Uploading a file with twig and Slim framework (Version 2) - PHP

Question

I'm using UserFrosting a user management system and I'm having some trouble uploading a file through form post, this is what I tried

This is how my twig file looks.

<form name="eveniment" method="post" action="{{form_action}}" enctype="multipart/form-data">
  ...
  <input type="file" class="form-control" name="poza" id="poza">
  ...
</form>`

This is how my controller looks like

$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["poza"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

// Check if image file is a actual image or fake image
$check = getimagesize($_FILES);
if($check !== false) {
    $ms->addMessage("success", "File is an image - " . $check["mime"] . ".");
    $uploadOk = 1;
} else {
    $ms->addMessage("danger", "File is not an image.");
    $uploadOk = 0;
}
$ms->addMessage("success", $target_file);
// Check if file already exists
if (file_exists($target_file)) {
    $ms->addMessage("danger", "Sorry, file already exists.");
    $uploadOk = 0;
}
// Check file size
if ($_FILES["poza"]["size"] > 500000) {
    $ms->addMessage("danger", "Sorry, your file is too large.");
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    $ms->addMessage("danger", "Sorry, your file was not uploaded.");
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["poza"]["name"], $target_file)) {
        $ms->addMessage("success", "The file ". basename( $_FILES["poza"]["name"]). " has been uploaded.");
    } else {
        $ms->addMessage("danger",  "Sorry, there was an error uploading your file.");
    }
}

Route

$app->post('/evenimente/?', function () use ($app) {
    $controller = new UF\EvenimentController($app);
    return $controller->createEveniment();
});

PHP configuration

file_uploads On

upload_max_filesize 128M

Every other input is posted succesfully, except this one with the type="file".

I don't have any errors, I tried different ways, but with no success. Also if I print $_FILES["poza"]["name"] it will be empty.

Answer 1

This answer is assuming you're using UserFrosting, since you linked this question in the UserFrosting Gitter chat.

UserFrosting includes CSRFGuard Middleware to make sure all POST requests originated locally. You need to include the CSRF token to ensure that the middleware does not block the POST request.

Since the token is already in the Twig global variables, the easiest way is to use a hidden form field with the CSRF token in it:

<input type="hidden" name="{{csrf_key}}" value="{{csrf_token}}">