Understanding The Upload Process
Here is some sample code for a submit_upload() method:
function submit_upload() {
$this->module("trongate_security");
$this->trongate_security->_make_sure_allowed();
if ($_FILES["my_file"]["name"] == "") {
redirect($_SERVER["HTTP_REFERER"]);
}
//PLEASE NOTE: max_size is in kilobytes
$validation_str = "allowed_types[gif,jpg,jpeg,png,zip]|max_size[2000]";
$this->validation_helper->set_rules("my_file", "file", $validation_str);
$result = $this->validation_helper->run();
if ($result == true) {
//upload the file
$config["destination"] = "../public/files";
$config["make_rand_name"] = false;
$file_info = $this->upload_file($config);
//set some flashdata
set_flashdata("Your file (".$file_info["file_name"].") was successfully uploaded");
//Job done! Send the user to another page...
$target_url = str_replace("/submit_upload", "/show", current_url());
redirect($target_url);
} else {
//validation error! Present the form again.
$this->upload();
}
The method first calls upon the trongate_security module to ensure that the user is logged in and has a user level of 'admin'.
$this->module("trongate_security");
$this->trongate_security->_make_sure_allowed();
The method then checks if the user has selected a file to upload by checking the $_FILES array. If no file is present, it redirects the user back to the previous page.
if ($_FILES["my_file"]["name"] == "") {
redirect($_SERVER["HTTP_REFERER"]);
}
Then, the method declares validation rules for the file, by setting the validation string for "allowed_types" which could be gif,jpg,jpeg,png,zip and "max_size" is 2000 kilobytes.
It uses the validation helper class to perform validation tests and passes; the form field name, form field label and validation string as arguments.
$validation_str = "allowed_types[gif,jpg,jpeg,png,zip]|max_size[2000]";
$this->validation_helper->set_rules("my_file", "file", $validation_str);
Please note that the allowed_types validation string should contain an array of allowed file types, inside square brackets, separated by commas.
If the validation passes, the method proceeds to upload the file. In doing so, it sets the destination directory to '../public/files' and makes the file name random using $config['make_rand_name'] = true;
//upload the file
$config["destination"] = "../public/files";
$config["make_rand_name"] = false;
$file_info = $this->upload_file($config);
It should be noted that the line of code below is optional:
$config["make_rand_name"] = false;
If $config['make_rand_name'] is set to false or not included in the method then the uploaded file will retain the original file name. On the other hand, if $config['make_rand_name'] is set to true, the uploaded file will be given a file name made of random alpha-numeric characters. Potentially dangerous or troublesome characters will be automatically removed from the file name, regardless of whether make_rand_name is set to true or false.
The file is uploaded using the 'upload_file' method, with the configuration passed to it.
If the file upload is successful, it sets a flashdata message and redirects the user to another page.
The upload_file method returns an array named, 'file_info'. The file_info array contains the following key / value pairs:
$file_size_in_kb = round($file_info["file_size"] / 1024, 2);
$file_size_in_mb = round($file_info["file_size"] / 1048576, 2);
$file_size_in_gb = round($file_info["file_size"] / 1073741824, 2);
The code below sets a flashdata message that indicates that the file was successfully uploaded. The name of the uploaded file is also displayed by referencing the file_name property that is within the returned file_info array:
//set some flashdata
set_flashdata("Your file (".$file_info["file_name"].") was successfully uploaded");
//Job done! Send the user to another page...
$target_url = str_replace("/submit_upload", "/show", current_url());
redirect($target_url);
If the validation does not pass, it calls the 'upload' method to present the upload form again.