How can I upload a zip file using php?
You say your upload form redirects after upload? Remember that PHP deletes any uploaded files when the script exits, unless you've taken steps to preserve the file. If your form POSTs to (say) "upload.php" which then redirects to "handle_upload.php", you have to actually handle the upload in the "upload.php" script, otherwise the file's gone.
As well, don't trust the ['type'] and ['name'] parameters in the $_FILES array. That's user-provided data and can be easily subverted. You're also using the user-supplied filename to store the file on your server. Nothing says the user can't hack the upload form and call their file "../../../../etc/passwd" with a mime-type of "application.zip". Your script would happily accept that and overwrite your server's password file.
The proper way to handle uploads, with error checking, is:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_FILES['file'])) {
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
... file was succesfully uploaded, process it
} else {
... file upload failed, output error message, etc...
} else {
... no upload at all, not even an attempt
}
} else {
.... not in a POSt environment, so can't possibly have a file upload ...
}
Related videos on Youtube
11 : 33
23 : 08
10 : 06
11 : 22
18 : 19
05 : 30
06 : 00
Comments
-
Greg almost 2 years
I want people to be able to upload zip files to my server. I have a form for them to upload to and it redirects to an upload page. I can successfully upload pictures (png and jpg) but whenever I try a zip I get several "undefined index errors on lines 4-8." Here is my code. If you want to check out the website, it should be available at gregsminecraft.dyndns.org:25566/file.php EDIT: I believe that it doesn't accept the large zip file, because I tried it with a smaller one and it worked. Is there a way to accept the larger zip files?
if ((($_FILES["file"]["type"] == "application/zip") || ($_FILES["file"]["type"] == "application/x-zip-compressed") || ($_FILES["file"]["type"] == "multipart/x-zip") || ($_FILES["file"]["type"] == "application/x-compressed") || ($_FILES["file"]["type"] == "application/octet-stream")) && ($_FILES["file"]["size"] < 20971520)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; }