1. 首页
  2. 问答
  3. 无法上传文件中的CakePHP 2

无法上传文件中的CakePHP 2

2012-05-12 48 views
1

我想在我的CakePHP程序纳入上传功能。我之前为一个原始的PHP项目创建了一个,并决定重用该代码,因为我知道它的工作原理。代码如下:无法上传文件中的CakePHP 2

$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); 
    $max_filesize = 1000000; // Maximum filesize in BYTES 
    $upload_path = './files/'; 

    $filename = $_FILES['userfile']['name']; 
    $desiredname = $_POST['desiredname']; 
    $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); 

    $savedfile = $desiredname.$ext; 

    // Check if the filetype is allowed, if not DIE and inform the user. 
    if(!in_array($ext,$allowed_filetypes)) 
     die('The file you attempted to upload is not allowed.'); 

    // Now check the filesize, if it is too large then DIE and inform the user. 
    if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize) 
     die('The file you attempted to upload is too large.'); 

    // Check if we can upload to the specified path, if not DIE and inform the user. 
    if(!is_writable($upload_path)) 
     die('You cannot upload to the specified directory, please CHMOD it to 777.'); 

    // Upload the file to your specified path. 
    if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $savedfile)) 
     echo 'Your file upload was successful, view the file <a href="' . $upload_path . $savedfile . '" title="Your File">here</a>'; // It worked. 
    else 
     echo 'There was an error during the file upload. Please try again.'; // It failed :(.

我把这段代码放到我想上传的页面的控制器中。我已经使用了表单助手在CakePHP中产生的形式,主要内容如下:

<?php 
     echo $this->Form->create('Customer', array(
      'class' => 'form-horizontal', 
      'action' => 'add', 
      'enctype' => 'multipart/form-data' 
     )); 

     echo $this->Form->input('filename', array(
      'type' => 'text', 
      'label' => 'Filename', 
      'class' => 'span5' 
     )); 
     echo $this->Form->input('file', array(
      'between' => '<br />', 
      'type' => 'file' 
     )); 
     echo $this->Form->end('Save Changes', array(
      'label' => false, 
      'type' => 'submit', 
      'class' => 'btn btn-primary' 
     )); 

     echo $this->Form->end(); 
    ?>

我已经改变到田间地头的任何引用在我的旧代码,以反映该项目中使用形式的变化。然而,我得到以下错误,当我提交表单:

通知(8):未定义指数:CustomerFile [APP \控制器\ CustomersController.php,线148]

通知(8):未定义的索引:CustomerFilename [APP \控制器\ CustomersController.php,线149]

在控制器中的代码,我已(再次)改变表单字段使用以下:

$filename = $this->request->data['CustomerFile']['name']; 
$desiredname = $this->request->data['CustomerFilename'];

但仍然出现了错误。我猜测,表单字段没有被引用正确的,但我想我已经正确引用他们使用$this->request代码,但显然没有奏效。有没有人有任何想法?

来源

2012-05-12 mickburkejnr

回答

3

主要非蛋糕的问题:

  1. 滚动自己的文件名操纵操作,而不是使用pathinfo()
  2. 过滤由用户提供的文件名来确定上传的资格。永远不要相信用户发送的任何内容。使用服务器端MIME键入操作,例如fileinfo
  3. 假设上传成功并检查成功/失败之前对文件做服务器端操作。请务必首先检查['error']代码。码记录在这里:http://php.net/manual/en/features.file-upload.errors.php
  4. 使用上传后的文件大小的限制 - 这是更好地设置php.ini中的极限,那么这将允许前占用了你的带宽与只是要个字节的服务器中止上传稍后会被忽略。您可以使用['error']代码来确定上传是否因文件大小限制违规而中止。
  5. 允许用户指定目标文件名,完全没有安全检查,允许恶意用户可以在该文件名指定的路径,并允许他们在自己的服务器上的任何文件可能潦草。

来源

2012-05-12 23:01:58

0

页型号:

public function beforeSave() { 
    if (!empty($this->data['Page']['image']['name'])) { 

     $this->data['Page']['image'] = time() . '-Featured-' . $this->data['Page']['image']['name']; 
     $this->data['Page']['alias'] = $this->data['Page']['title']; 
     $this->data['Page']['publish'] = date("y.m.d, h:i:s"); 
     $this->data['Page']['update'] = date("y.m.d, h:i:s"); 
     $this->data['Page']['posttype'] = 'page'; 

     return true; 
    } else { 
     if($this->action == 'edit'){ 
      $this->data['Page']['image'] = $this->data['Page']['img']; 
      $this->data['Page']['alias'] = $this->data['Page']['title']; 
      $this->data['Page']['publish'] = date("y.m.d, h:i:s"); 
      $this->data['Page']['update'] = date("y.m.d, h:i:s"); 
      $this->data['Page']['posttype'] = 'page'; 
      return true; 
     } 
    } 

    return true; 
} 

public function fileExtension ($data) { 
    if($this->data['Page']['image']['type'] != 'image/jpeg'){ 
     $this->invalidate('image',''); 
     return false; 
    } 
    return true; 
}

页控制器:

public function add() { 

    if (!empty($this->request->data)) { 
     $menus = $this->Page->save($this->request->data); 
     if (!empty($menus)) { 
      move_uploaded_file($this->data['Page']['image']['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' . $this->data['Page']['image']['name']); 
      $filename = $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' . $this->data['Page']['image']['name']; 
      list($width,$height) = getimagesize($filename); 
      $percent = 20000/$width; 
      $newwidth = $width/100*$percent; 
      $newheight = $height/100*$percent; 
      $thumb = imagecreatetruecolor($newwidth, $newheight); 
      $source = imagecreatefromjpeg($filename); 
      imagecopyresampled($thumb, $source, 0, 0, 0, 0, $newwidth, $newheight, $width, $height); 
      imagejpeg($thumb, $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' . time() . '-Featured-' . $this->data['Page']['image']['name'],100); 
      $this->Session->setFlash('Səhifə əlavə olundu', 'default', array('class' => 'alert alert-success')); 
     } 
     $this->redirect(array('action'=>'add')); 
    } 
}

来源

2012-05-13 09:25:23

相关问题

 相关问题