[PHP] Re: File Uploads!

2003-06-30 Thread Catalin Trifu 
Hi,

In case someone is interested I found the workaround.
1. IE6 does not take into consideration MAX_FILE_SIZE,
so one can not rely on it on client side.
2. If the uploaded file exceeds the post_max_size, the PHP
engine (4.3.1 in my case) does not give you any error in the PHP
script which handles the upload, nor does it take into consideration
MAX_FILE_SIZE. It simply logs the error as shown and does
not even parse the post data anymore.
So, the workaround is to make the post_max_size large enough
so that it fits, like 100MB and the PHP will take into consideration
the MAX_FILE_SIZE, discard the upload and give you the
$_FILES['userfile']['error'] = UPLOAD_ERR_FORM_SIZE
I for one consider this a flaw in the engine.
Anyway, hope this helps,

Catalin

Catalin Trifu [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Hi,

 This is the error I get in the log file:
 [error] PHP Warning:  POST Content-Length of 11184886 bytes exceeds the
 limit of 8388608 bytes in Unknown on line 0

 This is absolutely correct. The problem is
 this error does not reach my PHP script and I
 have no idea how can I tell my user he posted
 a file which exceds the size.
 The $_FILES is empty, same for $HTTP_...
 Any idea is appreciated.

 Cheers,
 Catalin





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: File Uploads Security Fix

2002-05-03 Thread Manuel Lemos 

Hello,

Miguel Loureiro wrote:
 Hello,
 after copy do_download.php to php4.0.6/main what I have to do?
 T.Y.

do_download.php is not the name of the download file.  It should be 
rfc1867.c.diff-4.0.6.gz . Here is the correct URL.

http://www.php.net/distributions/rfc1867.c.diff-4.0.6.gz

What you need to do is to use gunzip to uncompress and that use the 
program named patch to apply the patch file.

Regards,
Manuel Lemos


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: File uploads in PHP

2001-08-17 Thread James Holloway 

Hi there,

I haven't tested any of this, and there are probably some things that need
adding, but it'll give you an idea at least.

Form element:

input type=file name=thefile

// What files do we want?
$types_we_want = array(image/gif, image/jpeg, image/pjpeg); // allows
jpegs and gifs
// What is the max size we want (in bytes)?
$size_we_want = (50 * 1024); // 50Kb

// function to test whether or not the file is an image, and whether it is
in the correct
// size restriction
function CheckImage($thefile, $thefile_name, $thefile_type, $thefile_size,
$types_we_want, $size_we_want) {
if (!in_array($thefile_type, $types_we_want)) {
// the file is of invalid type
return false;
} else
if ($thefile_size  $size_we_want) {
// too big
return false;
}
return true;
}

// function to explain what's wrong with the file
function AnImageError($thefile, $thefile_name, $thefile_type, $thefile_size,
$types_we_want, $size_we_want) {
if (!in_array($thefile_type, $types_we_want)) {
// the file is of invalid type
echo $thefile_name .  is not a jpeg or gif!;
} else
if ($thefile_size  $size_we_want) {
// too big
echo $thefile_name . is bigger than the allowed file size of   .
($size_we_want / 1024) . Kb;
}
}

// function to change the name of the image (if you don't do this, and one
person
// uploads a file named name.jpg and then another person uploads a file
with
// the same name, the second will overwrite the original

function NewImageName($thefile_name, $thefile_type) {

$timestamp = time(); // use a timestamp
$prefix = substr($thefile_name, 0, 2); // get two characters from the
beginning of the filename
// for a bit of randomness (use another function like mtsrand() (see
manual))
// for something better

if ($thefile_type == image/jpeg || $thefile_type == image/pjpeg) {
// file is a jpeg
$ext = .jpg;
} else {
// file is a gif
$ext = .gif;
}

$newfilename = $prefix . $timestamp . $ext;

return $newfilename;
}

// function to upload the file.
function DoUploadFile($thefile, $thefile_name, $thefile_type, $thefile_size)
{
global $connection; // this contains details of your mysql connection

$size = @GetImageSize($thefile);
list($ignoreme,$width,$ignoremeagain,$height) = explode(\,$size[3]);
// gets the width and height of the file

// rename the image with the function we defined above
$newfilename = NewImageName($thefile_name, $thefile_type);

// specify a directory to copy the temp file to in the following line
// eg /home/mysite/web/images

if (!@copy($thefile, /path/to/store/files . $newfilename)) {
echo Sorry, something's gone wrong here.;
} else {
// insert the data into your table.  the columns are the unique id
of the file,
// the date the file is uploaded in datetime format,
// the name of the file (varchar, 50), its size in bytes( int), its
width(int) and height(int).
 $insert_data = INSERT INTO mysql_table
(picid, picorigin, picname, picsize,
picwidth, picheight)
VALUES
('', NOW(), '$newfilename', '$thefile_size',
'$width', '$height');
$do_upload = @mysql_query($insert_data, $connection);

if (!$do_upload) { // query failed
echo There was an error with the database.;
} else {
echo Thanks.   . $thefile_name .  has been uploaded.;
}
}
}

// Put it all together in your form handling
if ($thefile_name != ) {
if (!CheckImage($thefile, $thefile_name, $thefile_type, $thefile_size,
$types_we_want, $size_we_want)) {
AnImageError($thefile, $thefile_name, $thefile_type, $thefile_size,
$types_we_want, $size_we_want);
} else {
DoUploadFile($thefile, $thefile_name, $thefile_type, $thefile_size);
}
}

Hope that helps,

James.


Dr. Evil [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...

 My PHP script needs to receive some files.  I've seen sites which
 accept them; they have a Browse button which lets the user select a
 file to send.  That's what I want to do.

 I have a few questions about this.  First of all, this is with
 php4.06.  Secondly, the files are all going to be images, and not very
 large: no more than 50k.

 What's the best way to do this?  I notice that PHP can store these
 files on disk, but I'm going to be storing them in a DB.  I would
 rather receive them directly into a PHP variable.  Is this possible?
 Or should I take them in a file, and then read them back in to a
 variable?

 Also, if they need to go into a file, which directory is safest for
 this?  /tmp contains some important files.  And finally, how do I
 limit the maximum file size that PHP will accept?

 Thanks



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL

[PHP] Re: File Uploads

2001-08-07 Thread Damiano Ferrari 

Scott,

I am a Windows/ASP guy who just recently started messing around with PHP, so
maybe I am completely off path, however I found this post:




On my system (Solaris 7/SPARC, Apache 1.3.9), in order to be able to upload
files larger than 8 MB, you need to increase the memory_limit in php3.ini to
a value larger than 8 MB.

For example, if MAX_FILE_SIZE is set to 209715199 in your form and
upload_max_filesize is set to 209715200 in php3.ini, the largest file that
can be uploaded is 7996 kilobytes or about 8 MB. Increasing the memory_limit
(I increased mine to 100 MB) allows me to upload files that are up to 100 MB
in size.




You can find it here:
http://www.php.net/manual/cs/features.file-upload.php

HTH,
Damiano



Scott Kalbach [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi, I am having a problem with http uploads:

 First I am using Mandrake 8.0 with apache 1.3.19 and php 4.0.4.

 I have an upload script which I need to allow large files to be uploaded.
I
 have set the input type=hidden name=MAX_FILE_SIZE value=104857600
 Which I believe should be 100mb.

 I have also set the same value in the php.ini file for the
 memory_limit and upload_max_filesize directives and also set a longer
script
 execution time out.

 No matter what valuesI give these directives I still can't upload anything
 over 8 megs which was the default before I changed it. I have restarted
 apache and rebooted.

 Any help would be appreciated.

 Scott



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]