Flux
-
Joined: 13 Oct 2006
Posts: 48
|
 Posted: Mon Feb 12, 2007 9:35 pm Post subject: Uploading a file |
 |
|
My file upload script works fine, except for one thing.
It's the only script in my arsenal that cannot read $_SESSION['s_username'] (as it is defined on my website, anyway) and that's critical for deciding where the file will go.
When a user uploads a file to my server, they need to be logged in so that it works.
The script that handles where the upload will go decides the location by interpreting the string:
"/files/" . $_SESSION['s_username'] . "/" . $medium . "/" . $_FILES['file']['name']
Where $medium is defined as either music, pics, video, or other, depending on the output of an if/elseif/elseif/else statement that deciphers the file type.
So, if a member by the username "joe" decides to upload "this.jpg" it should go to /files/joe/pics/this.jpg
But my upload script can't, as stated above, read $_SESSION['s_username'] so it tries to save it as /files//pics/this.jpg
It also needs to read the session information to determine if a file by the same name in the same folder already exists.
Here's the script in full, not including the html form, located on another page:
| Code: | <?php
if ((!isset($_SESSION['s_logged_n'])) || (!isset($_SESSION['s_username'])))
{
echo '<script>alert("Error: The script cannot identify a username.");</script>';
echo '<script>history.back(1);</script>';
}
else
{
if ($_FILES['file']['size'] < 20971520)
{
if ($_FILES['file']['error'] > 0)
{
echo "Error: " . $_FILES['file']['error'] . "<br />";
}
else
{
if (($_FILES['file']['type'] == "image/gif") OR ($_FILES['file']['type'] == "image/jpeg") OR ($_FILES['file']['type'] == "image/pjpeg") OR ($_FILES['file']['type'] == "image/png") OR ($_FILES['file']['type'] == "image/bmp") OR ($_FILES['file']['type'] == "image/x-emf")) {
$medium = "pics";
}
elseif (($_FILES['file']['type'] == "audio/mpeg") OR ($_FILES['file']['type'] == "audio/x-ms-wma") OR ($_FILES['file']['type'] == "audio/wav")) {
$medium = "music";
}
elseif (($_FILES['file']['type'] == "video/avi") OR ($_FILES['file']['type'] == "video/x-ms-wmv") OR ($_FILES['file']['type'] == "video/quicktime")) {
$medium = "video";
}
else {
$medium = "other";
}
if (file_exists("files/" . $_SESSION['s_username'] . "/" . $medium . "/" . $_FILES['file']['name']))
{
echo $_FILES["file"]["name"] . " already exists. You should rename it.";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"files/" . $_SESSION['s_username'] . "/" . $medium . "/" . $_FILES['file']['name']);
echo "Name: " . $_FILES['file']['name'] . "<br />";
echo "Type: " . $_FILES['file']['type'] . "<br />";
echo "Size: " . ($_FILES['file']['size'] / 1024) . " KB<br />";
echo "Stored in: " . "/files/" . $_SESSION['s_username'] . "/" . $medium . "/" . $_FILES['file']['name'];
}
}
}
else
{
echo 'Your file is bigger than 20 MB. That is, it's too big.';
}
}
?> |
So, I applied a failsafe, as you can see, at the top. As a result, all I get is a message window saying "Error: The script cannot identify a username."
Why is this script unable to read the session info?
(By the way, I have checked my login.php file to make sure that it defines that session information that is required, and as i said before, this upload.php script is the ONLY script that can't read it.)
Any help is as always appreciated.
_________________
My signature is so lame.
I think phpBB forums hates my laptop '.'; |
|
