File upload

[Dan]

Hi,

I know this code is not entirely javascript, but bare with me. Can you
please tell me why this does not work:

page: filemanager.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
/>
<title>File Manager</title>
</head>
<? include("style.php"); ?>
<body>

<?
$file_name = $_POST['file'];
?>

<form id="uploadform" name="uploadform" enctype="multipart/form-data"
method="post" action="/filemanager.php">
<p align="center">Upload your file below:</p>
<p align="center">
<input type="file" name="file" id="file" />
<input name="submit" type="submit" id="submit" value="Upload File"
/>
</p>
</form>
<hr align="center" width="70%" />
<p align="center"><strong>Image Files:</strong></p>
<p align="center">
<?

include("uploadclass.php");

$upload_class = new Upload_Files;
$upload_class->temp_file_name = trim($_FILES['file']['tmp_name']);
$upload_class->file_name = trim(strtolower($_FILES['file']['name']));
$upload_class->upload_dir = "images/";
//Change the following to your needs:
//Log file directory (there must be a coresponding directory on the
server in order to work)
$upload_class->upload_log_dir = "logs/";
//Mmaximum file size in bytes. You may increase or decrease. (there are
1024 bytes in a kb and 1024 kb in a mb)
$upload_class->max_file_size = 15360000;
//Allowable file extensions
$upload_class->ext_array =
array(".jpg",".gif",".jpeg",".png",".tif",".wmf");

//Do not change the following:
$valid_ext = $upload_class->validate_extension();
$valid_size = $upload_class->validate_size();
$max_size = $upload_class->get_max_size();
$file_size = $upload_class->get_file_size();
$upload_directory = $upload_class->get_upload_directory();
$upload_log_directory = $upload_class->get_upload_log_directory();
$file_exists = $upload_class->existing_file();

if (!$valid_ext) {
$result = "The file extension is invalid, please try again!";
}
elseif (!$valid_size) {
$result = "The file size is invalid, please try again! The
maximum file size is: $max_size and your file was: $file_size";
}
elseif ($file_exists) {
$result = "This file already exists on the server, please try
again.";
} else {
$upload_file = $upload_class->upload_file_with_validation();
if (!$upload_file) {
$result = "Your file could not be uploaded!";
} else {
$result = "Your file has been successfully uploaded to the
server.";
}
}
?>
</p>
<hr align="center" width="70%" />
</body>
</html>


page: uploadclass.php

<?
class Upload_Files {

var $temp_file_name;
var $file_name;
var $upload_dir;
var $upload_log_dir;
var $max_file_size;
var $banned_array;
var $ext_array;

function validate_extension() {
$file_name = trim($this->file_name);
$extension = strtolower(strrchr($file_name,"."));
$ext_array = $this->ext_array;
$ext_count = count($ext_array);
if (!$file_name) {
return false;
} else {
if (!$ext_array) {
return true;
} else {
foreach ($ext_array as $value) {
$first_char = substr($value,0,1);
if ($first_char <> ".") {
$extensions[] = ".".strtolower($value);
} else {
$extensions[] = strtolower($value);
}
}
foreach ($extensions as $value) {
if ($value == $extension) {
$valid_extension = "TRUE";
}
}
if ($valid_extension) {
return true;
} else {
return false;
}
}
}
}

function validate_size() {
$temp_file_name = trim($this->temp_file_name);
$max_file_size = trim($this->max_file_size);

if (!$temp_file_name) {
$size = filesize($temp_file_name);
if ($size > $max_file_size) {
return false;

} else {
return true;
}
} else {
return false;
}
}

function existing_file() {
$file_name = trim($this->file_name);
$upload_dir = $this->get_upload_directory();

if ($upload_dir == "ERROR") {
return true;
} else {
$file = $upload_dir . $file_name;
if (file_exists($file)) {
return true;
} else {
return false;
}
}
}

function get_file_size() {
$temp_file_name = trim($this->temp_file_name);
$kb = 1024;
$mb = 1024 * $kb;
$gb = 1024 * $mb;
$tb = 1024 * $gb;

if ($temp_file_name) {
$size = filesize($temp_file_name);
if ($size < $kb) {
$file_size = "$size Bytes";
}
elseif ($size < $mb) {
$final = round($size/$kb,2);
$file_size = "$final KB";
}
elseif ($size < $gb) {
$final = round($size/$mb,2);
$file_size = "$final MB";
}
elseif($size < $tb) {
$final = round($size/$gb,2);
$file_size = "$final GB";
} else {
$final = round($size/$tb,2);
$file_size = "$final TB";
}
} else {
$file_size = "ERROR: NO FILE PASSED TO get_file_size()";
}
return $file_size;
}

function get_max_size() {
$max_file_size = trim($this->max_file_size);
$kb = 1024;
$mb = 1024 * $kb;
$gb = 1024 * $mb;
$tb = 1024 * $gb;

if ($max_file_size) {
if ($max_file_size < $kb) {
$max_file_size = "max_file_size Bytes";
}
elseif ($max_file_size < $mb) {
$final = round($max_file_size/$kb,2);
$max_file_size = "$final KB";
}
elseif ($max_file_size < $gb) {
$final = round($max_file_size/$mb,2);
$max_file_size = "$final MB";
}
elseif($max_file_size < $tb) {
$final = round($max_file_size/$gb,2);
$max_file_size = "$final GB";
} else {
$final = round($max_file_size/$tb,2);
$max_file_size = "$final TB";
}
} else {
$max_file_size = "ERROR: NO SIZE PARAMETER PASSED TO
get_max_size()";
}
return $max_file_size;
}

function validate_user() {
$banned_array = $this->banned_array;
$ip = trim($_SERVER['REMOTE_ADDR']);
$cpu = gethostbyaddr($ip);
$count = count($banned_array);

if ($count < 1) {
return true;
} else {
foreach($banned_array as $key => $value) {
if ($value == $ip ."-". $cpu) {
return false;
} else {
return true;
}
}
}
}

function get_upload_directory() {
$upload_dir = trim($this->upload_dir);

if ($upload_dir) {
$ud_len = strlen($upload_dir);
$last_slash = substr($upload_dir,$ud_len-1,1);
if ($last_slash <> "/") {
$upload_dir = $upload_dir."/";
} else {
$upload_dir = $upload_dir;
}

$handle = @opendir($upload_dir);
if ($handle) {
$upload_dir = $upload_dir;
closedir($handle);
} else {
$upload_dir = "ERROR";
}
} else {
$upload_dir = "ERROR";
}
return $upload_dir;
}

function get_upload_log_directory() {
$upload_log_dir = trim($this->upload_log_dir);
if ($upload_log_dir) {
$ud_len = strlen($upload_log_dir);
$last_slash = substr($upload_log_dir,$ud_len-1,1);
if ($last_slash <> "/") {
$upload_log_dir = $upload_log_dir."/";
} else {
$upload_log_dir = $upload_log_dir;
}
$handle = @opendir($upload_log_dir);
if ($handle) {
$upload_log_dir = $upload_log_dir;
closedir($handle);
} else {
$upload_log_dir = "ERROR";
}
} else {
$upload_log_dir = "ERROR";
}
return $upload_log_dir;
}

function upload_file_no_validation() {
$temp_file_name = trim($this->temp_file_name);
$file_name = trim(strtolower($this->file_name));
$upload_dir = $this->get_upload_directory();
$upload_log_dir = $this->get_upload_log_directory();
$file_size = $this->get_file_size();
$ip = trim($_SERVER['REMOTE_ADDR']);
$cpu = gethostbyaddr($ip);
$m = date("m");
$d = date("d");
$y = date("Y");
$date = date("m/d/Y");
$time = date("h:i:s A");

if (($upload_dir == "ERROR") OR ($upload_log_dir == "ERROR")) {
return false;
} else {
if (is_uploaded_file($temp_file_name)) {
if (move_uploaded_file($temp_file_name,$upload_dir .
$file_name)) {
$log = $upload_log_dir.$y."_".$m."_".$d.".txt";
$fp = fopen($log,"a+");
fwrite($fp,"
$ip-$cpu | $file_name | $file_size | $date | $time");
fclose($fp);
return true;
} else {
return false;
}
} else {
return false;
}
}
}

function upload_file_with_validation() {
$temp_file_name = trim($this->temp_file_name);
$file_name = trim(strtolower($this->file_name));
$upload_dir = $this->get_upload_directory();
$upload_log_dir = $this->get_upload_log_directory();
$file_size = $this->get_file_size();
$ip = trim($_SERVER['REMOTE_ADDR']);
$cpu = gethostbyaddr($ip);
$m = date("m");
$d = date("d");
$y = date("Y");
$date = date("m/d/Y");
$time = date("h:i:s A");
$existing_file = $this->existing_file(); //<-Add On
$valid_user = $this->validate_user(); //<-Add On
$valid_size = $this->validate_size(); //<-Add On
$valid_ext = $this->validate_extension(); //<-Add On

if (($upload_dir == "ERROR") OR ($upload_log_dir == "ERROR")) {
return false;
}
elseif ((((!$valid_user) OR (!$valid_size) OR (!$valid_ext) OR
($existing_file)))) {
return false;
} else {
if (is_uploaded_file($temp_file_name)) {
if (move_uploaded_file($temp_file_name,$upload_dir .
$file_name)) {
$log = $upload_log_dir.$y."_".$m."_".$d.".txt";
$fp = fopen($log,"a+");
fwrite($fp,"
$ip-$cpu | $file_name | $file_size | $date | $time");
fclose($fp);
return true;
} else {
return false;
}
} else {
return false;
}
}
}

}
?>


Thanks

Daniel

 

[Richard Cornford]

I know this code is not entirely javascript,

Yes, it looks like PHP, so we cannot tell what the client is going to be
seeing, and if it is a javascript question the issue can probably best
be identified in what the client sees.

but bare with
me. Can you please tell me why this does not work:

<snip>

And we are supposed to guess what qualifies as 'working' as far as you
are concerned?

Richard.

 

[Randy Webb]

Dan said the following on 11/29/2005 7:54 PM:

Hi,

I know this code is not entirely javascript, but bare with me. Can you
please tell me why this does not work:

<snip>

Was there even any Javascript in there? But don't post the PHP Code, it
is irrelevant if its a JS problem. What you need is the code that is
sent to the browser.

And "Does not work" is a useless error description. It is like going to
the doctor and saying "I hurt, fix it".