Server Max File Size Upload ?

mat21

Hi,

I have created a script but need some help on a particular problem.

I have an upload script that works as it should. The problem i got is if i upload a file larger than what the server allows it just seems to refresh the upload.php page with no errors.

I will be sharing the script so it will be used on different servers. I am after something that will check the max file size the server allows and check it against the file size, and if file size is greater than max file size set by server to display an error.

Can someone tell me a simple way of checking this that will work will with all or majority of servers?

I guess the matter is confused more as not sure what the file size should be checked against as i understand PHP has POST_MAX_SIZE and UPLOAD_MAX_SIZE .

Also whilst i'm asking this question can someone tell me if php can read a file using is_readable() does that mean because a file is readable by php it can also be deleted by php or no?

Any help much appreciated.

Thanks
Mat

dagon

have you looked at the error value in the $_FILES array?

mat21

dagon;10961202 wrote:
have you looked at the error value in the $_FILES array?

Hi,

I added PHP file error and combined it with a switch statement to give out a more understandable error depending on error code.

It works now and gives out error if file size is larger than upload_max_filesize.

Can i ask to clear things up. Is it upload_max_filesize that won't allow a person to upload anything more than xx that is set in the php.ini or post_max_filesize ?

I just seem to be confused on which of the two above actually stops a file from being uploaded if more than xx mb.

Thanks
Mat

dagon

both, if your using post you will not be able to upload a file over which ever is the minimum.

for what its worth ...

	if($_FILES['userfile']['error'] != 0){

						switch($_FILES['userfile']['error']){
							case 1:
								$f_e= 'The file is to big.'; // php installation max file size error
							break;
							case 2:
								$f_e= 'The file is to big.'; // form max file size error
							break;
							case 3:
								$f_e= 'Only part of the file was uploaded.';
							break;
							case 4:
								$f_e= 'No file was uploaded.';
							break;
							case 6:
								$f_e= "Missing a temporary folder.";
							break;
							case 7:
								$f_e= "Failed to write file to disk.";
							break;
							case 8:
								$f_e= "File upload stopped by extension.";
							break;
							default:
								$f_e= "Unknown file upload error.";
						}

mat21

Thanks 🙂

I already have that switch statement. So basically a file cannot be uploaded whichever is the minimum, now i understand that things are more clear.

I do find it strange thou, on my local in php.ini i have set upload_max_filesize to 2MB and post_max_size is set to 8MB, if i for example try and upload a file let say 100MB i get no error which i am finding really strange as if i for example try and upload a 7MB file it practically instantly gives me an error telling me that the file exceeds the upload_max_filesize.

Is there any possible reason on why if the file is too large that it won't even give an error althou the error checking works on small files that are not to big but still larger than the max file size set in php.ini? when i try and upload a large file like 100MB it seems to just refresh the upload.php page and displays no error.

Thanks
Mat

dagon

may be timing out, a php script will only run 30 seconds before timing out by default.

mat21

dagon;10961209 wrote:
may be timing out, a php script will only run 30 seconds before timing out by default.

mmm, for some reason even on a big file upload it does not take long for the script to just sort of refresh the webpage and display no errors, it seems to freeze for about 5 seconds then refresh the webpage. I upped the max_execution_time, max_input_time and memory_limit in the php.ini beyond what i need to test and still no errors.

It even seems to not bother checking whether the file name is valid or not, as i have a regex pattern checking file names. Although as i say it works if the file is not to large.

😕

Thanks
Mat

mat21

Hi,

Anyone know of any other possible suggestions?

Thanks,
Mat

dagon

can you provide the page url?

mat21

dagon;10961234 wrote:
can you provide the page url?

Hi i don't have it online, it is on local computer as i am still developing the script. I have posted the script below, note the script is dependant on other files, but hopefully you may find something wrong by looking at the without the other files.

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

# start session
session_start();

# include functions.php file
require_once("../inc/functions.php");

# maagic quotes function; if on strip slashes
magic_quotes_check();

# check if admin is logged in
admin_check();

# include db file
require_once("../inc/db.php");

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Download Manager - Admin File Upload</title>
<style type="text/css"><?php require_once("admin-css.css"); ?></style>

</head>

<body>
<?php

# include db file
require_once("../inc/db.php");

# include functions.php file
require_once("../inc/functions.php");

# check if form has been submitted
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

if (isset($_FILES['upload'])) {

    # connect to database
    sql_con();

    # uploads directory
    $upload_directory = '../files/';

    # get data from form
    $filedescription = mysql_escape_string(strip_tags(trim(htmlentities($_POST['filedescription'], ENT_QUOTES))));
    # Store file name/extension and file size in variables for later use
    $file_name = mysql_real_escape_string($_FILES['upload']['name']);
    $file_size = mysql_real_escape_string($_FILES['upload']['size']);
    # generate time
    $date_time = time();
    # ...
    $error = "";

    # validate form input
    if (strlen($_POST['filedescription']) <= 0) {
        $error .= 'File description required <br />';
    }

    if($_FILES['upload']['name'] == ""){
        $error .= 'Please select a file to upload <br />';
    }
    if ($_FILES['upload']['name'] == file_exists("$upload_directory" . $_FILES['upload']['name'])) {
        $error .= "<b><i>" . $_FILES['upload']['name'] . "</i></b> already exists. Please give the file a unique name <br />";
    }

if ($_FILES['upload']['name'] != "" && !preg_match('/^([a-zA-Z0-9_-])*.([a-zA-Z0-9]){3,100}$/i', $_FILES['upload']['name'])) {
        $error .= 
        'File name is invalid; alphanumeric and <b>_ -</b> characters only.
        Must be between <b>3</b> and <b>100</b> characters.
        Please make the file name a valid format and try again<br />';
}

    # check form input for errors
    if ($error) {
        $SiteErrorMessages = $error;
    } else {
        # no errors found so continue ...
        if($_FILES['upload']['error'] != 0){
            # check file upload errors function
            # check files error and displays message relevant to file error code
            file_upload_error_message();
            # display file upload error(s)
            $SiteErrorMessages = file_upload_error_message($_FILES['upload']['error']);
        # else no file errors found so continue ...
        } else {
        # move file to selected path and check
        if (move_uploaded_file($_FILES['upload']['tmp_name'], $upload_directory . $_FILES['upload']['name'])) {

            # CHMOD file
            $chmod = @chmod( $upload_directory . $_FILES['upload']['name'], 0644);

            # insert data into database if file moved succesfully else display an error message
            $query = mysql_query("INSERT INTO databasemanager
                     (file_name, file_description, date_added, file_size )
                     VALUES ('$file_name', '$filedescription', '$date_time', '$file_size')")or die(mysql_error());

            # close database connection
            mysql_close();

            # query must be ok so continue ...
            $SiteSuccessMessages = 
            "<b>File Uploaded Successfully</b> <br /><br />
            <b>File Uploaded:</b> " . $_FILES["upload"]["name"] . "<br />
            <b>Temp File Name:</b> " . $_FILES["upload"]["tmp_name"] . "<br />
            <b>Uploaded to:</b> $upload_directory <br />
            <b>File Type:</b> " . $_FILES["upload"]["type"] . "<br />
            <b>File Size:</b> " . ($_FILES["upload"]["size"] / 1024) . " Kb <br />";
            # Redirect after xx seconds
            header("refresh: 8; url=" . $_SERVER['PHP_SELF'] . "");
        } else {
            $SiteErrorMessages =
            'Unable to move uploaded file to the <b>files</b> directory; please try again. <br />
            If you receive this error message again; check that the <b>files</b> folder can be written to.';
        }
        }
    }
}
}
?>

<form method="post" action="<?php $_SERVER['PHP_SELF'] ?>" enctype="multipart/form-data">

<table width="100%" cellspacing="0" cellpadding="3" border="0" bgcolor="#2360A1">
   <tr>
        <td class="td_title">ADMIN UPLOAD</td>
   </tr>
</table>

<table width="100%" cellspacing="0" cellpadding="3" border="0">
    <tr bgcolor="#F3F3F3">
        <td class="td_title_admin_navigation" align="center">
            <?php
            # Admin Menu
            AdminSiteMenu();
            ?>
        </td>
    </tr>
    <tr>
        <td valign="top">

        <table width="100%" cellspacing="1" cellpadding="3" border="0" bgcolor="#F3F3F3">
            <tr class="tr_title">
                <td>File Description</td>
                <td>Select File</td>
            </tr>
            <tr>
                    <td bgcolor="#FFFFFF" colspan="7">

                    </td>
            </tr>
            <tr class="tr_display_result">
                <td>
                <input type="text" name="filedescription" value="<?php if (isset($filedescription)) { echo $filedescription; } ?>" />
                </td>
                <td><input type="file" name="upload" /></td>
                <td><input type="submit" name="submit" value="Upload File" /></td>
            </tr>
        </table>
            </td>
        </tr>
</table>
</form>
<?php
# if errors found display message/errors
if(isset($SiteErrorMessages)){
    SiteErrorMessages();
}
# if file uploaded successfuly display success message
if(isset($SiteSuccessMessages)){
    SiteSuccessMessages();
}

# Warn user the max filesize
$max_upload = (int)(ini_get('upload_max_filesize'));
$max_post = (int)(ini_get('post_max_size'));
$memory_limit = (int)(ini_get('memory_limit'));
$upload_mb = min($max_upload, $max_post, $memory_limit);

if ($upload_mb && $upload_mb != 0){
    $SiteInfoMessages =
    "<b>Note:</b> <br />
    We have detected that <b>your</b> web host does not allow you to upload any file
    greater than <b>$upload_mb</b> Mb.
    If you try and upload a file larger than <b>$upload_mb</b> Mb;
    the upload will fail.

<!-- <b>Here is some more technical data about your upload restrictions set by your web host:</b> <br />
Max Upload: <b>$max_upload</b> Mb <br />
Max Post Upload: <b>$max_post</b> Mb <br />
Memory Limit: <b>$memory_limit</b> Mb <br /> -->
";
SiteInfoMessages();
} else {
    $SiteInfoMessages =
    "<b>Note:</b> <br />
    We cannot detect the maximum file size your host allows you to upload. <br />
    If you try uploading a file larger than the maximum file size your host has set,
    your file upload will fail.";
    SiteInfoMessages();
}
?>
</body>
</html>

Thanks
Mate

mat21

Hi,

Hope it's ok to bump

Sorry if it is not allowed.

Thanks
Mat

mat21

Hi, Still need help on this.

Thanks
Mat