Limit Photo Size on Upload

stephen barncard stephenREVOLUTION2 at barncard.com
Fri Nov 6 19:58:48 EST 2009


True, if the page is .irev then it's irev, javascript and html
if the page is .php then it's php, javascript and html only
-------------------------
Stephen Barncard
San Francisco
http://houseofcubes.com/disco.irev


2009/11/6 Sivakatirswami <katir at hindu.org>

> I don't think we can include
>
> <?php
>
> #whatever code
>
> ?>
>
> on a *.irev page....
>
> at least not yet.
>
> But bottom line is: you are measuring input data *after* the user hits
> "submit"
>
> I may as well just measure the $_POST_RAW  value before processing it.
>
> If some deranged person tries to upload a 100MB file, he will just be
> waiting forever. I don't think our server will care a whit about it. Once
> it's uploaded, the irev page will simply drop I could be sure by doing a
> "put empty" into the $_POST_RAW... I suppose there could be a RAM issue on
> the web server, but a linux machine, I believe will start using Virtual
> memory and nothing bad will happen (I hope)
>
> Perhaps the iRev engine has some hidden "agent" that can return a value for
> the amt of data that's been read "so far" before the complete post is
> received? If so, we could poll that and terminate, like the PHP thing does.
>
> skts
>
>
>
>
>
> Jim Ault wrote:
>
>> You should be able to specify the max file size in the <form> before the
>> image is posted.
>>
>> And this link is a PHP solution that handles several errors and user
>> feedback
>> -- lots of notes on each line so that you know what is going on
>> --    remember the PHP engine is running on the web host
>> --    there is a multi-image file upload version at the bottom of this
>> page
>>
>>    http://webdeveloper.com/forum/showthread.php?t=101466
>>
>> Note the line in the html body
>>
>>            <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo
>> $max_file_size ?>">
>>
>> thus a hidden value is sent to the server to limit the number of
>> characters it will accept when the server creates the variable and loads the
>> image data.  The result of trying to upload a very large image is that only
>> part of it will be stored in a 'tmp_name' array variable in web server RAM,
>>
>> // now let's move the file to its final location and allocate the new
>> filename to it
>> @move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
>>    or error('receiving directory insuffiecient permission', $uploadForm);
>>
>> and the user notified -- the PHP code directs the user to the page that
>> outputs the error messages.
>>
>> // The following function is an error handler which is used
>> // to output an HTML error page if the file upload fails
>> function error($error, $location, $seconds = 5)
>>
>> At the top of the web page source is where the value of the PHP variable
>> is set by:
>>
>> // set a max file size for the html upload form
>> $max_file_size = 30000; // size in bytes
>>
>> When you are ready, you can use the download link to get the
>>     upload.zip or the multifileupload.zip from the author.
>>
>> I would prefer a PHP solution to a javascript one, but that is my
>> preference
>>
>> Jim Ault
>> Las Vegas
>>
>> On Nov 6, 2009, at 11:46 AM, Sivakatirswami wrote:
>>
>>  Jim Ault wrote:
>>>
>>>  One solution is use form validation in the browser before sending.
>>>> Here is a link to the Apple developer site showing a javascript example.
>>>>     http://developer.apple.com/internet/webcontent/validation.html
>>>> Also, try Googling "html form validation" for hundreds of sites with
>>>> info.
>>>> If a Rev plugin is present, you could use Rev to check the size
>>>>
>>>
>>> Though I try to stay away from JS as much as i can, looks very useful.
>>> Only thing is: I don't see a function there to check file size, and further
>>> research indicates that JS security constraints bar JS from reading the file
>>> size and one can only do this with an ActiveX thing in  I.E.
>>>
>>> So, it's back to a server side input data check...or
>>>
>>> I'll be patient and wait until next week and implement as a revlet and
>>> then it will be easy. This will also constrain input from only those who
>>> trust us, which is an excellent "screening" that the revlet security
>>> provides.
>>>
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>>  _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>



More information about the use-livecode mailing list