In the middle of creating my first ever website after teaching myself HTML over the past 5 or 6 weeks.

I would like to create an upload area where clients can upload certain file types up to 100MB in size to a folder on our server. Of course once I get it working, it will be then password protected.

It is a simple form with an upload button. Here is the form http://www.dev.kenwhitesigns.co.uk/client-area.html

Can someone direct me how to amend this form and create a .php file to allow this?

I had it working a couple weeks ago, so I know it will work. I just can not for the life of me remember how I did it and foolishly I did not save the script anywhere for future use.

Any help would be much appreciated. :D

Thanks

1. Info about PHP uploads (http://us3.php.net/manual/en/features.file-upload.php).
If you need help with specific code issues, please post your code.

2. Don't make security an afterthought. Adding security after-the-fact will lead to security holes.

Just wondering. Is it an upload area for each particular client where they can login and manage their own resources? Or is it a generic client upload area where they can just upload but not delete/edit - more of a one-stop-dropoff point?

If you could let us know a bit more about the features you'd need and what you'd like to do with the uploads once they're on the server, maybe we could recommend a pre-made script package with security already taken care of.

After looking at your web page, maybe you can kill two birds with one stone and use a contact form with anti-spam captcha that only allows specific file upload or a certain size?

Alternatively, depending on how big you imagine this service will get (allowing for expansion) and who you need to manage the uploads/messages/job specifics in the backend (non-techy types who you don't want poking around in FTP), you might even like to think about something like the free version of Form Tools http://www.formtools.org/ . Use it to easily process and manage any form of your making, add captcha, validation, allow uploads (limit file type and size), send receipt emails to you and the 'submittee' and even create simplified 'client' accounts so your non-techy work mates can view form/upload submissions through the backend admin panel. You can even create hidden form fields which is a handy way to make notes in the backend to log which submissions have been actioned.

It's actually fairly simple to do this yourself as opposed to using something like formtools:
http://www.tizag.com/phpT/fileupload.php

true, but formtools is a very nice utility. Has lots of stuff set up to keep things organized.

In any case, I think we need to hear more from the OP before deciding on a course of action.

true, but formtools is a very nice utility. Has lots of stuff set up to keep things organized.

In any case, I think we need to hear more from the OP before deciding on a course of action.

I'm a fan of Form Tools - can't you tell ;) I just threw that in as an option while we dont know all the details.

I agree that it might be overkill for smaller projects (that's why I thought that a contact form with attachment field might be suitable for now) but it's good to consider other options with a view to 'future-proofing' and expansion, and that's where I believe Form Tools can potentially solve a lot of organisational problems.

There are so many possibilities for where and how it can be used (for external/frontend form submissions or internal/backend data input), not to mention it being so convenient for managing all website forms via one interface, so it's a good tool to have in your arsenal.

Thanks for your responses.

It will simply be used as a drop off point. It will not allow access to customers to edit, delete, view or remove files. I would like to leave it in a dedicated area rather than incorporate it in to the contact area, simply because sometimes it is nice for customers/clients to feel that there is a special area within our website just for them (as this will be used mainly by regular and existing customers).

Our company is only a small business with few staff so I can control the back end ftp access and editing fairly easily so I am not particularly concerned with this area.

I will have a look at form tools. But will probably prefer using a simple php script.

IMO, OP's just starting out, so it's better for them to learn to do these things themselves rather than relying on things like formtools, however good it may be.

It certainly is better to learn how to do things - trial and error is going to give anyone a better understanding of how and why we do certain things, and smaller projects often present prime opportinities to test ourselves.

Form Tools is just an option that would be better used for larger-scale data-submission/collation/organisation.

spiper would of course need to evaluate the merits of both points based on his/her own requirements :)

It just needs to be a one stop drop area. I do not want any other access to the backend (so no access to view, edit or delete already uploaded files).

And I would like to keep it as a separate page to the contact area as this could create a feeling of special treatment to our existing and regular customers i.e. a section of our website purely for their use etc.

Ideally as it will only be used occasionally (we tend to do most design and artwork ourselves), I think that maybe a simple PHP script would be suitable. And I have tried using the tiztag.com link as suggested by Bernie a couple weeks ago. After playing with it for a while, eventually I had it working!! But now, no matter what I do, I can not get it going again.

Obviously I am trying to learn as much as possible as quickly as possible as my directors have scheduled a deadline of the first week in January for me to have this finished and ready to present! :eek: My primary role is a Production Manager. But due to tough times, the company made a decision that we should try to keep the new website build in house to save costs and decided I would be the best person to take this task on. I am fairly tech savvy but Website building and programming was something I have never touched on before. And depending how things go this could be a service we offer later in the future (obviously after much more training and learning). But anyway... enough of the about me!! ;)

Ok so I have got the upload section working and correctly uploading and moving documents to the correct folder.

I have set the limit to 100mb and included valid file extensions. I am having issues with uploading fonts. Have I inserted the correct mime type etc.? and are they correct for the other extensions?

Also what I would like to do, is:

- When the file upload is complete (or fails), I would like to direct to a new pre-designed web page (that will fit within the design rather than have some small text on a white page). How would I put this link in to the php script? My php script at the moment is:


<?php
$allowedExts = array("jpg", "jpeg", "gif", "png", "pdf", "cdr", "ai", "eps", "indd", "tif", "tiff", "bmp", "ttf", "otf",);
$extension = end(explode(".", $_FILES["uploadedfile"]["name"]));
if ((($_FILES["uploadedfile"]["type"] == "image/gif")
|| ($_FILES["uploadedfile"]["type"] == "image/jpeg")
|| ($_FILES["uploadedfile"]["type"] == "image/png")
|| ($_FILES["uploadedfile"]["type"] == "application/pdf")
|| ($_FILES["uploadedfile"]["type"] == "application/cdr")
|| ($_FILES["uploadedfile"]["type"] == "application/ai")
|| ($_FILES["uploadedfile"]["type"] == "application/eps")
|| ($_FILES["uploadedfile"]["type"] == "application/indd")
|| ($_FILES["uploadedfile"]["type"] == "image/tif")
|| ($_FILES["uploadedfile"]["type"] == "image/tiff")
|| ($_FILES["uploadedfile"]["type"] == "image/bmp")
|| ($_FILES["uploadedfile"]["type"] == "font/ttf")
|| ($_FILES["uploadedfile"]["type"] == "font/otf")
|| ($_FILES["uploadedfile"]["type"] == "image/pjpeg"))
&& ($_FILES["uploadedfile"]["size"] < 104900000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["uploadedfile"]["error"] > 0)
{
echo "Return Code: " . $_FILES["uploadedfile"]["error"] . "<br>";
}
else
{
echo "Thank you. Your file was uploaded sucessfully." ."<br>";


if (file_exists("uploads/" . $_FILES["uploadedfile"]["name"]))
{
echo $_FILES["uploadedfile"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["uploadedfile"]["tmp_name"],
"uploads/" . $_FILES["uploadedfile"]["name"]);
echo "";
}
}
}
else
{
echo "Invalid file type. Please try again or contact us for advice.";
}
?>

The file extension is not a good way to determine the file type. You'd be better off checking the file's mime type (the fileinfo functions (http://us2.php.net/manual/en/ref.fileinfo.php) are good for this):

<?php

$file = /* path to file you're checking */;
$allowedMimeTypes = array( 'image/gif','image/jpeg','etc.' );

$finfo = finfo_open(FILEINFO_MIME_TYPE);
if( in_array( finfo_file($finfo, $filename), $allowedMimeTypes ) ){ /* okay then */ }
else{ /* not an allowed file type */ }
What version of PHP are you running? [icode]finfo[icode] is included by default from 5.3 on. If there's any trouble, you may need to check your server configuration (finfo uses the host computer's "magic" mime hinting files).

Also be aware that for large file uploads, you may need to change the max upload filesize (both in your php.ini and in Apache). Talk to your web host about this.

After playing with it, I see there is an obvious error in the script as well.
If I try and upload an image with the same name as an existing. I will get the message "Thank you. Your file was uploaded successfully. 'your file name' already exists"
So obviously the script is reporting success before it moves the file. I have tried moving snippets of script around but I am struggling. I think I am missing something!! :(

I'm out right now but I'll have a look this afternoon.

Try this:


if ($_FILES["uploadedfile"]["error"] > 0) {
echo "Return Code: " . $_FILES["uploadedfile"]["error"] . "<br>";
}
elseif (!file_exists("uploads/" . $_FILES["uploadedfile"]["name"])) {
echo "Thank you. Your file was uploaded sucessfully." ."<br>";
}
elseif (file_exists("uploads/" . $_FILES["uploadedfile"]["name"])) {
echo $_FILES["uploadedfile"]["name"] . " already exists. ";
}
else {
move_uploaded_file($_FILES["uploadedfile"]["tmp_name"],
"uploads/" . $_FILES["uploadedfile"]["name"]);
echo "";
}


The issue is that there is no error, so it passes through to the else of the if statement and thus returns that it uploaded correctly. It then goes through to the other if statement, and because there are two, it also echo's that there is already a file with the same name there. This code should fix that.

:confused:
I used this code. I get the thank you message but file does not appear to have been moved to the uploads/ dir. Also I am a little confused at the code:

If under 100mb
and file extension allowed
if more than 0 then show "error."
Else if file exists then show "thank you"
Else if file exists the show "already exists"
Else move file to uploads/.

Obviously I am an amateur so not questioning your expertise, I just can not see the logic in the code. I thought it would be more along the lines:

If under 100mb (Else show "Size too big")
and file extension allowed (Else show "Invalid File Type")
and file does not exist in uploads/ (Else show "already exists")
Then move file to uploads/ and show "Thank you" (Else show "Error with upload")

This is what I want to say but just dont know how! :confused:

I've put it in a bit of a different order, but I see where I went wrong:


if ($_FILES["uploadedfile"]["error"] < 0 && !file_exists("uploads/" . $_FILES["uploadedfile"]["name"])) {
echo "Thank you. Your file was uploaded sucessfully." ."<br>";
move_uploaded_file($_FILES["uploadedfile"]["tmp_name"],
"uploads/" . $_FILES["uploadedfile"]["name"]);
echo "";
}
elseif (file_exists("uploads/" . $_FILES["uploadedfile"]["name"])) {
echo $_FILES["uploadedfile"]["name"] . " already exists. ";
}
else {
echo "Return Code: " . $_FILES["uploadedfile"]["error"] . "<br>";
}

NB: I didn't integrate traq's file checking as it doesn't have all the file types you specified, and it should be fairly easy for you to do it.

Thank you for your response but I still could not get the above code working. But... after playing around and a lot of trial and area, I got there in the end. Here is the code that eventually worked:


{
if ($_FILES["uploadedfile"]["error"] > 0)
{
echo "Return Code: " . $_FILES["uploadedfile"]["error"] . "<br>";
}
{
if (file_exists("uploads/" . $_FILES["uploadedfile"]["name"]))
{
echo $_FILES["uploadedfile"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["uploadedfile"]["tmp_name"],
"uploads/" . $_FILES["uploadedfile"]["name"]);
echo "Thank you. Your file was uploaded sucessfully.";
}
}
}
else
{
echo "Invalid file type. Please try again or contact us for advice.";
}

Just one other thing... Instead of displaying a simple message, I want to redirect to another web page. I imagine this snippet of script would be quite simple but I have never used it before so an example would be much appreciated. :)

header("Location: http://website.com/path/to/thanks.htm");instead of;
echo "Thank you. Your file was uploaded sucessfully.";should hopefully do the redirect.