Home > Back-end >  php file size validation
php file size validation

Time:03-23

I would like to create in php file size validation for every single file. I used for loop to add attachments, and then created condition to check file, but it's not working. There's no error, but it send mail with oversized attachment, instead of stop. Without the size validation part, it sends mail without any problems.

For sending I used php mailer.


    <?php 
    ini_set('display_errors', '1');
    ini_set('display_startup_errors', '1');
    error_reporting(E_ALL);
     
    $honeypot = $_POST['honey'];
    $nameU = $_POST['name'];
    $email = $_POST['email'];
    $content = $_POST['message'];
    $phoneU = $_POST['phone'];
    //$fileUpload = $_POST['file'];
    $honeypot = trim($_POST["honey"]); 
     
    use PHPMailer\PHPMailer\PHPMailer;
    use PHPMailer\PHPMailer\SMTP;
    use PHPMailer\PHPMailer\Exception;
     
    require 'autoload.php';
     
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
    
        $mail = new PHPMailer; //From email address and name 
        $mail->From = $email ; 
     
        $mail->FromName = $nameU; //To address and name 
        $mail->addAddress("[email protected]");//Recipient name is optional
     
        $mail->isHTML(true); 
        $mail->Subject = "Zapytanie ze strony www"; 
        $mail->Body = "Telefon:$phoneU<br><br>Treść wiadomośći:<br>$content";
        $mail->AltBody = "Telefon:$phoneU\n$content"; 
        $maxsize = 2*1024*1024;
        $attachments =  $_FILES['uploaded-file']["name"];
        $acceptedFormats = array("doc", " docx" , "pdf" , "txt" , "odt",  "zip", "7z", "rar", "jpg", "jpeg");
    
      if(!empty($honeypot)) {
          echo "NO SPAM!"; 
          exit;
        }
    
    
       if(isset($attachments)) {
    
            for ($i=0; $i < count($attachments) ; $i  ) { 
            $fileTmpName = $_FILES['uploaded-file']["tmp_name"][$i]; 
            $filename = $_FILES['uploaded-file']["name"][$i];
            move_uploaded_file($fileTmpName,  "uploads/" . $filename);
            $mail-> AddAttachment("uploads/". $filename);
    
                         
    
    
            if( $_FILES['uploaded-file']["name"]['size'][$i] > $maxsize ) {
    
                echo "file is too big";
                die();
            }
    
            
            }//for end  
    
    
       } //isset end
    
    
       
    
    
    }//post end
    
    
    if(!$mail->send()) {
          echo "Mailer Error: " . $mail->ErrorInfo;
         exit();
    } 
    
            else {
            header("Location: sent.html");
                           
               exit();
    } 
    
    ?>

CodePudding user response:

What I can see here is that you used the "move_upload_file" way earlier before you checked for the file size. And that means the file will be uploaded before checking to see if it's bigger or not. It should be something like this;

if( $_FILES['uploaded-file']["name"]['size'][$i] > $maxsize ) {

            echo "file is too big";
            die();
        }else{
         move_uploaded_file($fileTmpName,  "uploads/" . $filename);
         $mail-> AddAttachment("uploads/". $filename);
}

CodePudding user response:

This is a copy paste error

$_FILES['uploaded-file']["name"]['size'][$i]

According to the PHP documentation, size is under $_FILES['uploaded-file'] and not $_FILES['uploaded-file']['name']. See @yuxufabio's comment.

And the if (isset($attachments)) check is a bit weird. It'll always return an array (meaning true) even if it's empty. What you probably mean is if the form variable itself is set or not

if (isset($_FILES['uploaded-file'])) {
for ($i = 0; $i < count($_FILES['uploaded-file']['name']); $i  ) { 

Lastly, you should be checking if there's an error, as the upload is not garuanteed to work at the fault of the client, such as an empty file or a network error

if ($_FILES['uploaded-file']['error'] !== UPLOAD_ERR_OK) continue;
...
if ($_FILES['uploaded-file']['size'][$i] > $maxsize) {
...
  • Related