-1

Hi all

I have some functionality that allows the upload of files such as MS word docs, zips etc. It works fine on my pc and another test machine but doesn't seem to work on two other machines I've tested. All machines have Windows XP installed. The first machine that is having problems only has issues uploading PDF's. The second machine having problems can't upload anything at all.

Please could someone have a look at my code below and tell me if there's anything there that could be causing these problems. I'm pretty sure I have the MIME types right. I'm really puzzled as to what is causing this.

P.S. My code isn't the best in the world. Note that this upload script is not being used publicly on the website so security issues aren't top priority.

class DocumentUpload
{
	//Variables values gained from the __construct() method
	public $inputName;
	public $original;
	public $timeOriginal;
	public $tempName;
	public $docType;
	public $folder;
	public $dbFolder;
	public $page;
	public $pathAndFile;
	public $pathTimeFile;
	public $dbFile;
	public $dbTimeFile;
	//Variables used in the upload() method
	public $thumb;
	public $success;
	public $result;
	public $mailSubject = "";
	//Variable used to see which path and filename must be added to the database
	public $timedFile;
	
	//Array of acceptable MIME types
	public $permitted = array('application/pdf', 'application/zip', 'application/msword', 'application/vnd.ms-powerpoint', 'application/vnd.ms-excel');
    //variables set assuming the file is unacceptable
	public $sizeOK = false;
	public $typeOK = false;
		
	public function __construct($inputName, $folder, $dbFolder, $page)
	{
		$this->inputName			= $inputName;
		$this->original				= str_replace(array(" ", 'PDF'), array("_", 'pdf'), $_FILES[''.$inputName.'']['name']);
		$this->timeOriginal			= time().$this->original;
		$this->tempName				= $_FILES[''.$inputName.'']['tmp_name'];
		$this->docType				= $_FILES[''.$inputName.'']['type'];
		$this->folder				= $folder;
		$this->dbFolder				= $dbFolder;
		$this->pathAndFile			= $folder.$this->original;
		$this->pathTimeFile			= $folder.time().$this->original;
		$this->dbFile				= $dbFolder.$this->original;
		$this->dbTimeFile			= $dbFolder.time().$this->original;
		$this->page					= $page;
	}
	
	
	//Upload an image to the server
	public function upload($chmod)
	{
		//check that the file is of a permitted MIME type
		foreach($this->permitted as $type)
		{
			if($type == $this->docType)
			{
				$this->typeOK = true;
				break;
			}
		}
		
		//Check if the file type has been verified as valid
		if($this->typeOK)
		{
			switch($_FILES[''.$this->inputName.'']['error'])
			{
				case 0:
					// Make sure file of the same name does not exist
					if (!file_exists($this->pathAndFile))
					{
						$this->success = move_uploaded_file($this->tempName, $this->pathAndFile);
						chmod($this->pathAndFile, $chmod);
						
						//Variable used to see which path and filename must be added to the database
						$this->timedFile = false;
					}
					else
					{
						$this->success = move_uploaded_file($this->tempName, $this->pathTimeFile);
						chmod($this->pathTimeFile, $chmod);
						
						//Variable used to see which path and filename must be added to the database
						$this->timedFile = true;
					}
					
					//If the file was uploaded
					if ($this->success)
					{
						$this->result = "Document added successfully.";
					}
					else
					{
						$this->result = "There was an error uploading the file. <a class=\"clrBrown\" href='".$this->page."' >Please try again</a>.";
					}
					break;
				case 3:
					$this->result = "There was an error uploading the file. <a class=\"clrBrown\" href='".$this->page."' >Please try again</a>.";
				default:
					$this->result = "System error uploading file. Contact the <a class=\"clrBrown\" href=\"mailto:test@website.com".$this->mailSubject."\">webmaster</a>";
			}
		}
		else if($_FILES[''.$this->inputName.'']['error'] == 4)
		{
			$this->result = 'No file selected';
		}
		else
		{
			$this->result = "File cannot be uploaded. Acceptable file types: ppt, xls, doc, pdf, zip. <a class=\"clrBrown\" href='".$this->page."' >Please try again</a>.";
		}
	}
}
3
Contributors
5
Replies
6
Views
8 Years
Discussion Span
Last Post by liamfriel
2

Hey.

Looking over that, I see nothing essentially wrong with it.
I assume you have ruled out the usual file permissions issues and upload size limitations?

When the code is not working, does it give you any sort of error messages?
(Are error messages even turned on in the server?)

One the server that only blocked PDF files, did you try printing the mime type that you were actually getting?
Also, keep in mind that the type that is sent with the file is sent by the browser, so it is not 100% reliable or consistent.
(Different browsers may use different mime types for the same file type)

P.S. $array[''.$name.''] should be $array[$name] .
The surrounding strings in all your array element names are not needed. Serve no purpose.

Edited by Atli: n/a

Votes + Comments
Thanks for the help ;)
0

Hey.

Looking over that, I see nothing essentially wrong with it.
I assume you have ruled out the usual file permissions issues and upload size limitations?

When the code is not working, does it give you any sort of error messages?
(Are error messages even turned on in the server?)

One the server that only blocked PDF files, did you try printing the mime type that you were actually getting?
Also, keep in mind that the type that is sent with the file is sent by the browser, so it is not 100% reliable or consistent.
(Different browsers may use different mime types for the same file type)

P.S. $array[''.$name.''] should be $array[$name] .
The surrounding strings in all your array element names are not needed. Serve no purpose.

Yes, file permission and upload size are not the issue. The server hasn't got error messaging turned on. I'll see if I can get that sorted out. I haven't echo'd the mime type to see if there's anything difference on the two problematic machines from the two working machines, but I'll do so and see if that's the issue (didn't know that browsers gave different mime types).

Thanks for your tip in your P.S. ;)

Edited by Venom Rush: n/a

0

Ok, so it seems it was the MIME types in the end.

For future reference, is there any other way to find out the MIME type of a file (other than checking the file extension based on the name)?

0

You can try the FileInfo module. It looks for certain byte-sequences within files to guess their mime type.

For images, you can use the getimagesize function. It returns the actual type of the image based on the data, rather then any outside info.

For PDF files, if you do not use FileInfo, you can read the first few bits of the file and check if they are really valid headers for a PDF document. All valid PDF documents should start with something like %PDF , so you could do:

<?php
function validate_pdf($path) {
	$fh = fopen($path, "rb");
	if($fh) {
		$header = fread($fh, 4);
		if($header == "%PDF") {
			return true;
		}
		else {
			return false;
		}
	}
	else {
		return false;
	}
}
?>

It's not exactly bullet-proof, but it should at least filter out files that are just renamed to ".pdf".

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.