topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • April 22, 2019, 11:27 PM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: File Upload With Php  (Read 517 times)

The Code Queryer

  • Participant
  • Joined in 2019
  • *
  • default avatar
  • Posts: 29
    • View Profile
    • Donate to Member
File Upload With Php
« on: April 08, 2019, 03:21 PM »
Php Programmers,

I am trying to build a file upload script with php but struggling. Need your urgent assistance.
Here are the requirements:


START OF REQUIREMENTS

* If directories "uploads/videos/id_verifications/$user" do not exist then they must be created. Else, not.
NOTE: Only the script must be able to create these directories and write to them (add files, delete files, copy files there, copy files from there, etc.) and no external domain must have these privileges. No other scripts must be executable from these directories.

* If File already exists then should echo error. Else, not.
Should check with php function: file-exists().
https://www.php.net/...tion.file-exists.php

* Uploaded File should only be video files (.wav, .mp4, etc.). Should echo error if File Types are otherwise.

* Script should check whether the file upload was successful or not.
Should check with php function: is_uploaded_file().
http://php.net/manua...is-uploaded-file.php

To detect File Details, should use php functions:
* file_info() & mime_content_type():
https://www.php.net/...ction.finfo-file.php
https://www.php.net/...ime-content-type.php

* Uploaded File should not be more than 100MB. Should echo error if File Sizes are otherwise.
Should check with php function: file_size():
https://www.php.net/...unction.filesize.php

* Temporary File should be created at first and then moved to the following permanent directory: uploads/videos/id_verifications/$user.
Moving of directory should be done using php function: move_uploaded_file
https://www.php.net/...ve-uploaded-file.php

* Uploading File Name should be renamed to: $user_id_verification
File Renaming should be done using php function: rename():
https://www.php.net/.../function.rename.php
So, if file name is "my_id.mp4" and User's username is "tommy_boy" then File Name should be renamed to: "tommy_boy_id_verification.mp4".
If file name is "my_id.wav" and User's username is "tony_boy" then File Name should be renamed to: "tony_boy_id_verification.wav".
(NOTE: On the above 2 example lines, the File extensions are different).

* User must get notified that, file has been uploaded successfully. If uploading fails then user must get echoed error.

* All Errors should be echoed using traditional: $Errors[] = "Error message goes here";

* Php code must be in procedural style as I do not know OOP.

* You must include understandable comments on your codes so I can understand them and have no questions.

END OF REQUIREMENTS


Q1. Are there anything else, in terms of security, that I should have as "Requirements" ?

« Last Edit: April 18, 2019, 10:13 AM by The Code Queryer »

The Code Queryer

  • Participant
  • Joined in 2019
  • *
  • default avatar
  • Posts: 29
    • View Profile
    • Donate to Member
Re: File Upload
« Reply #1 on: April 08, 2019, 03:38 PM »
Php folks,

Here is my attempt to build a php uploading script using my REQUIREMENTS mentioned above in my original post.

I have yet to do the file renaming.

Notice the comments in CAPITALS.

Also notice that, I have commented-out many code lines. That is because those lines weren't working.
I'd appreciate it if you could point-out my errors in those lines so I can see my mistakes.
And, I would most appreciate it if you could show me snippets how those lines should be. 


Q1. How should I have coded my mkdir() as that line is not working ? I get no error on my local host xamp. But I get error on my website:
Warning: mkdir(): Permission denied in /home/domain/public_html/upload.php on line 35.

mkdir($directory_path . $user, "$mode", TRUE); //IS THIS LINE CORRECT ?


Q2. How should I have coded my move_uploaded_file() as that line is not working. Not moving the file.

//Move uploaded File to newly created directory on the server.
//move_uploaded_file("$file_tmp", "$directory_path" . "$user" . "/" . "$file_name"); //IS THIS LINE CORRECT ?
//move_uploaded_file("$file_tmp", "$directory_path" . "$user/" . "$file_name"); //IS THIS LINE CORRECT ?
move_uploaded_file("$file_tmp", $directory_path . $user . '/' . $file_name); //IS THIS LINE CORRECT ?


Q3. Is my webform html 5 compatible/compliant ?

<form METHOD="POST" ACTION="" enctype="multipart/form-data">
<fieldset>
<p align="left"><h3><?php $site_name ?> ID Video Verification Form</h3></p>
<div class="form-group">
<p align="left"<label>Video File: </label>
<input type="file" name="id_verification_video_file" id="id_verification_video_file" value="uploaded 'Id Verification Video File.'"></p>
</div>
</fieldset>
<p align="left"><button type="submit" class="btn btn-default" name="id_verification_video_file_submit">Submit!</button></p>
</form>


Q4. Anything else I should know ?

Here is my code below.
NOTE:
The header_account.php includes more files.
The $user is defined via SESSION from one of those included files. So don't worry that I have not defined the $user here. Error reporting is ON and I am not getting any error regarding the $user.

<?php 

//ERROR REPORTING CODES. 
declare(strict_types=1); 
ini_set('display_errors''1'); 
ini_set('display_startup_errors''1'); 
error_reporting(E_ALL); 
mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT); 

?>


Full Code: upload.php
<?php 
//Required PHP Files. 
include 'header_account.php'//Required on all webpages of the Site. 
?>


<?php 

if (!$conn

$error mysqli_connect_error(); 
$errno mysqli_connect_errno(); 
print "$errno&#58; $error\n"
exit(); 


if(
$_SERVER["REQUEST_METHOD"&#93; == "POST") 

//Check whether the file was uploaded or not without any errors. 
if(!isset($_FILES["id_verification_video_file"&#93;) && $_FILES["id_verification_video_file"&#93;["Error"&#93; == 0) 

$Errors = Array(); 
$Errors[&#93; = "Error&#58; " . $_FILES["id_verification_video_file"&#93; ["ERROR"&#93;; 
print_r($_FILES); ?>
<br><?php 
print_r($_ERRORS); 
exit(); 

else 

//Feed Id Verification Video File Upload Directory path. 
$directory_path "uploads/videos/id_verifications/"
//Make Directory under $user in 'uploads/videos/id_verifications' Folder. 
if(!is_dir($directory_path $user)) //IS THIS LINE CORRECT ?

$mode "0644"
mkdir($directory_path $user"$mode"TRUE); //IS THIS LINE CORRECT ?


//Grab Uploading File details. 
$Errors = Array(); //SHOULD I KEEP THIS LINE OR NOT ?
$file_name $_FILES["id_verification_video_file"&#93;["name"&#93;; 
$file_tmp $_FILES["id_verification_video_file"&#93;["tmp_name"&#93;; 
$file_type $_FILES["id_verification_video_file"&#93;["type"&#93;; 
$file_size $_FILES["id_verification_video_file"&#93;["size"&#93;; 
$file_error $_FILES['id_verification_video_file'&#93;['error'&#93;; 

//Grab Uploading File Extension details. 
$file_extension pathinfo($file_namePATHINFO_EXTENSION); 
//if(file_exists("$directory_path . $user/ . $file_name")) //THIS LINE IS NOT GIVING THE ERROR THAT FILE HAS ALREADY BEEN UPLOADED. INSTEAD GIVES THE ECHO THAT IS 26 LINES BELOW HERE&#58; "Your Video File \"$file_name\" has been uploaded successfully!"
if(file_exists($directory_path $user '/' $file_name)) ////THIS LINE IS NOT GIVING THE ERROR THAT FILE HAS ALREADY BEEN UPLOADED. INSTEAD SHOWING BLANK WHITE PAGE.

$Errors[&#93; = "Error&#58; You have already uploaded a video file to verify your ID!"; 
exit(); 
    } 
else 

//Feed allowed File Extensions List. 
$allowed_file_extensions = array("mp4" => "video/mp4"); 

//Feed allowed File Size. 
$max_file_size_allowed_in_bytes 1024*1024*100//Allowed limit&#58; 100MB. 
$max_file_size_allowed_in_kilobytes 1024*100
$max_file_size_allowed_in_megabytes 100

$max_file_size_allowed "$max_file_size_allowed_in_bytes"

//Verify File Extension. 
if(!array_key_exists($file_extension$allowed_file_extensions)) die("Error&#58; Select a valid video file format. Select an Mp4 file."); 
//Verify MIME Type of the File. 
elseif(!in_array($file_type$allowed_file_extensions)) 

$Errors[&#93; = "Error&#58; There was a problem uploading your file $file_name! Make sure your file is an MP4 video file. You may try again."; //IS THIS LINE CORRECT ?

//Verify File Size. Allowed Max Limit&#58; 100MB. 
elseif($file_size>$max_file_size_allowed) die("Error&#58; Your Video File Size is larger than the allowed limit of&#58; $max_file_size_allowed_in_megabytes."); 
//Move uploaded File to newly created directory on the server. 
move_uploaded_file("$file_tmp"$directory_path $user '/' $file_name); //IS THIS LINE CORRECT ?
//move_uploaded_file("$file_tmp", "$directory_path" . "$user" . "/" . "$file_name"); //IS THIS LINE CORRECT ?
//move_uploaded_file("$file_tmp", "$directory_path" . "$user/" . "$file_name"); //IS THIS LINE CORRECT ?
//Notify user their Id Verification Video File was uploaded successfully. 
echo "Your Video File \"$file_name\" has been uploaded successfully!"
exit(); 

    } 
    } 
?>
`

<form METHOD="POST" ACTION="" enctype="multipart/form-data">
<fieldset>
<p align="left"><h3><?php $site_name ?> ID Video Verification Form</h3></p>
<div class="form-group">
<p align="left"<label>Video File: </label>
<input type="file" name="id_verification_video_file" id="id_verification_video_file" value="uploaded 'Id Verification Video File.'"></p>
</div>
</fieldset>
<p align="left"><button type="submit" class="btn btn-default" name="id_verification_video_file_submit">Submit!</button></p>
</form>

</body>
</html>

<?php 
include 'footer_account.php'//Required on all webpages of the Site. 
?>



NOTE 1: I have not used the finfo_file() and mine_content_type functions here. I'd like you to show me how to do them.
I'd appreciate a mini script from your end.

NOTE 2: I would appreciate it if someone modified my code according to my requirements mentioned on my original post and add it to this thread for all newbies to learn from.

NOTE 3: This forum is showing my codes funny. Hence, attached my file. Attachment will show my code correctly.

Thanks
« Last Edit: April 08, 2019, 04:54 PM by The Code Queryer »

The Code Queryer

  • Participant
  • Joined in 2019
  • *
  • default avatar
  • Posts: 29
    • View Profile
    • Donate to Member
Re: File Upload
« Reply #2 on: April 11, 2019, 06:47 AM »
Mmmm. Again, here too no one knows the answer ?  :'(

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 10,066
    • View Profile
    • Donate to Member
Re: File Upload
« Reply #3 on: April 11, 2019, 08:12 AM »
Again, check StackOverflow with your questions.  You'll have a larger variety of coders and people to help you.  If someone knows here, they'd be happy to help you, but we have a smaller pool and depending on timeframe they might not be able to answer.

The Code Queryer

  • Participant
  • Joined in 2019
  • *
  • default avatar
  • Posts: 29
    • View Profile
    • Donate to Member
Re: File Upload
« Reply #4 on: April 12, 2019, 01:12 PM »
Again, check StackOverflow with your questions.  You'll have a larger variety of coders and people to help you.  If someone knows here, they'd be happy to help you, but we have a smaller pool and depending on timeframe they might not be able to answer.

Having trouble at StackOverFlow as it says I reached my questioning limit.
How-about you give it ago to answer my questions ?

The Code Queryer

  • Participant
  • Joined in 2019
  • *
  • default avatar
  • Posts: 29
    • View Profile
    • Donate to Member
Re: File Upload
« Reply #5 on: April 17, 2019, 06:51 PM »

<?php 

//Required PHP Files. 

include 'header_account.php'//Required on all webpages of the Site. 

?>




<?php 



if (!$conn



$error mysqli_connect_error(); 

$errno mysqli_connect_errno(); 

print "$errno&#58; $error\n"

exit(); 





if(
$_SERVER["REQUEST_METHOD"&#93; == "POST") 



//Check whether the file was uploaded or not without any errors. 

if(!isset($_FILES["id_verification_video_file"&#93;) && $_FILES["id_verification_video_file"&#93;["Error"&#93; == 0) 



$Errors = Array(); 

$Errors[&#93; = "Error&#58; " . $_FILES["id_verification_video_file"&#93; ["ERROR"&#93;; 

print_r($_FILES); ?>
<br><?php 

print_r($_ERRORS); 

exit(); 



else 





//Feed Id Verification Video File Upload Directory path. 

$directory_path 'uploads/videos/id_verifications/'

//Make Directory under $user in 'uploads/videos/id_verifications' Folder. 

$directory_path_and_user_dir "uploads/videos/id_verifications/$user"



if(!is_dir($directory_path_and_user_dir)) //IS THIS LINE CORRECT ?



$db_user 'followin_user'

$mode 0755

mkdir($directory_path_and_user_dir$modeTRUE); //IS THIS LINE CORRECT ?





//Grab Uploading File details. 

$Errors = Array(); //SHOULD I KEEP THIS LINE OR NOT ?

$file_name $_FILES["id_verification_video_file"&#93;["name"&#93;; 

$file_tmp $_FILES["id_verification_video_file"&#93;["tmp_name"&#93;; 

$file_type $_FILES["id_verification_video_file"&#93;["type"&#93;; 

$file_size $_FILES["id_verification_video_file"&#93;["size"&#93;; 

$file_error $_FILES['id_verification_video_file'&#93;['error'&#93;; 



//Grab Uploading File Extension details. 

$file_extension pathinfo($file_namePATHINFO_EXTENSION); 



$directory_path_and_user_dir_and_user_file "$directory_path_and_user_dir/$file_name"



//if(file_exists("$directory_path_and_user_dir_and_user_file")) //THIS LINE IS NOT GIVING THE ERROR THAT FILE HAS ALREADY BEEN UPLOADED. INSTEAD GIVES THE ECHO THAT IS 26 LINES BELOW HERE&#58; "Your Video File \"$file_name\" has been uploaded successfully!"

if(file_exists($directory_path_and_user_dir_and_user_file)) ////THIS LINE IS NOT GIVING THE ERROR THAT FILE HAS ALREADY BEEN UPLOADED. INSTEAD SHOWING BLANK WHITE PAGE.



$Errors[&#93; = "Error&#58; You have already uploaded a video file to verify your ID!"; 

exit(); 

    } 

else 



//Feed allowed File Extensions List. 

$allowed_file_extensions = array("mp4" => "video/mp4"); 



//Feed allowed File Size. 

$max_file_size_allowed_in_bytes 1024*1024*100//Allowed limit&#58; 100MB. 

$max_file_size_allowed_in_kilobytes 1024*100

$max_file_size_allowed_in_megabytes 100



$max_file_size_allowed "$max_file_size_allowed_in_bytes"



//Verify File Extension. 

if(!array_key_exists($file_extension$allowed_file_extensions)) 



$Errors[&#93; = "Error&#58; Select a valid video file format. Select an Mp4 file."; 



//Verify MIME Type of the File. 

elseif(!in_array($file_type$allowed_file_extensions)) 



$Errors[&#93; = "Error&#58; There was a problem uploading your file $file_name! Make sure your file is an MP4 video file. You may try again."; //IS THIS LINE CORRECT ?



//Verify File Size. Allowed Max Limit&#58; 100MB. 

elseif($file_size>$max_file_size_allowed



$Errors[&#93; = "Error&#58; Your Video File Size is larger than the allowed limit of&#58; $max_file_size_allowed_in_megabytes."; 





if(!is_uploaded_file($file_tmp)) //SHOULD I CHECK WITH $file_name OR $file_tmp ? 

//if(!is_uploaded_file($file_name)) //SHOULD I CHECK WITH $file_name OR $file_tmp ? 



die("$file_tmp has failed to upload via HTTP POST!"); 

//die("$file_name has failed to upload via HTTP POST!"); 



else 



echo "$file_tmp has been successfully uploaded via HTTP POST!"

//echo "$file_name has been successfully uploaded via HTTP POST!"; 





//Move uploaded File to newly created directory on the server. 

if(!move_uploaded_file($file_tmp"$directory_path_and_user_dir/$file_name")) //SHOULD I CHECK WITH $file_name OR $file_tmp ? 

//if(!move_uploaded_file($file_name, "$directory_path_and_user_dir/$file_name")) //SHOULD I CHECK WITH $file_name OR $file_tmp ? 



$db_user 'root'//IS THIS LINE NECESSARY ? 

$mode 0755//IS THIS LINE NECESSARY ? 



//Notify user their Id Verification Video File uploading failed. 

echo "Your Video File \"$file_name\" has failed to be uploaded! You may try some other time."

exit(); 



else 



echo "Your Video File \"$file_name\" has been uploaded successfully!"

exit(); 









?>




<form METHOD="POST" ACTION="" enctype="multipart/form-data">

<fieldset>

<p align="left"><h3><?php $site_name ?> ID Video Verification Form</h3></p>

<div class="form-group">

<p align="left"<label>Video File: </label>

<input type="file" name="id_verification_video_file" id="id_verification_video_file" value="uploaded 'Id Verification Video File.'"></p>

</div>

</fieldset>

<p align="left"><button type="submit" class="btn btn-default" name="id_verification_video_file_submit">Submit!</button></p>

</form>



</body>

</html>



<?php 

include 'footer_account.php'//Required on all webpages of the Site. 

?>


I need someone to tell me what is wrong with my code ? It does not upload video files.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,511
    • View Profile
    • Donate to Member
Re: File Upload With Php
« Reply #6 on: April 17, 2019, 10:07 PM »
As a general note: 'Doesn't work' is the most useless error description you can provide to anyone trying to solve your problem. Describe what you do, step by step, in clear and short terms, preferably with clear screenshots of the steps you take and the error message that is presented to you. That will make answering or troubleshooting much more easier for yourself and the troubleshooter.

If you fling your questions onto StackOverflow in the same way as you do here, it is very obvious why you have encountered the open question limit over there. Don't expect your questions to be answered soon there (or here). People don't have any idea of what you are doing, how your environment looks like or what tools you are using. Here's a secret, they don't give a flying f..k care, because they have much more useful things to do with their time.   

So, mention what version of PHP you use. Mention what type of server (Windows/Linux). Mention which web server (Apache, NGINX, other) etc.

Another general note: Web servers, by default, are configured only to serve files to anyone who asks, not receive files and storing these. How sure are you that the web server you use is configured to allow for file uploads?

Last general note of this post: You are setting some values in your final error message. Why? Error messages are there to inform the user and preferably never contain forms of code. That is true for any type of messaging to inform the user.

In your case, I would seriously suggest to start using an IDE for PHP development. It is clear that you don't. IDEs help you out with code completion, syntax and the better IDEs even have tools that analyze the code you create in them and show (some of) the errors in your concept code.

NetBeans and Eclipse have IDEs for PHP development that are free to use. PHPStorm is not free. Besides that info, I have no experience with any of them, so you are on your own there.

The Code Queryer

  • Participant
  • Joined in 2019
  • *
  • default avatar
  • Posts: 29
    • View Profile
    • Donate to Member
Re: File Upload With Php
« Reply #7 on: April 18, 2019, 10:16 AM »
As a general note: 'Doesn't work' is the most useless error description you can provide to anyone trying to solve your problem. Describe what you do, step by step, in clear and short terms, preferably with clear screenshots of the steps you take and the error message that is presented to you. That will make answering or troubleshooting much more easier for yourself and the troubleshooter.

If you fling your questions onto StackOverflow in the same way as you do here, it is very obvious why you have encountered the open question limit over there. Don't expect your questions to be answered soon there (or here). People don't have any idea of what you are doing, how your environment looks like or what tools you are using. Here's a secret, they don't give a flying f..k care, because they have much more useful things to do with their time.   

So, mention what version of PHP you use. Mention what type of server (Windows/Linux). Mention which web server (Apache, NGINX, other) etc.

Another general note: Web servers, by default, are configured only to serve files to anyone who asks, not receive files and storing these. How sure are you that the web server you use is configured to allow for file uploads?

Last general note of this post: You are setting some values in your final error message. Why? Error messages are there to inform the user and preferably never contain forms of code. That is true for any type of messaging to inform the user.

In your case, I would seriously suggest to start using an IDE for PHP development. It is clear that you don't. IDEs help you out with code completion, syntax and the better IDEs even have tools that analyze the code you create in them and show (some of) the errors in your concept code.

NetBeans and Eclipse have IDEs for PHP development that are free to use. PHPStorm is not free. Besides that info, I have no experience with any of them, so you are on your own there.

Thanks man for the enlightenment. Though, I would have prefered it without any swearing.
Thanks for the IDE suggestions. I use NotePad++. Anyway, which one do you use and which one you found better out of the 2 you sugegsted and why that one better over the other one ? Now, I'm interviewing you! ;)

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,511
    • View Profile
    • Donate to Member
Re: File Upload With Php
« Reply #8 on: April 18, 2019, 10:56 AM »
Those were just suggestions. I don't use any and have no plans to do so in the near or far future.

What I can tell you is that I like the screenshots of NetBeans the most. That is as objective and biased as it can be, so try both and see which one you like best. Or spend money on PHPStorm, it gets talked about in very positive ways on other forums I frequent, for whatever that's worth.

The links show you the feature set of each IDE. What is best for you, your coding style and the code you want to produce with it, that is something only you can decide.

Notepad++ is an excellent text editor, which detects many different scripting/coding languages. But that doesn't mean it is a right fit for coding. For minor adjustments in code when you don't have time to open a full fledged IDE, sure. But it is practically always better to fire up the IDE instead. And nowadays, almost anyone uses SSDs as their main drive, so starting up an IDE isn't nearly as time-consuming as it once was.

IDEs usually come with another handy feature, a link to one or more Version Control Systems (Git, Mercurial, SVN etc.). Use this to commit your code into (with proper description of what you were trying to do) your repository. If When you need to go back in time at some point during the coding of your project, you will be very happy you did. All have their pro's and con's, but Git is very popular nowadays, so it will be handy for you to follow the masses here. Also, there is tons of free information floating around the Internet about Git.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 8,701
    • View Profile
    • Donate to Member
Re: File Upload With Php
« Reply #9 on: April 18, 2019, 02:59 PM »
This may be helpful to you, in helping those who might help you:

https://stackoverflo....com/help/how-to-ask

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 10,066
    • View Profile
    • Donate to Member
Re: File Upload With Php
« Reply #10 on: April 18, 2019, 04:40 PM »
This may be helpful to you, in helping those who might help you:

https://stackoverflo....com/help/how-to-ask

 :Thmbsup: