1

The following code uploads an image to a temp directory and check the filesize before it is added to the final directory. But if I upload a large file the script time out. How can I check the filesize even before the file is added to the temp directory?

    <?
$target_dir = "uploads/";
$new_file_name = time() . "_" . basename($_FILES["fileToUpload"]["name"]);
$target_file = $target_dir . $new_file_name;
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}

// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}

// Check file size
if ($_FILES["fileToUpload"]["size"]/1024 > 5000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}

// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}

// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
        header('Location: publish.php?photo=' . $new_file_name);
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";


        //debug
        echo "Upload: " . $_FILES["fileToUpload"]["name"] . "<br>";
        echo "Type: " . $_FILES["fileToUpload"]["type"] . "<br>";
        echo "Size: " . ($_FILES["fileToUpload"]["size"] / 1024) . " kB<br>";
        echo "Stored in: " . $_FILES["fileToUpload"]["tmp_name"];


    }
}


include('modules/head.php');

?>


<form action="sell.php" method="post" enctype="multipart/form-data">
    Select image to upload:
    <input type="file" name="fileToUpload" id="fileToUpload">
    <input type="submit" value="Upload Image" name="submit">
</form>
Joseph
  • 1,734
  • 6
  • 29
  • 51

3 Answers3

0

First of all you can limit allowed max upload size in php.ini

One more think - your can write javascript client code to verify file size before it would be sent on server

johnComUa
  • 11
  • 1
  • Thanks 1) I do not have access to php.ini. 2) The solution needs to work on browsers without javascript so the form cannot be exploited. – Joseph Feb 26 '15 at 23:14
  • You can try to set directives in your local .htaccess file: http://stackoverflow.com/questions/2992376/how-to-set-upload-max-filesize-in-htaccess – johnComUa Feb 27 '15 at 06:31
0
$file_size=($_FILES["fileToUpload"]["size"] / 1024);     // Output is in KB
Melebius
  • 6,183
  • 4
  • 39
  • 52
pratik shourabh
  • 11
  • 1
  • While this code snippet may be the solution, [including an explanation](//meta.stackexchange.com/questions/114762/explaining-entirely-‌​code-based-answers) really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. – Melebius Nov 30 '17 at 11:24
0

You need to set the value of upload_max_filesize and post_max_size in your php.ini :

 ; Maximum allowed size for uploaded files.
upload_max_filesize = 40M


; Must be greater than or equal to upload_max_filesize
post_max_size = 40M
After modifying php.ini file(s), you need to restart your HTTP server to use new configuration.

If you can't change your php.ini, you're out of luck. You cannot change these values at run-time; uploads of file larger than the value specified in php.ini will have failed by the time execution reaches your call to ini_set.

pratik shourabh
  • 11
  • 1