I wrote a simple PHP class that may be used for uploading and deleting files or images. This code allows the programmer to set the destination, file name, required extension, and max file size. The PHP class checks the file validation with its own internal functions and stores the errors or will automatically print the errors on screen if that is how you want them handled.
PHP Simple File Manager
if (!class_exists('fileManager')) : class fileManager { //default settings private $destination = '/images/'; private $fileName = 'file.txt'; private $maxSize = '1048576'; // bytes (1048576 bytes = 1 meg) private $allowedExtensions = array('image/jpeg','image/png','image/gif'); // mime types private $printError = TRUE; public $error = ''; //START: Functions to Change Default Settings public function setDestination($newDestination) { $this->destination = $newDestination; } public function setFileName($newFileName) { $this->fileName = $newFileName; } public function setPrintError($newValue) { $this->printError = $newValue; } public function setMaxSize($newSize) { $this->maxSize = $newSize; } public function setAllowedExtensions($newExtensions) { if (is_array($newExtensions)) { $this->allowedExtensions = $newExtensions; } else { $this->allowedExtensions = array($newExtensions); } } //END: Functions to Change Default Settings //START: Process File Functions public function upload($file) { $this->validate($file); if ($this->error) { if ($this->printError) print $this->error; } else { move_uploaded_file($file['tmp_name'][0], $this->destination.$this->fileName) or $this->error .= 'Destination Directory Permission Problem.<br />'; if ($this->error && $this->printError) print $this->error; } } public function delete($file) { if (file_exists($file)) { unlink($file) or $this->error .= 'Destination Directory Permission Problem.<br />'; } else { $this->error .= 'File not found! Could not delete: '.$file.'<br />'; } if ($this->error && $this->printError) print $this->error; } //END: Process File Functions //START: Helper Functions public function validate($file) { $error = ''; //check file exist if (empty($file['name'][0])) $error .= 'No file found.<br />'; //check allowed extensions if (!in_array($this->getExtension($file),$this->allowedExtensions)) $error .= 'Extension is not allowed.<br />'; //check file size if ($file['size'][0] > $this->maxSize) $error .= 'Max File Size Exceeded. Limit: '.$this->maxSize.' bytes.<br />'; $this->error = $error; } public function getExtension($file) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $ext = finfo_file($finfo, $file['tmp_name']); finfo_close($finfo); return $ext; } //END: Helper Functions } endif;
Here are some examples of how it can be used to upload form files. For this example we will be uploading two images to two different directories.
//form data //$_FILES['profileimage'] //$_FILES['thumbnailimage'] //include the code above include('filemanager.php'); $imgUploader = new fileManager; $imgUploader->setDestination($_SERVER['DOCUMENT_ROOT'] . '/images/profiles/'); $imgUploader->setAllowedExtensions('image/jpeg'); $imgUploader->setFileName('user_profile.jpg'); $imgUploader->upload($_FILES['profileimage']); $imgUploader->setDestination($_SERVER['DOCUMENT_ROOT'] . '/images/thumbs/'); $imgUploader->setAllowedExtensions(array('image/jpg','image/gif','image/png')); $imgUploader->setFileName($_FILES['thumbnailimage']['tmp_name'][0]); $imgUploader->upload($_FILES['thumbnailimage']);
Notice, I didn't set $imgUploader->setPrintError to false, so it will automatically print errors on screen if they occur. If you wanted to handle your own error messages, you could do the following using the same above example:
//form data //$_FILES['profileimage'] //$_FILES['thumbnailimage'] //include the code above include('filemanager.php'); $imgUploader = new fileManager; $imgUploader->setPrintError(FALSE); //store errors $errors = ''; $imgUploader->setDestination($_SERVER['DOCUMENT_ROOT'] . '/images/profiles/'); $imgUploader->setAllowedExtensions('image/jpg'); $imgUploader->setFileName('user_profile.jpg'); $imgUploader->upload($_FILES['profileimage']); $errors .= $imgUploader->error; $imgUploader->setDestination($_SERVER['DOCUMENT_ROOT'] . '/images/thumbs/'); $imgUploader->setAllowedExtensions(array('image/jpg','image/gif','image/png')); $imgUploader->setFileName($_FILES['thumbnailimage']['tmp_name'][0]); $imgUploader->upload($_FILES['thumbnailimage']); $errors .= $imgUploader->error; if ($errors) print $errors;
Comments
You're not checking file mime type
Your validator is dependant on the correct file extension. This allows users to upload any type of file as long as they make sure to rename it .jpg, png , gif. This is a HUGE! security hole.You need to add mime type parsing to the uploaded files before processing.
Good call
Thanks for pointing that out. I updated the class above to check the file MIME TYPE instead. Requires PHP >= 5.3.0 now.
: It showsError Error:Extension is not allowed.:
Dear Sir,Error:Extension is not allowed. Please assist to gofurther.
Could you try it again?
I realized I copied from an older version of my file. You will want to update the classes "getExtension" function to the following (I updated the above as well):
is good
good class thanks
Good Class, going to test it
Hello, Thanks for this class looking very good