This PHP upload class can be used to build scripts and applications with the feature to upload files to a web server. The PHP script has features like: file-extension check, renaming files, file name validation, maximum file- size limitation, MIME type detection and a flexible error reporting system. The class is extremely easy to use and comes together with full working examples. Since version 2.x the is a multi upload class extension that makes it easier for the developer to upload multiple files.
Check the example files and the class files for additional update information. Since version 2.22 the class is written to handle requests if the PHP directive “register_globals=off”. There is also a class extension especially for photo uploads. The extension is uploads photos (images) and resize them to a given maximum width and height. Since version 2.26 there is support for the ImageMagick command line tools. This feature is an option and works faster then PHP functions from the GD library. Try the Script Demo here.
The name of the original (uploaded) file
The temporary name of the uploaded file
A switch do enable/disable MIME type detection
The directory where the file will be uploaded. A non existing directory will be created. Currently the is support for a new directory one level above the existing directory!
Set this var to true if an existing file should be replaced (default = false)
This var is used as a switch, possible setting y/n. In position ‘y’ the name is validated while using regular expressions.
Set this value to take care of the maximum length of a filename (default = 100)
This array holds all the file extensions allowed for an upload, you can add so much as you want.
An array with most common MIME types. Used to validate a file’s MIME type.
This var is used for output the allowed file extensions.
You need this var if your messages should be in an other language then English
This variable is required, it holds the error reported by $_FILES array.
Set this boolean if you want to (auto)rename a file (I use a timestamp as a random filename)
This var holds the new name after upload (note this name might be different from the uploaded file if you rename/copy the file)
Use this variable always if you save the filename in a database or in a variable!
This array acts as a container for all messages generated during the upload process.
Switch this boolean to create the upload directory if it doesn’t exist (one level up, read also the information about the variable >$upload_dir)
The constructor, sets the language, the rename boolean and empties the file extension string.
show_error_string($br = ‘<br />’)
This method is used to show all strings inside the message array
set_file_name($new_name = ”)
Checks if a custom filename exists, sets a default (new) filename or keeps the original one
upload($to_name = ”)
This method is used to handle the upload process, $to_name is an additional custom name parameter (works together with the rename boolean)
Checks the “spelling” of a filename, the length and if the name value is not empty.
Isolate the files extension with this method
Checks if the current MIME type is equal to the type from the extension
This method checks for a valid file extension
Use this method to build the “allowed” extensions string
This method is a group of functions which move the temporary file to his proper upload direction.
Check if the upload directory exists or not and if the boolean “$create_directory” is true the directory will be created.
This method checks if a file already exists
Simple function to show file information like: file size, file name, MIME type and image dimensions (if available)
Get the MIME type for a file. The function is using the Fileinfo extension or mime_content_type() for older systems.
A flexible function to delete an uploaded file.
create_file_field($element, $label = ”, $length = 25, $show_replace = true, $replace_label = ‘Replace old file?’, $file_path = ”, $file_name = ”, $show_alternate = false, $alt_length = 30, $alt_btn_label = ‘Delete image’)
A dynamic input/file form field with a switch to show a file or the form field.
This method is a multi language error selector, the property holds the error number
Change log for the PHP Upload Script
In all previous versions the class doesn’t check for (HTTP) upload errors very well. The error message was reported in a later state of the upload process and that was often too late. The script worked perfectly until it comes to upload errors. Today I changed the way how the class validates these upload errors inside the upload() method.
The old MIME type detection function was using a depreciated PHP function and wasn’t enabled by default. The new method get_mime_type() is using the new Fileinfo extension and mime_content_type() is used for backward compatibility. The REGEX pattern for the file name validation is updated, too.
In this version it’s possible to validate files by their native mime type. If you add the $the_mime_type into your upload script, the mime type will be checked otherwise not. We added in the main class file an array with the most important mime types and also the internal mime type variable. The method named validateMimeType() is new and the method validateExtension() is changed. Add also the new message no. 18 to the method error_text(). The basic example file is changed to use the new feature.
Added vars for file and directory permissions, check also the methods move_upload() and check_dir(). Method get_uploaded_file_info(): Replaced old \n line-ends with the PHP constant variable PHP_EOL. Method create_file_field(): Minor code clean up (better code formatting and replaced double with single quotes). Method error_text(): Older Dutch language messages are re-written, thanks Julian A. de Marchi. Added HTTP error messages (error 6-7 introduced with newer PHP versions, error no. 5 doesn’t exists).
If someone use more then one file upload at the same time while using the rename option there was a problem with the new name. The PHP function “sleep” takes care about unique filenames. I added a new method that outputs some html code which I often use if the file name is stored in a database. If there is a name defined as an argument the file field is replaced with a regular text field, note the new example file “upload_db_example.php”.
If the class is configured without filename validation and the file will not be renamed by the class or user, there is a problem if there are space characters in the name. I modified the method set_file_name() to take care of this.
To make this class compatible for server platforms without MIME_MAGIC support there is a validation now (get_uploaded_file_info()). A user (Brad Daily) notified me about that the regex pattern inside the method check_file_name() is to hard for several extension types. The check is not so important because there is also a check for extensions against the $extensions array, it’s fixed with a new regular expression pattern.
I added two more languages (for the messages) to the class: Brazilian Portuguese and Bulgarian, thanks Martin Bossev and Claudio Pereira for doing the translation jobs. All translations (except de, nl, en and fr) are stored in external files (directory “add_translations”). I noticed that the new function to create not existing directories is not working for the photo upload extension. This is fixed in this version. The method check_dir() is more flexible now and can be used for more locations. I modified the method process_image() from the photo_upload extension to use this check now.
The class has used the system() function before to execute the chmod command. This will result in problems if the php directive safe_mode is activated. A user suggested the use of the chmod() function instead, thanks Ignas for the comment! In this version its possible to create the upload directory if not exist (obe level above). This is useful is you need a directory for each user. The directory will be created if the boolean $create_directory is true.
The resize process of bigger images (> 1MB) inside the photo upload extension takes much of resources. A better way is the use of ImageMagick in place of the GD library. Just switch the new boolean $use_image_magick inside the photo_upload extension. The methods img_rotate() and thumbs() are modified to be used with ImageMagick commands. You need to have access to the command line (exec() command) to use this feature.
I modified the photo upload extension to make the script more intelligent. Now its possible to define the max. limit for the x and y size. The script will decide automatically which size (x or y) is not within the limit and will resize the image. I noticed that (after release of ver. 2.23) some people have problems which variable holds the filename after the upload is done. There is more information available now.
In this version it’s possible to use the rename function (timestamp) inside the multiple upload extension. In the same extension the filenames will be validated too. I fixed also a small bug inside regex pattern. Check the modified method upload_multi_files() and the new variables.
In this version is it possible to define a custom new name for the uploaded file. Check this updated methodes: error_text(), upload(), check_file_name(), existing_file() and the new one: set_file_name().
I changed the class to work with configurations where register_globals = off an added the German translations, thank you Dirk Klingenberg!
Added Spanish translations to the class, thanks Sergio for the translations.
I changed the upload() method to handle also unique filenames. This will happen if you set the var $rename_file on true. I added also some user friendly (dutch) messages to the main class. I isolated the function to get the file extension into a new method: function get_extension(). Notice the new extension: “foto_upload”, these are some easy to use functions to resize an rotate images. After the thumbnail and photo creation is done there is delete method to remove the (orig.) uploaded file.
The check_file_name() method tests now the string length and checks that the filename is not empty (I removed the file check from the upload method). The $message property is changed into an array. This array will be filled by the error_text() method (this method is a extended version of the old report_error() method). Inside this method you can switch the message by the new property $language to use translations for the output. The message output is done by the new show_error_string() method. I did also some cleaning work and (small) bug fixing in several methods. I changed the multi_upload_example to work with the new error reporting methods, too.
The method upload() has boolean function now. There is now a property to switch the method check_file_name() on or off. CHMOD = 0777 if the property $replace is set to “y”.
Added a new method: With “check_file_name()” the class will control if a filename uses only characters recognized by a regular file system.
Made this class more compact (removed some useless variables) and added a new method(show_extensions()) to the basic class. All messages are saved from now in the $message property (not replaced anymore) New in this release is the multi upload example, with an extended class is it possible to upload more then one file at the same time.
Now the class will check if a file already exists. Use the replace-property to overwrite an old file. Notice the checkbox inside the example file: Check this box to toggle the replace-property.
Added the $DOCUMENT_ROOT server variable to the $upload_dir in the example.php and added the ‘check_dir’ method to the class. In this version the user get an error if the defined upload-directory doesn’t exists.