Limit Photo Size on Upload

[Sivakatirswami]

I don't think we can include

<?php

#whatever code

?>

on a *.irev page....

at least not yet.

But bottom line is: you are measuring input data *after* the user hits 
"submit"

I may as well just measure the $_POST_RAW  value before processing it.

If some deranged person tries to upload a 100MB file, he will just be 
waiting forever. I don't think our server will care a whit about it. 
Once it's uploaded, the irev page will simply drop I could be sure by 
doing a "put empty" into the $_POST_RAW... I suppose there could be a 
RAM issue on the web server, but a linux machine, I believe will start 
using Virtual memory and nothing bad will happen (I hope)

Perhaps the iRev engine has some hidden "agent" that can return a value 
for the amt of data that's been read "so far" before the complete post 
is received? If so, we could poll that and terminate, like the PHP thing 
does.

skts




Jim Ault wrote:
> You should be able to specify the max file size in the <form> before 
> the image is posted.
>
> And this link is a PHP solution that handles several errors and user 
> feedback
> -- lots of notes on each line so that you know what is going on
> --    remember the PHP engine is running on the web host
> --    there is a multi-image file upload version at the bottom of this 
> page
>
>     http://webdeveloper.com/forum/showthread.php?t=101466
>
> Note the line in the html body
>
>             <input type="hidden" name="MAX_FILE_SIZE" value="<?php 
> echo $max_file_size ?>">
>
> thus a hidden value is sent to the server to limit the number of 
> characters it will accept when the server creates the variable and 
> loads the image data.  The result of trying to upload a very large 
> image is that only part of it will be stored in a 'tmp_name' array 
> variable in web server RAM,
>
> // now let's move the file to its final location and allocate the new 
> filename to it
> @move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
>     or error('receiving directory insuffiecient permission', 
> $uploadForm);
>
> and the user notified -- the PHP code directs the user to the page 
> that outputs the error messages.
>
> // The following function is an error handler which is used
> // to output an HTML error page if the file upload fails
> function error($error, $location, $seconds = 5)
>
> At the top of the web page source is where the value of the PHP 
> variable is set by:
>
> // set a max file size for the html upload form
> $max_file_size = 30000; // size in bytes
>
> When you are ready, you can use the download link to get the
>      upload.zip or the multifileupload.zip from the author.
>
> I would prefer a PHP solution to a javascript one, but that is my 
> preference
>
> Jim Ault
> Las Vegas
>
> On Nov 6, 2009, at 11:46 AM, Sivakatirswami wrote:
>
>> Jim Ault wrote:
>>
>>> One solution is use form validation in the browser before sending.
>>> Here is a link to the Apple developer site showing a javascript 
>>> example.
>>>      http://developer.apple.com/internet/webcontent/validation.html
>>> Also, try Googling "html form validation" for hundreds of sites with 
>>> info.
>>> If a Rev plugin is present, you could use Rev to check the size
>>
>> Though I try to stay away from JS as much as i can, looks very 
>> useful. Only thing is: I don't see a function there to check file 
>> size, and further research indicates that JS security constraints bar 
>> JS from reading the file size and one can only do this with an 
>> ActiveX thing in  I.E.
>>
>> So, it's back to a server side input data check...or
>>
>> I'll be patient and wait until next week and implement as a revlet 
>> and then it will be easy. This will also constrain input from only 
>> those who trust us, which is an excellent "screening" that the revlet 
>> security provides.
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>