Simple PHP Class used for uploading files and images

I wrote a simple PHP class that may be used for uploading and deleting files or images. This code allows the programmer to set the destination, file name, required extension, and max file size. The PHP class checks the file validation with its own internal functions and stores the errors or will automatically print the errors on screen if that is how you want them handled.

PHP Simple File Manager

if (!class_exists('fileManager')) : class fileManager {
 
  //default settings
  public $destination = '/images/';
  public $fileName = 'file.txt';
  public $maxSize = '1048576'; // bytes (1048576 bytes = 1 meg)
  public $allowedExtensions = array('image/jpeg','image/png','image/gif'); // mime types
  public $printError = TRUE;
  public $error = '';
 
  //START: Functions to Change Default Settings
  public function setDestination($newDestination) {
    $this->destination = $newDestination;
  }
  public function setFileName($newFileName) {
    $this->fileName = $newFileName;
  }
  public function setPrintError($newValue) {
    $this->printError = $newValue;
  }
  public function setMaxSize($newSize) {
    $this->maxSize = $newSize;
  }
  public function setAllowedExtensions($newExtensions) {
    if (is_array($newExtensions)) {
      $this->allowedExtensions = $newExtensions;
    }
    else {
      $this->allowedExtensions = array($newExtensions);
    }
  }
  //END: Functions to Change Default Settings
 
  //START: Process File Functions
  public function upload($file) {
 
    $this->validate($file);
 
    if ($this->error) {
      if ($this->printError) print $this->error;
    }
    else {
      move_uploaded_file($file['tmp_name'][0], $this->destination.$this->fileName) or $this->error .= 'Destination Directory Permission Problem.<br />';
      if ($this->error && $this->printError) print $this->error;
    }
  }
  public function delete($file) {
 
    if (file_exists($file)) {
      unlink($file) or $this->error .= 'Destination Directory Permission Problem.<br />';
    }
    else {
      $this->error .= 'File not found! Could not delete: '.$file.'<br />';
    }
 
    if ($this->error && $this->printError) print $this->error;
  }
  //END: Process File Functions
 
  //START: Helper Functions
  public function validate($file) {
 
    $error = '';
 
    //check file exist
    if (empty($file['name'][0])) $error .= 'No file found.<br />';
    //check allowed extensions
    if (!in_array($this->getExtension($file),$this->allowedExtensions)) $error .= 'Extension is not allowed.<br />';
    //check file size
    if ($file['size'][0] > $this->maxSize) $error .= 'Max File Size Exceeded. Limit: '.$this->maxSize.' bytes.<br />';
 
    $this->error = $error;
  }
  public function getExtension($file) {
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $ext = finfo_file($finfo, $file['tmp_name']);
    finfo_close($finfo);
    return $ext;
  }
  //END: Helper Functions
 
} endif;

Here are some examples of how it can be used to upload form files. For this example we will be uploading two images to two different directories.

//form data
//$_FILES['profileimage']
//$_FILES['thumbnailimage']
 
//include the code above
include('filemanager.php');
 
$imgUploader = new fileManager;
 
$imgUploader->setDestination($_SERVER['DOCUMENT_ROOT'] . '/images/profiles/');
$imgUploader->setAllowedExtensions('image/jpeg');
$imgUploader->setFileName('user_profile.jpg');
$imgUploader->upload($_FILES['profileimage']);
 
$imgUploader->setDestination($_SERVER['DOCUMENT_ROOT'] . '/images/thumbs/');
$imgUploader->setAllowedExtensions(array('image/jpg','image/gif','image/png'));
$imgUploader->setFileName($_FILES['thumbnailimage']['tmp_name'][0]);
$imgUploader->upload($_FILES['thumbnailimage']);

Notice, I didn't set $imgUploader->setPrintError to false, so it will automatically print errors on screen if they occur. If you wanted to handle your own error messages, you could do the following using the same above example:

//form data
//$_FILES['profileimage']
//$_FILES['thumbnailimage']
 
//include the code above
include('filemanager.php');
 
$imgUploader = new fileManager;
$imgUploader->setPrintError(FALSE);
 
//store errors
$errors = '';
 
$imgUploader->setDestination($_SERVER['DOCUMENT_ROOT'] . '/images/profiles/');
$imgUploader->setAllowedExtensions('image/jpg');
$imgUploader->setFileName('user_profile.jpg');
$imgUploader->upload($_FILES['profileimage']);
$errors .= $imgUploader->error;
 
$imgUploader->setDestination($_SERVER['DOCUMENT_ROOT'] . '/images/thumbs/');
$imgUploader->setAllowedExtensions(array('image/jpg','image/gif','image/png'));
$imgUploader->setFileName($_FILES['thumbnailimage']['tmp_name'][0]);
$imgUploader->upload($_FILES['thumbnailimage']);
$errors .= $imgUploader->error;
 
if ($errors) print $errors;

Tags:

Comments

Your validator is dependant on the correct file extension. This allows users to upload any type of file as long as they make sure to rename it .jpg, png , gif. This is a HUGE! security hole.You need to add mime type parsing to the uploaded files before processing.

Thanks for pointing that out. I updated the class above to check the file MIME TYPE instead. Requires PHP >= 5.3.0 now.

Dear Sir,Error:Extension is not allowed. Please assist to gofurther. 

I realized I copied from an older version of my file. You will want to update the classes "getExtension" function to the following (I updated the above as well):

  public function getExtension($file) {
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $ext = finfo_file($finfo, $file['tmp_name']);
    finfo_close($finfo);
    return $ext;
  }

good class thanks

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
If you have questions about anything on this site, you can find me on Google+: