djp1988 Posted August 6, 2008 Share Posted August 6, 2008 I have the following php code : $user = $_SESSION['user_id']; $type = $_FILES['thefile']['type']; if(move_uploaded_file(($_FILES['thefile']['tmp_name']), "path/{$_FILES['thefile']['name']}")){ $image = $_FILES['thefile']['name']; I want to rename the file as : memberid.gif or .jpgso something like :$user.jpgBut I can't seem to be able to do soOne of my other attempts: if(move_uploaded_file(($_FILES['thefile']['tmp_name']), "path/{$_FILES['thefile']}".$user."{$_FILES['name']}")){} But that failed, that was a compromise to have at least the member id at the start of the file name, but.... what I really want is:member 22 uploaded: 22.jpgmember 156 uploaded: 156.gif... Link to comment Share on other sites More sharing options...
Jesdisciple Posted August 6, 2008 Share Posted August 6, 2008 First, this will make it easier for both humans and machines to read your code: if(move_uploaded_file(($_FILES['thefile']['tmp_name']), "path/{$_FILES['thefile']}{$user}{$_FILES['name']}")){} Are you sure $user has been assigned? Better yet, can we see your full code? Link to comment Share on other sites More sharing options...
jeffman Posted August 6, 2008 Share Posted August 6, 2008 Just your basic debug suggestions:Have you echoed your destination string to make sure it's formed correctly?Is "path/ written that way just for our benefit? You're not missing a $ ?Is the path correctly formed relative to the location of your script? (This one burns people all the time.)Are you reporting all errors and warnings? Do they say anything? Link to comment Share on other sites More sharing options...
djp1988 Posted August 6, 2008 Author Share Posted August 6, 2008 No all that is correct, the file is being placed there but not named as I want it to be Link to comment Share on other sites More sharing options...
jeffman Posted August 6, 2008 Share Posted August 6, 2008 Oh. So the problem is constructing the correct file name? Try tinkering with this. $ext = array_pop( explode('.', $_FILES['thefile']['name']) );// add some lines to validate $ext$fname = "$user.$ext"; Explode() takes a string and turns it into an array, using another string (in this case '.') as a delimiter. Since we don't need the whole array, I don't assign it to anything. I immediately pop the final value off the array, and assign that to $ext. Since it's the final value, it should be the file extension. Then I concatenate that to $user, which I guess is the username you're after.Just to be safe, you should validate that $ext exists and is a valid image extension in your context. Link to comment Share on other sites More sharing options...
djp1988 Posted August 6, 2008 Author Share Posted August 6, 2008 thanks, now what about this 'security' issues on allowing a directory to be uploaded on? Am I in danger? I have in my script only allowed jpg's to be the file to be uploaded, but, is that enough? Link to comment Share on other sites More sharing options...
Jesdisciple Posted August 7, 2008 Share Posted August 7, 2008 Where did you see mention of security issues? The only one I know of is if you let an executable (e.g. .exe or .php) file be uploaded. (Although I'm not sure how a client would execute a .exe... Oh well.) Link to comment Share on other sites More sharing options...
jeffman Posted August 7, 2008 Share Posted August 7, 2008 The easiest thing is to store all your data in a directory (and its sub directories) that has an .htaccess file denying access to all. Such denial applies just to http requests, not to your own php reading and writing. So even if a hacker guessed at your directory structure and file naming scheme, and they did manage to store a nasty executable, any requests to access such a file would be denied.If you're not sure what I mean, google "htaccess deny" -- you'll find something. Link to comment Share on other sites More sharing options...
djp1988 Posted August 7, 2008 Author Share Posted August 7, 2008 Ok well I don't think I need to worry, I am only allowing jpg's to be uploaded Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.