JavaScript/jQuery FileUploader - Server-Side Implementation in PHP
Depending on whether the FileUploader sends Ajax requests or uses an HTML form to upload files, the server must be configured differently. Ready-to-use implementations for both these cases are given below.
See Also
Ajax Upload
<?php // Specifies the maximum size allowed for the uploaded files (700 kb) $max_file_size = 700*1024; // Specifies the path to the file // Here, "file" is a string specified in the FileUploader's "name" property $path_to_file = "images/".$_FILES['file']['name']; try { // Checks whether the array of uploaded files exists if(!isset($_FILES['file'])) { throw new Exception('File is not specified'); } // Checks that the file was successfully uploaded to the temporary directory if(!is_uploaded_file($_FILES['file']['tmp_name'])) { throw new Exception('Possible file upload attack'); } // Checks that the file size does not exceed the allowed size if($_FILES['file']['size'] > $max_file_size) { throw new Exception('File is too big'); } // Checks that the file is an image if(strpos($_FILES['file']['type'], "image") === false) { throw new Exception('Invalid file type'); } // Here, make sure that the file will be saved to the required directory. // Also, ensure that the client has not uploaded files with malicious content. // If all checks are passed, save the file. move_uploaded_file($_FILES['file']['tmp_name'], $path_to_file); } catch(Exception $e) { http_response_code(500); // Sends the error message to the client in JSON format echo json_encode($e->getMessage()); exit; } ?>
NOTE
The PHP function http_response_code can be used in PHP 5 since version 5.4.0. In earlier versions, use the header function instead.
See Also
HTML Form Upload
<?php // Checks whether the array of uploaded files exists // Here, "file" is a string specified in the FileUploader's name property if(!isset($_FILES['file'])) { exit; } // Specifies the maximum size allowed for the uploaded files (700 kb) $max_file_size = 700*1024; foreach($_FILES['file']['name'] as $k=>$f) { // Checks that the file was successfully uploaded to the temporary directory if(!is_uploaded_file($_FILES['file']['tmp_name'][$k])) { continue; } // Checks that the file size does not exceed the allowed size if($_FILES['file']['size'][$k] > $max_file_size ) { continue; } // Checks that the file is an image if(strpos($_FILES['file']['type'][$k], "image") === false) { continue; } // Specifies the path to the file $path_to_file = "images/".$_FILES['file']['name'][$k]; // Here, make sure that the file will be saved to the required directory. // Also, ensure that the client has not uploaded files with malicious content. // If all checks are passed, save the file. move_uploaded_file($_FILES['file']['tmp_name'][$k], $path_to_file); } // Redirects to another page header("Location: /index.php"); ?>
See Also
Chunk Upload
<?php $temp_files_location = "images/temp"; $target_location = "images/"; try { // Checks whether the array of uploaded files exists // Here, "file" is a string specified in the FileUploader's "name" property if(!isset($_FILES['file'])) { throw new Exception('File is not specified'); } if(!is_null($_POST['chunkMetadata'])) { // Gets chunk details $metaDataObject = json_decode($_POST['chunkMetadata']); // ... // Perform security checks here // ... // Creates a directory for temporary files if it does not exist if (!file_exists($temp_files_location)) { mkdir($temp_files_location); } $temp_file_path = $temp_files_location . "/" . $metaDataObject->FileGuid . ".temp"; // Appends the chunk to the file $content = file_get_contents($_FILES['file']['tmp_name']); file_put_contents($temp_file_path, $content, FILE_APPEND); // Checks that the file size does not exceed the allowed size if(filesize($temp_file_path) > 1024*400000) { throw new Exception('File is too large'); } // Saves the file if all chunks are received if($metaDataObject->Index == ($metaDataObject->TotalCount - 1)) { $target_file_path = $target_location . "/" . $metaDataObject->FileName; copy($temp_file_path, $target_file_path); } } } catch(Exception $e) { http_response_code(500); // Sends the error message to the client in JSON format echo json_encode($e->getMessage()); exit; } ?>
See Also
Feedback