All Coders!! come to my rescue

Gladiator2043

I have the following PHP file upload script that works perfect. But I want to make sure that the user only :

1). uploads images
2). have 5 simultaneous uploads (all 500 k and under)
3). file names uploaded could be renamed so that every image uploaded is unique and does not overright others. for example it could be tied to the userid or something.

Pleassssssssssssse help me because im getting a big headache.

<?php

$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "upload_files/";
$upload_url = $url_dir."/upload_files/";
$message ="";

//create upload_files directory if not exist
//If it does not work, create on your own and change permission.
if (!is_dir("upload_files")) {
	die ("upload_files directory doesn't exist");
}

if ($_FILES['userfile']) {
	$message = do_upload($upload_dir, $upload_url);
}
else {
	$message = "Invalid File Specified.";
}

print $message;

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name']; 
$file_type = $_FILES['userfile']['type']; 
$file_size = $_FILES['userfile']['size']; 
$result    = $_FILES['userfile']['error'];
$file_url  = $upload_url.$file_name;
$file_path = $upload_dir.$file_name;

//File Name Check
if ( $file_name =="") { 
	$message = "Invalid File Name Specified";
	return $message;
}
//File Size Check
else if ( $file_size > 500000) {
    $message = "The file size is over 500K.";
    return $message;
}
//File Type Check
else if ( $file_type == "text/plain" ) {
    $message = "Sorry, You cannot upload any script file" ;
    return $message;
}

$result  =  move_uploaded_file($temp_name, $file_path);
$message = ($result)?"File url <a href=$file_url>$file_url</a>" :
	      "Somthing is wrong with uploading a file.";

return $message;
}
?>

macca_25

Hi,

1) You need to check if your file extensions are what you want to allow. eg:

$ext = $HTTP_POST_FILES["img_file"]['type'];

if (strstr($ext,"jpeg")){
$ext=".jpg";
} else if (strstr($ext,"gif")){
$ext=".gif";
} else {
echo "ERROR: That type of file is not allowed. Only <b>jpeg</b> & <b>gif</b>are allowed.";
exit;
}

2) Check out filesize()

3) You could do something like this (assign a unique id at the start of the file name):

$name = $HTTP_POST_FILES["img_file"]['name'];

if (!is_uploaded_file ($tmp))
continue;

if (!@move_uploaded_file($tmp, $UPLOAD_PATH . "/" . $unique_id . "_" . $name))

Weedpacket

Originally posted by macca_25
Hi,

1) You need to check if your file extensions are what you want to allow. eg:

That's not actually good enough: I could stick any extension I like onto the file name regardless of what the file actually is. [man]getimagesize[/man] - in order to work - actually needs to look inside the file to determine its type and its dimensions; so as a bonus you can use it to identify image files as such also.