upload.php
// Code Snippet:
php
// Upload Form
function display_upload_form()
{
echo <<
Yet Another Upload Form
DISPLAY_UPLOAD_FORM;}
// File Upload
function execute_upload()
{
// root path
$path = $_SERVER['DOCUMENT_ROOT'];
// upload directory. path will originate from root.
$dirname = '/uploads';
// permission settings for newly created folders
$chmod = 0755;
// create file vars to make things easier to read.
$filename = $_FILES['myfile']['name'];
$filesize = $_FILES['myfile']['size'];
$filetype = $_FILES['myfile']['type'];
$file_tmp = $_FILES['myfile']['tmp_name'];
$file_err = $_FILES['myfile']['error'];
$file_ext = strrchr($filename, '.');
// check if user actually put something in the file input field.
if (($file_err == 0) && ($filesize != 0))
{
// Check extension.
if (!$file_ext)
{
unlink($file_tmp);
die('File must have an extension.');
}
// extra check to prevent file attacks.
if (is_uploaded_file($file_tmp))
{
/*
* check if the directory exists
* if it doesnt exist, make the directory
*/
$dir = $path . $dirname;
if (!is_dir($dir))
{
$dir = explode('/', $dirname);
foreach ($dir as $sub_dir)
{
$path .= '/' . $sub_dir;
if (!is_dir($path))
{
if (!mkdir($path, $chmod))
{
unlink($file_tmp);
die('Error: Directory does not exist and was unable to be created.');
}
}
}
}
/*
* copy the file from the temporary upload directory
* to its final detination.
*/
if (@move_uploaded_file($file_tmp, $dir . '/' . $filename))
{
// success!
echo "
Success!
View File: $filename
";
}
else
{
// error moving file. check file permissions.
unlink($file_tmp);
echo 'Error: Unable to move file to designated directory.';
}
}
else
{
// file seems suspicious... delete file and error out.
unlink($file_tmp);
echo 'Error: File does not appear to be a valid upload. Could be a file attack.';
}
}
else
{
// Kill temp file, if any, and display error.
if ($file_tmp != '')
{
unlink($file_tmp);
}
switch ($file_err)
{
case '0':
echo 'That is not a valid file. 0 byte length.';
break;
case '1':
echo 'This file, at ' . $filesize . ' bytes, exceeds the maximum allowed file size as set in php.ini. '.
'Please contact your system admin.';
break;
case '2':
echo 'This file exceeds the maximum file size specified in your HTML form.';
break;
case '3':
echo 'File was only partially uploaded. This could be the result of your connection '.
'being dropped in the middle of the upload.';
case '4':
echo 'You did not upload anything... Please go back and select a file to upload.';
break;
}
}
}
// Logic Code
if (isset($_POST['execute']))
{
execute_upload();
}
else
{
display_upload_form();
}
?>