PHP File Upload

If I want to change my filename before it goes to the server for its permanent location, not its temporary Location how could I do this.

The code is as followed:

<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>


<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>

Solution 1:

I'm not sure if I understand what you mean. If you just want to rename the file when storing it in the "upload" directory, do so when using move_uploaded_file():

$destination = "upload/" . $new_filename;
if (file_exists($destination)) {
    echo 'File ', $destination, ' already exists!';
} else {
    move_uploaded_file($temp_filename, $destination);
}

You could also let the user define $new_filename by providing an additional "rename" text field in your HTML form.


EDIT: Code could be something like that:

Form:

<form action="upload_file.php" method="post"
    enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />

<!-- NEW TEXTBOX -->
<label for="newname">Rename to (optional):</label>
<input type="text" name="newname" id="newname" /> 
<br />

<input type="submit" name="submit" value="Submit" />
</form>

PHP:

$upload_dir = realpath('upload') . DIRECTORY_SEPARATOR;
$file_info = $_FILES['file'];

// Check if the user requested to rename the uploaded file
if (!empty($_POST['newname'])) {
    $new_filename = $_POST['newname'];
} else {
    $new_filename = $file_info['name'];
}

// Make sure that the file name is valid.
if (strpos($new_filename, '/') !== false || strpos($new_filename, '\\') !== false) {
    // We *have* to make sure that the user cannot save the file outside
    // of $upload_dir, so we don't allow slashes.
    // ATTENTION: You should do more serious checks here!
    die("Invalid filename");
}

$destination = $upload_dir . $new_filename;
// ... if (file_exists(... move_uploaded_file(...

Solution 2:

you do it in the move_uploaded_file function

move_uploaded_file($temporary_file, "path/to/destination/and/new_file_name.gif");

right now, you're just moving it to the destination with it's current name.

Solution 3:

 public static function uploadFile($filepath="upload",$uniq=0){
   global $_FILES;
   try {
        // Undefined | Multiple Files | $_FILES Corruption Attack
        // If this request falls under any of them, treat it invalid.
        if (
            !isset($_FILES['uploaded_file']['error']) ||
            is_array($_FILES['uploaded_file']['error'])
        ) {
            $result["status"]="fail";$result["errors"]=('Invalid parameters.');return $result;
        }


        // Check $_FILES['uploaded_file']['error'] value.
        switch ($_FILES['uploaded_file']['error']) {
            case UPLOAD_ERR_OK:
                break;
            case UPLOAD_ERR_NO_FILE:
                $result["status"]="fail";$result["errors"]=('No file sent.');return $result;
            case UPLOAD_ERR_INI_SIZE:
            case UPLOAD_ERR_FORM_SIZE:
                $result["status"]="fail";$result["errors"]=('Exceeded filesize limit.');return $result;
            default:
                $result["status"]="fail";$result["errors"]=('Unknown errors.');return $result;
        }

        // You should also check filesize here. 
        if ($_FILES['uploaded_file']['size'] > 1000000) {
            $result["status"]="fail";$result["errors"]=('Exceeded filesize limit.');return $result;
        }

        // DO NOT TRUST $_FILES['uploaded_file']['mime'] VALUE !!
        // Check MIME Type by yourself.
        $finfo = new finfo(FILEINFO_MIME_TYPE);
        if (false === $ext = array_search(
            $finfo->file($_FILES['uploaded_file']['tmp_name']),
            array(
                'jpg' => 'image/jpeg',
                'png' => 'image/png',
                'gif' => 'image/gif',
            ),
            true
        )) {
            $result["status"]="fail";$result["errors"]=('Invalid file format.');return $result;
        }
        if($uniq==0){
            $temp=$filepath;
        }
        else{
            $temp=$filepath."/".uniqid()."_".$_FILES['uploaded_file']['name'];
        }
        if(@copy($_FILES['uploaded_file']['tmp_name'], $temp)) {
            return $result["status"]="success";
        } 
        $result["status"]="fail";$result["errors"]=('Unknown errors.');return $result;

    } catch (Exception $e) {

            $result["status"]="fail";$result["errors"]= $e->getMessage();return $result;

    }
}