2013-05-12 119 views
1

爲什麼下面的代碼回顯「您的文件已成功加載」。當我嘗試上傳一個20MB的.gif文件時,實際上它應該被阻止,並且b)實際上沒有上傳?基本上,我試圖限制文件上傳類型,使用php的大小。第一頁有一張表格,最多可以提交10張照片。php無法阻止大文件上傳

<?php 
ini_set('display_errors', 'On'); 
error_reporting(E_ALL); 

$namebase = $_POST['projectID'].'_'; 

$ProjID = $_POST['projectID']; 

$counter = 0; 

function reArrayFiles(&$file_post) { 

    $file_ary = array(); 
    $file_count = count($file_post['name']); 
    $file_keys = array_keys($file_post); 

    for ($i=0; $i<$file_count; $i++) { 
     foreach ($file_keys as $key) { 
      $file_ary[$i][$key] = $file_post[$key][$i]; 
     } 
    } 

    return $file_ary; 
} 
if ($_FILES['userfile']) { 
    $file_ary = reArrayFiles($_FILES['userfile']); 

foreach ($file_ary as $file) { 
    $counter = $counter + 1; 
     print 'File Name: ' . $file['name']; 
     print 'File Type: ' . $file['type']; 
     print 'File Size: ' . $file['size']; 


    if (empty($file['name'])) { 
     break; /* You could also write 'break 1;' here. */ 
    } 

    $url_base=""; 
    $max_filesize = 1048576; // Maximum filesize in BYTES (currently 1MB). 
    $upload_path = '../dev/images/uploaded/'; // The place the files will be uploaded to (currently a 'files' directory). 
    $allowed_filetypes = array('.jpg','.JPG'); // These will be the types of file that will pass the validation. 
    $ext = substr($file['name'], strpos($file['name'],'.'), strlen($file['name'])-1);// Get the extension from the filename. 
    $a='photo'.$counter; 
    ${$a} = 'http:xxxxxxxxx'.$namebase.$counter.$ext; 

    if(!in_array($ext,$allowed_filetypes)) 
    die('The file type of '.$file['name'].' you attempted to upload is not allowed. <INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);">'); 
    // Now check the filesize, if it is too large then DIE and inform the user. 


    if(filesize($file['tmp_name']) > $max_filesize) 
     die($file['name'].' you attempted to upload is too large.<INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);">'); 

    // Check if we can upload to the specified path, if not DIE and inform the user. 
    if(!is_writable($upload_path)) 
     die('You cannot upload to the specified directory, please CHMOD it to 777.<INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);">'); 

    // Upload the file to your specified path. can rename here.move_uploaded_file(original file name, destination path and filename) 
if(move_uploaded_file($file['tmp_name'],$upload_path.$namebase.$counter.$ext)){ 
     echo '<b> '.$file['name'].'</b>'.' Accepted. Renamed '.'<b>'.$namebase.$counter.$ext.'</b>'.'<br>'; 
      // It worked. 
} 

     else 
     die('There was an error during the file upload. Please try again.'); // It failed :(. 


    } 
} 

echo 'Your files have been successfully loaded.<br>'; 

?> 
+0

我應該補充說,一個2mb jpg或其他文件類型會產生正確的消息(即'。$ file''name']''的文件類型,'你試圖上傳的文件類型是不允許的或者$ file ['name ']。'你試圖上傳太大。 – StormWater 2013-05-13 14:13:43

回答

0

這有可能是你的if ($_FILES['userfile'])是假的,所以它直接轉到文件的末尾;)

0

打印出$ _FILES數組

print_r($_FILES) 

,如果它爲空,那麼你將得到成功的消息。