Source for file upload_example.php

Documentation is available at upload_example.php

  1. <?php
  2. /**
  3. * upload_example.php
  4. *
  5. * (C) 2007 SPLINELAB http://www.splinelab.com/flexupload/
  6. *
  7. * Simple upload-script to demonstrate and test FlexUpload.
  8. * Feel free to use this to start developing your own scripts.
  9. *
  10. * Your upload script have to return some information for FlexUpload.
  11. *
  12. * If the upload was successfull just print "OK" (uppercase without quotation marks)
  13. * If something went wrong print a nice error message to inform the user what happened.
  14. *
  15. *
  16. *
  17. * Important Note:
  18. *
  19. * In real-life your upload script have to be more secure than this one.
  20. * You have to make sure that only authorized users can upload files to your server!
  21. * You also should check the extension of the uploaded file to prevent bad guys to upload
  22. * malicious executable files (you should not accept files endig with .ph*, .cgi, .pl, ...)
  23. *
  24. *
  25. *
  26. * Notes for migration from JavaUpload:
  27. *
  28. * The field name has changed to "Filedata" (this is the default in Flex) so you have to use
  29. * $_FILES['Filedata'] to access the uploaded file.
  30. *
  31. * The format of the return value also has changed. If you print something different than "OK"
  32. * FlexUpload assumes an error.
  33. * E.g. In JavaUpload you printed "success=1\r\n" if your upload succeeds and
  34. * "success=0\r\nSome error occurred"
  35. * Now you print "OK" if your upload succeeds and "Some error occured". This helps to avoid
  36. * parsing errors of the return value if your script raises some php warnings or errors.
  37. *
  38. *
  39. * @version 1.0
  40. * @author Mirko Schaal <ms@splinelab.com>
  41. * @package FlexUpload
  42. * @subpackage example
  43. */
  44.  
  45.  
  46. // just test GET parameters provided to the postURL parameter...
  47. //echo "myGETVariable: ".$_GET['myGETVariable'];
  48.  
  49.  
  50. // is Filedata there?
  51.  
  52. if (! isset($_FILES['Filedata'])) {
  53. echo "Whooops! There is no file! (maybe filesize is greater than POST_MAX_SIZE directive in php.ini)";
  54. exit;
  55. }
  56.  
  57. // make nicer filenames ;)
  58. $fn = preg_replace("/[^a-zA-Z0-9._-]/", "_", $_FILES['Filedata']['name']);
  59. // and set the directory
  60. $fn = 'uploaddir/'.$fn;
  61.  
  62.  
  63. // check if the file already exists
  64. if ( file_exists($fn) ) {
  65. echo "File exists - i don't like to overwrite it!";
  66. exit;
  67. }
  68.  
  69. // move the uploaded file
  70. if (is_uploaded_file($_FILES['Filedata']['tmp_name'])) {
  71. if (move_uploaded_file($_FILES['Filedata']['tmp_name'], $fn)) {
  72. @chmod($fn, 0666);
  73. echo 'OK';
  74. } else {
  75. echo 'can\'t move the uploaded file';
  76. }
  77. } else {
  78. switch($_FILES['Filedata']['error']) {
  79. case 0:
  80. echo 'possible file attack!';
  81. break;
  82. case 1:
  83. echo 'uploaded file exceeds the UPLOAD_MAX_FILESIZE directive in php.ini';
  84. break;
  85. case 2:
  86. echo 'uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form';
  87. break;
  88. case 3:
  89. echo 'uploaded file was only partially uploaded';
  90. break;
  91. case 4:
  92. echo 'no file was uploaded';
  93. break;
  94. default: //a default error, just in case! :)
  95. echo 'default error - that\'s magic!';
  96. break;
  97. }
  98. }
  99. ?>

Documentation generated on Sun, 17 Jun 2007 11:38:02 +0200 by phpDocumentor 1.3.0RC3