\<?php // upload.php // Simple File uploader using HTTP PUT // // This app makes several assumptions: // 1. You have a folder named "upload" that is a child folder where this script resides. // 2. The web server has the ability to create files in that folder. You have to make sure permissions // are correct. // 3. Your web server allows this to work. // 4. This script will live in a folder that does not have write permission. // 5. You understand the perils of allowing scripts to run on your web server that allow people to // write arbitrary files that you don't have control over. // // Please read and understand all of the information here: // http://www.php.net/manual/en/features.file-upload.php // before going into production with this. Expect to spend time getting this right. // // Code to handle sending back HTTP response codes. See: // http://stackoverflow.com/questions/3258634/php-how-to-send-http-response-code // for more information. // // For 4.3.0 \<= PHP \<= 5.4.0 if (!function\_exists('http\_response\_code')) { function http\_response\_code($newcode = NULL) { static $code = 200; if($newcode !== NULL) { header('X-PHP-Response-Code: '.$newcode, true, $newcode); if(!headers\_sent()) $code = $newcode; } return $code; } } // // This is an arbitary limit. Your PHP server has it's own limits, which may be more or // less than this limit. Consider this an exercise in learning more about how your PHP // server is configured. If it allows less, then your script will fail. // // See: http://stackoverflow.com/questions/2184513/php-change-the-maximum-upload-file-size // for more information on file size limits. // $MAX\_FILESIZE = 5 \* 1024 \* 1024; // 5 megabyte limit -- arbitrary value based on your needs if ((isset($\_SERVER["HTTP\_FILENAME"])) && (isset($\_SERVER["CONTENT\_TYPE"])) && (isset($\_SERVER["CONTENT\_LENGTH"]))) { $filesize = $\_SERVER["CONTENT\_LENGTH"]; // get the base name of the file. This should remove any path information, but like anything // that writes to your file server, you may need to take extra steps to harden this to make sure // there are no path remnants in the file name. // $filename = basename($\_SERVER["HTTP\_FILENAME"]); $filetype = $\_SERVER["CONTENT\_TYPE"]; // // enforce the arbirary file size limits here // if ($filesize \> $MAX\_FILESIZE) { http\_response\_code(413); echo("File too large"); exit; } // // Make sure the filename is unique. // This will cause files after 100 of the same name to overwrite each other. // And it won't notify you. Don't depend on this logic for production. // You should code this to fit your needs. // if (file\_exists("upload/" . $filename)) { //echo("duplicate filename"); $i = 1; $path\_parts = pathinfo($filename); $filename = $path\_parts['filename'] . "\_" . $i . "." . $path\_parts['extension']; while(file\_exists("upload/" . $filename)) { $i++; if ($i \> 100) { break; } $filename = $path\_parts['filename'] . "\_" . $i . "." . $path\_parts['extension']; } } /\* PUT data comes in on the stdin stream \*/ $putdata = fopen("php://input", "r"); if ($putdata) { /\* Open a file for writing \*/ $tmpfname = tempnam("upload", "myapp"); $fp = fopen($tmpfname, "w"); if ($fp) { /\* Read the data 1 KB at a time and write to the file \*/ while ($data = fread($putdata, 1024)) { fwrite($fp, $data); } /\* Close the streams \*/ fclose($fp); fclose($putdata); $result = rename($tmpfname, "upload/" . $filename); if ($result) { http\_response\_code(201); echo("File Created " . $filename); } else { http\_response\_code(403); echo("Renaming file to upload/" . $filename . " failed."); } } else { http\_response\_code(403); echo("Could not open tmp file " . $tmpfname); } } else { http\_response\_code(403); echo("Could not read upload stream."); } } else { http\_response\_code(500); echo("Malformed Request"); } ?\>
Here is the PHP script that goes with the project (I hope)
Rob