What are some best practices for handling file uploads, including zip files, in PHP?
When handling file uploads, including zip files, in PHP, it is important to validate the file type, size, and ensure secure storage to prevent any security vulnerabilities. One best practice is to use PHP's built-in functions like `move_uploaded_file()` to move the uploaded file to a secure location on the server. Additionally, consider extracting the contents of the zip file using PHP's ZipArchive class to handle zip file uploads.
<?php
// Validate file type
$allowedExtensions = ['zip'];
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
if (!in_array($extension, $allowedExtensions)) {
die('Invalid file type. Only zip files are allowed.');
}
// Validate file size
$maxFileSize = 10 * 1024 * 1024; // 10MB
if ($_FILES['file']['size'] > $maxFileSize) {
die('File is too large. Maximum file size is 10MB.');
}
// Move uploaded file to secure location
$uploadDir = 'uploads/';
$uploadedFile = $uploadDir . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadedFile)) {
echo 'File uploaded successfully.';
// Extract contents of the zip file
$zip = new ZipArchive;
if ($zip->open($uploadedFile) === TRUE) {
$zip->extractTo($uploadDir);
$zip->close();
echo 'Zip file contents extracted successfully.';
} else {
echo 'Failed to extract zip file.';
}
} else {
echo 'Failed to upload file.';
}
?>