<?php
/**
Page: function.upload_files.php
Developer: Jeffrey M. Johns
Support: .... binary.star (at) verizon.net ....
******
Purpose: To validate against file uploads to the server.
******
Notes/Comments: This function will do a variety of activities. It will check to see if the file's
extension is accepted which is set by the user, check to make sure the file is not over the
allowable file size
******
Security: All proper measure were taken to make everything as secure as possible.
******
Code Example:
$self = $_SERVER['PHP_SELF'];
$submit = $_POST['Submit'];
$temp_file_name = trim($_FILES['upload']['tmp_name']);
$file_name = trim($_FILES['upload']['name']);
$upload_dir = "uploads/";
$upload_log_dir = "uploads/upload_logs/";
$max_file_size = 524288;
$banned_array = array("");
$ext_array = array(".jpg",".gif",".jpeg",".png",".txt",".doc",".wps",".pdf",".zip",".bmp",".tif",".html",".htm",".php");
if (($submit) AND ($temp_file_name)) {
print upload_files($temp_file_name,$file_name,$upload_dir,$upload_log_dir,$max_file_size,$banned_array,$ext_array);
}
the HTML form to go with this code:
<form action="<*php print"$self";*>" method="post" enctype="multipart/form-data" name="uploader">
Upload: <input name="upload" type="file" size="50">
<input type="submit" name="Submit" value="Submit">
</form>
**/
function upload_files($temp_file_name,$file_name,$upload_dir,$upload_log_dir,$max_file_size,$banned_array,$ext_array) {
//Get Day and Time Variables
$m = date("m"); //Get month
$d = date("d"); //Get day
$y = date("Y"); //Get year
$date = date("m/d/Y"); //Get today's date
$time = date("h:i:s A"); //Get now's time
//Get User Passed Variables
$temp_file_name = trim($temp_file_name); //Trim Temp File Name
$file_name = trim(strtolower($file_name)); //Trim File Name
$upload_dir = trim($upload_dir); //Trim Upload Directory
$upload_log_dir = trim($upload_log_dir); //Trim Upload Log Directory
$max_file_size = trim($max_file_size); //Trim Max File Size
//Figure if last character for the upload directory is a back slash
$ud_len = strlen($upload_dir); //Get upload log directory size
$last_slash = substr($upload_dir,$ud_len-1,1); //Get Last Character
if ($last_slash <> "/") { //Check to see if the last character is a slash
$upload_dir = $upload_dir."/"; //Add a backslash if not present
} else {
$upload_dir = $upload_dir; //If backslash is present, do nothing
}
//Figure if last character for the upload log directory is a back slash
$udl_len = strlen($upload_log_dir); //Get upload log directory size
$last_slash = substr($upload_log_dir,$udl_len-1,1); //Get Last Character
if ($last_slash <> "/") { //Check to see if the last character is a slash
$upload_log_dir = $upload_log_dir."/"; //Add a backslash if not present
} else {
$upload_log_dir = $upload_log_dir; //If backslash is present, do nothing
}
//Validate the extension array
foreach ($ext_array as $key => $value) { //Start extension loop
$first_char = substr($value,0,1); //Get first character
if ($first_char <> ".") { //If not a period,
$extensions[] = ".".strtolower($value); //Write value with a period to a new array
} else { //Else
$extensions[] = strtolower($value); //Write the value to a new array
}
}
//Get Counts
$ext_count = count($extensions); //Count the number of extensions
$banned_count = count($banned_array); //Count the number of banned users
//Figure if anyone is banned
if ($banned_count >= 1) { //If number of banned users if 1 or greater
$banned_users = "TRUE"; //Set banned_users to TRUE
}
//Get server constants
$ip = $_SERVER['REMOTE_ADDR']; //Get IP address
$self = $_SERVER['PHP_SELF']; //Get PHP Self
$site = $_SERVER['HTTP_HOST']; //Get Start of Web URL
$ip = $_SERVER['REMOTE_ADDR']; //Get IP Address
//Set file size variables
$kb = 1024; //Set KB
$mb = 1024 * $kb; //Set MB
$gb = 1024 * $mb; //Set GB
$tb = 1024 * $gb; //Set TB
//Get The File's Extension
$extension = strtolower(strrchr($file_name,".")); //Get the file extension
//Validate Extension
foreach ($extensions as $key => $value) { //Start extract loop of valid extensions
if ($value == $extension) { //If extension is equal to any in the array
$valid_extension = "TRUE"; //Set valid extension to TRUE
}
$all_ext .= $value.", "; //Get all the extensions
}
$all_ext_len = strlen($all_ext); //Get the number of characters
$all_ext = substr($all_ext,0,$all_ext_len-2); //Extract all text except the last (2) characters
//Validate the file's size
$size = filesize($temp_file_name); //Get the size of the file
if ($size > $max_file_size) { //Set over limit statement
$over_limit = "TRUE"; //Set over_limit to TRUE
}
//Get the size of the uploaded file in other than bytes
if ($size < $kb) {
$screen_size = "$size Bytes"; //Set screen_size in bytes, if applicable
}
elseif ($size < $mb) {
$final = round($size/$kb,2);
$screen_size = "$final KB"; //Set screen_size in kilo-bytes, if applicable
}
elseif ($size < $gb) {
$final = round($size/$mb,2);
$screen_size = "$final MB"; //Set screen_size in mega-bytes, if applicable
}
else if($size < $tb) {
$final = round($size/$gb,2);
$screen_size = "$final GB"; //Set screen_size in giga-bytes, if applicable
}
else {
$final = round($size/$tb,2);
$screen_size = "$final TB"; //Set screen_size in tera-bytes, if applicable
}
//Get the size of the max file size in other than bytes
if ($max_file_size < $kb) { //Set screen_max in bytes, if applicable
$screen_max = "$max_file_size Bytes";
}
elseif ($max_file_size < $mb) {
$final = round($max_file_size/$kb,2);
$screen_max = "$final KB"; //Set screen_max in kilo-bytes, if applicable
}
elseif ($max_file_size < $gb) {
$final = round($max_file_size/$mb,2);
$screen_max = "$final MB"; //Set screen_max in mega-bytes, if applicable
}
else if($max_file_size < $tb) {
$final = round($max_file_size/$gb,2);
$screen_max = "$final GB"; //Set screen_max in giga-bytes, if applicable
}
else {
$final = round($max_file_size/$tb,2);
$screen_max = "$final TB"; //Set screen_max in tera-bytes, if applicable
}
//Validate the banned users list
if ($banned_users) { //If banned users are present
foreach($banned_array as $key => $value) { //Start extraction of banned users from the array
if ($value == $ip) { //If the user's IP address is found in list, continue
$banned_ip = "TRUE"; //and set the banned_ip to TRUE
}
}
}
//Start the validation process
if ($banned_ip) {
$result = "You have been banned from uploading any files to this directory!";
$log = $upload_log_dir."banned.txt"; //Log Banned File Name
$fp = fopen($log,"a+"); //Set File Pointer
fwrite($fp,"
$ip tried to upload on $date at $time."); //Write File
fclose($fp); //Close File Pointer
}
elseif (!$valid_extension) {
return FALSE;
}
elseif ($over_limit) {
return FALSE;
}
else {
if (is_uploaded_file($temp_file_name)) {
if (move_uploaded_file($temp_file_name,$upload_dir . $file_name)) {
$log = $upload_log_dir.$y."_".$m."_".$d.".txt"; //Log File Name
$fp = fopen($log,"a+"); //Set File Pointer
fwrite($fp,"
$ip | $file_name | $screen_size | $date | $time"); //Write File
fclose($fp); //Close File Pointer
return TRUE;
} else {
$result = "Your file could not be uploaded, please try again.";
return FALSE;
}
} else {
$result = "Your file could not be uploaded, please try again.";
return FALSE;
}
}
}
?>
)
