button, if the file format is correct then display an alert on the same page stating "File is correct" else display an alert stating "File is incorrect".
Can somebody please provide coding if they know how to do this. Thank you and any help will be much appreciated :)
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
A code for a total check of file uploads, you'll have to change $allowedtypes though. (Copied instead of linking because it was from a non-English site)
<?php
if(isset($_POST["submit"])){
$allowedtypes=array("jpg"=>true,"png"=>true,"gif"=>true,"txt"=>true);
$filename = $_FILES['file1']['name'];
$source = $_FILES['file1']['tmp_name'];
$file_size=$_FILES['file1']['size'];
$saveloc = "uploads/" . $filename;
$maxfilesize=1024*1024*10;
$nameext=explode(".",$filename);
if(preg_match('/^[A-Za-z0-9\-\_]{1,}\.[a-zA-Z0-9]{0,4}$/',$filename)){
if(!empty($allowedtypes[strtolower($nameext[1])]) && $allowedtypes[strtolower($nameext[1])]===true){
if($file_size<=$maxfilesize){
if(!file_exists($saveloc)){
if(move_uploaded_file($source, $saveloc)) {
chmod($saveloc,644);
echo "Successful upload. <a href='".$saveloc."'>Fájl megtekintése</a>";
}
else echo "Cannot move";
}
else echo "Existing file";
}
else echo "Too big file";
}
else echo "Not allowed extension";
}
else echo "Only alphanumeric files allowed";
}
else echo "<form method='post' enctype='multipart/form-data' action='secureupload.php'> File: <input type='file' name='file1' /><br /><input
name='MAX_FILE_SIZE' type='hidden' value='10485760' /> <input type='submit' value='Upload' name='submit' /></form>";
?>
You are talking about server side handler and write 'alert'...khm...
If u want to do stuff via server-side, then use php handler
http://php.net/manual/en/features.file-upload.post-method.php
If u want to do stuff via client-side, use javascript events, e.g on change event
<script>
function check() {
var file = document.getElementById('file').value;
var temp = file.split(/\.+/).pop();
alert(temp);
}
</script>
<input type="file" name="file" id="file" onchange="check();" />
You have file extension in temp var.
There are PHP functions to do this. You want to look at mime_content_type and finfo_file. These are built-in PHP commands that allow you to interpret that actual file type of a file being uploaded. You can then filter the mime types to only .gif/.jpg/etc. You want to check the mime types over the file name because the file name can be changed to mask the actual file type. If you want code samples, there are plenty on those pages as well as some excellent user-provided alternatives.
Something like this at the top of your file should work:
<?php
foreach ($_FILES as $file)
{
$tmp = explode(".", $file["tmp_name"]);
if (!in_array($tmp[count($tmp)-1], array("jpeg", "png"), true))
die("<script>alert('File is incorrect');</script>");
}
echo "<script>alert('File is correct');</script>";
?>
I would like to have the user upload a pdf to a folder on my website. (note:this is for learning purposes, so security is not necessary) The code I have below does not do echo a response when submitted. The folder I would like to have the pdf uploaded to is in the same directory as the php script, is it possible I'm incorrectly referencing that folder? I appreciate it.
<form method = "POST" action = "<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data" method="post">
Email:<br /> <input type = "text" name="email" value=""/><br />
Resume:<br /><input type = "file" name="resume" value=""/><br />
<p><input type="submit" name ="submit" value="Submit Resume" /></p>
</form>
if(isset($_POST['submit']))
{
define ("FILEREPOSITORY","./resume/");
if (is_uploaded_file($_FILES['resume']['tmp_name'])) {
if ($_FILES['resume']['type'] != "application/pdf") {
echo "<p>Resume must be in PDF Format.</p>";
}
}else {
$name = $_POST['email'];
$result = move_uploaded_file($_FILES['resume']['tmp_name'], FILEREPOSITORY."/$name.pdf");
if ($result == 1) {
echo "<p>File successfully uploaded.</p>";
}
else {
echo "<p>There was a problem uploading the file.</p>";
}
}
}
You have a logical error. Your else statement should be part of the inner if statement -- not the outer one.
would suggest you check the permissions for the upload folder and the max size for file uploading in your php.ini... its happened to me many times uploading a file exceeding the limits and not getting an error message.. also the logic of your if else doesn't match as suggested by your previous post..
IT would be of great help to give the error you receive.
move_uploaded_file()
only works if you have the rights to write to the destination folder.