Image Upload Form (to user-specified dir)

[enjoirock]

Hello all -

 

I'm fairly new to PHP and have been following some online tutorials to learn more, but hit a wall concerning a form that would allow a user to upload an image to his/her specified directory.

 

Basically, I'd like the user to have to put in a password to upload. This "password" would actually just be the name of their directory on the server, so if a user put in "michael83" in as their password, the image would upload to "http://www.mysite.com/images/uploaded/michael83/".

 

Here's my code so far:

 

<form name="newad" method="post" enctype="multipart/form-data" action="upload.php" onSubmit="return validate_form ( );">
<table>
<tr><td><input type="file" name="image"></td></tr>
<tr><td> </td></tr>
<tr><td>Password:</td></tr>
<tr><td><input type="text" name="password"></td></tr>
<tr><td> </td></tr>
<tr><td><input name="Submit" type="submit" value="Upload"></td></tr>
</table>
</form>

<?php

define ("MAX_SIZE","1536");

function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}

$errors=0;

if(isset($_POST['Submit']))
{

$image=$_FILES['image']['name'];
$dir=$_POST['username'];

if ($image)
{

$filename = stripslashes($_FILES['image']['name']); 

$extension = getExtension($filename);
$extension = strtolower($extension);

if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "pdf") && ($extension != "gif"))
{

echo '<h4>Sorry, your file is an unknown extension.</h4>';
$errors=1;
}
else
{

$size=filesize($_FILES['image']['tmp_name']);

if ($size > MAX_SIZE*1024)
{
echo '<h4>Sorry, you have exceeded the size limit.</h4>';
echo '<p>If you need more help with this, please <a href="#">contact us</a> directly.</p>';
$errors=1;
}

$newname="images/uploaded/".$image_name;

$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied)
{
echo '<h4>Oops, looks like the upload was unsuccessfull.</h4>';
echo '<p>If you continue to have problems, please <a href="#">contact us</a>.</p>';
$errors=1;
}}}}

if(isset($_POST['Submit']) && !$errors)
{
echo "<h4>Your file was uploaded successfully!</h4><br><br>";
echo '<a href="http://www.mysite.com/' . $newname . '">http://www.mysite.com/' . $newname . '</a><br><br>';
}

?>

 

Any help would be greatly appreciated. Many thanks in advance!

 

EDIT Note: I would be the one setting the directories up, so if the user enters a "password" (directory) that doesn't exist, the form would return an error.

[enjoirock]

Another note, the following line shouldn't be in there:

 

$dir=$_POST['username'];

[litebearer]

Didn't peruse all the codel however, You are using an undefined variable

$newname="images/uploaded/" . $image_name;

 

should be (psuedo code)

$image_name = THE USERS NAME/PASSWORD . THE PICTURE NAME
$newname="images/uploaded/".$image_name;

Also make sure you cleanse/sanitize any user input prior to using it

[enjoirock]

Thanks a lot, Litebearer. Looks like I had another typo in there:

 

$newname="images/uploaded/".$image_name;

 

should be:

 

$newname="images/uploaded/".$filename;

 

Basically, from that point, how do I get the "password" value from the form to point to the correct directory? So if "doe" is entered as a password, the image will be uploaded to "images/uploaded/doe/" and if "smith" was entered as a password, the image will be uploaded to "images/uploaded/smith/", and so on.

 

Also note: I think I'm causing confusion when I use the term password. That's how I have the field labeled in the form, but technically that field will be used to specify the directory or folder name.

[litebearer]

you had the right idea with $_POST['password']

$newname="images/uploaded/". $_POST['password'] . "/" . $filename;

[enjoirock]

Thanks so much, litebearer! That did the trick. Apparently, I was making things much more complicated.