You can make a form upload a file, but you have to “catch” that upload on the server side. FTG (which I haven’t heard mentioned in many years) used to have a feature where an uploaded file would go to an e-mail to the administrator as an attachment., along with the text of the rest of the form fields But it sounds like you want that uploaded file to be something that would then subsequently be linked to from the restaurant’s site, without you needing to upload it or alter anything.
There’s a few problems with this that you’ll need to solve. First, unless this is a single site for one restaurant, and the one and only admin account that can log into the administrative page can only upload the one PDF file, you’re going to have to have some sort of way to tell which restaurant should be updated.
Second, this is an excellent way for the non-technical owner of the restaurant to break their site.
Third, that had better be a great password, and you had better have SSL and at least Digest passwords, if not actual encrypted passarg8bwords in front of this page. Uploading a file to a publicly accessible part of your Web server is a recipe for instant disaster, and if you’re on a shared server, a Very Bad Time for thousands of other users. Don’t do this without a sincere and serious understanding of the security ramifications.
In PHP, you access the uploaded files part of a form upload through the $_FILES array part of the request. The key to this multi-dimensional array that you need in order to access the specific file uploaded by your form is the name of the form element you used to upload the file. So imagine that your form contains a single input (and a submit button) like this: <input type="file" name="menu"> and the form is set to upload to a handler that contains this code:
<?php
define('FILES_BASE',dirname(__FILE__) . '/_files');
$message = '';
if(isset($_FILES['menu']['name']) && !empty($_FILES['menu']['name'])){
$basename = safe_name(basename($_FILES['menu']['name']));
$ext = strtolower(substr($uploadfile,strrpos($basename,'.') + 1));
$tmpdir = uniqid( 'file_' );
$file_destination_dir = FILES_BASE . '/' . $tmpdir;
$uploadfile = $file_destination_dir . '/' . $basename;
if(in_array($ext,array('pdf', 'txt'))){
mkdir($file_destination_dir);
chmod($file_destination_dir,0775);
if (move_uploaded_file($_FILES['menu']['tmp_name'], $uploadfile)) {
chmod($uploadfile,0664);
$message = 'File uploaded successfully: ' . $uploadfile;
}else{
$message = 'File could not be saved';
}
}else{
$message = 'File format is incorrect';
}
print $message;
exit;
}
/**
* Converts a user-input filename into a URL-safe name.
*
* @param string $strFileName Input filename
* @return string With all pathname unfriendly stuff removed
* @author Walter Lee Davis
*/
function safe_name($strFileName){
$unsafe = "[^a-zA-Z0-9-_\.]";
$strFileName = str_replace(' ', '_',$strFileName);
$file_out = preg_replace($unsafe,'_',$strFileName);
return preg_replace('/_+/',"_",$file_out);
}
?>
When you upload to this handler, the file is going to be moved to a location you define (through the FILES_BASE constant), checked to ensure it is a PDF, and renamed to a URL-safe value. If all goes well, the absolute path to that file on your server will print on the screen. Now in your case, you may want to force the file to be renamed to Menu.pdf and saved in the Resources folder. I leave that as an exercise for the student. Remember, though, that this is only an “Admin-safe” script. It has none of the additional checks that would, for example, ensure that the file uploaded was actually a PDF, not a zip file renamed to end in PDF, which is then the sharp end of a segmented attack. This code is only safe to deploy to a trusted user.
Walter
On Oct 3, 2019, at 1:58 PM, Richard Cacciato email@hidden wrote:
I’m looking to create a form that will allow a restaurant client to upload their current menu PDF to their website. I would put this form on a password-protected page so the client could log in and upload the menu PDF. I went to look for FormsToGo on the Bebosoft website but the site seems dead (no content comes up, only white page). Any suggestions where I can get that action, or suggestions for an alternate way to do this?
Thanks in advance.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options
freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options