May 28, 2010

Server Side PHP for Image Upload Feature

Posted in iPhone development, PHP, Uncategorized tagged , , , , , , , , , , at 5:58 am by tetontech

I have received a request for sample PHP source code that could receive and save the uploaded file.  You MUST understand that this is NOT code I would put into production.  I always use QuickConnectPHP on the server side since it allows me to apply Validation Control Functions, Business Control Functions, View Control Functions, and Error Control Functions in PHP.  This dramatically increases the security of my applications.

This being understood, the code you see below should be viewed as an example of how to get the POST key/value pairs associated with an upload of an image from the QCiPhone implementation.  Additionally it shows you how to store the uploaded image file in a directory on the PHP server machine called upload.

The file name length check is one security feature.  Some machines are unable to handle file names longer than 254 characters.  If a hacker sent you a file name that was longer than that it can cause you not to be able to delete the file.  If the file they uploaded had PHP in it they could call it and execute it.  You would not be able to delete the file because of the overly long file name.

Another security issue is that you should store the files in a directory located such that the PHP engine can not interpret any file uploaded as PHP.  This example does NOT follow this advice since there is no way for me to know the structure of your PHP server.

<?php

//echo ‘post values’;

if($_POST[“uname”] != “someUser” || $_POST[“pword”] != “somePass”){

echo “invalid user name or password”;

}

else if (($_FILES[“fileContents”][“type”] == “image/png”)

|| ($_FILES[“fileContents”][“type”] == “video/mp4”)){

if ($_FILES[“fileContents”][“error”] > 0)

{

echo “Return Code: “ . $_FILES[“fileContents”][“error”] . “<br />”;

}

else

{

if (file_exists(“upload/” . $_FILES[“fileContents”][“name”])){

echo $_FILES[“fileContents”][“name”] . ” already exists. “;

}

else if(strlen($_FILES[“fileContents”][“name”]) >= 255){

echo “The file name you have chosen is too long.”;

}

else{

move_uploaded_file($_FILES[“fileContents”][“tmp_name”],

“upload/” . $_FILES[“fileContents”][“name”]);

echo “File stored in: “ . “upload/” . $_FILES[“fileContents”][“name”];

}

}

}

else{

echo “Invalid file<br/>”;

}

?>

Advertisements

May 23, 2010

Image Library Access Added to QuickConnect

Posted in iPhone development, Uncategorized tagged , , , , , , , at 5:12 am by tetontech

1.6 beta 16 has been uploaded.  You can now display the image library picker from JavaScript and let your user select an Image.  If you want to do image uploading combine this new functionality with the file upload feature and you are ready to go.  The new UploadImage example shows you how.

In addition, for the iPhone, beta 16 has added :

  • support for renaming the uploaded file
  • and complete support for UTF8 characters in debug messages.

Testing work is ongoing for the in app purchase behavior.  That should be completed next week.

May 14, 2009

UIWebView and Native Footers

Posted in iPhone development tagged , , , , , , , , , , , at 7:18 pm by tetontech

At the request of a couple of QuickConnectiPhone users I have been playing around with a way to combine native footers and/or headers with the UIWebView and specifically the QuickConnectiPhone framework.

I am pleased to say that I have something that should make this easy.  As of the next release of QCiPhone you can create native, Objective-C based footers and buttons for the footers.  You can also hide and display them and the UIWebView containing your QCiPhone application will be resized so that the footer doesn’t cover any of your display.  When you hide the footer the UIWebView expands to fill the space made available by not displaying the footer.

Here is a snapshot of the QCiPhone example app without the footer displayed.

The native footer example application before the Show Footer button is pressed.

The native footer example application before the Show Footer button is pressed.

Here is the native footer being displayed.

The example application after the Show Footer button is pressed.

The example application after the Show Footer button is pressed.

The button is an HTML button in the UIWebView and JavaScript calls are made to show and hide the native footer.

Here is the code from the JavaScript onload event handler that creates the native footer and buttons and then assigns the buttons to the footer for display.  Notice that the last button created uses an image instead of text for it’s cue to the user.

footer = new QCNativeFooter(‘mainFooter’, ‘black’, false);

//examples of using full JavaScript function calls with staticly defined parameters

var lineButton = new QCNativeButton(‘line’, ‘Line’, ‘displayName(“Line”)’, false);

var pieButton = new QCNativeButton(‘pie’, ‘Pie’, ‘displayName(“Pie”)’, false);

var barButton = new QCNativeButton(‘bar’, ‘Bar’, ‘displayName()’, false);

var imageButton = new QCNativeButton(‘image’, ‘puzzleIcon.png’, ‘displayName(“Image Button”)’,true);

footer.setButtons([lineButton, barButton, pieButton, imageButton]);

The QCNativeFooter constructor is defined as in this following line of code.

function QCNativeFooter(uniqueId, color, translucentFlag)

It takes three parameters

  1. A unique identifier for the footer.  You can have as many footers as you wish.
  2. The color of the desired footer as a string.  The iPhone options are ‘black’ and ‘standard’.  Standard is blue.
  3. A boolean flag indicating if the footer should be semi-transparent.

The code to display the footer is seen here.

footer.show();

It is all that is needed to display the footer and automatically resize the display of your application.  To hide the footer simply call

footer.hide();

To change buttons being displayed all you need to do is call the QCNativeFooter object’s setButtons method and pass in an array of buttons that you want to replace the old ones.  The first code snippet in this posting has an example of this call.

These methods and objects are just facades for calls to Objective-C using the QCiPhone framework.  A complete description of all of the Objective-C executed for these calls would be to large for a blog posting.

This example application, as well as a couple of others, will be added to the next version of QCiPhone.  The framework’s template will also be modified to contain all of the Objective-C and JavaScript to allow you to make the calls described in this posting.

%d bloggers like this: