Uploading files via php

Applications Web Development
1

I used the following code, which I found on the internet to upload files.

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="upload2.php" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="8000000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

and

 ?php
        session_start();
        $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
        $uniq = session_id();
        $UNIQ= `echo $uniq |cut -c3-10`;
        $UNIQ= rtrim($UNIQ);
        $MAX_FILE_SIZE=rtrim($_POST['MAX_FILE_SIZE']);

//The files have a link on a page for downloading
//and filenames are also put in the progress bar so
//the file can be viewed in the browser (ie. PDF files)
//so replace a few characters.  Since the file links are
//loaded onto another page via php and filenames
//are displayed, I wanted to use this method instead
//of url_encode() [just looks funny when displayed]

$SafeFile = $_FILES['userfile']['name'];
$SafeFile = str_replace("#", "No.", $SafeFile);
$SafeFile = str_replace("$", "Dollar", $SafeFile);
$SafeFile = str_replace("%", "Percent", $SafeFile);
$SafeFile = str_replace("^", "", $SafeFile);
$SafeFile = str_replace("&", "and", $SafeFile);
$SafeFile = str_replace("*", "", $SafeFile);
$SafeFile = str_replace("?", "", $SafeFile);

 `echo $SafeFile >>/tmp/file.log`;
$uploaddir = "/u/payroll/uploads/";
$path = $uploaddir.$SafeFile;
 `echo $path >>/tmp/file.log`;
if($userfile != none){ //AS LONG AS A FILE WAS SELECTED...

    if(copy($_FILES['userfile']['tmp_name'], $path)){ //IF IT HAS BEEN COPIED...

        //GET FILE NAME
        $theFileName = $_FILES['userfile']['name'];

        //GET FILE SIZE
        $theFileSize = $_FILES['userfile']['size'];

        if ($theFileSize>999999){ //IF GREATER THAN 999KB, DISPLAY AS MB
            $theDiv = $theFileSize / 1000000;
            $theFileSize = round($theDiv, 1)." MB"; //round($WhatToRound, $DecimalPlaces)
        } else { //OTHERWISE DISPLAY AS KB
            $theDiv = $theFileSize / 1000;
            $theFileSize = round($theDiv, 1)." KB"; //round($WhatToRound, $DecimalPlaces)
        }

echo <<<UPLS
<table cellpadding="5" width="300">
<tr>
    <td align="Center" colspan="2"><font color="#009900"><b>Upload Successful</b                                    ></font></td>
</tr>
<tr>
    <td align="right"><b>File Name: </b></td>
    <td align="left">$theFileName</td>
</tr>
<tr>
    <td align="right"><b>File Size: </b></td>
    <td align="left">$theFileSize</td>
</tr>
<tr>
    <td align="right"><b>Directory: </b></td>
    <td align="left">$uploaddir</td>
</tr>
</table>

UPLS;

    } else {

//PRINT AN ERROR IF THE FILE COULD NOT BE COPIED
echo <<<UPLF
<table cellpadding="5" width="80%">
<tr>
<td align="Center" colspan="2"><font color=\"#C80000\"><b>File could not be uploaded</b></font></td>
</tr>

</table>

UPLF;
    }
}

?>
#

Even though the max file size is set at 8mb, the script fails at files sizes over 1.5mb
Are their limitations within apache, or php that can override the value in the script?

2

The configuration value which controls it appears to be upload_max_filesize, not MAX_FILE_SIZE. You can find the files under /etc/php, which has two config file folders, one for commandline php, one for web server php.

3

Well, its on SCO, so it has to be different. Its all in /usr/lib/php/php.ini
:b:

1 Like