Zymic Webmaster Forums > Adding A Random Value To An Uploaded Filename...

Full Version: Adding A Random Value To An Uploaded Filename...

Zymic Webmaster Forums > Web Design & Development > Server Side Scripting > PHP

Envy

Mar 28 2008, 01:47 AM

I'm using the upload script that is in Zymic's tutorial section (http://www.zymic.com/tutorials/php/creating-a-file-upload-form-with-php/) and want to modify the script so that it adds a random value to the filename so that if Person A uploads file.zip and then Person B also uploads a different file called file.zip it won't overwrite the first file.zip, preferably so the file is renamed something like file_XXXXXX.zip. Make sense?

Or, if this isn't possible, is it possible to modify it so that if someone tries to upload something with the same name as a file already in the specified folder, the upload fails?

I'm totally clueless on how to do either so any help would be appreciated.

Andrew

Mar 28 2008, 08:53 AM

I can't answer you're question, but I can help you decide which one is better. the random file name is better because if the upload fails, then the person uploading file.zip might think, HRM let me download this OTHER guys file.zip and OH LOOK it has his credit card number in it.

Lol, it probably wouldn't ever be that bad of a scenario but you never know. So thats why places like image shack, and rapidshare use random folders and filenames and weird server names to host the files, it's so people can't get into someone elses stuff.

svSurfer

Mar 29 2008, 07:45 PM

check this.

http://www.phpeasystep.com/workshopview.php?id=18

Jetteh22

Mar 29 2008, 07:59 PM

well.. i'm really not sure about this.. but it's obvious that the way you're thinking about doing it is much better than having somebody see that their filename is already used (like trippin said)...

But here is how I would do it...

CODE

session_start();
$sessid = session_id();
$filename = str_replace(".zip","_".$sessid.".zip",$filename);
session_destroy();

Where "asdfa3829.zip" then becomes "asdfa3829_487216bf3281ec76b27e48a79d359e46.zip"

If you want to hack it to a shorter length you can do this.. adding the substr_replace() function..

CODE

session_start();
$sessid = session_id();
$sessid = substr_replace($sessid,"",8);
$filename = str_replace(".zip","_".$sessid.".zip",$filename);
session_destroy();

On the substr replace function you just change the 8 to however many characters you want to be after the _ and before the .zip....

So now

asdfa3829.zip becomes asdfa3829_487216bf.zip

Or something similar to that... I just tested it out on my own server (without actually uploading the form.. I just gave $filename a value of "asdfa3829.zip" and did it from there and it worked perfectly fine for me.. The reason I would create a session and use the session_id() is because session ID is a good lengthy amount of characters including letters and numbers - that would pretty much make it impossible that it would ever over write even then..

I think :S

Envy

Apr 1 2008, 04:30 AM

Would it matter where I put that in the script, or can I just put it anywhere?

Jetteh22

Apr 1 2008, 04:51 AM

I would add it right after you get the file name from the form, that way it change the file name instantly.

mathew edison

Apr 6 2008, 01:53 AM

If you want to do it the complicated way then I suggest you use the following to obtain a list of the files in your folder $getdir = dir("./foldername"); . Then check the file that was input against all the files in the directory and trough the if else statement simple add a 1 behind the file name that was input. That's just me thinking the complicated way as all ways XD

Eldorik

Apr 28 2008, 02:48 AM

Or you can use file_exists($filename);

Jetteh22

Apr 28 2008, 09:01 AM

True, but he asked that already and that basically defeats the purpose of what he's trying to do.

Doing it that way will allow people to view other people's pictures.

ie: You go to upload "thishouse.jpg" on his upload form.

You get an error.

You go "Hmm i wonder what that files really IS..." So you go to "http://www.hisserver.com/thishouse.jpg" And.. you see someone elses pictures.

That's why with my UrURL.us I use the same thing I told him above - I just get the session_id(), shorten it, add it to the beginning of the file name so that now instead of

"thishouse.jpg"

it'll show up as "ad382nthishouse.jpg"

session_start();
$sessid = session_id();
$sessid = substr_replace($sessid,"",8);
$filename = str_replace(".zip","_".$sessid.".zip",$filename);
session_destroy();

Okay - Envy in case you still DO need help with this... Here is the way I do it (i edited mine and it works great)

CODE

session_start();
$sessid = session_id();
$sessid = substr_replace($sessid,"",8);

$filename = $sessid.$filename;
session_regenerate_id();
session_destroy();

Just add that BEFORE you do your move file function and it should work good.

Banjo

Apr 28 2008, 05:24 PM

What if the person tried to upload the same image twice?

Or is there a different session id everytime you go on site?

Jetteh22

Apr 28 2008, 06:37 PM

That's the beauty of the

session_regenerate_id();

it changes the session_id for each time they try to upload the picture.

Andrew

Apr 29 2008, 05:52 AM

what happens if two session ids created end up being the same? Does it just fail?

Jetteh22

Apr 29 2008, 06:18 AM

I don't know - I never had two session ID's end up being the same.

The chances of that are VERY unlikely considering... There are 26 letters + 10 numbers 0-9, mixed together in one string randomly...

Adding that + the file name the chances are probably worse off than winning the lotto.

What makes it harder is that the session id is like.. what, 20 characters long? So the chances that the session ID will end up producing the same final 8 characters in a lifetime are very slim to none.

If it happens though, i'll have to figure something out - Maybe check for the file and if it exists even AFTER that, it'll re-do the whole string adden thing.

Pioni-Sensei

May 26 2008, 11:10 AM

What if you do use file_exists()? and then if it exists, do something else with the name,
i think having totally random numbers is difficult because 1 faulty character messes up the whole system,,,
well i really don't know, i'd use file_exists()
btw, this is my own script ,, i made it before i saw this, so i don't know if it's any use for you guys...

CODE

if(is_dir("../photos/Thumbs/".$folderloads)){
                if(file_exists("../photos/Thumbs/".$folderloads."/".$photos[$num])){
                    $num++;
                    $nextimg = "<script type='text/javascript'>location.href='[[SITE]]/[[FOLDER]]/makeimg.php?num=".$num."&folder=".$folderloads."'</script>";
                    echo $nextimg;

                }else{
                    $save = $photos[$num];
                    $file = "../photos/".$folderloads."/".$photos[$num];
                    $view = makeimage($file, $save, "../photos/Thumbs/".$folderloads."/", $size, $size);

                    echo "<img src='".$view."' alt'".$photos[$num]."' /><br />";
                    echo "<br />";
                    $num++;
                }
            }else{
                mkdir("../photos/Thumbs/".$folderloads , 0766);
                $save = $photos[$num];
                $file = "../photos/".$folderloads."/".$photos[$num];
                $view = makeimage($file, $save, "../photos/Thumbs/".$folderloads."/", $size, $size);
                echo "<img src='".$view."' alt'".$photos[$num]."' /><br />";
                echo "<br />";
                $num++;
            }

$folderloads is the variable taken for the name of the album, where every album is in a seperate folder.
$photos is an array containing the scandir of $folderloads
well, yeah, owyeah the makeimage() function just creates thumbnails of 250x250;) not so important for this question i guess

IU actually think this is just a pointer, and you propably know what to do already, but this is what i thought of

Jetteh22

May 28 2008, 12:26 AM

I was keeping it simple.

I don't understand what you mean by:
think having totally random numbers is difficult because 1 faulty character messes up the whole system,,,

Using the session ID (which is what I did) produces a random creation of LETTERS & NUMBERS - WITHOUT any other characters.

There can be nothing faulty about that. The only faulty characters would be the ones that was in the users original filename (which I figured out after a while. Gotta fix that for the new UrURL.us when I get around to it).

We've said it before - By using the file_exists() and then changing IF the file is already taken this can give people the incentive to look up other peoples pictures. Say I wanted to upload "thing.jpg" - If it came out as "_asdfthing.jpg" where as another file I uploaded two days before came out regular then I would know that it is using that.

I could then see other people's pictures, whereas if EVERY file has a random string added onto it, then it wouldn't matter. I think it would be highly improbable for somebody to accidentally (or purposefully) view somebody elses pictures.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.