dongzhang1875 2019-02-21 20:13
浏览 86
已采纳

文件上传验证PHP的问题

I've been having on and off problems with this. It's very inconsistent. I have a form where there is a title (input), short description (input), full description (textarea) and images uploads. (All relevant code below).

After pressing submit on the form, a PHP script is run to handle the file uploads. Before each file is moved from its temporary location, it goes through a series of if statements to be validated. If it fails the validation stage, the else statement of that condition is applied and a PHP session, 'reason', is set to a word depending on the issue. (i.e $_SESSION['reason']="invalidfile'). The user is then redirected back to the form page where, depending on what 'reason' is set to, the user is shown a specific error. The first validation condition works (check all the fields have been filled in). However, none of them work after that one. Except for the fact that sometimes they do.

Any help on this issue would be much appreciated. It may also be useful to know that, sometimes, in Chrome, the images upload but the page never redirects further to the confirm page. This never happens in Microsoft Edge.

HTML Form - Title, Short Description, Full Description, Image Files

// If there is a file uploaded when you redirect back from the confirm page and 'return' is set in the header.
  if(isset($_SESSION['file'])){
    // For every image uploaded:
    for($i = 0; $i < count($_SESSION['file']['destination']); $i++){
      // Delete the image because the user is forced to reupload them anyway.
      unlink($_SESSION['file']['destination'][$i]);
    }

    // Unset the 'file' session now we don't need it anymore
    unset($_SESSION['file']);
    header("Location: index.php?page=createproject");
  }
?>

<h1>Create Project</h1>
<p><a href="index.php?page=admin">Go back</a></p>

<form action="index.php?page=createprojectstorefiles" method="post" enctype="multipart/form-data">
  <p>Project Title: <input type="text" name="title" maxlength="35" autocomplete="off"
    <?php
    if(isset($_SESSION['project_details'])){
      echo "value='".$_SESSION['project_details']['title']."'";
    }
    ?>
    /></p>
  <p>Project Images: <input type="file" name="file[]" accept=".png, .jpg, .jpeg" multiple/></p>
  <p><label for="textarea" style="vertical-align: top; margin-right: 5px;">Short Descritption: </label><textarea name="short_description" rows="4" cols="60" maxlength="80" style="resize: none;"><?php
      if(isset($_SESSION['project_details'])){
        echo $_SESSION['project_details']['short_description'];
      }
    ?></textarea></p>
  <p><label for="textarea" style="vertical-align: top; margin-right: 5px;">Full Story: </label><textarea name="long_description" rows="15" cols="125" maxlength="5000" style="resize: none;"><?php
      if(isset($_SESSION['project_details'])){
        echo $_SESSION['project_details']['long_description'];
      }
    ?></textarea></p>

  <?php
    // If a reason has been sent for the form not working and the user hasn't been logged out.
    if(isset($_SESSION['reason'])){

      // If a 'reason' has been sent for not logging in.
      if(isset($_SESSION['reason'])){

        // Tell the user the reason.
        if($_SESSION['reason']=="noinput"){
          echo "<p><font color='red'><span class='error'>You can't leave any boxes blank</span></font></p>";
        } elseif($_SESSION['reason']=="invalidfile"){
          echo "<p><font color='red'><span class='error'>The file must be a '.jpg', '.jpeg' or '.png'</span></font></p>";
        } elseif($_SESSION['reason']=="uploaderror"){
          echo "<p><font color='red'><span class='error'>There was an error uploading your image!</span></font></p>";
        } elseif($_SESSION['reason']=="filetoolarge"){
          echo "<p><font color='red'><span class='error'>Your file is too large. The max file size is 500MB</span></font></p>";
        } elseif($_SESSION['reason']=="success"){
          header("Location: index.php?page=createprojectconfirm");
        } else{
          echo "<p><font color='red'><span class='error'>Something went wrong in validation, contact a network administrator</span></font></p>";
        }

        // Once the user has been told, unset the session.
        unset($_SESSION['reason']);

      // Otherise, presume that it's due to an incorrect username or password.
      } else{
        echo "<p><font color='red'><span class='error'>Something went wrong in validation, contact a network administrator</span></font></p>";
      }
    }
  ?>

  <p><button type="reset">Reset Form</button> <button type="submit" name="createproject">Preview Project</button></p>
</form>

PHP Script - Validate and move the uploaded files from the temp folder

    // Make sure no reason is set.
  if(isset($_SESSION['reason'])){
    unset($_SESSION['reason']);
  }

  if(isset($_SESSION['file'])){
    unset($_SESSION['file']);
  }

  // If the create project form has been submitted:
  if(isset($_POST['createproject'])){

    // Set all of the variables for the other text boxes in a session called 'project_details'.
    $_SESSION['project_details']['title'] = $_POST['title'];
    $_SESSION['project_details']['short_description'] = $_POST['short_description'];
    $_SESSION['project_details']['long_description'] = $_POST['long_description'];

    // If all of the fileds have been filled in:
    if(!empty($_POST['title']) && $_FILES['file']['error'][0]=='UPLOAD_ERR_OK' && !empty($_POST['short_description']) && !empty($_POST['long_description'])){

      // Count the number of files uploaded.
      $fileCount = count($_FILES['file']['name']);
      $_SESSION['file']['count'] = $fileCount;

      // Do for every uploaded file.
      for($i = 0; $i < $fileCount; $i++){

        // Set all of the variables for the file upload (file $i).
        $file = $_FILES['file'];

        $_SESSION['file']['name'] = $_FILES['file']['name'][$i];
        $_SESSION['file']['tmpName'] = $_FILES['file']['tmp_name'][$i];
        $_SESSION['file']['size'] = $_FILES['file']['size'][$i];
        $_SESSION['file']['error'] = $_FILES['file']['error'][$i];
        $_SESSION['file']['type'] = $_FILES['file']['type'][$i];

        $fileExt = explode(".", $_SESSION['file']['name']);
        $_SESSION['file']['actualExt'] = strtolower(end($fileExt));

        $allowed = array("jpg", "jpeg", "png");

        // If the file type is allowed:
        if(in_array($_SESSION['file']['actualExt'], $allowed)){

          // If there was no error uploading the file:
          if($_SESSION['file']['error'] == 0){

            // If the file isn't too large:
            if($_SESSION['file']['size'] < 500000){

              // Move the file from the temporary location to the new destination and set $_SESSION['reason'] to success so the page redirects to the confirm page. This shouldn't have to be neccesary to make it work but it is. No body on earth knows why.
              $fileNameNew = uniqid("", true).".".$_SESSION['file']['actualExt'];
              $_SESSION['file']['destination'][$i] = "projects/uploads/".$fileNameNew;
              move_uploaded_file($_SESSION['file']['tmpName'], $_SESSION['file']['destination'][$i]);

          // Otherwise, inform the user.
            } else{
              for($i = 0; $i < count($_SESSION['file']['destination']); $i++){
                // Delete the image because the user is forced to reupload them anyway.
                unlink($_SESSION['file']['destination'][$i]);
              }

              $_SESSION['reason']="filetoolarge";
              header("Location: index.php?page=createproject");
              exit();
            }

          // Otherwise, inform the user.
          } else{
            for($i = 0; $i < count($_SESSION['file']['destination']); $i++){
              // Delete the image because the user is forced to reupload them anyway.
              unlink($_SESSION['file']['destination'][$i]);
            }

            $_SESSION['reason']="uploaderror";
            header("Location: index.php?page=createproject");
            exit();
          }

        // Otherwise, inform the user.
        } else{
          for($i = 0; $i < count($_SESSION['file']['destination']); $i++){
            // Delete the image because the user is forced to reupload them anyway.
            unlink($_SESSION['file']['destination'][$i]);
          }

          $_SESSION['reason']="invalidfile";
          header("Location: index.php?page=createproject");
          exit();
        }
      }

      // After all the files have been uploaded, if the header function doesn't work, use the session method to redirect to the complete page.
      if(!header("Location: index.php?page=createprojectconfirm")){
        $_SESSION['reason']="success";
        exit();
      }

    // Otherwise, inform the user.
    } else{
      $_SESSION['reason']="noinput";
      header("Location: index.php?page=createproject");
      exit();
    }
  } else{
    header("Location: index.php?page=admin");
    exit();
  }
  • 写回答

1条回答 默认 最新

  • dongxiao_0528 2019-02-22 12:48
    关注

    The issue lied in the first block of code. At the top there is an if statement to unset the session 'file' if the user has returned from the preview page. This contains a condition of if 'file' is set when loading the page. This scenario could also exist not just when the user has returned from the preview page because they choose to but also if there was an error. This if statement then reloads the page thus clearing the 'reason' session and the error doesn't show.

    I fixed it by editing the conditions of the if statement. By adding a check to make sure that the 'reason' session hasn't been set i.e, there was no error but the user chose to return:

    if(isset($_SESSION['file']) && !isset($_SESSION['reason'])){
        // For every image uploaded:
        for($i = 0; $i < count($_SESSION['file']['destination']); $i++){
          // Delete the image because the user is forced to reupload them anyway.
          unlink($_SESSION['file']['destination'][$i]);
        }
    
        // Unset the 'file' session now we don't need it anymore
        unset($_SESSION['file']);
        header("Location: index.php?page=createproject");
      }
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 arduino控制ps2手柄一直报错
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥85 maple软件,solve求反函数,出现rootof怎么办?
  • ¥15 求chat4.0解答一道线性规划题,用lingo编程运行,第一问要求写出数学模型和lingo语言编程模型,第二问第三问解答就行,我的ddl要到了谁来求了
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题
  • ¥20 求一个html代码,有偿
  • ¥100 关于使用MATLAB中copularnd函数的问题