File Uploader - php script with file validation

lineup · 10th February 2007, 08:02 AM

found this nice

File Uploader script
It is free code and written in PHP and will work at most websites / servers.

Original websource is the PHP Dedicated site http://www.phpfreaks.com/
It is one wellknown place,
to find info and some good free php scripts.

Here is the PHP Code for File Uploader:
( includes comments on options/settings )

Quote:

<?php
/**

Page: function.upload_files.php
Developer: Jeffrey M. Johns
Support: .... binary.star (at) verizon.net ....
******
Purpose: To validate against file uploads to the server.
******
Notes/Comments: This function will do a variety of activities. It will check to see if the file's
extension is accepted which is set by the user, check to make sure the file is not over the
allowable file size
******
Security: All proper measure were taken to make everything as secure as possible.
******

Code Example:
$self = $_SERVER['PHP_SELF'];
$submit = $_POST['Submit'];
$temp_file_name = trim($_FILES['upload']['tmp_name']);
$file_name = trim($_FILES['upload']['name']);
$upload_dir = "uploads/";
$upload_log_dir = "uploads/upload_logs/";
$max_file_size = 524288;
$banned_array = array("");
$ext_array = array(".jpg",".gif",".jpeg",".png",".txt",".doc"," .wps",".pdf",".zip",".bmp",".tif",".html",".htm"," .php");

if (($submit) AND ($temp_file_name)) {
print upload_files($temp_file_name,$file_name,$upload_di r,$upload_log_dir,$max_file_size,$banned_array,$ex t_array);
}

the HTML form to go with this code:
<form action="<*php print"$self";*>" method="post" enctype="multipart/form-data" name="uploader">
Upload: <input name="upload" type="file" size="50">
<input type="submit" name="Submit" value="Submit">
</form>

**/

function upload_files($temp_file_name,$file_name,$upload_di r,$upload_log_dir,$max_file_size,$banned_array,$ex t_array) {

//Get Day and Time Variables
$m = date("m"); //Get month
$d = date("d"); //Get day
$y = date("Y"); //Get year
$date = date("m/d/Y"); //Get today's date
$time = date("h:i:s A"); //Get now's time

//Get User Passed Variables
$temp_file_name = trim($temp_file_name); //Trim Temp File Name
$file_name = trim(strtolower($file_name)); //Trim File Name
$upload_dir = trim($upload_dir); //Trim Upload Directory
$upload_log_dir = trim($upload_log_dir); //Trim Upload Log Directory
$max_file_size = trim($max_file_size); //Trim Max File Size

//Figure if last character for the upload directory is a back slash
$ud_len = strlen($upload_dir); //Get upload log directory size
$last_slash = substr($upload_dir,$ud_len-1,1); //Get Last Character
if ($last_slash <> "/") { //Check to see if the last character is a slash
$upload_dir = $upload_dir."/"; //Add a backslash if not present
} else {
$upload_dir = $upload_dir; //If backslash is present, do nothing
}

//Figure if last character for the upload log directory is a back slash
$udl_len = strlen($upload_log_dir); //Get upload log directory size
$last_slash = substr($upload_log_dir,$udl_len-1,1); //Get Last Character
if ($last_slash <> "/") { //Check to see if the last character is a slash
$upload_log_dir = $upload_log_dir."/"; //Add a backslash if not present
} else {
$upload_log_dir = $upload_log_dir; //If backslash is present, do nothing
}

//Validate the extension array
foreach ($ext_array as $key => $value) { //Start extension loop
$first_char = substr($value,0,1); //Get first character
if ($first_char <> ".") { //If not a period,
$extensions[] = ".".strtolower($value); //Write value with a period to a new array
} else { //Else
$extensions[] = strtolower($value); //Write the value to a new array
}
}

//Get Counts
$ext_count = count($extensions); //Count the number of extensions
$banned_count = count($banned_array); //Count the number of banned users

//Figure if anyone is banned
if ($banned_count >= 1) { //If number of banned users if 1 or greater
$banned_users = "TRUE"; //Set banned_users to TRUE
}

//Get server constants
$ip = $_SERVER['REMOTE_ADDR']; //Get IP address
$self = $_SERVER['PHP_SELF']; //Get PHP Self
$site = $_SERVER['HTTP_HOST']; //Get Start of Web URL
$ip = $_SERVER['REMOTE_ADDR']; //Get IP Address

//Set file size variables
$kb = 1024; //Set KB
$mb = 1024 * $kb; //Set MB
$gb = 1024 * $mb; //Set GB
$tb = 1024 * $gb; //Set TB

//Get The File's Extension
$extension = strtolower(strrchr($file_name,".")); //Get the file extension

//Validate Extension
foreach ($extensions as $key => $value) { //Start extract loop of valid extensions
if ($value == $extension) { //If extension is equal to any in the array
$valid_extension = "TRUE"; //Set valid extension to TRUE
}
$all_ext .= $value.", "; //Get all the extensions
}
$all_ext_len = strlen($all_ext); //Get the number of characters
$all_ext = substr($all_ext,0,$all_ext_len-2); //Extract all text except the last (2) characters

//Validate the file's size
$size = filesize($temp_file_name); //Get the size of the file
if ($size > $max_file_size) { //Set over limit statement
$over_limit = "TRUE"; //Set over_limit to TRUE
}

//Get the size of the uploaded file in other than bytes
if ($size < $kb) {
$screen_size = "$size Bytes"; //Set screen_size in bytes, if applicable
}
elseif ($size < $mb) {
$final = round($size/$kb,2);
$screen_size = "$final KB"; //Set screen_size in kilo-bytes, if applicable
}
elseif ($size < $gb) {
$final = round($size/$mb,2);
$screen_size = "$final MB"; //Set screen_size in mega-bytes, if applicable
}
else if($size < $tb) {
$final = round($size/$gb,2);
$screen_size = "$final GB"; //Set screen_size in giga-bytes, if applicable
}
else {
$final = round($size/$tb,2);
$screen_size = "$final TB"; //Set screen_size in tera-bytes, if applicable
}

//Get the size of the max file size in other than bytes
if ($max_file_size < $kb) { //Set screen_max in bytes, if applicable
$screen_max = "$max_file_size Bytes";
}
elseif ($max_file_size < $mb) {
$final = round($max_file_size/$kb,2);
$screen_max = "$final KB"; //Set screen_max in kilo-bytes, if applicable
}
elseif ($max_file_size < $gb) {
$final = round($max_file_size/$mb,2);
$screen_max = "$final MB"; //Set screen_max in mega-bytes, if applicable
}
else if($max_file_size < $tb) {
$final = round($max_file_size/$gb,2);
$screen_max = "$final GB"; //Set screen_max in giga-bytes, if applicable
}
else {
$final = round($max_file_size/$tb,2);
$screen_max = "$final TB"; //Set screen_max in tera-bytes, if applicable
}

//Validate the banned users list
if ($banned_users) { //If banned users are present
foreach($banned_array as $key => $value) { //Start extraction of banned users from the array
if ($value == $ip) { //If the user's IP address is found in list, continue
$banned_ip = "TRUE"; //and set the banned_ip to TRUE
}
}
}

//Start the validation process
if ($banned_ip) {
$result = "You have been banned from uploading any files to this directory!";
$log = $upload_log_dir."banned.txt"; //Log Banned File Name
$fp = fopen($log,"a+"); //Set File Pointer
fwrite($fp,"
$ip tried to upload on $date at $time."); //Write File
fclose($fp); //Close File Pointer
}
elseif (!$valid_extension) {
return FALSE;
}
elseif ($over_limit) {
return FALSE;
}
else {
if (is_uploaded_file($temp_file_name)) {
if (move_uploaded_file($temp_file_name,$upload_dir . $file_name)) {
$log = $upload_log_dir.$y."_".$m."_".$d.".txt"; //Log File Name
$fp = fopen($log,"a+"); //Set File Pointer
fwrite($fp,"
$ip | $file_name | $screen_size | $date | $time"); //Write File
fclose($fp); //Close File Pointer
return TRUE;
} else {
$result = "Your file could not be uploaded, please try again.";
return FALSE;
}
} else {
$result = "Your file could not be uploaded, please try again.";
return FALSE;
}
}
}
?>

Webpage, for full information:

Navigate: PHP Code Library > PHP > File Handling
http://www.phpfreaks.com/quickcode/F...loader/152.php

Regards, lineup

Geek · 10th February 2007, 12:34 PM

Looks very useful, thanks!!

(I'll let you know if I get hacked

)

lineup · 10th February 2007, 06:54 PM

Quote:

Originally posted by Geek
Looks very useful, thanks!!
(I'll let you know if I get hacked )

... by the way, talking of uploading
my PHP 5.2.0 settings vs. (PHP default recommended)
at my personal site is:

- upload_max_filesize 55M (default= 2M)
- post_max_size 55M (default= 8M)

- max_execution_time 300 (default= 30 seconds)
- max_input_time 300 (default= 60 seconds)

The reason for need to increase time settings in php.ini
is that uploading BIG FILE takes TIME
So, if the php page script will Time Out before the uploading is complete. This breaks the uploading.

Still, if uploading 50MB within 5 minutes at my site, require you have not too slow upload connection.
Better than 10MB per minute, with my current setting.
Same as 1 MB per 6 seconds. (160kByte/sec ~1280 kbits/sec ~1.28Mbits/sec)

For my own connection, this worked alright.
But I have rather fast internet.
I have tested figures like 2-10 MBits/s, even when testing against servers in USA,
at the other side of Atlantic Ocean.

PHP Manual
http://php.net/features.file-upload

Regards, lineup

====================================
edit:
I ran this speed test right now.
Against a speed test server in San Francisco

Quote:

Your Results:
2,766 Kbps Download Size: 995,974 bytes
346 KBytes per second Download Time: 2.81 secs

This equals like 8x346 = 2.7Mbits/s
http://sanfrancisco-speedtest.sprintbbd.net

Links, SPEED TEST for different servers all over the world:

http://www.dslreports.com/speedtest?more=1

Geek · 10th February 2007, 09:38 PM

I shouldn't have to mod the timing then, 160kByte/sec is exactly my transfer rate.

Size of files is never an issue, it's a quantity of pesky little files

lineup · 11th February 2007, 07:19 AM

Quote:

Originally posted by Geek
I shouldn't have to mod the timing then, 160kByte/sec is exactly my transfer rate.

Size of files is never an issue, it's a quantity of pesky little files

That is an above average speed!

Where I can run into trouble
is , of course, when browsing/downloading from some Asian countries.

Because, it does not matter if I can download with 381 kByte/sec
if those websites, can Upload to my PC
with only 50-75kByte/sec. ( ~0.50 MBits/sec )

It is always the slower side, that sets The LIMIT.

And 50kByte/s was the Download SPEED I got when testing against KOREA.
Using this great site:
http://www.dslreports.com/speedtest?more=1

lineup

Geek · 11th February 2007, 10:09 AM

This is average for me for North America. Anything on APNIC is just HORRIBLE though >.<

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
.slb file (translated library file)...!	spice freak	Solid State	0	28th October 2008 04:20 PM
.wav file limits?	Netlist	Digital Source	5	2nd December 2006 08:16 AM
Help I need a file!!!!	lawbadman	Everything Else	9	8th October 2006 07:33 PM
PDF file advice	cm961	Everything Else	9	9th August 2005 04:00 AM

New To Site?	Need Help?
Register to Participate Search Privacy Statement Contact Us	Frequently Asked Questions Did you forget your password? Mark Forums Read


	Please consider donating to help us continue to serve you. Ads on/off / Custom Title / More PMs / More album space / Advanced printing & mass image saving

10th February 2007, 12:34 PM	#2
Geek diyAudio Member Join Date: Sep 2004	Looks very useful, thanks!! (I'll let you know if I get hacked )

10th February 2007, 09:38 PM	#4
Geek diyAudio Member Join Date: Sep 2004	I shouldn't have to mod the timing then, 160kByte/sec is exactly my transfer rate. Size of files is never an issue, it's a quantity of pesky little files

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)