0

Ok, I am not a professional in PHP as I am more on front-end than back-end. I want to know some information of file upload in PHP. I did create a website as a project where users can upload images, with its security and validation. The images stored in a folder. It was good. However, I have not tried other things with file upload, so here are my questions:

1/ When I did the image upload system, I used the $FILES function, name, size and tmp_name. Then I checked the image formats with regular expression. I want to know, will this be applied on any file formats like docx, pdf, mp3, rar, zip etc? I mean if I want to let users upload any file format, is the procedure the same?

2/ I am not going to use database. The files uploaded will be in a folder. Before upload, the user can choose a period when the file will be deleted. For example, the user can chose 3 days, 1 week and 1 month for the file to be deleted automatically. Can we do this in PHP? If yes, how it works? Well, I am not asking for codes here, but you can expain me. Suppose the user chooses 3 days in a drop dow list, how to proceed the algorithm for the uploaded file to be deleted automatically from the folder in 3 days?

Thank!

Edited by angelali2013

2
Contributors
4
Replies
10
Views
4 Years
Discussion Span
Last Post by angelali2013
0
  1. Yes.

  2. You can write the filename and a timestamp to a textfile. Have a cron job running once a day to check the file, and delete any that expired.

0

well, I don't know what is cron job lol.

I made a simple script to upload all formats and it worked. I use regular expression to check file formats not MIME, because I have read MIME can be modified. ANd I find the regular expression better, easy and only one line of code lol.

I have some remaining questions, I dont wan people to upload EXE and other formats. Of course, it will fail if someone wants to upload a prohibited file format file. However, as I am letting people upload RAR and ZIP, they can archived a prohibited file format in ZIP or RAR and it will upload. How to prevent this?

Moreover, once a file is uploaded, the user will get a link of the file. All uploaded files are stored in a folder called "files". So the link is something like this:

http:www.example.com/files/xxxxxxx.pdf

Can I remove the folder name "files" and the file format "pdf" in the link and make the URL appears like this:

http:www.example.com/xxxxxxx

If yes, what is the step? Mod Rewrite or I can do it in my script itself?

Finally, I want to make a short URL version as well, any tutorial?

0

A cron job is a scheduled task.

Scan the archives (unpack or list), if they are in violation, deny.

Yes, mod_rewrite can do that.

What do you mean by short url version?

0

Short URL I mean like Tiny URL. A short URL of the above link example. By the way, I am reading some security on file upload, it seems there are lot of securty issues in PHP itself.

I am planning to use database to store the uploaded file name and the timestamp. I will use databse only for this to make life easier to delete these files after some time.

By the way, which is good forsecurity, validating the file format with regular expression or by MIME?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.