Anything else I could do or try????
CSS Codes
Regular Coders
Anything else I could do or try????
___________________________________
Still working on it!
Regular Coders
If someone else has any ideas I still need help with this.
___________________________________
Still working on it!
Senior Coders
Below is the output of print_r($files);
I can't resist letting you figure this one out from here...Code:Array ( [0] => atn [1] => aaa [2] => bbb )
But I will give you a hint. Never use array_search to check the values in a numerically indexed array.
And if you would like to use the code below, feel free.
JPHP Code:$allowed_ext = array("txt", "doc", "pdf"); // Allowed file extensions
$allowed_type = array("text/plain", "application/msword", "application/pdf");
$tmp_name = $_FILES['text']['tmp_name'];
$file_name = basename($_FILES['text']['name']); // File name ex: 'theme.doc'
// I think this is the best way to get a files extension:
$ext = substr($file_name, strrpos($file_name, '.') + 1); // File extension ex 'txt'
if ( !in_array($ext, $allowed_ext) ) { // Check for allowed file extension
$errors[] = "<p class='error'>Uploaded text files must have a .txt or .doc extension. Your file's extension is being reported as $ext .</p>";
}
Dirt_Diver (02-24-2009)
Regular Coders
Originally Posted by JasonDFR
AS much as I would love to work this out on my own I do not know enough yet and FWIW the code above does not work correctly. I can still upload files that I am trying to restrict.
___________________________________
Still working on it!
Regular Coders
I am getting so frustrated with this damn page. Nothing is working. I have tried about 7 different ways to restrict files and nothing is freaking working here.
___________________________________
Still working on it!
Senior Coders
I struggled with file uploads and validation too. Don't get frustrated. You'll get it.
This is your $files array: Array ( [0] => atn [1] => aaa [2] => bbb )
Notice how 'atn', the file extension you want to allow, has a key of zero?
When you are using array_search, it returns the key of the value you are searching for, if the value exists. Your code on the first page works, but when you do:
Look at the code below and run it for an example:PHP Code:if($key) { // if ( the key of value 'atn' ) LOOK AT THE FIRST LINE OF
// OF THIS POST. ZERO IS FALSE.
echo '<b>The file you are uploading is allowed. </b><br />';
} else {
echo '<font color="#F0B80F"><b>The file you are attempting to upload has the wrong extension. </b></font><br />';
exit();
}
PHP Code:$ext = 'atn';
$files = array('atn', 'bbb', 'ccc');
$key = array_search($ext, $files);
if ( $key )
echo 'Ok to upload';
else
echo 'Cannot upload because ' . $key . ' must evalute to false';
exit;
And FWIW the code I posted works perfectly. Of course it needs to be changed to fit into your script.
There is a book I really liked called PHP 6 and MySQL 5..
http://www.amazon.com/PHP-MySQL-Dyna.../dp/032152599X
It helped me a lot. It is easy to read and it covers code just like you are trying to write. You should get a copy.
Last edited by JasonDFR; 02-23-2009 at 07:13 AM.
Dirt_Diver (02-24-2009)
Regular Coders
Okay I don't know how or why this is doing this but I am able to restrict the files being uploaded and the ones that are are allowed but it's working backwards...
The extensions that listed are not allowed and they do not upload but the everything else is allowed and is uploaded.
What do I have backwards?
PHP Code://If no errors registred, print the success message and show the thumbnail image created
if(isset($_POST['Submit']) && !$errors)
{
//This makes sure they did not leave any fields blank
if (!$_POST['uploader_name']) {
die('<font color="#F0B80F"><b>We need your name so we know who uploaded the action.</b></font>');
}
if (!$_POST['uploader_email']) {
die('<font color="#F0B80F"><b>I think you forgot to add your email address. Please go back and try again.</b></font>');
}
if (!$_POST['action_desc']) {
die('<font color="#F0B80F"><b>It looks like you forgot to tell us about your action.</b></font>');
}
//Makes sure the email address is valid
if (!preg_match("/.*@.*..*/", $_POST['uploader_email']) ||
preg_match("/(<|>)/", $_POST['uploader_email'])) {
die('<font color="#F0B80F"><b>The e-mail address you entered is invalid.</b></font>');
}
//grabs the file and uploads it to ../../downloads/photoshop/temp_actions/
//if (move_uploaded_file ($_FILES['action_id']['tmp_name'], "../../downloads/photoshop/temp_actions/{$_FILES['action_id']['name']}")){
// print '<p> Thank you for your contribution to this site.';
# Now we make sure that the file being uploaded is the correct file and it is allowed.
$userfile = $_FILES['action_id']['name'];
$file_size = $_FILES['action_id']['size'];
$file_temp = $_FILES['action_id']['tmp_name'];
$file_err = $_FILES['action_id']['error'];
$path = '../../downloads/photoshop/temp_actions/';
// limit the size of the file to 20MB
if($file_size > 20971520) {
echo '<font color="#F0B80F"><b>The file you are trying to upload is too large. Please restrict your file to at least 20MB </b></font><BR />';
exit();
}
// Create a new file name
// This is so if other files on the server have the same name, it will be renamed
$randomizer = rand(00, 99);
$file_name = $randomizer. '_' .$userfile;
// Get the file type
// Using $_FILES to get the file type is sometimes inaccurate, so we are going
// to get the extension ourselves from the name of the file
// This also eliminates having to worry about the MIME type
$file_type = $userfile;
$file_type_length = strlen($file_type) - 3;
$file_type = substr($file_type, $file_type_length);
if(!empty($userfile)) {
echo 'File Uploaded Information
<ul>
<li>File being uploaded: ' .$userfile. '</li>
<li>File Type: .' .$file_type.'</li>
<li>File Size: ' .$file_size. ' KB </li>
<li>File Error: ' . $file_err. '</li>
</ul>';
// Set allowed file types
// Set case of all letters to lower case
$file_type = strtolower($file_type);
$files = array("txt", "doc", "pdf"); // Allowed file extensions
$allowed_type = array("text/plain", "application/msword", "application/pdf");
// Search the array for the allowed file type
$ext = substr($userfile, strrpos($userfile, '.') + 1); // File extension ex 'txt'
if ( !in_array($ext, $files) ) { // Check for allowed file extension
echo '<b>The file you are uploading is allowed. </b><br />';
} else {
echo '<font color="#F0B80F"><b>The file you are attempting to upload has the wrong extension. </b></font><br />';
exit();
}
// Check for errors and upload the file
$error_count = count($file_error);
if($error_count > 0) {
for($i = 0; $i <= $error_count; ++$i) {
echo $_FILES['action_id']['error'][$i];
}
} else {
if(move_uploaded_file($file_temp, '../../downloads/photoshop/temp_actions/' .$file_name.'')) {
echo 'Thank you for your contribution. You should see your action on the site within 24 hours.';
} else {
echo '<font color="#F0B80F"><b>Whoops look like there was a mistake during your upload. Please try again.</b></font>';
}
}
} else {
echo '<font color="#F0B80F"><b>No file has been selected.</b></font>';
}
Last edited by Dirt_Diver; 02-23-2009 at 01:42 PM.
___________________________________
Still working on it!
Senior Coders
Here is a problem:
Try to understand well the code below. If you have any questions about it, let me know.PHP Code:if ( !in_array($ext, $files) ) { // if NOT in array. See the !
echo '<b>The file you are uploading is allowed. </b><br />';
} else {
echo '<font color="#F0B80F"><b>The file you are attempting to upload has the wrong extension. </b></font><br />';
exit();
}
PHP Code:<?php
$errors = array(); // Initialize an errors array
// Do whatever error checking you want here.
// When you find an error, set a message for it in the $errors array
// $errors[] = 'The error message';
$file_name = 'test.atn'; // This is the name of the uploaded file
$allowed_ext = array('atn', 'aaa', 'bbb'); // Allowed extenstions
$ext = strtolower(substr($file_name, strrpos($file_name, '.') + 1)); // Uploaded extenstion ex 'atn'
if ( !in_array($ext, $allowed_ext) ) {
// The uploaded file's extension is NOT in the allowed extension's array
// So set an error in the $errors array.
$errors[] = "$ext is not allowed";
}
if ( empty($errors) ) { // If the errors array is empty, there are no errors, so upload
// UPLOAD THE FILE
echo ' FILE IS OK';
}
if ( !empty($errors) ) { // Check to see if there were errors and echo them to the user
foreach ( $errors as $error ) {
echo $error . '<br />';
}
}
Dirt_Diver (02-24-2009)
Senior Coders
Check out Page 279 of O'Reilly Head First PHP and MySQL
http://www.amazon.com/Head-First-MyS.../dp/0596006306
I think the Head First books are really good. If you can get a copy from the library, that would be great.
Regular Coders
Are you saying that I'm useless with out you??? hahaha
BTW I have the book.
___________________________________
Still working on it!
Posting Permissions
Reply With Quote
Bookmarks