tags:

views:

46

answers:

3
+3  Q: 

Is there a way to run some script before the upload starts in php?

Can you run some script before the uploading of a file starts in php? Example, I'm POSTing to upload.php, and in that file I want to check their $_SESSION first before I start wasting bandwidth on them and the file stats uploading to my server. I'm using php 5.2.11 on nginx.

<?php
  if ($_SESSION['admin'] == 'YES') {
    // do upload here
  } else {
    exit;
  }
?>
+2  A: 

No. The request doesn't get to the PHP engine until after the file has been uploaded.

Ignacio Vazquez-Abrams  2010-03-24 21:45:05
The fundamental reason for this is that the upload is just big chunk of encoded data in the body section of the request. In PHP level, you cannot prevent a client making POST request to arbitrary location with data in the body. In server level it's technically possible (close the connection if no valid session id found in headers), but I think no web server can be configured at this level unless you write a custom module etc. In nginx you can set _client_max_body_size_ limit, but that's about it.
jholster  2010-03-24 22:41:13
+1  A: 

No, because the upload is part of the request and is done before PHP even comes into play.

There may be a way around this using the technique of those PHP-/Perl-based uploaders that somehow hook into the uploading process, but then, there also may not. Especially when you're using a different web server.

I would do a quick Ajax-based check for the right session, and bind that to the submit event of the form you are uploading the file with. It may take half a second, but is completely unobtrusive for the user.

Pekka  2010-03-24 21:45:12
why just not to show an upload form to unauthorized user?
Col. Shrapnel  2010-03-24 21:48:53
@COl. Shrapnel I assume he wants to make sure the session hasn't expired.
Pekka  2010-03-24 21:58:48
A: 

You could make an ajax call on the page the form is submitted to check their session state before allowing the form to submit.

Jud Stephenson  2010-03-24 21:45:26
that's not an answer. Ajax cannot be used as it's just the same as regular form and can be easily avoided
Col. Shrapnel  2010-03-24 21:47:25
+1 - it's the nearest thing to a valid solution for the question asked, although you'd be a bit daft to use an asynchronous call from the onsubmit method.
symcbean  2010-03-24 21:50:42
I think the Col. can't read.
Jud Stephenson  2010-03-24 21:58:24
I can think. That's much better
Col. Shrapnel  2010-03-24 22:01:16
To avoid unnecessary argument:You cannot, using only php, check a session variable *before* a file is uploaded. The only possible way to do what the OP is asking is to bind an ajax request to the onSubmit.90% of users are not going to modify the form to get around the ajax call. If they do, their session is checking in upload.php. Just saying.
Jud Stephenson  2010-03-24 22:09:07

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases