Adding Multiple Images to Custom form To be sent to Admin Email

[mutinyzoo]

In the updated version of the plugin I included a simple example htaccess page to include in the images/uploads directory:

Code:

# To prevent malicious uploads, replace or add to the contents of .htaccess file in images/uploads directory with this one  
# Edit FilesMatch list below as needed
# Be sure the file is named .htaccess and not just htaccess

# secure uploads directory
<Files ~ ".*\..*">
	Order Allow,Deny
	Deny from all
</Files>
<FilesMatch "\.(jpg|jpeg|jpe|gif|png|tif|tiff)$">
	Order Deny,Allow
	Allow from all
</FilesMatch>

[dw08gm]

Mutinyzoo

The security side is largely covered by the link provided in Post 3 of this thread. I feel there is no need to reinvent the wheel.

Just to clarify the upload test, the error message I received was for trying to upload an image of size 2040Kb (ie > 2Mb). I then proceeded to upload a slightly smaller image (ie < 2Mb), which succeeded with no error message.

cheers

[mutinyzoo]

I actually think that 2040kb translates to a tiny bit smaller than 2mb at least in UNIX terms. https://wiki.ubuntu.com/UnitsPolicy. Is used this converter.

[mutinyzoo]

Inspired by above commentary from dw08gm, I've added some php code to verify acceptable extensions.

At the moment the array of extension is just residing here in the header_php.php file. Could someone tell me where a better place to hold it would be, if the user is modifying it by hand?

Code:

$acceptable_extensions = array(
	jpg, jpeg, gif, png, bmp, pdf, il, psd
	);
	foreach($_FILES as $key => $file) {
	$file_ext = basename($_FILES['uploaded_file']['name']); 
	$ext = substr($file_ext, strrpos($file_ext, '.') + 1);
	 if ((zen_not_null($_FILES[$key]['tmp_name'])) && (in_array($ext, $acceptable_extensions))
	 		&& $_FILES[$key]['tmp_name'] != 'none') {
		  if ($_FILES[$key]['size'] <= MAX_FILE_UPLOAD_SIZE) {
				  if ($upload = new upload($key, DIR_FS_UPLOADS)) {
				$att_array[] = array('file' => $upload->destination . $upload->filename, 'name' => $upload->filename);
			}
			} else {
			$Max_Size_Exceeded = $_FILES['uploaded_file']['name']." exceeds maximum file size of ".((MAX_FILE_UPLOAD_SIZE/1024)/1000)."MB. ";
				  $messageStack->add('image_to_contact', $Max_Size_Exceeded.FILE_SIZE_CHECK_ERROR);
				return false;
		  }//EOF Filesize check
	  }else{
		if ( zen_not_null($_FILES[$key]['tmp_name']) && ($_FILES[$key]['tmp_name'] != 'none') ) {
		$Unacceptable_Extension_Submitted = $_FILES['uploaded_file']['name']." contains the unnacceptable extension $ext.
		Please submit a version with one of the following extensions: ".implode(", ", $acceptable_extensions);
			  $messageStack->add('image_to_contact', $Unacceptable_Extension_Submitted.FILE_EXTENSION_SUBMISSION_ERROR);
			return false;
		}//EOF if acceptable extension
	  }
	}

Thanks a bunch.

Mike

[dw08gm]

I actually think that 2040kb translates to a tiny bit smaller than 2mb at least in UNIX terms. https://wiki.ubuntu.com/UnitsPolicy. Is used this converter.

Forgot about the conversion factor (2040 <2048). But then whatever I did seemed to work.

Nevertheless LadyBugMom provided a complete set of working files for file uploads. The only question I have is whether this file set is compatible with latter upgrades of php, mysql etc. This is not something that I have looked into.

cheers

[DigitalShadow]

Great work with what has been made so far, what I'm trying to do now is modify the code to enable me to append something to the uploaded file name.

as the upload form uses classes/uploads.php I don't think this is possible, I think I would have to upload without using the uploads.php file.

What i am working towards is merging this image upload with http://www.zen-cart.com/downloads.php?do=file&id=109

Essentially enabling customers to ask a question on their order and upload an image should they want to.


The image file name could be renamed and its new numerical filename be stored in the Table: orders_status_history

Then the file could be shown as a link in the admin with his customer comment.

[DigitalShadow]

As the customer is logged in to use order questions, the order number will be available

The files could be uploaded into a folder name = to the order number

But again to do that, I need to be able to modify either the filename or the upload directory.

I think to do this I need to not use classes/uploads.php

any thoughts?

[DrByte]

Yes, you can still use the upload class, but will have to do the upload handling manually.

Instead of saying

Code:

$var = new upload($key, DIR_FS_UPLOADS);

Use something like this instead:

Code:

$var = new upload; // without any parameters, it doesn't auto-upload and keep the same filename
$var->set_file = $key;
$var->set_destination=DIR_FS_UPLOADS;
if ($var->parse() == true) {
  $var->set_filename('put the filename and extension here'); // this is where you manually supply the whole filename
  $var->save();
} else {
  //die('could not manage uploads');
}

[DigitalShadow]

Code:

$var = new upload; // without any parameters, it doesn't auto-upload and keep the same filename
$var->set_file = $key;
$var->set_destination=DIR_FS_UPLOADS;
if ($var->parse() == true) {
  $var->set_filename('put the filename and extension here'); // this is where you manually supply the whole filename
  $var->save();
} else {
  //die('could not manage uploads');
}

I would need to use the same extension as the originally uploaded file?

to start with I'm trying to get the uploaded file name to have test placed before it.

so image.jpg would become testimage.jpg

once I have got the basics, i could try putting the $order_id instead of test...

Code:

	$file_ext = basename($_FILES['uploaded_file']['name']); 
	$ext = substr($file_ext, strrpos($file_ext, '.') + 1);
        $newname = 'test';
        $filename = $newname.$file_ext;

$var = new upload; // without any parameters, it doesn't auto-upload and keep the same filename
$var->set_file = $key;
$var->set_destination=DIR_FS_UPLOADS;
if ($var->parse() == true) {
  $var->set_filename('$filename'); // this is where you manually supply the whole filename
  $var->save();
} else {
  //die('could not manage uploads');
}

[DrByte]

For starters,

Code:

$var->set_filename('$filename');

should be

Code:

$var->set_filename($filename);