File Upload Help

gezer77 · #1 (**permalink**) 07-24-04, 09:57 AM

Yeah, I have posted on here about how to check for a title in the form before uploading, and at first it worked. Then it just stopped working. The script was never changed, here is the code for php script

Code:

<link rel="stylesheet" href="stylesheet.css" type="text/css">
<?php

    //check for title
    if ($title = ' ')
{

    echo 'Please enter a title and try again';
    exit();
}


     //Check first if a file has been selected 
     if (is_uploaded_file($_FILES['uploaded']['tmp_name'])) 
     { 

     //Get the Size of the File 
     $size = $_FILES['uploaded']['size'];

     //Get File Type
     $file_type = $_FILES['uploaded']['type']; 

     //Make sure that $size is less than 3MB and file type is right
     if ($size > 3000000) 
     { 

          //Print the error 
          echo 'File Too Large. Please select another File.'; 
          exit(); 
     }
   


       else if ( $file_type != "audio/mpeg" && $file_type != "audio/wav" )
    {

       //print error
       echo 'File Extension Incorrect. Please Select another file.';
       exit();

    } 
       
       

     

     //Move the File to the Directory of your choice 
     if (move_uploaded_file($_FILES['uploaded']['tmp_name'],'uploads/'.$_FILES['uploaded']['name'])) {

     

     //tell the user that the file has been uploaded 
     echo 'File Uploaded!<br>'; 
     echo 'It will be added to the licks page soon';
     

     //email me the title etc

     $myemail = "gezer77@theguitarlicks.com";

     if (!isset($visitormail));


     $todayis = date("l, F j, Y, g:i a") ;

     $subject = "New File Uploaded" ;

     $ip = getenv("REMOTE_ADDR");


     $message = " Title: $title \n
     IP = $ip \n ";
     
     $from = "From: $myemail\r\n";
     if ($myemail != "")
     mail($myemail, $subject, $message, $from);

     exit(); 

     } 
     else 
     { 

          //Print error 
          echo 'Unable to move the File'; 
          exit(); 

     } 
} 


else 
{ 

     //Print error 
     echo 'No File Selected';
     exit(); 

} 

?>

Heres the form code

Code:

<FONT face="verdana" size="0" color="7C1409">
<form action="upload.php" method="post" enctype="multipart/form-data">
Select a File to Upload:<br><br>
Title: <input type=text name="title" size="15"><br> 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="file" name="uploaded" value="Browse" size="16" style="background-color:#ffffff; border-color: #7C1409; border-width: 1; font-size: 10px; color:#000000; font-family: verdana, geneva, helvetica, arial;">
<input type="hidden" name="MAX_FILE_SIZE" value="3000000"><br>
<input type="Submit" value="Upload File" style="background-color:#C0B07C; border-width: 1; border-color: #7C1409; font-size: 10px; color:#7C1409; font-family: verdana, geneva, helvetica, arial;"> 
</form></font>

mdhall · #2 (**permalink**) 07-24-04, 11:18 AM

Try this...

$title=$_POST['title'];
if($title){
echo "Title is required";
exit();
}

kvnband · #3 (**permalink**) 07-24-04, 12:29 PM

yeah try mdhall's suggestion. If your host just upgraded PHP, this might be the problem.

mikaelf · #4 (**permalink**) 07-24-04, 02:51 PM

Quote:

Originally Posted by mdhall

Try this...

$title=$_POST['title'];
if($title){
echo "Title is required";
exit();
}

Maybe he meant:

PHP Code:


			
 $title=$_POST['title'];

 if(!$title){

    echo "Title is required";

    exit();

 }

Another way, you can manipulate php environment by using php function: ini_set. however, be careful, using this way, somebody may do something nasty.

PHP Code:


			
ini_set('register_globals','1');

Acecool · #5 (**permalink**) 07-31-04, 06:44 PM

A reason globals arent good is because of something like this:

Say this forum ran only with globals on, you could goto posting.php or something and use the textbox id in the url, and bang, you could post by refreshing, and refreshing, and refreshing...

It could also be used to run third party scripts on your site, to get passwords, to delete everything etc.