16 Interacting with the File System and the Server IN CHAPTER 2,“STORING AND RETRIEVING DATA,” we saw how to read data from and write data to files on the Web server. In this chapter, we will cover other PHP functions that enable us to interact with the file system on the Web server. We will discuss n Uploading files with PHP n Using directory functions n Interacting with files on the server n Executing programs on the server n Using server environment variables In order to discuss the uses of these functions, we will look at an example. Consider a situation in which you would like your client to be able to update some of a Web site’s content—for instance, the current news about their company. (Or maybe you want a friendlier interface than FTP for yourself.) One approach to this is to let the client upload the content files as plain text.These files will then be available on the site, through a template you have designed with PHP, as we did in Chapter 6, “Object- Oriented PHP.” Before we dive into the file system functions, let’s briefly look at how file upload works. Introduction to File Upload One very useful piece of PHP functionality is support for HTTP upload. Instead of files coming from the server to the browser using HTTP, they go in the opposite direction, that is, from the browser to the server. Usually you implement this with an HTML form interface.The one we’ll use in our example is shown in Figure 16.1. 21 525x ch16 1/24/03 3:41 PM Page 337 338 Chapter 16 Interacting with the File System and the Server Figure 16.1 The HTML form we use for file upload has different fields and field types from those of a normal HTML form. As you can see, the form has a box where the user can enter a filename, or click the Browse button to browse files available to him locally.You might not have seen a file upload form before.We’ll look at how to implement this in a moment. After a filename has been entered, the user can click Send File, and the file will be uploaded to the server, where a PHP script is waiting for it. HTML for File Upload In order to implement file upload, we need to use some HTML syntax that exists spe- cially for this purpose.The HTML for this form is shown in Listing 16.1. Listing 16.1 upload.html—HTML Form for File Upload <html> <head> <title>Administration - upload new files</title> </head> <body> <h1>Upload new news files</h1> <form enctype="multipart/form-data" action="upload.php" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="1000000"> Upload this file: <input name="userfile" type="file"> <input type="submit" value="Send File"> </form> </body> </html> Note that this form uses POST. File uploads will also work with the PUT method sup- ported by Netscape Composer and Amaya.They will not work with GET. The extra features in this form are n In the <form> tag, you must set the attribute enctype="multipart/ form-data" to let the server know that a file is coming along with the regular form information. 21 525x ch16 1/24/03 3:41 PM Page 338 339 Introduction to File Upload n You must have a form field that sets the maximum size file that can be uploaded. This is a hidden field, and is shown here as <input type="hidden" name="MAX_FILE_SIZE" value="1000000"> The name of this form field must be MAX_FILE_SIZE.The value is the maximum size (in bytes) of files you will allow people to upload. At the moment we have set this to 1000000 bytes (roughly one megabyte).You may like to make it bigger or smaller for your application. n You need an input of type file, shown here as <input name="userfile" type="file"> You can choose whatever name you like for the file, but keep it in mind as you will use this name to access your file from the receiving PHP script. A Note on Security Before we go any further, it’s worth noting that some versions of PHP have had security vulnerabilities in the file upload code. If you decide to use file upload on your produc- tion server, you should make sure you are using the most up to date version of PHP and keep your eyes open for patches. This shouldn’t deter you from using such a useful technology, but you should be care- ful about how you write your code, and consider restricting access to file upload to, for example, site administrators and content managers. Writing the PHP to Deal with the File Writing the PHP to catch the file is pretty straightforward. When the file is uploaded, it will go into a temporary location on the Web server. This is the Web server’s default temporary directory. If you do not move or rename the file before your script finishes execution, it will be deleted. Given that your HTML form has a field in it called userfile,you will end up with five variables being passed to PHP.There are several ways you can access these variables. You can use the superglobal array $_FILES,available from PHP 4.1.0.This is the recom- mended method. You can also access the variables through the $HTTP_POST_FILES array, or, if you have register_globals turned on you can access them directly. However, this is probably the area in which is most important to have register_globals turned off, so we recommend accessing the variables as follows: n The value stored in $_FILE['userfile']['tmp_name'] or $HTTP_POST_FILES['userfile']['tmp_name'] is where the file has been tem- porarily stored on the Web server. n The value stored in $_FILE['userfile']['name'] or $HTTP_POST_FILES['user- file']['name'] is the file’s name on the user’s system. 21 525x ch16 1/24/03 3:41 PM Page 339 340 Chapter 16 Interacting with the File System and the Server n The value stored in $_FILE['userfile']['size'] or $HTTP_POST_FILES['user- file']['size'] is the size of the file in bytes. n The value stored in $_FILE['userfile']['type'] or $HTTP_POST_FILES['userfile'] ['type'] is the MIME type of the file, for example, text/plain or image/gif. n The value stored in $_FILE['userfile']['error'] or $HTTP_POST_FILES['userfile'] ['error'] will give you any error codes associ- ated with the file upload. This was added at PHP 4.2.0. In the examples in this chapter we will use $HTTP_POST_FILES for backward compatibil- ity but please be aware that if you plan to use file upload on your Web server you should use the most up to date version of PHP. (See “A Note On Security,” above, for more information.) Given that you know where the file is and what it’s called, you can now copy it to somewhere useful. At the end of your script’s execution, the temporary file will be delet- ed. Hence, you must move or rename the file if you want to keep it. In our example, we’re going to use the uploaded files as recent news articles, so we’ll strip out any tags that might be in them, and move them to a more useful directory. A script that does this is shown in Listing 16.2. Listing 16.2 upload.php—PHP to Catch the Files from the HTML Form <html> <head> <title>Uploading </title> </head> <body> <h1>Uploading file </h1> <?php // $userfile is where file went on webserver $userfile = $HTTP_POST_FILES['userfile']['tmp_name']; // $userfile_name is original file name $userfile_name = $HTTP_POST_FILES['userfile']['name']; // $userfile_size is size in bytes $userfile_size = $HTTP_POST_FILES['userfile']['size']; // $userfile_type is mime type e.g. image/gif $userfile_type = $HTTP_POST_FILES['userfile']['type']; // $userfile_error is any error encountered $userfile_error = $HTTP_POST_FILES['userfile']['error']; 21 525x ch16 1/24/03 3:41 PM Page 340 341 Introduction to File Upload // userfile_error was introduced at PHP 4.2.0 // use this code with newer versions if ($userfile_error > 0) { echo 'Problem: '; switch ($userfile_error) { case 1: echo 'File exceeded upload_max_filesize'; break; case 2: echo 'File exceeded max_file_size'; break; case 3: echo 'File only partially uploaded'; break; case 4: echo 'No file uploaded'; break; } exit; } // end of code for 4.2.0 // prior to 4.2.0 use manual error checking as below /* if ($userfile=='none') { echo 'Problem: no file uploaded'; exit; } if ($userfile_size==0) { echo 'Problem: uploaded file is zero length'; exit; } */ // end older version error checking // one more check: does the file have the right MIME type? if ($userfile_type != 'text/plain') { echo 'Problem: file is not plain text'; exit; } // put the file where we'd like it $upfile = '/uploads/'.$userfile_name; // is_uploaded_file and move_uploaded_file added at version 4.0.3 if (is_uploaded_file($userfile)) { Listing 16.2 Continued 21 525x ch16 1/24/03 3:41 PM Page 341 . File System and the Server IN CHAPTER 2,“STORING AND RETRIEVING DATA,” we saw how to read data from and write data to files on the Web server. In this chapter, we will cover other PHP functions that. you should be care- ful about how you write your code, and consider restricting access to file upload to, for example, site administrators and content managers. Writing the PHP to Deal with the. File, and the file will be uploaded to the server, where a PHP script is waiting for it. HTML for File Upload In order to implement file upload, we need to use some HTML syntax that exists spe- cially