View Full Version : Limiting "MAX FILENAME LENGTH"

05-30-2009, 12:58 AM
i really am trying to figure out, in a php script, how to allow files to be uploaded that are less than 17 characters.....and not to allow files with filenames over 17 characters EX. i want "evil_artwork_work.bmp" and not "evil_artwork_longer_name_of_filename.bmp" that has a long name.

and also to have an error message for a filename that is over 17 characters, like "Your filename is too long, limit = 17 char. or less".

Also, I am using a php uploader to upload files to a folder in my public_html directory.

This is the script: (the upload form is at bottom of script):

// You may change maxsize, and allowable upload file types.
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 99900000000000;

//Allowable file Mime Types. Add more mime types if you want
$FILE_MIMES = array('application/pdf','image/jpeg','image/psd','image/png','image/jpg','image/gif'

//Allowable file ext. names. you may add more extension names.
$FILE_EXTS = array('.bmp','.jpg','.png','.gif','.psd','.dib','.jpeg','.jpe','.jfif','.tiff');

//Allow file delete? no, if only allow upload only
$DELETABLE = false;

// Do not touch the below if you are not confident.
* Setup variables
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['php_SELF']);
$url_this = "http://".$_SERVER['HTTP_HOST'].$_SERVER['php_SELF'];

$upload_dir = "mmorpg/";
$upload_url = $url_dir."/mmorpg/";
$message ="";

* Create upload Directory
if (!is_dir("mmorpg")) {
if (!mkdir($upload_dir))
die ("upload_files directory doesn't exist and creation failed");
if (!chmod($upload_dir,0755))
die ("change permission to 755 failed.");

* Process User's Request
if ($_REQUEST[del] && $DELETABLE) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");

if (strpos($_REQUEST[del],"/.")>0); //possible hacking
else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking
else if (substr($_REQUEST[del],0,6)==$upload_dir) {
print "<script>window.location.href='$url_this?message=deleted successfully'</script>";

else if ($_FILES['userfile']) {

$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

//File Size Check
if ( $_FILES['userfile']['size'] > $MAX_SIZE)
$message = "The file size is over 2MB.";
//File Type/Extension Check
else if (!in_array($file_type, $FILE_MIMES)
&&!in_array($file_ext, $FILE_EXTS) )
$message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
$message = do_upload($upload_dir, $upload_url);

print "<script>window.location.href='$url_this?message=$message'</script>";


else if (!$_FILES['userfile']);
$message = "Invalid File Specified.";

* List Files
$filelist = "";
while ($file = readdir($handle)) {
if(!is_dir($file) &&!is_link($file)) {
$filelist .= "<a href='$upload_dir$file'>".$file."</a>";
$delfile = $file;
$delfile = str_replace("%","%25",$delfile);
$delfile = str_replace("&","%26",$delfile);
$delfile = str_replace("+","%2b",$delfile);
$delfile = str_replace("?","%3f",$delfile);
$filelist .= " <a href='?del=$upload_dir".$delfile."' title='delete'>x</a>";
$filelist .= "<sub><small><small><font color=grey> ".date("d-m H:i", filemtime($upload_dir.$file))
$filelist .="<br>";

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name'];
$file_name = str_replace("\\","",$file_name);
$file_name = str_replace("'","",$file_name);
$file_path = $upload_dir.$file_name;

//File Name Check
if ( $file_name =="") {
$message = "Invalid File Name Specified";
return $message;

$result = move_uploaded_file($temp_name, $file_path);
if (!chmod($file_path,0777))
$message = "change permission to 777 failed.";

$message = ($result)?"$file_name uploaded successfully." :
"Something is wrong with uploading the file.";
return $message;



<font color=red><?=$_REQUEST[message]?></font>
<form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
Upload Image <input type="file" id="userfile" name="userfile">
<input type="submit" name="upload" value="upload">


05-30-2009, 01:41 AM
Try using the strlen() command. This will return the ammount of characters used in the variable. So use this :


if($length < 17){
Enter code for if the file name is less than 17 characters
echo "File name too Big!!";

something like that.