COM372: Notes, Chapter 18

Interacting with the File System and the Server
pages 401-418

Uploading Files: You can send a local file to the server using a form. The listing 18.1 shows how to do this, and this is repeated here:
<html><head><title>Form Upload</title></head>
<body>
<h1>Upload a file<h1>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
Upload this file:<input type="file" name="userfile">
<input type="submit" value="upload file">
</form></body></html>

Note the use of POST, the attribute enctype, the hidden field to send the maximum file size, and the input of type file.

Is it obvious that you should restrict file uploads to trusted administrators?

PHP to catch the file (in PHP 5) is listed in Listing 18.2. Uploaded files go to a temporary internet file storage area and are deleted if you do not do something with them. Files are handled using data stored in the superglobal $_FILES array. For a file passed with the form input "userfile," $_FILES will contain this data:

• $_FILES['userfile']['tmp_name']—temporary storage name on the server
• $_FILES['userfile']['name']—file name on the user's system
• $_FILES['userfile']['size']—size of the file in bytes
• $_FILES['userfile']['type']—MIME type of file (e.g., text/plain or image/gif)
• $_FILES['userfile']['error']—error code

Listing 18.2 is a script to recieve this file and file it on the server. This script includes means to specify where the file will go
$upfile='/my_file_directory/'.$_FILES['myuserfile']['myfilename'];
as well as error control in case the file cannot be moved from temporary storage to the specified directory, and a mechanism for echoing file content. Error checking on the upload generates codes, listing on p. 406, with associated constants, as

• UPLOAD_ERROR_OK, value 0—no error
• UPLOAD_ERR_INI_SIZE, value 1—size of file exceeds maximum allowed by php.ini upload_max_file-size
• UPLOAD_ERR_FORM_SIZE, value 2—size of file excees maximum specified in HTML form MAX_FILE_SIZE
• UPLOAD_ERR_PARTIAL, value 3—file only partially uploaded
• UPLOAD_ERR_NO_FILE, value 4—no file was uploaded

Be careful and paranoid here, taking steps such as authenticating users, limiting permissions to trusted users, rewriting file names, placing files outside of the web root directory, etc. (p. 407-8).

Directory functions: PHP directory and file system functions help users see and manipulate uploaded files.

• Reading from directories—Listing 18.3 allows direct browsing up uploaded content. That is, it produces a list of all files in a directory, using opendir() (opens directory for reading), closedir() (closes directory), and readdir() (reads ) functions. Rewinddir ($dir) resets the reading for filenames to the beginning of the directory. Alternatively, you can use the php dir class, with methods read(), close(), and rewind().
• Obtaining current directory—Dirname($path) and basename($path) return the path directory and path filename, which can be used to build complete directory trees. Disk_free_space ($path) indicates how much space is left for uploads (free space left on disk under Windows OS).
• Creating & deleting directories—Mkdir() and rmdir() allow you to make and remove directories in paths that the user of the script has access to (determined by server OS and permissions); mkdir() includes the desired new directory and permissions (p. 410-11).

Interacting with the File System: Once you have information about directories, you can also get information about files. Listing 18.3 includes a loop to read files names
while ($file = readdir($dir))
{
echo '<a href="filedetails.php?file='.$file.'">'.$file.'</a><br />';
}
Listing 18.4 breaks into this loop and generates several pieces of information about individual files, using functions including

• basename()—returns file name without directory (use dirname() to get directory name without file)
• fileatime() and filemtime()—return timestamps for last file access and last file modified.
• fileowner() and filegroup()—return user ID (uid) and group ID (gid) of the file
• filesize()—file size in bytes

and several others, with the caveate that some of the functions are not supported under windows OS (p. 411-414). These properties can be changes in unix environments, but not in windows (p. 414); files may also be created, moved, or deleted using touch() to create or alter time last modified, unlink () to delete, or copy() and rename() to move files. In windows, system ("del filename.ext"); replaces unlink () (p. 414).

Server Command Execution Functions: You can execute command-line instructions to the server

• exec()—passes a command line to the server
• passthru()—echoes a string command on the browser (making binary commands visible, for example, but returning nothing else).
• system()—echoes output of the command to the browser (like passthru()) and flushes the output after each line, returning the last line of the output when successful or false when not successful.

These are illustrated in listing 18.5 (p. 416-7).

Server environment variables: The function phpinfo(); generates a list of all PHP environment variables. Individual variables can be obtained using, for example getenv("variable_name"); these can also be set using putenv().