image upload (sorry)

**james grainger** · 06-02-2003, 10:10 AM

can anybody advise me as to the simplest way of allowing a client to upload images without using an ftp.

i can use actionscript but mty knowledge of backend stuff doesnt really extend beyond modifying a txt via cgi script.

obviously id love a prebuilt scipt but cant find one. The stuff on flash db seems complex.

am i going to have to set up msql database?
are php object and other open source alternatives to flash remoting easy to implement.

be honest

james

**OJayLove** · 06-02-2003, 03:00 PM

Sure, try this:

**********
upload.htm
**********
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Send this file</title>
</head>

<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="400000">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File"> (max: 400k)
</form>
</body>

</html>

**********
upload.php
**********
<?php

$maxbytes = 400000; // if you change this and the next line,
$maxbytesk = "400k"; // make the same changes in the html file

$uploaddir = '/home/user/public_html/test/'; //change this to the correct destination folder

$unique_id = date("m-d-y"); //date is put in the filename to help keep it unique
//for organization and to help prevent duplicate filenames

$imgarray = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/x-png");

$filetype = $_FILES['userfile']['type'];
$filename = $_FILES['userfile']['name'];
$filesize = $_FILES['userfile']['size'];
$newfilename = $unique_id."_".$_FILES['userfile']['name'];

// Note: if filesize excededs the limit in html file, the browser will terminate the upload
// and return a length of 0 bytes.

if ($filesize==0){
echo "The file you specified is either an invalid name, contains Zero bytes, or exceded $maxbytesk bytes";
}else if ($filesize > $maxbytes) {
echo "The file exceded the $maxbytesk limit";
exit;
}else if (!in_array($filetype,$imgarray)){
echo 'Invalid filetype. Please use only a .JPG, .GIF, or .PNG file.';
}

print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $newfilename)) {
print "File is valid, and was successfully uploaded.\n\n";
echo "The new filename is: $newfilename\n\n";
} else {
print "File was not uploaded!\n";
}

print "Here's some more debugging info:\n";
print_r($_FILES);

?>

**james grainger** · 06-02-2003, 03:48 PM

yo

thanks for the script. i cant get it to work though
im getting a error like this.

Warning: Unable to create '/home/htdocs/hosted/draganddrop/06-02-03_utest.jpeg': Permission denied in /home/htdocs/hosted/draganddrop/drag-drop.net/portfolio/upload/upload.php on line 15

Warning: Unable to move '/tmp/phpAwMfVX' to '/home/htdocs/hosted/draganddrop/06-02-03_utest.jpeg' in /home/htdocs/hosted/draganddrop/drag-drop.net/portfolio/upload/upload.php on line 15

File was not uploaded!
Here's some more debugging info:
Array
(
[userfile] => Array
(
[name] => utest.jpeg
[type] => image/jpeg
[tmp_name] => /tmp/phpAwMfVX
[size] => 8685
)

)

**Musicman** · 06-02-2003, 04:58 PM

Hi,

I guess your uploaddir does not have correct permissions - on unix type server try 777

Musicman

**OJayLove** · 06-02-2003, 10:21 PM

Let us know if it works when u chmod the directory to 777 like musicman says. It should work fine then.

Below is a modified upload.htm file that previews the image before uploading

**********
upload.htm
**********
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Send this file</title>
<script language="javascript">
function previewimg(){
document.getElementById("main").src=document.forms .myform.userfile.value;
}
</script>
</head>

<body>
<img id="main" width=100 height=100>
<form name="myform" enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="400000">
Send this file: <input name="userfile" type="file" onChange="previewimg()">
<input type="submit" value="Send File"> (max: 400k)
</form>
</body>

</html>

**james grainger** · 06-03-2003, 04:43 AM

yep

the chmod 777 trick worked great.
thanks for the code.

whats the best way to make these things secure. I was planning to include the upload interface perhaps in a frame as the rest of the backend uses a flash interface. obviously i dont want just anyone uploading to my space. Im not sure what password system i should use to protect both the upload system and the text system. If possible dont want to use two passwords.

thanks again

**OJayLove** · 06-04-2003, 03:46 AM

Well this must be your lucky day! I just happen to need the same password system for my site, so I didn't mind spending time today writing code.

Using flash for your password system is a bad idea. Flash files are automatically downloaded into everyone's machine. With a simple action script viewer, people can view all the actionscript (including password) embeded in your .SWF file. Even if you put the password into a different file, the acutal password would still be download into everyone's machine. What you really need is a server side script.

Download my code and tell me how it works out for you...

**OJayLove** · 06-04-2003, 02:31 PM

If you've already downloaded my original file above (picupload.zip), you should download the new version (ImageUploader10.zip).

This secure version plugs up the security hole. It uses a separate password file that is only readable by the server it resides on. This way visitors cannot hack your password by attempting to view your configuration file.

It also has animation while uploading.

Glad to be of some help. I wish I had it this easy sometimes...

**james grainger** · 06-04-2003, 04:13 PM

thanks oj but i cant seem to download the zip file. flaskit opens upa new page and spews a load of code into it.

can you email it me?

info@drag-drop.net

thanks for your time

james

**OJayLove** · 06-04-2003, 04:16 PM

Instead of clicking on the zip file, right-click and choose Save Target As...

**james grainger** · 06-04-2003, 04:20 PM

at the risk of sounding like a complete gimp if i control click the link (im using a mac) it asks me too save the file as a php.

this isnt right is it?

james

**OJayLove** · 06-04-2003, 04:25 PM

I don't think MAC's support zip files....

Goto this link and download all the files one by one:
http://www.

**james grainger** · 06-04-2003, 04:35 PM

got most of the files but the .cgis wont download
im getting an error message

james

ps macs do support zip but i think they have a problem with the save link to disk function

**OJayLove** · 06-04-2003, 04:38 PM

i'll email the cgi's

**james grainger** · 06-04-2003, 05:15 PM

oj

i uploaded the files and set the permissions.
it doesnt seem to work though

what am i doing wrong

its in this folder
[url]http://
james

**OJayLove** · 06-04-2003, 05:51 PM

some how your config.ini & password.ini became a unix based text file instead of a windows based (even if your web server runs unix a windows based file will remain that way if copied instead of created as new). I'll tell you what I mean

compare my file with yours and you'll see

You should see the contents of my file are on separate lines, and the contents of your file are on a single line.

You won't notice a difference in the password file because there is only one line, but there are still invisible control characters.

Did you download and upload my .ini files exactly how they are? That's what needs to be done. If you copy and pasted the contents then that is the problem

I'll email you the two .ini files as an attachment. Hopefully you can download them the way they are and simply upload to your site.

If you still are having problems, give me FTP access to any folder on your account. Email the account name/password to me and I'll upload all the necessary files

**james grainger** · 06-04-2003, 06:30 PM

still cant get it to work oj

could it be the cgi script that you sent me. i cut and pasted them from athe email you sent. this could have adjusted the formatting. for instance when i open config.cgi in a text editor the link to your web site is active (blue)

thanks for all your help
james

**OJayLove** · 06-04-2003, 06:51 PM

That is another problem. The link shouldn't look that way. I'll upload the files for you tonight when I get home.

No problem...

**james grainger** · 06-05-2003, 04:48 AM

cheers oj. you're a dude
it works great

one last thing though. (im sure this s a quick one)
how do i modify the script to:

1)remove the date added to the filename
2)allow only jpegs to be uploaded
3) check the filename is one of these numbers before uploading

"01a.jpg, 01b.jpg, 01c.jpg..........01o.jpg"
"02a.jpg,02b.jpg,02c.jpg..........02o.jpg"

and continue up to 15o.jpg

i can probably sort the first two out myself but its number 3 i cant get right

thanks for all your help
james

**OJayLove** · 06-05-2003, 01:04 PM

(1) in: processupload.php

delete this line: $unique_id = date("m-d-y");

then change: $newfilename = $unique_id."_".$_FILES['userfile']['name'];
to: $newfilename = $_FILES['userfile']['name'];

(2) in: processupload.php

change this line: $imgarray = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/x-png");
to: $imgarray = array("image/pjpeg", "image/jpeg");

change this line: echo 'Invalid file type. Please use only a .JPG, .GIF, or .PNG file.';
to: echo 'Invalid file type. Please use only a .JPG file.';

then edit: template.htm
and change text: only .GIF .JPG .PNG accepted

(3) That's gonna be tricky. I'm not familiar with the technique to take care of that. Maybe somebody else can jump in here and help you out.

Thread: image upload (sorry)

Thread Tools

Display

image upload (sorry)

Posting Permissions