[FAQ] How do I upload a file to a directory ?

[mdshare]

The following outlines all the necessary steps needed to upload a file to the server, and then relocate the file to another directory.

Also see the FAQ on permissions at:

http://criminalexistence.com/ceforums/i ... ic=18419.0

Permissions must be set on the destination directory before this method will work.

Basically only two fields are required to upload a file, a 'file' input field, and a 'MAX_FILE_SIZE' hidden field. This is required, and will prevent the user from trying to upload a file that is too large on the client-side. This can be easily circumvented by the user and should be accompanied by server-side file validation. It accepts a file size in Bytes, I have set this to accept a file of 10000 bytes, or roughly 10KB. One attribute *must* also appear in the form tag to trigger the browser to upload data, and that is: enctype='multipart/form-data'.

The following should be pretty straight forward:

 

<?php
   //upload2dir.php

       echo "<html>\n",
            "    <head>\n",
            "        <title>UPLOAD TO A DIRECTORY</title>\n",
            "    </head>\n",
            "    <body>\n";

   if (!isset($_POST['do_action']))
   {

       echo "        <form action='{$_SERVER['PHP_SELF']}' method='post' enctype='multipart/form-data'>\n",
            "            <input type='file' name='userfile' />\n",
            "            <input type='hidden' name='MAX_FILE_SIZE' value='10000' />\n",
            "            <input type='submit' name='do_action' value='Upload' />\n",
            "        </form>\n";
   }
   else
   {
       // You may also use if (is_uploaded_file($_FILES['userfile']['tmp_name']))
       // IMO using if isset is an identical test

       if (isset($_FILES['userfile']['tmp_name']))
       {
           // In this line I'm examining the file size and the MIME type of the file
           // to verify that the file is in the acceptable size range and is a jpeg
           // image.  MIME type testing isn't foolproof, it is possible to spoof this.
           // The size testing, however, is not spoofable.

           if (($_FILES['userfile']['size'] <= 10000) && ($_FILES['userfile']['type'] == 'image/jpeg' || $_FILES['userfile']['type'] == 'image/pjpeg'))
           {
               // Give the file a new name to prevent one user from overwriting files 
               // uploaded by another. mktime(), which creates a UNIX timestamp in 
               // addition to the user name is good for this.

               $new_file_name = mktime().'.jpg';

               // $_SERVER['DOCUMENT_ROOT'] will provide an absolute path to the base directory
               // fill in the rest of the path from there, if necessary.
               // echo the value of $_SERVER['DOCUMENT_ROOT'] to do this!

               $file_path     = '/images/users/'.$new_file_name;

               if (move_uploaded_file($_FILES['userfile']['tmp_name'], $_SERVER['DOCUMENT_ROOT'].$file_path))
               {
                   echo "Upload successful!

\n";
                   echo 'File: '.$_FILES['userfile']['name'].' ('.$_FILES['userfile']['size'].") Bytes
\n";
                   echo "Renamed: $new_file_name
\n";
               }
               else
               {
                   echo 'Upload failed: There was likely a permissions error.';
               }
           }
           else
           {
               echo 'Upload failed: File must be a JPEG file type and 10KB or less in size';
           }
       }
       else
       {
           echo 'Upload failed: A valid file has not been uploaded!';
       }
   }

       echo "    </body>\n",
            "</html>";
?>

 

Also have a look at:

http://www.php.net/manual/en/features.f ... ost-method

Which explains the $_FILES superglobal and the information available in it.