PHP File Access

This lesson will teach you to...

• Understand and utilize superglobal variable arrays in PHP
• Send HTML form items to a php page
• Process/utilize form data on a PHP page
• Determine if a form item was sent with a value

The FILES Array

The $_FILES array is a superglobal array that is used in conjunction with the HTML input tag that has type=file. For a file upload to work, the form tag must have enctype='multipart/form-data' as an attribute and the method must be post. It is possible to upload files through AJAX, but it is more difficult. When the form is submitted, the files is uploaded to a temporary directory on the server. We use the $_FILES array to access information about the file. The $_FILES array uses the value of the name attribute to identify the file in question (like a post variable), and then adds a second key to determine the information about the file that is desired. The keys associated with the $_FILES array are as follows:

• name - the name of file as it was on client machine
• type - the MIME type if known
• size - the size of the file in bytes
• tmp_name the temporary namve given to the file by PHP
• error - an int value representing the error that occurred

So, to access the size of the file that was uploaded with name='currentNewsletter', the php code would be $_FILES['currentNewsletter']['size'];
The following are possible error messages that can result from an error in an uploaded file:

• UPLOAD_ERR_OK - no error occured
• UPLOAD_ERR_INI_SIZE(1) - exceeds max file size in php.ini
• UPLOAD_ERR_FORM_SIZE(2) - exceeds max value specified in form
• UPLOAD_ERR_PARTIAL (3)- upload cancelled an only part uploaded
• UPLOAD_ERR_NOFILE(4) - no file was uploaded

If you want to limit the size of the file that users are uploading, add an input in the form with type=hidden that looks as follows. The value below allows for a 1MB file or below to be uploaded. < input type='hidden' name='MAX_FILE_SIZE' value='1000000' / >

Once correctly uploaded, the file needs to be moved to a permanent location using the move_uploaded_file() method. Before moving the uploaded file, you should ensure that the file exsists using is_uploaded_file(). An example of this code is as follows: if(is_uploaded_file($_FILES['myfile']['tmp_name']) move_uploaded_file($_FILES['myfile']['tmp_name'], "path/to/dir/newname.ext");

Directories:

PHP also provides the ability to read/write/manipulate directories. Some of the functionality is described below:

• $dir=opendir($currentdir) - opens a directory and stores a reference in the handler
• readdir($dir) - reads a file name from the valid handler
• closedir($dir) - closes the directory
• dirname($path) - returns directory part of path
• basename($path) - returns filname part of path
• mkdir(name, [permissions]) - makes a directory of name with permissions, due to inconsitencies in PHP, it is better to create the file without the permissions and then use chmod to change the permissions mode
• rmdir($path) - deletes directory at path
• isdir() - determines if file is a directory
• is_executable() - determines if file is executable by php
• is_file() - determines if file is a file
• file_exists() - determines if file exists
• unlink($filename) - used to delete a file
• copy($src, $dest) - copies from source to destination
• chmod($filename, $mode) - changes permissions of filename to mode (octal)

File Permissions (from http://www.htmlite.com/php042.php)

When uploading/accessing files on the server, it is important to set the appropriate permissions. Each digit is a number value from 0 to 7. The value specifies what capabilities are available (or not). These numbers correspond to 3 command types. Read, write and execute.

• Read (r) has a value of 4. It allows listing files in the directory.
• Write (w) has a value of 2. It allows the addition of new files to the directory.
• Execute (x) has a value of 1. It allows access to the files in the directory.

Here are the possible combinations available using these command types :

Digit	rwx	Result
0	- - -	no access
1	- - x	execute
2	- w -	write
3	- w x	write and execute
4	r - -	read
5	r - x	read and execute
6	r w -	read and write
7	r w x	read, write and execute

The first number represents the host server. This will usually be set to 7 giving the host full permission on the files in the folder. The second number represents the group (YOU - the individual being hosted). And the third number represents the world (the visitors to the site). Normally, on free hosts, these two digits will be set to 4, allowing the reading (and displaying) of files. Thus, no executing capabilities.

1. Typical settings for files are 777, 755, 666 or 644.
2. Typical settings for directories are 777 or 755.
3. Cgi scripts 755, data files 666, and configuration files 644