Prevent Upload If File is 0kb?

bbeban

Hi,

Just wondering if anyone out there can tell me how to disallow upload if file size is 0kb? I am using Pure PHP Upload with Dreamweaver MX 2004, and it's going great except that the sucker will let you upload an empty file. I figure I can add in a line or 3 to make this not happen. Anybody got any suggestions?

Many thanks,

Bob

Merve

[man]filesize[/man]

bbeban

Hi, thanks for replying; but, I am a total newbie -- can you say more? What code would i use to check the filesize and kick in an error if it was 0?

Thanks in advance for a little more input --

Merve

if(!filesize(<insert file here>)>0) {
     unlink(<insert file here>);
}

bbeban

This didn't do anything:

<?php
if(!filesize($HTTP_POST_VARS['file'])>0) {
unlink($HTTP_POST_VARS['file']);
}
?>

Did I do something wrong here?

weevil

Post the code that you have that uploads the file

Merve

Don't use the $HTTP_POST_VARS array. Use the $_FILES array.

leatherback

Hi,

The $_FILES variable is an array which should also hold the filesize:

$limit_size = 0;
$file_size = $_FILES[file][size];

if ($limit_size >= $file_size)
 {
 $endresult = "File was too small";
 }
 else
   {
   move_uploaded_file($file_name, $newfile)
   $endresult = "Thankyou for uploading";
   }

bbeban

Hi All,

I am using Pure PHP Upload 2.0 for this and it doesn't work with $FILES, only $HTTP_POST_VARS.

It sounds like the best way to go is to add in this code to check the $_FILES variable separately from the Pure PHP Upload code. Here are two of the components of the code right now, including the portion that is not working (I will paste the third part in another post):

-----1st part: php code from the page-----

<?php require_once('ScriptLibrary/incPureUpload.php'); ?>
<?php
// Pure PHP Upload 2.0.0
if (isset($HTTP_GET_VARS['GP_upload'])) {
$ppu_thepath = "Resources/images";
$ppu_extensions = "GIF,JPG,JPEG";
$ppu_formName = "form1";
$ppu_redirectURL = "";
$ppu_storeType = "path";
$ppu_sizeLimit = "";
$ppu_nameConflict = "error";
$ppu_requireUpload = "true";
$ppu_minWidth = "";
$ppu_minHeight = "";
$ppu_maxWidth = "165";
$ppu_maxHeight = "165";
$ppu_saveWidth = "";
$ppu_saveHeight = "";
$ppu_timeout = "600";
$ppu_progressBar = "";
$ppu_progressWidth = "300";
$ppu_progressHeight = "100";
ppu_checkVersion(2.0);
ppu_upload($ppu_thepath,$ppu_extensions,$ppu_redirectURL,$ppu_storeType,$ppu_sizeLimit,$ppu_nameConflict,$ppu_minWidth,$ppu_minHeight,$ppu_maxWidth,$ppu_maxHeight,$ppu_saveWidth,$ppu_saveHeight,$ppu_timeout);
}
$GP_uploadAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$GP_uploadAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'] . "GP_upload=true";
} else {
$GP_uploadAction .= "?" . "GP_upload=true";
}
?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;

case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $SERVER['PHP_SELF'];
if (isset($SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($POST["MM_update"])) && ($POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE tablename SET photo=%s WHERE recordid=%s",
GetSQLValueString($HTTP_POST_VARS['file'], "text"),
GetSQLValueString($_POST['emprecordid'], "int"));

mysql_select_db($database_axondbset2, $axondbset2);
$Result1 = mysql_query($updateSQL, $axondbset2) or die(mysql_error());

$updateGoTo = "upload_confo.php";
if (isset($SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}

mysql_select_db($database_name, $connection_name);
$query_tablename_edit = "SELECT * FROM tablename WHERE tablename.logon = '$logon'";
$tablename_edit = mysql_query($query_tablename_edit, $connection_name) or die(mysql_error());
$row_tablename_edit = mysql_fetch_assoc($tablename_edit);
$totalRows_tablename_edit = mysql_num_rows($tablename_edit);
?>
<?php
if(!filesize($HTTP_POST_VARS['file'])>0) {
unlink($HTTP_POST_VARS['file']);
}
?>

<?php
if (isset($editFormAction)) {
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$editFormAction .= "&GP_upload=true";
} else {
$editFormAction .= "?GP_upload=true";
}
}
?>

-----2nd part: the form and surrounding HTML & PHP-----

<form action="<?php echo $editFormAction; ?>" method="post" enctype="multipart/form-data" name="form1" onSubmit="checkFileUpload(this,'',true,'','','',165,165,'','');return document.MM_returnValue">
<input type="hidden" value="<?php echo $row_tablename_edit['recordid']; ?>" name="emprecordid">
<table width="100%" border=0 cellpadding=0 cellspacing=6>
<tr>
<td width="2" class="Normal"> </td>
<td align="left" valign="top" class="pagetext">Upload New <table width="300" border="0" cellspacing="0" cellpadding="3">
<tr align="left" valign="top" class="smaller">
<td width="92"> </td>
<td width="300"><input name="file" type="file" class="smaller" id="file" onChange="checkOneFileUpload(this,'GIF,JPG,JPEG',true,'','','',165,165,'','')" size="30">
 
Current photo name: <?php echo basename($row_tablename_edit['photo']); ?> </td>
</tr>
<tr align="left" valign="top" class="smaller">
<td> </td>
<td><input name="Submit" type="submit" value="Submit"></td>
</tr>
</table> </td>
</tr>
</table>
<input type="hidden" name="MM_update" value="form1">
</form>
</div>
</body>
</html>
<?php
mysql_free_result($tablename_edit);
?>

bbeban

-----3rd part: the Pure PHP Upload script itself-----

<?php
function ppu_checkVersion($ppu_version) {
$ppu_curversion = 2.0;
if ($ppu_version < $ppu_curversion) {
ppu_error("version","");
}
}

function ppu_checkFileSize($ppu_filename,$ppu_size) {
global $ppu_sizeLimit;
if ($ppu_sizeLimit < $ppu_size) {
ppu_error("size",$ppu_filename);
}
}