Jump to content

pdf upload form php


LucaCrippa
 Share

Recommended Posts

Hi there, I'm a novice on php programmin', and I just have a question 'bout a script for uploadin' pdf files on my website. I would like to allow administrator to upload pdf files in the restricted area of the site, then I would like to implement a script that generates automatically the links for the download of the uploaded pdf files. This is the code: The form for the upload:

<form action="upload3.php" method="post" enctype="multipart/form-data">	    <input type="file" name="filepdf" /><br />	    <input type="submit" value="Upload menu pdf" name="upload_pdf" /></form>

The upload3.php file included in the form:

<?php    $pdfPath = "http://www.coroconcorezzo.it/Spartiti/";    $maxSize = 102400000000;    if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['upload_pdf'])) {   	    if (is_uploaded_file($_FILES['filepdf']['tmp_name'])) {		    if ($_FILES['filepdf']['type'] != "application/pdf") {			    echo '<p>Il file non è un PDF</p>';		    } else if ($_FILES['filepdf']['size'] > $maxSize) {			    echo '<p class="error">File troppo grande. Dimensione massima: ' . $maxSize . 'KB</p>';		    } else {			    $menuName = 'file.pdf';			    $result = move_uploaded_file($_FILES['filepdf']['tmp_name'], $pdfPath . $menuName);			    if ($result == 1) {				    echo '<p class="error">Menu caricato</p>';			    } else {				    echo '<p class="error">Si è verficato un errore</p>';			    }		    }	    }    }?>

But when I try to upload a pdf file I receive this error message:

Warning: move_uploaded_file(http://www.coroconcorezzo.it/Spartiti/file.pdf) [function.move-uploaded-file]: failed to open stream: HTTP wrapper does not support writeable connections inD:\Inetpub\webs\coroconcorezzoit\upload3.php on line 14Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\PHP\upload\phpF162.tmp' to 'http://www.coroconcorezzo.it/Spartiti/file.pdf' in D:\Inetpub\webs\coroconcorezzoit\upload3.php on line14Si è verficato un errore
The website is www.coroconcorezzo.itHow can I fix it? Thank you! ps: the files attribution is 777 for every file and folder in my website.
Link to comment
Share on other sites

use local path of server instead of web path using http

Link to comment
Share on other sites

absolute pathC:/user/some/file/path/in/windows/user/some/file/path/in linux or relative path calling from user directoryfile/pathwill get you C:/user/some/file/pathetc

Link to comment
Share on other sites

On an unrelated, but more important note, don't ever validate uploaded files by the "type" in the $_FILES array. The reason for this is, that the "type" in the $_FILES array comes from the same source as the file itself... the user. And not only can the type vary depending on the browser you're using, it can also be faked. In other words, I can upload a .php file with an application/pdf content type, and your site would think it's safe. Always validate the file extension, and make sure that PHP doesn't parse it.

Link to comment
Share on other sites

absolute pathC:/user/some/file/path/in/windows/user/some/file/path/in linux or relative path calling from user directoryfile/pathwill get you C:/user/some/file/pathetc
Ok... but, what is my server path? How can I find it? D:\Inetpub\webs\coroconcorezzoit\upload4.php ?
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...