Jump to content
Sign in to follow this  
mboehler3

Form field to Upload a specific file, does not upload

Recommended Posts

I have a form that has four fields, and the last field is an upload-file field. I want the user to upload a video file, which must be in one of four formats. The uploaded video will be placed in a folder on my server. Once the form submits, an email is sent to me and the form fields are stored in a database.I am getting emails and seeing the information in my database, but I cannot get the upload onto my server. Also, file types that I want to accept are being told that it's not acceptable. For instance, I tried to upload a .mov file and got the message: The file is not a video format we accept.I have been talking to some colleagues of mine but I cannot get this fixed. Can someone take a look at this code and offer any advice? Here is my code:

<?php //ftp acess$host = "ftp.hostname.com";$usr = "username";$password = "pass";//This is the directory where images will be saved$local_file = $_FILES['video']['tmp_name'];$ftp_path = "/upload/".$_FILES['video']['name'];$type = $_FILES['video']['type'];$size = $_FILES['video']['size'];if($size < 151000000) {if(($type == 'video/mpeg') || ($type =='video/mov') || ($type =='video/mp4') || ($type =='video/mpg') || ($type =='video/avi')) {//connect to the FTP server$conn = ftp_ssl_connect($host, 21) or die("Can't connect to the host!");ftp_login($conn, $usr, $password) or die("Cannot login");  $upload = ftp_put($conn, $ftp_path, $local_file, FTP_ASCII);// check upload status:} else {echo "The file is not a video format we accept";}} else {echo "The size of the file is to large";}// close the FTP streamftp_close($conn);//This gets all the other information from the form$name=$_POST['name'];$email=$_POST['email'];$phone=$_POST['phone'];$vid=addslashes(basename($_FILES['video']['name']));// Connects to your Databasemysql_connect("localhost", "username", "pass") or die("Error connect: ".mysql_error()) ;mysql_select_db("database_name") or die("Can't connect to Database".mysql_error()) ;//Writes the information to the database$query = "INSERT INTO video (videoid, Name, Email, Phone, Video) VALUES ('','$name', '$email', '$phone', '$vid')";if(!mysql_query($query)){  echo "Error uploading information";}else {  $headers = 'From: '.$email. "\r\n" . 'Reply-To: '.$email. "\r\n". 'X-Mailer: PHO/' . phpversion();  $message = "Name: ".$name . "\r\n";  $message .= "Email : ".$email . "\r\n";  $message .= "Phone number: ".$phone. "\r\n";;  $message .= "Video file: ". $vid;  mail("myemail@gmail.com", "Video uploaded", $message,$headers);header('Location: http://mysite.com/submit/thank-you.php') ;}?>

Thank you in advance for any help you can provide.

Share this post


Link to post
Share on other sites

It would be better to get the file's extension and compare that with a list of extensions instead of using the mime type supplied by the browser. You can get the extension like this: $ext = strtolower(@array_pop(explode('.', $local_file))); You should also enable all error messages, there would be an error in that script if either of those 2 if statements are false. If you're not seeing that error message then error messages aren't enabled. You're also adding the record to the database regardless of whether or not the file was uploaded.

Share this post


Link to post
Share on other sites
Guest So Called
Also, file types that I want to accept are being told that it's not acceptable. For instance, I tried to upload a .mov file and got the message: The file is not a video format we accept.
<?php $type = $_FILES['video']['type']; echo "type = $type"; // <------ add echo statement to see what value the statement below is testing if(($type == 'video/mpeg') || ($type =='video/mov') || ($type =='video/mp4') || ($type =='video/mpg') || ($type =='video/avi')) { ////// } else { echo "The file is not a video format we accept"; }

Why not start out with finding the caue of your type failing?

Share this post


Link to post
Share on other sites

That's why it fails, because you're not checking for "video/quicktime". That's why I suggested using the extension instead of trying to build a list of all possible mime types that any browser might submit for the formats you want to allow. There are other security issues if you're only checking mime type and not extension (they could upload a PHP script and tell the server it is a "video/avi" file and you would save it on your server for them to execute).

  • Like 1

Share this post


Link to post
Share on other sites
Guest So Called
Adding the echo statement gave me this: type = video/quicktimeThe file is not a video format we accept
I pretty much expected something like that. So you'll either have to add that mime type or do something different.

Share this post


Link to post
Share on other sites
Guest So Called
That's why it fails, because you're not checking for "video/quicktime". That's why I suggested using the extension instead of trying to build a list of all possible mime types that any browser might submit for the formats you want to allow. There are other security issues if you're only checking mime type and not extension (they could upload a PHP script and tell the server it is a "video/avi" file and you would save it on your server for them to execute).
Good point! It seems to me that the OP might be well advised to check both mime type and file extension, and maybe even check against each other to verify the type matches the extension. Anyway I presume now the OP understands what the problem is.
  • Like 1

Share this post


Link to post
Share on other sites

Awesome, now the video is accepted and I am directed to the Thank You page. The last remaining problem is that the video does not upload to my server. It's supposed to be in my /uploads/ folder, but it doesn't go there. Is there any way to determine why this is not working, using a similar echo method?

Share this post


Link to post
Share on other sites

Again, step 1 is to enable error messages. ini_set('display_errors', 1);error_reporting(E_ALL);

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...