[PHP-DB] more upload script filename checking

2002-10-14 Thread Michael Knauf/Niles 


Ok, next question:

Here's my upload script:

?
  if ($upfile1==none)
  {
echo no file selected for upload please go back and select a
file.;
exit;
  }

  if ($upfile1_size==0)
  {
echo No data was transferred, your file may be too large or
may not exist;
exit;
  }
  $upfile1_name=str_replace(' ','_',$upfile1_name);
  if (file_exists(/var/www/html/files/$upfile1_name))
  {
  echo Font color=redfile $upfile1_name already
exists/fontpNote: Your file may have been renamed if it contained
spaces, this is so that links to the file will work correctly./PP If
you want to replace an existing file, Talk to Michael Knauf.;
  exit;
  }

  if (!is_uploaded_file($upfile1))
  {
echo file may contain upload attack, this is not allowed;
exit;
  }

  $okfile1=/var/www/html/files/.$upfile1_name;

  if ( !copy($upfile1, $okfile1))
  {
echo Could not move file;
exit;
  }

  echo File uploaded successfullyBRBR;
  $fp = fopen($okfile1, r);
  $contents = fread ($fp, filesize ($okfile1));
  fclose($fp);

  $fp = fopen($okfile1, w);
  fwrite($fp, $contents);
  fclose($fp);

  echo HR;

  echo you can link to your file at: A
HREF=http://red.niles.net/files/$upfile1_namehttp://red.niles.net/files/$upfile1_name/A;
?

That all works fine, and accepts a file from a simple html form file
element: input type=file name=upfile1

So I think, my, wouldn't it be nice if they could upload 3 or 4 files at
once?

Problem 1, I'm not sure how to structure that, obviously a loop of some
sort, but what makes me cry for help, is that I simply duplicated my html
input input type=file name=upfile2 and called it upfile2, and
duplicated my php code and changed each second instance of upfile1 to
upfile2 which worked fine, too till I trigger any of the error conditions
in the first iteration... then the exit function happens and the second
file is ignored (because i've exited out of the script, I know) the
question is how I exit out of the first iteration but not the second...

Michael



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] more upload script filename checking

2002-10-14 Thread Marco Tabini 

Well, you can use the break statement to exit a loop or code block, but
wouldn't you rather want to create a single loop that can handle any
number of files?


 On Mon, 2002-10-14 at 13:54, Michael Knauf/Niles wrote:
 
 Ok, next question:
 
 Here's my upload script:
 
 ?
   if ($upfile1==none)
   {
 echo no file selected for upload please go back and select a
 file.;
 exit;
   }
 
   if ($upfile1_size==0)
   {
 echo No data was transferred, your file may be too large or
 may not exist;
 exit;
   }
   $upfile1_name=str_replace(' ','_',$upfile1_name);
   if (file_exists(/var/www/html/files/$upfile1_name))
   {
   echo Font color=redfile $upfile1_name already
 exists/fontpNote: Your file may have been renamed if it contained
 spaces, this is so that links to the file will work correctly./PP If
 you want to replace an existing file, Talk to Michael Knauf.;
   exit;
   }
 
   if (!is_uploaded_file($upfile1))
   {
 echo file may contain upload attack, this is not allowed;
 exit;
   }
 
   $okfile1=/var/www/html/files/.$upfile1_name;
 
   if ( !copy($upfile1, $okfile1))
   {
 echo Could not move file;
 exit;
   }
 
   echo File uploaded successfullyBRBR;
   $fp = fopen($okfile1, r);
   $contents = fread ($fp, filesize ($okfile1));
   fclose($fp);
 
   $fp = fopen($okfile1, w);
   fwrite($fp, $contents);
   fclose($fp);
 
   echo HR;
 
   echo you can link to your file at: A
 
HREF=http://red.niles.net/files/$upfile1_namehttp://red.niles.net/files/$upfile1_name/A;
 ?
 
 That all works fine, and accepts a file from a simple html form file
 element: input type=file name=upfile1
 
 So I think, my, wouldn't it be nice if they could upload 3 or 4 files at
 once?
 
 Problem 1, I'm not sure how to structure that, obviously a loop of some
 sort, but what makes me cry for help, is that I simply duplicated my html
 input input type=file name=upfile2 and called it upfile2, and
 duplicated my php code and changed each second instance of upfile1 to
 upfile2 which worked fine, too till I trigger any of the error conditions
 in the first iteration... then the exit function happens and the second
 file is ignored (because i've exited out of the script, I know) the
 question is how I exit out of the first iteration but not the second...
 
 Michael
 
 
 
 -- 
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php