BasementCat · January 11, 2012 04:38
diff --git a/uploadfile.php b/uploadfile.php
 <?php
 	/*First of all I'm going to DEFINE a few constants because it makes more sense
 	to use DEFINE for variables that do not change during the execution of the code.*/
 	
 	//Max. size of uploaded files in MB
 	define('F_UPLOAD_MAX_SIZE_MB',	12);
 	
 	//Directory to save uploaded files in
 	define('F_UPLOAD_DIR',			'./uploads');
 	
 	//comma-separated list of file extensions to accept - Comment this line and uncomment the next line to disable whitelisting
 	define('F_UPLOAD_WHITELIST',	'jpg,jpeg,gif,bmp,png');
 	//define('F_UPLOAD_WHITELIST',	false);
 	
 	//Comma-separated list of file extensions to deny - Uncomment this line and comment the next to enable blacklisting
 	//define('F_UPLOAD_BLACKLIST',	'exe,bat,php');
 	define('F_UPLOAD_BLACKLIST',	false);

 	//Don't change these!
 	define('F_UPLOAD_EINVALID',		-1); //The input name that was specified doesn't exist
 	define('F_UPLOAD_ETOOLARGE',	-2); //File was too large
 	define('F_UPLOAD_EWHITELIST',	-3); //file was not on the whitelist
 	define('F_UPLOAD_EBLACKLIST',	-4); //file was on the blacklist
 	define('F_UPLOAD_EFAILED',		-5); //move_uploaded_file returned false
 	/*Additional error codes >0 may be returned, if PHP encountered an error before
 	this code is run.  For definitions of these errors:
 	http://www.php.net/manual/en/features.file-upload.errors.php
 	*/

 	/*I'm going to put the upload code into a function of its own so that it's a
 	bit easier to re-use elsewhere*/
 	function upload_file($input_name){
 		$fname=basename($_FILES[$input_name]['name']);
 		if(!isset($_FILES[$input_name])){
 			throw new Exception("Input name is invalid", F_UPLOAD_EINVALID);
 		}elseif(isset($_FILES[$input_name]['error'])&&$_FILES[$input_name]['error']!==UPLOAD_ERR_OK){
 			throw new Exception("An error was encountered uploading the file", $_FILES[$input_name]['error']);
 		}elseif($_FILES[$input_name]['size']>(F_UPLOAD_MAX_SIZE_MB*pow(1024, 3))){
 			throw new Exception("File is too large", F_UPLOAD_ETOOLARGE);
 		}elseif(F_UPLOAD_WHITELIST&&!in_array(strtolower(array_pop(explode('.', $fname))), preg_split('#[,\s]#', F_UPLOAD_WHITELIST))){
 			throw new Exception("Filetype is not in the whitelist", F_UPLOAD_EWHITELIST);
 		}elseif(F_UPLOAD_BLACKLIST&&in_array(strtolower(array_pop(explode('.', $fname))), preg_split('#[,\s]#', F_UPLOAD_BLACKLIST))){
 			throw new Exception("Filetype is in the blacklist", F_UPLOAD_EBLACKLIST);
 		}
 		//File is OK - tell PHP to move it to the appropriate destination
 		$fdest=F_UPLOAD_DIR.'/'.$fname;
 		if(!move_uploaded_file($_FILES[$input_name]['tmp_name'], $fdest)){
 			throw new Exception("Could not move uploaded file", F_UPLOAD_EFAILED);
 		}
 		//File is moved
 		return $fdest;
 	}

 	/*Here's the part that can really be modified to do whatever you want - the error
 	handling here is incredibly basic.*/
 	try{
 		$file=upload_file('uploaded');
 		printf("Moved uploaded file to %s.", $file);
 	}catch(Exception $e){
 		echo "Error: ";
 		switch($e->getCode()){
 			case F_UPLOAD_EINVALID:
 			case F_UPLOAD_ETOOLARGE:
 			case F_UPLOAD_EWHITELIST:
 			case F_UPLOAD_EBLACKLIST:
 			case F_UPLOAD_EFAILED:
 				//Since I provided a basic error message in the exception, we'll just use that
 				echo $e->getMessage();
 				break;
 			case UPLOAD_ERR_INI_SIZE:
 				echo "The uploaded file exceeds the upload_max_filesize directive in php.ini.";
 				break;
 			case UPLOAD_ERR_FORM_SIZE:
 				echo "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.";
 				break;
 			case UPLOAD_ERR_PARTIAL:
 				echo "The uploaded file was only partially uploaded.";
 				break;
 			case UPLOAD_ERR_NO_FILE:
 				echo "No file was uploaded.";
 				break;
 			case UPLOAD_ERR_NO_TMP_DIR:
 				echo "Missing a temporary folder.";
 				break;
 			case UPLOAD_ERR_CANT_WRITE:
 				echo "Failed to write file to disk.";
 				break;
 			case UPLOAD_ERR_EXTENSION:
 				echo "A PHP extension stopped the file upload.";
 				break;
 			default:
 				printf("Unknown error code: %d", $e->getCode());
 				break;
 		}
 	}
	<?php
	/*First of all I'm going to DEFINE a few constants because it makes more sense
	to use DEFINE for variables that do not change during the execution of the code.*/

	//Max. size of uploaded files in MB
	define('F_UPLOAD_MAX_SIZE_MB', 12);

	//Directory to save uploaded files in
	define('F_UPLOAD_DIR', './uploads');

	//comma-separated list of file extensions to accept - Comment this line and uncomment the next line to disable whitelisting
	define('F_UPLOAD_WHITELIST', 'jpg,jpeg,gif,bmp,png');
	//define('F_UPLOAD_WHITELIST', false);

	//Comma-separated list of file extensions to deny - Uncomment this line and comment the next to enable blacklisting
	//define('F_UPLOAD_BLACKLIST', 'exe,bat,php');
	define('F_UPLOAD_BLACKLIST', false);

	//Don't change these!
	define('F_UPLOAD_EINVALID', -1); //The input name that was specified doesn't exist
	define('F_UPLOAD_ETOOLARGE', -2); //File was too large
	define('F_UPLOAD_EWHITELIST', -3); //file was not on the whitelist
	define('F_UPLOAD_EBLACKLIST', -4); //file was on the blacklist
	define('F_UPLOAD_EFAILED', -5); //move_uploaded_file returned false
	/*Additional error codes >0 may be returned, if PHP encountered an error before
	this code is run. For definitions of these errors:
	http://www.php.net/manual/en/features.file-upload.errors.php
	*/

	/*I'm going to put the upload code into a function of its own so that it's a
	bit easier to re-use elsewhere*/
	function upload_file($input_name){
	$fname=basename($_FILES[$input_name]['name']);
	if(!isset($_FILES[$input_name])){
	throw new Exception("Input name is invalid", F_UPLOAD_EINVALID);
	}elseif(isset($_FILES[$input_name]['error'])&&$_FILES[$input_name]['error']!==UPLOAD_ERR_OK){
	throw new Exception("An error was encountered uploading the file", $_FILES[$input_name]['error']);
	}elseif($_FILES[$input_name]['size']>(F_UPLOAD_MAX_SIZE_MB*pow(1024, 3))){
	throw new Exception("File is too large", F_UPLOAD_ETOOLARGE);
	}elseif(F_UPLOAD_WHITELIST&&!in_array(strtolower(array_pop(explode('.', $fname))), preg_split('#[,\s]#', F_UPLOAD_WHITELIST))){
	throw new Exception("Filetype is not in the whitelist", F_UPLOAD_EWHITELIST);
	}elseif(F_UPLOAD_BLACKLIST&&in_array(strtolower(array_pop(explode('.', $fname))), preg_split('#[,\s]#', F_UPLOAD_BLACKLIST))){
	throw new Exception("Filetype is in the blacklist", F_UPLOAD_EBLACKLIST);
	}
	//File is OK - tell PHP to move it to the appropriate destination
	$fdest=F_UPLOAD_DIR.'/'.$fname;
	if(!move_uploaded_file($_FILES[$input_name]['tmp_name'], $fdest)){
	throw new Exception("Could not move uploaded file", F_UPLOAD_EFAILED);
	}
	//File is moved
	return $fdest;
	}

	/*Here's the part that can really be modified to do whatever you want - the error
	handling here is incredibly basic.*/
	try{
	$file=upload_file('uploaded');
	printf("Moved uploaded file to %s.", $file);
	}catch(Exception $e){
	echo "Error: ";
	switch($e->getCode()){
	case F_UPLOAD_EINVALID:
	case F_UPLOAD_ETOOLARGE:
	case F_UPLOAD_EWHITELIST:
	case F_UPLOAD_EBLACKLIST:
	case F_UPLOAD_EFAILED:
	//Since I provided a basic error message in the exception, we'll just use that
	echo $e->getMessage();
	break;
	case UPLOAD_ERR_INI_SIZE:
	echo "The uploaded file exceeds the upload_max_filesize directive in php.ini.";
	break;
	case UPLOAD_ERR_FORM_SIZE:
	echo "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.";
	break;
	case UPLOAD_ERR_PARTIAL:
	echo "The uploaded file was only partially uploaded.";
	break;
	case UPLOAD_ERR_NO_FILE:
	echo "No file was uploaded.";
	break;
	case UPLOAD_ERR_NO_TMP_DIR:
	echo "Missing a temporary folder.";
	break;
	case UPLOAD_ERR_CANT_WRITE:
	echo "Failed to write file to disk.";
	break;
	case UPLOAD_ERR_EXTENSION:
	echo "A PHP extension stopped the file upload.";
	break;
	default:
	printf("Unknown error code: %d", $e->getCode());
	break;
	}
	}