Jump to content

PHP Renaming File Upload

twilitegxa

By twilitegxa
in PHP Coding Help

 Share

Recommended Posts

twilitegxa Advanced Member

twilitegxa

Posted
Posted

Can someone help me in renaming an uploaded file with parameters from the input fields named firstname and lastname? I would like to name each uploaded file with the firstname and lastname along with a random number and then the file extension, but I am having trouble getting it right. Here is what I have so far:

 

<?php

$firstname = "";
$lastname = "";
$address = "";
$city = "";
$state = "";
$zip = "";
$phone = "";
$position = "";

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>KulaE_WDP4451_U2IP</title>
</head>

<body>

<form action="process_U2IP.php" method="post" enctype="multipart/form-data">
<h3>Please fill out the form below and upload your resume to apply for a position within our company:</h3>

<table>
<tr>
<td><label for="firstname"><b>First Name*</b></label></td>
<td><input name="firstname" type="text" size="20" id="firstname" value="<?php echo $lastname; ?>" /></td>
</tr>
<tr>
<td><label for="lastname"><b>Last Name*</b></label></td>
<td><input name="lastname" type="text" size="20" id="lastname" value="<?php echo $lastname; ?>" /></td>
</tr>
<tr>
<td><label for="address"><b>Address*</b></label></td>
<td><input name="address" type="text" size="20" id="address" value="<?php echo $address; ?>" /></td>
</tr>
<tr>
<td><label for="city"><b>City*</b></label></td>
<td><input name="city" type="text" size="20" id="city" value="<?php echo $city; ?>" /></td>
</tr>
<tr>
<td><label for="state"><b>State*</b></label></td>
<td><input name="state" type="text" size="20" id="state" value="<?php echo $state; ?>" /></td>
</tr>
<tr>
<td><label for="zip"><b>Zip*</b></label></td>
<td><input name="zip" type="text" size="20" id="zip" value="<?php echo $zip; ?>" /></td>
</tr>
<tr>
<td><label for="phone"><b>Phone*</b></label></td>
<td><input name="phone" type="text" size="20" id="phone" value="<?php echo $phone; ?>" /></td>
</tr>
<tr>
<td><label for="position"><b>Position*</b></label></td>
<td><input name="position" type="text" size="20" id="position" value="<?php echo $position; ?>" /></td>
</tr>
<tr>
<td><b>Upload Resume*</b></td>
<td><input type="file" name="file" id="file" /> </td>
</tr>
<tr>
<td colspan="2"><p><i>Your information will not be sold or shared with others.</i></p></td>
</tr>
<tr>
<td colspan="2"><p style="color: red;">* denotes required field</p></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="hidden" name="submitted" value="1" />

<input type="submit" value="Submit" />
<input type="reset" name="reset" value="Reset" /></td>
</tr>
</table>
</form>

</body>
</html>

 

<?php

if (@$_POST['submitted']){
    $firstname = (@$_POST['firstname']);
    $lastname = (@$_POST['lastname']);
    $address = (@$_POST['address']);
    $city = (@$_POST['city']);
    $state = (@$_POST['state']);
    $zip = (@$_POST['zip']);
    $phone = (@$_POST['phone']);
    $position = (@$_POST['position']);
    $file = (@$_POST['file']);
    
    if (get_magic_quotes_gpc()){
        $firstname = stripslashes($firstname);
        $lastname = stripslashes($lastname);
        $address = stripslashes($address);
        $city = stripslashes($city);
        $state = stripslashes($state);
        $zip = stripslashes($zip);
        $phone = stripslashes($phone);
        $position = stripslashes($position);
        
    }
    
    $error_msg=array();
    if ($firstname==""){
        $error_msg[]="Please enter your first name";
    }
    
    if(!preg_match("/^\b[a-zA-Z]+\b$/", $firstname)){
        $error_msg[]="First Name can only contain letters";
    }
    
    if ($lastname==""){
        $error_msg[]="Please enter your last name";
    }
    
    if(!preg_match("/^\b[a-zA-Z]+\b$/", $lastname)){
        $error_msg[]="Last Name can only contain letters";
    }
    
    if ($address==""){
        $error_msg[]="Please enter your address";
    }
    
    if(!preg_match('/^[a-z0-9 ]*$/i', $address)){
        $error_msg[]="Address can only contain numbers, letters and spaces";
    }
    
    
    if ($city==""){
        $error_msg[]="Please enter your city";
    }
    
    if (!preg_match("/^\b[a-zA-Z]+\b$/", $city)){
        $error_msg[]="City can only contain letters";
    }
    
    if ($state==""){
        $error_msg[]="Please enter your state";
    }
    
    if (strlen($state)<>2){
        $error_msg[]="State can only contain 2 letters; use state abbreviation";
    }
    
    if (!preg_match("/^\b[a-zA-Z]+\b$/", $state)){
        $error_msg[]="State can only contain letters";
    }
    
    if ($zip==""){
        $error_msg[]="Please enter your zip code";
    }
    
    if (strlen($zip)<>5){
        $error_msg[]="Zip code can only contain 5 digits";
    }
    
    if(!is_numeric($zip)){
        $error_msg[]="Zip code must contain only numbers";
    }
    
    if ($phone==""){
        $error_msg[]="Please enter your phone number";
    }
    
    if (strlen($phone)<>10){
        $error_msg[]="Phone number can only contain 10 digits";
    }
    
    if(!is_numeric($phone)){
        $error_msg[]="Phone number must contain only numbers";
    }
    
    if ($position==""){
        $error_msg[]="Please enter your desired position";
    }
    
    if(!preg_match('/^[a-z0-9 ]*$/i', $position)){
        $error_msg[]="Position can only contain numbers, letters and spaces";
    }
    
    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      $error_msg[]= $_FILES["file"]["name"] . " already exists";
      }
      
      if ((($_FILES["file"]["type"] != "document/msword")
|| ($_FILES["file"]["type"] != "document/pdf"))
&& ($_FILES["file"]["size"] > 20000))
  {
      $error_msg[]= "Uploaded file can only be in MSWord or PDF format and can only be under 20KB in size";
    }
      
      
      

    }
    
    if ($error_msg){
        $display_errors =  "<h3>There were errors in your submission.</h3>
        <p>Please review the following errors, press the Back button on your browser, and make corrections before re-submitting.</p>
        <ul style=color:red>\n";
            foreach ($error_msg as $err){
                $display_errors .= "<li>".$err."</li>\n";
            }
        $display_errors .= "</ul>\n";
        
    }
    
    if (!$error_msg){
        echo  "
<h3>Thank you for applying! Applicants we are interested in interviewing will be contacted within 48 hours.</h3>

<p>You have submitted the following information:</p>

<table>
<tr>
<td><b>First Name:</b></td>
<td>$firstname</td>
</tr>
<tr>
<td><b>Last Name:</b></td>
<td>$lastname</td>
</tr>
<tr>
<td><b>Address:</b></td>
<td>$address</td>
</tr>
<tr>
<td><b>City:</b></td>
<td>$city</td>
</tr>
<tr>
<td><b>State:</b></td>
<td>$state</td>
</tr>
<tr>
<td><b>Zip Code:</b></td>
<td>$zip</td>
</tr>
<tr>
<td><b>Phone Number:</b></td>
<td>$phone</td>
</tr>
<tr>
<td><b>Position Desired:</b></td>
<td>$position</td>
</tr>";

move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      
      echo "<tr>
      <td><b>Uploaded File:</b></td>
      <td><a href=upload/" . $_FILES["file"]["name"] . ">" . $_FILES["file"]["name"] . "</a></td>
      </tr>
      </table>";
      
        exit();
    }
    
    echo $display_errors;
?>

 

I found the following help online, but I can't get it right. Can anyone help?

 

<?php //This function separates the extension from the rest of the file name and returns it  function findexts ($filename) { $filename = strtolower($filename) ; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } //This applies the function to our file  $ext = findexts ($_FILES['uploaded']['name']) ; 
//This line assigns a random number to a variable. You could also use a timestamp here if you prefer.  $ran = rand () ; //This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended. $ran2 = $ran."."; //This assigns the subdirectory you want to save into... make sure it exists! $target = "images/";
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "The file has been uploaded as ".$ran2.$ext; } else { echo "Sorry, there was a problem uploading your file."; } ?>

 

Link to comment
Share on other sites
turkman Regular Member

turkman

Posted
Posted

move_uploaded_file($_FILES["file"]["tmp_name"],      "upload/" . $_FILES["file"]["name"]);

 

change the file name bit to what you want to rename the file too.

 

Also when you check file type - you are only checking the mime type. These can be faked and allow people to upload php files and malicious code and execute it.

 

take the [file] [name] and split it and compare the extension to make sure its a pdf or a doc

Link to comment
Share on other sites
twilitegxa Advanced Member

twilitegxa

Posted
  • Author
Posted

move_uploaded_file($_FILES["file"]["tmp_name"],      "upload/" . $_FILES["file"]["name"]);

 

change the file name bit to what you want to rename the file too.

 

Also when you check file type - you are only checking the mime type. These can be faked and allow people to upload php files and malicious code and execute it.

 

take the [file] [name] and split it and compare the extension to make sure its a pdf or a doc

 

Can you help me out a little more with this? I think I sort of understand what you are saying, but I am still unsure of how to code this properly. Currently I don't have that file upload renaming code within my code, so where do I need to put it exactly? With the part of my code that saves the file to my folder I suppose? I have never messed with the file upload code much before, so I really need help here! Please :-)

Link to comment
Share on other sites
inversesoft123 Member

inversesoft123

Posted
Posted

Here we are moving uploaded file to specific folder and renaming it to mynewname.jpg and deleting temporary file.

$newfilename = "mynewname.jpg";
copy($HTTP_POST_FILES['uploadedfile']['tmp_name'],"/home/domain/public_html/files/".$newfilename);
unlink($HTTP_POST_FILES['uploadedfile']['tmp_name']);

 

In previous steps you can free extensions from original file

 

   $extensionorig = end(explode('.', $filename));
if ($extensionorig == 'jar')
{
   $ext = ".jar";
} 
else if ($extensionorig == 'jad')
{
   $ext = ".jad";
} else {
echo "Untrusted File";
$flag++ // push to error page
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.