file upload, limit file size and file type

moon0129

I have created a script that allows a user to upload three files and various information about each image. The images gets renamed to a three digited number along with a dash and either a 1, 2 or 3 depending on which file upload it is. I also save a text file with the information for each image in it. What I can't get to work is limiting the file size to 600K and only allowing jpg or gif's to be uploaded. I have tried forever with no luck. MAX_FILE_SIZE didn't seem to work on my form. please help!!!

<?
//gathers form data
session_start();

$fullName		= $_POST['fullName'];
$phone			= $_POST['phone'];
$email			= $_POST['email'];
$level			= $_POST['level'];
$aclass			= $_POST['aclass'];
$sname1			= $_POST['sname1'];
$syear1			= $_POST['syear1'];
$ssoftware1		= $_POST['ssoftware1'];
$sdescrip1		= $_POST['sdescrip1'];
$sinteract1		= $_POST['sinteract1'];
$sname2			= $_POST['sname2'];
$syear2			= $_POST['syear2'];
$ssoftware2		= $_POST['ssoftware2'];
$sdescrip2		= $_POST['sdescrip2'];
$sinteract2		= $_POST['sinteract2'];
$sname3			= $_POST['sname3'];
$syear3			= $_POST['syear3'];
$ssoftware3		= $_POST['ssoftware3'];
$sdescrip3		= $_POST['sdescrip3'];
$sinteract3		= $_POST['sinteract3'];

$mN	= 0;

//makes sure required files are filled in
if ($fullName == "") {
$emptyfields = "yes";
$emptyfullName = "yes";
}
if ($phone == "") {
$emptyfields = "yes";
$emptyphone = "yes";
}
if ($email == "") {
$emptyfields = "yes";
$emptyemail = "yes";
}
if ($level == "...") {
$emptyfields = "yes";
$emptylevel = "yes";
}
if ($emptyfields == "yes") {
print "There are empty fields! Please use the back button on your browser and fill in the following fields:<br>";
if ($emptyfullName == "yes") {
print "Full Name";
}
if ($emptyphone == "yes") {
print ", Phone";
}
if ($emptyemail == "yes") {
print ", Email";
}
if ($emptylevel == "yes") {
print ", Student Type";
}
exit;
}

//gets number to use as CallName from text file

$filenameNum = "number.txt";

$fp 		= fopen( $filenameNum,"r"); 
$NumName1	= fread($fp, 80000); 
fclose( $fp );

//increases number in text file by one

$Increase = $NumName1 +1;
$NumName = $NumName1;

$fp = fopen($filenameNum, "w") or die("Couldn't open file"); 
$numBytes = fwrite($fp, $Increase); 
fclose($fp);

foreach ($FILES['files'] as $v1){
$fileSize = $FILES['files']['size'][$mN];
if ($fileSize > 524288){
$fileName = $fileSize = $_FILES['files']['name'][$mN];
print "$fileName is to large!";
} else {
print "files are great!";
}
}

$path_to_file = 'uploads/';
$files = $HTTP_POST_FILES['files'];

if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
foreach ($files['name'] as $key=>$name) {
if ($files['size'][$key]) {
// removes spaces in file name
$name = str_replace(" ", "", str_replace("%20", "", strtolower($name)));

		$file1 = "$name";
		list ($tmpname, $ext) = explode(".",$file1);
		$fnum = $mN +1;

		// generates 3 digit number for begining of filename
		$length = strlen($NumName);
		if ($length == 1) {
			$NumName = "00$NumName";
		} elseif ($length == 2){
			$NumName = "0$NumName";
		} else {
			$NumName = $NumName;
			}
			//creates tmp file that will measure if form in completed
			$_SESSION["filename0"] = "tmp/__$NumName.txt";
			$fp = fopen("tmp/__$NumName.txt", "a+") or die("Couldn't create new file");
			fclose($fp);
		$name = "$NumName-$fnum.$ext";
		// moves files to new location
		$location = $path_to_file.$name; 
		while (file_exists($location)) 
			$location .= ".copy"; 
			copy($files['tmp_name'][$key],$location); 
			unlink($files['tmp_name'][$key]); 


			//reports file info to temporary text files
			$fp = fopen("tmp/$NumName.txt", "a+") or die("Couldn't create new file");
			$listOld	= fread($fp, 80000); 
			fclose($fp); 

			$Today 		= date("m.d.y, g:i a");
			$a			= $_FILES['files']['name'][$mN];
			$b			= $_FILES['files']['size'][$mN];


			$listNew	= "$listOld$name | $a | $b | $Today | $fullName($email)\r"; 

			$fp = fopen("tmp/$NumName.txt", "w") or die("Couldn't create new file");
			fwrite($fp, $listNew, 800000);
			fclose($fp); 

			//recordes information to a view files list
			$fp 		= fopen("fileList.txt","r") or die("Couldn't open file: fileList.txt"); 
			$entryOld	= fread($fp, 80000); 
			fclose($fp); 

			$entryNew = "$entryOld$NumName-$fnum\n";

			$fp = fopen("fileList.txt", "w") or die("Couldn't create new file");
			fwrite($fp, $entryNew, 800000);
			fclose($fp); 


			//makes an array so files can be compied from tmp to permenant directory
			$Ifilename 	= "$NumName-$fnum";
			if ($fnum == 1) {
				$curentry = "NumName=$NumName-$fnum&name=$name&fullName=$fullName&phone=$phone&email=$email&level=$level&aclass=$aclass&sname=$sname1&syear=$syear1&sdescrip=$sdescrip1";
				$dataArray[name][$Ifilename][entry] = $curentry;
			} elseif ($fnum == 2) {
				$curentry = "NumName=$NumName-$fnum&name=$name&fullName=$fullName&phone=$phone&email=$email&level=$level&aclass=$aclass&sname=$sname2&syear=$syear2&sdescrip=$sdescrip2";
				$dataArray[name][$Ifilename][entry] = $curentry;
			} else {
				$curentry = "NumName=$NumName-$fnum&name=$name&fullName=$fullName&phone=$phone&email=$email&level=$level&aclass=$aclass&sname=$sname3&syear=$syear3&sdescrip=$sdescrip3";
				$dataArray[name][$Ifilename][entry] = $curentry;
			}	
			++$mN;
}

}

//moves files from temporary file to list.txt
$filenameR = "list.txt";
$filenameO = "tmp/$NumName.txt";

$fp = fopen($filenameR,"r") or die("Couldn't open file: $filenameR");
$entryOld = fread($fp, 80000);
fclose( $fp );

$fp = fopen($filenameO,"r");
$entryNew = fread($fp, 80000);
fclose( $fp );

$entryFinal = "$entryOld\r$entryNew";

$fp = fopen( $filenameR,"w");
if(!$fp) die("cannot write $filenameR ......&");
fwrite($fp, $entryFinal, 800000);
fclose( $fp );

//save file info from array to text file

foreach($dataArray['name'] as $key=>$v1){
foreach($v1 as $v2){
$fp = fopen("uploads/info/$key.txt", "w") or die("Couldn't create new file");
fwrite($fp, $v2, 800000);
fclose($fp);
}
}

//delets tmp file
unlink("$filenameO");

//formats email
$SESSION["files1"] = $files[name][0];
$SESSION["files2"] = $files[name][1];
$_SESSION["files3"] = $files[name][2];

$Data 		= "Submission #: $NumName \r---------------------- \rName: $fullName \rPhone: $phone \nEmail: $email \r\rSubmission 1:\r---------------------- \rTitle: $sname1\rYear: $syear1 \rDescription: $sdescrip1 \rFilename: $files1 \r\rSubmission 2:\r---------------------- \rTitle: $sname2\rYear: $syear2 \rDescription: $sdescrip2 \rFilename: $files2 \r\rSubmission 3:\r---------------------- \rTitle: $sname3\rYear: $syear3 \rDescription: $sdescrip3 \rFilename: $files3 \r";

//send email

mail("moon0129@d.umn.edu", "Online Exhibition Submission", "$Data");

$_SESSION["NumName"]		=  	$NumName;
$_SESSION["fullName"]		=  	$fullName;
$_SESSION["phone"]			=	$phone;
$_SESSION["email"]			=	$email;
$_SESSION["level"]			=	$level;
$_SESSION["aclass"]			=	$aclass;
$_SESSION["sname1"]			=	$sname1;
$_SESSION["syear1"]			=	$syear1;
$_SESSION["ssoftware1"]		=	$ssoftware1;
$_SESSION["sdescrip1"]		=	$sdescrip1;
$_SESSION["sinteract1"]		=	$sinteract1;
$_SESSION["sname2"]			=	$sname2;
$_SESSION["syear2"]			=	$syear2;
$_SESSION["ssoftware2"]		=	$ssoftware2;
$_SESSION["sdescrip2"]		=	$sdescrip2;
$_SESSION["sinteract2"]		=	$sinteract2;

$_SESSION["sname3"]			=	$sname3;
$_SESSION["syear3"]			=	$syear3;
$_SESSION["ssoftware3"]		=	$ssoftware3;
$_SESSION["sdescrip3"]		=	$sdescrip3;
$_SESSION["sinteract3"]		=	$sinteract3;



$relative_url = "confirm.php";

header("Location: [url]http://[/url]".$_SERVER['HTTP_HOST']
                  .dirname($_SERVER['PHP_SELF'])
                  ."/".$relative_url);

dalecosp

Here's what I have done. The file coming from the form is $FILES['picfile']:

    if ($_FILES['picfile']['name']) {
        $ext=substr($_FILES['picfile']['name'], -3);
        if ($ext != "jpg" && $ext !="gif" ) {
           echo "<br><br>The picture file you attempted to upload does not";
           echo " appear to be a valid or supported file type.<br><br>";
           exit();
           }

HTH,

Truti

You can set the max size in php.ini too

Default:
"post_max_size = 8M"