Page 2 of 2

Re: Secure File Upload Class - Problem

Posted: Sun Jul 24, 2011 3:29 pm
by Mikem
Hi, sorry to bug you again, but I am having a little problem.

Everythings works perfectly except the file max size, basicaly if the file size is superior to the one set, it won't return an error, wont upload either of course, but it just returns to the upload page with all forms reset :/

<?php

error_reporting(E_ALL & ~E_STRICT);

include('mime_content_type.php');
include('secure_upload.class.php');

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<title>Secure File Upload Class</title>
	</head>
	<body>
		<?php
		
		if (isset($_FILES['file1'])){
			$upload1 = new secure_upload('file1');
			$upload1->set_max_size(1310720);
			$upload1->set_extension_whitelist(array('zip','rar','doc','docx','pdf'));
			$upload1->save_to('./files/' . $upload1->name);
			
		if ($upload1->error > 0){
				echo '<div>Error: ', $upload1->get_error_constant_name(), '</div>';
			}else{
				echo 'success';
			}
		}
			
		if (isset($_FILES['file2'])){
			$upload2 = new secure_upload('file2');
			$upload2->set_max_size(1310720);
			$upload2->set_extension_whitelist(array('zip','rar','doc','docx','pdf'));
			$upload2->save_to('./files/' . $upload2->name);
			
		if ($upload2->error > 0){
				echo '<div>Error: ', $upload2->get_error_constant_name(), '</div>';
			}else{
				//echo 'success';
			}
		}
			
		if (isset($_FILES['file3'])){
			$upload3 = new secure_upload('file3');
			$upload3->set_max_size(1310720);
			$upload3->set_extension_whitelist(array('zip','rar','doc','docx','pdf'));
			$upload3->save_to('./files/' . $upload3->name);
			
		if ($upload3->error > 0){
				echo '<div>Error: ', $upload3->get_error_constant_name(), '</div>';
			}else{
				//echo 'success';
			}
		}

			

		if ((isset($_FILES['file1'])) || (isset($_FILES['file2'])) || (isset($_FILES['file3']))){
			//don't print form if upload is set
			} else {
			?>
			<form action="" method="post" enctype="multipart/form-data">
				<div>
					<input type="file" name="file1" />
                    <br>
                    <input type="file" name="file2" />
                    <br>
                     <input type="file" name="file3" />
					<input type="submit" value="Upload" />
				</div>
			</form>
			<?php
		}
		
		?>
        
        
	</body>
</html>
That max filesize should be 10MB, anything uploaded above that size just returns to the upload form with no errors, I need it to return an error if the file is too big.

Thanks for your time.

Re: Secure File Upload Class - Problem

Posted: Mon Jul 25, 2011 11:20 am
by jacek
                if ((isset($_FILES['file1'])) || (isset($_FILES['file2'])) || (isset($_FILES['file3']))){
                        //don't print form if upload is set
                        } else {
                        ?>
                        <form action="" method="post" enctype="multipart/form-data">
                                <div>
                                        <input type="file" name="file1" />
                    <br>
                    <input type="file" name="file2" />
                    <br>
                     <input type="file" name="file3" />
                                        <input type="submit" value="Upload" />
                                </div>
                        </form>
                        <?php
                }
The only way you can get the upload form again is if none of the files have been sent, I think that the $_FILES array element is populated even if no file is selected, try
                if (empty($_FILES['file1']['name']) && empty($_FILES['file2']['name']) && empty($_FILES['file3']['name'])){
                        ?>
                        <form action="" method="post" enctype="multipart/form-data">
                                <div>
                                        <input type="file" name="file1" />
                    <br>
                    <input type="file" name="file2" />
                    <br>
                     <input type="file" name="file3" />
                                        <input type="submit" value="Upload" />
                                </div>
                        </form>
                        <?php
                }
And see if you get the same result.

Re: Secure File Upload Class - Problem

Posted: Mon Jul 25, 2011 3:18 pm
by Mikem
Still the same thing, if there is a file with a bigger filesize the the maximum limit it'll just return to the file selection form, empty.

Also on my form there user can leave the upload form empty, its optional to attach documents if the user wants it, I just need it to return the error if the filesize is too big, right now it just comes back to the page and resets all my forms which is an issue.

Re: Secure File Upload Class - Problem

Posted: Mon Jul 25, 2011 7:15 pm
by jacek
Can you make sure your php.ini settings for memory_limit, upload_max_size and post_max_size are all large than the file ?

Re: Secure File Upload Class - Problem

Posted: Mon Jul 25, 2011 9:15 pm
by Mikem
Yeah I can, but the point being here to make sure it returns an error if the user attemps to upload a file that's too big.

Re: Secure File Upload Class - Problem

Posted: Tue Jul 26, 2011 12:21 pm
by jacek
Mikem wrote:Yeah I can, but the point being here to make sure it returns an error if the user attemps to upload a file that's too big.
If the post data that the users sends is larger than the limit imposed by the server there is no way to catch it as the $_FILES array is not even populated.

Re: Secure File Upload Class - Problem

Posted: Tue Aug 02, 2011 5:29 pm
by Mikem
Well I am setting a limit of 10 mb per file and there's 3 files, so that's 30mb max.

Now I though the script would block the post process or is it? in case any file is above 10MB, say a user tried to upload a 10GB file, then should I set set php max memory etc to more then 10Gb so the php upload/your script can catch an error? pretty nonsense

Isn't there any way to return an error message if the file was too big? I though that's what your script would do.

Re: Secure File Upload Class - Problem

Posted: Tue Aug 02, 2011 7:57 pm
by jacek
If the file is too big but still smaller than your post_max_size it should work.

You can see this in the demo when you upload a large file.