How to restrict file sizes and file type and prevent overwriting in upload.php

[daraclare]

Hiya,

 

Firstly, I'm a complete novice, apologies! But I have got my upload.php working which is nice. I will post the code below.

 

However, I would now like to restrict the file size and file type to only word documents.

 

I currently have a restriction of 200KB but it's not working - no idea why as I've looked at other similar codes and they look the same.

 

Also, just to complicate things - can I stop files overwriting each other when uploaded? At the moment, if 2 people upload files with the same name one will overwrite the other.

 

Is this too many questions in 1?

 

Any help is very much appreciated!

 

Code below:

 

<form enctype="multipart/form-data" action="careers.php" method="POST">
        Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>

 

 

<?php 
$target = "upload/"; 
$target = $target . basename( $_FILES['uploaded']['name']) ; 
$ok=1; 

//This is our size condition 
if ($uploaded_size > 200) 
{ 
echo "Your file is too large.<br>"; 
$ok=0; 
} 

//This is our limit file type condition 
if ($uploaded_type =="text/php") 
{ 
echo "No PHP files<br>"; 
$ok=0; 
} 

//Here we check that $ok was not set to 0 by an error 
if ($ok==0) 
{ 
Echo "Sorry your file was not uploaded"; 
} 

//If everything is ok we try to upload it 
else 
{ 
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
{ 
echo "Your file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded."; 
} 
else 
{ 
echo "Sorry, there was a problem uploading your file."; 
} 
} 
?>

[webbhelp]

I will just give you the code I use, it works really nice =)

 

$img = $_FILES['img'];
    		$pathinfo = pathinfo($img['name']);
    		$imgtypes = array('jpg','jpeg'); //Allowed types
    		$maxsize = 3; //maxsize in mb
    		$savepath = '../uploaded/'; //directory to save.

    		if(in_array(strtolower($pathinfo['extension']), $imgtypes)) //I check if the img-extension is in array if not, the type is not allowed.
    		{				
    			if($img['size'] < 1000*1000*$maxsize) //You get the image size in bytes that is why I take 1000* 1000 * $maxsize, then I get it to MB
    			{
    				if(!file_exists($savepath)) //if the directory exists
    				{
    					if(!mkdir($savepath, 0700)) //create dir else give error message
    					{
    					   //if the Directory couldn't be created
    					   exit();
    					}
    				}
                    

    				if(move_uploaded_file($img['tmp_name'], $savepath . $image . '.' . $pathinfo['extension']))

 

To see if the file exists before you upload the image just use:

file_exists('path'); //look at php.net to see more about it.

 

this will be enought =)

[daraclare]

I won't be uploading to the site Just random people uploading CVs but I'm afraid they'll all call there files cv.doc and they'll overwrite each other. Am I understanding you properly? Apologies if not!

[daraclare]

Sorry on my iPhone and didn't see all your code. I'll have to wait till I'm back on the laptop Thanks for your help!

[litebearer]

If the uploaders are registered users AND you have them in a table where each has a unique id, you could create a new file name where you pre-pend their id followed by an underscore followed by the original name of the uploaded file ie 532_cv.doc. where 532 is the id of the user

[webbhelp]

Aha, I do like this:

 

When the upload a CV, I insert a row into a database - table.

in that table I save all information the may have villed in a form like name, email OR title, description etc. And I also save the file extension in a column/field in the table.

 

And directly after the row has been inserted into the database I use: mysql_inserted_id(); and get the ID for that row. With that id I name the file to ID.extension.

So if you will upload a file, I first put a row into the database, and let's  say it got the ID 457, the the file will get the name in a directory: 457.doc win this way no file will get the same name... nice