FreewayTalk

8 replies to this thread. Most Recent

Leslie

29 May 2012, 7:43 pm

[Pro] Allowing Uploads to a page

Hi, I would like to create a special page on my website for a promotion that will allow users to upload photos. I want to have an unlimited number of photos uploaded and allow them to have a description and I will use “add this” to give people the chance to “vote” via pinning, liking and tweeting their favorites.

The first question is how to allow photo uploads to a page on the site and the second is how to give them a place for their entry info (email and description of the photo). And third, is there a way to automatically have the “add this” code on each upload like I do for each coupon page?

waltd

29 May 2012, 7:54 pm

On May 29, 2012, at 3:43 PM, Leslie wrote:

Hi, I would like to create a special page on my website for a promotion that will allow users to upload photos. I want to have an unlimited number of photos uploaded and allow them to have a description and I will use “add this” to give people the chance to “vote” via pinning, liking and tweeting their favorites.

The first question is how to allow photo uploads to a page on the site and the second is how to give them a place for their entry info (email and description of the photo). And third, is there a way to automatically have the “add this” code on each upload like I do for each coupon page?

You can use FormsToGo to create a file upload script, although I don’t know if it also allows you to post those images immediately back to the Web page. It will definitely e-mail them to you. But your idea for using the AddThis Action code to register votes will definitely not work. The AddThis Action creates an iframe in your page, and the code that runs inside it loads from the AddThis server, not from your server. You have no access to it whatsoever.

If you want all of this to be integrated into your page, then you’re going to have to dip into the programming end of the pool, or hire someone to do that for you. Have you done anything like that before?

Walter

Freeway user since 1997

http://www.walterdavisstudio.com

David Owen

29 May 2012, 7:55 pm

It does sound like you want http://pinterest.com/

David

On 29 May 2012, at 20:43, “Leslie” <[email protected]> wrote:

Hi, I would like to create a special page on my website for a promotion that will allow users to upload photos. I want to have an unlimited number of photos uploaded and allow them to have a description and I will use “add this” to give people the chance to “vote” via pinning, liking and tweeting their favorites.

The first question is how to allow photo uploads to a page on the site and the second is how to give them a place for their entry info (email and description of the photo). And third, is there a way to automatically have the “add this” code on each upload like I do for each coupon page?

www.ineedwebhosting.co.uk

Freeway Friendly Web Hosting, Domain Names, VPS and Dedicated Servers. (Create an account it’s Free!)


PrintlineAdvertising.co.uk

Print Design, Digital and Litho Printers, Promotional Merchandise and Corporate Gifts.

Leslie

29 May 2012, 7:58 pm

No, I want to have their friends pin, etc. from my site. If they pin things that only gets others to my Pinterest page but I am doing this to get traffic to the actual website.

DeltaDave

29 May 2012, 8:35 pm

I want to have an unlimited number of photos uploaded

You also have to bear in mind the security implications of this and ensure that there are limitations to file type and file size.

The last thing you want is a malicious file upload or to be swamped by huge uploads - either of which could bring your site (and others) down.

It is an area where you must tread with caution.

David

Glasgow, Scotland

iMac 27 5K El Cap and Pro Final

Leslie

29 May 2012, 8:49 pm

Hmm Ok good point. I think I might try just having a form then handling the placement myself onto the page. That way, I can control it better.

Richard Cacciato

3 Oct 2019, 5:58 pm

I’m looking to create a form that will allow a restaurant client to upload their current menu PDF to their website. I would put this form on a password-protected page so the client could log in and upload the menu PDF. I went to look for FormsToGo on the Bebosoft website but the site seems dead (no content comes up, only white page). Any suggestions where I can get that action, or suggestions for an alternate way to do this?

Thanks in advance.

waltd

3 Oct 2019, 6:56 pm

You can make a form upload a file, but you have to “catch” that upload on the server side. FTG (which I haven’t heard mentioned in many years) used to have a feature where an uploaded file would go to an e-mail to the administrator as an attachment., along with the text of the rest of the form fields But it sounds like you want that uploaded file to be something that would then subsequently be linked to from the restaurant’s site, without you needing to upload it or alter anything.

There’s a few problems with this that you’ll need to solve. First, unless this is a single site for one restaurant, and the one and only admin account that can log into the administrative page can only upload the one PDF file, you’re going to have to have some sort of way to tell which restaurant should be updated.

Second, this is an excellent way for the non-technical owner of the restaurant to break their site.

Third, that had better be a great password, and you had better have SSL and at least Digest passwords, if not actual encrypted passarg8bwords in front of this page. Uploading a file to a publicly accessible part of your Web server is a recipe for instant disaster, and if you’re on a shared server, a Very Bad Time for thousands of other users. Don’t do this without a sincere and serious understanding of the security ramifications.

In PHP, you access the uploaded files part of a form upload through the $_FILES array part of the request. The key to this multi-dimensional array that you need in order to access the specific file uploaded by your form is the name of the form element you used to upload the file. So imagine that your form contains a single input (and a submit button) like this: <input type="file" name="menu"> and the form is set to upload to a handler that contains this code:

<?php
define('FILES_BASE',dirname(__FILE__) . '/_files');

$message = '';
if(isset($_FILES['menu']['name']) && !empty($_FILES['menu']['name'])){
  $basename = safe_name(basename($_FILES['menu']['name']));
  $ext = strtolower(substr($uploadfile,strrpos($basename,'.') + 1));
  $tmpdir = uniqid( 'file_' );
  $file_destination_dir = FILES_BASE . '/' . $tmpdir;
  $uploadfile = $file_destination_dir . '/' . $basename;
  if(in_array($ext,array('pdf', 'txt'))){
    mkdir($file_destination_dir);
    chmod($file_destination_dir,0775);
    if (move_uploaded_file($_FILES['menu']['tmp_name'], $uploadfile)) {
      chmod($uploadfile,0664);
      $message = 'File uploaded successfully: ' . $uploadfile;
    }else{
      $message = 'File could not be saved';
    }
  }else{
    $message = 'File format is incorrect';
  }
  print $message;
  exit;
}


/**
* Converts a user-input filename into a URL-safe name.
*
* @param string $strFileName Input filename
* @return string With all pathname unfriendly stuff removed
* @author Walter Lee Davis
*/

function safe_name($strFileName){
  $unsafe = "[^a-zA-Z0-9-_\.]";
  $strFileName = str_replace(' ', '_',$strFileName);
  $file_out = preg_replace($unsafe,'_',$strFileName);
  return preg_replace('/_+/',"_",$file_out);
}

?>

When you upload to this handler, the file is going to be moved to a location you define (through the FILES_BASE constant), checked to ensure it is a PDF, and renamed to a URL-safe value. If all goes well, the absolute path to that file on your server will print on the screen. Now in your case, you may want to force the file to be renamed to Menu.pdf and saved in the Resources folder. I leave that as an exercise for the student. Remember, though, that this is only an “Admin-safe” script. It has none of the additional checks that would, for example, ensure that the file uploaded was actually a PDF, not a zip file renamed to end in PDF, which is then the sharp end of a segmented attack. This code is only safe to deploy to a trusted user.

Walter

On Oct 3, 2019, at 1:58 PM, Richard Cacciato <[email protected]> wrote:

I’m looking to create a form that will allow a restaurant client to upload their current menu PDF to their website. I would put this form on a password-protected page so the client could log in and upload the menu PDF. I went to look for FormsToGo on the Bebosoft website but the site seems dead (no content comes up, only white page). Any suggestions where I can get that action, or suggestions for an alternate way to do this?

Thanks in advance.

Freeway user since 1997

http://www.walterdavisstudio.com

Back to Top

Richard Cacciato

4 Oct 2019, 1:15 pm

Thanks, Walter. It is a single site for one restaurant, and the admin account that can log into the administrative page can only upload the one PDF file. I’ll try your suggestion and report back. Thanks.