secure_upload.class

Any problems relating to the premium downloads should go in here
Post Reply
joeblow
Posts: 7
Joined: Sat Dec 22, 2012 6:10 am

secure_upload.class

Post by joeblow »

hi jacek

purchased and downloaded the 'secure file upload class' a little earlier my codecanyon nic is 'mokabin'
been struggling to get it set up out of the box
hope you can help me get it working
I am not great with php so it's probably something pretty simple

problem 1
"Strict Standards: Only variables should be passed by reference" from line 49
solved by creating a variable like so. is there a better way to avoid the error ?
[syntax=php]
...
$this->name = $_FILES[$key]['name'];
$var1 = explode('.', $_FILES[$key]['name']);
$this->extension = end($var1);
[/syntax]

problem 2
"Warning: disk_free_space(): The system cannot find the path specified. in .....\secure_upload.class.php on line 139"
my directory has a "files" folder [same root as example.php] and there's plenty of space.

problem 3 [assuming I remove the disk_free_space check for a moment]
"Error: E_DISALLOWED_TYPE"
the test file I am uploading is a <350kb png file. and if I print the file details it does not show a mime or type for the test upload file... it prints like so
Array ( [size] => 356114 [mime] => [type] => [temp_name] => C:\Windows\Temp\php6E8F.tmp [name] => testfile1.png [extension] => png )

your help would be appreciated
thanks very much
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: secure_upload.class

Post by Helx »

Moved to "Premium items".

Could you please give us more info?
Like the entire script (NOT the part you bought).

And have you edited the class file?
Where are you uploading the file to?
Where is the upload form located?

By that error, I think you may be trying to upload to a directory that does not exist on your server. (I would guess...)
joeblow
Posts: 7
Joined: Sat Dec 22, 2012 6:10 am

Re: secure_upload.class

Post by joeblow »

hi hlex. thanks for the quick reply. I'll try be a little more descriptive

on my localhost webserver "websites"
having created the directory "upload_test"
copy in "example.php"
copy in "secure_upload.class.php"
copy in "files"

nothing has been changed in any of the files
use example.php to upload "testfile1.png" [on the desktop] to "files"
the error returned is as follows -

Strict Standards: Only variables should be passed by reference in C:\websites\upload_test\secure_upload.class.php on line 49
Warning: disk_free_space(): The system cannot find the path specified. in C:\websites\upload_test\secure_upload.class.php on line 138
Error: E_DISK_SPACE
joeblow
Posts: 7
Joined: Sat Dec 22, 2012 6:10 am

Re: secure_upload.class

Post by joeblow »

to solve no space error, if I edit "example.php" to

[syntax=php]
<?php

if (isset($_FILES['image'])){
$upload = new secure_upload('image');
$upload->set_max_size(500 * 1024);
$upload->set_type_whitelist(array('image'));
$upload->set_extension_blacklist(array('php', 'phtml', 'php4', 'php5', 'pht', 'phps'));
$upload->save_to('./files' . $upload->name); // changed ./files/ to ./files

if ($upload->error > 0){
echo '<div>Error: ', $upload->get_error_constant_name(), '</div>';
}else{
echo '<img src="files/', $upload->name ,'" alt="', $upload->name, '" />';
}
}else{
?>
<form action="" method="post" enctype="multipart/form-data">
<div>
<input type="file" name="image" />
<input type="submit" value="Upload" />
</div>
</form>
<?php
}

?>
[/syntax]

and to remove the strict standard error, edit the "public function __construct()" in "secure_upload.class.php" to

[syntax=php]
public function __construct($key){
$this->temp_name = $_FILES[$key]['tmp_name'];
$this->upload_error = $_FILES[$key]['error'];
$this->mime_type = $this->get_mime();
$this->type = explode('/', $this->mime_type);
$this->type = $this->type[0];
$this->size = $_FILES[$key]['size'];
$this->name = $_FILES[$key]['name'];
$var1 = explode('.', $_FILES[$key]['name']); // added a variable here
$this->extension = end($var1);
}
[/syntax]

the following error is returned when uploading "testfile1.png"
Error: E_DISALLOWED_TYPE
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: secure_upload.class

Post by jacek »

Hi,

The strict error is due to a default config value being changed in a recent PHP update, it can (safely) be hidden by adding

[syntax=php]error_reporting(E_ALL & ~E_STRICT);[/syntax]
at the top of the page.

The second thing is most likely due to the fact that a specific php extension is needed to determine the type of a file, actually there are three ways, it has happened before that all three have not been available on a server. You would have to ask your host about that but if it is the problem then you will not be able to use the type restriction feature.

Jacek
Image
joeblow
Posts: 7
Joined: Sat Dec 22, 2012 6:10 am

Re: secure_upload.class

Post by joeblow »

Hi Jacek

what's the specific php extension and where would I find it ?

thanks
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: secure_upload.class

Post by jacek »

joeblow wrote:Hi Jacek

what's the specific php extension and where would I find it ?

thanks


Sorry for the delay, the Fileinfo extension would be the best option to go for, info here http://php.net/manual/en/book.fileinfo.php
Image
joeblow
Posts: 7
Joined: Sat Dec 22, 2012 6:10 am

Re: secure_upload.class

Post by joeblow »

thanks. appreciated.
joeblow
Posts: 7
Joined: Sat Dec 22, 2012 6:10 am

Re: secure_upload.class

Post by joeblow »

Jacek

working fine. many thanks.

next question for you if you don't mind. attempting to resizing an image is returning an error as follows

[syntax=text]Warning: imagecreatefrompng(C:\Windows\Temp\php618E.tmp): failed to open stream: No such file or directory in C:\websites\upload_test\secure_upload.class.php on line 186
Error: E_NOT_RESIZABLE[/syntax]

no changes to `secure_upload.class` and this is the script

[syntax=php]
if (isset($_FILES['image'])){

$upload = new secure_upload('image');
$upload->set_max_size(1920 * 1080);
$upload->set_type_whitelist(array('image'));
$upload->set_extension_blacklist(array('php', 'phtml', 'php4', 'php5', 'pht', 'phps'));
$upload->save_to('pics/' . $upload->name);
$upload->save_image_resized('pic_thumbs/' . $upload->name, 150, 0, false, 50);

if ($upload->error > 0){
echo '<div>Error: ', $upload->get_error_constant_name(), '</div>';
}else{
echo '<img src="files/', $upload->name ,'" alt="', $upload->name, '" />';
}
}
[/syntax]
joeblow
Posts: 7
Joined: Sat Dec 22, 2012 6:10 am

Re: secure_upload.class

Post by joeblow »

sorry. lol. it just occurred to me that the script errors because it tries to resize a tmp file that has already been moved.

problem solved.
Post Reply