I have an application built with CodeIgniter that uploads image files to a directory on the server. Running on localhost, works perfectly. When on the official server, an error is returned while trying to download the file. Suspecting the lack of permission in the folder, I asked the person who takes care of the server to release the directory access. This person said there would be a security risk and asked me to find an alternative upload.
The question is: how to upload files without having to open all defenses on the server? Below is the code for the view.
HTML:
<table width="100%" cellspacing="0" cellpadding="0" border="0" id="Table11">
<tbody>
<tr>
<td>
<br />
<div id="resposta" style="width: 120px; height: 60px; border: thin dashed #555;">
</div>
<br />
<form name="formUpload" id="formUpload" method="post">
<span class="label" id="Label14">Banner:</span>
<label><input type="file" name="arquivo" id="arquivo" size="45" style="font-size: 11px; " /></label>
<br />
<progress value="0" max="100"></progress><span id="porcentagem">0%</span>
<br />
<input type = "button" value="Enviar Banner" onclick="enviarBanner()" style="margin: 5px; border: 1px solid #555; cursor: pointer; font-size: 12px;" />
</form>
</td>
</tr>
</tbody>
</table>
JavaScript:
<script type="text/javascript">
function enviarBanner(){
if($.trim($('#descBanner').val()) === ""){
alert("Campo Desciçao é Obrigatorio");
$('#descBanner').focus();
return;
}
arquiv = $('#arquivo').val();
$('#formUpload').ajaxForm({
uploadProgress: function(event, position, total, percentComplete) {
$('progress').attr('value',percentComplete);
$('#porcentagem').html(percentComplete+'%');
},
success: function(data) {
$('progress').attr('value','100');
$('#porcentagem').html('100%');
if(data.sucesso === true){
enviado = true;
$('#resposta').html('<img src="<?php echo base_url()?>'+ data.msg +'" width="120" height="60" />');
}
else{
$('#resposta').html(data.msg);
}
},
error : function(){
$('#resposta').html('Erro ao enviar requisição!');
},
dataType: 'json',
url: '<?php echo base_url()?>areaRestrita/banners/imgUpload',
resetForm: true
}).submit();
enviado = true;
}
</script>
Below is the upload function:
function imgUpload(){
$arquivo = $_FILES['arquivo'];
$tipos = array('jpg', 'png', 'gif', 'psd', 'bmp');
$enviar = $this->uploadFile($arquivo, 'Imagens/banners/', $tipos);
}
function uploadFile($arquivo, $pasta, $tipos, $nome = null){
$nomeOriginal = "";
if(isset($arquivo)){
$infos = explode(".", $arquivo["name"]);
if(!$nome){
for($i = 0; $i < count($infos) - 1; $i++){
$nomeOriginal = $nomeOriginal . $infos[$i] . ".";
}
}
else{
$nomeOriginal = $nome . ".";
}
$tipoArquivo = $infos[count($infos) - 1];
$tipoPermitido = false;
foreach($tipos as $tipo){
if(strtolower($tipoArquivo) == strtolower($tipo)){
$tipoPermitido = true;
}
}
if(!$tipoPermitido){
$retorno["erro"] = "Tipo não permitido";
}
else{
if(move_uploaded_file($arquivo['tmp_name'], $pasta . $nomeOriginal . $tipoArquivo)){
$retorno["caminho"] = $pasta . $nomeOriginal . $tipoArquivo;
}
else{
$retorno["erro"] = "Erro ao fazer upload";
}
}
}
else{
$retorno["erro"] = "Arquivo nao setado";
}
return $retorno;
}