Jump to content

Recommended Posts

Posted (edited)

Hello,

 

I have a question about my code below which allows clients to upload files. In testing the code as it is, what happens is the error message does not display when I try to upload an incorrect file type, nor does the "File uploaded successfully" message display when I upload an acceptable file type. The files actually do get uploaded but you'd never know because but you automatically get redirected back to members.php which is where you start to upload a file in the first place.

 

However, if I take out everything before the line "// begin Dave B's Q&D file upload security code" everything works fine.

 

Is there a way to get the success or error message to display and I guess include a link to then get back to the members.php page without messing up the login part? Any help on this would be very much appreciated. Thank you very much.

 

 

 

<?php
/*
*  PROCESSFILE.PHP
*  Password protected area to process members' uploaded files
*/

//start session
session_start();
include("includes/config.php");
/*
* This section below checking if user is logged in/checking for inactivity 
* may be best put in a reusable function so it is easily reused/updated
*/

// check that the user is logged in
if (!isset($_SESSION['username']))
{
header("Location: login.php?unauthorized");
}
//check that the user is an admin
else if (!is_ceoadmin())
{
header("Location: members.php");
}
// check for inactivity
if (time() > $_SESSION['last_active'] + $config['session_timeout'])
{
// log out user
session_destroy();
header("Location: login.php?timeout");
}
else
{
// update the session variable
$_SESSION['last_active'] = time();
}

  // begin Dave B's Q&D file upload security code
 $allowedExtensions = array("doc","docx","xls","xlsx","pdf","jpg","jpeg","gif","png");
 foreach ($_FILES as $file) {
   if ($file['tmp_name'] > '') {
     if (!in_array(end(explode(".",
           strtolower($file['name']))),
           $allowedExtensions)) {
      die($file['name'].' Sorry, this is an invalid file type!<br/>'.
       '<a href="javascript:history.go(-1);">'.
       '<&lt Go Back</a>');
     }
   }
 }
 // end Dave B's Q&D file upload security code 

$uploadDir = "./uploaded/";

 // Check if file has been uploaded 
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$filePath = $uploadDir . $fileName;

// get the file extension first
$ext = substr(strrchr($fileName, "."), 1);

// make the random file name
$randName = md5(rand() * time());

// and now we have the unique file name for the upload file
$filePath = $uploadDir . $randName . '.' . $ext;

$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}

// Connect to the database
$dbLink = new mysqli('I removed the db info for this post');
	if(mysqli_connect_errno()) {
		die("MySQL connection failed: ". mysqli_connect_error());
       }

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}

$query = "INSERT INTO uploadpath (name, type, size, path ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";

mysqli_query($dbLink, $query) or die('Error, query failed : ' . mysqli_error($dbLink));

// close db connection 
$dbLink->close();


echo "<p> The file, $fileName, has been successfully uploaded.</p>";

}

?>

Edited by debmc99

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...