Jump to content

Form field to Upload a specific file, does not upload


mboehler3
 Share

Recommended Posts

I have a form that has four fields, and the last field is an upload-file field. I want the user to upload a video file, which must be in one of four formats. The uploaded video will be placed in a folder on my server. Once the form submits, an email is sent to me and the form fields are stored in a database.I am getting emails and seeing the information in my database, but I cannot get the upload onto my server. Also, file types that I want to accept are being told that it's not acceptable. For instance, I tried to upload a .mov file and got the message: The file is not a video format we accept.I have been talking to some colleagues of mine but I cannot get this fixed. Can someone take a look at this code and offer any advice? Here is my code:

<?php //ftp acess$host = "ftp.hostname.com";$usr = "username";$password = "pass";//This is the directory where images will be saved$local_file = $_FILES['video']['tmp_name'];$ftp_path = "/upload/".$_FILES['video']['name'];$type = $_FILES['video']['type'];$size = $_FILES['video']['size'];if($size < 151000000) {if(($type == 'video/mpeg') || ($type =='video/mov') || ($type =='video/mp4') || ($type =='video/mpg') || ($type =='video/avi')) {//connect to the FTP server$conn = ftp_ssl_connect($host, 21) or die("Can't connect to the host!");ftp_login($conn, $usr, $password) or die("Cannot login");  $upload = ftp_put($conn, $ftp_path, $local_file, FTP_ASCII);// check upload status:} else {echo "The file is not a video format we accept";}} else {echo "The size of the file is to large";}// close the FTP streamftp_close($conn);//This gets all the other information from the form$name=$_POST['name'];$email=$_POST['email'];$phone=$_POST['phone'];$vid=addslashes(basename($_FILES['video']['name']));// Connects to your Databasemysql_connect("localhost", "username", "pass") or die("Error connect: ".mysql_error()) ;mysql_select_db("database_name") or die("Can't connect to Database".mysql_error()) ;//Writes the information to the database$query = "INSERT INTO video (videoid, Name, Email, Phone, Video) VALUES ('','$name', '$email', '$phone', '$vid')";if(!mysql_query($query)){  echo "Error uploading information";}else {  $headers = 'From: '.$email. "\r\n" . 'Reply-To: '.$email. "\r\n". 'X-Mailer: PHO/' . phpversion();  $message = "Name: ".$name . "\r\n";  $message .= "Email : ".$email . "\r\n";  $message .= "Phone number: ".$phone. "\r\n";;  $message .= "Video file: ". $vid;  mail("myemail@gmail.com", "Video uploaded", $message,$headers);header('Location: http://mysite.com/submit/thank-you.php') ;}?>

Thank you in advance for any help you can provide.

Link to comment
Share on other sites

It would be better to get the file's extension and compare that with a list of extensions instead of using the mime type supplied by the browser. You can get the extension like this: $ext = strtolower(@array_pop(explode('.', $local_file))); You should also enable all error messages, there would be an error in that script if either of those 2 if statements are false. If you're not seeing that error message then error messages aren't enabled. You're also adding the record to the database regardless of whether or not the file was uploaded.

Link to comment
Share on other sites

Guest So Called
Also, file types that I want to accept are being told that it's not acceptable. For instance, I tried to upload a .mov file and got the message: The file is not a video format we accept.
<?php $type = $_FILES['video']['type']; echo "type = $type"; // <------ add echo statement to see what value the statement below is testing if(($type == 'video/mpeg') || ($type =='video/mov') || ($type =='video/mp4') || ($type =='video/mpg') || ($type =='video/avi')) { ////// } else { echo "The file is not a video format we accept"; }

Why not start out with finding the caue of your type failing?
Link to comment
Share on other sites

That's why it fails, because you're not checking for "video/quicktime". That's why I suggested using the extension instead of trying to build a list of all possible mime types that any browser might submit for the formats you want to allow. There are other security issues if you're only checking mime type and not extension (they could upload a PHP script and tell the server it is a "video/avi" file and you would save it on your server for them to execute).

  • Like 1
Link to comment
Share on other sites

Guest So Called
Adding the echo statement gave me this: type = video/quicktimeThe file is not a video format we accept
I pretty much expected something like that. So you'll either have to add that mime type or do something different.
Link to comment
Share on other sites

Guest So Called
That's why it fails, because you're not checking for "video/quicktime". That's why I suggested using the extension instead of trying to build a list of all possible mime types that any browser might submit for the formats you want to allow. There are other security issues if you're only checking mime type and not extension (they could upload a PHP script and tell the server it is a "video/avi" file and you would save it on your server for them to execute).
Good point! It seems to me that the OP might be well advised to check both mime type and file extension, and maybe even check against each other to verify the type matches the extension. Anyway I presume now the OP understands what the problem is.
  • Like 1
Link to comment
Share on other sites

Awesome, now the video is accepted and I am directed to the Thank You page. The last remaining problem is that the video does not upload to my server. It's supposed to be in my /uploads/ folder, but it doesn't go there. Is there any way to determine why this is not working, using a similar echo method?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...