Stopping hUGE uploads in their tracks.

Fritz

I am checking for file size (50k limit) when folks upload BUT...

<?php
if($_FILES['photo']['size'] > (1024*50))
?>

BUT it seems to me that PHP uploads the entire file to the temp directory and THEN checks for the size..

Someone could bog our server by uploading a 10 meg file (that would ultimately be rejected) ...

is there a way to check for file size BEFORE or during the upload of the temp file?

jc94062

A default PHP install sets max upload size to 2mb I think, so I'm fairly sure anything other 2mb won't be uploaded in any shape of form, you could change that to something smaller.

I think attempting uploads of 10mb or so takes a while because PHP will take longer to check the size or larger files.

Fritz

Sadly this seems a universal setting and I have it jacked up to 8meg... for imports (phpmyadmin)

Surely there must be a way to 'read' from the users directory to see what is coming?

Fritz

Originally posted by Fritz
I am checking for file size (50k limit) when folks upload BUT...
<?php
if($_FILES['photo']['size'] > (1024*50))
?>
BUT it seems to me that PHP uploads the entire file to the temp directory and THEN checks for the size..

Someone could bog our server by uploading a 10 meg file (that would ultimately be rejected) ...

is there a way to check for file size BEFORE or during the upload of the temp file? [/B]

jc94062

You can use php.ini files (uploaded to directories) to overwrite the default PHP settings, just in that directory I believe...

Depends on your PHP settings if they are allowed \ work though...

Surely there must be a way to 'read' from the users directory to see what is coming?

Something like C++ could probably do this, but I don't think PHP has those kind of permissions.

If you are worried about people doing that I'd set the script up so that if people are caught doing that their IP gets banned for a day or so... it'd at least slow down trouble makers.