Eep.. help with upload script

Tarsonis21

Ok.. this is my original code, it just dumps the file chosen into my tmp dir:

<?
if (isset($users_file)) {
echo "Remote File Name: $users_file ";
echo "Local File Name: $users_file_name ";
echo "Local File Size: $users_file_size ";
if (isset($users_file_type)) {
echo "Local File Type: $users_file_type"; }

$doc_directory = "/home/blake/public_html/";
$my_file = 'tmp/uploaded-'.$users_file_name;
$copy_path = $doc_directory.$my_file;

<? } }
else { echo "You must select a file to upload!"; ?>
<A HREF="<? echo $PHP_SELF; ?>">Back</A> to the Upload Form
<? } }

else { ?>

I want to add a restriction on certain files that are allowed to be uploaded so I tried to build upon my script.. I guess I did it incorrectly so I thought I'd show the 2nd rendition of the script:

<?
if (is_uploaded_file($userfile)) {

//include code to copy tmp file to final location here...

}else{
switch($HTTP_POST_FILES['userfile']['error']){
case 0: //no error; possible file attack!
echo "There was a problem with your upload.";
break;
case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini
echo "The file you are trying to upload is too big.";
break;
case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
echo "The file you are trying to upload is too big.";
break;
case 3: //uploaded file was only partially uploaded
echo "The file you are trying upload was only partially uploaded.";
break;
case 4: //no file was uploaded
echo "You must select an image for upload.";
break;
default: //a default error, just in case! 🙂
echo "There was a problem with your upload.";
break;
}
if(preg_match("/.exe$|.com$|.bat$|.zip$|.doc$|.txt$/i", $HTTP_POST_FILES['userfile']['name'])){
exit("You cannot upload this type of file.");
}

//if file is not rejected by the filter, continue normally
if (is_uploaded_file($userfile)) {}

if (isset($users_file)) {
echo "Remote File Name: $users_file ";
echo "Local File Name: $users_file_name ";
echo "Local File Size: $users_file_size ";
if (isset($users_file_type)) {
echo "Local File Type: $users_file_type"; }

$doc_directory = "/home/blake/public_html/";
$my_file = 'tmp/uploaded-'.$users_file_name;
$copy_path = $doc_directory.$my_file;

if ($users_file != "none") {
if(!copy($users_file, $copy_path)) {
echo "File upload failed!"; }
else { ?><a href="#" onClick="history.go(-1)">Go back</a><A HREF="<? echo $my_file; ?>">Upload Complete!</A>
<? } }
else { echo "You must select a file to upload!"; ?>
<A HREF="<? echo $PHP_SELF; ?>">Back</A> to the Upload Form
<? } }

else { ?>

I get a parse error and I'm confused as to why.. my main goal is to get a session id integrated.. I will have them login and their login creates a dir inside my tmp dir.. (e.g. Tarsonis21 logs into session to access the upload script so my folder would be 'tmp/tarsoni21/') Then after they log in there would be a global list of what files are allready in their dir. HELP!! (=

intenz

For gods sake, use:

[php]
PHP Code here
[/php]

Mordecai

Originally posted by Tarsonis21
I get a parse error and I'm confused as to why..

Umm, where? PHP should have told you what line the error was caught on.

Like the above post says, use [php] and [/php] tags to encase your code. This will show you a color-coded version, which will probably show you where the error is.

intenz

I found the error.
Add a "}" to the bottom, then this will work.

Tarsonis21

<? 
if (is_uploaded_file($userfile)) { 


}else{ 
switch($HTTP_POST_FILES['userfile']['error']){ 
case 0: //no error; possible file attack! 
echo "There was a problem with your upload."; 
break; 
case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini 
echo "The file you are trying to upload is too big."; 
break; 
case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form 
echo "The file you are trying to upload is too big."; 
break; 
case 3: //uploaded file was only partially uploaded 
echo "The file you are trying upload was only partially uploaded."; 
break; 
case 4: //no file was uploaded 
echo "You must select an image for upload."; 
break; 
default: //a default error, just in case!  

echo "There was a problem with your upload."; 
break; 
} 
if(preg_match("/.exe$|.com$|.bat$|.zip$|.doc$|.txt$/i", $HTTP_POST_FILES['userfile']['name'])){ 
exit("You cannot upload this type of file."); 
} 

//if file is not rejected by the filter, continue normally 
if (is_uploaded_file($users_file)) {} 

if (isset($users_file)) { 
echo "<B>Remote File Name:</B> $users_file<BR>"; 
echo "<B>Local File Name:</B> $users_file_name<BR>"; 
echo "<B>Local File Size:</B> $users_file_size<BR>"; 
if (isset($users_file_type)) { 
echo "<B>Local File Type:</B> $users_file_type<P>"; } 

$doc_directory = "/home/blake/public_html/"; 
$my_file = 'tmp/uploaded-'.$users_file_name; 
$copy_path = $doc_directory.$my_file; 

if ($users_file != "none") { 
if(!copy($users_file, $copy_path)) { 
echo "File upload failed!"; } 
else { ?><a href="#" onClick="history.go(-1)">Go back</a><p><A HREF="<? echo $my_file; ?>">Upload Complete!</A> 
<? } } 
else { echo "<P>You must select a file to upload!<P>"; ?> 
<A HREF="<? echo $PHP_SELF; ?>"><B>Back</B></A> to the Upload Form 
<? } } 

else { }?>
<form action="<? echo $PHP_SELF; ?>"
 enctype="multipart/form-data" method="POST">
  <input type="hidden" name="MAX_FILE_SIZE" value="20000" />
<input type="file" name="users_file" /><br />
<input type="submit" value="Upload!" />
</form><? } ?>

Ok.. Its still not working correctly.. It still lets you upload whichever file you wish and I'm confused as to why to tell you the truth.