无法在CakePHP 2中上传文件

时间:2012-05-12 22:12:56

标签: php file-upload cakephp-2.0

我正在尝试在CakePHP应用程序中加入上传功能。我之前为一个原始的PHP项目构建了一个,并决定重用该代码,因为我知道它的工作原理。代码如下:

    $allowed_filetypes = array('.jpg','.gif','.bmp','.png');
    $max_filesize = 1000000; // Maximum filesize in BYTES
    $upload_path = './files/';

    $filename = $_FILES['userfile']['name'];
    $desiredname = $_POST['desiredname'];
    $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);

    $savedfile = $desiredname.$ext;

    // Check if the filetype is allowed, if not DIE and inform the user.
    if(!in_array($ext,$allowed_filetypes))
        die('The file you attempted to upload is not allowed.');

    // Now check the filesize, if it is too large then DIE and inform the user.
    if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
        die('The file you attempted to upload is too large.');

    // Check if we can upload to the specified path, if not DIE and inform the user.
    if(!is_writable($upload_path))
        die('You cannot upload to the specified directory, please CHMOD it to 777.');

    // Upload the file to your specified path.
    if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $savedfile))
        echo 'Your file upload was successful, view the file <a href="' . $upload_path . $savedfile . '" title="Your File">here</a>'; // It worked.
    else
        echo 'There was an error during the file upload.  Please try again.'; // It failed :(.

我已将此代码放入我要上传的页面的Controller中。我已经使用CakePHP中的FormHelper来生成表单,如下所示:

    <?php 
        echo $this->Form->create('Customer', array(
            'class' => 'form-horizontal',
            'action' => 'add',
            'enctype' => 'multipart/form-data'
        ));

        echo $this->Form->input('filename', array(
            'type' => 'text',
            'label' => 'Filename',
            'class' => 'span5'
        ));
        echo $this->Form->input('file', array(
            'between' => '<br />',
            'type' => 'file'
        ));
        echo $this->Form->end('Save Changes', array(
            'label' => false,
            'type' => 'submit',
            'class' => 'btn btn-primary'
        ));

        echo $this->Form->end();
     ?>

我更改了旧代码中对字段的任何引用,以反映此项目中使用的表单的更改。但是,当我提交表单时,我收到以下错误:

  

注意(8):未定义的索引:CustomerFile   [APP \ Controller \ CustomersController.php,第148行]

     

注意(8):未定义的索引:CustomerFilename   [APP \ Controller \ CustomersController.php,第149行]

在控制器的代码中,我更改了表单字段(再次)以使用以下内容:

$filename = $this->request->data['CustomerFile']['name'];
$desiredname = $this->request->data['CustomerFilename'];

但错误仍然存​​在。我猜测表单字段没有被正确引用,但我认为我已经使用$this->request代码正确引用了它们,但显然它没有用。有没有人有任何想法?

2 个答案:

答案 0 :(得分:3)

主要的非蛋糕问题:

  1. 滚动您自己的文件名操作操作,而不是使用pathinfo()
  2. 按用户提供的文件名过滤以确定上传资格。不要相信用户发送的任何内容。使用服务器端MIME类型操作,例如fileinfo
  3. 假设上传成功并在检查成功/失败之前对该文件执行服务器端操作。请务必首先检查['error']代码。代码记录在此处:http://php.net/manual/en/features.file-upload.errors.php
  4. 使用上传后文件大小限制 - 最好在php.ini中设置限制,然后允许服务器在将带宽与简单的字节相关联之前中止上传后来忽略了。您可以使用['error']代码确定上传是否因文件大小限制违规而中止。
  5. 允许用户指定目标文件名,绝对不进行安全检查,允许恶意用户指定该文件名中的路径,并允许他们在您服务器上的任何文件上乱写。

答案 1 :(得分:0)

  

页面模型:

    public function beforeSave() {
    if (!empty($this->data['Page']['image']['name'])) {

        $this->data['Page']['image'] = time() . '-Featured-' . $this->data['Page']['image']['name'];
        $this->data['Page']['alias'] = $this->data['Page']['title'];
        $this->data['Page']['publish'] = date("y.m.d, h:i:s");
        $this->data['Page']['update'] = date("y.m.d, h:i:s");
        $this->data['Page']['posttype'] = 'page';

        return true;
    } else {
        if($this->action == 'edit'){
            $this->data['Page']['image'] = $this->data['Page']['img'];
            $this->data['Page']['alias'] = $this->data['Page']['title'];
            $this->data['Page']['publish'] = date("y.m.d, h:i:s");
            $this->data['Page']['update'] = date("y.m.d, h:i:s");
            $this->data['Page']['posttype'] = 'page';
            return true;
        }
    }

    return true;
}

public function fileExtension ($data) {
    if($this->data['Page']['image']['type'] != 'image/jpeg'){
        $this->invalidate('image','');
        return false;
    }
    return true;
}
  

页面控制器:

    public function add() {

    if (!empty($this->request->data)) {
        $menus = $this->Page->save($this->request->data);
        if (!empty($menus)) {
            move_uploaded_file($this->data['Page']['image']['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' . $this->data['Page']['image']['name']);
            $filename = $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' . $this->data['Page']['image']['name'];
            list($width,$height) = getimagesize($filename);
            $percent = 20000/$width;
            $newwidth = $width/100*$percent;
            $newheight = $height/100*$percent;
            $thumb = imagecreatetruecolor($newwidth, $newheight);
            $source = imagecreatefromjpeg($filename);
            imagecopyresampled($thumb, $source, 0, 0, 0, 0, $newwidth, $newheight, $width, $height);
            imagejpeg($thumb, $_SERVER['DOCUMENT_ROOT'] . '/app/webroot/img/test/' .  time() . '-Featured-' . $this->data['Page']['image']['name'],100);
            $this->Session->setFlash('Səhifə əlavə olundu', 'default', array('class' => 'alert alert-success'));
        }
        $this->redirect(array('action'=>'add'));
    }
}
相关问题
最新问题