Working with File Uploads

jay93 · March 13, 2013, 2:11am

nice, i also used to think at first that files were located somewhere safe on the servers instead of being broken into bits when uploaded, how can we go about this??

cpradio · March 13, 2013, 9:41am

Okay, first you need to identify where you want to store the files (they need to be accessible to your web user account, but not necessarily web accessible)
So let’s assume your web accessible folder is /home/myuser/public_html/, then you would want to store your files in /home/myuser/uploadedFiles/ (a new folder at the same level as the web accessible folder)
Then you want to give it the appropriate permissions, either changing the ownership to the user apache is running under or giving others write access using chmod 0777
Drop the content column of your files table

Then you need to update your upload.php

    $fileuploaded = $_FILES['upload_file']['tmp_name'];
    $mimetype = mime_content_type($fileuploaded);

    $storageLocation = '/home/myuser/uploadedFiles/'; // I recommend placing this line in your configuration file so it isn't defined everywhere you need it.
    if (!is_dir($storageLocation . $_SESSION['id']))
      mkdir($storageLocation . $_SESSION['id']);

   $fileName = $_FILES['upload_file']['name'];
   move_uploaded_file($_FILES['upload_file']['tmp_name'], $storageLocation . $_SESSION['id'] . '/' . $fileName);
    
   $upload=query("INSERT INTO files (studentid, mimetype, name) VALUES (?, ?, ?)", $_SESSION['id'], $mimetype, fileName);

Then in your download.php

$nameOfFile = urldecode($_GET['name']); 
$file= query("SELECT * FROM files where studentid= ? AND name = ?", $_SESSION['id'], $nameOfFile);
$mimetype = $file[0]['mimetype'];  //remove the quotes from the [0]

$storageLocation = '/home/myuser/uploadedFiles/'; // I recommend placing this line in your configuration file so it isn't defined everywhere you need it.

$fileLocation = $storageLocation . $_SESSION['id'] . '/' . $nameOfFile;
if (is_file($fileLocation))
{
  header("Content-disposition: attachment; filename=$nameOfFile"); 
  header("Content-type: $mimetype");
  readfile($fileLocation);
}
else
{
  render('filenotfound.php'); // you need to create this so it tells the user, the file wasn't found.
}
?>

jay93 · March 13, 2013, 1:43pm

i got all that, but when i open my upload.php it gives this error Parse error: syntax error, unexpected ‘move_uploaded_file’ (T_STRING) for this line

move_uploaded_file($_FILES[‘upload_file’][‘tmp_name’], $storageLocation . $_SESSION[‘id’] . ‘/’ . $fileName);

Drop the content column of your files table
you mean the blob column?

cpradio · March 13, 2013, 1:54pm

Ah, I missed the semi-colon on the live above move_uploaded_file sigh

Yes

jay93 · March 13, 2013, 2:05pm

oops, i didn’t notice that too… it works perfect now… i dont know how i can thank you enough… now that everything is sorted, i would be very grateful if you could explain just a little what some few lines in the code did, (i understood most of the simpler parts)

for instance ; 1. move_uploaded_file($_FILES[‘upload_file’][‘tmp_name’], $storageLocation . $_SESSION[‘id’] . ‘/’ . $fileName); i guess this is moving the file to the directory, but what is the role of the ‘/’ in there and the session id??

2.if (is_file($fileLocation))
{
header(“Content-disposition: attachment; filename=$nameOfFile”);
header(“Content-type: $mimetype”);
readfile($fileLocation);
}

and what are "header"s and content-disposition:attachment all about?? thanks budd…

cpradio · March 13, 2013, 2:11pm

Certainly. The SESSION[‘id’] is in there so we can store each user’s documents/files in a separate folder. At some point each student will likely upload a file with the same name as another student. To prevent the conflict, storing each user’s documents into their own folder (designated by SESSION[‘id’]) prevents the conflict.

So the first thing it does is check if there is a directory with the name of the SESSION[‘id’]. if there isn’t, it creates it, then it moves the file to that directory (hence, the ‘/’, as $_SESSION[‘id’] won’t contain that character, so I append it to denote it is a directory).

To force a download of a file, you can use a variety of techniques, but the most common is Content-disposition: attachment followed by the name of the file you want the download to have. Hopefully that makes sense.

jay93 · March 13, 2013, 2:18pm

yeah, it looks much less like rocket science now, lol… thanks “Matt”… ( i read some of your blog) … it was great…