Hey all,
As of now, I allow users at my website to upload files of any size to my server for download later on. However, there are two problems with it that I can think of:
I need to convert spaces (" ") into underscores ("_")
I need to only allow the following files: pdf, doc, rtf, jpg, gif, png, ppt, xls, psd, txt, tiff, & ico.
Here is the code I have so far:
<?php
if($code==1) //upload file
{
$form_data_name = $_FILES['userfile']['name'];
$form_data_size = $_FILES['userfile']['size'];
$form_description = $_POST['file_description'];
//if file name greater than 25 characters, redirect and give err code 3
if(strlen($form_data_name)>25)
{
header('Location: upload_add.php?code=3&f='.$fileid);
exit;
}
//if file already exists in slot, delete old and upload new file
$ress=mysql_query("SELECT * FROM upload WHERE u_username='".$_SESSION['username']."'"); //fetch upload information
$row=mysql_fetch_array($ress);
$old_file_name=$row["u_file".$fileid."_name"];
if($old_file_name)
{
unlink("../../_user_upload/".$_SESSION['username']."/".$old_file_name);
}
//check if user-specific directory exists, if not, make directory
if(!file_exists($path_prefix."_user_upload/".$_SESSION['username']."/"))
{
mkdir($path_prefix."_user_upload/".$_SESSION['username']);
}
//now that file is not malicious and has passed all tests, move it from tmp to upload directory
$targetdir = $path_prefix."_user_upload/".$_SESSION['username']."/";
move_uploaded_file($_FILES['userfile']['tmp_name'], $targetdir.$form_data_name);
$query = "UPDATE upload
SET u_file".$fileid."_name = '".$form_data_name."',
u_file".$fileid."_desc = '".$form_description."',
u_file".$fileid."_date = '".date("m.d.Y")."'
WHERE
u_username = '".$_SESSION['username']."'";
mysql_query($query) or die(mysql_error());
}
?>
What do I do to add those two features that I want?
Thanks in advance!
-influx
