Advice on working with files

[businessman332211@hotmail.com]

I have a few questions on how to work this out with files.I have this script so far.

$management = true;$errorhandler = "";$filemanager = true;  if ($_POST['name'] == "") {  $errorhandler .= "The Name field has been left blank<br />";  }  if ($_POST['keywords'] == "") {  $errorhandler .= "The Keywords were left blank<br />";  }  	if(!is_uploaded_file($_FILES['file']['tmp_name'])){  $errorhandler .= "No file has been uploaded<br />";  $filemanager = false;  }    if ($filemanager == true) {$_accepted_extensions = array('.mpeg', '.mpg', '.wav', '.avi', '.mid', '.htm', '.jpg', '.jpeg', '.jfif', '.pdf', '.txt', '.wav', '.html', '.gif', '.mp2', '.mp3', '.bmp');    if ($filemanager == true) {   	 $tmp = pathinfo($_FILES['file']['name']);    if (in_array('.' . $tmp['extension'],$_accepted_extensions)) {   	 $filemanager = true;   	 $management = true;      }else {      $filemanager = false;      $management = false;      $errorhandler .= "You have attempted to upload the wrong file type<br />";      $errorhandler .= "We only accept mpeg, mpg, wav, avi, mid, midi, doc, htm, jpg<br />";      $errorhandler .= "jpeg, jfif, pdf, txt, wav, html, gif, qt, mp2, mp3 formats<br />";      $errorhandler .= "To request new file types email<br />";      $errorhandler .= "information@theyellowpagesnetwork.com";      }   	 }    }   	  	 if ($management == false || $filemanager == false) {    echo "{$errorhandler}";    }    

Ok This is what I have so far.Everything works great, I check the form over onwww.funnyemailforwards.com and I handle it here.I set my script at the top, I go through checking for blank space, then checking if the file was uploaded, if it uploaded I check for file extensions, then it gets down there, and if there were any errors encountered it displays error messages. But I have to get advice on a few things1. Are those good or bad files to download, s hould I add or remove some extensions.2. How do I move the files over to a folder, and should I embed them in teh page, or leave them as downloadable links, how do I get the pages to imbed automatically, with each upload3.The hardest thing is I have to set up to where I record the url of them and everythign including date, into a database, and then get something to send my client an email, he can accept/decline the entry, if he declines I need it to remove tha tentry from the database, and if not leave it alone, but I need the email to be directly related to the file that was entered, I don't know how to set this up.I really need advice any and all advice you could give would be greatly appreciated.

[justsomeguy]

1. If you allow HTML files, people can embed javascript or other objects or whatever into them, it's your choice whether you want to allow that.2. See this:http://www.php.net/manual/en/function.move-uploaded-file.phpand this:http://www.php.net/manual/en/features.file-upload.phpYou can also use $_FILES['file']['error'] to get an error code, the error codes are explained on the page on handling file uploads.It's your choice whether you want them to be downloadable or embedded, but you can't embed all of those file types.3. Have the email include a link to a page where he can sign in and accept or deny each of the pending entries, that's probably the easiest way.

[businessman332211@hotmail.com]

I have made some great progress on this, I have everything working now, and it uploads it to a folder, I am just about to database all the information but what i need to ask is, how do I get the ability to check the folder. If it uplaods the file to a folder, then later someone uploads teh same file, is there anything I can do to check if it's already there, orw uold it say file already exists, or would it just overwrite the old file, also here is my code below, so far by what I have, is there anything I can do to be more secure, or protect myself from anything.

<?php$management = true;$errorhandler = "";$filemanager = true;$dateinfo = date("n-d-y");if ($_POST['name'] == "") {	$errorhandler .= "The Name field has been left blank<br />";	}if ($_POST['keywords'] == "") {	$errorhandler .= "The Keywords were left blank<br />";	}if(!is_uploaded_file($_FILES['file']['tmp_name'])){	$errorhandler .= "No file has been uploaded<br />";	$filemanager = false;	}  if ($filemanager == true) {$_accepted_extensions = array('.mpeg', '.mpg', '.wav', '.avi', '.mid', '.jpg', '.jpeg', '.jfif', '.pdf', '.txt', '.wav', '.gif', '.mp2', '.mp3', '.bmp');   if ($filemanager == true) {  $tmp = pathinfo($_FILES['file']['name']);  if (in_array('.' . $tmp['extension'],$_accepted_extensions)) { 	 $filemanager = true; 	 $management = true; 	 }else { 	 $filemanager = false; 	 $management = false; 	 $errorhandler .= "You have attempted to upload the wrong file type<br />"; 	 $errorhandler .= "We only accept mpeg, mpg, wav, avi, mid, jpg<br />"; 	 $errorhandler .= "jpeg, jfif, pdf, txt, wav, gif, qt, mp2, mp3 bmp formats<br />"; 	 $errorhandler .= "To request new file types email<br />"; 	 $errorhandler .= "information@theyellowpagesnetwork.com"; 	 }  }	}    // Relative URL with desired folder name and the name of the file on the user's machineif ($management === true && $filemanager === true) {	$newfile = "uploads/".basename($_FILES['file']['name']);	$newfiletemp = "{$_FILES[file][tmp_name]}";	if (!move_uploaded_file($newfiletemp, $newfile)) {   	 $errorhandler .= "Your file was not uploaded properly.<br />";   	 $filemanager = false;   	 $manager = false;    }}	if ($management === false && $filemanager === false) {	echo "{$errorhandler}";	}		?>

[justsomeguy]

Actually, I have a little chunk of code that will rename the file nicely if one already exists, it will start numbering them sequentially. When I get home I'll dig that up. Respond to this to mark it as unread for me and I'll get to it a little later.

[businessman332211@hotmail.com]

That might work, so far I modifyed it to look like this

if ($management === true && $filemanager === true) {	$newfile = "uploads/".basename($_FILES['file']['name']);	$newfiletemp = "{$_FILES[file][tmp_name]}"; if (!file_exists($newfile)) {	if (!move_uploaded_file($newfiletemp, $newfile)) {   	 $errorhandler .= "Your file was not uploaded properly.<br />";   	 $filemanager = false;   	 $management = false;    } }}

If it doesn't exist then, it works out properly.

[justsomeguy]

Sorry for the delay, I didn't get online this weekend. I use something like this to name my files:

$basepath = "/path/to/upload/dir/";$filename = $_FILES['file']['name'];if (file_exists($basepath . $filename)){  $nr = 0;  $filename = $_FILES['file']['name'] . "_{$nr}";  while (file_exists($basepath . $filename))  {    $filename = $_FILES['file']['name'] . "_" . $nr++;  }}// $filename is unique