Limit File Size in email form??

Hi all, I'm trying to limit the file size of an image submission and I keep
running into various problems. I've got most of it working, but I'm stumped
and I have a basic question as to WHY this works at all!

if ($_FILES['file']['size'] !="") {

if ($_FILES['file']['size']<=0) {
header("Location: /fileerror.php");
exit;
}
}


What I want to do is skip this function IF the user submits no file. Part
one works with the !="" condition, but two, which did work, does not when
nested. It stops checking file sizes and submits every size file.

I'm trying to modify Swanilda's tutorial: http://swanilda.com/unix2.html

And using form file's input hidden value:
Code:
<input type="hidden" name="MAX_FILE_SIZE" value="5000" border="0">

WITH this check:
if ($HTTP_POST_FILES['file']['size'] <=0)
{
print "<h2><b>Your picture was not received.</b></h2><br>";
print "The file size was larger than 5k.<br>";
print "Reduce the size and resubmit.";
}


First of all, I don't want to stop the post if the field is empty, so that
is problem 1. But I also don't understand why this code works. This code
blocks an empty file [<=0], but why or how does it check to see that the
file is not larger than that the max file size value of 5k? I don't see a
comparative function or operator here. Why shouldn't you have to write
something like:
Code:
if ($HTTP_POST_FILES['file']['size'] >5000k) or
if ($HTTP_POST_FILES['file'] > ['size'] ) THEN do this?


How is the size value placing a limit on the file size? This code is
probably much simpler than I'm making it out to be, but I've been on 15
sites trying to get this right, and most of the searches are for uploading
files, which I'm not doing. I'm sending them via email.


What I eventually want to do is just prevent submissions IF the user submits
a file and it is larger than 3 megs...
Thank YOU in advance,
Jeff
_________________


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

"Jefferis NoSpamme" <jefferisp7@hotmail.com> wrote in message
news:C0CDEDB8.4424A%jefferisp7@hotmail.com...
> Hi all, I'm trying to limit the file size of an image submission and I
> keep
> running into various problems. I've got most of it working, but I'm
> stumped
> and I have a basic question as to WHY this works at all!
>
> if ($_FILES['file']['size'] !="") {
>
> if ($_FILES['file']['size']<=0) {
> header("Location: /fileerror.php");
> exit;
> }
> }
>
>
> What I want to do is skip this function IF the user submits no file. Part
> one works with the !="" condition, but two, which did work, does not when
> nested. It stops checking file sizes and submits every size file.
>
> I'm trying to modify Swanilda's tutorial: http://swanilda.com/unix2.html
>
> And using form file's input hidden value:
> Code:
> <input type="hidden" name="MAX_FILE_SIZE" value="5000" border="0">

Here's a magical line that tells user agent (browser) not to post files
larger than 5000. In this case $_FILES['file']['error'] should contain the
value of UPLOAD_ERR_FORM_SIZE .


> WITH this check:
> if ($HTTP_POST_FILES['file']['size'] <=0)
> {
> print "<h2><b>Your picture was not received.</b></h2><br>";
> print "The file size was larger than 5k.<br>";
> print "Reduce the size and resubmit.";
> }
>
>
> First of all, I don't want to stop the post if the field is empty, so that
> is problem 1. But I also don't understand why this code works. This code
> blocks an empty file [<=0], but why or how does it check to see that the
> file is not larger than that the max file size value of 5k? I don't see a
> comparative function or operator here. Why shouldn't you have to write
> something like:
> Code:
> if ($HTTP_POST_FILES['file']['size'] >5000k) or
> if ($HTTP_POST_FILES['file'] > ['size'] ) THEN do this?
>
>
> How is the size value placing a limit on the file size? This code is
> probably much simpler than I'm making it out to be, but I've been on 15
> sites trying to get this right, and most of the searches are for uploading
> files, which I'm not doing. I'm sending them via email.
>
>
> What I eventually want to do is just prevent submissions IF the user
> submits
> a file and it is larger than 3 megs...
> Thank YOU in advance,
> Jeff

If you want to hard limit to 3 megs, you can just adjust this:
<input type="hidden" name="MAX_FILE_SIZE" value="5000" border="0">
to
<input type="hidden" name="MAX_FILE_SIZE" value="3000" border="0">


If you wanna do really good errormessages, try something similar to what I
did with a file uploader. "liite" is the name of my file field:

switch($_FILES['liite']['error']){
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
echo "File {$_FILES['liite']['name']} upload failed because the
filesize (".number_format($_FILES['liite']['size']/1024,1)." kb) is too big.
Please contact administration.";
break;
case UPLOAD_ERR_PARTIAL:
echo "File {$_FILES['liite']['name']} upload failed because file was
only partially transmitted. Please contact administration.";
break;
case UPLOAD_ERR_NO_TMP_DIR:
case UPLOAD_ERR_CANT_WRITE:
echo "File {$_FILES['liite']['name']} upload failed because of
server error. Please contact administration.";
break;
case UPLOAD_ERR_OK:
echo "File {$_FILES['liite']['name']} upload sucessful";
break;
case UPLOAD_ERR_NO_FILE:
default:
break;
}

And do check out the manual.
http://fi.php.net/manual/en/features.file-upload.php

On 7/3/06 3:23 AM, in article VB3qg.13310$_u1.2178@reader1.news.jippii.net,
"Kimmo Laine" <spam@outolempi.net> wrote:

Thank you for the help Kimmo.
>
> Here's a magical line that tells user agent (browser) not to post files
> larger than 5000. In this case $_FILES['file']['error'] should contain the
> value of UPLOAD_ERR_FORM_SIZE .
>
I have read that the browser function on file size is not reliable and
works only on some browsers. I think I'm having a problem understanding how
the Max_File_Size value field is functioning and what it communicates to the
server. I looked up that reserved word on php and it isn't a php function,
but apparently is a server html function... Is the error value added by a
$var definition on the php page or is it fed to the php target by the Max
File form field???

Thanks
Jeff
>
> If you want to hard limit to 3 megs, you can just adjust this:
> <input type="hidden" name="MAX_FILE_SIZE" value="5000" border="0">
> to
> <input type="hidden" name="MAX_FILE_SIZE" value="3000" border="0">
>
>
> If you wanna do really good errormessages, try something similar to what I
> did with a file uploader. "liite" is the name of my file field:
>
> switch($_FILES['liite']['error']){
> case UPLOAD_ERR_INI_SIZE:
> case UPLOAD_ERR_FORM_SIZE:
> echo "File {$_FILES['liite']['name']} upload failed because the
> filesize (".number_format($_FILES['liite']['size']/1024,1)." kb) is too big.
> Please contact administration.";
> break;
> case UPLOAD_ERR_PARTIAL:
> echo "File {$_FILES['liite']['name']} upload failed because file was
> only partially transmitted. Please contact administration.";
> break;
> case UPLOAD_ERR_NO_TMP_DIR:
> case UPLOAD_ERR_CANT_WRITE:
> echo "File {$_FILES['liite']['name']} upload failed because of
> server error. Please contact administration.";
> break;
> case UPLOAD_ERR_OK:
> echo "File {$_FILES['liite']['name']} upload sucessful";
> break;
> case UPLOAD_ERR_NO_FILE:
> default:
> break;
> }
>
> And do check out the manual.
> http://fi.php.net/manual/en/features

~~~~~~~~~~~~
Jefferis Peterson, Pres.
Web Design and Marketing
http://www.PetersonSales.com



----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

"Jefferis NoSpamme" <jefferisp7@hotmail.com> wrote in message
news:C0CE95E1.44278%jefferisp7@hotmail.com...
> On 7/3/06 3:23 AM, in article
> VB3qg.13310$_u1.2178@reader1.news.jippii.net,
> "Kimmo Laine" <spam@outolempi.net> wrote:
>
> Thank you for the help Kimmo.
>>
>> Here's a magical line that tells user agent (browser) not to post files
>> larger than 5000. In this case $_FILES['file']['error'] should contain
>> the
>> value of UPLOAD_ERR_FORM_SIZE .
>>
> I have read that the browser function on file size is not reliable and
> works only on some browsers. I think I'm having a problem understanding
> how
> the Max_File_Size value field is functioning and what it communicates to
> the
> server. I looked up that reserved word on php and it isn't a php function,
> but apparently is a server html function... Is the error value added by a
> $var definition on the php page or is it fed to the php target by the Max
> File form field???

Assuming your file field looks something like this:
<input type="file" name="myfile">
The error code is, like I explained the first time, in the $_FILES array
under $_FILES['myfile']['error'].

if( $_FILES['myfile']['error']==UPLOAD_ERR_FORM_SIZE ){
echo "too big file";
}

You also get the size of the file in $_FILES['myfile']['size'] which you can
test to see if it's too big. In your case 3 megs = 3*1024*1024 bytes =
3145728

if( $_FILES['myfile']['size'] > 3145728 ){
echo "too big file";
}

--
"ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" -lpk
spam@outolempi.net | Gedoon-S @ IRCnet | rot13(xvzzb@bhgbyrzcv.arg)

On 7/4/06 2:21 AM, in article 6Onqg.13834$XK2.11624@reader1.news.jippii.net,
"Kimmo Laine" <spam@outolempi.net> wrote:

> The error code is, like I explained the first time, in the $_FILES array
> under $_FILES['myfile']['error'].


Thank you. That was the missing piece to my understanding. I didn't realize
these file's values were seen automatically as an array. I was interpreting
the $_Files['size'] as a value passed from the form Max_File_Size field's
hidden variable and not from the file itself.


~~~~~~~~~~~~
Jefferis Peterson, Pres.
Web Design and Marketing
http://www.PetersonSales.com



----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

On 7/4/06 2:21 AM, in article 6Onqg.13834$XK2.11624@reader1.news.jippii.net,
"Kimmo Laine" <spam@outolempi.net> wrote:

> Assuming your file field looks something like this:
> <input type="file" name="myfile">
> The error code is, like I explained the first time, in the $_FILES array
> under $_FILES['myfile']['error'].
>
> if( $_FILES['myfile']['error']==UPLOAD_ERR_FORM_SIZE ){
> echo "too big file";
> }


Thank you again Kimmo. I got it to work finally. The problem I believe is
that I was trying to use filesize($myfile) and other functions which have
to do with a file that is already uploaded to the server. When I tried to
use filesize() to the file, the error came back " no such file."

When I tried to apply your code straight, it failed on the server error:
case UPLOAD_ERR_NO_TMP_DIR:
case UPLOAD_ERR_CANT_WRITE:
echo "File {$_FILES['liite']['name']} upload failed because of
server error. Please contact administration.";

I assume the problem is that I have not given permissions for a file upload
to reside on the server, as that was not my goal. I'm not entirely sure how
this pass through function works with email, but I believe it is only a
temporary directory, and it is handled automatically by my server. So I
could not check file sizes with a lot of the functions in the uploading a
file section of php manual. It has to be done on the fly, so to speak, and
yes your code:
> if( $_FILES['myfile']['error']==UPLOAD_ERR_FORM_SIZE ){
>> echo "too big file";
>> }

Worked perfectly. Thanks again,

Jeff
~~~~~~~~~~~~
Jefferis Peterson, Pres.
Web Design and Marketing
http://www.PetersonSales.com



----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----