Login   Register  
PHP Classes
elePHPant
Icontem

File: upload.class.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Cristiano Gois de Araujo  >  SWFUpload Class  >  upload.class.php  >  Download  
File: upload.class.php
Role: Class source
Content type: text/plain
Description: SWFUpload Class
Class: SWFUpload Class
Validate and process files uploaded with SWFUpload
Author: By
Last change: Removed getExtension() function. Constructor, save and createDirectoryStructure methods enhancements.
Date: 2 years ago
Size: 7,694 bytes
 

Contents

Class file image Download
<?php
/* $Id: $ */
/**
 * 
 *  Class Upload
 *
 * This class has the purpose of ease and secure the upload of files for SWFUpload and other applications.
 *
 * This script is based on the upload_save.php code of SWFUpload widget
 *
 * @author    Cristiano Gois <cristianogois@gmail.com>
 * @version   1.8
 * @copyright Freeware
 * @package   Upload
 * @since     03/2011
**/

class Upload{

  private 
$file_name;
  
  private 
$tmp_name;
  
  private 
$file_extension
  
  private 
$succeed_files_track;
  
  private 
$fail_files_track;
  
  private 
$max_file_size_in_bytes;
  
  private 
$save_path;
  
  private 
$upload_name;
  
  private 
$file_perm;
  
  private 
$valid_chars_regex;
  
  private 
$extension_whitelist;
  
  private 
$errors;
  
  private 
$errtype// returning type of method formatErrorMsg. // 0: String; 1: JSON
  
  
const MAX_FILENAME_LENGTH 260
  
  
  
/**
   * Constructor
   *
   * @access  public
  **/
  
public function __construct($filename=""$save_path="./"$file_ext=""$upload_name="Filedata"){
  
      
$path_info pathinfo($_FILES[$upload_name]['name']);
      
      
$this->file_name              = ((!isset($filename) || trim($filename)==='')) ? 
                                      
basename($_FILES[$upload_name]['name'], '.'.$path_info["extension"]) : $filename;      
    
$this->tmp_name               $_FILES[$upload_name]["tmp_name"];    
    
$this->file_extension         = (empty($file_ext)) ? $path_info["extension"] : $file_ext;   
    
$this->succeed_files_track    = array();
    
$this->fail_files_track       = array();
    
$this->save_path               $save_path;
       
$this->upload_name            $upload_name;              
       
$this->file_perm              0755// don't use single quotes or double quotes      
       
$this->max_file_size_in_bytes 10485760// 10MB in bytes
       
$this->valid_chars_regex      '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-'// Characters allowed in the file name (in a Regular Expression format)
       
$this->extension_whitelist    = array("jpg""png""jpeg""pdf"); // Allowed file extensions
       
$this->errors                 = array(   0=>"There is no error, the file uploaded with success",
                                             
1=>"The uploaded file exceeds the upload_max_filesize directive in php.ini",
                                               
2=>"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form",
                                               
3=>"The uploaded file was only partially uploaded",
                                               
4=>"No file was uploaded",
                                               
6=>"Missing a temporary folder"
                                           
);    
    
$this->errtype 0// 0: String; 1: JSON         
    
}
    
// override magic method to retrieve properties
  
public function __get($field){
    if(
$field == 'filename'){
        return 
$this->file_name;
    }else if(
$field == 'fullname'){
        return 
$this->file_name.".".$this->file_extension;
    }else{
      return 
$this->$field;
    }
  }
  
// override magic method to set properties
  
public function __set($field$value){    
    
$this->$field $value;  
  }
  
  public function 
getPostMaxSize(){
      return 
trim(ini_get('post_max_size'));  
  } 
  
  
/*
   * Create directory structure
   */  
  
  
public function createDirectoryStructure(){      
      
$path $this->save_path;     
      
      return 
is_dir($path) || @mkdir($path, (int)$this->file_permTRUE);    
  }
  
  
  
/*
   * Save file
   * uses createDiretoryStructure(), getPostMaxSize()
   * @todo  rearrange the conditionals to avoid the 'return $bool' repetition
   */
  
  
public function save($force=false$overwrite=false){      
    
$upload_name $this->upload_name;
    
$file_name $this->file_name;
    
$file_ext =    $this->file_extension;
    
$save_path $this->save_path;
    
$full_name $this->fullname;
    
$file_path $save_path."/".$full_name;
    
$bool false;    
    
    
$unit strtoupper(substr($this->getPostMaxSize(), -1));
    
$multiplier = ($unit == 'M' 1048576 : ($unit == 'K' 1024 : ($unit == 'G' 1073741824 1)));

    if((int)
$_SERVER['CONTENT_LENGTH'] > $multiplier*(int)$this->getPostMaxSize() && $this->getPostMaxSize()) {
     
//  header("HTTP/1.1 500 Internal Server Error"); // This will trigger an uploadError event in SWFUpload
       
$this->formatErrorMsg(2,  "POST exceeded maximum allowed size");
       return 
$bool;       
    }
    
// Validate the upload
    
if(!isset($_FILES[$upload_name])){
        print 
$this->formatErrorMsg (4"No upload found in \$_FILES for $upload_name");
        return 
$bool;        
    }else if(isset(
$_FILES[$upload_name]["error"]) && $_FILES[$upload_name]["error"] != 0){
        
$this->formatErrorMsg($_FILES[$upload_name]["error"], $this->errors[$_FILES[$upload_name]["error"]]);                
        return 
$bool;        
    }else if(!isset(
$_FILES[$upload_name]["tmp_name"]) || !@is_uploaded_file($_FILES[$upload_name]["tmp_name"])){
        
$this->formatErrorMsg(7"Upload failed is_uploaded_file test");
        return 
$bool;        
    }else if(!isset(
$_FILES[$upload_name]['name'])){
        
$this->formatErrorMsg(8"File has no name");
        return 
$bool;        
    }
    
    
clearstatcache();
    
// Validate the file size (Warning: the largest files supported by this code is 2GB)
    
$file_size = @filesize($_FILES[$upload_name]["tmp_name"]);
    if (!
$file_size || $file_size $this->max_file_size_in_bytes) {
        
//header("HTTP/1.1 500 Internal Server Error");
        
$this->formatErrorMsg (2"File exceeds the maximum allowed size");
        return 
$bool;        
    }
    
    if (
$file_size <= 0) {
        
$this->formatErrorMsg(9"File size outside allowed lower bound");
        return 
$bool;        
    }    
    
     
// Validate file extension
       
$is_valid_extension false;
    foreach (
$this->extension_whitelist as $extension) {
        if (
strcasecmp($file_ext$extension) == 0) {
            
$is_valid_extension true;
            break;
        }
    }
    
    if (!
$is_valid_extension) {
        
$this->formatErrorMsg(10"Invalid file extension: $file_ext");
        return 
$bool;        
    }   
    
    
// Validate file name (for our purposes we'll just remove invalid characters)
    
$file_name preg_replace('/[^'.$this->valid_chars_regex.']|\.+$/i'""$file_name);    
    if (
strlen($file_name) == || strlen($file_name) > self::MAX_FILENAME_LENGTH) {
        
$this->formatErrorMsg(11"Invalid file name"); 
          return 
$bool;        
    }
    
    
// Validate that we won't overwrite an existing file
    
if (file_exists($file_path) && !$overwrite) {        
        
$this->formatErrorMsg (12"File with this name already exists");
        return 
$bool;        
    }  

    if(
$force){        
        if(!
$this->createDirectoryStructure()){
            
$this->formatErrorMsg (13"Destination folder does not exist and could not be created");
            return 
$bool;            
        }    
    }
  
    if(!@
move_uploaded_file($_FILES[$upload_name]["tmp_name"], $file_path)){
        
$this->formatErrorMsg (14"File could not be saved");
        return 
$bool;        
    }else{
      
move_uploaded_file($file_path"./".$full_name);      
      
$bool true;      
    }

    return 
$bool;
  }
  
  
/**
   * Error handling
   * 
   * @access  public
  **/
  
public function formatErrorMsg($errno$errstr){
  
      if(
$this->errtype == 0){ //plain text
          
print $errstr;  
      }else if(
$this->errtype == 1){ // JSON Format
          
print "{ \"errno\": $errno, \"errmsg\": \"$errstr\" }";          
      }  
  }

   
/**
       * Deconstructor
       *  
       * @access  public
   **/
  
public function __destruct() {}
}

?>