File Upload system :: Reference only

Post by **dzcadii** » Sun Mar 01, 2015 6:31 pm

**This is BETA a revision is on the way. Please use this as a guide and modify as needed!!**

Here is a complete solution for uploading files

Requirements:

PHP
MYSQL
Write access to directory tree
2 Database tables (files, mime_types)SQL below

Code: Select all

-- 
-- Table structure for table `mime_types`
-- 

DROP TABLE IF EXISTS `mime_types`;
CREATE TABLE IF NOT EXISTS `mime_types` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `extension` varchar(5) NOT NULL,
  `type` varchar(100) NOT NULL,
  `aud_vid` int(11) NOT NULL,
  `access_type` int(1) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=41 ;

-- 
-- Dumping data for table `mime_types`
-- 

INSERT INTO `mime_types` (`id`, `extension`, `type`, `aud_vid`, `access_type`) VALUES 
(1, '.au', 'audio/basic', 1, 1),
(2, '.avi', 'application/x-troff-msvideo', 1, 0),
(3, '.bm', 'image/bmp', 0, 1),
(4, '.bmp', 'image/bmp', 0, 1),
(5, '.doc', 'application/msword', 0, 0),
(6, '.flp', 'application/FruityLoops Project', 1, 1),
(7, '.gif', 'image/gif', 0, 1),
(8, '.gz', 'application/x-gzip', 0, 0),
(9, '.gzip', 'application/x-gzip', 0, 0),
(10, '.jpe', 'image/jpeg', 0, 1),
(11, '.jpeg', 'image/jpeg', 0, 1),
(12, '.jpg', 'image/jpeg', 0, 1),
(13, '.kar', 'audio/midi', 1, 1),
(14, '.mid', 'audio/midi', 1, 1),
(15, '.mov', 'video/quicktime', 1, 0),
(16, '.mp2', 'audio/mpeg', 1, 1),
(17, '.mp3', 'audio/mpeg3', 1, 1),
(18, '.mpa', 'audio/mpeg', 1, 1),
(19, '.mpe', 'video/mpeg', 1, 1),
(20, '.mpeg', 'video/mpeg', 1, 0),
(21, '.mpg', 'video/mpeg', 1, 0),
(22, '.pdf', 'application/pdf', 0, 0),
(23, '.png', 'image/png', 0, 1),
(24, '.ppt', 'application/mspowerpoint', 0, 0),
(25, '.qt', 'video/quicktime', 1, 0),
(26, '.ra', 'audio/x-pn-realaudio', 1, 1),
(27, '.ram', 'audio/x-pn-realaudio', 1, 1),
(28, '.rmi', 'audio/mid', 1, 1),
(29, '.rtx', 'application/rtf', 0, 0),
(30, '.swf', 'application/x-shockwave-flash', 0, 0),
(31, '.tif', 'image/tiff', 0, 1),
(32, '.tiff', 'image/tiff', 0, 1),
(33, '.txt', 'text/plain', 0, 0),
(34, '.wav', 'audio/wav', 1, 1),
(35, '.wma', 'audio/x-ms-wma', 1, 1),
(36, '.wmv', 'video/x-ms-wmv', 1, 0),
(37, '.xls', 'application/excel', 0, 0),
(38, '.zip', 'application/zip', 0, 0),
(39, '.mp3', 'audio/x-mpeg', 1, 1),
(40, '.ppt', 'application/vnd.ms-powerpoint', 0, 0);

Code: Select all

-- 
-- Table structure for table `files`
-- 

DROP TABLE IF EXISTS `files`;
CREATE TABLE IF NOT EXISTS `files` (
  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'DB user ID',
  `UID` varchar(32) NOT NULL COMMENT 'user id',
  `File_Name` varchar(255) NOT NULL COMMENT 'file name',
  `File_ID` varchar(32) NOT NULL COMMENT 'file ID',
  `File_Type` varchar(50) NOT NULL COMMENT 'MIME type',
  `File_Path` varchar(255) NOT NULL COMMENT 'relative path to file',
  `File_Access` int(1) NOT NULL COMMENT 'access level of file',
  `File_DTG` varchar(100) NOT NULL COMMENT 'file upload date time group',
  `File_Size` varchar(11) NOT NULL,
  `Read_File_Size` varchar(10) NOT NULL,
  `File_Count` int(11) NOT NULL COMMENT 'file views',
  `Comments` longtext NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

Code: Select all

<?
/********************************
    files.class.php
********************************/
class files{
	var $Error;
        var $goback;

	function files(){
	}

	function file_form($UserInput){
		echo "<div align=\"center\"><form method=\"post\" action=\"$_SERVER[PHP_SELF]\" name=\"FileUpload\" enctype=\"multipart/form-data\"><table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" id=\"LoginTable\" bgcolor=\"#000000\" align=\"center\"><tr><td id=\"Upload\"><strong>**Information**</strong><br><i>Max upload file size is 10MB</i><br><br></td></tr><tr><td id=\"Upload\"><div align=\"center\">File to upload: <input type=\"file\" name=\"file_to_upload\"></div></td></tr><tr><td id=\"Upload\"><div align=\"center\">Access: <select name=\"Access\" id=\"select\"><option value=\"0\">Private</option><option value=\"1\">Public</option></select></div></td></tr><tr><td id=\"Upload\"><div align=\"center\">File Comments:</div></td></tr><tr><td colspan=\"2\" id=\"Upload\"><div align=\"center\"><textarea name=\"FileComments\" cols=\"50\" rows=\"10\"></textarea></div></td></tr><tr><td id=\"Upload\" colspan=\"2\"><div align=\"center\"><input type=\"submit\" value=\"Submit\"> <input type=\"reset\" value=\"Reset\"></div></td></tr></table></form></div>";
	}

	function add_file($UserInput){
                require_once('static.class.php');
		if(file_exists("upload/" . $_FILES['file_to_upload']['name']))
		{
			$this->file_form($UserInput);
			echo "<div align=\"center\"><font color=\"red\">The file already exists! Delete first!<br>Try again or $this->goback!</font></div>";
			$this->Error == true;
			exit;
			
		}
		else
		{
			//Add the file
			$this->move_temp_file = move_uploaded_file($_FILES['file_to_upload']['tmp_name'], "upload/" . $_FILES['file_to_upload']['name']);
				if(!$this->move_temp_file)
				{
					$this->file_form($UserInput);
					echo "<div align=\"center\"><font color=\"red\">There was a problem uploading your file!<br>Try again or $this->goback!<br>Contact support!</font></div>";
					$this->Error == true;
					exit;
				}
				else
				{
					//Add file information to database
					//Generate File ID
					$this->file_ID = md5($_SESSION['Path'] . "/" . $_FILES['file_to_upload']['name'] . date($_SESSION['UNIX_EP']));
					$this->file_path = $_SESSION['Path'] . "/" . $_FILES['file_to_upload']['name'];
					$Nfile_name = $_FILES['file_to_upload']['name'];
					$Nfile_type = $_FILES['file_to_upload']['type'];
					$Nfile_size = $_FILES['file_to_upload']['size'];
					
					$IVal = $_FILES['file_to_upload']['size'];
					$file_size = new static_class();
					$file_size->StaticFSize($IVal);
					$this->read_file_size = $file_size->FDS;

					$this->query_string = "INSERT INTO files (id, UID, File_Name, File_ID, File_Type, File_Path, File_Access, File_DTG, File_Size, Read_File_Size, File_Count, Comments) VALUES('0','$_SESSION[UID]', '$Nfile_name','$this->file_ID','$Nfile_type','$this->file_path','$UserInput[Access]','" . date($_SESSION['DTG']) . "','$Nfile_size','$this->read_file_size','0','" . addslashes($UserInput['FileComments']) . "')";
					$this->query = mysql_query($this->query_string);
						if(!$this->query)
						{
							$this->delete_file = unlink("upload/" . $_FILES['file_to_upload']['name']);
							$this->file_form($UserInput);
							$space_left_message = ($this->space_left <= "0") ? "You do not have any space left" : "Space left:" . $file_size->FDS;
							echo "<div align=\"center\"><font color=\"red\">Error adding file to database! No file uploaded! $this->goback</font></div>";
							$this->Error == true;
							exit;
						}
						else
						{
							$this->file_form($UserInput);
							echo "<div align=\"center\"><font color=\"red\">File upload complete!</font></div>";
							$this->Error == false;
						}
					
				}
		}
	}



	function validate_file($UserInput){
                require_once('static.class.php');
                $this->goback = "<a href=javascript:history.go(-1)><font color=red size=-2>(Go Back)</font></a>";
		$this->max_upload_size=pow(1024,2)*10;
	
		//Calculate the file size
		$file_size = new static_class();
		$IVal = $_FILES['file_to_upload']['size'];
		$file_size->StaticFSize($IVal);
		$UserInput['file_size'] = $file_size->FDS;
		
		//Check to see if user has enough space left
		$this->max_disk_space = pow(1024,2)*10;
		//Add all file sizes for user to compare
		$this->query_string = "SELECT sum(File_Size) FROM files WHERE UID='$_SESSION[UID]'";
		$this->query = mysql_query($this->query_string);
		$this->disk_space_used = mysql_result($this->query, 0);
			if($this->disk_space_used >= $this->max_disk_space)
			{
				$this->space_left = $this->max_disk_space - $this->disk_space_used;
				$IVal = $this->space_left;
				$file_size->StaticFSize($IVal);
				
				$this->file_form($UserInput);
				$space_left_message = ($this->space_left <= "0") ? "You do not have any space left" : "Space left:" . $file_size->FDS;
				echo "<div align=\"center\"><font color=\"red\">You do not have enough disk space to upload this file! Choose a smaller file to upload! $_SESSION[GO_BACK]<br><br><i>($space_left_message)</i></font></div>";
				$this->Error == true;
				exit;
			}
			//Check to see if the new file to upload will put over limit
			if($_FILES['file_to_upload']['size'] + $this->disk_space_used >= $this->max_disk_space)
			{
				$this->file_form($UserInput);
				echo "<div align=\"center\"><font color=\"red\">You do not have enough disk space to upload this file! Choose a smaller file to upload! $this->goback<br><br><i>($space_left_message)</i></font></div>";
				$this->Error == true;
				exit;
				
			}
		
		//Check to see if MIME is authorized
		$this->type = $_FILES['file_to_upload']['type'];
		$this->query_string = "SELECT * FROM mime_types WHERE type='$this->type'";
		$this->query = mysql_query($this->query_string);
		$this->num_rows = mysql_num_rows($this->query);
			if($this->num_rows == "")
			{
				$this->file_form($UserInput);
				echo "<div align=\"center\"><font color=\"red\">File type not allowed!<br>or<br>You did not select a file to upload!<br>Contact support! or $this->goback</font></div>";
				$this->Error == true;
				exit;
			}
			else
			{
				$this->mime_info = mysql_fetch_assoc($this->query);
				$UserInput['file_access'] = $this->mime_info['access_type'];
			}

		switch($UserInput){
	
			case ($_FILES['file_to_upload']['name'] == ""):
				$this->file_form($UserInput);
				echo "<div align=\"center\"><font color=\"red\">Please select a file to upload! or $this->goback</font></div>";
				$this->Error == true;
				break;
			
			case (!is_dir($_SESSION['Path'])):
				$this->create_dir = mkdir($_SESSION['Path'], 0755);
				if(!$this->create_dir)
				{
					$this->file_form($UserInput);
					echo "<div align=\"center\"><font color=\"red\">User directory does not exists!<br>Create directory failed!<br>Contact support!</font></div>";
					$this->Error == true;
					break;
				}
				else
				{
					$this->file_form($UserInput);
					echo "<div align=\"center\"><font color=\"red\">User directory created!<br>Try again or $this->goback!</font></div>";	
					$this->Error == true;
				}
				break;
				
			case ($UserInput['file_access'] == "0"):
				$this->file_form($UserInput);
				echo "<div align=\"center\"><font color=\"red\">$this->type is not allowed to be uploaded!<br>Try again or $this->goback!</font></div>";
				$this->Error == true;
				break;
				
			
				
		}
		//If any errors stop the script else move on to uploading
		if($this->Error === true)
		{
			exit;
		}
		else
		{
			$this->add_file($UserInput);
		}



	}
	
	function show_files(){
	}



}
?>

Code: Select all

<?
/**********************
    static.class.php
**********************/
class static_class{
	var $FDS;
function static_class(){
}
function StaticFSize($IVal){	
			$TFileS=$IVal;
			$Type=array("B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB");
			$Index=0;
				while($TFileS>=1024){
					$TFileS/=1024;
					$Index++;
				}
			$TFS=round($TFileS,2);
			$this->FDS=$TFS . $Type[$Index];				
	}
}
?>

Code: Select all

<?
/***************************
    index.php
***************************/
require_once('files.class.php');
$UserInput = array();
foreach($_POST as $key => $value){
$UserInput[$key] = $value;
}
$files = new files;
$files->validate_file($UserInput);
?>

Code: Select all

@charset "utf-8";
/* CSS Document */
body {
	margin:0px;
	}
	
td {
	font:11px Arial, Helvetica, sans-serif;
	color:#ffffff;
	}
	
a {
	color: #993300;
	}
	
a:hover {
	color: #5C743D;
	}
input	{
	background-color:#FFFFFF;
	color:#99CC66;
	border: double #000000;
}
#LoginTable {
	/*background-color:#0588B3;*/
	width:500px;
	border:solid;
	border-color:#000000;
	border-width:thin;
}
#Upload {
	border:groove;
	border-bottom-color:#000000;
}
#select{
	background-color:#FFFFFF;
	color:#99CC66;
	border: double #000000;
}