debmc99 Posted September 17, 2010 Report Posted September 17, 2010 (edited) Hello, I have a question about my code below which allows clients to upload files. In testing the code as it is, what happens is the error message does not display when I try to upload an incorrect file type, nor does the "File uploaded successfully" message display when I upload an acceptable file type. The files actually do get uploaded but you'd never know because but you automatically get redirected back to members.php which is where you start to upload a file in the first place. However, if I take out everything before the line "// begin Dave B's Q&D file upload security code" everything works fine. Is there a way to get the success or error message to display and I guess include a link to then get back to the members.php page without messing up the login part? Any help on this would be very much appreciated. Thank you very much. <?php /* * PROCESSFILE.PHP * Password protected area to process members' uploaded files */ //start session session_start(); include("includes/config.php"); /* * This section below checking if user is logged in/checking for inactivity * may be best put in a reusable function so it is easily reused/updated */ // check that the user is logged in if (!isset($_SESSION['username'])) { header("Location: login.php?unauthorized"); } //check that the user is an admin else if (!is_ceoadmin()) { header("Location: members.php"); } // check for inactivity if (time() > $_SESSION['last_active'] + $config['session_timeout']) { // log out user session_destroy(); header("Location: login.php?timeout"); } else { // update the session variable $_SESSION['last_active'] = time(); } // begin Dave B's Q&D file upload security code $allowedExtensions = array("doc","docx","xls","xlsx","pdf","jpg","jpeg","gif","png"); foreach ($_FILES as $file) { if ($file['tmp_name'] > '') { if (!in_array(end(explode(".", strtolower($file['name']))), $allowedExtensions)) { die($file['name'].' Sorry, this is an invalid file type!<br/>'. '<a href="javascript:history.go(-1);">'. '<< Go Back</a>'); } } } // end Dave B's Q&D file upload security code $uploadDir = "./uploaded/"; // Check if file has been uploaded if(isset($_POST['upload'])) { $fileName = $_FILES['userfile']['name']; $tmpName = $_FILES['userfile']['tmp_name']; $fileSize = $_FILES['userfile']['size']; $fileType = $_FILES['userfile']['type']; $filePath = $uploadDir . $fileName; // get the file extension first $ext = substr(strrchr($fileName, "."), 1); // make the random file name $randName = md5(rand() * time()); // and now we have the unique file name for the upload file $filePath = $uploadDir . $randName . '.' . $ext; $result = move_uploaded_file($tmpName, $filePath); if (!$result) { echo "Error uploading file"; exit; } // Connect to the database $dbLink = new mysqli('I removed the db info for this post'); if(mysqli_connect_errno()) { die("MySQL connection failed: ". mysqli_connect_error()); } if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $query = "INSERT INTO uploadpath (name, type, size, path ) ". "VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')"; mysqli_query($dbLink, $query) or die('Error, query failed : ' . mysqli_error($dbLink)); // close db connection $dbLink->close(); echo "<p> The file, $fileName, has been successfully uploaded.</p>"; } ?> Edited September 18, 2010 by debmc99 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.