16
Developer's Corner / File Upload With Php
« on: April 08, 2019, 03:21 PM »
Php Programmers,
I am trying to build a file upload script with php but struggling. Need your urgent assistance.
Here are the requirements:
START OF REQUIREMENTS
* If directories "uploads/videos/id_verifications/$user" do not exist then they must be created. Else, not.
NOTE: Only the script must be able to create these directories and write to them (add files, delete files, copy files there, copy files from there, etc.) and no external domain must have these privileges. No other scripts must be executable from these directories.
* If File already exists then should echo error. Else, not.
Should check with php function: file-exists().
https://www.php.net/manual/en/function.file-exists.php
* Uploaded File should only be video files (.wav, .mp4, etc.). Should echo error if File Types are otherwise.
* Script should check whether the file upload was successful or not.
Should check with php function: is_uploaded_file().
http://php.net/manual/en/function.is-uploaded-file.php
To detect File Details, should use php functions:
* file_info() & mime_content_type():
https://www.php.net/manual/en/function.finfo-file.php
https://www.php.net/manual/en/function.mime-content-type.php
* Uploaded File should not be more than 100MB. Should echo error if File Sizes are otherwise.
Should check with php function: file_size():
https://www.php.net/manual/en/function.filesize.php
* Temporary File should be created at first and then moved to the following permanent directory: uploads/videos/id_verifications/$user.
Moving of directory should be done using php function: move_uploaded_file
https://www.php.net/manual/en/function.move-uploaded-file.php
* Uploading File Name should be renamed to: $user_id_verification
File Renaming should be done using php function: rename():
https://www.php.net/manual/en/function.rename.php
So, if file name is "my_id.mp4" and User's username is "tommy_boy" then File Name should be renamed to: "tommy_boy_id_verification.mp4".
If file name is "my_id.wav" and User's username is "tony_boy" then File Name should be renamed to: "tony_boy_id_verification.wav".
(NOTE: On the above 2 example lines, the File extensions are different).
* User must get notified that, file has been uploaded successfully. If uploading fails then user must get echoed error.
* All Errors should be echoed using traditional: $Errors[] = "Error message goes here";
* Php code must be in procedural style as I do not know OOP.
* You must include understandable comments on your codes so I can understand them and have no questions.
END OF REQUIREMENTS
Q1. Are there anything else, in terms of security, that I should have as "Requirements" ?
I am trying to build a file upload script with php but struggling. Need your urgent assistance.
Here are the requirements:
START OF REQUIREMENTS
* If directories "uploads/videos/id_verifications/$user" do not exist then they must be created. Else, not.
NOTE: Only the script must be able to create these directories and write to them (add files, delete files, copy files there, copy files from there, etc.) and no external domain must have these privileges. No other scripts must be executable from these directories.
* If File already exists then should echo error. Else, not.
Should check with php function: file-exists().
https://www.php.net/manual/en/function.file-exists.php
* Uploaded File should only be video files (.wav, .mp4, etc.). Should echo error if File Types are otherwise.
* Script should check whether the file upload was successful or not.
Should check with php function: is_uploaded_file().
http://php.net/manual/en/function.is-uploaded-file.php
To detect File Details, should use php functions:
* file_info() & mime_content_type():
https://www.php.net/manual/en/function.finfo-file.php
https://www.php.net/manual/en/function.mime-content-type.php
* Uploaded File should not be more than 100MB. Should echo error if File Sizes are otherwise.
Should check with php function: file_size():
https://www.php.net/manual/en/function.filesize.php
* Temporary File should be created at first and then moved to the following permanent directory: uploads/videos/id_verifications/$user.
Moving of directory should be done using php function: move_uploaded_file
https://www.php.net/manual/en/function.move-uploaded-file.php
* Uploading File Name should be renamed to: $user_id_verification
File Renaming should be done using php function: rename():
https://www.php.net/manual/en/function.rename.php
So, if file name is "my_id.mp4" and User's username is "tommy_boy" then File Name should be renamed to: "tommy_boy_id_verification.mp4".
If file name is "my_id.wav" and User's username is "tony_boy" then File Name should be renamed to: "tony_boy_id_verification.wav".
(NOTE: On the above 2 example lines, the File extensions are different).
* User must get notified that, file has been uploaded successfully. If uploading fails then user must get echoed error.
* All Errors should be echoed using traditional: $Errors[] = "Error message goes here";
* Php code must be in procedural style as I do not know OOP.
* You must include understandable comments on your codes so I can understand them and have no questions.
END OF REQUIREMENTS
Q1. Are there anything else, in terms of security, that I should have as "Requirements" ?