PHP Only allow user to submit a file less than php ini upload max

Question

On my website, i allow users to submit a profile picture and i check if the picture is "png or jpeg" and also i check if the file is less than "2 mb" and if it is, i display an error message. But when the file is less than the php ini upload max, it display the message but when it is greater i get a lot of php errors that is not what i wanted to display. How do i remove the errors and display my generated message to the user. I found a post but the post was how to read the errors. I only get those errors when the submitted file is greater than 200mb or the php ini upload max. When its lower, it goes fine. Here is my code and error messages

Error Messages

PHP

 10));
        $file_name = addslashes(trim($_FILES['file']['name']));
        $file_tmp = addslashes(trim($_FILES['file']['tmp_name']));

        try{

        // new php data object 
        $handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
        //ATTR_ERRMODE set to exception
        $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        }catch(PDOException $e){
             die("There was an error connecting to the database");   

        }


        $stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id = ?");
        $stmtChecker->execute(array($userid));
        if(!$stmtChecker->fetch()){

            setcookie("username", "", time() - 60*60);
            $_COOKIE['username'] = "";
            header("Location: developerLogin.php");
            exit;
        }


        if(!empty($fullname)){

            $stmtFullname = $handler->prepare("UPDATE generalusersdata SET fullname = ? WHERE user_id = ?");
            $stmtFullname->execute(array($fullname, $userid));
        }

        if(!empty($username)){

            $stmtCheckerUsername = $handler->prepare("SELECT * FROM generalusersdata WHERE username = ?");
            $stmtCheckerUsername->execute($username);
            if($resultCheckerUsername = $stmtCheckerUsername->fetch()){

                die("Username Already in use! Please try again");
            }

            $stmtUsername = $handler->prepare("UPDATE generalusersdata SET username = ? WHERE user_id = ?");
            $stmtUsername->execute(array($username, $userid));

        }

        if(!empty($email)){

            if(filter_var($email, FILTER_VALIDATE_EMAIL) == false){

            die ("Email is Not Valid!");
        }

            $stmtCheckerEmail = $handler->prepare("SELECT * FROM generalusersdata WHERE email = ?");
            $stmtCheckerEmail->execute($email);
            if($resultCheckerEmail = $stmtCheckerEmail->fetch()){

                die("Email Already in use! Please try again");
            }

            $stmtEmail = $handler->prepare("UPDATE generalusersdata SET email = ? WHERE user_id = ?");
            $stmtEmail->execute(array($email, $userid));

        }

        if(!empty($password)){

            if(strlen($password) < 6){

            die ("Password has to be GREATER than 6 characters!");

        }

            //Check if password has atleast ONE Uppercase, One Lowercase and a number
            if(!preg_match("(^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).+$)",$password)){

                    echo 'Password needs to be at least ONE uppercase, ONE lowercase, and a number!';
                    exit;
                }

            $stmtPassword = $handler->prepare("UPDATE generalusersdata SET password = ? WHERE user_id = ?");
            $stmtPassword->execute(array($storePassword, $userid));


        }

        if($_FILES['file']['error'] == UPLOAD_ERR_OK){


            $allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG);
            $detectedType = exif_imagetype($_FILES['file']['tmp_name']);
            if($extensionCheck = !in_array($detectedType, $allowedTypes) || $_FILES['file']['size'] < 2000){

                die("Failed to upload image; the format is not supported");
            }

             $dir = "userprofilepicture";

             if(is_dir($dir)==false){

                 mkdir($dir, 0700);
             }


            move_uploaded_file($file_tmp,$dir.'/'.$file_name);

            $stmtPassword = $handler->prepare("UPDATE generalusersdata SET profile_image = ? WHERE user_id = ?");
            $stmtPassword->execute(array($file_name, $userid));

        }

        echo "ok";

    }



}else{

    header("Location: developerLogin.php");
    exit;
}





?>

victor · Accepted Answer

I think this will help you find your answer.

How to gracefully handle files that exceed PHP's `post_max_size`?

"If the size of post data is greater than post_max_size, the $_POST and $_FILES superglobals are empty. This can be tracked in various ways, e.g. by passing the $_GET variable to the script processing the data, i.e. , and then checking if $_GET['processed'] is set."

put this at beginning of your script after you start the session.

    if(empty($_FILES) && empty($_POST) && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ //catch file overload error...
        $postMax = ini_get('post_max_size'); //grab the size limits...
        echo "
Please note files larger than {$postMax} will result in this error!
Please be advised this is not a limitation in the CMS, This is a limitation of the hosting server.
For various reasons they limit the max size of uploaded files, if you have access to the php ini file you can fix this by changing the post_max_size setting.
 If you can't then please ask your host to increase the size limits, or use the FTP uploaded form"; // echo out error and solutions...
        return $postMax
    }

PHP Only allow user to submit a file less than php ini upload max

Answers (2)

Related Questions