David Cook David Cook - 3 years ago 148
PHP Question

PDF Uploader script

I have spent 3 days reading and doing tutorials about PHP upload scripts for uploading PDF files to a website, renaming and moving the files. I can't seem to find a consistent answer on how to format the script. From my reading I see the following as important to this process. I have not found a good working answer to the PDF upload issue.


  1. It is important to validate the PDF files with a server side mime verification.

  2. Clamscan is important to keep the site clean. Should this be done immediately after upload?

  3. Files should not be accessible until they are verified by type and virus free. My understanding is that this is best done by the "rename" function of PHP that will allow a move and rename.

  4. I had considered uploading PDFs into my MySql database, but after reading much of the online advice, I now feel that this may not be the best for my site.

  5. I will be having clients upload pdfs via a html form.



Here is the form I was using:

<form action ="PHP UPLOAD.php" method="post" encrypte="multipart/form-data">
File: <input type="file" name="file" size="30"> <input type="submit" value="upload!">
</form>


This is the PHP I started with from an online tutorial.

<?php

$uploaddir = "cover";
$allowed_ext = "pdf";
$max_size = "5000000";
//$max_height = "";
//$max_width = "";

$extension = pathinfo($_FILES['file'] ['name']);
$extension = $extension[extension];
$allowed_paths = explode(", ", $allowed_ext);
for($i = 0; $i < count($allowed_paths); $i++) {
if ($allowed_paths [$i] == "$extension") {
$ok = "1";
}
}


if ($ok == "1") {
if($_FILES['file']['size'] > $max_size)
{
print "File is too big!";
exit;
}

// Include for images
//if ($max_width && $max_height) {
//list ($width, $height, $type, $w) =
//getimagesize($_FILES['file']['tmp_name']);
//if ($width . $max_width || $height > $max_height)
//{
//print "File height and/or width are too big!";
//exit;
//}
//}

if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}
print "Your Cover Letter has been successfully uploaded!";
} else {
print "Incorrect file extension!";
}

?>


It returned an Invalid File Type message to me.

I found this code and it seems to be a better verification via Mime Type, but appears to be not complete.

$allowedExts = array(
"pdf",
"doc",
"docx"
);

$allowedMimeTypes = array(
'application/msword',
'text/pdf',
'image/gif',
'image/jpeg',
'image/png'
);

$extension = end(explode(".", $_FILES["file"]["name"]));

if ( 20000 < $_FILES["file"]["size"] ) {
die( 'Please provide a smaller file [E/1].' );
}

if ( ! ( in_array($extension, $allowedExts ) ) ) {
die( 'Please provide another file type [E/2]. );
}

if ( in_array( $_FILES["file"]["type"], $allowedMimeTypes ) )
{
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
}
else
{
die( 'Please provide another file type [E/3]. );
}


I am trying to learn, but I don't seem to be able to find a very clear path that solves my issues. Can someone give me some clear answers as to what is special about PDF uploads and this process?

For Background, I am building this on my MAC using MAMP and Dreamweaver & Text Wrangler. I will be implementing this to a GoDAddy site. So, if you know issues that I will be facing I would appreciate a heads up.

Thanks in Advance!

Answer Source

i think the error message is because of you miss typed enctype as encrypte, please check this also

<form action ="PHP_UPLOAD.php" method="post" enctype="multipart/form-data">
File: 
<input type="file" name="file" size="30"> 
<input type="submit" value="upload!">
</form>
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download