Other Software > Developer's Corner
File Upload With Php
The Code Queryer:
Php Programmers,
I am trying to build a file upload script with php but struggling. Need your urgent assistance.
Here are the requirements:
START OF REQUIREMENTS
* If directories "uploads/videos/id_verifications/$user" do not exist then they must be created. Else, not.
NOTE: Only the script must be able to create these directories and write to them (add files, delete files, copy files there, copy files from there, etc.) and no external domain must have these privileges. No other scripts must be executable from these directories.
* If File already exists then should echo error. Else, not.
Should check with php function: file-exists().
https://www.php.net/manual/en/function.file-exists.php
* Uploaded File should only be video files (.wav, .mp4, etc.). Should echo error if File Types are otherwise.
* Script should check whether the file upload was successful or not.
Should check with php function: is_uploaded_file().
http://php.net/manual/en/function.is-uploaded-file.php
To detect File Details, should use php functions:
* file_info() & mime_content_type():
https://www.php.net/manual/en/function.finfo-file.php
https://www.php.net/manual/en/function.mime-content-type.php
* Uploaded File should not be more than 100MB. Should echo error if File Sizes are otherwise.
Should check with php function: file_size():
https://www.php.net/manual/en/function.filesize.php
* Temporary File should be created at first and then moved to the following permanent directory: uploads/videos/id_verifications/$user.
Moving of directory should be done using php function: move_uploaded_file
https://www.php.net/manual/en/function.move-uploaded-file.php
* Uploading File Name should be renamed to: $user_id_verification
File Renaming should be done using php function: rename():
https://www.php.net/manual/en/function.rename.php
So, if file name is "my_id.mp4" and User's username is "tommy_boy" then File Name should be renamed to: "tommy_boy_id_verification.mp4".
If file name is "my_id.wav" and User's username is "tony_boy" then File Name should be renamed to: "tony_boy_id_verification.wav".
(NOTE: On the above 2 example lines, the File extensions are different).
* User must get notified that, file has been uploaded successfully. If uploading fails then user must get echoed error.
* All Errors should be echoed using traditional: $Errors[] = "Error message goes here";
* Php code must be in procedural style as I do not know OOP.
* You must include understandable comments on your codes so I can understand them and have no questions.
END OF REQUIREMENTS
Q1. Are there anything else, in terms of security, that I should have as "Requirements" ?
The Code Queryer:
Php folks,
Here is my attempt to build a php uploading script using my REQUIREMENTS mentioned above in my original post.
I have yet to do the file renaming.
Notice the comments in CAPITALS.
Also notice that, I have commented-out many code lines. That is because those lines weren't working.
I'd appreciate it if you could point-out my errors in those lines so I can see my mistakes.
And, I would most appreciate it if you could show me snippets how those lines should be.
Q1. How should I have coded my mkdir() as that line is not working ? I get no error on my local host xamp. But I get error on my website:
Warning: mkdir(): Permission denied in /home/domain/public_html/upload.php on line 35.
--- ---mkdir($directory_path . $user, "$mode", TRUE); //IS THIS LINE CORRECT ?
Q2. How should I have coded my move_uploaded_file() as that line is not working. Not moving the file.
--- ---//Move uploaded File to newly created directory on the server.
//move_uploaded_file("$file_tmp", "$directory_path" . "$user" . "/" . "$file_name"); //IS THIS LINE CORRECT ?
//move_uploaded_file("$file_tmp", "$directory_path" . "$user/" . "$file_name"); //IS THIS LINE CORRECT ?
move_uploaded_file("$file_tmp", $directory_path . $user . '/' . $file_name); //IS THIS LINE CORRECT ?
Q3. Is my webform html 5 compatible/compliant ?
--- ---<form METHOD="POST" ACTION="" enctype="multipart/form-data">
<fieldset>
<p align="left"><h3><?php $site_name ?> ID Video Verification Form</h3></p>
<div class="form-group">
<p align="left"<label>Video File: </label>
<input type="file" name="id_verification_video_file" id="id_verification_video_file" value="uploaded 'Id Verification Video File.'"></p>
</div>
</fieldset>
<p align="left"><button type="submit" class="btn btn-default" name="id_verification_video_file_submit">Submit!</button></p>
</form>
Q4. Anything else I should know ?
Here is my code below.
NOTE:
The header_account.php includes more files.
The $user is defined via SESSION from one of those included files. So don't worry that I have not defined the $user here. Error reporting is ON and I am not getting any error regarding the $user.
--- ---<?php
//ERROR REPORTING CODES.
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
?>
Full Code: upload.php
--- ---<?php
//Required PHP Files.
include 'header_account.php'; //Required on all webpages of the Site.
?>
<?php
if (!$conn)
{
$error = mysqli_connect_error();
$errno = mysqli_connect_errno();
print "$errno: $error\n";
exit();
}
if($_SERVER["REQUEST_METHOD"] == "POST")
{
//Check whether the file was uploaded or not without any errors.
if(!isset($_FILES["id_verification_video_file"]) && $_FILES["id_verification_video_file"]["Error"] == 0)
{
$Errors = Array();
$Errors[] = "Error: " . $_FILES["id_verification_video_file"] ["ERROR"];
print_r($_FILES); ?><br><?php
print_r($_ERRORS);
exit();
}
else
{
//Feed Id Verification Video File Upload Directory path.
$directory_path = "uploads/videos/id_verifications/";
//Make Directory under $user in 'uploads/videos/id_verifications' Folder.
if(!is_dir($directory_path . $user)) //IS THIS LINE CORRECT ?
{
$mode = "0644";
mkdir($directory_path . $user, "$mode", TRUE); //IS THIS LINE CORRECT ?
}
//Grab Uploading File details.
$Errors = Array(); //SHOULD I KEEP THIS LINE OR NOT ?
$file_name = $_FILES["id_verification_video_file"]["name"];
$file_tmp = $_FILES["id_verification_video_file"]["tmp_name"];
$file_type = $_FILES["id_verification_video_file"]["type"];
$file_size = $_FILES["id_verification_video_file"]["size"];
$file_error = $_FILES['id_verification_video_file']['error'];
//Grab Uploading File Extension details.
$file_extension = pathinfo($file_name, PATHINFO_EXTENSION);
//if(file_exists("$directory_path . $user/ . $file_name")) //THIS LINE IS NOT GIVING THE ERROR THAT FILE HAS ALREADY BEEN UPLOADED. INSTEAD GIVES THE ECHO THAT IS 26 LINES BELOW HERE: "Your Video File \"$file_name\" has been uploaded successfully!"
if(file_exists($directory_path . $user . '/' . $file_name)) ////THIS LINE IS NOT GIVING THE ERROR THAT FILE HAS ALREADY BEEN UPLOADED. INSTEAD SHOWING BLANK WHITE PAGE.
{
$Errors[] = "Error: You have already uploaded a video file to verify your ID!";
exit();
}
else
{
//Feed allowed File Extensions List.
$allowed_file_extensions = array("mp4" => "video/mp4");
//Feed allowed File Size.
$max_file_size_allowed_in_bytes = 1024*1024*100; //Allowed limit: 100MB.
$max_file_size_allowed_in_kilobytes = 1024*100;
$max_file_size_allowed_in_megabytes = 100;
$max_file_size_allowed = "$max_file_size_allowed_in_bytes";
//Verify File Extension.
if(!array_key_exists($file_extension, $allowed_file_extensions)) die("Error: Select a valid video file format. Select an Mp4 file.");
//Verify MIME Type of the File.
elseif(!in_array($file_type, $allowed_file_extensions))
{
$Errors[] = "Error: There was a problem uploading your file $file_name! Make sure your file is an MP4 video file. You may try again."; //IS THIS LINE CORRECT ?
}
//Verify File Size. Allowed Max Limit: 100MB.
elseif($file_size>$max_file_size_allowed) die("Error: Your Video File Size is larger than the allowed limit of: $max_file_size_allowed_in_megabytes.");
//Move uploaded File to newly created directory on the server.
move_uploaded_file("$file_tmp", $directory_path . $user . '/' . $file_name); //IS THIS LINE CORRECT ?
//move_uploaded_file("$file_tmp", "$directory_path" . "$user" . "/" . "$file_name"); //IS THIS LINE CORRECT ?
//move_uploaded_file("$file_tmp", "$directory_path" . "$user/" . "$file_name"); //IS THIS LINE CORRECT ?
//Notify user their Id Verification Video File was uploaded successfully.
echo "Your Video File \"$file_name\" has been uploaded successfully!";
exit();
}
}
}
?> `
<form METHOD="POST" ACTION="" enctype="multipart/form-data">
<fieldset>
<p align="left"><h3><?php $site_name ?> ID Video Verification Form</h3></p>
<div class="form-group">
<p align="left"<label>Video File: </label>
<input type="file" name="id_verification_video_file" id="id_verification_video_file" value="uploaded 'Id Verification Video File.'"></p>
</div>
</fieldset>
<p align="left"><button type="submit" class="btn btn-default" name="id_verification_video_file_submit">Submit!</button></p>
</form>
</body>
</html>
<?php
include 'footer_account.php'; //Required on all webpages of the Site.
?>
NOTE 1: I have not used the finfo_file() and mine_content_type functions here. I'd like you to show me how to do them.
I'd appreciate a mini script from your end.
NOTE 2: I would appreciate it if someone modified my code according to my requirements mentioned on my original post and add it to this thread for all newbies to learn from.
NOTE 3: This forum is showing my codes funny. Hence, attached my file. Attachment will show my code correctly.
Thanks
The Code Queryer:
Mmmm. Again, here too no one knows the answer ? :'(
wraith808:
Again, check StackOverflow with your questions. You'll have a larger variety of coders and people to help you. If someone knows here, they'd be happy to help you, but we have a smaller pool and depending on timeframe they might not be able to answer.
The Code Queryer:
Again, check StackOverflow with your questions. You'll have a larger variety of coders and people to help you. If someone knows here, they'd be happy to help you, but we have a smaller pool and depending on timeframe they might not be able to answer.
-wraith808 (April 11, 2019, 08:12 AM)
--- End quote ---
Having trouble at StackOverFlow as it says I reached my questioning limit.
How-about you give it ago to answer my questions ?
Navigation
[0] Message Index
[#] Next page
Go to full version