Jump to content

Recommended Posts

Posted

On my rented webserver, I have set up a simple PHP form to upload files into a folder on the website. The problem is, I would like to have the directory the files are loaded into stay clear of any index files (the Apache default is so delightfully simple).

Because any file can be uploaded, anybody can upload a blank index.html file or an index file that redirects to oh say... homosexual pornography. I must say, my PHP skills are horrible, I am more of a Javascript kind of guy. This was pretty much patched together with snippets.

Now, would there be any way to have PHP use a conditional statement to check the text in the upload form (your standard browse file and upload form), and either...

A)Continue with the upload, or..

B)Redirect/echo/close the window

depending on if the word "index" appears?

Thanks in advance.

Posted

Ever considered placing an index.html that you do approve of in there, and then making the file read-only?

Posted

Sparda> Yeah, I know it's a bit of a bad idea. But if I ignored all my bad ideas, I would never have any ideas at all.

Cooper> I have considered another index file, and if I don't get this PHP thing figured out in a couple of hours, the lazy part of me will just go ahead and throw it in.

Hm... is it possible to share variables between languages? I.E. PHP creates a variable and in the same script, could Javascript change that variable, then later in the script, have PHP call it again?

Ah, and another reason I should probably not wimp out and figure out this PHP dilemma. It wouldn't be a bad idea to be able to filter certain file extensions such as .JS, .EXE, .HTML. sounds like it could be a nice bit of knowledge to have.

Posted

The "recommended" way of dealing with user uploaded files is to not let them decide what they are named on the server at all. Instead you give it a random name and then use a database of some sort to connect the filename to the actual file.

Posted
The "recommended" way of dealing with user uploaded files is to not let them decide what they are named on the server at all. Instead you give it a random name and then use a database of some sort to connect the filename to the actual file.

I agree with Jool, although, you could just pad the file name with a time stamp so every file has a unique name and no chance of becoming index.html, it woudl be something like index-xx-xx-xxxx.html or whatver, but still, I think Jool has a good idea.

Posted
Hm... is it possible to share variables between languages? I.E. PHP creates a variable and in the same script, could Javascript change that variable, then later in the script, have PHP call it again?

You do realize that there is a difference between server side and client side scripting. Right? And that you should never trust a value given by the client?

I tried to find a page about it on W3Schools, but failed. Simply put: You can have PHP write a value for a JavaScript variable into the line where the variable is defined, but a post back must be made from the client to the server to get a value made by the JavaScript. Additionally: You should never treat a value returned by the client as being canon.

"in the same script"

Don't think of PHP and JavaScript as running the same script. The relation is more like the PHP script making a script to be run by JavaScript.

It sounds like you're having trouble with PHP syntax. W3Schools.com and PHP.net should be able to help you. Specifically it sounds like you should read W3S's page on PHP's If...Else statements.

  • 1 month later...
Posted

if(file_exists($_FILES['uploadedFile']['name']) == true)

{

echo 'Error message'; //Or, alternatively, change the filename to something random

}

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...